From ba07f98851ec41705c82d418e63449802af4a489 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Wed, 4 Dec 2024 14:31:44 -0800 Subject: [PATCH 01/22] PAPP-35184: test connectivity and asset config setup --- ciscosecurefirewall.json | 87 ++ ciscosecurefirewall_connector.py | 258 +++++ ciscosecurefirewall_consts.py | 26 + logo_cisco.svg | 804 +++++++++++++++ logo_cisco_dark.svg | 944 ++++++++++++++++++ requirements.txt | 1 + ...linux_2_17_x86_64.manylinux2014_x86_64.whl | Bin 0 -> 128190 bytes ...linux_2_17_x86_64.manylinux2014_x86_64.whl | Bin 0 -> 129814 bytes 8 files changed, 2120 insertions(+) create mode 100644 ciscosecurefirewall.json create mode 100644 ciscosecurefirewall_connector.py create mode 100644 ciscosecurefirewall_consts.py create mode 100644 logo_cisco.svg create mode 100644 logo_cisco_dark.svg create mode 100644 requirements.txt create mode 100644 wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl create mode 100644 wheels/py39/simplejson-3.17.2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json new file mode 100644 index 0000000..9be1030 --- /dev/null +++ b/ciscosecurefirewall.json @@ -0,0 +1,87 @@ +{ + "appid": "21834fdf-826d-4595-a036-d7b8841ab798", + "name": "Cisco Secure Firewall", + "description": "This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules", + "publisher": "Splunk", + "package_name": "phantom_cisco_securefirewall", + "type": "firewall", + "license": "Copyright (c) 2024 Splunk Inc.", + "main_module": "ciscosecurefirewall_connector.py", + "app_version": "1.0.0", + "utctime_updated": "2024-12-04T23:13:40.000000Z", + "product_vendor": "Cisco Systems", + "product_name": "Cisco Firepower", + "product_version_regex": ".*", + "min_phantom_version": "6.2.2", + "python_version": "3", + "logo": "logo_cisco.svg", + "logo_dark": "logo_cisco_dark.svg", + "fips_compliant": true, + "latest_tested_versions": [ + "Firepower Management Center 7.1.0" + ], + "configuration": { + "firepower_host": { + "description": "Device IP/Hostname", + "order": 0, + "data_type": "string", + "required": true + }, + "verify_server_cert": { + "description": "Verify server certificate", + "data_type": "boolean", + "order": 1, + "default": false + }, + "username": { + "description": "User with access to the Firepower node", + "data_type": "string", + "order": 2, + "required": true + }, + "password": { + "description": "Password", + "data_type": "password", + "order": 3, + "required": true + }, + "domain_name": { + "description": "Default firepower domain", + "data_type": "string", + "order": 4 + }, + "network_group_object": { + "description": "Default network group object", + "data_type": "string", + "order": 5 + } + }, + "actions": [ + { + "action": "test connectivity", + "description": "Validate the asset configuration for connectivity", + "type": "test", + "identifier": "test_connectivity", + "read_only": true, + "parameters": {}, + "output": [], + "versions": "EQ(*)" + } + ], + "pip_dependencies": { + "wheel": [ + { + "module": "simplejson", + "input_file": "wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + } + ] + }, + "pip39_dependencies": { + "wheel": [ + { + "module": "simplejson", + "input_file": "wheels/py39/simplejson-3.17.2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + } + ] + } +} diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py new file mode 100644 index 0000000..f86e06e --- /dev/null +++ b/ciscosecurefirewall_connector.py @@ -0,0 +1,258 @@ +# File: ciscosecurefirewall_connector.py +# +# Copyright (c) 2024 Splunk Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions +# and limitations under the License. + +import encryption_helper +import phantom.app as phantom +import requests +import simplejson as json +from phantom.action_result import ActionResult +from phantom.base_connector import BaseConnector + +from ciscosecurefirewall_consts import * + + +class FP_Connector(BaseConnector): + + def __init__(self): + """ + Instance variables + """ + # Call the BaseConnectors init first + super(FP_Connector, self).__init__() + + self.username = "" + self.password = "" + self.firepower_host = "" + self.headers = HEADERS + self.verify = False + + def _reset_state_file(self): + """ + This method resets the state file. + """ + self.debug_print("Resetting the state file with the default format") + self._state = {"app_version": self.get_app_json().get("app_version")} + self.save_state(self._state) + + def initialize(self): + """ + Initializes the global variables and validates them. + + This is an optional function that can be implemented by the + AppConnector derived class. Since the configuration dictionary + is already validated by the time this function is called, + it's a good place to do any extra initialization of any internal + modules. This function MUST return a value of either + phantom.APP_SUCCESS or phantom.APP_ERROR. If this function + returns phantom.APP_ERROR, then AppConnector::handle_action + will not get called. + """ + self._state = self.load_state() + config = self.get_config() + action_result = ActionResult() + + if not isinstance(self._state, dict): + self.debug_print(STATE_FILE_CORRUPT_ERR) + self._reset_state_file() + + try: + if TOKEN_KEY in self._state: + self.debug_print("Decrypting the token") + self._state[TOKEN_KEY] = encryption_helper.decrypt(self._state[TOKEN_KEY], self.get_asset_id()) + except Exception as e: + self.debug_print("Error occurred while decrypting the token: {}".format(str(e))) + self._reset_state_file() + + self.firepower_host = config["firepower_host"] + self.username = config["username"] + self.password = config["password"] + self.verify = config.get("verify_server_cert", False) + + ret_val = self._get_token(action_result) + if phantom.is_fail(ret_val): + return self.get_status() + + return phantom.APP_SUCCESS + + def finalize(self): + """ + Performs some final operations or clean up operations. + + This function gets called once all the param dictionary + elements are looped over and no more handle_action calls are + left to be made. It gives the AppConnector a chance to loop + through all the results that were accumulated by multiple + handle_action function calls and create any summary if + required. Another usage is cleanup, disconnect from remote + devices etc. + """ + try: + if TOKEN_KEY in self._state: + self.debug_print("Encrypting the token") + self._state[TOKEN_KEY] = encryption_helper.encrypt(self._state[TOKEN_KEY], self.asset_id) + except Exception as e: + self.debug_print("{}: {}".format(ENCRYPTION_ERR, str(e))) + self._reset_state_file() + + self.save_state(self._state) + return phantom.APP_SUCCESS + + def _update_state(self): + """ + This method updates the state with the new values. + """ + self._state[TOKEN_KEY] = self.token + self._state[DOMAINS] = self.domains + + def _get_token(self, action_result): + """ + This method returns the cached or a new token based + on the values present in the state file. + """ + self.token = self._state.get(TOKEN_KEY) + + if self.token: + self.headers.update({"X-auth-access-token": self.token}) + return phantom.APP_SUCCESS + + # Generate a new token + self.debug_print("Fetching a new token") + self.generate_new_token = True + ret_val, headers = self._api_run("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=False) + if phantom.is_fail(ret_val): + self._reset_state_file() + return action_result.get_status() + + self.token = headers.get("X-auth-access-token") + + try: + self.domains = json.loads(headers.get("DOMAINS")) + except Exception: + return action_result.set_status(phantom.APP_ERROR, "Received unexpected response from the server") + + self.headers.update({"X-auth-access-token": self.token}) + self._update_state() + + return phantom.APP_SUCCESS + + def _api_run(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None): + """ + This method makes a REST call to the API + """ + request_method = getattr(requests, method) + self.debug_print(f"host is {self.firepower_host} and resource is {resource}") + url = "https://{0}{1}".format(self.firepower_host, resource) + if json_body: + self.headers.update({"Content-type": "application/json"}) + + auth = None + if self.generate_new_token: + auth = requests.auth.HTTPBasicAuth(self.username, self.password) + self.generate_new_token = False + + try: + result = request_method( + url, auth=auth, headers=self.headers, json=json_body, verify=self.verify, params=params, timeout=DEFAULT_REQUEST_TIMEOUT + ) + except Exception as e: + self.debug_print(f"problem here {e}") + return action_result.set_status(phantom.APP_ERROR, "Error connecting to server. {}".format(str(e))), None + + self.debug_print(f"status code is {result.status_code}") + if not (200 <= result.status_code < 399): + if result.status_code == 401 and first_try: + self._reset_state_file() + ret_val = self._get_token(action_result) + if phantom.is_fail(ret_val): + return action_result.get_status(), None + + return self._api_run(method, resource, action_result, json_body, headers_only, first_try=False) + + message = "Error from server. Status Code: {0} Data from server: {1}".format( + result.status_code, result.text.replace("{", "{{").replace("}", "}}") + ) + + return action_result.set_status(phantom.APP_ERROR, message), None + + if headers_only: + return phantom.APP_SUCCESS, result.headers + + resp_json = None + try: + resp_json = result.json() + except Exception as e: + return action_result.set_status(phantom.APP_ERROR, "Unable to parse JSON response. {0}".format(str(e))), None + + if not resp_json: + return ( + action_result.set_status(phantom.APP_ERROR, f"Status code: {result.status_code}. Received empty response from the server"), + None, + ) + + return phantom.APP_SUCCESS, resp_json + + def _handle_test_connectivity(self, param): + """ + Called when the user presses the test connectivity + button on the Phantom UI. + """ + # Add an action result to the App Run + action_result = ActionResult(dict(param)) + self.add_action_result(action_result) + + self.save_progress("Testing connectivity") + + if self.token: + self.save_progress("Connectivity test passed") + return action_result.set_status(phantom.APP_SUCCESS) + + self.save_progress("Connectivity test failed") + return action_result.set_status(phantom.APP_ERROR) + + def handle_action(self, param): + + ret_val = phantom.APP_SUCCESS + + # Get the action that we are supposed to execute for this App Run + action_id = self.get_action_identifier() + + self.debug_print("action_id", self.get_action_identifier()) + + if action_id == "test_connectivity": + ret_val = self._handle_test_connectivity(param) + + return ret_val + + +if __name__ == "__main__": + + import sys + + if len(sys.argv) < 2: + print("No test json specified as input") + sys.exit(0) + + # input a json file that contains data like the configuration and action parameters + with open(sys.argv[1]) as f: + in_json = f.read() + in_json = json.loads(in_json) + print(json.dumps(in_json, indent=4)) + + connector = FP_Connector() + connector.print_progress_message = True + ret_val = connector._handle_action(json.dumps(in_json), None) + print(json.dumps(json.loads(ret_val), indent=4)) + + sys.exit(0) diff --git a/ciscosecurefirewall_consts.py b/ciscosecurefirewall_consts.py new file mode 100644 index 0000000..ab274a4 --- /dev/null +++ b/ciscosecurefirewall_consts.py @@ -0,0 +1,26 @@ +# File: ciscosecurefirewall_consts.py +# +# Copyright (c) 2024 Splunk Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions +# and limitations under the License. + +TOKEN_ENDPOINT = "/api/fmc_platform/v1/auth/generatetoken" +HEADERS = {"Accept": "application/json"} +STATE_FILE_CORRUPT_ERR = "Error occurred while loading the state file due to its unexpected format" +DEFAULT_REQUEST_TIMEOUT = 30 # in seconds +TOKEN_KEY = "X-auth-access-token" +DOMAINS = "domains" +DOMAIN_UUID_KEY = "domain_uuid" +DOMAIN_NAME_KEY = "domain_name" +ENCRYPTION_ERR = "Error occurred while encrypting the state file" +LIMIT = 100 +EXPANDED = "true" diff --git a/logo_cisco.svg b/logo_cisco.svg new file mode 100644 index 0000000..8c55b03 --- /dev/null +++ b/logo_cisco.svg @@ -0,0 +1,804 @@ + + + + diff --git a/logo_cisco_dark.svg b/logo_cisco_dark.svg new file mode 100644 index 0000000..a9158b8 --- /dev/null +++ b/logo_cisco_dark.svg @@ -0,0 +1,944 @@ + + + + diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..614d435 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +simplejson==3.17.2 diff --git a/wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl new file mode 100644 index 0000000000000000000000000000000000000000..fbd5f1c0a5210aebb80d2515c2ad7e044627ed8f GIT binary patch literal 128190 zcmaI71yCHp76ppS;uhS4WN~*77J@q=xVyW%yL)i=;ILS5cXxMZ@y~l-s@|{qe`{-I zPv6tC=XQ19s_8SMAOj794e_5(R6~&Fe}DX62c*xlqq()6m9d4RtqqgH|0j{?e~1ih zj4WJ?tc*tHj!q2bHYT?JKRq%2rzew>v7?jY|3gRkucA#k>Szai2#5?@2nd}2r5oEA z+8P-Tey&se+z-CUKUeuj?Tjhl&0He#HU zGcSW*c41#*Y?hzVRk3q*q^@*dwn|XVIsJg{St(jPW6^<1=Iwso*T<(mPUa77M0r(G zq{%N7Nn9GJ>bA9O_zpMc&T4$ioK(!EFqy|68fzxuZbNN;;h75dl}{*jjsEJOAE^l+O%w5_TZf>4)>Bo5>9)v2ZD4Ua z7AGv+1MKY;J>%eT^LpP%MESEfHbyEv)S zg$$3jxs#{6`M$`<@^tw~iT8FtyEu(ztHXZ+@q*C9n2I`9lhf&M4?_2ZyWBuwykdIg zJK!tv+EwxOuik7=A$vv>7+u-%%F z$ricOn7|RHv1W9S4&$5_Gl1~tY5#TSb<@^|@F(O5b@ldpSTRY?6XFV`u%?Tq+IkcV^EgEhS!9C}9gP2qmg|$j(M=J|MEmwgug!uF9Y9I9DAB(& zU#-(;8sd_FI1M^Z5dNhYOlY2bph|og-k*HfuBArF2T=n+hcg4aP0fuC7xWDAr{enw zGZ3p$LWmDQ4?IImd{^2d{hC4DE2A>bKfF_p>0!=Je?u*2=D^$>HTwhVx2+z|47=i- zrKV2bIwO0DB8+bV0=j|hIIuNT504M3@r&pvyOpUnwPh%Y$~LFuR9?>n@d03YRvTHr zs4j=&ISrZBk>k#Lc0P{prX|r^kioO5x4tA{JrUc58G~Pmv1Zpnb^5jW@X{Qr92vp; zOW#di%&^B?eY+al=1kaeIeo_Yl~+G{k3oGp(MEoqK<>y^5>FrILD9N3Lw-~@+|+20Z+$@#qZAM)j|8E&3#6M-m4M)= zK#THS?JT5*cB7UJIst)k;|Me6m_w`p+)M~e6W0=)=91wg`FBHcr}|2LmJbX}Qp=6p z%{kVZ8F%XCQX!qi`-h!|N#?tpFZ(CqQ~vyL*&`iHJG>Il88Ekv79%0=&JF*hIx+J) znR!PeEW5?8B5;;@Mtr&_kZ^Q#uEt&xA8m2Mu9pwY)2$(H2eK*aDDni)aNfkF*h9|* z+T1N&m!Vo9+_f<;t3Pxq>;>qrj?6Vgv@h1G{Iz5ON zM{Xc!6^B`)8}1JAR5HlEiAdaccF;q7af`H8jGu_Ds=)cy^5{HmgcRT34W+VEzC4m( zw}&uMvxywfeY2jLI^e3S6H_d*ramgGGHgA@k&%ukJS8e$y*J?t@$Dk~x=}Idz&sjN z!$f9lLA5OyaXt!0AK9d=mjFYv4Ii-9V*FRUK4n-nsnB@F$bPusdsN7`kzH-?np)0n zVVgkdTUc~~-J4L67A3AB!2rO7%2&>Xf#}@k9**QF6@BSHdJJe&Sl1!<(?