From 121dc610ae06385f772ecf87c16599508bb064f4 Mon Sep 17 00:00:00 2001
From: John <40349459+BigEasyJ@users.noreply.github.com>
Date: Thu, 4 May 2023 03:14:07 -0500
Subject: [PATCH] [ASM] - Expander - Update service owner playbook (#26287)
* Update Cortex ASM - Service Ownership playbook
- Fix an issue where service owner were not found.
- Update the Cortex ASM - Service Ownership playbook to check for GCP IAM integration and for the existence of service owners.
* Update PNG
* Update pack ReadMe
* Update Cortex ASM - Service Ownership task description and version
* Update release notes
Fix typo
---
.../Cortex_ASM_-_Service_Ownership.yml | 553 ++++++++++++------
.../Cortex_ASM_-_Service_Ownership_README.md | 11 +-
Packs/CortexAttackSurfaceManagement/README.md | 16 +-
.../ReleaseNotes/1_6_9.md | 7 +
.../Cortex_ASM_-_Service_Ownership.png | Bin 98078 -> 135311 bytes
.../pack_metadata.json | 2 +-
6 files changed, 392 insertions(+), 197 deletions(-)
create mode 100644 Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_9.md
diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership.yml
index 42ef3fe184cd..2fad0d1985ea 100644
--- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership.yml
+++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership.yml
@@ -1,121 +1,129 @@
-description: Identifies and recommends the most likely owners of the service, additionally citing an explanation and ranking score for each.
id: Cortex ASM - Service Ownership
-inputs: []
+version: -1
name: Cortex ASM - Service Ownership
-outputs: []
+description: Identifies and recommends the most likely owners of the service, additionally citing an explanation and ranking score for each.
starttaskid: "0"
tasks:
"0":
id: "0"
- ignoreworker: false
- isautoswitchedtoquietmode: false
- isoversize: false
- nexttasks:
- '#none#':
- - "7"
- note: false
- quietmode: 0
- separatecontext: false
- skipunavailable: true
+ taskid: 57e985be-0db1-4244-832b-b27213d31989
+ type: start
task:
- brand: ""
- id: 7d8acddf-5ee0-460f-8fef-2d0d24385bcb
- iscommand: false
- name: ""
+ id: 57e985be-0db1-4244-832b-b27213d31989
version: -1
+ name: ""
+ iscommand: false
+ brand: ""
description: ''
- taskid: 7d8acddf-5ee0-460f-8fef-2d0d24385bcb
- timertriggers: []
- type: start
+ nexttasks:
+ '#none#':
+ - "9"
+ separatecontext: false
+ continueonerrortype: ""
view: |-
{
"position": {
- "x": 450,
- "y": 190
+ "x": 280,
+ "y": -170
}
}
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: true
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
"2":
+ id: "2"
+ taskid: 911821d8-f053-4873-8384-d08acd8bbb6d
+ type: condition
+ task:
+ id: 911821d8-f053-4873-8384-d08acd8bbb6d
+ version: -1
+ name: Is service account defined?
+ description: Determine whether a service account was included among the potential service owners.
+ type: condition
+ iscommand: false
+ brand: ""
+ nexttasks:
+ '#default#':
+ - "6"
+ "yes":
+ - "4"
+ separatecontext: false
conditions:
- - condition:
- - - left:
- iscontext: true
+ - label: "yes"
+ condition:
+ - - operator: isNotEmpty
+ left:
value:
complex:
+ root: alert.asmserviceowner
filters:
- - - left:
- iscontext: true
+ - - operator: startWith
+ left:
value:
simple: alert.asmserviceowner.Source
- operator: startWith
+ iscontext: true
right:
value:
simple: Service account on instance
- root: alert.asmserviceowner
- operator: isNotEmpty
+ iscontext: true
right:
value: {}
- label: "yes"
- id: "2"
- ignoreworker: false
- isautoswitchedtoquietmode: false
- isoversize: false
- nexttasks:
- '#default#':
- - "6"
- "yes":
- - "4"
- note: false
- quietmode: 0
- separatecontext: false
- skipunavailable: true
- task:
- brand: ""
- description: Determine whether a service account was included among the potential service owners.
- id: 36af0f89-236c-4d42-8d0d-62adedcfd283
- iscommand: false
- name: Is service account defined?
- type: condition
- version: -1
- taskid: 36af0f89-236c-4d42-8d0d-62adedcfd283
- timertriggers: []
- type: condition
+ continueonerrortype: ""
view: |-
{
"position": {
- "x": 450,
- "y": 520
+ "x": 400,
+ "y": 630
}
}
- "4":
- id: "4"
+ note: false
+ timertriggers: []
ignoreworker: false
- isautoswitchedtoquietmode: false
+ skipunavailable: true
+ quietmode: 0
isoversize: false
+ isautoswitchedtoquietmode: false
+ "4":
+ id: "4"
+ taskid: 4a61e141-236d-4725-8abb-9e8b143943f4
+ type: regular
+ task:
+ id: 4a61e141-236d-4725-8abb-9e8b143943f4
+ version: -1
+ name: Lookup project owner
+ description: Retrieves the IAM access control policy for the specified project.
+ script: GCP-IAM|||gcp-iam-project-iam-policy-get
+ type: regular
+ iscommand: true
+ brand: GCP-IAM
nexttasks:
'#none#':
- "8"
- note: false
- quietmode: 0
scriptarguments:
project_name:
complex:
+ root: alert.asmserviceowner
filters:
- - - left:
- iscontext: true
+ - - operator: startWith
+ left:
value:
simple: alert.asmserviceowner.Source
- operator: startWith
+ iscontext: true
right:
value:
simple: Service account on instance
- root: alert.asmserviceowner
transformers:
- - args:
+ - operator: getField
+ args:
field:
value:
simple: Email
- operator: getField
- - args:
+ - operator: RegexExtractAll
+ args:
error_if_no_match: {}
ignore_case: {}
multi_line: {}
@@ -124,44 +132,46 @@ tasks:
value:
simple: (?<=@)[^\.]+(?=\.iam\.gserviceaccount\.com)
unpack_matches: {}
- operator: RegexExtractAll
- - args:
+ - operator: concat
+ args:
prefix:
value:
simple: projects/
suffix: {}
- operator: concat
separatecontext: false
- skipunavailable: true
- task:
- brand: GCP-IAM
- description: Retrieves the IAM access control policy for the specified project.
- id: 1fc23625-bec5-4f2e-8fe5-3f51e46c32aa
- iscommand: true
- name: Lookup project owner
- script: GCP-IAM|||gcp-iam-project-iam-policy-get
- type: regular
- version: -1
- taskid: 1fc23625-bec5-4f2e-8fe5-3f51e46c32aa
- timertriggers: []
- type: regular
+ continueonerrortype: ""
view: |-
{
"position": {
- "x": 450,
- "y": 830
+ "x": 410,
+ "y": 870
}
}
- "5":
- id: "5"
+ note: false
+ timertriggers: []
ignoreworker: false
- isautoswitchedtoquietmode: false
+ skipunavailable: true
+ quietmode: 0
isoversize: false
+ isautoswitchedtoquietmode: false
+ "5":
+ id: "5"
+ taskid: b5acafc7-f647-4210-881b-13d9d5f252f8
+ type: regular
+ task:
+ id: b5acafc7-f647-4210-881b-13d9d5f252f8
+ version: -1
+ name: Add project owner to service owner grid field
+ description: |-
+ Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. Example of command:
+ `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"`
+ scriptName: GridFieldSetup
+ type: regular
+ iscommand: false
+ brand: ""
nexttasks:
'#none#':
- "6"
- note: false
- quietmode: 0
scriptarguments:
gridfield:
simple: asmserviceowner
@@ -171,25 +181,25 @@ tasks:
simple: n/a
val2:
complex:
- accessor: members
+ root: GCPIAM.Policy.bindings
filters:
- - - left:
- iscontext: true
+ - - operator: isEqualString
+ left:
value:
simple: GCPIAM.Policy.bindings.role
- operator: isEqualString
+ iscontext: true
right:
value:
simple: roles/owner
- root: GCPIAM.Policy.bindings
+ accessor: members
transformers:
- - args:
+ - operator: replace
+ args:
limit: {}
replaceWith: {}
toReplace:
value:
simple: 'user:'
- operator: replace
val3:
simple: Owner of GCP project where service account is defined
val4:
@@ -198,69 +208,74 @@ tasks:
transformers:
- operator: TimeStampToDate
separatecontext: false
- skipunavailable: false
- task:
- brand: ""
- description: |-
- Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. Example of command:
- `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"`
- id: 00298ed8-f84b-4444-8207-50f3af9ec22d
- iscommand: false
- name: Add project owner to service owner grid field
- script: GridFieldSetup
- type: regular
- version: -1
- taskid: 00298ed8-f84b-4444-8207-50f3af9ec22d
- timertriggers: []
- type: regular
+ continueonerrortype: ""
view: |-
{
"position": {
- "x": 450,
- "y": 1190
+ "x": 410,
+ "y": 1210
}
}
- "6":
- id: "6"
- ignoreworker: false
- isautoswitchedtoquietmode: false
- isoversize: false
note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "6":
+ id: "6"
+ taskid: 2b90887f-a6ba-47a6-875f-622c8285dffc
+ type: regular
+ task:
+ id: 2b90887f-a6ba-47a6-875f-622c8285dffc
+ version: -1
+ name: Normalize and rank likely service owners
+ description: Recommend most likely service owners from those surfaced by Cortex ASM Enrichment.
+ scriptName: RankServiceOwners
+ type: regular
+ iscommand: false
+ brand: ""
+ nexttasks:
+ '#none#':
+ - "10"
scriptarguments:
owners:
simple: ${alert.asmserviceowner}
separatecontext: false
- skipunavailable: true
- task:
- brand: ""
- description: Recommend most likely service owners from those surfaced by Cortex ASM Enrichment.
- id: 7eb4fb8d-14f3-4c09-82ae-6b5893d7f8c4
- iscommand: false
- name: Normalize and rank likely service owners
- script: RankServiceOwners
- type: regular
- version: -1
- taskid: 7eb4fb8d-14f3-4c09-82ae-6b5893d7f8c4
- timertriggers: []
- type: regular
+ continueonerrortype: ""
view: |-
{
"position": {
- "x": 200,
- "y": 1420
+ "x": 740,
+ "y": 1380
}
}
- "7":
- id: "7"
+ note: false
+ timertriggers: []
ignoreworker: false
- isautoswitchedtoquietmode: false
+ skipunavailable: true
+ quietmode: 0
isoversize: false
+ isautoswitchedtoquietmode: false
+ "7":
+ id: "7"
+ taskid: 7ca75c22-47ac-40a9-84f2-fc68e43d7d53
+ type: regular
+ task:
+ id: 7ca75c22-47ac-40a9-84f2-fc68e43d7d53
+ version: -1
+ name: Back up service owners gridfield
+ description: |-
+ Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. Example of command:
+ `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"`
+ scriptName: GridFieldSetup
+ type: regular
+ iscommand: false
+ brand: ""
nexttasks:
'#none#':
- - "2"
- note: false
- quietmode: 0
+ - "12"
scriptarguments:
gridfield:
simple: asmserviceownerunrankedraw
@@ -268,114 +283,266 @@ tasks:
simple: name,email,source,timestamp
val1:
complex:
- accessor: asmserviceowner
root: alert
+ accessor: asmserviceowner
transformers:
- - args:
+ - operator: getField
+ args:
field:
value:
simple: Name
- operator: getField
val2:
complex:
- accessor: asmserviceowner
root: alert
+ accessor: asmserviceowner
transformers:
- - args:
+ - operator: getField
+ args:
field:
value:
simple: Email
- operator: getField
val3:
complex:
- accessor: asmserviceowner
root: alert
+ accessor: asmserviceowner
transformers:
- - args:
+ - operator: getField
+ args:
field:
value:
simple: Source
- operator: getField
val4:
complex:
- accessor: asmserviceowner
root: alert
+ accessor: asmserviceowner
transformers:
- - args:
+ - operator: getField
+ args:
field:
value:
simple: Timestamp
- operator: getField
separatecontext: false
- skipunavailable: true
- task:
- brand: ""
- description: |-
- Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. Example of command:
- `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"`
- id: beb1aba3-dc17-4cab-8621-3f670166844b
- iscommand: false
- name: Back up service owners gridfield
- script: GridFieldSetup
- type: regular
- version: -1
- taskid: beb1aba3-dc17-4cab-8621-3f670166844b
- timertriggers: []
- type: regular
+ continueonerrortype: ""
view: |-
{
"position": {
- "x": 450,
- "y": 340
+ "x": 460,
+ "y": 210
}
}
- "8":
- id: "8"
+ note: false
+ timertriggers: []
ignoreworker: false
- isautoswitchedtoquietmode: false
+ skipunavailable: true
+ quietmode: 0
isoversize: false
+ isautoswitchedtoquietmode: false
+ "8":
+ id: "8"
+ taskid: b0bddb17-8cec-405c-8441-478959b9e8c4
+ type: regular
+ task:
+ id: b0bddb17-8cec-405c-8441-478959b9e8c4
+ version: -1
+ name: Get current time
+ description: |
+ Retrieves the current date and time.