%ijEQ$~Z z$ACM$%X*$8nqW>b#YzN-;k+M_2Ucw(NL%y{rMZ+72GjgiiTNx<0USS)1S7xt+Xqmg zN1KXIpcd*)?tn{KBHfGL5)4XQ*xWj`3EaDd-G{>hhYn~5%=g6;HFhfeFRZNt>HnIh zHKL;{<+mj9hT=7!QwWPb7q_&byb#eRadQl3ENNqO0Fq54cbgox6SpFmp-K@UfI8E2 zt04%Q9Awt+4Es>WX);VOi`B{FP_)(nC+j%I^REdUKjrnrfaDclC9wHl#jxpVI8YbA zbq70heAk(!>0e}vP0Au7*WkOWyFy!OD=a%PD1eF-hv(>^5P@w|49IkUl@@ZJ z-4vHs0&B~pPkjOg)aJQOn1iz*LaYyzFOj(!8wF{H&IrBAb&>($&Fwqphl75 z@@^S|3V$@J(g-Qhk<@`>xh*RPSkO&ykL63dR!-pf9loMDVFklUMU1MbF`$wo2;=5U z``uE#`~ssjIW8N0fbPsI&zADwVV&o{quTE%9DP<) z*b9mpr4QzY4;%g0cN}>9l!lWbrxZ4>3EL#l6SVv%wYThtI`xv>35q^7W;yK4{YJf(WB;+!$lqJqiIkR=>VX=*Nqx(Wl7D z0Y-`7=70d|WDIq7N)aWq+)zFa*uUNe3%G8!k{pkxUB)U~hd5=~ zkW$Q@I%|+8gCfd=^>B7aB!F0o@5%l9<#G53;K3kJEkNMuALDQDj)*la#*Lp4O+xe` zeUmQ?<_7mTZJuQHqfJ*IWyz`)e4*>ZK{Tn|>QuAys&Pd7W-uV@RJkG-*$6zLNVx6* zlaXWgaHsE$?U|WLlLZItlLbS;{q2Yhv^gU?+a;v_@lGq+o~ZB~xx9qE1Q0 zUnhfkrMz~f1Fzm)UOUAfocng6%4ULpLgy=?1H26NlPrnF?6M92rRS$d6yRIZLNl!= zx7WS}bZ}QGZYQ!(cNUM&rW_pL}2We0!B;?zt8#ofa(&~CP6we|wKuZc!>2su&W6Zn+fF&E(p5k;ytXHUBJTL=U+i<>0g2#;4cS&{%mn;VG~ zWLy*I2OlvM8CeW&*CImlf>A$wW3qA4)>bm=AxaifJt1zY5g`-4Vi*h~6XeN06@lfD z3b-#wFgnUb!`G||vYacWyf(*B?EU)*gk;3wWS2XyJ9shF$Ay`y;V}6NtzGfo?vx~B zK=E6SwEhK8Wp_kObeC~cR>qyH39G)ZU#jjzhtn)6USV7VS;-yzDvYH`Vig2iqVAYg z^){OQ+tJv4`FpLL5XY&L?t6cC>ll>nE}G2~EZ%0@p}hI>f##@o^Mc*jz!(?hyFx)F zTR}4EJ_pa@qrRA5oL*J^&|<@4J~L9$c?GuXY$-9z@o4(2`_6K z78#NVaYs6&wXqW9XA=S|hcr>bZ~NNT)#Typ?|f6YZIIq{t>9IHzt*Z8~7E5>d%0 z;V*}|&T*S+6G;J*IMbl{w-jJNK;wAIPkr7C zM%mq9#j1{QjNY_0BKTf(7=P}REnLkvyM}>1G_0SZ^nEC;83mdiRN)Vikyx>pFPbGa z3*YKAr8Oaq(L=;v+?2BM34gRhT00YOX0Eu$M5f-9YIG4=5P8T;WZ#^#7tXtqnNV2A ziMVrv<@PPtI>-deUNKWC38Am0X$IVIW@#z(BPqZ^61))-YC$|hCn$1s<|XRc6C7GvbjooI(Z_Tc`pMz@eqZr8`SO>drQ ze_rOkDfLW2*ikW~NI)I8tXY7Ah?ba|3o1e-m%aOb(%b7rWbdgbNHq zUn$)sXUK*-e`dNwD(d>Tsn(N;U;X1hiSBnnlcw~m(=wi_RL|b)D*sqeu)LYqmMvDl z1XtFo1Xxr;d%D2du-)o0ztu^R>x9Ve%`|0lW`9!_nQv-ILO>H84zAo~FK|FgAywFa zLZAB5Nw%$3)sT&JTtXd8tLBj6htRpw8Iq}y6|2*)I-asY(SQFSu5S#~zWJg!2fL_n>Zp3UD(rcK8QL?pFUo! zs$PO|oS4SMiX?2BPD;`7oLupjOBu|9k^wG^kN;b*(FgPyN5-^`DV_%tueZqFxAupz zBrzzM939hePiq&|c2j63rrwF&6bi%Nc~KM(x$wTs#wgI=psZmzw4<{h{@ zk>M(Db3;#m%R5`Im}jsKbCrF9bj=+U_!W`{@S=3<6IT|C% zMDJ!U7Xu1rYh#;b;W|WiewDKujcXx6dQPPj>>B80{6ecFE*Xc&7o6VLeBBIvNnS(_ z+oriE`|;gddzmjYeHl$}2L8_|--*P6LC{^Ck(11Jx*J0gx98Q?G~Sa`a8bPo(}3hS znSAavA>enSVi2N>x>=R+7gNvr@~eh`MR~Rbb6&g<4TAU!1Qc4~rjqhLxjlK1V}xw^ z=iEqf;)4!uI8XqKW<|URKnlg!YE!pf9Uq##5wp|vyr%p!0S|u|ppgzo_ z^5+V$zbC8$UU6fI+LtL7H8eBbcUzca{-UBHDUpC5Y-mH-9&XO+YF(BzYpn}c?gOrK zdIQSL?jdIWwbUV?lx(!xSHLYmmsd=1TmbF<9=h7^ynD*siS!$zw*A#PNAw2eGK>jT#q8Wl0=Maasj0k!13h>ORgzEs?a3%x&ksstU3EPZ3x+U?l z!h3~>aov8P`XPOqhrX32He&Z=1?xuj`CHr)>4gx#FE~tMc94mzke*yIz%OdzW6nIz z)k|@hpxs0R#!##ChWCtJbIW%&STIVZO0~@uB0=DwA3zup~XRMmxT-)Jd3A{mg(G##37H3yIeYZC;2y$T(v7-2XSX|(`U7mI~|zL zzCH#v?VazUoO+h3D)D;l)ApL)bg3V>lkE%)O8^0@Q})#oMcwOO77`nhaXr2t*iKil zA9DAe5`psYuQ%sUPkkU%iNP^9D-*9ABCg%=Y;yQ>yi^YZw8g$Qf384Rl#>jt0Kuld zvrb1)ts@9wdUpg~R+)*riT|(tm}01MOru!L3JDLO!w%bHYsf!ZyR<(5;JYZ&fnHF?Gs$;uU#~MRFAA5`OIMYv?Zs$`QExiqUU&%Z+ zNMX#XxsYcWdnGlg4g5)LWFoXOs3DQ1*f~vQco2?ueh~G}Yv=#S_S)B+RMz8axV~$4 zC!@Rkg$eXSmbz)NM=b8B`{az#j;AnzF^yzM3$Z>^K* zX@*RUcw_gEobf8& z!8oR+jcw;f*pWi0IF04MxAX!Sx3YtWA*ZM<`R48e6w2A(Go8|1L%gy?B0nK(UpYF$ zr3km?*z$>yo2RVt0|iRC&22TejiS~&?NV^yINPY~yB#v-H#|_Hpw9ECS5%=6&aEhm z)a)y{^cx;EaG4fh4GIPL5tEYY6hZ2LbZ8J#w>Qi4LbF4cK#uzl0Vj{KsBzx|RU?|O zR-2Hm{#xs6Ov6^!I9Utl{Un0$9}jsEj{8dFCsI@73}N0d>^d)bE;_eu@=z(9*lSnQ8CR`wu3PRJ-}%$}w8$FF_6>R)7E)9Dl!FXy77hMYM(vZ9Y&4tN}@5`DllGB6t4G!e@lz|l66?beJCV^fjR5V9emzxQko7u%gnm8c+5$^= zi*OXt<=!*WGdi!+9~H9ecUqr0zsJ{%wP^sR1#a}|O)2uov!andnt12)OpLIb1-fgC zGA{)x2Td5;nzZ*E9JvyW|4RU7wj!m!e?kz+bv*T8m@S;Z-+iT97A!-B82;sbgcFfG+BY5^<0ST{pWIeq*Hm!|R z)YSKV5? z`0+#!2ZD*;2JmKOo8%XEq~xjEZm&P9lEpzI;;%<_FtFlr@0Rgnf>YeZ8aXLHiq zAbYz_J%@bO%7Xo_gIHcMvr{*$gcNrfOV{a2+5OaIZszZ=PE=K0(**&%h6}_?ktW}c zXRHeASd(SQ;=EZ3ErG`vOd%zlQ{Mugdw7*~%#ykIur`7grA-zCY*Je4U-yQ``IP0$%XuFZ`aX6_=*UsWfPv zZgost+(%lGVm9}TjPuGjtF3dp(IRN09$wa@Kdj1Q6`FUaj_Y%p?YsYBOg!4eG^au~ z+jlhU&j?DeG?Z3Zg0L7pHueOh=6^Tc(?)skU5s4`LH+f%_pD!T{&o?vr@gto`2yZ zdyCT8$<{G#&}lSNN96IS(5U+E?YyOi=F^>!)xT^amr!k8_%bcLuaGM*pX*gw$kZ)GAbIL2#OIqZa zh;&h3cN;;}0+xT276!Mnf`xy5JBHM-p3+FHuy|7XzYyWWsJ>Im%8Mol0Oe&UbCZ?*7e2mGX z?m1$?SBK}4y4JsTU1*2)72-T5i6iVud(gQY5sm9qH_PwTGe72ic0|h`uF#p$ab+Wa!`m|e%lx1UQnbA96)T1a03n`+_Qk4s{@^Del^!-Pb zG&hV^+D>DKT$-X&-Y$QxO)02Up@X-+=D6GD=$dFJd?l@1=w)}LLJ_T1n}(AY9hQKB zi4Z*SD5UkdfUN$5p0d#P=JJ0R$o ztLi1!LFS;i;JN4{@JElozS~d0|MIWC4;mtR)2MhPtKCYt39jEqL=LF^R=@oMk@+s5HUCV*aOOO3iipSMLu$Y-rtwQ5A%v4h<7$9w&eaVb>KItE*%=0 zoNeFe5$d+B=VQtr9!rT?OI#xn)O?UPky%2x`lU5)bcMHGrssw@*Ui-;q2rR8p^Mkq zk{fyqe--9&7q^YjNi40Py|Bvrk{uU*M|4`i>2sGgEk_}LoSzhsVu@idJGG4;K|R&D zq2^?y3K?7$q-F72miAOQbr(L-SxAQLY#DXazu6q2u}XCIJ~5lJ^UhI!JM4q7%gIT~ zD)xVa`QJJ698kVG_gV1$KMOv=|IQIxhfh!5*htsN+|cQBuKZQAj@;!$f4|UW+0$5P z^=KGR);Si5`BJSwYyC%CsEFL{e7HJ{-jd4Lc75h!1An-ViqA7x^q#!#P?l|yjljK5 z!;8793j=^`p{cf%=U``sqEeNl!7~kPf1aN+t9>T}!n+c`s=3HkSb#CIu}(;2Qv|q6 zHrF@QtfMOuI&!AkX12>MGJgdoPnp?*-Ve@KZ9#40_5TdwiGQwkUw(;30}`wgz`wpW zxP1YR0yVXerU%?*h5nht~IeBG{lbc%&P)9;!eXc@{b;?0xO;gst3|W$#d9# z6J%liI)5xZ5s8|_v4G#?Gwoj=4*t#Lriv+(7+cqQRcIN&B~M2Ti704=pDc6$L5Kia zT~9+r>>?Xxs_G5ce4Vrz+Q)gK%O|9wHCTR>TF<#Kf>$b~?D-n(JUgDDG|TDxhBA8( zh*|0xANO3E5rbUWQicTNuBTzLbw&ILM{GU{>ND9|gLen+BP#d0&hBoL&*g|YW zadng@vOt!edvMKKZJxpH;{}fFJ7{2z7|cQ#Y0aA=g`HL^%8lnky=bIH!DS+LNY~S? zpYYe2^eGS$q8a!gCfAEN+z@5>?9$fZ#z!l7vl-kRi%22!>I>)^#W~C)COP}PkMa;> z*PBvJL@S9K*1g+4ReglME-3m02{bG?O59FZ3uc&q-00j6pfsG&oINZ4^A=8QV<$cg zjdodgo`G!qz>k9X7lA*X>O(y<;gg?GpOEX(oC_jWM-*rrF?$fsed9M4ygzu zk?nhCE!NhMr@C+Q`6KLJ*Pel9R16!k?hQT$Rnj^3=teq?9Y4@~AWqUfLHokav09?8 z8Q>~yfbm^N#)t;!F&Pq58x9PsPg_$wrZUamrYN>xBBE#PC;b;V|Ia&s{anObU#ioq z11f7#om2M)MMys(M`c+-2AA!5X@A6PE&M_jv60m79B8&R4tuQR%_k*!~XPqNLUhD-v%-r!3M|AXxc` z-{gr{M5h&+5~2=@Q21-g!Q z#>Pg@c8-jOcJ5AQwl)lGoYo9(+?=|c>AT_v((l@ zvRqP{(AcyHOB8y`jYSNF8hQ2M0V$%&v`I}(h}f_U#gI1){?BW6p80|}Yb5esVV;nh zYv}i7El~Ms3Yx~c8Jj$&2ODdJ<1by0Z{EHiuYycoBWsQaW9dAm6IncLj;WrvfC01b zigCVL+i;M7?#qxTcEEuqRicShMgW#8U->`q(f~3i*P;p^rx}&`=-JL#JAgVLFk$xN{G~1N`|OOTt^l9&NA@fq=vcs*_xW=z zZ-R_F@yp&48%6NvKq89PyV)5{*YXnGLiA11mw5iZ9|(7B6jQEWjF6Dth-0R5dN8g+ zDdt{?r)V1eH!=KU8KB-95Inl5px$;d_K1lgH@`vovIJ-oQcUGyuMB{&{pIapp1azb zt|!0ek$(9j5J@rgA_wyfjdA5jdGz#-aED7d*ZvjiO@ut)J-F$7me?Oe36yU~avUyOMV=5AL?T zYA0ZN$mT-w|48%`2BTCfbOhhl?7Y^bLWk$)w<6KeMOYC1n~%w-_)}V$KSqw7EJ}gB zFORRQVo=jG$xvaxR8bN&`K_k1R{mSgZyQs0>qG4EG6o5_fBVL+%fY==u%A0~kpn8~ zj9J>yVHEIr#oQGm=i*prk=q^?;>%ehnD`moo?YHC1!h)q({mBu=Knc<8A7hN4ET3j zUJ*$>k-l45-IR(T9xM|K{Bfz31EBUuTb7^f$+khODk$Tdak#2oUeOsY~Dt)`jNfJxCh~kZ9 zEf2(Dl)c)ReUg8D34IyGcYAl9@=99MoNSnJ2566B__iRmeZI4vle%LKH5>Q1U5$3J zE>s{g*5CIMwYjA6s@haC3V!)uG4H6dN*#@;l@VPHRm6~S;fWsmjpm@>7%p z<;Rcgb>Zs6I803cTd;^i<{6 z+VYka!M6H(ZSimqRcsz(9gZ;OWyP~vL$P7zvQ3)ho;XY4lYshQ|K`a(pc=|i8(8tj{-##+3|pbka;T4j zcglfNb{GlzI77(14V>KdNRfdL^vY$=niB*Sb88_OFp|`xD&M|%R8V_0=6|79OU+v~ z=TN}GLckyUsa%-BYO+t|!Y=RmkEpTHi#aDhKLgm_*{`WenHgafYDJ5^FI>WV78nqA zmVmjjc2mEsih6SA&yfs0i;)wkE*4DTDP329hwS7ci{jYf7ogA5MCR)xH=XAn2#0EJ zC=u_Q;hXUIaZ*yPY;|wj1%$JAp=Tp|v*?n}tGsmgQDsW80rZtPzAi9#AR|o%?=W3G z$&!Y|YV{~t;^|CYAM3lZ4Vs2*Cvy9!;dPM?P9pW8?SRXfUp;M77DBc|9iQ8ny*LMJ z0Dba%-~r}WVj>VDvQX^qV(9ke9vDR*+|J{pjMtU3+Z?h@$kX)=`GaWi60r|7asASJ zMe6wa&g>QIkwSvpw`kwNg#5v9=*Wuvfi$R#(DyNM-E=5+%|N7!7t$=)x235Mz9-Tl z4Oy%)Iu2p>+C@mQK{@Pu;tJlTaeP_E3dvRNoq5|n_e$yMMf&5mY*U4CWv=hGoMVk~ z75sUgsG!)g?7MRKsE+j0B@Ia(lu?Fx&0+4~kMY8|qUpQ30khhg5!xd5jqWnCK?%|! zGsO;SVqD$!UfsB9<3MiWeRi2HMgUjoyU{gIzF}O!_gz8r=qxR9{)hXxTZsU6*9RlV z=>C^Gxd)cTxcb$1)k*{sf_m4(^C1{SVrq*192QeYFD)1^54^6dT_nn_#o%p82LW3^ zUoO!QlMdh??uuKdKA8T(l(p~bz$u3`WOFgINcB@c$O@I#Zx-~HR9wBNfKOGxZ@|}k;HwCZPa5D-dD~G1 zoCtiy!+8$?2&n}(SDJ$H$lXHxg(?6wF|4yHZdHKX>R!pRt8`$;vlmb%SUq=gNd=6D z)1?sn`G>QrU~U|r6o9SD_F>u8xe6GFvr*W)SbmiN&@Jh$cuZF-ySfH?6#!}keKksY zY09roRl#3zd;$TvmA$q~+p85vdLPxc$AMm?I2-xBC1qD?I9)Y>+~VFxZc#6q!nQT=Rro)eL2ALD`IweoHK>3^fUo>GKD7YdqTUMi*1y141)MIq z;7OHj^|GrzRj>q(PY?hk7ff2#Tcf`HIRu0%;Loot@HHCvs)i#d6a1M#gDO}6_-cmZ zlMBeL=)F|mzEuGS0$;!5Y<#BwcJ(Q`_&=g=Ro%AJ$$YW^RqETHy*@?z18g1Nsvn&r zdn3{A_yWM)aVMTtqIs#%@2PFZJvhC$%%i@{5FnjfjDc@`pxCWtgk6;YGqhzn#<)tgM{UdJSU)B7*-O=MmK`fS7USBgQq z(mnyc65RfKG+@3UtWN+E<_`Y^ltGD~pqX+l=Myjl@x{HufI@16KY@6VvXoCiu1E{z z=LHNATq&Lq-?4hLKiMBh+l*g@dLGHwl0SKjLGAIc>KN4$OFwR~_(``fK0^%{7a})U zUWB~@pL81Xtp7w%w{<=v1sE5ypMYpv@Dl{0%TYcdUWD4|Cggr*_V^zVcE#}-K}2|@ zc|wd4cY_#~uZ7$8|7=Q4f%IY+_6>d}-FEt<7a*8^YW;}1BKriF=v^_NQjmh+6JKF` zgRam&+s+ZtsGbmgkhV`hHRy_QC;m65(D+vvp};GS;80l*BHECTj+*%)>(K%u9*PmeB|INJ>OJuMzwsX!t+n zYkE&@iZXdwTOBUt;~anr467VnVhKGy&;k$~Uk9pBm1STx1tghzem05 z(!PLnHi)oc40Eaib1I6U#ulKOMMi?4R)#<%9=BXNVx?k=8ek%uielUr5M#LT=i)={ zp`PtO&rB|lb})Ok2qMRz27=HUQf2jP`H;I9kh?gMV*r7mP67ak0InSyEb-BS8CvJ0mpuy=dO9fIbIQAy>sX+v zD|w~BzUCW;?ATgWTYfjKtRjamMHPl-#!adm(WMQGxsWosg@8YlZweXy&i8G70V3=G zbn~88P6L&B7?g0YKjm-C4k<~FU@AYFlObSyVq`w5VJXt5-C!!I+%VwGZ4#(jK3F<_ zP!-g4)?__YFWpKr(C!<*um)+iXk5z?wPKZ1P(4ae_72~Yvo-E5M|OR?**}hmyp!R{ z>f7;3aY4AGlwnmJm}*r`T`>MvV1)XD5wB^TrGR|FxlS_WZi;d7U;2!gtmb_?(Rqg} z$y$VBLB)QIxUP+OaojN&9Rb&t@#?J3`?w){^N^P|20Q#4vmGf6lBW4I!g)G@Bno`6s)q7AKV+ZUU1UykcufQ>b&SmshRK}>{HPu!n?EIC(YG7O=!in%Z9`?#D&q4^M%`IU=yvJR60N(U1kDWbn0(R8E zEssjuI4Nve;X_Z>Hx|XTs`1AazY;}Jf!4>_JgOJ?3jve0909hMhcmvZ0FlKhG&7u3 zlOOk%NBP-%U26g4L!2ma>Xd{ZK*5V5u3~Q34_OG7_O0(Y-`Qz2&<6Pse3j{5t$KAA z0lGiHa#dGsh&9&1mm=VU3K1`{s%XMZtvdnOjc|&YC&M9@UT!|Y4a>7hiN#+xM?mYO zrtj^HcYZp7_PcEm1*V=ZZ-Svor{lcfFDtf9r@h3Ha2?{ihrK@~C!6z+%LjLopeDQG zMDAdtAn}A(3+k|}cetMV=ejJPoz{;OLC+suhos8Z zISnVmh1uh`&RcX>xHdKDQ6k8&Ih0|}8w~Imfa0Gq#MomD4nui*H+wv~J=!#bsDNTV z2}XR`FiRomIL=r!D-r{(qE2o&7xwqj^UM4Q>D6nkudY#e$hiSa%A(8;00R(ifQT}B zyE4LnjL4a8uwE&4zaS8%ppa~V3Z{Te{GCs=CpI9f4B&>nr=c2GKn7nHKnS}G8%R(* z8-$*nK#H(PQ+kcINl7#9)3nO3#cG&&s??1U4Jn_pMQ9I1PxE&i4wRiqDJE{*z-O@# z4py~WgTZ~fHW1YA?+IpuO`+~ftuGp8&6GhmXX)PotREto|1QW5iWs_k^P)iaGhu}q zi#3JKZr87?e>6$^MFvG7qbB@S|vCM}-haE_9u|L4j1u$#UFWo7KRu#D3$0UJ)KOrY4UU^_u9M}vx=f6vFNQ7Wj2O3>U1TlaMrVt zk5A6HSd|*m`kukN{;#EP` z`hg75KhU-d;ZOC!nfrY<>BqjT5oCw2|Z@}GsEL7*E+QR!Yv^Gmzm1l7Mp`iR+~@hT_mq$-j!f8Bxrf9lp#mGE`cjj7_!l zmb~O}hfvs%VWfUd<_sA;$KMP*pYFas3q9&o)bW3w)G@y0j#^|TcqFE-wfDtdp;YFu zy%`t2y{G;Vhi~nBU||yDv*)*o|EA8o^mu(~b-XqzyGWznYC$8-S#c)WkoH3+LuGkV6Fx!b;&;g*1;+w5{Wg? zjpHB4lq>wP7P-BazVQ9mHU0FLrC6|JACKcVGe`@&ev@EyUi^VzuBZO*PP$@U!sWVe zOP_9+-g=YxR=S}*%q{_9iWW+nI_~zCgr_j4IqfS_C8)l{gnj!NA=SMJPFX}O-M!-_ z%`jx#xghS62U=$q@^+S%i)HE5bFqdVhVF(?qS(X>0SRGJaZ^qR|94lFKFoKAE*wdB z$1KDay}*oUtIh>K^+x7?1y{+>TkP(~KWOe2@uq{XaE2DQT8)&zsssbN2isdz?G&Hz z#DtfuhJk~pZ@WlShc=ZlM5JSiD4O+$4qvyd`jAyMH#xBbvf30KrBB6@8OtO&nw#!9 zN91Q#2`>6DYBApLCj1G@%3Gb8cjpLLfNWqX+*OTjXf~TiCc&bJK+7@C%k_mQCa?8a zV4D{L{Ka@llHeM7Yr`euM+tX&>uK5VN@(%{N>J_BZ{UhY9{}=j9AAXnXspN@&T85NMlNAlPwbvc(cC znQ3)rijm4KdL@Q>%{|bo*B8y7*zSJXdQI*(OUxYQz@r$Ps62pPb?=%G(%4}3?H|{s z9d0Z10N9B`F@Fs;GL(CdlC0gqtVBs#8e&JAct=$IiA8!EEJul99$kY8K6)A?M~@L6 zKITLG6vMu$uYxTfNSu38WTSP=quV~Rb>#=SWu%=25)`R4Q((dYBz7)OTeuiy5e!}K zL>x~wORXxdcL*{67JaSKb$LCP&8iC$lgC5vYf!@aBkc6J+2ecL?%uXwZo$%N zAMA~r%+0mg6o24gWaOT`K3EoiT*$x_jc+3K;Lu7YjMF#ZMbtKQrG4Bnxp~<^i&dUE z^@sVYoXj<>-T}PtAGjEpZE_@LGbOwa+bOAwL2`y8m&6piie$Ay4O{oj~3-y%8V=l15f2TsX=wXP%GRx~ZyDmy*wSAU+( zcJ}#<>uqEWf}XoQCOC>P-+X;W<&H^hyIMW0_yX-zsr52 z3qiQ1{?qn6|HRp`N_UfC4tJS@GVcf zT;7i=Ac6TU_HTFnu<)7mJ9{2Td5*_Gik;axNu)-n6MB3tdb(tHq1j0rW08ac-pC&+ zO^i?@>{8fGlDG1K|4`3K{jmG!eHOCPl}rM9V#y1y7&hmY8>I!5dLmP&HYr~!MJux3 zN+Ee7isK&p)slLf2!mW^_zgFWHh}*P4R-f3g#6ky&qPk^yANXB4P++Nprt5K?DS!KGYTy%AHS0_L51X~`W5xQHQsX7l9y;Y{W=4>Vq(&b6 z#oGXwXxBcfnnMUm@DYu;=x}zxuSJv#UaeT^3m>fv#GH)qg=Bb9Js0y_gE9vZPdnOI(V%N^BCVbi-wZ~VqiVc}rAe5v2`>!YNZ0X}G z?fRlBBx(CkB9VHkDS&Q$#C75jck295#v)C>lIwM%koZNT%O3x0Xg5Xu?_8MImu(8B zzzXsQcqOr&s`$C9f3%t?^4>K{eGjATPz+u+`q;mFt!Id5ps^U^Vjl!vy)!w%9b~Ip zC)|o=&czvr@8adYP-X)Kq$Dr|SFvsM?f#bleuhevr}ByN=Dc!4KkO0iG45yk`gqB% zn%}D^t@7q!kDgP>mqV^U9rqNi$zU!gr17khy=h#v9*oN+%P*b%IgnQNJWu%q-Ff~G z08c=$zuIHHqOH56O?QRqNYR zF$%#s4(}&HiunCs`2dgIEcqWf~Zh)Wc@i0zWdzkjzKgh(+3%0Y77k&i` zn|a}Wyl`H|FTwH-iZ^s6Q%J38(nGlMY7?VUp?TA0Q&(g~v;Bf86kXu@R>L&k;VTMw zDB#T@+~pB-?LL4o{o1Plj^&%x-Lw{y4>s0Wz;8XX$<}F4>pGM)YmJaYx6SB zfqh{$>%R)dFPCXyChx05w0KyDop-Mpmg@WQvSBd{18C0+6!4Bw_LuCOLf)b3#RZC0IWnq!94aj?)YdFpMV>_m8`~j z!5W)qvV9r!(nn#r>x=)I$?@hD#b$@Xa?$tbKN$Y$D`7UfW;Mk~H8?%_9`Lh~TFc^X zyb-`%iBr_lE9&uyCeDil?c6`jFRxEfS-vk={9S&Plm=?|uWgazbMRo28}D|)%}2hx zdFm?jz!(TUI}}Fq5#qphEjQ6V{6p*6-bMi~3t`olE33O9io3hwOU2pgF~*L*X?4-vqXj!X@6|FPV~m7Wvv&Uf(6# zpzbu(aE6bO;L!+~u6otj;7mtWzTdxKM2|)0<7d0UZni&bOl8&st4&b-D<@dq43XKg zdY-nqKok)>=$p@j1Ni|>*g%dIm4O@(_(1kJQmr(awKSy0T7xcvo!T$6`7~by$MaB% zesGHnW;+`&Z3*3<-8g~fs}t9; z`Rc8GY!wz70)-hIYmfUwseUt!Ix#q|!Tg`P!Xpm(Zof5Gg6n%!HT048cXcpxjBVYI znSc(G9SD+U-OsBOxf6e9AngROzk-nkbe^DYRzp zrbvuOF!IZRvPCzMx~ zdnpKz-YutD)STBJv;6Kv4`OX zICGtQKVg=>w@4g>$TsuY5c%wSZIq!S# zW4UJM3i1H;gYlMz-JkHGw}^(`F-LFe<^s=g-xIt=c(T=o7bL~3x&;)I$O-dX!lRHk zX?A79uN`YWDdzlse|Kdb=5}=y>rDHUZ_&}#6vP{!1iJ+9tM)HY?}stQuk&razhM4i zRX%ItkJF%uRUb2&=dXrowz^u6jPnzQyJp1Fb!k?fFK& z_ZbE#%t@7IiYo9%XqyM;22Vk%6>o#~;2xs)mh=MeT-%1M0x9q3{9%5n{$4H4jUP&@ zzQs@&Fl+b0MUzhh76~Dj>tGD9OTrBANLrzxEr5~ad0O&4C%``@*%~^hx-Q^@3AkNw zLF4S;AA|SgusCgpm_O`*v<3tH?1uhNxUTk)>L=hP+tr!uBs$N1&avNhwcFw^@gDO` z7Grq};L5AZ`&@QZ-sFr7+R*=kE&D$0Pl5d4kCa2i&XDz+Q@(w6?6K`6&E5Xe!B!W;%+q!rha zOChRzziT9^=pHFqwE6pjq76-Fv0$dZlYIWq`R~q_-snFQ`FBD77McIzpZt5(_JC@2 z_d&-ntaGYk0*crly}ce>@g^$f4PSlXLr3k$*}YMhQX;Ul<<7#JMd93Y<@2W z?@601QoqGRq4C4Mk?IFPGl6>&l-`bg36~nFz7JHC)6oAxa6=lLR$Nz|QvFuy>)8;& zK(4gnS!!&BRR0)(KM+_g)h{42hvdc=5Wj1nfbE!LkSs%IwG0xM;r5s|CU_Xg?|&F< ze+#Uc3WkkLl~&)3L)O9XqbBRa2O0gdQH_nk^8Qn}v*fyZElk)bB@*6A7oY%q{DXBR znJVwfr}hTB^5%Xp*G^U957*UF=iYbeG0gtz^ZJ5@xi%bA?&TE2;k|RnK;}4}IF33p z32i;O!$8`Q|E@2$60rM`yMt$KLup1G_2wjI`x(3B^U^LFL3M!UH)(Jvu=?MnCqW-o z{9+E6agw^<+%~#7DJMFA*luY}S5*Iqs8ngqvpRfcAT`N#3HtukD7;@?gPUUco-d{P z@92DJ@PpopeXgrRrImO_crX7%CYnQ4mV)4w@Ja@O|*h}H-FvsOU|2x%;zP#VgBC<7 z9&{@<+%@v`nb3hikmFkVgx)DVxUC*mfbU@~5Q*ixwrLB7eI~7W1rShSQpSg#k6bOl z2=7pLwP>8f{5YOiyz{m!+<5nX$z6l|&o{BIxC;QoN5D=bc59;0dkkQYuW@gOk8t$)=p$g145o;id5T0>w)~_ovYy*s`>< zHq>760rJ+K=5Jz%p8~U7gziz=;^-U|>Z$Mn^48_IiHfJ13?`VAiucj3sg-%?KmwHw zPQfMiVrAYzSCetfzx9GVU#UlWJghf~vwt!kuZ0ZO`XMCrM*pl!yr_RwYogJd=uitM zqBZ|kkZis)j5}WU|#?|;54cC)IhR^QE>%Uh%L`inH%2^&fhr! zw*M>_lOr=$EEhLm%>L=;)GfqeT#ts}I&q8Ps{boG>W2~RY4Mj{YDM^)z-;8K|LDb5 znGYyjuBY?TuWg=@sebDv)E^c}ge$NRe?O3pdpLI=+y^;!na6RV{5C0-^=S!~cpM{> zw=b*rN3&&r`4>PNKJ}Y{DH)T$10a;#6)YETZeSfc9&_tP4h9FZ28!g=E$ys92jYKA zU2GyNcJTtXextwq5(UL;)_u+;EI4%d& ziw`N5g6EnUMHS;=AdNx)pOmY^^o0G6m|!U7--U;=%zZe1F?{3?0Ey>o&*x~!%a71Z z+9Ldb+WO^eAh7%x&Z^7(h`}z|_G_%c@7;(`3;I7eOZRjAo{0y5-gc*P(YYH8h1U4q zDR>Xq@3=#})5^9-=ox89lgI&h;eyTx$%#W;=3D+AJ1BH4#$Yr}aNNxf-;~Wxvm?9i zUaL@R@|}B|_Jt-80YphgTuy`khZUG_+-aN+Xjg8xZ`lX5@#u!