+ scriptName: GetTime
+ type: regular
+ iscommand: false
+ brand: ""
nexttasks:
'#none#':
- "5"
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 410,
+ "y": 1040
+ }
+ }
note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "9":
+ id: "9"
+ taskid: 1bad13f3-b959-46d9-8b56-90282a3afdcf
+ type: condition
+ task:
+ id: 1bad13f3-b959-46d9-8b56-90282a3afdcf
+ version: -1
+ name: Is asmserviceowner populated?
+ description: Determines if the asmserviceowner field exists and if the common fields within it also exists.
+ type: condition
+ iscommand: false
+ brand: ""
+ nexttasks:
+ '#default#':
+ - "10"
+ "yes":
+ - "7"
separatecontext: false
+ conditions:
+ - label: "yes"
+ condition:
+ - - operator: isNotEmpty
+ left:
+ value:
+ complex:
+ root: alert
+ accessor: asmserviceowner
+ iscontext: true
+ right:
+ value: {}
+ - - operator: isNotEmpty
+ left:
+ value:
+ complex:
+ root: alert.asmserviceowner
+ accessor: Email
+ iscontext: true
+ - - operator: isNotEmpty
+ left:
+ value:
+ complex:
+ root: alert.asmserviceowner
+ accessor: Name
+ iscontext: true
+ - - operator: isNotEmpty
+ left:
+ value:
+ complex:
+ root: alert.asmserviceowner
+ accessor: Source
+ iscontext: true
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 280,
+ "y": 0
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "10":
+ id: "10"
+ taskid: 97716817-0eab-418a-8517-40dc54d22f00
+ type: title
task:
- brand: ""
- description: |
- Retrieves the current date and time.
- id: 9e27252f-1db0-40f8-890c-ab9b816c1579
- iscommand: false
- name: Get current time
- script: GetTime
- type: regular
+ id: 97716817-0eab-418a-8517-40dc54d22f00
version: -1
- taskid: 9e27252f-1db0-40f8-890c-ab9b816c1579
+ name: Done
+ type: title
+ iscommand: false
+ brand: ""
+ description: ''
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 180,
+ "y": 1600
+ }
+ }
+ note: false
timertriggers: []
- type: regular
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "12":
+ id: "12"
+ taskid: 1e322e1d-faef-420f-81bf-56d3d57eb27d
+ type: condition
+ task:
+ id: 1e322e1d-faef-420f-81bf-56d3d57eb27d
+ version: -1
+ name: Is GCP - IAM enabled?
+ description: Determines if the GCP-IAM integration instance is configured.
+ type: condition
+ iscommand: false
+ brand: ""
+ nexttasks:
+ '#default#':
+ - "6"
+ "yes":
+ - "2"
+ separatecontext: false
+ conditions:
+ - label: "yes"
+ condition:
+ - - operator: isExists
+ left:
+ value:
+ complex:
+ root: modules
+ filters:
+ - - operator: isEqualString
+ left:
+ value:
+ simple: modules.brand
+ iscontext: true
+ right:
+ value:
+ simple: GCP-IAM
+ - - operator: isEqualString
+ left:
+ value:
+ simple: modules.state
+ iscontext: true
+ right:
+ value:
+ simple: active
+ iscontext: true
+ right:
+ value: {}
+ continueonerrortype: ""
view: |-
{
"position": {
- "x": 450,
- "y": 1010
+ "x": 460,
+ "y": 380
}
}
-version: -1
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
view: |-
{
"linkLabelsPosition": {
- "2_6_#default#": 0.42
+ "12_6_#default#": 0.23,
+ "2_6_#default#": 0.28,
+ "9_10_#default#": 0.34
},
"paper": {
"dimensions": {
- "height": 1325,
- "width": 630,
- "x": 200,
- "y": 190
+ "height": 1835,
+ "width": 940,
+ "x": 180,
+ "y": -170
}
}
}
-fromversion: 6.5.0
+inputs: []
+outputs: []
tests:
- No tests (auto formatted)
+fromversion: 6.5.0
diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership_README.md
index c0fe32cb204e..8c11712c4b52 100644
--- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership_README.md
+++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership_README.md
@@ -1,30 +1,39 @@
Identifies and recommends the most likely owners of the service, additionally citing an explanation and ranking score for each.
## Dependencies
+
This playbook uses the following sub-playbooks, integrations, and scripts.
### Sub-playbooks
+
This playbook does not use any sub-playbooks.
### Integrations
+
* GCP-IAM
### Scripts
+
* GetTime
* GridFieldSetup
* RankServiceOwners
### Commands
+
* gcp-iam-project-iam-policy-get
## Playbook Inputs
+
---
There are no inputs for this playbook.
## Playbook Outputs
+
---
There are no outputs for this playbook.
## Playbook Image
+
---
-![Cortex ASM - Service Ownership](../doc_files/Cortex_ASM_-_Service_Ownership.png)
\ No newline at end of file
+
+![Cortex ASM - Service Ownership](../doc_files/Cortex_ASM_-_Service_Ownership.png)
diff --git a/Packs/CortexAttackSurfaceManagement/README.md b/Packs/CortexAttackSurfaceManagement/README.md
index 20cbffc5da25..7d6a8e60062b 100644
--- a/Packs/CortexAttackSurfaceManagement/README.md
+++ b/Packs/CortexAttackSurfaceManagement/README.md
@@ -76,12 +76,14 @@ The main active response playbook is the `Cortex ASM - ASM Alert` playbook. This
- [Cortex ASM - Remediation Guidance](#cortex-asm---remediation-guidance)
- [Cortex ASM - Remediation Path Rules](#cortex-asm---remediation-path-rules)
- [Cortex ASM - Remediation](#cortex-asm---remediation)
+ - [Cortex ASM - Service Ownership](#cortex-asm---service-ownership)
- [Cortex ASM - ServiceNow CMDB Enrichment](#cortex-asm---servicenow-cmdb-enrichment)
- [Cortex ASM - SNMP Check](#cortex-asm---snmp-check)
- [Cortex ASM - Splunk Enrichment](#cortex-asm---splunk-enrichment)
- [Cortex ASM - Tenable.io Enrichment](#cortex-asm---tenableio-enrichment)
- Automation Scripts
- [GenerateASMReport](#generateasmreport)
+ - [RankServiceOwners](#rankserviceowners)
- [RemediationPathRuleEvaluation](#remediationpathruleevaluation)
- [SnmpDetection](#snmpdetection)
@@ -133,7 +135,7 @@ Playbook that given the IP address enriches GCP information relevant to ASM aler
Playbook that given the IP address enriches Qualys information relevant to ASM alerts.
-![Cortex ASM - Qualys Enrichment](https://raw.githubusercontent.com/demisto/content/4a11ae583d49014d5326a74dfde7a998c4ebca70/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Qualys_Enrichment.png)
+![Cortex ASM - Qualys Enrichment](https://raw.githubusercontent.com/demisto/content/master/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Qualys_Enrichment.png)
#### Cortex ASM - Rapid7 Enrichment
@@ -159,6 +161,12 @@ Playbook that is used as a container folder for all remediation of ASM alerts.
![Cortex ASM - Remediation](https://raw.githubusercontent.com/demisto/content/master/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation.png)
+#### Cortex ASM - Service Ownership
+
+Playbook that identifies and recommends the most likely owners of a given service.
+
+![Cortex ASM - Remediation](https://raw.githubusercontent.com/demisto/content/master/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Service_Ownership.png)
+
#### Cortex ASM - ServiceNow CMDB Enrichment
Playbook that given the IP address enriches ServiceNow CMDB information relevant to ASM alerts.
@@ -175,7 +183,7 @@ Playbook that given the IP address checks if SNMP is enabled or not and returns
Playbook that given the IP address enriches Splunk information relevant to ASM alerts.
-![Cortex ASM - Splunk Enrichment](https://raw.githubusercontent.com/demisto/content/8f2a866b666627cb0c6c7ea860e7f1337b4766b7/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Splunk_Enrichment.png)
+![Cortex ASM - Splunk Enrichment](https://raw.githubusercontent.com/demisto/content/master/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Splunk_Enrichment.png)
#### Cortex ASM - Tenable.io Enrichment
@@ -199,6 +207,10 @@ This automation identifies whether the service is a "development" server. Develo
![InferWhetherServiceIsDev](https://raw.githubusercontent.com/demisto/content/master/Packs/CortexAttackSurfaceManagement/doc_files/InferWhetherServiceIsDev.png)
+#### RankServiceOwners
+
+This automation recommends the most likely service owners from those surfaced by Cortex ASM Enrichment and updates content.
+
#### RemediationPathRuleEvaluation
This automation attempts to find a matching remediation path rule based on criteria. If multiple rules match, it will return the most recently created rule. This assumes that the rules passed in are filtered to correlate with the alert's attack surface rule (Xpanse only).
diff --git a/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_9.md b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_9.md
new file mode 100644
index 000000000000..940b4ac49cd0
--- /dev/null
+++ b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_9.md
@@ -0,0 +1,7 @@
+
+#### Playbooks
+
+##### Cortex ASM - Service Ownership
+
+- Fixed an issue where service owners were not found.
+- Updated the Cortex ASM - Service Ownership playbook to check for GCP IAM integration and for the existence of service owners.
diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Service_Ownership.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Service_Ownership.png
index c3e23e27cc5d04ccadc96d7b64a2bb9afa2b48b1..34d7f2c9e665c8ea134145b12e3b68da560cb56d 100644
GIT binary patch
literal 135311
zcmeFZWmJ@F`!_s;j37!$DXpl~2HX-ur+|QzLpK&3N;d;yA)q1#9nu{`46Oo+(j5aR
z>JURH3?1)z4aR-1^}HY6wch8$v!4I{FmAoB>#U=X<9D17^mNpzsaUCCFc`JQrHfZ!
zutQBS7=5`C-G1i8724MAG#xO
zFs!$zQv#DiTkk*QbbMy$r%#`zyRcCoOq8lePT3UE%iz$TaqIor)hzV;Q{a0=IF%U9
z+dI=_gfn?}pb@7sVesLPuA-=6>W2P1!~5$M8U}38>{Fs}#02;1;eB1o?>`SV#q9y+
z{C-zT
G?Sfxw(aB(YI63;Y!hqN$
zBO{}m9r5BGlf2}-$G_qa&g~rwH!R@xjdwZ$Ma9KcOoGN(S{0YkiXX2L1`N=KxtY*j
z^MkL#O4P#5E1hRuz2}x1)WVK5=UyrkIXL=#251Cva=1xfGSX%AdcJXSWpwSrca4SI
zbI==#(qtc>3uD^bHGOjS^63g3ddR0d#iR}&5L1+_gx6SUnNXa(Igryd=rUF?SDt$-
zSq$w+I;hutdMMO2^SODPKG^TXW(p0rL-z^2m_A^|`+0!M;mI+UJDOeLvxoFG
z9QeWC8!{e3t3F4z70~D~t>$ycpgcItq5Ge^aSsIANQ=5?8VVyQEir`3&78@*5BTK{
zHyyc+Q1Ec2i@DQ4UR(gpOBg$ugzCY|%FxTmw!>2$3COW6;`~YYTIyuZX>c@;a~0`A
zi5ptrhy6TU5@i}q+S9LP@xlVSH4Ny%F;Oaog7E}?jb{dpxBj1#E5c~tai>W%KP?29
zB6a&n6Q}2K!;9dAlG>1R1`BWK>~-qbd(P4
zD448-BIzO%7!6GaWaU)ql`|wNzD7`jK^4FO>70V}FgpcK7pyFnv~jvH7+jLv;32d?y89In6&C-m+b$BPk$`lo
z1R`l_YWj*oPJ@ZzNdM3fP$6Rls*%hOyuaZoF9POaf8d&RKt3r(ZWx|U28UuYg9Q_M
z)E5?OmnL$hfM{2?aRv-O;7zt~;|QsXd;T07BwX|LxS$Y!Y3))CuVvV|7@4{EJPR+c
zMVBsF-BKO=IAMs+4k6}C*fhbmf9M83UG-Dv@Os8y!aLe2wZ)Rv1
zhx?JOa8{u8V~TYM&a2Y>vvR;xGev!YLYx}+7~lct$Sa&A4(W$D!~!0{8XBXp=R4n1
zp3Pvu@j}Gfm0==i==-Nv*X&Y)DlKo%W|B|6oS%2om9+&L#bKj!zPQnqD{vVdL|pA#
z@K_iX4-9E)LQB|pr&b$(UkYBAaT+PhwDcai!D&&GYy1S3h&4s2JL9keyH*lz6S4sj
zcTJuKBgGOjUcWxGXu7&`x2B4y^T4I{|`i&DtZk(F|`Bb*k|
zX+~gvxryu)|MtNG(`(jlS0$9zI;)pdg1Y3^FXx*?j7{!r4Xy2R?KI)09^h8X
z@hKq_=X7391smz>e;yquvXqh8e1HSABIf78pR0V;+dpK>bH2Z(
z+-s)$)PM?VGzFG;oJEF*WHcV@g~Ada^Xh`ep+l#eErlttkJN(d-W46tvz`wBsR-_4|9O%_cG26|yGE
zCgxj`K9Aw!gao)>091l)3u6UuO+|6i&fjqJnq0z9kZ}R~~fU>3PD_`lW{L
z(Hk$UT`g<9wf!1>QK{nM77Nn5t9>prCALRI5-kx^3gf}GY@b=h9iPc*p^(@7+9ld
zaGj;sfT8d(r{C8nl{e;%*krs53QZcu_mgYG_F3y
zxxc0M#u10c^wl}Ok(H>0iD6eFL;{=TxVFD1xM6396&gPu-rm70EJY`YIXtxt8ZfLJ
zbFHmeav7}~5kvUxV!amqM(funWHNVIDW)hmeVZ0**R5FEMH;?7eO;7iiLiMk?l$-d
zVXeKr)BB>~`q2JH+u+7Yo2ZADLBxT@b7AuL1q0{88`Ltd)64oK5rSE3_B*Q@7q*s`
z-_jzrGlJ$9s|e;V9G;3|LyoG@%3W{c@=4sTx4>S1;5FOZ5|uhP+S8GRSizgOMRU09$Sj#y
zx)dhhZY?)c)OzsQ&ncO3UPLeIyvq7e05=LNJolju)e)9Xzn)h
z>7=MdNM52Pj&Ws8t2>xW}F_Y`*0*d9<>3_;$N;7DqR2dIP!Kr?aQrhpWX+&qxZvU%GliMN~VI^j)x=ZIH~
z9HFRo@ix~~?1*k#>)|PNPQQ11fn9Rm-%af@SDjtcVFmQ&2pTypj=+r=>ZZIU1U|)W
zeyF%=dv9sKz-6qm$dZboYBIQXp}b4pyDMd%FdFwMSlXz;t?tKNkE3d>-#kCGu$b@f
z?Ji^`xVg^s`4Y9h`&xF*aYZ;IR_Ep%jlVYnt?7!LJ%~-GqMTuaQOT1#-;u)O
z9R9<$!k-#ezeFzH>^s7nJQHk3bQ8LoolWq(+MH^q5-sj;y(%k$A2mlB6_
zcZ03Xt6UeZ|~9iAa9@3
zPMlGDy1v-g7VI}2wdgnfwsH0B{BT-$?V^*T<9L|AS<_ObxtmvGh{|0WFZ|%@Z0!>E
zqw7YC$oR9R#@z)sSLO%G70zN;g68bxfA(vBw@dNRY30y>b-sK|cHp%R18xI;O@De%}B4NxN#M*TvO8HGRf0Ll)C&hRM5l
z1)N6+27_@WcY1f9-qq7MfvhBKsiSJVOvNiWaF@7vs4&acsUQFIqevBluJnhZodSZ5
zUBr(UR{kIMh~pk>AKpZ0EM&tt$fx9kwuX~@CT5w-w!R}9U-b?=?@Fn7Y2+my_fwZGTa#ukc!x_5Pgk+LuU?
zQH6b?2#arjcGUa}!jJf$I}2_>9~(9c-A0VBWqq2HR+#@Js-6FUArysu_GOV>1SZ%d
z(CyfFjmn>0@n{}@3BU8+jJks32~6N#4c@sq4B@)!WeoQ%u3sw~=I_Stx$d-xSd`Fk
zI=sAahqeyd2+zwS%c=Nq1wJI>i_#$>ir*@^N*10EL6;Mo{3t=;0%;kxh#i;rR=?j>r!|E~{
zCZY(fuBC7jw1JWePe7D{y|rHpQ`I4WeS|?n5;d@eBD8*^HrWF>H2|+k5M5
znkXBC62t1tXJPp;Z8=V)Ya$V6$JM8u9=y9{nr~G2WzgVg^K90YWf_jz*v`g{K3!Z?
zvhP@R=`~AV9Wk#;@v|+05@za1J{t6yV7lx-I{9H{X;YyXiOuJO)w39KJD
zi+9CtSaey@vP-((Td{{@{J26c!#dwsC;7rnY>~dLm|L)9d6)RykZ^6Jm>5;yg4fUj
zW2iXJ6qVZ5I7Q|pOI9#VL~0?c7}Le4RU(aorV}Q|Z6#FPId?hjPv!gO^E)x$W3I(+
z#XEgz=+x-?B5aB6$H5|zh%Mm$me%_d%d*Hyn0<~W?;8gNua8Y)6Exy)^!k!-WQ>$A
z>}@akpiEYEQDX1Wi)>M;%VCpMgtWQ>HpFa5fZB7|3$*U&IuXpi%W~
zjlZxiT0io-L!bS(9_zibq`;pa7EjjM^o1F-zVhE%3aLWrO0@`OWzc?Y&Vm&zkNdV4
zCG+=-K8jKJac3J=WRq=ojLGC$6^I`uCIY9a1HQkqbDpbk&{$ZnSzEwSmZ-5PTXNmylybAZvPy=&Y}S`w2DIFYzheJ#eTl@+eztso@%+AfI5p3(jYCst?}
zNsZWL5`pms1eQF0^=Wn7laTeKA&O0cE;P2`Vf@6u1F)Sfr{aa>TH+^#JzK5k!d^p_
z!3vH@H`kYr#fY?um8cQykbLH=W;9gnwULvo?AcC+20H-;87m#TY4-EI+@QY5%#t
zIB3CX@uY2pZ4^0|WMH+RZpghoVsS_db(3SUT8KVKm^J)g2k%(t)PEJdjYfF!z8l8BERjzDnh(dQK@K`
zY@b|Lz`RSXP!bV79rQ43H#OqOAr~LdsNX?Zg71|p5({ko{cIF|(d28fqwfsxL
zNAuw|S*%V1-WRrWLtFC|owlZd4=`3D?RDXWVHVu?N4l!_ps8I=0$J%o?`d1JAJQh|
zf+M@*jH?W~o;L`hXj*)`u6y
z>j6JI%sT)paQN899#FuxYY-an{bMw_qh3%
zvV_x4k57JoX9X8^Tuv)s=Lm1LYGoKAeU0OM6QX^1p@qe&;{i^a@#
z;{Zhr?i$4zxetCijCCzwGg7x`b~eyDUhHW3iTg1Kt947$-b)jvT&@j#)l}d
z{7%>mh|#<(P+?DM_V?Bs7rn$-Bl^nwt0w&O9n5OTm?Ld&?AZY_?koZ)U-jejMX&4e
zUkV(E@o(}ckyX7L_3K#U9llUUFZ_pC-dd(Oak8Brb*_==7`g9O$k(}@RCh!kaV}VS
zWtEAsDILYk4i9T*)Kb0tVReg>Ds+hO-`#V-?tgkEYWZp_A>+wSx#=QpK{+QTha}WO_oXs2
zFS<}eu0q8^Hm7@>{yDqfL_$gj@{Ma7QCqvH^PR0SVMm%??F;LXK?xBUSt*niE4p`;
zs_DyMy7<=lLV7lrt>t{5amOCPAbVqbLtkp(4A!)0%N?_N!Z>z=swrNgkao%+^Rz%L
z-eWfN#bU{YGPT=cn)x0S3G$Lo6?l-raoDgb+XgmFKrwQ2Mulh`E!A3&m+W~S1uIB6
z?7!RIxWDVR4!8cSkCIexTn@wViMYLd3PLt2djHNJX%t+Z#k##&wEI-Uc8Ryt-lofI
z1Ai=L=$TK1jokD}XEP1+K4Vdq*J=vX->0
zw_NJ@`2;o`Rt*xY>ML#!2&~Kc)sEUHZLneZFDv5s5FdWlz!m1}spj+z>f2_;&5Yhke-?>3MN
z$!RGls$VmcaqQ<~c@#TR{Ibw~tOzmThv!K6_uAcnyGVhAn|Ed`TjJmRFXu^T4JGR6
z2zh7F;{COsSSh@#%m`(s>=W%b%dsEsPFp-_CUmJH;DxYjgoQS-|2ZLe<8-K^?Gd`r
zqxlLs)DUZi?n9ipbv_TiQKlv0)ipHxYIGRyDK}G=XsF+{Ha9Z;fZ^OQ2%wfGR0>+q
z!XTgJ^RhCL5G<81$*T-QzXq9MjekoS4%l1+7?s$p_Q_~{>ZVNw{3j@VZVNKYM>Du`
z5YQ`%KfvGQX0-k%wG17`|CO2a5NB9XVWD^sw*bEoM#5#(S1*86I^lj?1d1T@^Yeuu
zX)u^)DCpFa9wF{D_(@Y!bDV|kfWauwh$zBzCIs99BxstTEW^T0BaoP`lD>77RJmA2
zI668Oc(2?XE4vZ7onUQhssW=(NfJFs_?Ci%Z)~R_BuhJ?;O4IXSm8Bw
zT}NGUQi#?|Z-RAxB`(N+D`Y<$W?^MDah@zu=M{T6WOzdrpMj)a@@fOwGDyx_z$WVa
z$_EO}?Y8LN@s;p$T!Mx`Ga|&c^4XFTkS@1l>MC4uqXGf~c|
zmp~x+!He#4_@J1i97RD7EJ(69L{LC5D!WN`_EH{HE;&Qj%_E$EboC72pP5^#OWvi<
zQb4**B;rGA9v)->E}?)UaL%HL_9(~&qA@2Ps-cOQwCb!(6O}==i0!Xf*F;*h0Ycui
z;=OaN{CB*KAb+VG*1Mzmfh2-#gq}|b>~ahPd#)A;mGt)Vi_6N&?)F$SH?>D2GfB(5
zs0G%kAJQg#HsdX;!K|PWIz9vRkLk8rHmRCn#uImGxsoGMw`j;O
z9H%5Jd{b=XH+ZQyOU7xyZr6C|LcW6C#ZS!#dq0mDt#ab_Wj0YVPD5@`y%EW1Y9QK+
z&C59SovitfD$w=YKDnbL@E@I^ygdE-e2)Bz>lAx^;8mdWlX
z(G+qQEVBiQoY=fUKKwR1N-xf?E7|2J^FQx3B5Qq?TtP0}N2jwzgYNxB?h|kt<&wR8
z`pMy`j}`dKcccz-wQ%O^@}Hy-8uXxplFo)DhNhT6Wqhx>AfB4B^*A#iIBL~`bf`wurVZLez4Fy
z2cPOrUdFH3-H~3)j$xeI=DO0}U*Y>DAly^M
zfXgQvGQLy#iloM+wneeMAP#vuFuH&|PZm?^$iccvffyw@WsTOQ!@scrO%_LiZ)uD^
ztMz>N89%Db>|S#?g*m=6sod;b#K96sHV%m3S|cqe5lbMF(oVX
zn8Y@Bct9z#E$#}vBDX4B`(Cn?$Ia0$^7&VjAjtoBK}yxAL5-SMXg`pdxX`aLlOC%ru5m&SXJ~U&vb-DiA`8P6u_(Xz%?#e{w1#n{VxLm4TbL
z&1=021FYRGEtB${{QPQWcNcmLm{~!|{>W0EB0)sRo>G(83Ra4(vFzU~`Zi6CxCqI%`
z1%~znI%2l{7W?06xfNmG&A{qKfVH&pWQZe`JE7fBff}wwH%{dn;0REk^$;SR9_i;g
zG$1K)#LWwqlz86b_`wO#DW>Lt8B}rgVl?P4^xQBOUF+UI&$z9@%Yh#}tjOsuX#nl;
zr)C6g?;UvC!xUJ37GU*70Dj;go&b*!V6Vb6i)pt(krtTf8s@)ja)F5(W+(9e2jC3`
zuxp){Qb&I8Os^kImcD4kdXHq-BeO*u{ycju0$y(TDh0p+uK|g59z-S`v~e4+6_(%V#(iJ^@@rvRFvtfFFD=&2cT@s`zew9
z7gNyjIYRXC5s6Ys^#xzG^u4I~^X&Z#@Ur#KM34o#a-18M{jR0+@0hosIhX;?BLYZG
zq-*-q-;WfPfG=|t8;}FYNDfY`2=V*$Vd%@?_+L@omL;S7dJ!Bk!%dyA-;B?Qfx)YD
zYG1UT(vt;e^JP}c?9a2WK$j+p_;p6Y$oPQ|hWc{V?(dkAU=HD<<`f*y*bbOrP
zY<{es75ek+=UMRb3t7A>4E+r3pZ`{==x>UKDzbw)UI1s!_Y@HG^n@Hz(I48LUN@L6
zY>`vo9*hhPG?5eh_vtHgqrendVeBz5GAY1f_&cv+|4>a8;;gyF%v+RFH2=UE`2$I96*KcKJ9
zg26Q{2#VPAbvi*MM4`=BE&WgkaIIxqo05vI`-0=GBpJxr=<;|z~IZz14nG
zlb=AkCg2nINfYjk|_Xy1&cM|;fH3Vo-4FNYi0%P9*!4;o-p
z&246TGbMtyR`1%OPwr|bJU#TAAJOl@{&+%;z(N&2AAJ{1Cc0(5v8zh`=dm&{q%4kI
zdLra>_H^BR%U?gl;u_b-+!Tz0zmGyz@jxA2g3JUn8wF4*MF_PR&IKJQ$Nn6Pl=zju
zJ{W*g!K*JxKfTGV=S(JOTvP$_=)GV;g?p{`NAMRJ*5jq$o^AOk9_U_{=HiZ&KxodpeR7^jkf`$xr_Sye@ZqpC>t$
zMru}8>&?zY2dBXTjeN6(QA{~hxiK^}G;8yq`#ZxANXs?GIGiFwh?IajNP@Iip37u|
zTn6^}vuDGpO5p_nsc|yy?XQ>svI#BxKpl1lXBtxa@}w@y+-QGRFzB;9)qH2F;Ng`&
zUYs5~#CJ35X6VotWbtdVuH)5@)PvcORy@r-YL9HBD_$5Q;{IsOHw*ywW~cQ5@SLK}
z&c+W1g_Q(K<1TVqE_vA=*B$oXr>@AY42GrjlF(L7eN0|4y7K6xsB+;IP?t94kT$TT
zIsh30BJBX1wLM_n&x}r|KOuVaa&NJ;W>t^BYVZ3eJbiMBzYv8GIUimIOm&?j@B4M^
zQ&;+@-LJ_QOlodtYQH>xiWkEw;rtT#r}(cHiR8ecSlyBS9pc{M1-^5a#Ol*);lgQ1
zPgkACs%Vfx9@*JkDL1*=r%IgZdAqf?kPz!}>o|xI=-BQaX&rf%2{5i8_~ZkpE=Snq