*%J_ z#Z@rB8G3=gnv>L6AZ`!*oZqm_*8FzRex)~(ikiO&!gWi#iTTc9kZ3BLgCNnCI>U-=TuTl5+JtEMScIA!hdf{8~on{WHv>j*gp5%I2jxbvtqUD$bnKG@q(1Csj?VEh^*t%rGiOWTcx$#4*B;i9AY7z?jJ z=@APOW!1F|blwb*V~{9|@pNoZjAVb;6g59-wJC*{<~)y(02eGA%cVGS066DK^}S-z zmVYYnoW}Enx$guQH80W5KmgX9BHOjew2c^b$MyKMO%%I*-De~6oqjq@2+D&RQOmPM zpw20U-l-mVlXvh?$-NU-fp0hlX=Ir`H3Vf!@sG2hOm!jsGSnh#o6E%(j!OSEOts0j z=%%~KwhZnFG7ga3cjGqDupP^m7IY z9n{SI0#itqd^h8!H%Skz9=&IK*Xhl6y6U5Z9AIybm7W~ol0*@cPobK@Z=oOPc z>O@P-#gO<8ZdLYFU{yM*IG3#}zkP$>=bRX`L-x18ds^8xHxxz{#L|O4JMoTqd|qeb*tu6yn_gGlp2n zD_TaF?}3HvsGM&2{MZ{T__zZ%SfwpatId0pn0;=S6{b29#46yl(C=k89oL|jG~2w> z1G%1)Y|qPzoB!#y5jqQJoh8*@HRDn%JxQPG>d zVG!mFE6A#C$1cIWB$`mZsI{&OR%yjy3HQvF;Z`NeRgceC#It#*5MQ)lwt0SRmFjKzbvGs_!4qPTuleeMM&y5#={zgE@UhvDZx8NX8a|r&)b9mcK~hU@ULX%|`it z?Cgf5m99%5=L}Q|Qh$a-mxfF3T{!l=h2X8eTH1w*-CydK(wDe((+HooRpR z)+~xmrgWf<*SB9+oJ3E^9GS(O#Os^6lQ0FH1o;8nb8Ypo7t@+M;DFdCMs=bWqujFq zYZ!dKvk}%num;;MdH=veG~ACQ2O{wqyBCgxk&jdtc%vR-lkdksH`=u{27*xc`}|sO zm)x7_5N<$0hE-tCXLu(^@n>Akw4uVEN4&f_)W2L#5A`pb(NjLWnfaHNOSCY|vtrBW z)gzt*uHRxj5Cv`kU-K01Q#RaAz6NhMgh5&0tqu6z_!~15E7{>rsosR!i^DESYhT9O zRo+y&5Hm>YWcvhWkT*SsukRb89-!`A8i#J=cF8?ExZe%R+>T<=^WN9U@&rg85Trri zclp)DDR=o@k9YYAoB2I;Wc)x+>W)l@Pqm6-hrS1$9xdpnc}Zg*^_H0(XGbw zj)svh@^IdV>!^7Rxi4OE`O;k%Ao6TM+3}{Eqx5{k--3Fi42eTTq7U2 zU8--1QM}YevW5rb*=e>>#rHMfi+9k`!67a=To<53vL?*0Md8Lg(%&btIKax{0AHNy zw!hz~!*}5s?wMEUc7yzeXsLd4G`;0T4x9KrT1mk@BvmGO;XuiP%5>8FVnFbTz(jh{<_Ri&{>Sj;|j;w&ymJY^x;_X_!QTLORIc z@6PTgMjkaClve$N7G6=4OF@~74ijoy5Cu(2g?I(7s7ZUS2A{8!3rQ=FUzJ<-%hh1Z z4)}{hUT|m&t#@Wfy;PMu6L;PIae?VA-#b2iyf+Wu59aweU&`I@pLikke#ItSRxeG$ z_dUhbK}5S!#LWfi*{`b)WBhYH3lHRV6^o%(yoNE;8o=vhJsRe7Ih=0Ycz?+8<&>701k>eyf4UuSxktS%3?_1M<@*bpP1> zIL|`(D!Esl3%OUS_8j_G5GzUoTaiGbUDAE;D(CkYdcFhDNQgTFdI&e`MoQE>tIvk) zSF-Zb$_;0!dv-~#KjTcwg3)CM{g0nz?;()ufezX(-RG6-8Hp<(f6Hm*J`GT8jfHDn zTKyP1C`uYz3X6$FKND^Rt`~77QNQI6elvz@KZTmG;}2#bwqZx5wMYd#qHbY!^a6m* z`_=SVA2nB6{Sk@uM$|+yn4bx^MTG-p|WrRc+(NA?Me*DNqkSfuUtXP;7ykNU&7?TlO4@_WHZ5^qns zPbM_Dr=ffFuQYTUzzzAkD(#nBiJlvi0e+v{qdEwy7y@cnxi_P*`xr_{9UmBz&*JiL5Z$AtN0Pgb^4+*;$gnV z>;-(E9qmPOJx;GyXkwAVascRwB%TlTZ$1^Q-}@-$KYdD_|G;Uvqx{mEB>?!hwW#wy zR`Nl!f5ZF_PIJFY?YrxYs(r-(_zz!H^0!N_#FKJ)(D20*kpC#>&!2IrB?dH6NpAC{ zkcT(LOX~XvJdV`q{%ejab_c@}SO5O2C;0Q;bYm4Rma{jgm%R8ch0mhG-9={5U1TyZ zG2>K-mnh(R@;&fEKzR{F(P_4|&R#%@yCMF|&?54@7fj`aXW1@2Jo#gzz3K&&U2fN`K*gIIK*2`C;TN z?WTd?xFfsN!leY4{>n3Ie}?qMlKZTW(ZizZC|vrVKh4KG&;QD&@cW2eY9ZEspIt^l zsQo&YYCNN?>#!WGPM+lDU;*NnQu;nx38F$yHhC#S}sw_ zfu3(s+6PR=A(P&J@czN_`K)|~QXZs8Rmy{~9hCAQQmi5$kX=0@%Lh3pWxxo+9+m+U z2#fDG@xOHnpNxb0oUFcWM^x>7T?T0VhvYG*=}E7keD^E#U}g14l64YC32xPl7!_x= z3XU6b>-jhzQ@-?Pg99pwUgCi-x4|I;dL_?5fhr7}HinYkUwnekP;{D4j$oPOZjW2S z18`y)nRq)}p8EToQ0x}kI~maRh&Ia%{5}kA!a`KdMw+xn&~D?9hv_kyQC?VT`tLcz z&JQXAa`|bv$L#7S5(Mja1eGm2eG}IJWwTk#)ml0XPsl=rayz; z;3zLeR|Xa3?u+KJ%O{8Ns1(l$iWOxgQK;wdb&f?X6a8z?tNaZ<@3^%mt}oifZ(^^P zRGxPnMUS%lo~}Ce%uTiM2OllI?T0YN=dWMnEvxy;cVYfziVP)%O|8tCI6RV|m|T-e#6p zAm`zS%<1L583ErdPg9;%&cpqu_s(irr9JWf@u$dE18Jl+dP35rI|-0T%Gm9*uP1^V z`d9__RP;i6Tu|2^5Tb7^LSa6O*sAL~#omW}8K)$XjE~~C#m@53#YEdbEW0hZ*RmfM=q+$Sj z^qSg3D6On6nqN~{Ay^mBD=W8Km8KS3$4#C%!OD0GMa4BGSS@ASOIVSdvg$d`^5SZ1 zwY}6{4Ow<;iQNI@_7Y*@#NNY;K&Wa~LbzMFdl?B?!<0~McQ~sntb+zP@Pn{5LQQ40 zLzp4VxLruQ3(EF|no6u?HP%X}!&+Hton7gyD5(+hD;5=(mz7v&PPf`YKUH>Xjr~q1 z)!eHZ>s)$Q*>F@GS8rZz6*LFMS%hDhR>6IS_kqTi<0pPW$6<8V%4%z$+xw6Z$gQXn zKkqxCc!Dq>zklVx}d`VBaWapNUq{*bz}9 zl$F#9&?^r7VlU`hD55WES2&>4N-!z6FS3_Ih1Cn}Kn=!L>@0T(EK^uuUs6oU$^Iy0)kszp9KM8y6OqRj449CKW~l^LUrEnK_w{DFM2+^>27cpR!-uvRc!6 zm6!BYhVxwd>TtEyF|WA7nrKZVX$MK-CE&XI2-cOkjor3m=;@Sp&(ZLZgBCfpxS};187cxxx0TJE0Z%9R7uKh#SCHfP<=@>s)A8@s%A@e=GX0 zUIR1JYZzaym9)Mg!#5(iFp-Vh>f(yIb}Km|HneJ>PCHSPdzn)Sy;O$Yi2u+=mDT|B z{wQC6#-TsBfy#1}1LcwH%t*&dr{c%q!91WJN_eBJ^eJcZWe&x2;5e%WCUfS&5SfFW z)~i~bKhrrKe&OClklka6y)E}>Ev>Fx2q-7}_Oz&R@hh5g6%2V}Mc`EWu%liBe_$npYFM>QYEdPl(|Fm7;F@?edfxxWq z|FyrSU;lO5|Bb)&HtNH7^d}hx9>6Eq{i#L%J1WPcue6koJevg5fx%`ys7^H0?PE z=OLXA>3+V-&H|1rRjrtJ>|u0U$}7Vt5EhsDBDNcThf4y2h7 z`d{H6g_OUEDBd+m5Npk1Cu5AhQDood#E)EMJpi&n-Ga$H#$*{M#Vyv?2{(2e(eJuc z`dpw@VBc}muY+(xN-3Rm^h-rFP;qseLkU)X|ykhkZt2c_zXL~ zOmEZUfq?R@TliZKe=h@$;>2+#^9oJ2$>P$EGo>$yHCcdBHu9JP*E#%JV>9V@?7|N; z;WI#4PXq$%vHhb><~5qpCW}`)+GJfFm2FB}q02U^Uy9{ZzB&sOoiW`*aLZVyB@Gyt;sc6R%mlgR#%kferW1g zs-_?=ndAEt{ z%8N3u)*6a!py91+0Uzij?cIapkJImja6o!0*AA1A(uQ->spx zkqbu?xhl-~IA<*BmRZ!;xU$fEfxe@d z24e`%K+oz~Kdr^FvA$A*~XX($D3@~(B+MaF2=;65X$g|BB&31pyh)%0)dl;*6qm)Z%-Aq zXH2X1+!TkyF*B!CMoygeA7HGRwl<2e`ZHmy4Bi$9Jfe-DkK7P_90X?Bt(c9C(@tu; znmp{LHX26qqkV0K`loyl2y|;F*I&>^e`I6*xu!Z%J56k}NAi##e#}n~^F`|Cfqid;YX>Q%t6{#YQe zQ;=<9A{&RciHc3kRE?EcvPJOnd!Rh-5#B0*`_Jz`zyJLH^ZU>5KfnK*UsW%brt@^`lU7Pao`0K82!ZEw z*vR2pMlQ7D@CFx4Q)HO)>%?I>lIzIRO+3GISpM0TKqaOpdBwb1!5qudXbz`qSjy4D zI!+kJVGB>SJQdcn`ZO}k8Oi%Ed^<+yz|-1}q4+9uXgl@1VnbMcEdkd4LQWsxu&l?E z9Nr)?_#%gI7ykeFHSvB8|2@yqTX?#Qr(g5*2v5)PG`c%W+w-(HPlxh!3{R)=w3Mfd zc)Eh85A*bSo^IjkE}nkP(<3}R$J6K@yndec=IKzLj^XJvo|f`-5l>g}^kJSp&(keD z-NnA5o<7Xe=Xtt?r@MIiHBXQ5^c+v4 zQ+fS7?akAnJRQT+X*@0E=^~!4;OWCWm4CrwEUSEq6|2ryow24>&Ys`j+UDV5U+aJy ztn%?&2!Go3=SR)*VXyiZ;an~)h#=l@85=u^9|~1ivnS`|=MSi?C||;k6{_u3)%F@_ zPO+m5B%$-K!X=J*D3$7Pp^abgFjrM&f2+Nsq`z`j-QUU%#Yau4cG{^qX>@V~M15mp z@yw47;p9^xYbhR_v4%0+Kx-a5ZALQGTP-#bfY{(MQ5iJVT3pJG`S_s<9`HHXF_XQ7 z&}yc!Q!Cgp5|k@1x3cpk6+!qRQw<#)Ru`9nnAT}{SVjlNv7n@4hr_vJ)FS zJNRQPWf}5IxgJoGF?bUKHmSl|P90w!+v@0xoyF0CFgq{`YH6U{n?Pfw<6o{3UcYk2 zhD{FFnl)5wu|cijp+0GDpxnO~_&gZ3qV4|IhvCf}PKrPu{_Dr-2J!SgH%o_eIGd*v zd3py==kfGTp5D#VdY(4&^f{is&eM;1+JoIbBGmEpTaN#Qr@#M;?HB)h68g1pe%5EK zlm_^3y*!cp4}bcVENvXYVUAzV>zT~;Ije-Fa(k`M{%iHh{UgUIJPc6yg!i9JX9=SV z?_ZhD8b&AQ%l#9HPR<`5R&QDuUAP@7@m3gJxSh##nPGI{b|}+jh0%rEsZ2L3j84wK zJB-d2Mt66Z{mOLf!sz6D>&j5NRbg~;{=hK0#xOcL|9|=m@5gZak@GXc=)&zs&d&^^ z3-50^KR1jnyuaoAX<>BX{VnIu4x`Hoqm%Q?!|1~MQO^HYf06vlNZv1-!tf^twj%w% z`W4##dm8#>MX`kY9Wz(>zTW?4g)dnD%>r%z3J3kKu=#I)k^1LW-apgB@YZYpck9nu z{;v|U{;A{rQ^?y<*X!S`Z=?0!D-hvVIP8CgO{?G7oSfm-w6PPW_O%WkIC$Xo)?7GK6kX; zkj1aci*>#DOjkiLKGPne`NUws7hFMNjXuiR3Fybi!}b0SS%ivt57sVGbS>&XfmKBm z9+YV`G2?-gCMsqJW*1R*^xjy^(ZyXO2)Za8-b|{|>!$PpmK&iFT5n1n&}nb(0ROG& zgxAq}tsWYqeVw2f{bt7JE35{uwOhKtRYnSa7E%8iT<_OOqP_|=VCa$rm6*ktCD?Mq z5m*rEl10NSNN89Bl)Cl|G8^uM`g9!_WHI~zK3!*Fkkw!?0hGd^G($P~OI=3>r5h5F zOD6_p8V(_s&J4;j+yyg;t}BCVhOe>qZVW0kq$C4mWzclPd))x)A+~=78a>N!3rMC* z6_YjtG|w;-D0ID<3{?gQxlxqx&1{W^`PdelXm|>sb%rU>&ANOB ztvB3>dE*$g!BC6PO$^#(xEG-UF&1y<*lKtiH8_E_v&k?TWhfN&pFw>e2(fsQtb5%Q zcOnIpt$Rz4VjGK4%Wsnk1fvf-?j6#A-nbh%HxVl{^na}etpIzw9d;V~@C`kC`MA2LTmaV%@?1DL>Xx4)f>t-n6->|}&G8m)Bcg#g4ph3oh?M2N^d>Rn( z`#Zz+b19pND83Q;FzR_3+6Ek=UXY=kFm$3j8L`cx*vfvQf_YXs@3kHv*7c@WSl%Nhgwhz4I0LLrV-qb)XbkEm_MxHpCRl;_R#aSP zjdV!M#33V}fyk~hGX4Yb4u%mj>)ue>kS{mlF6chP1Q~h*1T{?JkoJ%y2(cL!9O2pz zfMx8U&S-JkvmN1ja0eXb+9O7|&g_I8pdA6`6*ncN3o0`w0j_UPx+4nRLexYk5g!jI zNQKK`7O3gn|5kF%}B98%aPE*vwZz&;hC1(csr{!x06u zGX}1cM3Y`eHsb9LV6w=YYJLYQFtr!s>lnBgi90F8YmvC8LX533r7Faqf(}h9{2;b{pSQ+KSPR!n-+jE<=Rf@|q+F)@oAQyvUcX&KYRCc|A;fR>91qvFsp zt;H82)r;-Y4Ct8rpm1rG82=OS+++A1WoTeJ+h=I#fp2mVrHQk3K^s*6@IsG7X@UhTTZ{pqTO!Ko?R>sNIJ|>OnzFIo}SzhehcX>`*bK z1nYQ2Ou(1zn8lRu`vJI4Oc(^9MND}WUoiA2??W-=Ni6%AXu1({)5MfFQ3H>Q(h>mE z#gtU=KhhIoy8<)bqL=bJ8qSlVX)owLOH9GnNK1caV%x+Ne2bs-6l+GIm~tA$SSm|j7&Jt4wp+L_ta2|+&+I^ORRbomun%!TRG1ZDGHW;PS3t|GgfjTke4-{b| z%UvbHXhRd%-Uee{s?aWn>y8$w%76xJBx}CYbSEmx_!i1qO_G}h?MywIg?5=9eLNCq z@l}7)#`f8qkFOaA)@$Ap|~PbaIy_p>r3tR1|%~XWHQuK zkc`v*2>wcXSsF~V!-*CL@Hm4)fm;{SEA6Kd#Z00=5z2!Ue*#OBUQMngihGp$9#HC| zajz{vliFl@ipZW*s(L?!jI(?hb@iI*W1{_Bp>1wMgt#<_R|=&q=2bATyUcc$3ep>K zIDZRW@Np4oD>KY4<@O3edXuT&ScA^vEdngYk=Xn1kn^+}pTwd3E&-{=pRh~bi=!yX zI1F>%kH>1#jo+Y^HxZC&`~l5&8v$8HE&7n{)B+nc9;?v$a1iX!V)L~t(3*Bi&&Q%@ zFUQKF;d{=QRCKk3P5x`(TKhYWw_WD_RN^Q2zpHp6gj&#^K-btTT_zGSPG;IZF0{9w zgg{UFUFs2sWN8Z7D20slrhNmA;+T|AWD^y#GKGxz5^XoDD4jIep}UOu&Ti?f`71K^ z>-z$5jsU%JIgYmT1elF@ZS9=4qhSQ*8Cbb>hR0E`SO%>( z>_eI37_`A)K>>^m+GNN=<+Nk7#a6>PoX1QougS0&y_UqFJ%$_5%*+hhXV7E0cn0k^ zyo^?tz@USMZOA2wK|aIZkTRJ;Ck>CG<+f+gg_OnUVmmMheEByxd89Crz?b9eHKk50 z7kv4A6sj`=EuxUP4?STQQHzFQEtFs-fa?mwby$N{Y==%nF#H9FT6b1RZ1AV zhuN?jO{OPRwX#O69W&I%&x&WMh*ceP) zgPoWqnlDi{SUqH8=)*>RVivL*BT6X}W_Oe1@jOf>=}cGL<=`8Q5{q!a*~H`mDl$ou zefnIb$SYKH0ctm2OvWiGaWGC#<3wpW6X1O+uQaUdPosAN2z_??on7o3BS1ZI% zE5tM##^}A&S?D=q^ai@ViT+2^h&zZQ$~;t$!I;qk=3~A-0Yg8*I2amZ&Ws<|5gltM z=y>z6cv?mpw}X2yk03G&_9Ijnw;G02T6}^T!#LwR;DzE7X*Ls#yCEk&iRL-IaVGeg z_+&meb_J&K?J397rKEC>5Z{5ySb=E_@QJI28qyNt%rD7I6O4>$m$`O_kkHP!)QS^s z4FV=39(9avR*5LlduEa3b+VI?;34;46y)ghu}IHY==S)O2AdDxi9+tm$dPH5{U3i zbiD~t@qDp!59TIDSze)X9W9Ahb@$^c?{*xXEh$?QP^S~YEE59+=nY5v;!0giV)0)0 z6`%%7;uQ%qd(539B*GfD2(EiR(+>xLXdJ+XA978c1znk_6}1SMjo{i7bz%*Zk>*BSZ=mV2AYDkxN|=NsT^3{rN!fG_ z6qcl19qx)5$3n}K@;cx(=Q4)4n1yz@D84O`uOKBXW7FNEl*#91u<=Rbc$rj7(on+= z!1r>_5t1?!>9Vw9k&rYh<{-4b_fi;MNuy&>fZi97&Da=hXzym2Ig)OQ!RlDWU&cg1X2%=d(@PLAbW6@N2Wc5<8yt%If|8)fKaFrDOfGNgg3 zlT9)t;p$wHp>trP$z~b)5QboKybKwkYm*aX=uT*Ka-s~KhVD#GlA#Bn?~;>cXa(4I za(e}Wp`YAAhGs)hkZh5mS7CBVPLUx)N4#}}TXcMRSG~`o8iyLTGL3<-YeYF}W6aNv&)S|oeB8v9&I{gTNcF+#Fbr?rM;*-kc=C&pkqrnu{|!H zqBLEFK8YZxWduiPI|+S$17o*jafH}W=ramT#F8r`QiMK_;@HWT5iq_xrdvKVT-%=S z7g!QS9WAj8$rzX4e)7+ zHkg7f6GbgH+-kE-5e;sv;}fi7s+c&WJ=S5yI;OEY(hc}h2g`IZj%}89#~N>Cd09f@ zK(Iv13{g88E74nKi@ML@sz-6f62US@l+ge6YywNRl!ytK)AJ(8X0eM2-yqO}K&hDU zV|#K8HOct@T>5_oHn7k#OEkoGkQ-Pmc6L((Ps0phnJdQpsXYZi0?=CKiQ2F)%t}Xj9v=S&S|Q*6q*WP;7rYZUD94-VXPvS~}q#Q@hE4FYmzi z{~$4c307yhQ{NqNq8N7y49J=?RllJFx4@KX8fJl77(6Mr=nrCd2=SkT_#KV1G2@Wm z)qxNB08BiXJGRpn;;D_sk^{)_+WiAiCp#$Hr19lI*(p{w*uO%c+9|%wpY@VSOJMN_Tl!$LD|sx(}40 z6r838$*z65hOUAY^tfJzmV+DXktsu^P_CyW zLp2DQWvDmwbkBGh8i;v{mN!BV^i;IG4t!UtqStMpj?_3Anh&z~%HvaZ{2nmSUgPDw zSuid1njk|7(9T{HW#}##24<7&?jFS$D}f?hErw<0QJvqX*lrqb^{xO*>8;fN9XPw* zX&j2fmuIK-zQ(+(Bk$YZ{k6>6vY__f1Efzn;`IJ1aO*wL#P%Xy2MKy#OWkc1{tt8S z0bf5lla4);U{Dt?XKGF|BVq7lf`Lz71$1 zod-w0O=nS^h0xG>NK=|D#yMMK>f5;twx`2GX=Yn%;fHkDFSn&5Lgl+8s+1=XjED6-IH* zX+g>3TZdh2L(}MNI8J<9vELNx{0`*!SOLU1r@>9)+X*1n8Hz&1w--R1GXSm--$4LL z&Rwu@d?x{7vDty1D)+rkm` zMis>;$}LalPw=w%B)Q?~j6kX4d$nkZ5>}(6MR;}}S68c@vB!@HrLs7O!;|AnMY*`d zZZ70Q=y~GHnp@gZA!A6MI>S-j@iV#jNyJvo#iy%};;)yxz0N3Ns}aCFC;hBde4PLmJKMpXmNVxV-C~^q3LNcKkH~!SDapW!eO*^(Fj&5z$5`9oxwTd-c0B;#CKzoee zZYA}hqo_PFIybV2v&dt7y58b?p=_>DM&h@SGWr87DGnWlP9i>AZ#Su}XpW!4l-=8^ z#`!+_`W_BmkcH(Vzdc$h+G4bn9<3GB2Gy3J`sJ_*=r$7V3JODE6CDb2piv~6y)td_ zB&i8=*r(|0lgu%x3SD24IVOeC-fo71e#0yxX}E%ZfI}yhC}=etC253$3Q6Zk)xo&Y zJj3l#%VWh3ZmjBHXd&#q%lZ#kBizw+k6?Q$R#nA`Sf4$Nt+F#B)nQH0SA-8%iPCSs zgby)$Q5Y`V9Ny?>^TN&H?I#p6+#KFsMPm#vR?tDxX%>>ccnGgl(026NJHYz9{ zo|m#oL5GmDl+6ly5_Ot#kAk|Q?@!sHAiB6BWt)QjLW4}XS3&fFdCGkXItGVIxnDse zDQ6ETXdb4#Dcco92jx>9R1lpVN!h6&7nR{*1{3t<*fV9fnHQKR z^Bb`qvs2i1N0IEP$zn_90gUM6&n>j-h zPI+2E6EISwJfooR$?^vjw4cgwP(d@v@`n_(f-Lc@g2utsQ=U^0U2&80yn;rN!J|&x-R8T)E?OO^uO}T#Cv>I=yOUwfiTly0o0pbi8mHAW`@aK&sQ)IWXuYq3A0@b+kmoXT;KK^PUR^| zYJ*WzeazwK77XEi%;9GVhLOyPYEfGWg_}B?i`sxyq^vVak`)rWNhBZ^)6aRaJW4E! zVb-h`?Vb}XVLRb_SuGi|ga%a8i8b2Z4U4hTu57|GIIcc8oT}1cO?xy}tP>OFK};XQ z*d&D=K(pFH#>Oe^2--L*Vr;C!Hlby6NfZ?Z*jj9vV&#I^|4M>+0BbvviS zI(n&?ooLPxu(Ix!uVFRo9?TH*GAr%N2JZ`{m-E%3sd2nQ(y!P

XTEZoC<@&T!MTIkNT~=7#M+;tKY^YC?{L5<`M|^S;HmRLX<`>K^jrkatVZ`*6{@RWvZ6- zJOQQ~O7+`$0!(j(^gD#vrZ}gQ%$)+La{fel+aQ2yXLro4bvYNUbH0XtQomaO^PJC9 zMmGuIM(0-aBKl?lEOt_J)$bAMEO-6^+v!_)o*YFoTLrMe`4cRs%lYdz=iQXfy+XlG z&3cToeV=to9NYc%u59-ZEnx|9J`j1JE7@HgP)-y_k^*#g));oy#0si`KP-$6Wwh8N zZHtzWL^@CFTB4Pdz8#=9=_b7TelNZO-8k*ZT4E>Ka<>|Ks$f%JbtKkP1>Wq?>Fgi8 z|2{A2rAj(kOT0vO+3M8mgtR)F9YXsCk0>^amUx~j<4tGeCYi{CUfSMPY>`^xP2_*4 zo%)M1%PKE_QRDj9*^;&bfM)5Q`f+N32_d?edR8|Gta<8H-z?rY^rAnCX3-W?1to}(c(IG(>P}Qm1nef}gnsx^ez4eg}>m&S8iI)0;7x_s= z-fNOS@gl#Y$a@qy?N^oRBZ8zS_0~sN?DY^_$dnjRoZVSabyZsGS}$_EBC9@2OKriW z=mPREQ<@ElG^{~CTD8zs;?uex|(HswI_;^(?&2g7XucW_#a5V zZ!J1=XEUPHrFV@8*`erPx4;-#ACSdvllhGUvLixru~n6XDHDMhD-NY+FUI4vDY;tG zHv_qWB=?$2Oep|jfM~_p^a;WcQ?gOgmjbz% zB&$tHraTA40Vzp0?kzJV*Gl>?bcGm6o-`$y(hL5SAU>earVs89o097!y^1b5L`Y6D zlq6Fg1mZp^IUbMSOv&|oNwU$DWJ(LTV>9v9PxfKD%PUDq-Y)61iYP`%zGzA^ zWi_xXrDQA~Gfl}mB%Q9JdYL3iTuL&-mqk;Fzn-Bu+G_Oh@Lk+T8^-#@|p*2UM#2!h%=VJxXosOmTpHMTIfOOh8 z$v~^Ek*zkbQ!h=+&uv2UMW-RQc=OUs)EtExY@+5W)L0WWPob_iQS%jQsfk*kP0TOIrP`ieHgHfLhTdHr> z!V}HjZ(XwL{U$qGl4U)ZM~U&n;Y=fXH@eF+nD{ELC*(lNWRO$Sz5_Dz znO1_+O?#&UFfB?#Nc@s!s!nG!IU_u}J65EZm=7=4LlpY3LcdB2fF=t4G^4Z9Xt-)B zhb#K2*%XAV)ietXmB{aa_?UjMmyVq3VG{WgOud^HapAN|33rOw?k=RTlYWSIs-{Os z)OP^SA`H&Q98MqS)Uyv`;yoY*k~h$#ucK3(Q<;mgs}>4Cq$GXF&z&i%6&E-i zRKz{V&u)Z5e@@w=nd@C}yp52fsFdS+(W4y3WcUYD>k!!k{0`oq5t4~2H8CXx6Y`!2 zIlW3fnif%HNGmQz4}OkFRa%G3T+D#nbc8~GPMHF8tpi6RrJ$&k!a|W(x^CuS(z=P( zMdM|To&oPuq}9z-n2s&Sa6#O}53e1%W zjtqpHd0r_<%P7ohe$F&gm?&i@KyDnRu+WcFroddwz(MQnoYh__2+I`pTa6_O*R8H4 z(Q2-@)6qLk(}qq2=@CfLE1;nx0epzasR$Y_z~-7olJqu{w!uivUN*bMj2+^qo}%k< zP+3eWg{ol?8j4Wp&pM3MrYUIdo!;}nTKn)uP{kZlE9uC&-tmZ8kUB;MXyd6MdCst} zRYB$;vARf3eKR6=N7C4)3PRsYJs-(xHkkHkY#}rMkx%Bo1|xkFmP}-s;q4=@lHq{0 zPuJVLv)tg5Wnnbst5!2su8cOu>3AcZvroV19TLUqXVR7$LZQEiC`vgf>LhE_6?JmbEZ{{lW;2oifq6^c%6U5ui6 zo~n}p%`lEMV>LgS1<7qGGhdtGo%vh9xC9}Y$RfidLe&VxImT!<0$Dcj=pb`V7|Qk; zpKPaI;34iQfOltjdg&**_0TH!nG9aMg_w)rSG~xm6*<%-f9OU2S&^G6a*4sd@iG!k zox;F709y4idxX^I8Q-M{^8v=+DCB{&0FwdA8chZk1&hhRdDO`}&D3OI zQLvZ{9K^ErA%ucS<#mJtOH@tU0%=m3DzwcqyX@3t#?w@xcb2TO8-X9ic$zAV%DQ5zu(eP|)KuX{ z;V+c=>}@bWV?X3WWd51p2+I5@Cn)g6p!?#NdNqanNQx zw9$um&nZ)2uG_#t-~8nq^h!ZYJ4AP=(zS@2_Vmw# zL*C8dUX?!5-P@kK#nbKO)nduSCVEvm*!6pRRu=E-d{u(HRr!6YFaC=qEgFRWR^IiSe01CrtwpMH#qE} zzMLg{M|sVf$Wj6#-4P1?MMQ~9KpEDN)nBKSnK4s6N_=-;?~1$;LJLT(KdUUMg8sfz zuPOGf)YSXA;MC)v>Z=9{b1({6yP@7@4o7WR_D{%O6wJ`Sw;q&RneygcSkd;=r07nh zyd4BF?!Ltw)OYpj=aHozj7CM`Yx!hFLef!&)kCkwx3r%Wd_pjALhxx z6^Ub(&wbK-e*Vx;HR!K{#q9ci*mWz})}K>0Xy*C^93LR$%=ha2#2kFcHpV>8&k_Aq z3KwN(5Jle+AQbv@$`qI@0~~1xIgfj#KzHP8d2^sKU#uJcl(`uodsl|QvBBi{%ZKAH z#gSc%;p)5oYW<<{`UC0FtKvdc2hE0g=Zv}T2FC`Cq%yf^@}V zg8ENWmsLun)7gnGw9go&bTQ?6U}quZ)D-yDi0FMUG1j8dX(|2o;Lv;WxlgzgQuOtj zXuPi>@&YA5Y@#3N9;az>ajZrwl4@*X22X8&b-s7or;lzXBP0`9PK{fz$p1Vwwhoq@ zUNicn!7AHlD7^=R9kl~E+s`7IXW}^Bz^+i!m29lC-4{?+SMI*v;u(o<#y(LP6rps0 zcM%pr=thJ>e^%LjDd_K(Cb?b(DcN7>Q>rDHg7fxVAd7Xi3+h}8NZKi{ErZ(1gI zy8nSt)_4^z*V<)rM>_@~=iVW{InzqFfgFqZ{-31n-eqzRdpPmF=*3GNf_plsx$K=~ z{Op0O4yy(sXGD>&>eM2Zr@lRZpt)E{yNU76UGj}%FEui|_d?I7OufX#uV4%h&&I>e$r6q$%C*US?C2YDEvx(7NK`^y$C`F7iQ52WhVg4_v3P%1acs# z0}ygn`di3-76!b7y=FT2yVq`^RM-@;-i^AhzE?SO=Cy%0S>PS8}=N zCdvJvK1CVWSLC08XpmoF>}UM!ini-&1;WRW`H(bsy$YAB+bz@=YT93<`7=M)*Gkht zu7-K%lD2FBap3KUP&ODqEHBAZ_~{w~=5mna|XX+@G{Si&-<+v)9ugi z5TC~9u-eTXmRp%EAL7Hk#9u1%6k*yBvj}OgvM-O=rLxaMlbS$T&Dc49>c0j%#uxHv zw+xnCn!