zCd@UKT60Q72&fxOf#U2Dmmm49ug#9lHyxsVlq1%$W~!KmT+?znMY%nm(a!-LLMjCE
zi|9Ve-+xMC*%g4QK!p3fA#5q1Pc0k;yD?NpS@)xr4KPS$2f>%704@HCSB)29-yqO7cs>wWM%?_f}_pN_9a|G
zY0nST5#w_pKqXrlA4bVD8bR<|ip5HUKVA{%20q4)qO?heX@HokaxMiJC=-xlkf}&d
ze-mMYxT=Om4O|a_UVxMDH9{!`K_$2eDn)#u<|a-WIX9N3Lh+yJgwm@KE=7gn_3Ro;
z7$eF-&lwv5Pw5-Cj~$4LK7_>V-ELmBi`sMCDp!L8u*uSYAZ7)P3(JV}gEe;Ou?mN4
zLST(AsX88Z&)z>6K=BvWt~Anm0APG!1^8wNoykdpd|sf_gAJB9`R}Nr(!{9>8utNo
z6)te^G^8*u0{;-8M=9VYk=Fb$ryqhKCC8yoLVF%VForq}7J0=qRse;53f9)Z%>NeU
zE_txvCxHJ0x^bm&-<9tjmBG9I;KN-t(ubE3VX%TWYw&{)1?lg0$U_ERssV6dIag)>
z4+MCT*9B>PBr(8G;FER61ZdiI+<+Nv)Z>!_EOv$K
zSFb3$Ys!)03`K9S`w`-6u>*#IfRTr4sG3SYBW+HR2e_m407#b43|OZgZ=nNd`ukYm
z_~|a^CQ7itC9O8jl4tj75kSm9dEFWqh9H#Y0a&&Ya9;Qxtqg2QVCQ(4T(u$q)H+Z(
zk5zWefgBpZjmpH8-0Wb@FDR(^`SYik7QVz8_^;(@mrfo?zzzsz3C#m^H(@&Gc9^eF
z27{Uz;kmhMsa>*P>)P-&T3UaReZ!qjpN4B^&z|)Ls5^Y)g?<}exMd$GEG)SYhD$Z(
zKfV0-tu)|hP_s1eZF@I%tM|2r_lL7DhC}wZt&Ni_jjjAzTgauX9>Ugq
zao2{$Nkg$W6bzv}Hi^F0~&
za6#+1lSz@`eGDM>!?)@m>|P9nKxG5NcHrw+6l=7xn?QVWv-W5kS89QM>@A1dSNyMkS4=j3syWDjdnBDQ<6^^iJ#MBGx
z;1Mg|&xk(z=UJ*wuTebLwOt_n0zrD#AS@av$vRIpp}hfuZR|%I*QERV)!Dv<8hmm&
za>DoRC=hZ8fNSaAjBwSQ0RRqXB+fH7XenT_9H3?gCxW+K#z01EAw5#~f*i`Pjl-up
z2w=(W0GOl@<2E@Fw>_Jk0su6dx&feUQ~**}5U61il-vpde4iR`m;~^K^a%`21`a4h5jqEMoQ;>WMrWy%_A0j*yEGn_8_kR`G
zxQ$yH&C$xD{Mb)AL4aw|LAllzrm?H#TSn>US(YP}Z#Rk&1p;q~ZLnmiXf!7&Ie5!qNcSFx_sjWmTKSEpt@R~0g^gxf3tYu4YcFxL
zc5=5UZM-FtWsDj*ZlkdCnbrm1g>LVjkU{tx58+#**l=C|`m$sS@?n-iAv@DtwPg$=
z_FR@-y7HT^YlHh~DcIdZ^VQEI%!vIfO=Xmo*~$LxjE{&i%oZOxcSin+7dRdonI-5z
zNz#dEAd5#|^LQIZIUk;KzB8FxwCSsQ1(aFo)+4QV-ZX$herCDBH(Vk_osi`s`Uav34P@AJ+8&DAMYM8xUA0f2-g8%fVF7E^h%e)
zWKuCOk-|Cr$1siq?T$`PmN|NK#@%}F0Xv4wE2o8-0hsy1*H~Te=GjerichoYXA#Of
z3cItqmUMFUX51-_^4-miD1UjmA
z2&7wRRX>WE?nmi*rHLlTj7~}dI&SvF1bVG3iTu!*t?`uTxZ_&Rw4GeLjZp!-o3e+B<=YxI3b1HX$`
zaO^Fu0zqw9ES-(q1|brq=NPcsqmKKRs*^RXFH7GPAsCloCrGr&Y+!k$Bj_v04JZ|I
z8?BpW*!2Gkr%Wf9M&ruJ{fqJ=wNoG4+gTqT0}#olVHFYxxrkc`
z&ImUbDs?IisuOGy&h9*&thR>T{WC6ve!Hj(AN9A}bo>S>GssH!*vMrEw0IhtnaNcn
zB6vZ@7M%T0rnzs7^kqi(QM+L-ATSlK_;@KJ
zjjAash}HV25^V5()|SMur-$-F@1{Z5MHd6>SyNM@8$mpqo*=hA-e-xLC7()_*S1XA
z@^glPx|owPn|8;bHYe`PCV+qUci-$dUp<$X|K+d^G3ia2TAr7zc`%fsx`i(|;C4ZX
z+uh3PLy1Zj*0#>98q{j2w|okfpIYH2JTd;R0DQodx+=h;%`o8kEsL4Z!}leeR(>Xn
zMNoE?Fwz$lCLqcG+5x3#0P8M)8sE4XVE)Ey>DA_2)wN4I&Ej>#iKg(lo?F|
zzm`PZ?&fRQI_KTj!JsWj6O3ooMGxN3yGbP`j*xyeFDe0ZI(+doTa>etf!S_3u&WXV
z#$75-(gAh!Q#Ss@D&QrQgcS0JK>2xL+5?xd3>NX}N}}
zOn1Z|<~=cq(9_l!cq0e!7^2!W139miUnEZ&HVxQkz9~!&qLx_5FCp~?gy!|=M48NS
z6vSucg^p+Ia#aOffJ^cjqvDzF8fNWTE1B`64_SCbB?RZ&U14*}D<->&g6pC+Gd$x5
z^Ywd&u`P#f5CMp9t!QqfLd)54z*!
z&GF9*cRi<1`Er_g_0M3k7%0r0VMbC^*QKrca@pMC%?g772DELWfHGL2pLeSvi;>sy
z+Iej8wX4V|z4>$ZnXwO%WCi><0fm>!oZH9T%ZBWnVOAJN!vhYD1<>}M24I=(L0jr97=^JLrsVOOQgUQ9RHC?~8y_U7MWt?0F%KJ@9?k;3fB>x5aal
zk^m2d%{nH?j!0m(xN>6f&E=@7srqcz!ed4|1ELvJI$ON}J}6*ZWHGA-57+KWnzN(w
z*)q+8n<$wn8N)?hN)*fvnKfPd=6J^Rv!T-YwV?X=!v(q3ROZq}xuMzgE)nJ+u6tNI
zO6LsVwaw=HG+D=-Qi$_IwX-As*#&CN3r|*jAywc@)<1R*3;wNmiHBYuRBj
zaZ8@DybRZiXB;!OE=J}$%=w)kQ*74nLODINvb98>Hn7HB)NhK}<#@yr8e1c8s5WgE
z$}p0XA||TbyCi0y_i9lr^Ezkikg0toZM$H)swClpPa8R6+sonI*(C~
z?<{zt6BXtVU!it4TPJDmjj}XP6Ol+b$^|qnIh&09EQm6X87KnCG1CKO<#Z_@*E=
zdn)%r|6!skL9{zwUf3x@GwSJ_*Twh?5Ou;?3u%>YFThQX{+kn2wrrL{_$BD9kAp9cK67@s#Am^j{H(qRP$*Qf9j`djW>$t)lp62(nYG7VTytj
z#7Jh9KE47g4hSjg5tJuHRfcs)cQQayJT2|%IIX>HT<^7_9+al_^#4L^-eZuNRpmo8l~3c@JH0ekix^TDF8kC>M;
zMbzC21_!&FnsA8f#m}CoBM2!RJEc*y&JA)CqZNgQyxWy6_FLYF2C0;
zUg)JhrmgL^!+NIBw`hdC%*9dMi+0bGS(WKXlWI?t7^ob9q*f>}R*3$S+Jn
zIac$mWIw}6{)*NBE9suiaC(~vBVv7W?Y4kd8*?=pp=
zsGB2B1k26H=b6}$mBJ-`yF8=~A5k~WvUmMUc?KjXbkrXF%H>|N0=!mdII(t26voRI
zcBIj7K3FI51_-^MEAj7ZeY*A=3m|L&{w=4DF&awu(t7xH1XX$^#p_|;m
z{w8f#IW)8K5R$KahID$ECzV|4+%71{n>V4nyF=Uk!5!T=|l8
z(TroSI<9hI9?f`=wggor3yWP1Cz3z(6JU5cL%7ZqC>4>pFZ7!ixOQg9^k=^=z+mLp
zI_`K~r+{YuU&|2*lucvvLnB*wnz3B@%ON^>k;6xTcBWJXJ?&J25eNBbfN3Wv;qj+oZkwxyV`7T|
zGWO4m7F`R~cE=8#B8f3$HptmaZpRt@hsO=7+sO)^&kz^&+deE(qdMJ8eK|U4bW_8`%`0}_?#?S7?;mW9#c%yq0
z*uXG;n5Y17bW}i6JJlW-5Y@goF%q04RS_~Lz4WztYQkj8*bqX>vx}SZFU%r?U!28=
z$dJ}`{Tw*jPca!JT|#FAAZbqA1lV~0c8Cwwq}{C6E=;R^)Hml+9Q49I7;lewQk+z-
z;&XLR(}WRSs>ISRYVbABxGA6ZhKdbk5F$u`_ZJk)2JAvOtOT?&;X}0A
z&Gz?~EgKt@a)_mF=eOpYiOSI8{|gI~dLB#`(L-BXpgIgU>Dm`qmY6^PDM)-t@>Ag|
z`?iI<>H2iR)fs9|d(y=X|Lc$as3B4=h?R|P)Jz#=Bv%3rB){iD2LtN6
zwSdF~|GQVr@)g-JJn
z)V;;j08XurD5bLPD{p|(vf9ZPT0n-hP{j+w2ABVNpU1gMC&?M)=D`gEw%JMkjw)VD
zwM+6&gLO4Q3w0}0X-E1Y*v@}L!~R?+@KqW{(Y4P!I^)*O0CIZXGSiPlodL*B;?|do
zGE3tgxEL$HZ%k~+;JTotc0o(JB9Q-00BsA>-UR!}-AnQ&0pX{L1snae>?ua?=E3NNgy
z8wWQ!IQ!tdUKEY}KQO=nh@;bNmwF0Ar;{1-O8*
zI{G87fF!f?k1s8QxhURs;s8i*wb?5b
z%=TqNce3D=O=2ekx+1P6!-aE-US9w_{2D}#8hqXdC_ruvFyT|Z&2ga@z|q>P>Q)Om
zv~QOjH0ZrFK603b-M(sft;!pR88UNl$ld;tDCOad+agv@PBl~GGG}}5fjbyf?$LDE
zvD|irmJi8?nKSzV{!lR%(oDk97Kd%*_RSUWPr}%Csj(Vq#$7wYmX)8*=_Whl6N9`}
zXoJPu4#UO-xFm0yz!PkBjU!^E+C<-P&n;cJEFv+CdSC0&6^U~`~6dr6Da#LG=JqAx=I8aN}g|8#{?4v|TDCu&K$OdCJQGA`E#AV#iAWR(XCP
z{{=55JDxOCE|v30S<8136C0uSkJ|f_S=wySy(w`oULYUAvdzwIA4nyg7jSxcjY9!)
zJd`OI;K~UN5X{FVFR#GVA(yu>^FKu%GBhwS0r%7(c$z*u
zYmp~SNy)veKpIWuJhfQ{j1^%78?3CU9E>_fp|Jj1%0ToBS;{|V*DHepTp2YronwkD
zJv@Xv!xW#BYiep0`Z?q#>=o!wf{US8g2lJS>ij&i6zo2{x=M0Y(s_Z=$mt4q=x#Q!
zkD{8<%6LQ7szf;$0^sM@N$~S|36=!4kALCk%#_TPy&+7VUb|3t6#|tKjwrbxe-Z(a
z;a4!Dp2S&u;<>UrT_AD)5m`Y06N7_%FXvv8u_ddMk;NZ!xAg%0@fERLA~fV
zz9Vdi6>-W0ja-W~=DH#934m$AV)UUaw|o)gaHMy;Xxh-*=tu5xn1`F7jN@_o{C@$@
z83D|lgY8kdA5HrKW{KMoh*3;{tii5zW_Y=y&B|f0jNG(T*Fxl7$s&+#C9(s~wBh1`{
zo954ck_bSzkpkh)0ssAf#GT`+-9o
z1JcJhWrwAG783_9@E;@j3(!wf2;i&zAaEnqvK6=aDHEPX&}(^m$3H~18+M@GfEERi
zRd>mvX8@YUPh~H?3Yzx%g3p;$GNYLVjlz0|+(Iz@e;aU;vj9T4`EJi2&^bWc0?*$=t>Xcph9!Dy%Rc}VV#hy&t1zm(7e+J98QVy{
zF-Zb10#Bd)b7%G}<;H0Up#asI^B0@YhYGb`2saoc`IF)S(yNS*fyW;z9i9hRCJ+r3
zXF*YKoOXTGNn{>Zi!}J9d?2}g4ZJ~}SC0;X1q_jK1+6~mcqQ7FR0%L<628k*7RKn6
zzbjw_@a1Ys=_lv7^$29BtjndKKPl`xi#)qLTH?dHl5afRFkQ+osL{4WT;OB1Q*qM9A-LT-yfM;}inR
zKM1O13E*ZPs2UqZh6L?RORf3=e>ei22uSVG-thr!g9!~Tx*HuXy#|5$7Hh2K_VZzN
zpxXhoJ*6Cd=lmagKLhcA(ZgNv5uOb4lU|A1jpF6krDUL@
z4rUQ6=uRY$NjF*L#1$$JYO>e39gD9xIp;<}#?2Zn}fr(e<}UErc1F*Ee@1Yp_K(-R!d
zkVObRcG#dc%bx9vS1Vk2tU^-?EINz#+gy&nyU_tmB=zn4bxQ7T6K?a*NIs;mPsyHK
z;D$T65sPEyKR7@Vfc9BHW58E!?y=8E`}-60b&jAFw=2sk<5`uO2dO#kV2^bW(p|0V
z0sZ|-MU&4+y(CcL7Xp_&?0Piru9fQ~NvpCY4j$MFNUYA2k*?OPVWE`SIV{w>eTQge
z>*AmJ)T;2^Uwuwz2?E!QvGodebRFeaft|xqpg#8;fcUz0%dH!O0ne}3RV2jzmFuq%
zl4)N)^)Tf{HSVF$$j~GipP~+c;@K_NO_8qzC@Qtq#Jhjrhpyo1SlOJWN<#O
zBE*$aXUM69b`Cc|5ZogS=c+^Ih?o4ekN=f3#lJ9EKYG6YWj31vfLnkXeAl~ZIHW<7
zuFA@ncNz!D0?26G2JTL0lDM5R_XV;D&fxIq91vrbUTedKR5}fH(#S3=3i9(mxUA5l
z_nQSFS70iKD7m1@eI0K7#;vIYfbs(73#-NzfV!Mkb_X~;6{B>}Hggaw!_a}?cvjLn
zrRe#tz$f3hbyKq;T`O))w?ff7#(AU{xKggbh2`tDN;mz@WQtH%Q_n(xS+t@NB9OWf
zuI%Dc7{#S90a`dAl_^Ya3?Rn?_uu@U1-J`P;j&o4PCb>6Jdn0giPxUoBwuBI1afKF
z{=Ir9f%!jtg1@L<#R>9qw9
zylo1~P^X8w#7HhUAORiUIY8fkiRWCDxYfz@DI4M6fJ@;5?h#r{0VwzipiaJCk{ZqK
zSsBJ|miQAL^NaI8o>YqjiMz>$ddP{g!+*W_+jz);u@(!Y7|2vl(Pb{Pc@7ttmV=tI
z-(t${_Bt+tOT7Kyk&_ug&FeN_xfO`vcM%
zeK$TsI4dTD`kY_LQ_9zX)pWX|GU)CnDn5Jb);;q7u=nQCRQK<{@ZP&E8)Zx)MP*8%
zh(y?k3>k`To>CE#namqWR1%rTWXMM5c}yxrgv?_iLrCV?xjyRtp5OQU&U2pgtaa9U
z);jC=N2`6`u|Mz6d$``$@Or&2%38|0UPxD{@O&Dvc>`|f%uLDPC)2EQYtJ)5Cw26goR1+{0N(PU$@XAp*^Q^@q3d{_Kgq0
zWX5W|h(;=62UQ>%Difo{n?z#n55>C{@;fsv%llBK$pQ?2KT1HCj!Lu|Wp#
zC0^t?dPSf7hkJYVton+xsop?NS*fNL$65wCx{3ug?|D)x$ol3jfXZd2n1=3OtMD%$
zKMwWn`~uZ=0CK~@KG#=j_p%5m%-Pi0bk~blk)*<3DF)gGV7iHRjR3(IbAWx*EJp+G
zuW=yP>g(xQB8Vg89Jq7yB!|u)A%dSgaJ%XtKSI{EgtXMse4yCFW{)h7jRJWWvzs(
zHv1Qv3vMY#_5#Qe_D@aC5xaUim7sb_n|_ES54%phnC&3EAr17E*pvW(toLV5RdJ&n
zn
zDB`tw&)s};^@yHx{jgRcsNi2QUNZa~u4KW=58PeZf`ImV|$H>0i}RDk`ES@~LF+a=(MxdCE#K^_RIS+FL~5Li~CY5kCZA7)r`^XG=>%
zqd>V=nZN4mkI%8@pp8=X)(ad^r(-(fZ43QyV;H|E+pLDQ{^E7+38D4ONMbMX}@nHn)Z<
zH{Ng%I_iit^eR&U^J?Td7Jh`o@wJcNUPONp^5*tW)c60{Zux+bYcA#)JElGiPuz40
zIr#n>&ImBV`W&aa7n@B~o@nuOMyB=fKDMYYjVif`$?cW8*+46Pb5voYk3mf*mc%O#
z=);*BfVsY1oCoy7vcyK5!2zpfq};Q12txdnip;;c+p
zd^*of-fQ`#8h7SRc5^o3$vZdYeJH-GW77IGVKjnjAbw!0U2
zch>Qo?LlSrLiE(3Dmiu_tn0>8NlQ@F4n9nT>xyN?NuKIQO9_NT=UHE>SAoVyXO;f>
zpXDEp76V|kA`t-`F1MH`I*kXG2n(Dl01)oGE!{Z}7bmA8xZ?BAgk-Njo`V
z;jI+Fj=o%e6Ir(!#CXcN+qlK$S5cSI{+CThooNVvXgEncNHo-weU8#+hl19tjD?cG
z4th=IE{sHBnZA3Wiw)Hf6h>7`MGT
zFPA9a#Pq)2nHqA7%#+F0$}{^LYxvZGW6dNlrA~#Fp<~~CP^a`lm%iaLs?%{iOii-K
z$nCcr_=`WN`C5glm<&DgCS9*rxr+`)G#%H8X?vaTclEkT;8Bq~IuT!a{vnMC0+H1`
z`9mJ=KrZTA2~j+NbiwBgW)5`dTv&Scmo7<~#V-K*v}g)S7E4{mCH_=QdZ0~Ol=HgS
zk4CIP>{oS##9B#B*|UDfJ+`)SGIPFUR4hTv!j=alfQ7cZ5nQ3FJzlm)R00DcDPC{Y
zQ=9Hk-KQhE5I$_oR(0`-q>bN`+VK~dE{p
zg!jOyn;wfac7BJT!QGapqi5385fSGSRRg|%umH%G@ug?qJgDiS9?gMG
zK0ti;Vmyc&EEW(X%e$X4+C8#e+Lw
zk+{&VCRGF|ah4o;rPz?a488`?&hjIOis+PdKW1Jfe468AY?{QQEiy=L9E
z?1OG#c?pU2S>;rjfqG^!s3?QH?o7m0UDkgbvvb_W
z=p~|BcX+6CgrEO;FZ?;g{hxNxo5?_Z>uL{v*-JqNKI@mcg#P>DQVdVo>ld9Xn?;*uQt*q1p)>`A>hR8E*=k#Pq~6p8XeC
ztx6X(W5cuBsg6wRk@`RphxdZwd@{>>?*G>qQGnSnIF38;5Ud?u%-52g*0=Uk_$ljmL5xVs1eVm#BHYRv
z%5P~FUyx%9;j0c5R&nO(yIlid@P7px4iMohP+~s3$XC?)Q(13suJJE&6`b6+0@OvQ
z`9(C%PXE!*T(CD>u;3G{enxzP5N{tK_95YYwr&Ae_NPLKdl7~UltV0zv_Ps9
zu}AE*kV0q*_rV{9mvXHi|BAcM@oy|sq38comMK!FIHSD>1F)mb9~24g$7z#^b-xg`
z6SoJTcEaFWz^n8Jn1m4XE|;xXxDSGJ@A`7Q9@6Pa7A@c3KWV%-T4F~gOn=d|9+xH?
z(CKhs_l*22w|wwEygz%nj}m)`6H=f^-)gc+{xlIi4Ea#*-Y0+kULqbz)JEbkAm+dM
zgEm&_(4p#8ls_zMRwomZ!TYwlmuLueRv~$Rbd$q@B>JD#D6(hW7#jm_rM8=T?gggf){cU
z$Fum}Yf|0UmXbIPuCOj*!JmZsB4W97v8zE3_g6wH07`4cWjVteygseN^}*B6jC~Ng
z6j0q9t_6aNEISg1+%1I++9aTl|>?b>Ztk`IkoDiD(_=r7ldj#6;D6yNG&(-X(CNc4LxEu
z<2fO>mobDZ8Ar*Jq*Lq5Cl?lFnViO*_94owmr3{?2TS|Q_l`FdO@rPasyT3qmz_sW
znpO^<+V$e|zOkLn=Tm#zX?yL|2aShrKV(|M`xf+6PY#Tk9Lf_fhp{Y6}3r
z?{fRK+p70f3A_{sF&SL&C1Re~L@e?p`Reyp36RlZFqt8jC5pd)Hb_fEVcX>Kn5?SW
z-tFYnFC@&*g~YeHZ4rti{`hhV_S(s2w${jK)O_D>EEbdXHix5DY?Bf_D|-1g{3d&d
z2!?(*Tfew;MgZ^}7WBh)UB^?cRqLtX<-nzjtB#|ylfkjqw9;SYsRfWhKEj@@ZB@5t
zgu(l0(&4Z=ea0Acr=$s1lwiT3gG)((-K)=wnZd_j;*unfS8cyAlqM!dM_La>2cx
z+Gm;;Pb>&iHlt_oK??Fnj6Lf-TQ>gQv1_`2FS=QkKbivh_F(uqahXTev_vA1rE>-H
zAIBG^CaE&OpAL@f*th+QkN&zY-q8G~8>2agc@W$iQLMvaeW=&B@+mF2K
zZy)qPHlA@^Ol(#Sh5nJTJJo6!oUPFh^WX1CtkwGc*rfd1hZ+66Kla^wgyK86ebkJH|O3uoVih>
zaf!G!f6Ed19Yszeid$Hyp3KLC4o_SNw=wIJ#vsj`F0*-lEq9z8A=L;A3m;+indO81
zaghO;gLy?1y4id%S{NG&^Qo#Q|B(AC7U>S+4ie&bKnzR7dAj@3yNFH`+TlX8;L>BT
z`yByD+ke5!U_To791`aSEWwXMr7=(>cIp^9BJSJ`MtM5PkNVT_>Fp%F%lO$pl(Sm;%X389j_yjHkII~^UidSZmF`p0bm7FC5MK;8&0Nu;;P
zEswoh0%&YhIvQplkkFzOy6g`w(Sxu@tZ$Zi{PVxE!rE(
zsoZ<14GvbtWLoTW!-=O?u;mCRC5^DxKO1xC}BiyF5W4Mv?