-cW6No&9Q0OlrM!pY0IhDfdPb+0+%v6t&Z&;!C$QPZ8$qGWDKdT)16!do^ z-;2z{)AoP!p3Ov*dS0Q&N}G8$Li%$1Tz}FmTb_yTGKYKW&nDgdsA(Yq^ z`B|Y(n5aJ_YCuNajB3mtgIjvdn(e_+a@MTnoizm_f>}oZ3Z1{5PXEM66ickv>$Z%}{EGn5bMv4agUpTlo@{3I|9akCy&YX(4AeZx5lwX4LTDC}ESW zCevtU;*5+{1(KS#;KLEfZ2z|WL}tb@LOe+3Iv8}f>Not*+m5T+6Sa!z^z>pCCAE1&dGdjEMe zh)>~s$gXxYD2`lBde_mQ6ro3$|BaxgUU~X3$iaHvq7*kPJ(EhnArSqX3gFRBEz^o_Jbxj?0`cbHPUAgG0?^!dOfK1;Mk z663IHe9}(KyOW3!^ulwQBL2cVr`mwTujxSDYDKuH2wLtPl!tOoQ(b%d0CzI_X8qC# z^=i62NE}xlfbJ{2g?;w#&rF zh_X$V*0!w8O%!c=N|4xZwX7XTCx4~}i8BO?prwX1iHe>U)RgwJEo+NYzCu6Q$eFg7 zu}Ar-R|h#>Lhm#558A*=!|EW-4@ld_tX(~WNYSgeY1$j6(#2%bIYG`N7;}ey2+}IZ z-JC}2xd@tw0P_z(rx9G2Z=(-$u*gLy)#;@gSO!ASWusR+z)nCYivaK~C-5sjU6DX8 z2X$FGf$k2pf5z3Ynx894Q%4YXgXa;_)RR_Meq6(P(W(-2Ue-*5%ifazFu@Lnn7 zF-#l*JZ+vJ9PV+<-ntv^*jq1iSjYF|c9QlgE9+9^yH&sy1s-ys!2WN z2q#_0Cg+@*%$p9;WR`(zF>#9H(8nC2m08ywUX&<~L?3fBmx!Z_62-CTV~$P|adJ_j zI2wJ-kth+T7bS}0(Z?KV5^-ixqBtUbTq*r>QKC2|ecTZ%5f>LFiet~m9o;43mqm#K zV+5kNL@cgPOp`kLOT_Z}L~#WAgi_jApD2z&pK!F6hz<3L;wbb9hf5;1)hCMM&?g-E z60x&B@jM;9KB;uEt_#u|Q)De?H)5>1zZ9#fbQ-iGgF0SA{+`vD z5|0XMvKUauOigQpP(l+#`nL#vnwrAEtpKho6}}eObB<>Jt3^jGwUCK-gLs1^+8uu} zHSH^=?%c(T*lo8c?;a-nb-2ZzOGiJDr7AaE;~~m*dQclVDA;)@DRi)_mhdxcEt#lK zkeDLXBF8fjvMh)u46eH-+Xm2;qF#l4Q0jKq0^8Q_3 z%?o+*KH=NOEY5JzO$|}j-p0=zW_HHP(f@N~+X}2Uxq*WVFm2|-o zZ7oBm_83S(Sr{J>QnxYBE6CRuZqE+IDOPB17@RlnHBRl!GSu%3F1u>KGtW~LPwPd$ zLk$!i4>e2ex?I*Xsm!bMM#)RQVFJD3F6rj-0qgIZ9-EKuESy5wr$AA~?RyWu+3%@)XRc0d+2LDkI`$ZmE65bLs3H(MaP z*{^{(hcKqRZXRaXsxxrQZnwx0PG3Pdtg&9*?odZFN-#GYC8oEMqMIp}lFtCKCtGzB ziyiu5IYMdK^ut^8#;6_Xa)gihtq$DIJa%uswP_6tAto(?@4 zGQ}j5cA2rXh!o8`-rPh>{U@hI?I`hDPdlpY<5%Hc?PxyBP&-<6?N!@Rg!lLz>pgzE zwd-zW`3J7`Z9l0`GJ!TEUb>bOZf~x3qcS|?vx=;Ki2)5R!{e~21H5>fT*tg=rmFE? zWpY)cY9a^PcY!#bs~S}k zIoNjYi}@i!;#Qg(gsDa~P=2ToF5x*~s6iMb4qrq#crj3%xQ@p0NCk6CjB@arLi1{g z&16e_5?Xd4q}DI-xY4I$uj)qkn4fSA_vjLCG|+b%ShAg!(HGaLhZ!KF1da1J*>G~d zk~f*!npi(z;3V8Tah%8h|6sg1X3sM_yxeDj0JIp~jo`Wuz;jp=JwPj}JpjIf8y%s=${_%= zM^UN(UISoY)c+lGE!VpM76F)t;Q9=}dx*S>kTMtxk2zcrs~MZmPyOw{CS4~$<5;j& zVdR{KpcRqOy{6E3YCZ1;wjZt-?*h{rlkrQXOPtlwKMQo+pcq?WNNhG*F}9wp7?Wsf zd@iv41B!7an3fV_>37I{BgoAsq9m69{08*J(X8S^jZ$%uR9p^h|AkU93j@ql1Z^xa z>b1&MRV;v?`pcZh zOg;5i0z;mLlA)zwYlptNEsbD901QNA00B7wW*{;hq0nD`+$2!-62Ek;X6&R&=fgn9 z{&G&|9%$OA(m9RDDV5H@5&7La9VPFgbZ7wRir~H;zi`k5ki z8zbV;q1;=}{YAL<7j0ub{g^mS?sizKyDC%}Eq}B$m2k#x&0NB2sm-TI>_A{YDpxzX zo}-EM&R`((l!E6{xtX!lDgIFcZP`F@QUe zkNF6$uK*mIj=luJ^%H>MRdhQX0PAej#!Rdv5r%~VaJ9ytg6lE=MHts@wp`?n>WxTg zF8+je(6qHMwJRUMT9~XBp>#Nai=cETN(q4XC`APKcmO-6OKZHy&-ajhR|N$~7VRXBObNEI6_dGj zcLOPI4!7>%h!oA?*1Zyu<#Xsut&ZHH4*=RXhg)=qxl(5?KYL8(7X1S_E+XWl%{4P4 zTXY~Js72RKzFLc(`CqhXm9S5Xc7KB6FS$WdHu3Wv%FjV!b=|cc^1OE_0&J&CM z>nU{}`{OPsn>NMMqK5~pZKRWD>zPhx(w0u)b7dr&+K=6W=4B60QRjBlCpJp{M&_bJ z25(LA95mo}lky~)mU@=i=>6NJDV)RQ;_W3TH;YS42i!uYGRMV5HZAS^jUI}RW>Lbi z)y8@T3c5UEBe^p`i? z%H0+jS;gM{1V7u*kkyeY1+rTZavr_WV|Q`NsTZiZFkCvZ_6G18*j}Rclln3b%k&~* zSe02NqpaH;5$o33`p>qMuK?0NN=_B9H^g;rdYZhx-PXyP#S~`dZ z-$ih}1Rw!x=2i`K!Ucd8tG=%Y_yj@DXJ`TQ34mLRNH?Ffbb^1hSnaf?+tDz==TdegwLg({s4Xi8nq z>C8r?b~&eWHzFG-9e;Tk1^eg1&~l;c6!R2PdFw?{e%Xg=rTUGGrDPH4Yj&BNS6n zi>Zjo7rS^BXFTcpMOCG$ln#L*e?Y?o(m>QcGfp+B@0pJs8`T#*obIg(g-me)` z!XWm`EaetvteQ)D#vXGowa|`Wi&}|>i7<2!fDA;^2*?C50g-V8Bm!85$kLT$0zYNr zMuDo2;zXBLt3*|-Q6>7lJ*L_9oaiIa^pHyQBqGOEqCX?@qe`^ZDotyFQ0TABH__PZ zRiY}E%TN6;d(6Ws(Z0}>vx*a~L}bz`PIL_-t5$KMuOo7l67^T+qD21%$_0e9o{Uv} z;v%z8Oikqum*!U|ulHFo>7ucGi78A;K6BO4F4i;#8UXxpJ@4}FT*1XE**?>Y_w|_` z-nbg(owri)&YtDrE!pM;XzAN&H+oMXZ&H%!=%B@(z&P6F>L+%$_5_Lp8~tvx3*Z{s zf$ArAv-SjzrroT3v5R#eQ0!u5h~2A$fnxV6zb8$B4h4!`s|>L%_N)Z*>6#1uxj?Z? zl~Jzg&j*Ilh2Qdc$>Bh;rImk~-YC2vfjrvO$X`X7_$E;N;D9>S5o1@!Pdd=PR+1{s zBrZ)-V0%%TZjvfqwe}a8NeayKlqM-~q$rKZK_8i@mfo2*Y0ubLC9P>m zs0Yojq0QN!Z6WeJj`$YB8W`er=!GHt%cD+19tP?b=>6#eLna)r;PeahuK8Poi~sr@ zS^RGeFaP+~NbwZ^Tf@sgzBSxbd|Bcj4X+aaWJoU%hWXhLhLI)y#gHYw5DVZ}2E^xt zzeylNd}jAM1Hxo~FxxG(~{wpV2ZHG zgI}~1mj-EPlc%NfXiY7RoMrPqPQ?&7_M05pJ{;L5$LprrTpOP!`@}@`S1J8v>KW*x zXQ0x=@o>&l}EARqR!$#YM6`6gPkh`au-oUPdDTVH1+efZ}Qbe`eyyyJoPFh-4KT^W2XB=(HEF}T|?JOn37Dn4%o6aLh_<67ot+Kzog#<+Io_V zwJ1rZyantrDOn8KZc{Q((t{hZUTvgPTBamZ@`3Fue(*hcuSH4aOWH!2NrW8{i z0Ct=FnfP=%JFUmDXXww(SJ&di8D7`o#2H@K;=~!|wK(0RXXIthS69aLF!&akp(ZLp zp(dKBM1`7dqLLJ9xryqjP@7CtFNJ#4L?s(Om(;inbx95V5TV`{B~w4x-OqDLP45ND z-`g7ED9Blu<3ohhuFOQ2)HoM-HimmLp1SCc9{fO4sd-6FdIwA!^&r)!S1eE_4Kg|l zlZswF$jFj!DSK1bc_u(|kDny94XQA+N>dt{)iVL2Y38p*ov&4IDbEBX5ppRIi`J?a zl4k?dkstXA>vIXe4Th5lV=87&()4oy<_kz0X*#dq@$y{JKLf-Ml33PGNfg&*ei0!0 zddu1&se3q^jbIpigZFDlhjoZ&%Mah}VxlF+iog=?1w+ zxOTi&Vr4_nyT-Kc3|!>}SsFBa zBg%-7MK|EfHjwDE|}w zTtvt!r#V-=Ont^SIvoTg{e+v|T_SJ14+-6;&TG68pjY$n*=H{X;>*QQjM-sYKordm zUwi12<%fcGIBKO6Bd2fKEiY2<+0_Hl8)x_rF z5UwLypKe%m#pYr;lYLgKST7G^>yPGVc)hB@#{M?XUX?m&_CUlAn52Kv?!-)*bLTFpsnD z97M7nXWf;EOhPF1m-lSoEacqM*38(&KAY|0gOhuiPH*^bR&@C(5q+pm{U;4PeMfuL zY`=<{2~6JtHP0?K_Zm~Xuv5`4#k-5uPDNU&7n(OOhWt1|;+jm9&w?e&Z(fuhaXU)7 zj!Ns#DgB1Io&m>xgq)y>ett8g2V?U2xywx9RVn)q$bC#H_;bn>n9KSE;s`l?y;2Z+ zRoO}C2rUij^x3fhG0{l?Z)b$UCG0`#+}>K5Yc)7-C9R6;$+yDn;O8VWh2v883CKN0 zDct49$=8iYuG8Q+MJep?O2MS*IOqyk;f;Sm!|zY9H>N)cEl;vH zjz?tdlQcnW%e_t`pj)5h9kOwLT7Pfg9_T1IUO~uF6tf4)V+8d;{cpP3+q{7*6fm6K z_G<6*RMI|ORT14a)QYRnqV1(I?4^LvJE@@U>5V3`^bJBy#~dJ5a1uTqu+Ll%{ohN}V{0 zwYq3Peiw-22z~3Su{Q2tmDg_XL-&M`RYUtO9VK!N5H}+XIn8N($a$4FhCa4b*d%@%AG9cZ~=F`b>`&ZT05lWnD*Crkp7dcpTU8m33`_HJI zOrZEF0NT~~(;|%8Urf0EwDc5vG8OYM{m`u5pD9_b>N6#JU8!%faEkP0HR;)85ntBz z7gsiIvZRVhvAF!`9*f+l5O*eRkwAvX<5r8;PRBL|#3fAkGSH0<2;IlP9dumnehDP@ zj|K36g|Bcr$=@5vZH^x-dLDi5E_42bMXtE>=sRnsFx&%|Iv+6+6}< zw&lKi8q>w6spVk-GH1CuEnR7eqMwSGd_dDG5K5+HORaQfc*Gh8^w;I#9&y=4EPo0x zq$yL~{A`b0^c7#;Etbx*8VXk)pbm(>z*{1buK{u70Nu{)Cw_6c>J64jN6`;rC;?~A zz-+(Xpd}+{gFR%0>~e2ZZzPr84|aRKNO^{h_9c+zPpV>NZo(RKg(}*}4%PB}>WJYN zip6yvBen9QChss!o4vx*^Q8X86k6onzJj~=P;+0tXO1Vu5oTR+rsP#2>DSYydt23Q zSXQbvcUz0t(~ujX?YOB=r4K^dTf94<&dNmwb)oIq%Q_!h<=#_WdJ7L(wo0ukFYDra zp#&JW<3V{d>(BBxJf8#jAVO9gbt=C|ow?<4N^&6uO2ix*eA~5N_x96`x_XVUH5Ool(sbF> z)S$QUXj;meVhOm}N7E`(QwZ%8&tyaBbTpQR+?jeO@iDvjsCcH{ON`?pg_(N3)U$)$ zNYv@x--yrG)tiy@R-|o;${>A{NwqXZZzk+NaW(n&1dw&w4emdoyqrMsb#xwmK`Dou za^1TlFW1d(UQj3bP$wy>mR>*ub&)C(U3(xCDAGGn0vR?8OtXbc)_ieEGejm7t3)y!;6S^p>q&OD`hD(Mt3y zQ#4wdMRGTn+yi78TFT!d&tFfq)JhidI{%LX$7rOX*uKUEk7SyLpK$HW9F-xR)tVGohf|efezCQxsh=<^Ya`@^@Y@W zNUTN3S;7=kWHlr1;%9Utz3+#}(_r66BJ2G`dQn*wyM>PXiw$&9n9m^a(W_j{8CPeCw(z^=q52LcWX+L}$>v@Qu8!7q8AUp@&LkN}IuPmpVw#^@B{6T)6B*_IJ zd=9D45OVhWW!z0$>n}6%7(WA1L$2FEu)n5hHiVql{KaVd{S+fVmgYV!UafugOGERU&h_^a|O3E@?L)Ck=Ps%!jGW_5pp*Ai_uRSJj}@b{Jeq0=oYBn z$LKfoAhyR}jDGguFe8ug^KlZ}48pY#8BJnG{Ke>}5l%7kQ+|F$VtYVX0+D(W`^aC6 zem>zFMqcJ;?Co^w9fSuV@&Jil^cSO_SkTyC9sDdMvG+iD10t`Hn9~{$lh~4c!=-%+Dhv_B-i2u4xg+X-B|MY&89x!(nQMLCK;S7N`bx zMKh#1j(Szo=xK(F?tm9wL-QZ#PeT|w96&uHvk{6&YO&(h=(j&<`ZGld{RE!NN+|XO z=9CB}H?sg;s-vY%W$0&f7C#c%p_PHkhPrtG*`X^Sh7JX7#tFKJi?;rd=9@?_Eswd( zk2c>iKfoOFC2I<0o_~{o<}dJ?DUd?RD`txsOH&zH5TuVmPKqffW%Ipw6-Qc}zw+az zaxLv2oE`I9(GN^w1x*vG`Qzc(G_&AzDQGd>bs_$^?!lj;lUR)+jDC1E{R|wi^iq2{ zFiR0!PXjoD$nyv(w7GRVYc3flQ)&NAbJI-Xb;f+o z&jFBeeXyFYMnwc6=TpD0<=sa>wR16=^K&7Iy$-?{h?J3-qL?4qA5?jLRMWPK`%p*F zuXPQR#~DzyoIwz~8{mgjp^LZ6?>y9#J|8&!+-)}^j_kwmiGO-Aun66tD ze_YSv&n<7G-*}ro(ExBG%ipT>Yyj6AAiNEZlL$GtdX++an@q`WQ+22n(}e$MkiKuD zcS0h4;~h==@ooAJ2Ry?l>0b1bTFF|a?D3$`DFt-$dT1&Bz5O8k8pyT;~D&fXH_Ur9Z5o-{C{vHqtkC0J^=W zX>kZS(dmA*_C0HjK&=&TWJARA7Q$aDiz~g3ucyAsSb7hzI2wOU5s}&`hK33rmD~s-D!$eki8rEL*wL3(?w`EV<;KD3?(jnk8OV$ zk#p~{?SJW`Z2ybDJZ%5n-E8}ZPGKp3icWO;aS7Z16O^;3*!Jz-*R<9MZnAxJrZ4-! zySX09z)^~j(>>GI?@|LZJ@s(V{P*5?B{z7Fy*5_gB<&tok16+a6gG80X&3+!H^tFG~BQc^#S%9&8r)?1pGBH`IsE4Vj4+cd( zxmgV?G^{ClE*?VYdl`LnDIj23<$NZR$rfrUTgbG3M0>L&pIa`zi8?FtrLmeGzHBRqfGf z;(X56LHa8XGxv*UFaVulJw4810`M89F!vm-DLL(a=g}FSr`c~4`oIMk%Re>kYhc`T zQ{F?Iz)60dzXx26Ap8QZpAgcXVG3WXjVh6sYSTM|Qo6qGBorUnN_SV%*VtcZT1$i? zy2|wGbPRwy5LxpD9qwvMC(%g~&_BN5i;9&Rn>Jo- z#|MSlw(`}D$zP)EU-BJ`4T#+MC7nxa%GWiX0QAO}tR^j2RQqAebklAAqN1p-A z@`xe`&)#F+)=^3~C&q?i4tyW7e?Ndfkod)~=>A;*b6Dvk{G7NAT#td!@HIvwgwp2# zjE8&@QJx2I0NAGyavt%@5KXmH8yG?TLg6;Qe&J3gs{M14NTHp&gSjfND%P$q8_*ft za`L^fTi|V2(j&=FzV-*&0%-XSh6seA;Q-u-j6iUA2k>t{g-KB6>H)$!aIF4@u4)F* zh|)D7N*@5P1A7!9N6DyH)oD!_k@F~bJ2#jYmhhX|&p5dva1`F_sgPlMik9}P7turL z$?dEME4OKfX&G)+Rx3h9U6TamJqSV;6i=nce zExV5!$V%`m`<5HX%ZMB%HN+;`*&l#@`u`Zp79cVZ zq0nDMw!g6q{ayP@XC9y5ZxAhFDZBX!eu{QD3#rYxAmFr}{d~QP8b~Q!!x|%blxu3dP>J7h#gCXS1_Vb5Qy0&vMw0}UX^#Jm~ zmW$xNl_>os`!;^gBCfR{+z5^Zr119s9);p!>s-Z(;@@(==jf%I@$@@0Tkn^qpvq^_8LBF!s( zdBHVZR=O7^e}}XM0~iOs>kvlAFvZoJyakvB(hxDwPlKB-Gga8`{OqwEa$P}q2r@em z%2Kbw&skyK81y-lsk1$>-M6z%wXo@E0`kwRBwFj0XwWsDL`&9t0|&f; z_ZhhEQ97>50Nn%J>p{~cOEL#~Bs4eO&^wPCW+OjWQd@i%giA2vzo@F0G9{Cz)(bCk zS;Xs7F-a++EqR^YUDwXgTZQc4@K>R0XlsyK{7ciCA*9)uXS&zqvxr_osb*+sp>#Ag zI=J18z>i3lJ6} z`S}PXfA#nBoNjp@&v}2x6`nJc$#g%TzVoWN<1t&Mr!LC;4=$vY(ml%6u+8t3F$aMC z$kY=ErOg2B1!Wddq5*sl>;s1LI`*|v%$HP}tLLVkm zKR4{*tC?3T>EF+*hO4}R^ZmS%UE^K%2fXV3fh&?td+%>+6#ojg875K~}@23XM*9WO%DOM2LJU8kP~r;vJQ44{Lp zF_lF~9Za-GEt*ClqbKQkCEYlF!fcE}i;<)!p_!&pXg`DW z{D9;rqzos{-Q2@vm-%3XkSWdZ*Qw<6xt6U+RkV+K7`n0%6V@)?1hls%^)?yv4W(~ z&PA+WVn2WX%s@6H;3TAkOGAmw-EdsnW4~rY&eJ~qR{RUvge3W9!8lc zq!bY`wk67o5c9Sr8pPL7s}x#wqukcQb0}m#BqW!^0Vu>DBj`|PbVPK^LK!9bJn}*z zwJp_bY74{=V)_M;Qx1i9P>6XhkP_*OtWjtYMTs0ifhojn6TI~>2Zg3hgdg4?0~;VT zJum$EEjo9D(4sk+B@-R!hItG^_5dSH)5G*mO(KG=O(G;5OpRY0o0jNm@O>A{1LbUs(0A%?aPH9VrRtcg=<7wu=A_N<7D(ILdAR2`#z^3lmVRZZ(0 z;!~Afyk&!fLxP>bl(V>KpB!`zKo0y()h$Y+0;1i(Gb|#dPazPDM7|GSuZ2ZJQ6h0yL{AcM+FICDDN2|4eX|<%1xO9u$Gl9 z80>tEi`1_56oo40I+-GgkG+aRVRbBA4ua!bvvyDUCKybc=xtBwP32xiA$XE3B^RwC zft8tNuax}j$s&_YSpiO=WT^a8DKFHMO-stgy2P3(iIXbk)XkbzRa;TlBQ3FJ)~ve3*|jx^ zRZ}M>PA)G`oR^k5F4fheree~R33WZHrp}x_FEK4~>df-0*^??X!OB45#Hn?)J{XzA zxT!PiDr#mt1D^|wF>mqS%{*@$he9^!MKW=nyRU_b&?IhOs37A3G5^ppIlLg zjIs9#miJ4SUTVCVMf;iQT1ghsxnNT}L#V1uvoIP0r6X(}eOsJ`uFyC90khR_j6s>&L zqzZ3T)vTG5QLLJZ>KYHiM+rQ@8?LOHHKEQMQ9g?tXP!5zX2Q(L6}}~(F{{QWZ*{XF ztmkEslEc$^UEhx z*FuW|YwIS|F;G`Cp}b<^g!1W}c-7Q$AKCJXDj%~=g{OPNlPhL=gL5k;Os}b^ywW#n zE3TK|%n36pYO5#srGnZluT|ND6VIxtHH%+6yV~QWvMJTfo~gj9sg)Jw^UGD?$}8qf zU?+pSnPL;G>ZZ<=ru3v}T8G-11SU+ZC5w19iSh|mRon(OL)RP@bwz~rnIPRTBJfW) zbX${H!^pK2XqEuoO@A8bk8b|4ZLvk@|2L?W|0k&^cSNRP0JPZJh`)8>F9`BUe-%Ty zhoMnK!~PEm`{J(IwnEJw-jn;CW+Jl{GWM4L6(ZG;GLcBTB5aLP zhoIW*qJqOjyiryz{k4Z1q1L&S&Cmp!_29x&R1oB&snK$|5qb^sHaNlvjWAjwpOLZ% z;Wpj$l?GAqx@|K3C0EcR&6s2pY1s>muu>!3I?-(e+3ayfs4W@^M_D5Z45JUSTxP_P zschD=1hT6GK&XAN;V1?B7;ra-1?Rhs@XCer5I zeJk>0M9Ew+GK-?{ zmKyEEbF$G1Ew1w*qf_>^MrZ4SN~6;-Bf8Y+VO@}Er1v#?XZI>zGU<&e|!{-)$46 z+fMbkZK$;=+`(GwZa_4o@n`{gKKbt{)hbSTDJFH9f7c33b)?N6e$;G7ko+QY3yJEs zP>jCWwz8Y3wUTSXC5*OkZ5!rO>Ix$3lh^D2Gq?JXCfaN2g+y{ir(_eoiY-(8l^sn3 zMijH*OLDZWuG37vVM#5QA>MYb>Z;AVTOT042BDpjc~2>ON!WG#n2kWhX{U$tqM9{ zUPOKzC0dM~y5ZM^F`NyEt}ml5&-%D7dsi4|taX7Kv8GC8GZl%Jk--XML{JCqJ#H@r z&uAkBt*wT7YGzBJu@UZLJ0Q9e8`ztQr_S(ehF!r>k%ni}G9#_jXeBFK=A_I_gBY4+ zc`-Ee48Dq|EuO8n_@HP2iS|X2X55Fx*AE+3d%}7}%T`W{W}C0mBHR+cQNiM%c!p78g)0hWpxe_CZyz z9s{fVRe4W)wir%1aO;WWv&-vGaj$IsWYG_HS+6@pz20P`2?a3Nh?=&_sY#xy`v*(6vVM0mw#3qnM%EW9@r%y%OS>Tk1V+)@gQ3 zU1Pv-s1EsTMoqcEu%oZA&1El@ZWdCB=pnJ#42Get`|6NO#4}?BK=a?HfM{Hxi-|0G zad%7z3cMzXqvfRWCc{}ujfJvNaE@~IF9RBF_6~+4-gYmPJZ87Y%Jpm{4+}wE#PlB7 z>Q50ohZ%NiUpHUTi^=EX?CN&aCf7l3s2Fu6{KnNgEt-pkS-XfZk;OiF|@+8PEFWdVym;!P;YIa3)BQmFRUX(dv`?mkKsn-0Xc-*tf`_y z388jWOU)=mw4z$k&aKm^tBRC;&Y@Xw@(AgwyA1sql<`i&!&D(-X)FmnKs8V&X4+VG z1qo01QPu>FRP@|pB*_Psfb&I%5+cVJ*>_%!pfv;{=edVjFMJ||iYtc$|F!E6MklfU z9j6=ZC?XeNvBE}W+_|lj)oV?JVXVUojL=d75>U)xG%-mOB_5VQy$U8hgPA*3bdh7l zRH!|fXDpegeI3b-r6J)CqO>MTIZ;|?5~VzWOc5@JRRf+Soo1f>N0Avlu~LjC^Xp_X zV!{5Dv`vA4EM$*^q&kRH&mq-8LiL;kH_yiTgpBo*Q0b-)>VBITt?apmbBmF%#fUg2 zwkYPn%}9-CS9M0`UC7lQx$J9D-8ft~M9lTt*z`=d!ZuQydrKobY^@hgq+8#rqSPXz zr3;*+Zl(naMY8tc)B$1u&_$=9Tkq6$_|`uc{eXU4_68?O+8QMW9L$ldn`mBaJzrHI zme8Aoq}#~G=!mBA1UHS{5tJE>i7+;@?WR~3FN<#%^Pi}jjJBnK(1j=1+?9|KJr4NR zia`@8pRKA>eQhTic`nI57F9IZ$g}qWR45!K1dIIGe1LsPS3xE66)iMb*F@+%Mq|{m z4*zfLK?%>;;wf<^@@Ty&5~bXN9tTCV=94~@Exa*vixGAUPzShUum(4pu>)e}6t>Ig zSZ8D$*d-dUm|mc}6q7gmI^y`4Dh>v;SvrPWuSGxI&eM!gW^0)!N7xT!lZH%MHNH@# z@1hhgN9df`%!Z6!XbDNgpd5|mbHLUdYOfV%HQT8%n6tRTZS0z2V1)21`(PD`?s5z%0 z+93O0H0*oiu#Gz3Wwf#W8BTe4Kf>EI&FrrOcR+M^p$Cm-OU#K&7^a%QV&zR6Y0UJSeO-6}BE7g$ zcZ+6=X`!_mRp_wxgWYz{*oC?97Mt~Yot~uVY2-l)*xQlBDWgSmsBRFpjVvSEdK%MI z!k(hNiA&SP9**@vZjsT}Gny{?h}P~ai}QmlPMLRcFrrbGPnj;+K0-|MY!RwuLh&h@ zoD*}l zDmhbvcMUe8Dr^auT!z`A1a6D%9IS&(?S(V{y3pPrr*-(pi`^irgNB2-byR#urWnHs zEFemzq#%YVDNPB*>~Ql8(HF#sK7OsRY)qZkI?no8IQ2MaF?O*eDuT@E8N$UQ<@WDE zBba8Oi70lXD0ilq649i&D8f{1r&f&Q!gaAVJQ4BlW{7P}_^Vq=*1=#Z3i^69iO_2> zuNLFYr!yKj1=PV-VD6V4D@uO9nEtUT)I7Hq?rsgSQ&(QwK+yuDrQCq-Nn_M0B>V{# zER)uUYO0GVON4ZJtRBpTg!6&3bb<)xhsF>?HNEGH(>`H|#d2{%RRBNcBGj<~n*E zKkeE4rs1GKG__7?G$O4nDvjV>a<53N?F)?dM*;5TS@d9@tllNZA6hQIDQ1!8!~ukL zqTPkqj`1vQFt`781aA>z6(d9oq#3IlUW(4kR!M0`sgW3~XKJ8WNYY4!e8D(f8>LX4 z=nJGR$=9q+L1-jjv1M)*y@h!BMgQz|q7@Jht5Tcw*)ZLDT$6JWcn8g7M1tpNtrUHg zn!0ibKjk%Pv0Fcmlv@wlF6gw2=JWV8p4T9LkT|VJgijods*8;+kRX-S`ng36v>3vz zN$yM<^J#)c#V!!#g=)D8gfNVYGah#B~cqh4$;(? z`ZV>c{jpSTC7DY2MzMZ{&k~on->x<1{7rpev5=s?IEy=?wY0fezyRjk*3bUGlm<v1Y6g1E1%$n_ro14Qi{|Vrw+5sTz(PVZ&*>9cMo!Hn`v$FM4`O|9UVn zbsh{QaLU(+_Dn%OK!0f#X}v~FX^)zXRJCS@?Sv>&^z$HXp;EbJd2C{ezj-FD?%_?3 z*ULF^c%9jog8Zg-O4kn%GY$XN0$r8BB@1A4($cqJQ!u0Q#U`&zqc6jAA5@e8a4MsiLyHyq)jYw zn6&(BhHOl`sHX<9(Pq}G&C)F#Uj9y)939eiA!g|IlmCmoH-V3%I2MOzHC|ah02yN& zFoytRPTP`iKm^^S65e8chAnKlLM(I zN9TqyY-_rSz>k`56CT(e=RZm*^$}%=80@8FI=)5wv+ihJ64HV2-nq@(Q&QJs{5Fl+{;R6Z*4IKnU9VM zc*jIK-~J}CoKCoROsu45%rxIt&+;@t`*nieyL007GJHP8?Rbeh3breeqH#G{c8rJp zl2Ugx-A(UV&JI?~ma$;IbUZy^WWG7zrk9h&$l)wd-Nd(Tcux&F;_(M|)DvLCZVS`I zWVXF|#DepJN1a3M?Qr5Wk0RrYgb+v20?%|0FCoUZoJ}O-WGpp6-105dEpKH9?*aFz ztJor(VCtD6m*lXse@*v?Y1uEhe8Y!rm->%CpV5h9mpEvmb>eN#-_DLgirjZLY-g5K zv|MaLz}!I>V{6&uapsRmBih)>Ks{Yoy5G90p2QgRn1W0e1EihbBvH_)0ws*1`-0pP zeFhIyP|P5my-G@`hc5{f{8PNWcp}86B>F97#cj!pY-xV1#IqqstJn_Dd8}amsic^O zyEl&~q90#$+OgD1zw6W=v^=Az&PTCP%2!A1%!qlYO>~o-ngTK0(R5MIDBov)54e*8 zB`i)HThE8i%~#cn?k7{XyO(J5_{RE|g6z2@x}{`1Xu@oY-O? zVbi7OBvij2kJ+2SQ@Km27L`7^px-X;>U?_6TZEjHG716A??W#bgFc} zaMgC=C5cwHxpZl9822lm?`LMjLM$HHv8~N(0?K$S=FtbCjw{3^mBcId2a2=VN}|-D zdpock@7~d0GEg67G1J6)Xz;~ElST873{E*BUlA8eMHGF+Y?UABxhAQqu8Z^3<&L4p zBY(M)dLd?#rNSQR-mLp6H^4W`$ZB`aWJclL^2haaBeWd9qzInTeH1Uev zCEJOGm%PO`VR^63p<+x}PDbh@w-ERvFmdd1HX+Z#nO+x47AFDrolY2Wj@hq2FYq zFD7y0VMma8r+0alt*3wPs0Lb3h27b&mPb3ZzPRKpA%A^6r6S%+BIu|IlfDnSzjE*Z z%N<2WL6AL&6J%REY}1A#O4vGR2*0_V`9ZoD{lb+2_JGt*m(Ib@U5N+T^(=P$rV9tz z%pct{bfmM@5o-k&?tlWW;bA1x05lI&N{^1#2Oi@+sofE(KujegX0!vE9?3K(lvYAb z3e<|M#NQuN{2Y$R;4w{lRb;&Q-aUo+=g|Q+)&dXHKQB?1q{5=qPc=6`0JH2Zu+5w+ zrV_Xd4Hj%ey;-MA&kt#x?ziZO8v9n>fU4JqS0h>T(5>p;0WnAmW}L;U|I>G<*40rY9oC;7H=~ zN{@xju0+zvbo$`-o(N!b#*rebLT@^rc`8PEQ(=^FO! zreI{khEY8yu7tV1w=%>|S5b9NpidqWy$l3PDp_bUx)PR-Tj+sa1_MuO+;5Ln_g2^$H#;ZYl3`Cv@GaOA z-QSIsE65|NIl%zjXSdl_`xyQ_(Iis$HNi<&Q?eT~ZAdo5eUClIcJp`E6ZXBGX8RmA0X8_2M6Po<{o9=)4x zceT;Q)PlUdUAoQ1AIxH#uyl8pozyI=x3%i50LJ3Cu>?5Y7n z@Idf%cl=uXyt3h@!