zHET}>ppgoqjA7p|*|p*UDfgLyUtS0xrltr~(GJ{t(b7lbHRm^bVFrrL5|AWXe)iO(
zzWDBdCDI^ZLuMWt4-`p2^6rJMYOKg-q;rjXi~C^vlyDfAO8%~ZJZ$|3Me;mX{7~jLDkYhS}*MXd8CiP0`yMkEIAj(HuHcTfI{C
zOZd?RS|6*|W$%I7JncNrkhTZI`hec^lVVaT${Prt1xVJxx@6$sh0|D3K`{ZQ?oN4Fg3*+4gP5F5qA~Aw=BXM)4f!domw0W8NY~xjc
z$WiD~LITFJCtX!^2Wc7tUd6_(ZCSSUkSfrX7FN9Ug{(bYa_J;g2rdk?(4w=V0MLgoX
zO&a-Wq!<4iIy>~+MG2V)dk*hmv%TZXm2s^pNFx)wz2d#oML5v0czV#jk#F`91ED|t
zO0;Q?`@m0wqO-U4oRPXnjD51Ga1JDDOV*4(p312lna_oKQc1}o&|r(zJVqE^$K<$g
zeP`RrWdk;|io2fFLUc>%%Hy9sg!XFfr7n*Egi#F(H{-oM?%hBC4X(uU_K9~oQqt`P
z96>wlT{TEu(;3?Fh#f>a?ieoWa=q9@y0Vx?Nw^mu2G&LeoE}4d78aI%SMtQ|#dO1q
z*}~b^R)N2I6L_%>S%bfWT}o5On2bI0^auL|&)eL4dw3dAX*OQGZLtGYqk%7OM%yqs
zF@r^~<4y)3tse&HCx*6WU6xzCx7#JGVj7VO@XBc(RnM~rM5Or0bXsCZ+B^4n7S}Aq
z|8o3YfbCr%-`Uy!6!qb4bOo3~YX&^gRfhcwC3?%Z^!nSqKz;p=6h9wm1mac?4xgJL
z=jTE+H(l&gJW2FE_$x(EueQ9rDMOA?OkNDOq`1$aNPp~l=v*ammtAUxK_kGsq^o+l
zX!)IhS6(#gXVNjn;QQ+Khj5CG2dr#T)=xGkDJIpgrb}&QSOZ|G`QpMArWQKr$Z^x~
zti@z8R#!$dOL39I{+C->
zxVZyMR=OcXXrhX2FoJG1s>`$GKl!;m{N0I&VnKzSK;@hacMrYn6BnS(iw4I8Xi+N6
zFW!3FU*-V4Ue=z5aZ)W=-wqk*a&M)EqMRil*M^Jh8ZC4NVUN_N
zjP-=}LBdDutj66XPQPjs^o1Y9y$Ae`1~
zO?I71SYLr}>IjZZV2*c4(h+u%5c-sw@Wxc7CHj4c9k79{L9}5zm1kZQhp3Ae~q27GSZUr>JZw
zL0NsW=%G2CrzyvKucmMrMeZI&m01&tq6p&kq2F7Ch+7+va7yO5b!1M*4sE7|2@wL9
zsH$T)eyDk`hcWE^7+OC<QM|(O{!J9JMuu_*Z5sOeKYu_1d!@ovS+%2Z({N|N
zGNJq~6#rEpayExH*U9GA|MI2cx21orR1$OF$n=nA^^%>*%xq>{;ElXARz*q1
z^b~Cs{gWK;v<>Y1GtXFUmj_g{s~dYpv)grUF1nt$+O-r%6zKFYDs7~~r^J6QuEUe~e6}mT5)YZ#u9{0^O{N7aAm+d~&
zOiaB@xc->zNLJeR`ZJVOhjd>5fup{u<8l`{T1gyMjK0;lR$kPY+LguBAl^=r;11jq
zjw@HU!4cf78%3RmUY#T@d<=+qrc|yMJTUJ{ajKSWYvOWjeEzAk;n)n{j3_-3
zz6*pUEeyA`_-Kf1Ou2#{rw=_x{PdA?Rg{=1z)u
zo@8$oIAEgKiHJv(eAQCE?#K0QYOtyzGhu35kKeF#RF`1+F3DS|USEVTLAYw8E8P)!
zASN(VXr
zf3V?l-)la$go?GJ@ugS2e8;*hR;>9vJB8hv3wh-ic$%JQu^gbx9pP_Md4W={X7n3r
zAGi9l7@f(u_c~Umao{a7<-%R~FMjTK!EGgcrW?MuJ%m9A2MD?Nps>B*c`w|@Coy8y
z$+Vwn-*~=Erx=6E3}TtCIz4lxk1e}MqIP{mPMJu)pJkLoT7_URBiA8lFyq;gpu~4R
z0;Md;p-tMW#QUfyNr`(c;q|kAa$l{}A{2?d<@6@+UU=3?hbfSJPqnU%a!XB)UJJiT(CnZj
z(+SPe2rT+qIagKiMn_LDoARbrc2xh*?N5HogVn!0e_1(aY+qTqTB%3Lcby=7?OIOi
z8xk-1MmXU~xQP<=9y`rhDw^-@OxREl0$}19$4#>Vrg2xmn!R@Yc*>ln``GY+iY#VIYEZurS?M?~K9ODhb
zQXy8aLv>5T-IQ=ri>xerPka!?oE($kXhiiv@Jf1=#QYA%{Wzs~0YppmReX3uNX}LX
z^k)e>9G-e@o6v}0=yTbvc4sUfAKY$Jpi<)1rI;PzrF?r)P9`@1-tnCb<1)V3cjIAX
zgqqbpzLQ#Wx1MYA8k3eSjWaoPj%RdGg4qu@{`d;3
zL2&ylOnX_;;oC+g71^r((0W8{z%oC%@_Rq`OtIIg@3Sdvzo=nev+|g)yHKn^c6lYX
z>+5
zZrROpA0HEe)y*X{hU6Cd=|=E{v}lyo>6yO$F(VyYg;y$4Lo8}?uqkt2%_SH}>y{L`
zKTcS*URUYOWI1=_aVjZ~_lwxq3}G}ibx7Ng@&ir{k}rvoGWVvM@-wOx+DD04#cL!1
zrsr%+C$kPsIY`f^rnd5pr@6n%Sx!GVOV?>{IkUxgQT+}K`hd}d
zudH+M4q=P%hB{{3u;m`eLoW-IL?+g8esNQMr<;7Fklh(8nxG~Hgq7xgG7Lt1$R
z5CCPR(63-xJ2+fewO5g`yskZzQ;J@T&!%(UoG+l`g)IFQiucgGXC~S_!LHGPP!&3n
z5pzhhUQ;gIz(OjEx1jgNsf;^oEGZ^5sl3^5j;Zs7rSq1P+{;TyJ|tC=ASo;WE>E|P
zr=*b3^91jrE4qx*9~JYs-e@xFu5>WbirrIGE^%UuKa=Gbd?1HIxw>vodj_-hp=STK81V-&R&Y+k?(J5v0%y+_--ptd#J5RRinPo|SQhZU$
z*nD+9jq@W(RmqKTRqJTIT!0=KdBRC=u@0TOBb60;jVVR-hKwd#6?%uzof3;=zSU7*
z7IFkc3NPt1n(;Yk%T-08lvj%^@y7NKD^v%xZW%Z{Kg6_Q&m-!pOMb^u`o!uLdvBLhPz|}>MsY_N84!zth^b^if<;rbnG(Uy>
zUNFjHibP6VZnV9tGsNIt_CGaoviQG&fwB*7nmWv
zB3W2uQQNi&EQa19h!rhr)xGr0Ce10GAzal=6@KMR&Nw{m6)HNz7omC3y{l+c+1o-^=JaI5!y+x+h%Y3{tZf$U@LPdFq=)p^s?rqOGI&Y#
znhVc3P7V%-t5{Ry@(z(?O0uS4Cm*_PQ5G?;G;&U0=5j|Q-J3U8#G-Wrk2q92;Cp_dr?n6=lZ+`Pi;&rX@vBgd`)v-kp6|SN^+^h
zHUF2#Yqyyl$Z_~2PlzEm9#1^efNWA?{RaJT;q=DLK0?(AoslGo+BY9RkkqLUok_Bg
zB1H^MwK(Q#=5dxEsj5klCYS`OHoi^vU4dJZyGM(f<5l*@>))yfMPKvHwltJYm)i3!
zp60GkDEpXh*ouoqcCK3m=99YVJ4{tBaz@1He+%re9x!$db+lY7dVNZczc)6gn&-=@
zNX?#(3Xiwd)haFFS_~7>Z3T>{nQeY~t&hl*Q7@yc*6h2j{PGB%9YRU>!u@!%U#_)I
zp*+`KxbJ0L<5?Mt35MuKy!r7dNTIaBN9C61bV88JS`JfS!^EX|)_A>&F#jrp)=GU6
z;fW!UtfH5pqB+QsMY?On=^Me{&i)0oGNZ=#{98T+tZT}<093lgP!1bujF}P5PqSh_
zD6C`gVkg+?cC?Xx>Qw2no>hx5^x8Pnf}{`~k!+UGC68N>pxTiBB}?48^y$?M-4`Q6
z*i*m4J2IVbudye|7Hg7qRu3MNeNgH`9=78#T3t|(g6Y@wHK2j~5!93nD1#n9Q$&`g
z@OZ6PsUR1i_UjlZ*R`(k^19pb3Q2RZhXC2Z_IMkfmbO6xF6@=3D3l&DY*!Il
z6Db2`MhxUP+TcVgw$T2TW@p3F4ttD7>&ioY<}&f%2t8I5%TW$-C2a#c{I;LsEhSoo
zWAMpe@x*Bq)F_{Q;1vl)X{KR)4!|dksB<#GfIOcL5Q0Ca
zUP79cRzVD&J;{7r5;qD(v$&@hg&Kj_HH`ZrW8e!Ny)Pj_9fle5=jLZJu25i3BAN6v
z7WY|c(AaJobNHhz@BbgS9&H2AF-6&2%_8Vv73h-uOR;EbbRa*n=7I_^P?KxX^w?|g
zN%eXg?!r;bgK2rIf3N_!T()NT^ZGF*GL@4sjui8UtLz~F3AdG;Z#sPf=KTbo%8mlV
zilH||^8Po$$%}iFBFKqLK|a-`(Ai&vq?lA3-T&>I$OLMIP{BTEb^CTMG|ALaQF-F@
zYjA+~)G37NFdMKJrmz-r@7?FGzgOdfztyJxcMeu)DfV8=dQb89XEf7HS3ehuXC=41
zqJ7qe>`D|?36j(NoGR~qQP^bIP%lHjmp6f3*h&%QN54+=&KADttzV$%m?2h6E&7X2
zis8oY!J)k!hQc)Mf%Cxu2PW?RXQK_Ol3}9bMb(~lox}^T0vsmAMy1Xc7rr@?