`s@|U**X;t0A6NVoJ^GYX`<1i7;casX3@x`q#<}*H(k1pKMI=A z&L0wTd#2Mz&!*F@lyO&!?Ts<+=(gYq1MCp{d%<%F=IHIg@$Q&S!Kv=J`ufV{B$HyN zioNxu(}+JG7@*PdVa3-|jlLvCIo-mfJ2j;xC()s-oN%sSTV8Ec2gkrVp@H?rRI)MSBf$x5fA)HiU=?Z2{T7Q6T_W#f!4IR(z>#jarw7r#O$2s|C#WtX>9mx+qvx9t_G(d&i8VHmeS)3)& z&%FV5?&99+2Ka$1+cBk^r0zg)_GWrMGka6}dH$e}tSJKUgs2IvjsFF*96F1W4@n^cm zTt+Oa=v4a1*b{J&=~mDHiYJ7igg-w3#g`4k*5A3m-mYW^vCX!_SS< z$vVNE5t&>{DvQT!j%WL0!8+oR=tMPsIg8hi;qm$ecklZ8t;&p5Lfyo+63SdbpOJWd zeIT378qS8D;e4TldPDll1mdj57UzP&X+-&T^a*9CDmZn3j-f}OvDXEs{$7D7{T;oIPSe zN7pzvTQZ$YO+>(_H%JNV=_4dR?Q1JJvYtLT&732d_HZ^%ifZ3L%q1@x|0G0pk@lq8fUAq<8cN5Vc>1RIe zw`}H|>K=E%X#Ybvy-h9on5xLB18=##XNF8 z(Kch3p2AzMLw zhPq>ehGIK)?tMWv8U6Lj?QH1nrYHGiXzif$?g8Qwp16`dEjQx;-+4cZZoieBoc{;| zf1+qBdy@Uh{s7;^##6K-+;s!|R|A7Z{3)GdxJNywgf9Ba-S@8|6^(M+={er-oax!% zIot7AYg2I2^UM)u`RcVkc*F~|mU0iInPYx{4G)0!#X|pnC&5U_6R%PaGB; z?T)6;l=Zws9~~P_&$oKA!O}G}mSVv=-=HXC8x(#U6D3FSIE$V~@u#$jD2G*E44V}E z$HIMOC6ACACk9KG1_Lw8irpth?q-Kpbc#6o=Aio9A~=tuN6W<>gq@vVo$Dx1R`VYf zUxEi6fwDGUE?EIpZlXH~0s6x(_}RyCG_GhZgNI3!=SqU?vFsohpZ-X%I472`?6(N{ zDC!(0s;FD|uMQ~cqqxxH&(j5iC6j&@9JPV=!}x28$N!`F8rY|1r(#&ZC2TD+LBWlJ zl~ceSHN7ZEJU@LSN+#BsbwYj1;z=*k*By7-GVIM5ULu*uCSsk5E8?x>w#Q!DL0<#n zc*+}K950v5W#X+folHwCnT)3?T~9oni8~&BB}g*mkUxwqo}}fbJ^C&ZkG|4_{Oih) zqL=ixc&pfJGFGRuOH;XI>k|4h4!E---p8}qZm&I_jb*cVhf2$DW!BLGyPRCMZN8Ii z_F}EAtVP*yJiC~_6o$8qzl$T|HTRLmwZ?m$RI`_kx3wf``y=$FDx8iK7t3ULktj87 zEQeVG2*aXSCccKfPlR)Ep%!K`@pLwkN=nI+-JL{rq^9n8EbFw!+hV!SY+KT~e0^(% zwknn(|MyYFhWZv#fON%0=~#Dnyfqr@%z;p(SzWPgI??NO5%xrPXCFm%W;zmWS+$y$ zRI-IsL&{BLyms1K9jSD-IoC$XyHo4qX(!g%nOg6q(q5uHnM%jKWGv~#y1ZC2-kWvk zyG*>cbgYZEs4CvsskW|~s4YqQK(wzVL%L&mc+F~Wb!;^i16t{M@nlaTok}__xpbUx z_Ry9vsc5egqjEBdZfbr|a=4F_+j~(golGR#DK44o61@R!3iVa9*Q!kZ2Hn3 z!n`Kz)y8A3orz?8DKTH#$!Tfqpclij)Og{jo#{G~EpCLT+-ba*YX zmJXr0H7FIDWgFE-Gclr!L-gQv#}es`*Fg(m`V7U$AX-8#jw;0SQf+ObjgeTh7$WJk zM~dTyNb+_3HAUXyI8EvzOXrhDXQ_>mo+2fA&53La8Do@o6?>9b@}V}} z)|pCCuhNrfjYIup6o#pdF@;4sh-|G(sYMgj)BYn&I9g!*)W+6Rr7MlgPkmMN?JXxJO^=#2OMw z=i*`Z!Y8$7g_mR#SvJ;8y?utbA)8BQQ(0H6uQ~3m%cY2j%?bKuFPs*{=&GXnYso^t z0=lI$m5F=o4Pvw_qw#bzLGS_8mQGy}Pde-A_*>_(H(imjoV|hxk5gt#C-E1ok@Q_= z)H6s=2eLEA(~ai6G@a_A0R2asm6diIBFZIwwm9BR%!u_88U--{)<49t%Koe+o*>Z` zM;bbTdSt?G&vrP~VQ+Euvg!yIj2L7z5nnHcJ(-@UH>qZGxJTxCBB=BSybaM<8dT&_ zj%2Jo-nuB))`ote#Us57FAj64wZ+m|aA`|ZX)@cfxttjbvw7-&NTujXGhUK7cqi3O z_}cS4I_iR(-%8?BbKPKsa!^w5-bb}U-?rtj8Q3E;6(w1nO2Vw$p6FyRF7uerB*sa! z&Ef*=J9JmVtu3qa>XH!>EL~2^#_5r}V=e<20}U~_LF9D>$jJ?}mHQfpz3MOB2M(0Q z8Du1Nbj7oY7S2HAqH_tgSR%JDSSm<-5fMh6#d#kH-&38;bQ5ZBup|Vbp=_QxUka#BET1F~QtCk3p5Dqrl z+pU*1_s*IXBUHpjNIS{o!d*)@@0MIMnG+M;INw%h77Dk_)kfd+=dnNZ{fsmapze(t zsK=~bac)%Pr4Uci!s?REG{#+-B9idJn0l&{Yzz^9Mbt_n=q&L8Wa6en9p^GSJJJ{V zwY3rTL1`pbq~17{UecS$vY3bZ5biEB${gS3q;gpjr7$;;NV2%ziIFaWSJrhVnrUay z*ZLV@K_;6bKEd&5n9@e(TKb|(9;tLO=c>#NEPhodh^5Q{k_d$t70a|F5*{f!*3G6D zs&T1pIvBwhdNsL39Bh(!0uoInS<8g|dDyl*Q`IIgKKaoIaqespJ%#&--|qr_LAby? zDXDcS@kadqVjic92uw978u~jVC}4{sesd+6K|otw#KK_e%uo-;0!kt-Rl?$2R~MZn zs`$$hMc74*f(^~wsKhdAfltBiybqM!R zT@bT!e+`BNGbve-D3fz{HVuoCF7D&m9J`d849&vOWn-=<%?vS2-59ooX<~JJJ@p1` zMZvXB)^^qOWtUxK0U;wK7}aDrJIx8<;z$eI$%rA%?@94VjIUz&oG&LzVWA#1G;(hV zncp#{1cTSrv@pYh;+BqF@^TUM=SQX7u848B5=HajLHvAooGyM^`kdxAx)A04B^Hjf z!EGc;?(pcKBEbh8lk^>^bfwFe&D7VWQ~92isFuA6(j!BRt<5r2T++#04}Elq(WHLvz5LIwTn!iWI|^4B`4N}Xm!#DqAO(s zzX~#JD8?|%XpWOG*GUoUYNO`Y>QF)3V_nF_BTd;E1!hAVZ30=l}&}F1S ztjlmfQN!pJ3zXV;CY4LK#Fd3gGTu%`c#k?nt6AK@bjqiBsuQx9VDSWMi7hWzbN>Rt zGM{U>o6acZ(XmNpu2^R#uI{lc3{zqGIP@~mdt}8#)Q|p>Rzh7SR=Ng|T^Udfm5G_p z3^LkgbSJu}rQ_?SHRs6UXIf(3?74lpt{&vm3xTHal`Nl6g&V3RW=ZT_Y^J4go#v65 zk_3HZ8AFy4BwW0LgsLDc31xaAj-di%Nn}P`M>ic3JmRDAu&S4fsxDku%V!MYo4UI5 zTvJyknLT5CO-^Q@{NMna!kV=>-bqzL#AWW8+2j&BBJ0H5Bd5-AXDZKkP-Wxdy*19? z+sn+QO89Xeee$WCx{aA$1({xng{M7-rw*T7g-hj8#`+F2TG(rU9WO&Sz##r2UdnI` zV63P&>7M8SwQr!%EiJxbLAQ(8mWQxSwm;AkSC!Qk%Vc2?@evC9T%DbX?o1+skyb02 zwH%Kbke8-gam?j;?3K@~E2xUel85}y7M{diu}um8y%h)F_3d?usF2LYbgzN=G_eX} zMewOV1I`DsVy@$^1jBxH3Lt7?Q*@aK!}PyS1Tx`-KX4=Y@Uwl_eaT+A7!31&t|l4hY0{(wS+=g{gVUV`dD?IPf>v z4DQ`!#Hj4Er>Hkf$JVoepT)ba@sA=OgioeD^H5V#u)C>Xb^e+t&n3JI66*foP_$EqD#MM+KU9t4#${u!{O=pg}*_yXprmkO!QfU~c%pi2Q ztx31i#Q|)^(i4tO(u+wxdE~9QaHo>@xiW>YV~&ivMZqv)%ZAx~tUXRW51sLGT4XDs z#bA@3C>dNwBDpS?VEd>n+9FM5>l79f&zgxLERC$yX@v|Uk9rkYYG6x=^<^*^!IO|) z2%=(%P9+i}OQl4ngDffOo+6!?*2x~HI|gN>3a&-k^cD2TL20-&IqrJ-s+Yxm?QHkD zoJB*#v|93~VvlXb!o&u_DvNY*FMyOs-;~e36@WVk*t*$r?U-*E;7i%?rMo(0h!Wk< zA?8pwmP&TAEwom?{E)l+#B6xVR>O2yC-K}2rl{&ngvVJ_Ph=1)#|6agk+lRfK`%u^ zVDwc&$xebDM0uTL@ON@0v-t|!%Dy)Nfdid~#Ja;HE2NmJ3h?dBS&Mxf>M@zqAU(jO z<`ZBd*_IL>iw+ESqLxWO__`_vKAgtGto7~6Qn`~X>f&NsK+FTwG3QM$Z1;-J{32wg z+XAF*au=N*$;e4_VQZ_{?xWjlo|q@)%3I&Q;x{at#B^t(vs3m3-TKE3VO$!qKI(|E zgPl%xip9?HlrcmmB%vn}!YVFC>1(3c1fGY0HHyVSYog0pwz{sYs$yQ*{OPl%SCq{x zuQ;cCRz*eG>9r)nxG=g*xscXrvd_OfYf zW|d8AqqAcVNki3DYzu`+ei?Dm>#?RL@C>rBV1UlUrg+JpRTv2a5d#7}PN^esFvPIuHg=p3L-dt|i6 z=-C}xK`A>_as@?voH9G}iJpM+NrCnj9)NXqqphXc<~%*ZmNOd|C#{|zUhxwmM?dt; z4})3rS(wRAShdMZo-<%1+shlw7VnD_?Fl|Pv1XF~WP8`SX7>4$cwPj|kJj_INtB&# zx>c|!m4efBdJx0?W3zHlMVwP#XQI7>9;Gq&L&avzrH=@(-3>you9!M$h*1F{8+YkU zaDKeP&ZU?UGyls=;79OjWoJ&EIQU8`FGN|5A5Rg-@z6(bM1dncZ)qLrNT=3|PG>tw zR7AGL%2w&jfW;w7ss-g@gE8K!YBukH*RnMTGc{`lE~Caf6-V-fp^nl%MF4 z28yeBIFDz0S^QiWofvo9iMBo(j^}MLp+8+1uBxsUewdhZZ!0yP3_KCQJ}*N&emn6p zX|{!!Ci4-gOf0Pw2gu7*S4w=pp7|NJ<-h|8_9t(>CASG$NfbeRGRYFx)tT!`I(Zdp zBUE|L3|Z;3wI&@8WO>}0>PlR} zdW`iwJxrj=gwtGV0y2hLOm_lO%-mzm#O39PH_Lmpg7hUmIYPWkb1If@WxGb{TsM#A z=-yop`cq7{G&)C{Lq~+)(PF!nRbD$kPa#s4=dbX1a87rO=mCCfqLoh!bimM^Ms@2X zuQN%6pUhBZao%P>W8n9h!WNS-_aeG-p(aglF@-68lA?PNZeDRIfoLm6H)r$3f~dM=V2(NdXh@y%!p?!*w|CN zMyj*b%R8o816zz@%_7W;4>WEjg-&1A=nDn?8HS!XbNBk93RmXB?^i3Eh*kXiTe86X zwJSVTK-Q`WF+1|JaMS^AvMAv_`;!on0@SJ=0P~8H_|O91XCu>c^^zq^JVzX^V=${s zza$uheaAQrn=a2NJFO5gh$l7J1686z<#DD6f99f#20g+&chb%+= zwtl;eoz@jxPh#(moqggy6d5TwWsFqi>yDmFDoe&o;_1}l1fAgJgD-qzIMzbrZCv5x zoftdx_?aC-c(dku3l~*;6((vXY@)NxmGyMAFi*{*p-h}@a*9P*2C7+;zf>dkOM(FQ z(JtJdfJUJrmXle`xqN*mUjs4 zx+{^9eZ`lm+N>tM96T`?Zx@H&8L=%aCtZG0&kju0bFv)U-cr_)xZCOw)n?f7S68N8 zh8^4q$vsT3nmzTXM7cZ`VY`>Ke#Jb*WWO|*C959{l8B0w4KuHYZHu78<4aRe^cpgo zrPKNGjQ$uW4?7YqY#idbm&zb)jh)2OV+`;dV#7xSha^fOqmmG=30K#%T`e-qiEGcS zCqoyGkYVn}SWRwP(?^U*)EZB72SKl|Hu9G(KL%;Q2_ZPC2~lCkat$=_^zH^Et3&V| zNJlt-4Ac$Um zwG=s<>-`$I6=-%yb_BmAP+@G!s}hBU|3)(EWfv*p6)wzAI(mfyJgpBPc^!i97l{%O z{41oqb1^sC6@&qaQsGa*6CbSi1;CK(klZTH%ZPH zf#apZb#6Q)PI`R`IPRC6-vW;B6t45mL*k^@7lC7!|}*>l|5hD4g_~032sa z&Q9RyDO~5thr~&*a^P4dIU9hZt#F;^9}*|MRsct{NzOBXV{YL(?>Hn*dVL8vzAZVA0gkDK>wNr>IO(+;IQ~s?;_NW7 zaGkFl5~t(53G~H>Pstkz_wWV)Ee z2#mm0MVV%*lndeagWwhThEvjWilG zRHLM_J#5tPl|~^P5G@EHxLlw-1mjAVAe@z)S*_;?CxQb?qp-)eOLc5FJeQ|8onBqg znCqlbq1HTEn9emyfrqE6=*ikxqhxPr4u_BxYMpFK)Yg=Tpt5hvreJ9!{hLzc=v`sa zRPk_#X!LNI(O*rb^i5{*hss&x;Mjgh@HLvn4}-`h|Lqx`)tluHgUA&(6{ld9Gz=nF z+&opz9dkMFIn1HBicAww6O-ky9KK8ZcDRkM6+j46@&K5KP-QZiKC0R^XPiQ-Tp z*DAPcHI0xJ$w0p@F0MYDK)|;tQtonL2U5s#(Z5ola?wKrXGk2vlg<(XJ<)p5a9lEX$U+F7 zb++UzV5e_NG6er9P4|zQ=@KfN;l8P9&u1Yho2U$%(v9%VP#`ck}fXv;ZZ4m_9&r;}6Zlx!8^y@M)q%IXh9;95i z_kY5WD`b)DcAH$c3%S0dA}w;=Zph_2mVu%Z6|sNV-&5471T%9*_txrtY4!5-cwo{n z3pB;ijn=vh9tKg7qdOhz(tH?1Mb67m-LHg~>nZoA8Yzmhtef5iqGBNOT|545=+cUW zxjiKZ{cwmZa@_|vpFE?WTmk1RLs#ioh%8m2-}#PkPd%0uIa2+ukXC;PH{TgbtFI4T z8a3ZHjk%*ypJgrkB_j`+v&g{^WTxOV&WDPJLo~`6EhchxLO0_J!_E(LhC$>yx0;cP zDd{kX#*zTg1^Ha7%%for9IFHzSl|n)W5LW%rDH+xHI=SYi}M(ASdnWH{4H|6{?7=| zYZIVo`Y;5bm7{JB$T(PE_*pE%wejgh0Ve~|-6lv!IqoY3H*_4qBA2#dl;cp=?zU<^ zu2lg8yGJXtz%I|fRG=cU)O<>+>1|NcX}~=9bmLZ`l3thE!x9>$uqG$*cE;kTyYvEW z@#E_OYlg1F)$*_V?@WwV6jpE_0hc_S5aWko?=Ec1Bh=$~`A35Nkvfl zLW7|6YJ9iIjstC+Eff?&Fegw=Uox~~g!XKKYzgo69-y8O;d5oB2!8A|L^UG#tKwiv+;qW?VvZx*N!f}fXE zg|zZjVG-Wr#<1~**VSU>{bYfz7N@2K27syngnuN57=nM7Izg~Vv^Ij^Sb=InaJe!} z5dNzqLp?pN=n3H;$YG7(c``=UO^2X{r@AK73mF0TXr2W5HYMun^OhmMPZ1p9F;sm8 zP#j&bF3#c}TowyXaCdhJ1a}Vv2<{Nv-Q8V-1!r-03GR@^-R157s_w12RXe*!cI5P& zGc8|Fw-XbUMJ~J7&?4h1!w`f_L&N8wZmyaAPJN4_ol~NHdlr40g9@cP5 z+Sv=Vpz;Q!{MX0#pNYhY2i(|OE))5< zfxjEHa^>v>)Uq(f?O)W)qf$IsAyiQ zX-d)O#&5x2LaFxV^X*Is>V926Fw^*%xRL+%r$Wive1tT5Sh?(a=Y+p|u?MfDi%m80 z-Ip%A1`Y@VIt4NXCs%*Fe-?HN7^o?fJTXI5*l~j`t_OhZq6nZ{7IoidT+5eplRTfZ zk`g-6K?2HR5Jn&XJh0kI_twLvd{l-=9Hk>vFMV^JRK*b#1h^>+@Xfo(LW%)2=lC>B zr#$k}f908co}X_%XuKG)Rp~LO1Ct+vXDBQ)B{g?wm1w2IGP)9#>#}FTi#I~ic>UED z+ER!3i&T-Qz(*Z_LSKXhT8cGFlq@Kc&m$a=%)zpNS;imJ)W;;~Sjf*0Uojh3)bmR4 zT_}g!$nAwS%e(8)mG*h3L6bblDYr=l5s%GQOqj6{CL-*dZjBN6GIZ56!-`Wsz#|ob z1$P0t!VL%d*=1s=7lFcoO!sJPsut|GPUse^IAaW;_P5CL%jmgRY~P&gps<_Uihik| z)3A?b5&U?Od|J3xx%R(L+{zzVfbsy)8w_4esA*y$FZqLy0Hz?tiPRkj6`B(e~yf9fk{tjHb>PdoF>N8npF;k1f>b+^uzlGkGz zvrD1N;RtZ9Z0t2sBBWP@=K8_8c$+H;#v8X?*3Ip1`V?`3X_qJ>Cv!R1*$QubP9zt; z?b`2A1NH5#vYbC~d#i*KV92u{_hAv?4evc^STqn`Bl+@I2LYFHfBG5gcK-y)g=IZr z?P04}#_y~xpseVVG0+td3RejY3NIF~|Jjf)Uhmofi6%^jS4nbxx2+S?7 zoo&>>$68D=q61**GpRNM?rX6$0Dj{6-?5Sl^>|j_oAJ5*-eIbn5X4rfOyKk&BC0zx zwg%w*SMnOuA-5)yIGhMjl?&h}p$`00C(n%TTozu7lxGUgB%0+KX2A*ud=oq72fvF= z2m-*eRyXfxgLuPel)DKii>7SL+RTwsm!aR8+zdV_EDh^E4cecU4N~q#AAD~}e|bh$ zV+x$EQAJ{V2ulgX1o>BMAhET&ra%Ot1Wixo!1et_NbB)p=4H6Ym+I7jw!APYB)}$- z8e|7mNk)7u#uE*v3D+f?{qV=&PS6V~R@`AqP}{{4(i3LqE+s^w!Ak>(!?7AwVVj=I zvwiCa2xrRt`&+kbih@173%wKm9jhANjP_){m1jZswCmg7mpgoh;&inif4=>_>{vtw zcYNxo#&gT4RFh?M_NbAM^2}{=STu-xr4> zqZ!2lX6##8K>kd%F3-$xD;D8J(rZP7?8+zg7^J(fg3gv|`*YzOr>N!A@X?~F&r-K- z^uX%I&`c#)P1{n_nr_pKp-I6Ihi8lJI!vzokr6)prA~w{!fGTE{8E9+7L!`*uhed) zCQU1b`Y8=#Qie;vf?j@&?SAoJu9iiE(2MuAMk;X{<%L6?xiL85dBCoG<5w9|+i0C~thpZ(y9^SM!3wbCYMCsRi`gHx0 z^jADcCIjxwK%W0TOW*mVIazTRuw~^|Z13n5kcx{>o7>4h@P{SB2wr)o?5+1KXNQP< zr9YR4b9>|9a=$2GTX1(EWW5p3o)X#JGZ(IKl}at8Pu8+!83auler`<-UAFTw;iT%| zG3VX@=rf5Si)AQbWC)S5dkY3Debh>J0k$uw$C{$zEArzjD9p%ONxs50Ew~j_-ZP7? zehI8&mDIoq{Gf-ZnI+;`ss&whg!e@J_UuC9IL972F0m)5%{&FGJ+up(!Q107c)mK$ z1;NOm(K&xgZF*Iu6loR7$=vWvp;_~1iW?o0_bmOZR@u+S`1ew*<*A{F01;M4yr5~~ zt{tEUh;lUYGE^!NZzpVUa{0H^ejErg`1b7tlC*wm>l!yghyJe{|o6}HC3zfCN|yE za6?cX4EB8gXbtjMbBXn>$cS$T0ja7?Sh;OZlB=??#Q-NA!hFAnK^dIK4=G;R%6jf8 zEsgq?j)K&VyHqZ5=9re$$zS}3;qAz+Ocb9y>WHRFMoGGqZVKYali%k_Qj`wMImyE< zVoqTU6=nE^Iuo|w;7XekgbH7vBEUQQ-*(RX!8#eGN}hhEx*a;$_BzJ$OQZrZVQ{cg z&*))iXwnF?*26#AV}q6s3g{GTi`?$b4kdToUKA@x6#znL;_WNNgM{!y z2V&9?S=HjbDQ+?&nV|7ks#(lGz@&RYZK`FOyU7)wKv4tq^M`N5UmA_(fRFfMX=mj6 zEy-5G-MC^7S}BnlK_K(*4tL14J`;^b(K^c1l*541 zAdJ;GLO+e-k6!J}jMF<%4M0Yiph+pnK{KRSvf99N`}NmpNq+JfS?Lltn_Rcy_IW_Bp( z460@(!xXh^1MYsZol3EF%}j;4&%6Z`ixVdw&Xfya2hME(#4_Gy$~!Ov=STr!;Paq- zmm@LN_LF=ILS&*tXh8-U?hcThThPiWLgNaWWh3!~B~SXK{g(-47N!21 zysuxu7^4YUv75GQvEp9i$U4iIyq~c2wrmt?T*+Or%X{c2Sr3^e@X>*YhTCujWpu~% zjDpU%r1r`l%hpqncouLk2ggKW70y4O{Y2FZoP{)9Bs?N^xQZ;NA&U|#?5I&{TGGmP zDo)kJ>PLzOK$xY%4fgT3WPw?77l~ABtCWikuJ@A_b_khc;J>+l4N$q1YX6AvWfx%j z^+K_#(=xTNU_lhmVWdOM}5J_grfEJn4=qIJ$osenp^cZKHd|Um^rWQZO4%GoN5=ciO z1h@5pl|5C-7E916Lp&_wWU#No$FZ`7g0d4JTvMBrxAY1qm|s>pm02BPu=x>j$Vx}3 zo2q}BjFIVlyNVxUF`?^AD8c7?0^x>0iJyQEWnJ*u+bzWoT}I260h&-I^2DAvJ#S) zu)iv$ECzy?$RhDJ5ZH$_&jkx>UG}%ZtATe^}UOV*ZsCaeSYY?A531E6#w3l3snM4^eU=OeKc&=aw`XFNwMb^by4Dh4%-mW6?7lY>xiT5L?M=x`; z8^cPI+!})QmC%n$I_qlgpbjk%&_@(OAf(#1qKR54v>?&v8zkWad#zGir9f6)dQdl- zL=+1Cm$oq6Y#YOnsSUejmM=y5yOx+_wS)&uH`+aexaf3$#5cO<=5iXDH`+8oE6-D> z<<}tbF4K9pf?rX~NZUO}a;$O2CDBZn`o+=|bZ%8H-dE5!|%xV45&-iSbe?9HBuBkVzLVZ5h=#F%TWfw;hE?(sIly#PU1( z#H!~l|EJgBgU14WKEIhdN*Q;~dme9V$>N*)%@Hx%qa37Mi%|Xev(w>dFUNc%Xf`co ztl8!RJ$inu1gm!?`29A_eM3efLh<^q`AlweUpN!S+iU0lTEv;=d;D21ohidzixZCm zQ;dtTEsyW!^6XCS;C)6>qtatK;BiVZ=e8q|6r-%Id3FC)B1xu6Sjgv3mT8?#$K`B?NT3*j8^Re#v)6(7p zta7$qP2_3nC@=KA%|NkGV?pXs%v^?0lbB5`xDt0*G4L}joxvJhNc(%Ek#mT5>B8`B~8v_OBq$m#;~7IHr#Du|Ds(wqYu*q8VECW*R z4t_f~*T1L7CO+9<-6G%I%_7LThd7A$GGeYKhCD3I1RL3MR|xj>3Amk@>NpmOrTTH~ z7S9*4!!D-}a83c;%;fNrm$tSLqtOm-8DoTRh}1mxV8-|FbBmIrE<$SAwRDm5T$5EpfQ+u(&2^zh^2faAuX;aQ6$7 z7(&;q*Af6ALjRvgvEXIx2@^xv-9y3~uR)4FR(clKbZTo?G!u|2)H;Q6FqE;f0PEVpkI@;ZqW0%TFi<-GIk!W#IP>- zsC0s$_`VK{-N;Bbi~!e1IbHXkvo1&V8u|m8(mq2gN{6We$2Q`yR>T&CUY}^rh*h&i zszn5cB4rT@%oO0!_lE8&$tp^NKOs)TQs+~JB4w1uS~R(7mO6aAwU$W*b-_Uj#Erm^ zp2LOI?K5_-X>NQSlt0peYL zYyF5H^XwJu*>n~a5ZEekp1}3A>=pubv3k^$I@j(C67wE@s>SKaadphTeFhYJB*l{= zl6*y3Zrg=`S0P7C8;QLVj)CKmmp#sBcKIEi*mr*7D7Z)}UI zoBRJzwytqEbvB+&6c!uch zR)_+xB60jt+1d34*Y5=j6upgtk2=V-A~Tk@0^~KwKZY1Xn!4)h5zig4tA*=a50+UT zQ}07Kq?7=)dHrAAN`o^Hj{y8|{sJlm{ffrj`4X2gada+z*SJ30eT!rxbYn)r=|3VU z9_fm28T(Tjd9$-jd`0Dkg7iO1oT!jfNN6VW&lf)Mxt#uX`0PA+7dc#ennqYp*tJqVep`w-R)*8_l# z4AG%@2|TnbFwn%qw+%dl)AcB-JCHz!d<-Uy+}r?QU>DfD{Jc;S{#pvP-JvV0OJe zhpsrmTyz3X=F;C{Ju06yG$-=3V1OTO+$Be7#;4c)I-N65B=DWVXiLt?4hLStM5V;Pc)oo%chbcm>QC7dFiw`Nmbo} zGE6Fw$U?{O(+2S7%wgxozfFhO*;?pu%%Zq;68`{5#pQW}zo5TGuE1y(OePQDox@&A zSct!=W(gpb3AGGxts`v<0Gr6c*%gI8NXU&;ogo7Ifj8sOm_e8TeXB5k;X5%+??cjDlkbG=`)r@EuE! zVwJAf&+x!H|J2PK2r;}>qJtn`2x8fjI%VnekGjrdh8?>`UxYrwwqqzfZlA;r;f?^1 zlRm*{25pN&ZXxn7-6-QnA9|v`nnYC4Nii-&eW<{EZK%cu8OaWb!1Bt6Vgm{v%G7bg z6)I^y2b%nfOfQH$Xpp{pF5yOrc6GAQgJ~?C$dKRC{k8XKiE2N(N_+uCPs4o54);Zv zQ*Sq>6P7CI-MLNkv|I`Aw~+B$2_FOxGU+)qJ{fX#Z9spntmBZSFd0%OYgY!J32v+< z{GJ#Yo`>}cWS2<$NBv{$_RZ4{vpAbd(zcva()N#AtfBrd9%|j?A5P6fQwBk+oRY2o zTn8JDe&357auS9fubR8G3lm=JDixg~%4W(F0vTL8BG>IDlYl~*)N>S%C@FXN(w{?a zl?#7UbbbhiXvLApkpkQ_7+gq0ld9))s7<6USyJ#g){5gKFM*?x+s=IlsVEnf10pRl zr`x+Sr(b%iwoFD=%Wi}NpxeZk;SkAIVrUn#N)3)^iV1|=0G^3_-sIT zsbhBuJZCTtsDCisM)Fc}@Nt5m>?bd`{K$mKmi9>D{`Yn@BPARgSDd13z>#@+Hpk)m zHK+rbU{H=dTX;NOl<6pXC`9c>>~%@HYb-{z#RqdI+hqoDPjBuU+8{OiyE4Q=3QJ!| z!Ks$JZTI2&mjHKH&5j$x1*E49F?X&E3?1jzNx-4|Q~Fcf*IR_LA+n6#eBP}2SD!S0AtwrJzMs}EAD=|cptLnQN-cg zQytChgQ(Z@pU9N0Yx$@E!VFT9mvTTH{AKKIQ4ljBn94pXEpU$JC-Nh47ERf$had4G z8RLB{9m-bKpq&0*&*lvC*X~3~+mmD0Z7%o7Xqr`1JOmTpiH~)8{)0tjn%FrzZLf$h z0RI~kuIg4C6DzF=Pzto*?jd7$m*P^iQNM%6CI&_$CsHo#NX2 zmS4EeDPo-t&g^PZ%3)E?EeEXZ2gu%3t#P|9Gy0rFIXL2x=kaeXvae5lD z60TIc_v@HR2PzQwE3)uY7DPtbNF38Bu;7Z8a+MXzlI&*yBmD6!^Op;$drR{0nw!-Y zg-ohX5Qmzccnv@*2~|0!AdI@bM!JA5<`R%s>6(&P;qnmS8Ig@gpiXjvIr$V|m=5u- zii5aWIgC*atS2R6f{v~MITC+V2g^_nq?CCy)&sT$AfVx_cqIZHMp!aaDhsLLdf`L3 z)CCrt)d-B0wby42?h={cxhiVbz;W|wmd0BN$=m*z#0O~w5lKmr(?kgV#mMNnG{@Bv zhVAd}(*4_qOx_1>Bo{vuL#Xa9F7M+n@&kElH3qSPE#X=msuFdb(3h62G!_C-!X*Pc zyRO?khG}grLBoPM8$Ro&Q-B-3&xi}0bANTIXud43#nFZ8(*y-~na`zCfQYIix%DpQ z{CB7?noOgZ!k)zx67{g^_kGS2`t;yh*!oh*d_gD?O-ftQ$JY2y0y<^GeD;_(JweHS z_ytTS*@BOsMWab+P-dGY>bmkHV#JFPa4Yl#=L7~2H}8p7v-!d=gT(gBt2j7$oWEE# zxt3a=E;-)i$+EM=1*h6*ten1}`@#3Nh~*@`@ZvHGZ7 zMiOkU0OwzX0tFP~w$bOQ{`BAeZ*^5Lu*m3AsIWhJ3Ws*XB(q7wcw@daMeq2FXk#}~ zwL^y_@R7P$%xYsOh6;i0rAgFCY}P^ap2ta93?c>}@2X>ZR9H)(1up(3pG;j!XKwB` zkxt8q2VWy(E7)bf?8pU+?BXCPLtFwS_!m~qFrqJv##Tr`<1$nX(Zeq{C3nX6 zV8vzmO~U=tig_ zR+b`{cxj&eW}dD&!#>h`SUXrjbyy1}W3F}Q5G5qsFf_{n)gsy96(^EKf43n0Yr%D> zM(1cdhW3ZPED8%QyQLy@q1pDKTu8WO@1$o)cxvyYW=Qx_pHdyB8qfN~C(3qo`%Ufe zf9QYOnlWdo9B-;Z!bz-H*ZuV37lGRRsbvzL^o`+wKyq0s(aU~8ls^3{ZL#ot-7cH& z&}ynCY_Revhz1d7;;}c9CawUMsU$dOd6QVvlUhW>ksDnp*42atjg4HDKm zhk04M%yrX=thv1+%pavfyX^5Dw(#=SEPEIuUay z$h8A zHmj;Dz%W~jLr|xE)XKVBUAm6{?!MnPomEqwdI1uTW(cLkdO;zm04Q@%_GA{QdrMC{m!LH)tDB zDD@>ww<+?CS_T?l?i*av`b}>o(vmprmt%q31_WmBk0aOb@7(rGD^`~=~0Ab${dsOM?B^fE_QA;GTI%U;? z9v#Kvmt;~Z2_SFIGb{)MA3x}8T+R}?EnCnI2uuo*E(GM#swT{%x}v^xwfA?Z+I+B( zeXbCzSLdYHuK*{=;H2v@A}#BlR!RR|whET+0~A{F0uTKdZ*iqBr-v&b^r6?lBeP-a zB#PPz`2mR`g*weAhDqr$fdo-j4IxuPSwM|uV7=orvN&9j1*C1)0)oY>9AKHA%RvSe z1);FBa$*d$<3?2-{@_{^h_{vevT)OL(45ISCYc==PvIvUN<8V}x zE+7m1=}-g?MpquJ2F+b-&y2+Lzq5Wd06S`G<;r+$eyE2$8l_symC#&eQMJpq@~H|jEV`R*j%t}Kq`DY`JM86Bf@IkJ_rU1^;W|D1y;E~N%d%6 zJbGq+wVYbRKeXWL7XfntM$@c#IlBc(XQ^U-E$m6V8iD>l=}C5^MRsfX8f$e}UA;WX z4VZ1W2rrFBxfAa`*B%R@-5HtuJG1!P?;+~K%%nwxuEfCXX$K9vK`CajPMz$ynoVom z<$yt7rNVBj1!GP($y^tnu~ZYbErIf(XFPnaC}L$Z@V7CU=Dt8>mH)g|wYNE*th<6K zhvzVJMj9{)fB!knt9Y#c@8eN46<~I)!@s8fM~-?+#sen$@$29S2GAo;lneM6pFNKC zT2jnE4w2M-b+4aHG%=AgC`v>xnZSwB(f}|Drdky5bbRwH?!+NeRQxub?@y{uUWe)EXNNWU2V!>9`r>M$+3d9eLv>6j3#Qr!^f1W~2M&j?{GFGO8jHY- z({$WxvW}}iE+C_sHxt@w9j{o{qv$sp3oZtX0a}n?=c_Cv9h2hPq7LM6hYP3&_-h~YIUr8U)StVWY);kCD=y*vem)T&2g8l;uoRD-X6*X6-hPM|T zU--qog>B!xv!M-|`n!!;P_tav)88BnSj8s1V9SDMBzS2h&eGN7k__d3Ids5J!MCLR z9!QanK-1ox6hFlb{7sYEMtJb{fa4SKFC^;3R~=$kD7*83)>`|(M2VRZX@dXbs<@p= z<5BK`SOR-XYx*&s8VuH>BV(f+U{9>5+dA*7Si0ABi@>F`1g=M{p z^$@@%|8?c~$KT2>quPx8cZlczj%Q0@uzh#~*4h%AquTI|Pwn{cti%6RT7k^YH&3@G zSO5LZKd5QpzkRgO6Uo5u(Q786Jab|1BIt?TTHZoa+_LT~-FoFS8~G(`KL5)4RN}S7 zDnB@%bRSdpp^95Yy%>uhJ1l(e#Ias!YjD+H2c5?0yx*QNWIKR^dDtfov45cFa^lZJ zo5*_7$_*YH>&Kh&!fNLIW?FtW<$V11PbBw`zNUVKf%1>ICMkYggS<9;`a0rX{)#U6 zgFG15-_3DATi^+`*9Z!%d{*K6M&!w>QYO(3#ob*vgh0@P0M$c2cl=XODYkKbnkY@h zovQf7=N~!ZD~oJi*zITGTbfml$Bk7CwA(7w+%*GeFp;b+Fvc2#!V_-s zXu8$;?+oy=4~oCj++V1@+sDJ+moH&*AAoO|>i9;?a9~;4t2c#`;lJZ3eRJ%^%v@Jr z4xwd#BF@D5SErJF_w>823v8{C(c;)VInFHW`d}B)T%1iu`*TX@b=}h3iSKEZ;#%%P zp5I)Zrl@;DOJ3ybbBI9f<7wY#3R1L#2k}S@_Qxyo0FABh3w1WD-6Sor!(HUQC8_9X zTd?iHEm&%>uE3j=V-NHkt?Y|(!@PsQVD9n{>kFY5ma|qyqj{6o9HuHvBmt^fxp4t#o}XBDgL2M z8@lK!w9}7Un;zvJd%*KVgm(Redg9Nm;!XXT zcm;aMdY-#^;ClRk8+pp(tjl#h4vTkCE=CUp7YH4?9<(Ya6kUeI%k3LoF%^fOZ>uoI zdXVQ%fTRJp7P2zAp4PAa#DV@yBmUIII21XEU=3@Twz&5?*dA9{$O3CeoO{@TDrxGQ zigT&62CoUfJC38~o(DFOjMd!If6(Nwp@8!!gqnRkZe`N&OM6f+b!5q*_{i=OKEpkd z$<_tjewP(N2SXL>QFJYqb>;>!sq|cS=rRJ&0$fCjQJOGxOxm$Fd(V1Xoi9&3y(u;@ zY%=Z%1${X9{jMIDAKUOAWkEh?I0Vmk<+S8}l)hBOu<`amxFU_0!Xy(rWxSD1bCSw3he>kfj3P>j`Rd_HSw z^+d!5sG<^f>m!RV!T(*&&x^NskHS||;R9{Xh~@Y4GW0txw*yQHT@i_VD{(6!5F2;2U+Z0L9%2>)SER zGiveH!rW(y4R~;s?lXU}x7NzI2$b6`zN|>V?JpEhT|=`pXJQ{56O3YDeVx55B4>wf zz_2hP#fAr#3M0!7I4C|fz~I>Jxje4RUJu6U`?WBd4SlC>6aL(fc>9G_XQ(+8s*ts? zvy8fCE8^mUsOz;>_|-cd*|-olrhq0x+d89{zz^~tTMX7R@(S)cMy3qoB2o(YkI8Xv zvuNOqnN5^Q2e18E0}T4(r{Q>Xi#WcRkEfvh9>YDEZg=0?g881Rl@LEJQIQ`rLu(Df z*ZJgsp>2L}sjvpRFc-f7rFuf$_>=Sg;LI5a`-wlGJU7D}d&AE001X;L%j!hi@pFsU z3PywOOrBRU@4$CHXk%M#Lz}q;k70#zqHRjLtBpg-aZWz?bNF0B|CZBsbOvRB5L&6! z#FZxc*^j7vK!Hake91;GoN@vh*RCCj-kKKt7&l$V?s$aQUIAqbPS$7qVn@HI>>f=& zoAWKW<|HV$;u-DU>Y^LyTP6R6n;wpHL#Tdao8lg~Y&eN_CHpfJDl)NRGe~|u@ez#X zAN=)Qj<|clv)74Xn}08x^xJE~lrp1VXXALJ$QU6()6Qp1R^xsZm$CEaozHv%WWRUf zxE)CxM8GbjFGv|De^pBL1=-jy@00MC8}ics#Ckf3PI?62g!%vTU@%D-B%8V|$b-G@ z;C%KB*s9w}gYAA@@Odp!q^+ldhZ=)^sDJ2-w2NGWWP|fx5KdxV{21AznUW z+M-^T)O$9=?W@4PtN-Qf>#ECwip!GgfcjX0TK@2x5otL=32-Ny8umxKys*99lIAl> z@D>!@zx9_~1x3DqK_`w>N(d8@xjA&C?hFk8?ijh{k1U zmu>gA1z><^`xO6eg;KIu5spOI^FZIC7$*p#jkS>-3mH^B%m=V8U#>xk81;)ppY^fc zi$6^lX5$AK2J9RKY$1r<{&HffM!NyY%-3Repb9(d6q3gwqo zIeI=h*uHgRUV3x+FmD^pUNQ%4746IiY}M@4LBFz~eGv9uES!B>ZHD>;|CwxPemJ08 zV}9EG*ZbVJTz|yNx_rM~!4Eyh#h(7_9q`jpz&mR`kIej9IF_-NZBXFUIC+RkLaNDA*b$Km((h% z?CZBReQBAkN|G!r)@0xiF6ulZi`k-u^YKQaqHzW81m z5n8l<;QRi2c;4Q+0mYF_4x7Rci3ZQxu)E(!r@C;n2^};I@C$U^*J{j-o11~FC1x`0YHNOYMa>hb46os2 z*a@ClbabXpX|U)16s+SqXm&5nG|MrxY>+N8`NJDlVWJ{;&Yt^W#C6iu-PFN}fLz@S@j+wuxiHk zwj}rFBH47}J7d`Z$Mnxte&-By)}^_`lQGvJ*+B%tFucjBy18BN{Ys%{I}t6u$T^Y%IaAo_dkP2On{wJl6raWp8BRX zKU94xpV)~r1C@W+2{Cg)0!_BgHqq+-o^z9}WB8uKwI$~|oD?0pfAlR`VBneKXGFQ< zu7(yi+x%$poH?HL3cPkq=7biLpV@&5b6}0k z`_^JpR6~XpN@gw8*iPEXT%IkYyO1ZL(nQrQ>`f0yiqhso{=J$j?tqa;8fkQisgp=6 z0reU}bsn*oOyZs@z-NR6{s2JqW37i42O;Aw*&!r^#aW-GLMKfXzBkz&O-AxEmO@J+ z=$N_NB$Pb|7^15`f{ z_AFyfY#281#IS0ZXt?-T+$P};vDuC;+^7EEB zjXr($(JYqGYKYCJEDi5$!g3u|EEFPiC;>djJ*)AD@1lHS($ncGAIswNJ-p@noosP+ z+GoejEIEA7tU{AWXQIiF5kr$Gj#u2aGbM>K>(|MZ8lyHZS4N+jCU?E)601#mF*z0~ zi-wLPl^7-etC;_*k|K?Cb=n*x*5|CY75YRrRXM^J*39T!&IK8Vs9ckWl03ZT1zKJH z%8^@Kg<<>>^_;&W7M&Q2fkhRPwscttzpDQFz%Xe4RSI=xE{Lk;)Rgc@Xl=>@=iWQuee3HGj_PYauxsJLW z1aMNPf<=EZ+|^tYN^W#IzTub+S*i`v`;q~ZGTD>~aJr~mX0t~{C9#jI`n+tY@HFd( zoRn0-|F(B3hrPc9s*Z#Z(o%2=_lknf%Y|r>+_{^y=r#ejX(R{{x<)?{`Z~21-t~OQ8^9CiYQK79E*x@+^&7e%8Tf!pbU%$#2I5R?tpRvtwg5S`S z%=}_M;Km*!h_4VRw)-^u-7=nXvg7#tFIL(a*5XKDTiWnOujNA3$wuGJ2FFv#oo2VQ zir=QY;ba^RX&|jyHx5p)PYL`l+o<30SuojrVyp(7w6`b^3QcmOrL5lFgp>~x+DpZQ zJHMYS55-!{hvtct8g1XMzY!c>p$)X#eA-(TYM{-+s4)C4_d)d+Y}oNZc+28pA`5xH z0OL=IyB}JZ?>2~BV#_%?!?S% zZ4RbC@@>0DLGJ#7%4Qk!wPG9OAmP?Idru|lh2e3z9e)Pv`u6&ovD>hO;o~`)mG+UQ zcQ{AbQ|P8dxmhtTVb0q65pcP^1++r?qHz6b2Q)6;0$%5Q*Ly(UVe>~CwL++Wd%%r* zM!dlA%p!_jyTICE`#^tk#(1+09_EJ`!TGv(*K=76F_ZP8i1_pK`)BRj-f(;c1%++C z%Dn0|lY3m^>3MHsZFoJh?Jvwc{ZM>N#L&U{ znY`5X<(+W{r01GjA>>jn9(MXvYLRkRcN3AtinnDf(&xT7?JW|}BMxRx?CIJNo(%<~ zCFrvp<=Dpz<$ZgdjJbNGLVMKGqH#6-ojc_j$FtokF8AhPFZixu>+-f?l$Jeg{S|9@ zD+A%}MBY&Zh}i2n&AolJB{$q}*-q=T=&sR!kD;Xbd+a>r+_U4Y=Ps^jDrO}&ej%)> zJL-cY-Fa35U-Jgx z|BfP&f;Kw~6AG%87YYjR|Bk}k!pyC~Eb z@5`MZsb$u4n){0gkaq2h@gM1wt)02`F&X?GrDnRO+)F}=O0D7?&k(_}(ckx>%o8|v z9lFc;8-C3_9Z8WE|18$7|I~(XbGSS#^o?4req_NN>rt+cL&z9xbQR&X+!!w~^_%m= z=~4%Z%p|udpas*Mj>72U?jTVKIs|X59d;IO4*tS z_@#WBpakjSZ+QI<^P?-jfSn7!u;uyQyPy9w@d6K`-WC+Nkk^u<*73l(Ey4#2sYUTf zYC;F#^4BD>dX_1&$Yg{UV!PWO<#!gcZYSWqbY0b$Ez>E;-c##AWZuVwV@igv{K7-hpyxS5qY=9 zLBQVl!X?(k6mtExDU6%8`LB#4SAw5>jHiR;g1b(7gWxs#zUFO<`KtRYDct{Mc|CKH zelH*1EZ&7Pig`RhnzWxOna?1}iJck>D`Go;G=iI337J)c@o`4@Zm;53zsdObTBtfy z!enxaJZEa<@oe-FOzPd>L zuhS~nhMS28KH3PKdG|K0HwwPa zLdB#`QTJj|#mZ38t=_y_`N?jTU%|^HfB1@k#w3UtZMC#bc%@{&{&NZs$o5Dml^uo0xgto)cBQfNI>hb;Z;9fz=nUC{I* z>?-dBI1iZV@uJNfJP2qFNHnh&d$Jfg z#;)Z3My&<&;}Bj*<#iD`ji8d%_epWf@|9hDEpW?yMYv0kRg`h1TPMD>AV-@4*gBz7 z-pyT4%^0j-Er8m}9z1Ys08^|j9g#=Oo~Vc=bi-n;rc!vUqe17s5azw?BQ_;oK4V5i z2k0d8%qZDbuK@|1%AyaGZYzqwpnps?CKos;h*2Zc^wNBnHfL~&cdWz>c#z9Xno2a@ zmY}Bm-30Bfpi$*zYxEs(DjLI<)I{NtA{V*gmEN`301Q`mFE%BrjJXs2of65pSY!nP zqOij*)0i4Di9#Fe$r7+5x+_Ku@P&`MV7l5`n- zlR_1Kjm-(ESr#_%+#7_NE~PKC^gzYH{VoJxD}l12Z2bscyS~xN$brT&QUc>M{D>C zUG`VLajg9R@%4^Pq5#d(;Mmp~+qP}nwrzXnjBVSt&e*nX+uXVD#zyROH=g~{KcFkS zt0F723an$utL_KL322KHza9or{?W$#6GD4K%CSp za?5=o%t5@Hm|5qJ(KmoWc-a(IG9VI(pw(nNeTq@!spB04wIQso53i{hGbCXeiYP=M zy-^sWvJwyS6+3(Lgh+OD4JvK}-s%FG94?;#-lF6=U*o?_`qd4g?(3~df*uPT$-v^^ z^WDH;fWdhS2d&;_U@0W{#iG(bHblwHxXeQeS0dqu0e_`@^*j|{T*s^hAZt}M8X+9? zgRk=_Tu8=Wq;k7?7u?moNUbfs13J0p%-AjQ66N!nFFIZ=)fg6yW^x;SUf-Olf`^Zg zkUA|bYH`#G!WOeilL5z7CpsVl8@5LBVI=1m(f}$SM@cv4=3uCehB zcmkN=s6Z^^h!%v6zt1j-;2r;TSx(FBmNX9FCfk!zcuXaQ%A)Pk$V?XNCM3t@t|rha zr5j-yR{sS{XN=X3G(Z(8#^OvX^#s{nijVRDbl6&-IWEwwn)869-H3WVqcJ}5bADVn zOfZ^_X!YrH!VlIP--tY#o1P3GE`Si9agB5Oa+e708KBAOe=s zd0hv56OfW&RiezH6LOCW!-p#DRn&kIl+lIZ>hDstW!htFN7CKczq0ZcvuFtxb{JUx ztrr1YZDsP!Rh25eze+XZto(pu0i-L2ypp!1mop@qu}^%dNlFf=J7Vy&O8-$%SPlWs zeHUUVupPodhLp6XUrKDD^cwS*G0YTilmIHMQU(31SIC zVZ6@|hBU-!VMso-!nDOon95(OYIN*l)REq$rbUA~P#QlOQU5<&HWj@n6bBrL|!1717 zHRCoz2(rD(hkOpL&-zTmxr2ObEJe60R!Ym!vNPnG8QEoe_et*-B9_b(V0Ves5;xf`gewMI$ zqjMERNZG ztzKa)ouiS`nO_%0Oo$nFcx`BT!y^(Ycj{kLJt!uM6ef89Hc3bLTq16zNTtR}wO)|y zXdd^H>4@4*FSyXzfVb0(I>!5p`1?#AIz#t$ob0SRmkf<1RSO#sU)ccKbWjoM zdBU87a?%bA3~%6b7ZjRBT=jz6JTYB)RigT^c2yrIby`6E3vxXKGUZuV2z{+A0!)b_ z#`TPS@;5~L-e*^mUBSJ!h%f&QA0Brd(G`BPXs-2d3VWld%YhaGo@~j6GZsq``7mxB zO>PwKAbX~F9S*M47rGC2KyhiE$gtb%4K^|9_briN@U2u`XrHKCUVfh7r+VWgQiRDA z6_R}e=qc$g#e5uyYSNTzD|s0qVRLOl-~k~1QL#Q4jdb$9Xvi!PRrL8#yXbYo5&JID zOI60dnyg>VKoizBS6NKWf4SHiihjukoi`r=I{m?8bOA;YjrPNV&H z-r98|VB%+e%>Lq`$U`DO%8I8XhSii8{umw{jn4m+i`EN0KpRct1V22rFuco?n`JXIfl_o{SMp@$heX>00!dfq_ct_)XLpjLQ;aPAh&l9k<(w#l(QX)&0b6?x;}9ec zjB%b@-1LzuqKtIO;xy2hBNPF#S)5v=SGt-q*il=lf!6Y8vwc!BhTWbt_e1XVb}-BA zDuFK*)rxbLI43E`n^Cqal&Ga3g09H8*@rS)?i36~4|sCwiK~g4&yxlw{?LywN4$`^ zi-Op?a-=KwmFaHgN9b)V%js=!ymW^_~pi|H=^ zoa6!QFa`9SU#A-Mv{e_Bbu?8nv|ZwpMk}v*4HI;sJ^xsz%YufrT^zuItSS}VH^ESs zwiG4&nzxWg*n$EMO;y;Kt0UoKG1c{`*V2U3-rvP&uklo}Ai5}6t?_hs7rpmyz6 z#yM4~m@o~oSrhk39^}SITxKWl+&hBvcCFJo<4$EXwrL`iS`u}x3qc~`v`>z{z%;t zU9Temp0MMl0f7Wl0%W+nb0q`tGM>?>ZngZ2Lsl@VtZP9WI`s*$Nh#01m&$)`C1OZT zH2Qgvu(OC?O<`4ZYZ{%<^*EFalhq`2-I(3OyCHa-t?98f*KpB%?pD30EsvP5(mssf zK+()8p(;{SUe)RDgl`?Y8=ri-KBdj>JhUCHcg1VOM8&6E?bUC@haa(ILg2D0bdxfr za|hV1%RIe*1aWBr?SamEF*MpDTAogMXi5qn4%gK0Pg*xp;e^Lp!5@^uZnSG`A zBIzzJ-L(EMZ~me5~mm{LN~`RL$`eP-aii zQ{ls!8grZ=sCpB)X|iZ1;iPa>32rqLEHU>CW%f+!S}Zi)vq(XLSLc5C6TIj>bLTt& z#IPuN4SYjQ$?d6PKyj~GJXE6~qQ=!o&tz-FJ@W+IdD|q#LVewOYkZY}j%!+|E{NGY z`mP-aSj5}}NAS~@bMaI7*?2Wc!dHw=+Wggb=#5kW(Ye%C)n<3D#^VDyVEOqRd9?bb zNmVGQjWvn7M28#3%Jx9>@xREVyKo!@S0Dg@2eALo^_w_4+BrJ?&-E+I*lp0m{QFQt zzyR7v!>U>VXtznl=@9y>(;+Bt!#Rg96-rEW)q_W|A-UOP0XrC9J~AWb*sS?wKh0Uz z{D{i~gNxP@IjJzKwv@d;3fyGkxuFxra=g(uM{&YSN^VIb;rna#XN$MX7F_g7DE>An`XU%2x zLo2cP*;J!bV1ia9-dGckQn_w^4}G`N!*$xYYVWJoIgBbSS6=5(IT4?@7&w!hTcyyd zmQaRFky$f?gr2vE7`qbTdqgjms7$K-Ig^N+gVk+_Ghtx~=^@b&H6HcPcu(|LWVywr zmw^R{7MiTlZP! zE@qYoKYx(Gh$&6-{!GF0uBt5SR|gci*o0UDa~D}Dp;+UvS{9ngoI^wW~#MA{@J5GrU^ISrK-}9 z{3aUiqHtx*g9BsQX~?2=>a1o8<)sJlluz9R1lj(2J)&kv<7SaEF1ZK_Rm)sPbY6|r zk@6-fxTDcgW!%hG;My>+l}?lQC26maPO6r!3Bhi`SX{cV5`7>5kg|WTg zq3vBSKE+{PIeGlTnh!~ zqMJY^5~)w$QAxkH2@P zbtjPPa=ak0-R&XRDXOOitbMv-Et#`BY*_?RW^lxuqSBny@bwF0TJKMLM%cpHA7lsC zj(^w+8>fa4&41;+eh(%Gz#hH|Hv6RLOwLYjWqIuJcq+-R7R>6LcXwtNqZjF@L7}Fx2Ua(kI|9Ls<_27d zuBbIxE?bpRnl*$#W^@m*^j{!9P{=)I*mcM|9y&X;zPG+-ct_$sstgay8Ms+#P4$TZ zrRfcpH>WfXTFyNSP@@ZKAo4BR$ zuM#GWRj==!H&&d2>*UeTkz^JwqxB@O^fg1)4m{{4S)&?#2+w49n092iY9zA6OhDIF zCI{6Kly*lW$E|ugo}F(5P68~ZLk+zKQ#-ARv0VmPVeBtmH{ceWmS4)r3;Wfnd@VZn z&wiwoa!DhlrVE&zRB{oclwXUI0r0UT&+v*I?VUvxhP7*$}|q~^63@0H5AvnNyyGy{L- z8|L`AlTzm97`9XMoDk`)LmxC*oF*k(IR1@2lG17hVmWa{VQTYWHnIocQi=Hm8l1XFOVOjp_A z)!a|GBXh))bFf%hRZ1y0{X0}09G`c?!X-Ykat7xrE-DBHS`?+U;7TPOp#9@@9xI#N z3hN^=RCA}(99D0Vq<>1=5-!-Ymf_yKtQ~-MOsC@Qa!mDLh{hd zxCq)dCuJN~{P!hy{~CS2<~4AlEW$wBihipr3Q!v@W5Fbw$C5zg=67Bh%c{Nw4!zRk zl82r#ENc{4TJSPe;EPT}lOJX3p~?p8-V^A%5tI5)c!WgVQi#-UP$ujRqqlwKeBE{3 z%Tud!<$F`vZ4*n3kjW)f_!s$Lo9RB*GJP2OJ2_wS3cj9?3qQD7lc~c=o{7~b>mvTV zary+*I2$7eohvh1Lr(j{b7>w4Wf>oFWsS%iOMvLO&Iflb$g1|Ms@>s-WSc9OeLZN; zyBLESPcdc)u*^xfd&#Nj_DlDmfO<`*%q6X_Pgk8UxSI6%o`RBWgG|;meE-^XoW+(< zh1U-%mU%S`35*$d#)XJ4jU!C8tVM|oM^fRTF;x<^2jc1k(!^vpKr~GU;5?$2ap`m6 zbSSsQ(9D)u!?uUA@)fe3v?pV>?-pI)v^i?vTKLUZRhJ+u*g8rvgPVp z{3^>@k08AgtkuuEgc9e$9xzxpr%Ynca{-W&C)CBQLr`?Y>iyLBf|H4+k~%YC47UQ| zT*1eVEN8MZGso*3^f@Lj!m&vh5T`{xz5=&|e#j0Z$H6;{4lmcic#T^|XC?cUq_7+h zj;zFkhrPqiBYH#b?hb|tY*%V%xFmII{i;Y%}lR^Lq93JSSOfXlm0)mDWecU$!KG^sN``#spb5Ed zuaEsDs(@ZKQhF22FOgk+d&0acTzPyAg1@(sOaKv7+2Zn9E8jV!R+QgZTvAq6OOUh$ z+qk1OqQPwRt;g#M>4^UFR*X#(egrCJFu+jh;uc#F9EOauDNGwvu;?hY4g4wD*9M8P(ycbF$i9h@M5gvoG(B387x^+!Q1Y39 zm_2Cp8i8u>T{23aw#ycBVoLU_4Fkh~;UxE91UcG3s`0Mjo>vqF8rm8R z^vKh#MM`Q^LYINmqpV!d(Za*#tcP>O=$kRjpyb=AnB}6F(?E>XB!jM*p|42;CSO!( zwlD`K(=-JTEQMas@7D_e>te5yGwYC?qMDLP(NWhI5IJ#&4M+cMH+K}o=Tr2ny}FSS zmW{~%j=;bo&&b4VdJ+LVsIpa*X@IU*XvS*S=$sTox9b4$?-;lhfY(h z#5N5+afKFI!dJu)ioV)rX<>`moOjv4+%YYuGJwS6xr@GiapTMKHX2HIEQpH2tI5nl zsBl15UG1gEsAKOxq#%aM0(D|N&G5*l7Y1VzI2+8lIO8%ZZ-s8{6p$l60yVOf_359k zfuT2p`tEvJ1I%2XXVhSmMw|)Y~$ZW#^DDKp8ntOX-N6DZHKAM z)sPL9ajsl#w3WJnM7sD^g`BZDxG3h4n&XGnnnhgH;?km0qdzuVg@gs9G}FTewK;PQ zJ0+RbV=}$D47RFedbF}_vay7lv7%yf;V&TIi7O%<{Q-{5Aowl&8-?`q)gaFCR!tz+ z0vRv(blqLFmPSeI;=$rDTZ}E^P}O|}B+??CsuDEJbS^GHn8^t7l(!d{S-GT}ph{gl z)0s@cGP9H$;2(;3Va#{=)XotX5{Iz1f`rpFX#u9_V9eC?NX_N;RtzNr)kk>I#1TkU zX>QaPdc64;!=pBusF)pY2N1oDb8LW@g1Dk`ApY)Mve$o`9l+Y4H(%@(_H8aKcVvl~ zgI@hNK)`OXHpizpyk1`K-U)2zh= FeG$gB zv1+k8oAfV(jMUs?xxC7djt5{VRR|3EJ)$7&@pZ*mr`l@qCXg|!0R5+#ouyKOuwEcS ziKixY1@mI(GOKJv1o2(*mRFX|g1^50>J5ZbL}@Jv7Qn52u@{}y!Y_fGO85L|W2v*!lRZL2W{ zo~~G3AHl0@ZOhCT9fMt^#VuXY1%I|N4YlE(5TLr2t^6oA9JxjSM^;zJlp}D;P2f4Z zQv4VpJ0aR@Zk_kzb*@M6w155S59+ng_VbFm&-m6RZ*&h>iu&6Qs}-p*7gR8rE@2I~ z%vGMFN;pZuuyE!rwgMxXF+NUW;85}w`v*4x zNP7f1TphbMfQ$D4%BRg|f7g$eY@Iap<;sEk!Qp+n3%>p_4EAG?e7(z}H|5lkU5%@w z;SU00T7Zb8W_TCA{stS>>9y>GdLSLe3KJ4e)>O(;=%U{s*T)sEaqot+mJzRziyCN8 zo(J(lK=W6%!zb*E+E!=f2$i+f|Eh?u?bQ1IYx$E{W|1kdEg{1f9Pi5h`G9UQLy!Hn zO8HZ9+3*VZKKOTw09L~Skr(6!3C-{1AxB%GVO()SE=%SNQAvXO@A~cluzn+qDz$BO zF%Hq5#w9s;J`0_em3QWkK})12QtgJEF@KuV2CAup9Cq7C03Dj^fawWue<0lp3qckx zZkF(yHoLVDE{5&O6y0EGC(aQ%^0um{VPCHLtzI(d$n}@}hgMNS3YueUSPg5zIZ$kDR;0Ize{_b!;~LZsjof!71UmM7_8b^JIOFU?eu~Kvjn**3RXdndeiU;krBI$ z{9dKkB>N0k=WGDq$pf}^@WE-s+{4`KkAo9>jFpSt)19TA> zARqzZy?`h@?_2ToAVlT0d@Z~e>%}f6vg{A9TG0g=3r9rZXq#Q{9haj7O-!SV`CGhp zKxnNj1)y#-Rc}0JU2=19Cf-Lm0R{pjR^q1mR99H4Cvs>&Sn?;kl7on9!BXQMr=Hu0!F3=f-&8BB~#V^eXP0g3q_G8q%(70P98OqOHG^%WH^C{nrA^Wa+ zD{)33ph5ZW`ofiC0X@t~eWW5Ot7+irpMeg8)WQXH{#FM64njg4CZxymTZeW#Smmu+ zc3erZWXtk|vEaOxAo8Vrw6~Cdk8?tb%(cpQ3nz%1-?m z!6KZ(vjh9I46+NJX$dqa>U7-rl340=NF zRleXr$k@tTetwgczoBg{`TAMkZ`n#dG4%=eu+-O9G9l);RKU9TZ^^sh_d#wBV|<35 zux=_?#P9qi@O>iYpdUfwV;r|VbgdPx9C!9992YH)S+tzzzSf|Gk489AQ(Um6`tN9? zStE5tEpiFBaY!KA3~muMVxZC8dNe`I*HQdI{!u+>+V#~(If3XFCa!lffHx5QT!2Gl ze{Y~TIe>de{%1 z4nJb%evL|Lba8|4`9(cn+~MV04Dha4EnOY$VO^4Q#q2LwE{DN|Je1Yd=M&aa)rZr} zj}woS@ys{eNk*h^X((m;WB!fufqZKtgR7o7)LO=%o{6|!#P&CFV+5Q#!dR}kI4yvM zH=Paxa|#b{@K5e;p`Hzlrq5br%z7^6kyE5f*IG2QNH<#(&|5Zi0!wP`g{XH zDSHj%Kw*Ccics#O4qUH!Q7?!Y*QutL#^|V8L_v&7C}yn7PL$%ux`@7*(BtF()J{w5 z7Jy0m1M_O$ls6PDO|A=XuhyLq8_PN=QB-#SsADj96uNTVl-(ya)gN=6Fcucl46$|9 zqZ_{;bv1+5wmxEBB1a*Ej2w`1@Q!|rtg@jmw$xq=49Tcc6G*!WG3a!j)GQP9A(HO8 z?HqHabi{ft-Dh7ClBf=D#7jLkze;NN7DNGLQ0IQ+}X zcgMBx68mZXU?XUs^eHU6E^n3&m|EKE!3NXXtZ>L;13ORC-tO$)bEmFbBc|fZXV`-9 zW-|Gd3V;>uohrGRg3DQVvv0n^B#9`NFm^r}+JRG!Hl6(lXzH~s)EvLrHf9Io?jPB* zxysj}dbAxjKJW(wCy4KPQf4l@Ya=rQoGda21reR8+P&v=n2b*>CnTu|Ocr4pXUx(9 z+?C&zH=EVuOE~~qa=Y3Il4!Bqg}>hC3@|H4hUos;ZpxSy;DKMU5s7g$vM)g`mn^$5 z3)mu3uATEd0T^^bSt4CHziF(*!5;|dUn)46i-hK+oL$H2Nu)O>TvI!MGWmG}W6r#l z=kj`8Y9A^knha1$s(S@(&{<>M3HdX?B?mY&``z{UTf)4E>`JIn`OgWZI zL~A#u`+awo_4teMkS(weF;8@b%o;r*S#ENh%@AINVw&bvX79QkHzHg3j&QKF1zE$PZmf(ST33n$+t)W#O;}|Ac2hmd>1Y9>#q~412;J^U zT&fMC<>~>-Kv`Ury|rtfqwU=p{)3rAy#IuuZcS+0D<}ZKI643T&VPrYfra%i#lNM# z6}!