zQ`dfqtjoSwZ==|qdod6Ro@JGK{Q#B$YytoN%km$=_I0aW^Q5x1`n6+y;cykbqPuT}
z=F+^-)!kEx@_{0~$x$2}CJH!A95;Oq(ZdQZhaDWk7}QM2TishubM{ML@8dr%hS*Y`
zlW1&diYW6w4DCZWp~1M|#(b!nEQj5IpTDz{L#ndeU?~w+nIbM6OZFn8L#tvLy&DLnPtdX7LxumMEG5E#15SXvyqo^EY}{{
zPd95zP`|9Q`f~F7?2TsQ+;fO^s
z4&NLPm|zcq0;a8z;OC3tS75%*GxkFB!3~JrwMOHIC?;aswx#jMcPkSN0n}M=Q;nkNh%IknvnOPQ}
zwVm$+0c4!ZcY4H-k3m5yGE&MV0EOL_f|=(={}aX8QOynVJ+j`|Vk-Z*80S_Xe&`g1
zio0jxy%CC7ahn7nBS?1TH?j(*hk;P?EP!qBK-&8DXu4F9g?Zd{Fh|NVtM%|E
z_@uWmW7H?UW8hu(z&q^Ge9#2Iw{Eqg-wzI(?AWxCYS06}c81BFp`_J|@KHgWZ@F2S
zzlUbi53-yH$>^!);>*rdWhSY>>$^520jxj*TIeE{offM2tdtD#^RPpg!2~G%o?$$~{;@aa$*Prd_Pmz|NpQ%gRC|bLWT;i*ig>w+ngM2AN
zB(m!jU~HnyuI!Y!QRGft;U=z?D8Y9x*w*va_U`nhk|I0e+;b8s
z0H!ZO1Zb%*jMAGZw&m*DG~7e{b(b8_Vm@+fr^r<-@a6)%?C>S
z;FA5P8pQ&W@C5ez?fz0;aS9{VtTywp$2h9xHH;|
z*Nu8!C|dP#Ib1Xwll#wiGrcaYh(llx3yg?jh+I;V>*#L$rJoD-+yZ!KHmT*>-LfIAQ4L6`540ZVPh_W(J
zK}y+Ru~FzDFylk_nWc&l-zI|!dk+?r3q4qF9qW{xRp__Avhp9kOQ*!E3bgPCoX?Bs
z!Oz8FOOul^Xw^#(aG3wmY1+CYD
z7(27edl!Ep4SEr94it1X$V9CjjzeLbJsy_W@yC-_HxQfXcN(olrZZmwnC_K=8y~2D
zc2txQv@};M&YnO}0Yv;Xc6oZh3L)QQdKS)KR!&@M2VMs72lJCKtnMcLwBXQl!f}kW
zFmD5-RPA*hxt|QD{j?bI1c*36_0>(AnR;8Ycfx?o=N?7n;(Vjo#_~Idc7DS6?3n;0SUX2%w5R+Wx?DCT{zJ2i{;QDwkU7q>}qmb-a5
zO@w>-rnbC6>%>@;4k?pwqy
zx_Z(8qe9m0eY8||9CvZ0-=Wy_T~PCW`uQnPI_`zS7G3`N0d{pG%p0pG7>bCwgWGdc
zFXw**RLHXDzzS8GCAgL-qtJJmt}2RQef3L6nJ4)u^!5e@5>?M83Yn{(c7c{;$zbN+
z+Y8*q_*|psF`zc&d7oNIeggqn;K1XcmJO6FgBkk}yDT#)NBn-PWk5^~A!^QYI3%i&
zldD7vz8mK|bQm*;!?tA}KCoR;a#-*T5{76Y#)W0qxEO3--b2UlP5qFabr&xN2)?&Y
z!QECsFc-Pm5b{vlff@Tr7S+Q?<1!0TKp_N6KPJIqHVMJa@|;Li^#gX31BHCA_d_6U
z+OHQdQ#D*|p|PRh%tKtBUusCwI3#2?xXS+x<@La3#(
z53bRYM-QoCt>`eRp(X?`XoME9IsY7)D#T5OtBL>El?R_7su$H?yD38ZFpL->D*&vw
z`2>@hwIdR4=Nc2fUtw7RM;ZoV01NH#%#4c}tS_rSOBcM2Kh{xf5g`h0EYG~C{rdGQ
zp!eU3&RjUaC-(OtVlXwcqC&45Kfr|u_PTUUOnB@!~OL-D;BN
zZ^NjnadT@Uk4}F_B1iZVT9X7c?$YsEfmhFR?dafE@kC^k`^-JJ;hQ5d{ygP_CXOGIP!6W6~V2cv|Ar^x(?fsrui
zzdIpb(x2szMw4Mf6^Jd79A^Ge$UNZLK@4^H;?3v_^8c%Mfy-H!}b;HirkV0u_F&KpI9`@a(b~
z+J}RFc!4ue_ZSzlgJ~OJprSOoX2H*Jb5xcbcMQP)yw46#`I}#XvEBnS>rVU>(!&n3
z-qUcRfQYB3m|F|2&!T1cv#36>r~#*iJ}4lQPA|d_Gc7|4Px+fKfn`HxT>^ir;SMc~
z^v>urT|9drcGW}CRO{iNP-7kj+AJFpeS-rgorU5s6U_86SbF-uQ8$bgnf0Sdf;UBw
zk&4VWoMsQX1PjM;_EbIMG{bR(fsP+*Y&uJi_L6>b|H&iR=d|z?ioeMKn0T1=|Jok^
zwLSiiZV$R$i2^`Yh-`gsOI04IdCGbrf3gKIbJu|->d&@&Mv(mrrtRoALC1f9nX(Y(
zY2_GM(+>lmyqNi#oSgrY!{?j9yAMgZugdz@AU45`AryIyOOqGzR}}=QvFv9&*B$$+
zJ>6s3LB{3|gkrV3rVTMWCm`lIVemlpF9OmH#}P;*)wWz*csv8e>)SdA{Tm8g52kEF
zL*-BZu_BOmwdHF6l%fPlJ$^E|_i$V>7;A!0#`b(1Vj|$bM~=ZA45*raGG2mM`YTCA
zyk|Owu-s3+{4r<_V9=UUpHqZGuw=j+`gjjqr3A9H^~MGC?&+j`2$)h{#sm@wwrOo2Z~lkuPtfj&4E`Ar+=m|;V=GdD
zfg6{6la3dA?Gm0aj0oyK1pcCqs+a23Ssaqm1&Ayp6jZ&bqkXu+uyg0`1AObDL;*^8I^xCRga1W5MhQ0vTBV
z1lH2mj}2v}~dX4R$baGK(S0Dz~15D!IryyTw;1Ben5
zi2c$gjxCVd6qPD7OQYox-WAD6mV0yuSnkgr%mN4c$x#V}#C&AZ4Kb{{lbs}rMACb9
zBWc%j@D4n?I|=DE3PGY=S>8lcx-Zzf53IWX`C-5&
zz^+<&2!PnQrdD9sIfS?IY2+UBB1dQV;73wZ;0zyEM+GY;?GbY&cH3>LrS
zhy_t9-h`7HYtQdd6$A`GN1ukKHE<%EGAu$b4BVC*hacL2F_}!y&$pLi
z=C?`dKLQs$11zUnkJ;-Zko9rFX$Odtho1TtzNy6SJl)^JQG4WQ2o<|J7e=6Z)%1?>
zR|O6bO)yG}w%5m9I>A0UGngH_@hb&nI?@E}Io_-<;DcX2X(AvS`9C^^-8RWfk3#CT
zr4WJxgq^#=nCaW203ke6P!3XG!17lmRyh4c7#pg-ewMaP$Lz%6CqBU2
zvvMb9l&FB?vT`5WF$4|!^dZBQZCKGM|M<|iUk@Jd+uh2yIKPy-mt-5{)xqJI8JPh4
z7G^?mmN1;3_8?Z4-37j=KQ)db01QO{XUA_ZdJ{m^I^mE3!sjWNjE!=1vft>1`N#9B3&gQxO1h--#~!pU9_o7AVQP4
zwTfeZgUlX^JKd$N#T^}GRkeR()^mLRKQ2w=rw5?eLx5Oed-vMsOX85^ndQl|-J+tY
zA?4(_KnleKXDjNph#c$?EeyTM3|Z$g6Q92pqfX)u>x1yl$Mom1Z4lKYm1R<7BfI?-`<2+eOj>f3HhS4-qV^Ly}J3mxG+2oo9$^Kj=!xNbNR
z%rfSo+ykBi!*C1qKsPi9>|gzJk0zkZESUqY2{Lp&`>%f-04NV5`VHipo(_#EK(qSh~
zb9+{kmGZ59F2_EaQ5LAWiQG-lu}BX9^L;8K0RA-vPIWObzxojAC&O|_ixn2JOWf-J
zg3{A@f(0vf&Ot!>U|F)XbBvB%hUP5)B=`|{!r!!i^BE+AYVS#DduUB16bmhvYD$18
z+PMwjJ~8x@-sRZ=tD3dXHq!{qJrxv%Eq6d<
zP{sQ^@XIy;HEhGct$Js@0O@$Nyi&7M)w2Z5PyWG@>ZR=2^n$jFpwkd5cq_;dAg>$m
zTtRrN7lb%&AlT&@0Bac+)OZ8eYPukCE9+ze0@?==ncA(_J5A=2H=q+z(&W*hwPu&(
zG&N$_`$1{9DNEur_
zkkE`*V1q6_uWPWPw4Y6gDzPFxNE0m>aiM_M??=n;&sXPZ&?sABvM7H5Db;#?976MH
zK&Q%HMR&4!K})yd^OfKBf8O?jZcfh7K&kBK0)MS((#8F3lKqnFtxu7Z_cT+@s=xl(
zIRGesgcM492CMy9EO0)FZ`G4&V4KCl_KH38Jv{>1W=@h=(V$H(Xx#=swQ%(NN^IW>OChH#gXnah3wcrbo{Y_jiEgAQHI3sBLf^SlKFPcg0Z~eG#<}
zXjAzkA`H|j{5uQG)tCYz@JM^NLTIek4-BMlBN8C+0x5WbyLw84_7slpd6PfjN>6ql
zi=2Ov`pa}F*roEN1w~=Kc4IwN4TlbBR8)=e+1MEezq+RCM}%@yu1(!zKxNzq=M1Ww
zi3VVYwo7?=+|63Q(e{7>m&FzX%kE?Q}&V
zs0~bmN|{YY)!~1z0Cvh>mTvj|SbRa_+3;C9Tb=l}o{OK}i14OG{MW^j%`G^2P8$_e
zE2xsDXWOdAEYPgQ`((LyxzL3%J=_7LIEzFl|3h*1xe`(NWX)LUa0JlwDtp5+QmduI
zzCzE`7ZZ~Dflrs`l*%<{sA70u0s{C>1YS`WIXwbO7}vhAy3
zhniyEGL@CCoj&8#nH3(cT9SeHO2v><#~8RG7Xk^X^GL(2_DHlenNI%tOSY{Bg1Xa_
zn1~0;UIZ1`a8iS5s3EtX*~?YGJX>b`JB)4!A34O?iqM&6Zfaq&K9!BM*;@(+=1?=Z
z195#|XB!N@4KzZwSRV7Gj=v_X6TXxLKux}{=S44GA-F1Lns#i@$e^hiVojenSkkPZ
z$ytX@uZHVgDIC(r4CYTN`z3CUa=&f?hCeNr%AyZG9U|a(`34lE+$i9N%H_8{i;
zqt!`lcfjV}f{uLcnMaRb79BA87(2QGEdlMrFY=XG|GYnjZ!6rl0`wdQjfT(;q@&}O
z4T0C`(AOvD2XBip>KxC?bLw@7;zD=M>+*fuA7hlmarHSn(uGYf;MrnEIddUo)calp
z9MvndIg9q{suO&C`p>N|TM%wCk+?p44l|Q%l9f@7STrC#97|NW0OCIl}m(Br3Re|ODZL9$DX%wW}Gv{oYv|ke=VRoxLjP~@49bdk54FA
zVrAcF(hvfu!kH7N2x%Y!&^L(cI%y<NS0*smgZ+RnA)aou4^1)fut8-$PZ$lve<6T?Jg78VBVVD22uyP#!6I3}EA>X%dO;
z97TrdzUmZkJeN&1{B;SQgfe0I>+O-$+J;UYUW_IbRn@HO!tr~3L}7o}wf!)H{b7Y<
zdjCX{%L})k%Mcl(X()m|$hePi6iTVH@6_PVRh
zicen($Yt@UpI=TAQkRrSNtk|n
zO&Nz*fDSi{65uOKmu6Q5_d2eyj0p?L%Y}XTBm~VxjiKtP(!>~8QUvRJJp!nGB&nB?