%k;P<=Ov{=v|lNYF|^KVVX^?LOpmy4I;Mk;U<;~2<1tb-+&7W?AQ*RU)QgT%&@ z>iNJ?0L=5`%)wg|vW?O(38L2=6vsvab$Ag7fkcwrFDnO%I%|mv479`GjY3VJjPPXJ zj2nMv?mYJ*`ZbrhoO`pa+vEMQkK-YFOcOXm)DX{@4f{93qxaRbOx^Yq_O-S5uVu4= zc;PCRIWx(;gD+V`c#$(66DC5vfd+OQDnbTA%lq$ExhUjuj;&5&g9Ld(;@E_z-m^B< zi5RMh>1_CLJSIQ^IGae8a($eJL#1J25VqF3Ttsj`&^1$Y%}o*B1Mm95T+EJsSw~6l zmMz5*9Zf+VhCHB@YD0Xm0+z!CO5*Rf!MExivJG(vXPEXv2e25L(~$fV=wi(Ld=S|~ zurSw@MrRrUI@sAt?-h=uYTq7J9bG{S;OVeKjJ6iuXHnR&b=RS8ClRMdx;ZfdizXyTYFs7wl+)#<~Ks1-Ctvtjw99r4Fjf{HP2m zSwVv3l+xmd3{QCKr*URRM~4XWTM^WQv^TXz;@u2t3*#eUV;^!DkN}F(GM`3VS(tQo zP>RRQ7{CZ68rWN0_Ex1=QauQ!0L>cz3S_jWt#pwiA_b+_)d9HSh4S!LmO_{qo)l9R z)dOf<#E^l#;x$o=)=;WC8bzy(ahq)`)I>yXuW4|msGC;M6cts5JhCMz;Z>dsijD~$ zi-mO&=g(7OA49vF>m>{ z>KM|U{7>-4ZQ?@1u0#MBB0Qo63)KcAXR`xnzb;K#E-bZ#e6_u;tdK2?c?TmOPSCLFdv5MEflrt!w z_%6sM%}-IXo5!0anh0;(n=+fzWl(Gq|x!R*kGE8)O^+8=2`BPF!!R4!|ej-nYzRcV1OUenCXynyYGhkv zuP9{UAq}pJLN2w8U)01USs6s&6iP5u^*etU%}=+sy56zW*IM5+4ExbzC`~IyIb0$; zL#q!)+Nq{}4E@FS5k-r}#KW~NAAr|5pEWOEd!bedo4U3s5B%}kJ6;lcCqCz$-84n> zav|DWcy`&Mmfnf0v=wT|F*z%5Ig=G6aT!ys+G-ffjR-a26DZ2vk+;OgwDQNwm@yRZ z5PwXuB}!d)J_ueoE^W+cV1L6Ni>|mDHymQ%uT@Z&wfn-AIj0&wPbrH*om$^*()>s@ zV}Xqcl)?P8|vgyN1EIS>s<1TJ0`Ss!|nJjg82Na;AG)VWLeu}t;QU0Vu?)GYbNhIz{6WO zG_hL%iNGJ^sYg0#5pGq@tSAo#m(r6VF^GVUkzibjAiv+Vs_arvEM|kerK}GG;H7d1 z0L$LTV=8X`qJeOEQbbiX@rWyb1*+#Vt|YITO}&$M{=POVZ3?U6?keJ?=`11X)3l%r zGUjZ`?Hd@Udkd#)v?8ZTcsn&H_cdtZtQ;d}LUDpaW~ZK3Ey7x(DG*!9N8s>=x}xw- z8%*oE7WqfNyhp$Ur$I14kaZ0H^4w@D%?z2d!FKIAoU+vlj?eNJ*${>Qsxh=LY=6CmzN91!07{n z(6>Mw|MnBT-3!B_pWVU#a&I;KAs7t%jd{(lQi$lk#@xxo-oVko`Ttg~_$W=;{wi0x zFDM{%jDc3~Z%&c8z=fKBn^4|&p zc)_T|)Ah`q392fgvtmM6l8Qa6eavwxYygWn)o--UO}>*n@Ud9lWuGLGs~@suBD`L$ z^xSSzWGc`VpHHM%Y9hp*Ao%>Upj4^;HXEqm#4BEIgLkd_US!;YXfYi2&Yrjnnzvtu z@)wipYNWeyFM1+%9(}L#zK|A(51pwl<}^zXtOE_Oks?#iyoax6h8^ zd!nYUt0GZ^0QD#sKP%ap{a3@HWWHtn4}Uyz=058n#)gG~!p{dT7i6&2nR5=>6myKv z^vO-ut2TGMVQ9a7!i9DNy|8x*WI1AZlDOkk|NcJ(StYaw3<*r+!sJqIs}kqp2Y>^< zaKmUx%|0drImx0ha^swkeNW!7A!;J3U@sbv_t&RsF~rXUiug!*I>wf2)v+CkapJ;O z?&WCFEQI1&wi-fK5<35f5unwrlXwApD|6kRfL*b*!Brx1CsZj?UPFp5|LxsQaVmm` zL>TWxLTp4$%3V}`bV{0mSwd`i3XyZpcmr2?Do3e*iZEWu4#NYjphx3t#hkf$%D;7G zggK2`C9flYti+cJM{_hxq-8gAj{kra(yLt37MYiGiI6}^Oz|uRwo8Y(3_|>j=Y~!BrsJwB;%xjOZQ+$O@ zcTc|8b3bw1HiA$s0>8N^xsWGRKv|AQCuVws zeZXm;7LS^v4S*zhAy%M zL@1_E)WW`cy1HPC&q=h^s+TFe-v(3TO}EB?&!^$ec9xsYzb5%Fr2g8botCc|({$Zn zLQli`?YmB(i0S(&jxLQUfFl7kPX-4iJ_s-a_HSySVZMMm3v&a*G(=hzcGP{3o_hCh zX@?#gY_y(zUvMyC%gvj9ea_syZ%`QDv~($SW02t5$pip1y%p|c!1dW?bNlOn6e~cV z#d@Qlv%(r2EOk5`_is_4pb$LO(|M@$Y;R{3@?KNkj_2Xr+j9m`yeoFAxHt`A$c&dc z?Ar#VxXlVeOsLG3s~;bIH37ClGrAMa5T1TD`5xWKt;@7bYYw!<4f(s4`AInBqA@1p zU};B!c3l*X3Q`MW*-z%u*Sj_(1^6E3qF4 zsZ$3voc&tEcMMCBY6VuR%jFEBk?ljj*DCbfl-_$qUOtsR3`1^K%wvypT&nC%N}CMI zF)Q_p87tS}@Crq>wGR-#tsNgaP9qQZo9H~JR5*us^EWWO3sWk51K<^COORW~;4ug- zhs&kJCFP5%9ZQVzU4^ib;B+n-DywQcDw-PQY2`>p8TWgx(xB}lI>PqM;xdVnQYE$C zulNfKT#a>>`DTL@GKtEK56J1O=gu6FLg&c6V+L|sfm}|ABy%7~L=eDW12g8EK0l-b zBN}~yrp;x5G<|zfkCUvyo3m=#1X&;*S17dzojlCg#69aX_DPG4?I5*19llR^oO)h< zLb-A%n;g)it;o4C2l?TmGO~W$e@G@yO z{mu`T-nU@iYynb{*E_75EtT`(10tQLmgb` zfx(1tn)PP8>#Tia72r58~?AfVR0XPSxkV<5~NE+@E_87GD}D?T$dA$Iw)E7e*} zb;FXe+T`~~PF9kU8~7E3zNo3&t4CBw_QG0_ zp(A1Q2X2*=Lsf%gSSaoX!xMaSNvt>Y@veHClYG3ry|tsd6h?!V1~-edreo*;hj+xY zlU3g{8igZBKlc;fJQo3u z^8vosuL*=C6{&J7_=|TVqPK?o(d<)fse2O3XUpf1m54GLL~>(yR5!FrB;@pYRek5K z>0;%7OMjtgP||UJ!%hnF{}=ZEmoYwDfy?SwhQ0kn)uaJrRF_CGTkd=oC-~a}CZYyi z99OMK{GCnhS3B)0bhQZY7&*K3()O2DZrMXqZQTnr=kytVkL4WIS_D+y8!|pb?hNOP zkXiV#gm=MQs1V-3GFkMn6VRB4-xbhUVbhc(LB5=*3JtL?KzR8G65Y{5OqY)AX7J77 zr^!U9STq7f6kztG4qy-z;zLI~aLfxZ!cM%9VkzE`ptg!CWUP-1Y#duC+cjW^7=rSo zb(ybgr60zd2^Zc}Geq|NT{g>UaFU%mQ4jo0fsv6juwD?Tb05x&3G>rhE){ARZ|u(_ z*R6XKuR~qb!@wdr&(!iMUT!7D3C&-uxb^b=XPhQ6%t~3eM)&XI8t9VT#)HHE^`wqx zuKs-e-fcGo006~*EpZGj%q(o3^$eW!oSYpkY|Vb3)=`p--6B0g=*=6d5C<{E80DC& z3JE1RKQ=pl+&VB)1tHtT7R%E*!2!PN(zn~N?5VG@Mz?T$?_c)%TsKp0rs=9VDf49d z&_claDi@>Oh;2Rk!<-d5{HX*#{%U`M)wPE%Nk-uj-ak(HlT2OA(ee+wmE6?ad3WgB zHIsowYvxFRO!yo`dZv8>RI*GodxDGNxwjcAx5r4^BJvCx%?S$H|B_*3oi_aKrk)-nmpidun#=7Lw^ z1>Ptnfu!fBHS>vFV_1lW1r#8!(<{n6@$aQt=pmn8N_iP>3$@#KwchH>Q|rV$!`2DH2c4zj_Wjb$a`C6F1S>|V zU%`X`V0X}$!S=`doHNLK5adVX(;Lu#e#`7il#vm?7`piVmdXDshD>b#XXL~GA?eMX zZT^QLEmqQz>!(NY*{L;u=3fcM?;AvCa#sjr@a2ZEBbHjDRnMkr$?n-%hC60G=l^hQ z^t$1A*<48eXBVn=doA&igH>tILGqOS$7$ZcKB{&CK>&x~$9GjB`bXLgj>VYfj0Fv`q+XeD6wziRSsNwJqH^WBQQy~kCACp!^BcL_J`Jb^y{R057(!>kvm@=Ro_qrX&3A@n$8P7~+;lRG%c*g!(EeQW> zJRMDpTpXP&{?8h0OC}<_=<8%&$B{A%?fmtWsdshS)MkWEmZPJ zezkv10PRw>DOKu0h7Z^dJnX<)jbjm_?s2ohT`s9T+9G%GiUz1NVQ8l@bF*0Rac;9r znp39xN^4tlF?>I6gPVKC@MCCgjm>)hQ~`55VPUkhHQU5N#mHB~9F4_`QulkklDlx{ z*ub`Yj^_F7$+vRVA!q!x>NiE#$YcJxJJf4SL1$IWSXIUraMzL z6Ku(HF?^ArvWjp5C9R+a`g7W;I=v8Os7b}}PQGa%(OGM}l5Y{won?~~nlzNAi5!!y zHBeVu|8OgF?(an?RlcCUYhxnXtX1wzfVq^m2`qs+(GeW9DlQFbN?Wj5z;N5pBWUHG z*i`f^F6wFGYpsM$OF1-Q06t*o32v^95As9q<4u4~@+G`)TFWBYZ#rCJybx-k{N*{o z-9tSQq>tx-H}$2pm@;PFG8q9e@j+eG7T^oMA8?ZDr{el5wYI?5MM0avS>o{Yu7!l> zA!ZTx`K=b$5vGe8Q%Cquc^v1EkR`lJJ6Dxv=*riTBO8I)yW7klML8RElBIw(UU`x&Z7uS3RrttqU$J@ODopooqt=Td6Y zQImxpT8%P($={ z*8%&j>rP?*|5|F!c6R@hFs4+c>^9gDx_|v$mq00qBI?fdHv0b;U+)xMYqxZb#;xh|9Er zsAnx-5id+BG{hG9dY_W77any)dT8WXS+LL9<{6Q$NEmcbUDp)CVOCI;)N(~&i;b3{ zNg}wcETVGSN>^%WvTp>>RzAMggtF>&7A)RU(Y)++M>0tc2QpR7O<@i>$L-)-)s}b? zb9N4j+90BhFQX=RUNUVe-5YZ#2&6RU4cy108t>+cnbxG{oqPNBX1`C7-TMdjEqq%) ztgspr8}p-qxcQC6ISHkn@=@Tv<>Ya8&M!UwB~<((pf{fTDD#o5tM`7wx*7Y^f|&1f zh&awGS+Ev@9^^$TvnvNR(UJ6dnHfr}ISj7i>@Q0l?0;jNfti6A*?-SaYNSS~Gy zwFwW$KyTex?2)U7_V~rheg);Gp8`{3;pdl!UrLsTHUu~R!GdOjJ!!N<%UCfl$=#go zI>$_C#lhYWHWD65rvG^Sy3ZW2fBQ(tD!){(h6jTe3dvw3FbsPtr>Tp5cJBZMah#Um z46EG+6npP+36My~m}enGJojK1(~EO^$`}>wBz*5OvjvCq4DC8#nY7B>oOJk54XzE2 z(+8@N&(MmiQ~gTSNFD@6K4Ip z6?b7@s>ldmd$!Blc?M{nb@vYCzFU4s?Tw2I9imNC+e_B2A3@7-~Hm12#VnbI=;Dvh7?9YwTd4 zuurUHE*3^lPSk)wC4NQvbWZpJe=tadP6Ih<7GZ42(|xNmVt@oIr+Ad2L%TD1D1U2JKnvJ5f>o|RuSUT)XfHEcG(T`5aM8gVkqSkTyR zJ?KF+0|&Cf*9(>iAYaCnPk*6W>Jcsbc%ul7v`E8tWHnec)xGD~;@65vfm^65{hb1{ zcXlShaM=eKC;e9#D&jIW^hU@h_@KmU+72iMK+K4zt&=$ycohJ}K zl9>bcHOMKqUYEaYAQH-8nQ6PFHZ(j+2SeNX^XkrHw@?o)?#u1CB++ar<{rTIh-9Zj zO^Mmw@h`CCXS2-Q7r zWtxv6k9_`(GVi4(lsNr?4u$alt@mMTU}IwJ?DDhI?tiknOzhhK;DwhI1oFxQXygVDm!r5L`nhwrc&^^h-{oM>wLB$SI}PK08~3kM^G8hbFow^sHEX z?^u*_gN{7K82PV?GamgIOcK^~MAcYIN&B3lCt+tQqnxj>OT%s8Ev>=YT_*|sTq;qv z?@m@tqv>-9E=gr7M4(u~b}a-$EzPaelLjgyJ2Jp*&XT?Nn&C*cs zf#)ONrCnB0YHHbPWOIKY>I^9ZE2+For2KlQ@LWdTT8!Iaz`l1|!uuYHb{X2z=W z^GBX?3wmA+!z!v`P1a({@#J1C;ZlCFtUMZZ>@E zGj~+}?H!tKU(=R4?M{n89X{v{w4i3%yI~BXXtU&+CZ?tV|6`{<`vu}4^smddP+8=T*SaG8HTzJ2y{w;BR zH_15|{8U&+IR7nDoQw=?|1akP36lFArgWzpzjxuu zG-Hs@cuGkmf4V!5GSi*EY0_y@$T&bdW#;niX1e^S!1AfgyF{eqijWvrPQ8j0=;i{H z@dTQdv%q(RW3^%j@rYC~+;BorBm@Zl8f4%*BS96ILps}q@uAYdPCYyA`Y1-#rYEf= zc(KkfOyG{OcpgZe3~ypc2a=4EK%2Kf+h#ytXi4Ue z?08E)-zFAkQtzC-GC8KsN9hy^yh8|&X*IqGe0^RY5OcasMksllm_Ki1Yhe+7y$)%g z7y`A2c4usD48~<8O`}`|7vVw1(R?Ct>1|&KvHaF;H$lyKfxuX0AK22Zh%^kZRVsN_P>7-F&8t)+ z9l!9%h$)wW&>$M!z$|MPTvSk$SDToZu{RyWWy*eof7O=aFGh>C2WrvGmYKEx9$J6m z=OX645Z*_I+;fDJ`d%#tmcV1deWQ-CX{^5`Cq1v*H(a6aUOP|F8j%802<)Cxec#f| zn}L^=XV;&eR&%O6^NsgpW_=%Zf--YJTz|EH>*Uwa(TI z77M^Qg{N{EkH*+u%^9q5@$32lq9UdnT5XO>tg z6<(fF@sQrJ@fBK_9XlchHr=9+@USF_D%HNT6>fs|3c=c^wGt{}G0HYjiq$~QkmYJ3 z7J!0!Acs#+!TJfQeGa-X<}Z%o1?WLoc0=V?p1#|4r&Wro01q9dL-avY+$)8r3 z=osNL(@MYPft-~3hRg~aE;%QLN>iuEBR)0<4QB^^4$&q(Cz?NWGdDUHU$}+xnrcVP z8MmL2p*S?>c#~}rR*Ve+FE9I^J3b#VZotVt;`pjVcPRM6u(OchRW(TTd;|bTcOVTj z@H14dz~jf_=XMVgq|@^yA)(6=5|VX8NmQx>J*G*jXB=gc99#b~?B&tUek8Ro)3|5> zWzTjK^*@aWADac4(#= zo6PT6;JcY@TWt0_w0(fXTRb0Gp+w%RlDu0%8ZiY*D0;oZm4e zPOa_(sfgPgD3xV`-kgB2=0kbB(n!gytlnY-2`BG)06$ywQqYHo=lRQfS>zjx18R(8 z(vfInkA@jib8@qyp2xCoaZM`{=gXzK0HK;}9gp*<$-44ouB+z=TY_zz(3%yK)nn$C z1>2Wvw!)+_v?1<7?0p`;aM}g4_|K`jNyjox0O^bUXDk9PnalO@>K-zDef|JJLJ7*T z-MSyjwG92Cb8oZ*8QWL8T(QQ)qFZd4U>H0#S0Q9Qe(DLMq>bU~`v&+|Xr0N+#=i4I z{{;NN>;J4>vj2hAOg}KrM6Or%pI+NBb>-!Zs$leh0}}Z_a6f+lwxH5Ns}^B&!^-Y^ zxD=+i7y7Wr@9AlyVob>_;W*G@P6aggs%x)d^Q9as*q2_EUPg0PQ|JOoIU) z>z6Rf?l=PI_zB}tv_=?eqIJQ!LIp)ce#cBcZGH~?_OpSK#qOQbW(OH=oOE&b8)u-K z!K#tTPbRV(ORs#Y>_5XnrXC#V=t*6#cB+RuX5Ifrk+Fw8IR^fGo6Vm?@N@pxHlY8d zNH;byHE^;1XETtC3^!aq0nDZkR4joACx4NwjonO_;GlRJfxLCd)-R6y)w>k4cOM)} z*_9=cAa#2QQng;QT)P-ZeVkUOLil4;+ybV*++0VSo+Ue)DEG0e(E6bzers=cLS_*L z=1@AvTLLP0+ei7FD8awdeWZe;KcHkdG^>*(o95Hi7J2onf?@ylau>(qh@E~emK^-Q zUGD$E=z~h*KbMQpc}%T(xF@MVvJUo0BDaXqynRQ*al^r zTDpHx)BIDO+OT&Y&Kb}xO{$~|lzxoM+D&>6_?vrdJwC%n;pA-}|M46jZr!1x(}eSYV)y#fz5G zvMmdCGt?_DG$IgMaD=A(ABLs9Y95MKX%TrR3FS^)y&>%L@VSGzey#d4uZ+F4WU8QU zCZ^D}-j)K|JeCfiKgn2z=JSCIIbG<5;gjGs@}Ga6F5qT%>8;i8KCWWreV>i28fSI> z*-q)Q`<`lg$=&q%w^$^d9je;@sjF@v|NH;V$il|pAFAv}@$(}nL+CoE1{>{lBp8v+ zbY_fG$^hbZ7TC`T_?suQW=a%J73ypN^7#x`w%B~ZA@1>KV0DWICq~+-2-co4ky0w4 zP1WKNxIWLva^9LO8qu6;FRi-L}i1F z2tv}67y_pEQh-4UBcENK2!h(^Qvsl{`}55cTFu@O4_=OFE#$WLC2ach>F9Fsu;Us3 z7u^2QJR)8AB=wFV+(t2H2t|Sih~*nX@9OG)?wp?%1?p<)P3ULFPM7oCA9Uhw#pa_K zAc@AK{@U5?Qu2PrSIWk=SDR5Wq`R@bUg+weslw^z zE+63jjo+(ObIj9)?-Kg1FBl^+<|`egRq@$kJY{WY&rO_F{?=3T8N|5xXimMw6B$pz8fIo%8|k!cGHEUMtWJnBL$T!mK0!xR&?q2=X+> zs}An<=|gJZbN;r|_kAn1K*ky5a8UGF+gqWNHj~vAs)eZuk{JjiFMF;Em8)b})SQYu zgBhwWzxj9NWCB>Y;Q+typVPG#XU<|PdtUsMp#u&q7_>Q>%LN(QKvOgeUrAwV`L@! zC%Av|*}+eckp9Pn{8LKl{Vy(PP+{_)H>>-Za)P5UvD`&`pD7$U0DXl7&M&{xWtl%C zX=Qe0JyF?+cFlj^JAD7;y>8xpS)eupGhD!}>mFu3jgP92h8vY42aIoIwNk?Gw!2h& zxq><2Hj@F%RJpnGxbo{3EMTi3@5zg6rkkJwrPy2 zAZ%xFb$Xx8(x%V0^uTQQl`9Z~m5tyKFFmSSek^N-1r&jL8Z@s;&WDo6@dizCSa8gr z9w^8KCX{W;)fo_OOmvyuFejU)aF^|38tk_l+pHXQvdf95MOHaDIPzj6x}=pmYCZs? z)hq_Pltl({^w+V=2?d?hek>_-k{r}1(P1igkw?^p z=2|MxH@GGgUQxc}d8nDmp4$NA?|(~Ad)YX?0Y7rrxu1geze5GapX6ktV&%3bitt&j z$A}mWsC5De1nfE|7?Id&vA1O5rJ2$msm|XVck?R%_w4KGiUwn8c$V`5&dJPFtierG zNtcHIuq;VhTpWEoKi`kVn0;d#U1GfZ3=^?2@0;C@^V zzb1iG$`%8j!MwImP`KMc5J4A^K6QL*2Jo|0G#I=ObW!34C+dgJb-zU0w@MLLFLH!K zq**bXXkEu`Pjd47E;Yr}s?}~U2(4Oo#gAe0qOGOjFD z7}5_tR}6P&I|BU_I5?fdxKFQp(o44mcube+Ph6Ke3;UdCL1@g$@ZR7E{TSNY+nTeTJ1^?M^>qM}w zB)b~v<-8zi4-dxdMd$FKj-BsWV=Xy70?pc2lNtl9fJl*Pf%rwb;>~fFCy%sJCD}6* zbqGnu2k1PzdR@ut@c6>M9Z{KwtRNt$>c$YV(udrn9ud*JUEp3{!)&Y#XNx+C@OYuW z)}`t4^=~2|yvMy#=AY<=_!+PK&pKxdTVoU3f3R%RPaCd)0ipYzTJ!;6RuKhauA1nu zR0KQ4hiG_(=l_P8i51E0WAYbw|AVVWGiCK|~ba<_4zd4;7mn zjE$#MebH4ny8z&AnBn(yNLXPYp-~_Bkk|)v z4Vm}=izeDHpyz}|>FkWp&R)EzD?JZ`UFN|IrQ(J|<N4uGsF5^DY zdq*e#c_^FY`M3F65S3nOxT4|9RrF5;9#tB~EFPnwj5DH~vvWt*q`Utt4yMh55j?Rj zZda@J;hd}(?EyRi_}M&bgJAG$lDjZ|iZijso#I=4RAls>aF90+bm`ixO`eLKJny*yf#e!2F z@|VztFL-WeAo%eu#^X7WGjs+sl0t`UqwMramf;QKAarY2M^8rIb+lw1_?s<5rAruy zuYfLO1kYY9Kss@@GZzjwIY?=eAQ1+#m32bgXf`~{k|*S7+ImwE2RhUUp;G#}X{6;z zyQFYkpV7kQV)uF5zTH*&=llET^&I!f(7w^7J9m1(@=}p%xFQzqrRK1O>-=m5NGRxf z*4rENnFRjZnM+!9w>4Rur|1r@&X?2OQ)*DVyeM! z@G3n5l_88uk-DT3Idgh$-u0>L4i`*HO8QYB-5yaVY8b&LwutMWACtaV( z?1HV2sJfC9#id8=4{-XKwSU7ZpLL4jvp?Dj=O4Ayf1V>XcCoSliMGif(s#cZ>GyMu zeiM8GP?Zt)sOvI6T-^K*iSF5NG1c#HRGK8bZfPumN=Y8F`~BOr^nI}|8w}Nzcr0st zIDOY%R8zP&W1yQFWIv$woFNRv!|xV8si7ChjPv8Hj?ZHU{!$-zF6+V#vF+>bOD)jd zzlUXz%^0k1C-;2bJo6Xy6VcqR-FF98VP&wiAZPEpzP?wI(_OSMa^Ic4W&f-u%L0ac1p@!k#WQ?3ayJXpDeC7~{sA3$KK7yo!s zljemr4V5BeTZl|A#unbZL{t@N!xd+S)D^3RATmT=CTETU2;>oF{P+~*ojL+lk)cPj zK*~p#54GadtX^%0lO=5a4Rk$`bN*({!l&_9w&*Nr#VZb|Kw5SYNgHcj$9j^yxk{@a z)q1j*n0aze8B>M|iv?SSU{nelUW^~Wm%I4Tdf3>|O66}=Hh()H1)94ZxkP92TitOJ z^1&-~ZIp93*vA=`wrvkJP)g)S|+Iu1uwg=69pB+lTb%yZ~EH@x^ zhqV;SF79BVmG(TOi9R;{f1+@Dl9Gpj>54=nmrX(9&s&>k*gVG%U=*hOjW@Dz%(65| zcLNN=FvMxvK?0{wiSt%rObX3Cl~xUwT{`T5xkLEc46YjMk?$2U$rF=1X*05+a#o|B zj`bytqn_;|t(!3?rv+HoqmCap(!{HC6?k~8fur<^ekd-o}b%!Br`ZjmZib-I7 zJu=61W;S+dBURiY2J)oC<5U%Iz~t_hyVjf*3!*|jt8wAAQ-_nMV)CK(Lli~EArx$+ z$bh-&y}=6ggR@y@$vNkqKsUYMd+lwY-?Ua-H#N|lRh=xOko?u12n3;{Sm_IyMJHcO zM?CZg<6#u5urHevge!wDrCNOuEnbv7k={40Ux4ly5Ca*7q!3Yuxp!wq1GEmj6A3bD zRV!d*o1?G=ukhyZOIRDl9#PBIGw8Uq@L988q{hOv?g!dachBoHd9(nzlL z&oPjsmDYb9O4)U9{@o!z_9zeuo~U=-v-L#meS7$Y2v@BEY8)3p4BTU zDLgnx4WuWD%1v;``DrMnO@dl=^huDB9hZi@!CARBvg z<%y6ONVxNEVZ>qAc8ib*0!-)VQ>Ejfo^q% z*k5q*BQ4=wkRTwj#$sL5b8q-HrmeL;6A?~SB1!bBe8fdKDKl6X+l$BnaahBU5}gi+ z%7#&T|JG?XASdJADoS`q(BC`06RI?-X_O<(*2+cmk5CD>3mag7WiuIxM4g)~eUShk zva`_J%Q5koSs`)vP?j>Z(_){Gr6JKnh3fZlr8|ev@<-Xw~`!!$-K1esZ5Y7Hx#f{cN=MUmq>GV z=kbwp@AmzL?t&u;wod6d-`itc&=)J|X6}Nz%3C9KE+Z2zC3~DmzVOuWtLxr&keMVc zx5#t31S?{6v|H;FE*vQXDd-AAT({8`#9s&$lwDJEG5+p&7@f_-`xWN9tSYN^q`GC1 zqI0;$@vZ7(O?l&3oy47cn9T+Mjs^+$#(GZ%@$b?G!*!bN`rJajn2I!Bd^yihBH~L+ z7pJUV=;yLq-S{_^USvxrdSd=*)0!LIQapjjX@l^oj@SA54W_W$6DCU;CTO|2$t|X@W5+d8 zWTYX9j>|Msy11>eYVH)iO`2zwFiU%h&m#sVQXjk;m77b~NyF{hF4|O9_mg#_m8haJ zx3}--I>>8fp0RQkw7Dr>d<85Yi77$)&pM`Vuk#unHmNl|sxo*(Da_eP+pZeF&o%lj zBH$0(WY4pc&$&Jx@m{NKlYLvqzN+Q{kHh3S=wQ{lQ}ASej1EUJTc`zNCfl=bwSet4 z!Q7WG-meTE=vvDOSzrDQ3t^ZBmh%2+cNl(*0tx>!Z)0y_V(eo7kA7!S&BpGG4drX9 zrnVIy31b|p@eEh7s3}--J=CjY^QxbWWL!e_Z>m1=`X6VN@AsJS#5n#AHn)t%uo3#K z`(!~%=^+1N~n9QZv_7l?pY~VF#q)7QFs86qp zZ6?@cvSv!}Ma2WC#a4Mh#8Hd|zkwYtE<-^-ODd3fZ9Db0g&N-|aFS$0fysR^Fp>*r zE=CgLQIh3>0lny5uR+EE$ za!iPv($vp+E2h9>*UU{bz;o9%c-GSrE1~3G7fPbIVLRIs7>DT2aAD7&GPTy8u&1A{ z7|ZgG_$c|mpHn7W!Gey&YjjdgADy+^SIO>}i-5 zzt7x7o;VZmbsZczT1eU9QPYuSvaJ~SRroRWXq1?LV||YFPyCgp)Btrtbh70j5E|~o zj)u_4vYS9!Y0QtiYoVFULu8<<3efBJ{z|&{>)^*Gb~-G5^6DZ;bp-gC_?J8I7;D)G z30nUHy<)p;Rr2!Sop*8vn%L1D=>}lxqO?`j)pAVWZn~!xIEej?IDgjW zRUfu!Vog~w{j&Lb<;u0Kv&TL3?9H|fE4H#V<>tn>$J0GOZp&Mta13N(TYcOSyRx;* z-7cJcj&uA5!)WuJzs{}OljZK4XXM^JunK0zrQ=UIvBJ;F90|zm0nbL0|V*L zAmFHIvnW}szY8hWN)XSRN|nXs`y2jT0mK_RgCRgP?hIbKZ2~V;0JZ29F-W3+nWpOS zPt$f8+Xygj)pP zxTD*QJXm1SN2hI^iR|?1N2;UJcb{T4Wv3j_#UAHJdKEY-cUJww4%6EO4@p)s zBd;eOHE#*?qU71CS*+jb4Wi#lX4$0`G9{ny!#VorM`dcQ!#SSJ$CY2V2sU1j3<@Q}Te;zKl9_ruU z@D00}b#?*me+J9;e$Ibq zEt!83k4zk+-H+XBu-kWp5=MeJ1zx+znX*fsP^7Y}aRM|XiR;a3a(Tq}7I&gx*Gl*E z*6Y2?mJGrr0+6DgK}I%w?f!ivp|T|YW=7XOR{ z{e0RkjdQ0=4utQk9zmfJ;2b3I9;9LBHtd$;C(l%|5}D&)B$%RLtEvHr0z`z5FTOpf z@YuDzvgaZ2ezR9{?+LDI#mup4-0Pz zlmK`9U2SQ;Z(KNEk=@zwQ&TgmH)obFsIXJrAH3=`!@pp-9~M3Pir3qKfFj|kQxGzse4oy=I>EN)%Usll0()7VPa ztMDMpVq2+o67fPC($>0UPZ{yymZ#zyt$S~`{F{w?dI)pTwtp)4YY{X(9@ri+=Ri*K zmxC#!2Y_1@C}LJj1_Ay@TpX9>ARkF(%-StHWL1Hz&U6`#7#>l*tu)#3{H#JBu+!N| z>+cRFadG5$v6rFqjzI+DW>)ANE_b$iMyPiR5FWeWfeYv9(w&$gdLIh(uut?R;b4M^ zC53qH`*PvbL(JO6MBTPvNrec|gpK6XaEfbOU zP&sY-bd+FT zm-0Ds`t@Qo6izKr$iafLL?ZF`)n_j@4oPN1J$*i~7jd7}(d$1{MMceA3}=eP@IyF+ zcWSDQy4{R2M2)XI1vobH5E)$j<@g`B)-y9W%45LYP&ULgE?>p>#`$%T7m{1Msdsud zktov(Wb5t~@{Ifozve{);#G7g{1mCv_E(pZ)d|Z!Rc`o&Pyz^p!zdP)op<&>i`|fn zjnxEbjWzCqt(tnqtD2n61V=<3F*rh%SrZdZB95c1wCQ=BYrCR=CVG)2!z+Mk(p;|=;VS7mtC_Y!6TQIb^c5c#9> zNojRmsPWmjpTTBH0iY}oJbm!vSqc=Q$wmS5dM#>D_!