z|0#h?P4Ki2Z>J+Z;=a231vRnB6f;B3V-fg_UM5_wYGkLuBfcesW}M^nN-H-`goFa@
zia`k&o|QGrleX832wR{vBB!NX${7t4;BMmdWL*KZl%QXvRV^UF*F5wNR0*OyD+ElS{)0zxuH=1#NCDAGs
z6EfmJ?sjXKT*{W9M|k4L*=0wSJEHENU)27HGg&V=dqu
z(G);8Je;5>$mbKDYnhWnz1~)BFk^UEjYzQQ%zW&K3s;TpbPpx8hTqTh&9W@S8Z{O`
zsc`z!sT@b{dq1n1df#TV?rrR*A``uGN19C6{Uu?m)Bdi6ETnk^%CUNP-et}WpOe}t
z65_?ifDht&9A2ISPIg!bnW+K?;!o=-@zutM58HnPL!_0eMbBZ^Dy`Z}p5>RT*@5WI
zWKulaoI>&O7446?G!240PUNDKNhb(bI6qjD_9@R58WWP!(%u$-H72yw?TH^bXfks|
zt4K4Qg-Jg-d#i}_{Lx2n>tg_<{-TRBBj(f_ny4aebf**PC@@ou5>xDe>^Jhhb6c8D#jr0`+_0rZ0cjCplN1
z0?Ld#*C(jR361ac2`hLmaY40@ua?!7lfub`<1yI+N1nGNWh6$#{WN?l)}2{(kV_=6
z#7M=dp6>EF@rzkid28;tdJv`yespdH;+kH_d@OiCzA1Q#d5*L8Ncb?vC!4ImVKXER
zU<&^HhkbE_zKm=SaDTmeJN79P(cDT9f_hNm{Eg2gs#IctDZlC}r
z12la|s{cDA=#ebZCC9DSxw*8m2MegJ!Wf5NOF}3A;)@Vw%gpiQJy4-XD$IKu`i}!_
z$3)5%e(llB&Wy;ike0-Ja+>1I!0#a48%M}Z*A#_z;o;p-CTfy}n$iD=+zmkex;MI2
zY`zs|#xQYV$*iy9M);)Tgv3v?SZow2H<1m+3IhLs$Dc+(er;CZgFj{U
z`YYw^z6l!tDP=%DLP=x-*n6c8o24v(Mg?*3(sQiLoZy9-NGUGy)n-@il#Jb3RN|PS
zn7!7~*m7w%VT!`WfN$f<{+};*4=UTOa<$6d7VO_4?m{K-?0N9$`m_hNpOAE8714{djI+
z8q$KLZyRI`hxLh%$Xat3wK9!u<2N!nv_MI*kx#^8_{K=_xSp
z1D%_heurj@<#7nJ3fC6K``)X>BE8X_H&YZvEWf@|cTGaz1U{um5Wq0*1()nuq)bJI
z)q_;ThU>ZiP3-HDhqEC2aR($)oOkxnbU&m!F>UzE!(5}AD#5FF8_3GtirfjeL6s_x
z3FKrDnGDJ8-%tC9veb&779Rqpn23i`NmRhUD~%vYkW>JI&m?5bqOv}1Gh~l{P27mq
zxqsDM;`jY*{ff>6!^&=G{9yW2V*S+<)(dUH7v~kUKUP74(i-v-#q+6=22Q2w#GQNN
z@d&ofXr;VMcwh|yGD`0u?}dEUIr-WmNCaNa*d=~riYxfv!a
z$mW+(RTe~QuZI9+HxmQNJFY8HCOMv;twPVpnSv9<{sol3n)dup4qwSX(9sF69dfB$
zDuK!`NHq-+{c|z0|L8URh{E=IIy6eySTNo;)f3zbeCpkgsC!F&{Da7khxobL$C`l6z@KWt+QGvT;8%%d*=$l4>K`aP=wy{W>$VAaQdseYvN_eQT#V(
z4@k`OmF%ShUr`p5wZ-Bq^FOe0ZuP+BI9hh`n%5B=PJ@+e-pg&Q)%L&%xcpJrkgC(&
z!Qh(0r5{g@*z39vIP?Xm2IRuNYk?DXOjEl32Jr+O0)qAqo0t?dMKo^E`MZ8Z-rou6
zd#Fs*^X67^K}Bk~CCLdi*7fv88*mFokb?)d?Dq6Tca0*a8M`q+6OSQhv=#VbNh1qx
zQh<47ga7FuEun#WeXiYQdx{Y6lB;KCv@CC20-BDw_Pwt8V!$up)BjNsa;gJA%(5XD
zb7-XpxF0Oz4%ch3L+x^6_7DR2g|VDJ8P?awZ?QcyU0ezPG(4HrNp
zLoPE11Ob4`_#8myia;Rf7f^UEr=flIKgvNwGURoffS;?k)Z}xMhHQqv|9^khKaMZZOUc9@
z{MbNcZ)~2iO@C&V_WD591`An;fsxTs19JNj{vlYo|EmD0@P^UafXr77gkbIpvYuo4
zKyYbht8$}yucQRBUif+)>kk8!r9jVJ)}t!qUp!-?05#mQ%uK=Uf;9y+uW2DDLRn>x
zc+UeIz#YXNe7ab^R>IzZ>I`)(CTl!1&nxB&W#ZB876ba5aWzQ5uJodn+|lv2hOPU&
z?d9f&MClJQ1c>h1)mifJm59G#M;WRnUo%(*`7fb&DVp{1HgJ!S;NBx8j>af~cQg2y
z=3Od~vt@1@RW+~)b>pgC;-|%`9}xE#)|&5o{qc-Q0$>w1@Uf$Z11Q!)tNIVKMvOu%
zfAAYGv9psqek2?M>xc=6f`>+>j>amWhbFRe2J;c<>W$WQc6EvQoD>t;;4~AN2!Hg0
zk_z$(^&1f0yYzTovup~(tn43bou9Q=QH*R3_^X{X8?a2AbTmI
z#^b|rJ0ZjD(LOHjJWiQQ8K^kI?bA*R9ToI1I}b)#6E1$)nI|uJ@mjeo?hiPPEl$Jn
zUKQ|xo(wUMmAJ}pXeQqoxSMJlbss;@F?J6i9J>D;eMC8S*kw@pEe-T
z;;Y02UMbry4uG{tdNIy~?~&{ida2QUMiH@qY4a1?H;fN_)<5S?1~rK6;E#Kz2&9F;
z{Q{y~(;6~M0C{l%gbW|Yz1qLOxC(*xh}3j*#eel_F>~t*5)8k40R`6^u~U0CHaRi%
zIy{i^)%gr(@C1uuPF>gn=}Y@#GXUM;nILo~4+526(b%z;$8KU9UgjHWu#&6}7w-PI
z76dioQzgV%ReEudbDI{l(*dh~czd$a$A_E1N@D6)cu9oh*IS8j!+6}aPbUQI#-k&Q
zxEP_h={B+5)!v@u1~F{x;+ATs|OGFShc{{^*o
zwpRyE{+;Lp@b~d*`|thBqJWh{?4*D;=eP;2KRv06L1fggyRj--u&(!s9tktBdD`P7
zd4h>-csU@DD+N6y)}LQO_PK)Erj}AyJ$~~SZ$Pe9n#tijBkF{f&yWDrnK;xB5sB@V
zL)JBzy$aXlbpP%7n~2YW$=>xIN&qdnpR9+L+W?@~>jvuZA9PiY&d$ZI{V%$qy6g<-
z8}*$@3x9tZ4?db5&uy(&&`{e&WAOSqv5KH}jjz^p=_Oe6`3Y6dtB*N6yKEM>){XrI
zlpTTroWs6%X#>oFj#bOe-C$Me&-fe6B6^iXjOI~j}A4s0ZAb?KXipR
zx@OS$uE7#P3%lc1_~#xq9(^)#58>12&%HrAM^l5GUtK5UoYX(ql!?t^(?ZS^
z@|03%U{AD3+SZ4|S(m)4mQEEQLEly3mA4A9fxB0yzz0zFayWX+IwfBw+56|SPT->Q
z%u9m^dlTBn0sGV|oVC&e+^iP8!gxXG2}p$wpWi?{oz4J?UVW{PKBOoN8s?aOU-J6)
zqV;I%{>|TVjli1|6);-Wmm%OfMFT#g9v1O^hH!enu}Gg^O1|7_!ohapUHV9K{5fdF
z`TYV4YmLAr*_L)_bQ6vBUuOKjga4qD0QeIxd8q?SKLQMJJb(FY0+2^YFDBhTGs$nR
z8`vEg9EAT1*?0^g8?k@!iLL5bgd{`7?b{D4D|+gB;}68g;%H*5dCMgaKWEv5`%PM*
z&)$M=5j2m0^8*PV#9Ow1=4Zz{h#J1>gwG9XnrY<6>N}YLcfsE^9))3#j+IM%#TjFh
zrf`zSq1%J_VWItp{k+O5v>W&>q0mZ
z8;|C4!zEuG-s1!0p62HN%u(pgf+x5X&mIRP%%xm^lK$`dK8CNo_h8SEpe%gCm;e_B
zAD#4%K2&fz_p_I=xv_sgZx6#Y}jJ3xN%&KqOGw$1IP
z>k1EeE?Kk61VvpPXGi=F>;Rz|WLY4Lru>!!4VJy)*5r8~&*80*fyrfLua^UTuV0Wl
zu?zlY`uEy60GD~Zme4&xa3;!`nfGkL{@4#bY;*eO9e^mPrIQ&=J)?ys=%_rvGj6=L
z3E*p@9@ug}clhPo_q2BuYghvsIenU;*|={KK&XKnS118huHS9@z(=ppm_(An3rIo`
zD9gp>&+7htF&q5cp_%PaBOrSts3ngE5YOV}0D_9zidjFX^Cz8$sn^kR<{;n*f9Z6=
zA`HMDxcW|dnif(|bhmFs(5oE>3f?O`^4vxbW1vHU45
zbV0(V1z0YgWJhrKyMP9*Ey5H;l*A$on)a)V*e9RyCD9Zlh2cH>Q)TY&`FajDoDrE-
zttt^@KWK1;+Sb6Vi1;Im9PR>xWl?5krk1uhfN5cVU$zhkEoZ#rcWf9zWmr~K@@u~T
z5M-p_E}i|eIzKpgc(Le%d@rb0Ne~`A!9Bg|?{R>s{_%#<XB3K_NI9EJ3GBWA~e!e?<>C`q5q#GkmMf59?G#iPrX?r4<84hvIMk=h8
zC!C4oJdUb{?>liyEhl3rh~{triHSk$TJX!eu78il47{p6Md<=67wOK9-P(LU?9UrgvNO@Q0L(
zS%x|82X%ng5y>>x{`Ga<$iW$&7Pt_o2g|7U){O&qSBa?UXE1&yD<`K!{oVmS{&Jl1
z>4UXk0wJE;SAg7kL+?@AxjmBsII<3FCJc(T*UFIXc+
zPxlXxcay2NvveWi)3t4cVFr}8!~|r+Cl@8#46_15Gy5J6))T2?|FM#8JJ_XLU*Fzq
zGgZWxt;F{aM6PF%=(or
zl)r02^#Lxh59B@am2fT13`e|~R<{OK?>WG7y?6_q37px^#b}TpN;@ymC1Z!`Mf-V!qkI
z7z!tbU*C%xx9oQ_*=~kCXW2a8g69+1yx!gW10?5OOX(!Ct1x`B&@X%^;}kR`zc;NT}riR>qYp!=cx<;rte
zs7_A;E3k=$Mbh#wCLQTol&Z9DAW{J1RRTEw3R&*jLzoekjpIT=9qQCVK^FqRm%Je?
z5t7XS>T@A3fVFfrAaM>=8SvNu5vId@od?RGc`+YPtg0HRZ5
z0$m`V^Sh^ANA~>-uL({Ec2PlEDqd8$*yKzZ0zaeiL!xXt=&&c=Rc5#_Ou(&+I6nMq
z0-HY^qh&HLJRd4zR@!`{NhqT&3e*eHL;+y{`6?Zv%*EYT-GcqjFMe@A&J6lfw|^Te
z`cMko5r1e@aN4+Sd<($ci(tk|0AxmU9Ayt1=wZ7O={ppl;_k`M2a~%I8X1TcNC$NQ
z`vh=~y~d1cl;1TX+90!T=|
z8`F09OIlqK%3a(2PE2wGb`JmrlA**~ISuG;6+L!(Yco{<+=Uz2HMlA6*kyUW&xKAP
z1HVX_pBYCQKPFSQAQ?j;q5XrA+ci~TtEonEx`2X~NIxZfb3F71L0!5WN56;XKk)nH
z8fXXav+N%Mg8)}v%-UA&lk9Ngqf)`^h`n}jZP2<=Tlg~QA~ajNm^dJIhkqIV3)4q8
zi!S9{VsPqSo_}!FGq@&jae5r!lqIiUzi!!~U+4t)sROV>x4C{VKY#Rm>O)-AM)e5p
z(|dNdf4LSGhHk(uv5+ILz
zCV6VZ1yF@y+3BiYsE{xD;-(laA2h9UPCk
z-U9wbw-NsWQW>n1VP2^MFpq~uR)A^rd@DQX0Bt<#zS$;pBv8LCJ^z;RXv1G)l`niM
z?)hex@)cYjgj4iiVxTx^Et=a>Mzuh8A%p{2SlcFMou}hF
z)N-|PRI6UI(+L-Kl!a{qGk`2$r{6-I&5O21$pGN6{s>aPW4{A&KEdxNH+Eqw6b0^w
z>}SFyUt4mhSX=rv-f0Fz;Uq=~U;4+ugqH%*d>CWMfXDn!fC>u_D>ZyZg1LwY{@%FbY$};{WBs+~9D3<$3S-l0Ird
zgWTSgTRya{V)%hm+isadBll~NBxq-I{4*Y)!|U0urAZfn#KFP$`Gq|Zc<&x7&qg_L
zv*kGPoqY(mJR?OG*EvnIL~Edy+W
z9d%8Fi$yHA*KHsE(k-GH*7wusM^BK3>aE*({LD;zvc%;~XmfCzi&Iz!UA7;5KJz{U
z=b#73Q7U;)q=GAAwq9OF4HiDCe
zkuyO+#yfHf3{cXuV~66M8SPJzot&J;UzJt&vj`hg1Zx##CtgmEwbllWdzJOI6?<7>
zSN>>wX1U+P-ovkO#x>3=xh%7%k%z}Ejrh>JQF=azl$;>7j}bD&bdn*
zb(OR+$=%tEECu1Rc&5gr$ij%o=Q;dWrs4ztfXi#E^HVa0>p;75>TxQ=Mi4{mDWCc}
zUJBF`J0tr0=JI=hfpcN=#SjqWk@~+>=CQ;X_@X878XU$;m~IJ!gKuR^@@^U
z%+p^~qR|xKx%fjja_LE=J#xEwk-EtOGlMnc$HhP3a80UQ;TYtfH^iBrmC0F6u3mjV
zum&{u`kK_Q(G|81X?Nxhy)LD#5m=I>nQ~?
z-DAOS94`XgMF-mM=cz|4q3*b09e%`quAMjDDrWb@`3zZ8{a%4DBYuC)i)x)e$L9_5
z+?Rc3C;VSb>y&ww