{wNnTOSA^_8amz~ z_yI%cx$(Lj#wQDb2rx2AhO{s^+Vp!xeC;VhGv^ThxR6xAv4QYZNeiX6doHBpcJv!Q7ZogVfsbH;4O1UABa?3PE(=~eu z>wiB_AZDWS>NBb#sHt)RCehgxtfxFDp8RHsxRUX>j!xE8Wk5dT(U15pvFz;OVeirN zx#&G8u>KR5ckRqlK>E#RLD_ksr0AE`f4H!7mn5s#&6)t*Q<$;7_bSazZ8k3b^lwE1 z+#Hxl)6XNV|1)7q_8*IcpTU0{JtsRyXFV$ukAGejWvPFr|GS^ngm>dq%b)c3Si^w@ zaWKSMWt0wGPM2tPBolyuFMEu@*;b%2kc7*#rpvOYzcx%o(JM2KrX z>%a)C!5_Y;47F9;Wj%qD(_*y38>&QAkgW{pG|US{`Jm}No+D<|nmmssydp>DF10i| zfLj@9n`=IQG`JE~=}9@u|GLF~>zu5rDy(9c)8qzgj%}_R#(1oI8Zwmqz3pcT5A6&3 zuPP<~^Cls@pU#x=4_p4Dlm7q8tp1m$Qnc#-asRT%g&I#QapAS*ughviqo{QmoYO*t zD5ova#2rOAWczw9_(0{B2*m=lj?WkG7E`3m+Vn#ZxwI+?0_ZBMyeGh)Noi8c*AnY$ zWn1$K-p9hm`9&+Lkd%ysXnS$EL>;)6!M)a5*`#L8a9BXm7Uq|ujk;smFP|&|C2OGb zri+@>i`*skh+c)s%8iJ=RlQt>hyTw9Wea> z9>oEI-@}s6c7CYO4!zScz>5;l7;PHC4;YJ7^c;h@MLD3N#M;MgQJa**kG6)wmZKhY ze9+uxL(l>xbI}{;g%RKjjy^its*$V&PK&_!>y#>}-q&3IUSM<&5iSOerLS1(Nhb>d zjF33}m`j*K3Nb-61n_P!npJ3P_>?!!(S#|J`Z)#ZgRgr(hJxHPjHPFK{x)C@C?}0D>_k+BAHk% zSbdQj$nN8Hx`dvd4NymZB36fr0j{+*UW^g9@*MF?k(j*H6T;qr=C~a`*|$LhuHpgt z>5Qk#eKMU&3+K@X@@M1dVoHa+T=pqVZnyGSw^*G2#F@y69{EwN4M2(~CX&T%jCw2%aL+G(5pbSlrl)Frel;d=7(>#Z5<}cXh`!1E z4VGcZa1?cyA^6n8Mr*)au|Y~-86hWqi!dCej%HIGs$*OUEinJVAAH9j&DitlCnwoX zd=gH{7ciPm_Dh-sT;8?T^gU);8uGzrACg z`S~br&8>~p*-jRZ94mO4m!7*jI?B4JUn2)hvQ41sO2_^5P!M_ZO;WEe2Z0O;1z!XQ z8fGQY?~`_mwL;9-BbLCD?=NVAKe2qzGrp*Uo(stne%-=Np5Xs$Tp@5_?~(i{We9)b z>OXgU|F5y$rb^vEYO>8oRB-wvfWEM7Suie?=v27T8CwZL`8i5`!T9nRpbN0qXFQYD z2y1r7P&nGuf`MT-x9jkvYRhH!JX(oTmoIAuDr_|YtEOjhya%|O=;K^e1C&Slu!3H4 zM>G_Hu#V{dcaN)bO_fk3igOnBOUf=D~c_0aaF_{irSz!KGJRT_q1R8 zDT**NX){T@bpTEK=68SvZXmDK@qrHR9X|G!gJ*^#gK{fV92HAFFAwlY-sTi$+1oaX zoRiRy+qW?THmCXhp?!*4o}bBa_PBsJ9MioJ8$I@~p@P0$_oBk2b}?LwcgU&Aq@)^K zg)$|Q7#h+(+aaaPal4z|%yM>i0Cc@RTdV`lekm(v`Oui!B=}zJ)qmQ=Z|ni;=Vh*i zujtS%ML%yTSAC!W6iVX&3LXcJ>j$ZIMe)NahF1Y_6wlZD*FV^pgqauMPvR#0(JM0i z|0VAK+1UL5?u0NjaQfNb{Lf;MpA{oU78XBm_oRxAQzAdY56jo8NSr55D8U+CrOEvX zT9xaF2+u*o%HN5;4mY%YwIzUM9?`@#H3Bodb$4-paY-Zf zi!cjIbbseYdqzqZ4Ucw@>Cc3?ivBo$>TALVlW>TGqqnPPNX*Oxzy0dmTK~!b6B*?o z6A@x130Ina`cU}Y0Az1Mu~9(HC*%er9Yg<~(v8va=2c?vkAt)|x%bzeIa`hDww_$w zp{G}<-IgX@y>y;xYB=_nXr6*O$&W=Jh!{o*1`Gdz0qVTt#v^C#L*OpN`0dxYnz}5U zI7m69OtNOy!UGre1_8Etpv_;{_K=p-{d$B-ZF`xzE$0XBM~ft`5{m-rhA27Q-Qy}9J)5APd zOkTWyvdUz^+~ctHckjq5!Id$3wW^5)^MyEc3SqT%EYE|vO4$vq&OAOpVrC~vzBYyH zQBV(kh?mZbRzNBu6$mwMQ^C&{Ewj%76=z%&@W;sx8wogrzXjpvpoKso`epb>IEmB5cvC&?@fSR-i6% z{!qz>NH$|tUs!^058vtMA{*F&+bVXM)JW~S!ks%adn*TU^#Cf3_LehY+k5@Rfrg#g z{EK&KE9dmmG*2R3uWs#9m&d8*>$Oe=4W;J;06g0~paS_++f0w4VkhdEnv&3Ks%=+q zcQ)D0yxqtc*Yw5`|C+F_sUanhHb(X#X!kP9nYeKJ8{iVlAx$8;jAepy%`N_?7l0E8 zIU0cKS2PdoRd`W>RJl9m7?u04;gpf7RYUXxfRlehiu^x@laaZJk(Hj2g`<&+wSnVL z6jdcmTLv*83|)IfY_J8muNd{t&;8=p@I;Ka#<6JDAWk3slho~n{H;>?R9i)m?mfZ& zYQhxVz<#AA10t@y&2=7@E99L3VZC9b4y!%etW6Y4ZN$pL^D&2A&f=el4&0|(Jqo

%_m+v|(PTYa)#q&XM#R^wD)r)`K`Z4GufH&ephWAx(Z!GoGJeGHuq3a*y--MH^~R z0BB@$<@#wVaC6HW?E)C zMs_+TI%5kbXIcweQ#*QT2_X?#B@sGjcjqq6b;tD)M4w?b=`yM&L)1ZaFPZveaLs&c zV-rQfGM5hy5U@RKei$_1up{(CzB?1nP3Ayo35`q{6>YlA0h8jI61nG@GoADby-LcU zW+EHo-^u5~sH#PM8I@b(k}|^D^E$6IE_Cc|NHX!|k_%d-mMWLl#!O##gu2k*PwE)Y ze_7(o)=q^tR3yW_+|+m~#w;&h9}hf%7}o6{vk|+`mJGx&}q5Ya&~j5ppcUy2x@5H@`Frn0#+9k(c9evj3L?j5*1{|z)E&@mBp=O z@=2GF%OtQ8R?1RNwKW_hz*-^7^`hJpl}B-0qfT_KlDk5ZGc=XQ`XC^y7@vm7F#9gG zuN$}hbE^mFmgIjRC4Q z9H6H!m`GhDflFJ$jWsKFleRZB8eCT8Kw9k>;xfjt*DsNhX9%e2qlkQknuZa|iK0*R z3c~Re>_-}PbW?4?WrXF({y6fkx{oavs)A3^XZcF#5JNnUXYyqFURwRPSk3e@gYV(Q ztcX_U&&+k28&!O=smzEq1O1M-PTt%dsOa;k-Fi`j!|tEIZ(Gsa4LP%G_`(OX)28^s zbN5~^)hE7gYqP3U4eO%z;NhQdVV3t^CqMUXcznsX_PSnyW^ss%>rOlg&4qfDd9-E? z@lD4wpI^9qu(yZL<@QhLbf+yQI|db{2m77dV(jp)OQddZTD{dPO;^6q#;5jQH<3Cf zeoY)%5e(rh4_ugeBUU`mzk97wW&9F+BON8TMT5^xx$Stiy8Z3o%iTZN!Yt0_d~N!%1XMvo>^UJp{;NB8mUPW7qKEz5ospc?7VZ8KNpE<@vCUTR z6Qjn|h*4*VnrURy@zww*p7VAn0KM1iK3ywVnidSNm-yk+fz=8frKRDNcS&=0ywK1c zW6K-xjV#F1hl2C z=-kWwhjmzowfLUd^POS%X3yU5dr2LXZyj@#Fuy(02!d1eYQxZis0}gg{{-Q6io=Cv zYfH&Wne>2iiFCnhU~^s}FHr9y%PpQ*pu4_LGp_kYdg99WSf9hAYD#?gM7o{=jtYy9 z?n;W9{4KMu6`kN~7-7WG)va-Z0^i&oLK6d$Qn-#z)T$bljM!@pA&kw!A~lY13zF>` z$KaxlE_QY#wKxipa$z~E1@yS$7?p{`+por$Hs@RD(HIBKFqe2!hzI02P}fYhb#lk$ zL57@h3>qHyNa&*|F$~HBEYV2m`6v)XmJhKZjqpw}-X%xzJGMsFvAwK;J!*}v)Wa+! zh49}v2$`EE;iHAOdnD#Lg(;3%6Lc=*@$@jhUccMdjEDEbTCiSuJuOFMRi4p$oq>?;6cr%SxP|9zngS2$E;d$F zwLOC&xQw~ChoI&mGoD;;@W@(UMC0^y`Yl;4DMuck>islnP2?=3aK2G|m0Zd*hJV>@r-FL>nFHcz_hku0lodVZ&F$JWgnGpBLZeu!;sXq;Cpg`D`U%)Z9 z>igFN8CQ2YrKBexsqx>^c($F?({)mR z|I<<^NTi_P3N!L`_`^jy6*4zu!Mb-0eZvg2jWUzosSDE$oe3#vMIWRk#ud=FS^Y}W zWne!+Tq2#{qqOm&%MHh*qw_%h(8$I?Nr#1(Nv?_9GacT|o^6c_^1E(5v%V@H(RyaM zh5vSPqg8Ouzvz8n;j~kP&CJJOOFSo88*GFwxc8hYdO}SNoSJ-yql(Y1J#x zrUb3MA{i07-k^HL7ok=N9uq;jpsP<{rW>%d!AkQ=@Gk{1O5Z^2W!Z{7SZGcYGkmw* zlr)ma$n8vhY$@QaM(33)9dcuHwry8HI~qiXOxJFMr-c}{*5XQobhgrvytxz3j>Rj6 z2Q6JYJ4b(lpU8H8QFPVSg=LMSl+CIu?1Zwxotvss8B?6-Yc&-b(KH%hFc*Z>rC{i< z_;JQSH=Fk{vX2Z@E;4HaUTn!i z%Jq#4S@K_a5hA*%;Yxp2r4lC}g$h-W(Jyl*Dn(d9ZRe+cpm4-Jma=*R&z^ri@3dA; zFR2BI;^w-M9sZ`&J(2z)imnp$lSp~K6a|ql6C$nC6&7!a3kBJ9j4S#0GfJDLNPO)Xgw(V-r>!fE~R2zcZtgeBk>U47miUCyZ5o z@c5?WW2#rUW3Bgl&AhYyxCKWosTxqe8RVQIs@g$aNNr5x=gYV5dy=oRqU4AxqFT9LY|Bt$@OmKOU3$F3RG&uE&PG{G zgN2demFCLB$y`}lxAW);JWe)02AW+#v3q+q5sFkti{`RYtr1s>n`KI4)o97#>%&Bh z9?uyr;iL9%MMA5%B!jZ%7nAvv80n;od+t0Kz3wORzSu8NkIp(DF;l)W_l#+a`7 zrMs#)T#F7U_*CS3La~##?5IA@kj*np7OoX|vnRrwNuZd;~@1^06TplMn`lFhygS zBunuOkZfc3o;tzEU+#9jQ*Y$_TwgfXT|k^QD~lc~*_+@>YF#M)Xm*v_7OvG1YP@2; zm9828l#0l4W%DqeWy@d#HG!JndwRV57=)_>n#C2}_~O!Ap<)!5-w} z9si|vE#XbvjSX9(a!Wh1>@DbCh_+Y>9~dGTn!%a!N~(Is`b~!pqwfS8?5l$-Dg67E zJh56)@`hGfE{V$JE>$MUWicZ}itZRZ)(MF04@DYj-y~TncQUC*)r8=;rq---I}hWe zMD8=2=WI8$B$Vp3NDoSi)HM)OS<@9sUm;+L4D5Dpu!qy98dMvo?}F z6<*r)bj-hI#C}lR{SG!ASsmUFI<%SX^V2BrPbO@NIs+*K^U@alxtntB6fhZRovxN2 z;GfGp>FhYhfcL2ncn5mHw!ML79GyX^fRUuVGb&hcYDa?~Mv%hsaE{;I_zH7f8#bv^ zlcL?KfroHwDBo^d-8FLu6=H@Yqen)Z{opM8Wf^oE<=xd)@Fo0qRfkrh~8kYayMt1B7C-q zD25aliGS2W7jVI>do9P$$>V_QNoNIebwYtoMr z!!$ANE5tI(Jbr^pr*lTerR;>nmB`rri(f8#Of)|c^4e*0^`DHF?^i)a-=}Dwt6L71 z^4j-nA&QfWV@>U8gQnLSZo)%ofWCMyhUw^^HT`V1vCCQ5rc2tZ6DnW9DXoQ;;s%{n zAn++)A~)}D3ET|rT0Zk!OXhsR(eX{~7ir(z z%rDT@P9@P5tY_5*=Mt}UP+##fri6Yid#>@MNR;SZjcQxta!UeUHTmGxVy3uvR^>sL z(jlQBDu@x9#>0vYS6~VM-Y}zRd1|Tj2+Xvhnd7>LU$(eWjAga^Azz_j7W8v zc)psigASS%yBDabz(`^VsjI2!cpp(RPQ54Y#gS3@jo9~Mj8AxBD4U*Y>Aj+_JBSmI zd0SN{6sa(s_VvcE4J(BG+9=RFLDADh%JsRd>)8g2;a%;c@JMhq6Pi@9FjV%=U9Vst&zx2!W1;r%!~6@17|hy#CNf_ z_arfPln||6#BH)kDq)A_^p!;1eq8{iV5#&;MZO_559>~fIC3N8=s{4TgX1nVY_L$^ z!uxwsLxbUmXpb5w$UrAN@c|wYMz#a%TxJlb8(x@euI`(i{jW~Z9eB7T+*@RvAr>|S zdh=-`)%COUOM=LJeW(dP>Tk#PJ}#e_I(t`I8d#cOX8lBVgYnX`IzH$)h-)=)H2sL=ov;@2J#PRC~&%i?6*|MKkvacr6nZf5eB6n_YWh< zG0+b54OXZykFhN}D)!4U$kKN+m8(e0cGEM4F~Jrp4>1q1aSpSMtityUG7X>5Pax4S z$o6;3gMUY^?~%e9yo`LciZmlL=jeU3T2O7+^8}vP&-1V(VS-@}v9O;VKBKC^YA0xa zgRW*G9l;X3eoq}z-vmmv?LMFv(ln~=uoYa<$P1P7Vc)Yc*vC~SjP3i)c?pH`Q#NSBJYJ#1dgesz6G?3*i2`66_?Tb>5W^K^Hb zVBtf2p0ncx7eTS}n_=4LRG)i;*~*KyEN`q`=v)g5x+{{pW#`WGWAg_$sXl8D>F89G z-gG)xsT;6eKR;R$aM0b1d#vO5En{M4$mI(y=}i`afvY35P=Zrh|A=#r-r7;_&|{FB zfG6e#aXwYfg0q6Aeu356@wsDnq?(Il?SK!5UQr1=_i_oXFr46L{rQn|F}=wVKbiPg zYflGdIjeCU7GIwYhDnfBjf?Y2?oncSMEYo4X(XffQl>~a^gVYYw{i0QI62<4JkcS- zK1pU8H+we|G+VEl+U%oJHV=f+-I!IBlvJGZRY@#oi)1$(#Q~-TL0(^o?~$>Ob7qhl z681X8E{uept#p>OuUW>&p==`i0RegS8{?a&sS3sw5G$#QBPlTHy z8Vmzx$9SVT?-lJdZ%E?0ShBCw$6Y&Yb*7FlxYN4#cXv*KcX6GfefhnPXVl_xF_ta%Gm6w^s~Xd$S?D&LC@62+ zY`N@&%NU9(V4!0oNxzvYq#)JhWD@5>Ku^2q?pKAWs<_g&)13DORTM@Z(F$;E%bD)I zv>`LB_W&txHBl3t*F(0lnehwB@9M%*xc3a$Z=iI1h1}JXQb}B`;mdD;p#SDbm>vO1 zPG!e4i%o9((hv&ieW;4)>&elZ(CWqovMh>>(6T9fwIfMv0qy7#qq%R$@QX5{&TCL* z138%;0lu8L)%c70xQjM^Ejmj34s{HchS_~4av+2gS}Ra8H-$(u?6OG?`$XU#E;P^N z3`jh5HvEBHa7m5|&I`k@&E{0XxU_FPVZ903AU_$oYIJ&scdS-~(p6tcy90ju@$R;S#iMn$Ey zRC|FXp1OoAJf+nMlc-}#%YYhXXGBo7n5Y_oAk?NobB=+S>c&blc~NG=%T9{1(obIn zM@FApH~6N1@yqH8YoF|&l;sWe90c1C8y-C*y;&18C7tKn+uxTpkTa~SJbdL6P!3m0fdpDWqvKrq|M8(>D@Sho_9rGpGwlurHT;#up3H5L6y_(3EZs;SM1 zSaw!=l2WOWRSphIJ3obB{iT|PH_F$y2lK@Ww8jMixCun!s9AV<4n+r5>~A&gp6~5U zkyy^4ld+z=f`&MF`*5(j{o22-oCMj6EXdm8*_f;Ob&yTE!DUIQb1nwI&t~q?E}e`y zMBkLA6^zMLE)&=z%ZEg_F_tVS*AJv&;cU^upt(tR)`!VHgEajdxR)t~gW#O-ZeMVi znG#mW_)zOZ@#6S9a;45EFr&pN0D(-A&Z)k1mYHIx> zmr6I#$IvCyPdhLOmb>^p3I3ep$*wK3m(b`aBR9+_ z^;l?T<5?GUYVHjkW&H2~%u3gDJ`*&>geZp385Wq7j|9iEW1S>_cAYBjt^ z)PguMk7~hKb61$hcub{OeoCL=DPcvi2@qHU@32>VpLkPmh^Un$FIxv8U@atA%@M1CdpninUjZr?p1 zym)S8h}ADlPTTrn@r`dh|0--kPc|3B+roc68|2 zz;06S$5e`tM11+wj=iZ+qfc+Cl|diBO)TKxbj8NT_Qal-C-1SdS*;t#o2mErZo;n3 zDn42ES)par#JPHDZR(JZo8{t0olWx_Jb&>%JRalA7fI}n>0qNKsjG07t$_C)5^@90 zhj`&aducH^B&W0>D@9DnP8_D$9P~U&-e^zh{#`CyBcbiX_~!zFQE821$2dTV3 z5W(2#!nA|pdAbp{CzuW`C*EdO7NX`7YTf;M z%=<9Yyeh(!0vc52L=bVwxo!s)DfZ#v4Rr!&){j}@u_pUVJ-FzzU9lVCqK-E+`mwvt zdts+*b6=H9OK3lkNFD1+rm3d14@@~*xjc`WnTa-?KR&!yG~!JjY|Ph0t6iC^y9fjE z>YQ6v6<59afLB_<#nH|!D3@=6qU>Y!eCJjA8Jq1{O`l})h5X}E;wk)USIS@?aW0Xx zww19@RbDuIYr5f#oZCUC*bc!SYIVv5B`lVE;c6e5k+4gGp4Ta0T)uQG!)a=)EF~tz zqLhVg!cL1JI-XF1UR)h21h1J$f)E4-c=`<|2s0tCK2Xf6qkaprLRcj`ndY6Us~e)s z#Gt=toGQmj$b0>q{1pKQ1Eec^R38j8$>fvN+-9`~# zR*17bBuJ_l1zVd)d=pD}B8^ErSKf4OWz8H0(u5~W)Qma%V}eQ;B9hBe2_Bs`LwK1u z4`c~g5=20f)b23SZ!cEu)rd=yB=%G|%`WvKv8>Y#pTU+-1g7&Cn%(b0JYai0JYh=} zHh3C&J*dMJzM-5wUP!s2o8PON*&0T*GM^pIdf_!QSx>~{P-7ojmlYO$bB@XKJu5#Y;+kZ|SNdxh zwIG};y~f>9&bjq9GMywYQX#?fFLj3`r&v*J*svVT313m$nr1(%R2Z$>H^cX$B+BW- z!W<{RnD@MQI^E0^*^I!oV0My?|Mp8OAv>2&gN_#K(F@E<%7+zZ2vMDfMWNNpbW}p? z{bOJiS1y&Y5}jokD(4_YA@{}x@)M3lnQmXF7Hv-lbx9?~1XwQiOYN5&K2|=y*P9D* z8wf(i*qA9Gwc_;qsOVJ@AM3UAC6{tPOZR0S8~1!TTanO-M;{Ve`M$c%#}F$4(#;VX zM)H6>D}l-}nGMfua9hc%le2Nb{5lJ|obV)}5DZy4J7RytP_|2jWD`VJ8>*B8OG<2O zJAL^08db}(-u|O(e*`mB#M&>8@d_g3Reh7V!>eUTvG&ECb$TJkF>GPLWpHZo)OLbQ2@nTNqYTO9fAxrtkREwrsXrES| z64k9axxPAQ9+@>3d(VA&5_z=)WhTR&*51EVK824WTe^fpG+qkuyNWjxN~zFamGhF zy8<%eNU2iafSW0+xq%bD@;l?FZ{@#DxNjiw>SOSPGl3`V=jr@2mR!FNiobEKT=75ZMl977QZomk!*Zs=V)l@^oOer5C^n>zr|Hr-HH2Y1`k95ZGmr5 z8xD7({xk^&vVeB8x2##Pz~e8ce2+{0d0P6d8vVS@$NGH0kVOrjKon4Y;T8o~ zb{FdJ#mzqt6WCCFiwmr{3-@EnezaEuLj(2@-?HW_?_%9{6a#6%4zgPsL)~38U_Tj< z32aWfWl}Z#3-dn~D!_J(ThfcBeop*Hn=^YOY3s`!83tMQp6ZX@b@m~t@fplOc z@-3aQ<1YF?>XLy_VBPIs&`Q6A&R?Pb%pLzyg$slNA0++-&Go~Z{BP(Vj}?J9;A6d8 z+|2*M{q>L!NCf7{Z;1CZ85RCNi3I;eq-SMd=44=D zFt%`Vrnj&)wfp~>iTYnN8J$g>oSpt(I?Vq>v@J&wK8hTDVIS)_7Y@Zpis!t6Z^hz zk49S{5>gINEmwh3#%SrMr&p)XZ0??(uZ~TV2VzGqI%T2^ktM+O^Xnd;T*`mHQYp*I z$|%PhSHh{ZI9!y+sL)PLwUhsbAFC#?|BVK|MRfd;%2lv7!Ce-u2rK)$QEmJOe1`Q_ zmGrJ~DXu3`vLk}EK|(rXVO4G+BwP^V6wKd5v4vkySQwl7k~ZlTUW( zP-9}AkHJl`dwr~-{7|+=K+PrNi1t+}Ml^HT@u&31&f}HljE- zC0K38#w~Q0yGwU1u2pUt+Dghgw6Y{!%#p)SOe}|#;?ot}#)vxOADHK;;a!pkEm({e z3CAXy$=JJK+gRK)A%60S(=UQpLthzvK3@4QF6W#0QL zetw+C_)bnnqnxQnVpE)sPDKa!CGCp$F?hD`u8qGnp%c(dvg;0R-j8vf z!!OfcQry#elTRB;V*>C7P!N8{Hj+oVg=YYxKMn*dIH6%sDp21uIQmz$OD* znIeQ=5e$l<>?BQlm_80KSTokIaW-o+9SW;3B9&bZ@tOSoDZ(ST)p;ERgOY|^_SbX- z7AN)xpZUdj-n+IW9|3x=mVw5y#LXlOS0+?GC5F0vN7dQ)*5hjnuu23NA1uIKe(b2{ zLSv^I>-JpuX(e6e<&F0sO7qK?+x;YPu z)p9}I<;SPJrfH^!T&%;hh?xLBsGPAb#yuXf*G!1}X3MeAPnV{D65VL|-Ap{=kyd@8 zH<6gD++)6dQ}CF&x;GPVNl%zto$};5!6LWC-H1=@QZFKv8!jI|oJJfUl2ZX)6G7>VwWVCmS8g!)KwYR!k)<^aG zZlN!w)@-w(PiviSUg?a6^<1D6C2rSGOtbBw?nknzn~3swuTVaOBny3=m8!2JlcdJ8@xEDA~d8`Kg2Nj-bFCzDA|#gsry1)*njKJ zQw}b(#wBMHkZSNgG~6Jsbre^e85V&>i9)k?kqJX~DDoj(C^4A8vXVw?upPWi=q`nT zLPnfIHA~XcY(`tu8IB=v?|Wf6T}DQ`kEOG6`daXn9~xUUj}K% zXh3lWgsabYpE3(;U;?G=iRmSbN{gP3)nuO4V_)nE2YYl7wHj#Y77k-cI|qtrCG!Xt z&y=kNa%+~tuA5Zrno`5WsBUn>qyMnNynu2H{cWnO0z&$U(knNHk%$ycg3YsI)LSgo ztV$`UL`&2FjN`JZ9%4o@#XglU?^!#8;&c3g?2H})B@sEUqDGHI3L}JFDCvLy^GzFw z+~Txq{DZwjN7!A;OIO5PhuM(omV;a5pBaVaa0D$_o&K8wOv91h01IR)751&I5;i&z z+9L&utszhU9#E=?Dtf~WOu7)xXdh#@`w^<$l3V8ir=+voIodJ^0Ka^PG%nT5Jcr4` z6;dgeKv6<~eMwuSJqV6AAZAgBL|DxPXVpK!AmGeo3x^FIaWgR&?~9CPL$yncM!`n2 z5)7I{HiXK8V!LGXTvX}ucR6-&gp7D7G(>UXk!MYP^0dhh*i#*J5{kJfDIVyJ9;XZ8 zf({@52RIEneM!g6lv4_y)P!u|?+;!rNE@h-Qm0t4KSMO2K0c+qh`-(;+!kpTJvU`@LsR!T8! zYK=G7%4%P;*`YcMXBU_%c)^MLiXx4vxlku|`xOHBthKSG3=%}t=u&0n;Km7{7HHro zQc%^QwwC#4nuITd3r_ZuDH@wt3@lCwG2#Q5g=@*hs6>rLHQHwo%E6MbOG9flxKYb4 zN|Vz*Xz+eu6||66_KT=%2!rql^T6-ZW<|cEC0byC*qFjcsK`9nSm}Z*zU)p$jgk|q zQ~E9pDI>W2iupZ&2m=_tQAEtDG?I^}8QkoEgu89E7N1O@T1Bte1UYBkl2FW>xoDCn z0VBwQ^mOrn#RFMM=+FC$^*nk4=Sk0B%a7+35F6m&0gFB>!iAd{LqzZ;c~>X|zt6O4Tof%tJmbBnrY6+5^uYJB&2BlTp0%w z2j=FIBq4!^Bq3l>f4icBY%fSI_VFpOurz-Um?=j_33Rz#Gv+11>Xudgbv9g7%I{P< z@*dddu~(GhIJ6H_HWw%eTdW2T^fod`wjva<&oTO!QJ4`~glk0w&bXPbx!^Aa)+3}tgmNK}J9F;?nztvMH~HAeHAFB; zCn>DlFbo*3Zb^nIELXok#*SzNJ@+mk^AE zBo@18875`Pco4cd#iV3sCk5#kF&n-SA3Mz$pAlCv9D;!n^z85_p4Es75D+X76YZ+u zXI=wZ$(dSNpKB!Y`TGn+Jo0$D$AiZMxE$u|%Jj48I0cK!zVvTjYO)Dj=|`@l!4-FP zUu0}dk4Z~*=7XCli-Dhin%-2G^E@$5aeNa=*#q=Cgq3Mh4G3$J-h_4SF0#YN$;4yj zXT6*t`?<5;=U`v^1eo1Evh52b&UVMKyv6E~=D1GllKsTc1Sk2YLQyqqQ7b525gN>h zH!PG()|zG^&1M!H~ z)>^Q?Z78H1{3PCfb<#=@tpcITPT?6uj931NA}hbZg1QNX*^uE{WHp0?lW@xoyk}{9 z++_qy_X&}8K~^OwL1}v8Uv>-K(+<@Zq9S-v#$gNURGPrR=E+nU1D-1e+5Hg3nyv`c zf%FXm=m8Xn0It*>Y|Rh*rlA95beUgt0L1ppB2CYq5l>N3=yBI?nq_rM)D4=FnxG~q zp`vf@N;$arQk|eSE`-}zYaX#tX?NusJ@}Rcp7LTjcb9C%i*6*QWH#}_9$Y}VL#vH0 z5`l_$v@~*j@LNgBA$QDqDl&s8GGMS6Po$VyF!#t=s(vr(q?+<;rp~*vf_QT-pT_`y zmK?K)3v&lz-Ie`wxNGq%XIO7GL)6~GuP*+a;lopnK0(2}p07#Ufqb*U{H#MWin*fj zlTrrZzy>Z^^FT*oEfFUxzx%W7~h zS4dmddwr&l1_@H#P}zgImMo4OYGvWYmbPRVwW)WUC zuBr(-qn@6B1`v*Z$0^U???QhGNHj~k^Dv|LzPFfxUocr}2>Mp#Og$1UZZ)0tj1qED zoj=(PbT-kkv7Xi#pgzkTHydN`Bjtn6?{+6017 z?*R%ksT#!}eb41KJnijvWeRD&thx91s*t6?o`Fyx+05M-hBF;$At2;}Hs zm}g@{+E_R(48 z&B|Cs)}Mne80S3`TQUrOh&OhY-pz2QFX8gK*_p+8kq9Yi6lNR}pCpmbo5hFwlcX37 z>#A;EV}fPo)mVAc6u2zUx@5tF6RLria0P=%CDc+@36MLG?{$ilt^9sAQk{9hLz<2h zfWNXM-}pfV6L4nAar~QCpwm}u4@z%h?CmOFj$I_wk3B%B5rc2wdxdncDW* z@}}H-@p-e`*btOQi*9_^+jzA%8h(|XzQMS&*Y-U)CY2)>-TY#<%f`?-2(n*VXIY5UFg4KFstu}o<_R&vsb7gWB#;JNJx3zN~$#_WV)h> z67se#9=t&T+Q6l2?Fn$BxWMdD1H2+_;$A5bJ0bJ>7{v=qnNHoIHvZ;i|%Cm8VI=VUYSU zUAm`%wI&8^-*gqrR_*0S{0i}vAfF#FTx@=rk))W8R58#$dg^PzBHqngaTKr9R0G0D ztNV`Uf=zSBZ$3mITBSy{!wn>n|ETM%sct@IfwF6zjM|>(}yc7U14mS|F+R|>=V2J%bp(Mv2y9{T<6 z^5q54izGHY;cji}olC&EACW@}eTkFiX^6ZG=m_8pazi}J)Cv@60bF!D_0~J}!p!cE zLCY#La<%aNb(l~LQ;uyGiCrV&hU>D&@Z1^k)B|qpTF_H1uSb@zH;MV^vY$DW;gMhR zTte&%6tx^juWilId}IJ$Pn&x6{P{<)lMLaHV5f6V7iA7s(gGK(QZSunFs@w3A|V8{ zZ(ddHoQ98>Sl?y^T;Us7uhr2fP%bAvVm&Vm(q}t))yB*3!#~%uP7PBTvg@wonJ3F3vK6~$e;OS{AYUFufAZJ|JhQ$7T9YgK-HbN(%^#%oRg4uOb}D>VF_&AQuRZ_xwZqFJ zX&=wNcM<|$i%U&c$Uk-y0s_`~cW-5~;ajQDF%rENCz29o%^8O~(w3^7w4yO)l!rM_ zIbU{W;}hMVA(fdJXXRxT@7p8u{4NX>X}=IFmAWU;kSDmNjg&=08|HJ&iTnm$R|#oY zH~xv(fLZ=zynG(=^oBLZmm>-vj(d}M=$>zXtRl>`fJ1GS`P-mK=C_eKG(t57F9mPes{>nvnzzd+7p9p`8g&C1rUdn^1z zAxxCg>fc935rlii(bI@?^p1RM-w`7D{GYjQ$(|7&Sps1h(E4}wt_TVIodwoHLWI^C z8{8oNaxM!y&0XW@&2IZtOel_ypALPFnTuPVh|yq|`4nraU`LnMIJ%#FloEnmHA;gVJp2(hfjfL&v8iczk^gGTW{7|5Ul^&7--Bw z*48=O2<6KVfCNm2z6r(uAn+HiD{%p_Xc~1}6u6XwfV{=|&17xKJ--QI#)H!D-L7qp3ewWt2RAF$@@~NP!1IYQb9{-pvUbDS2 zee-+U(1TZ-ZYjX;{x^2vy0}rKesx}=#7MJ)mUCJBCtA(P^QGFoM%b%bjnnJovLr*d zl!;N*x$D{Mh9^;Zf__lIJn?b~!uGW7C$rm%P>>pa2yfFp1I|N);$K&Kq9)$)LTn*y&e2unH#fkXqMP9=Xd1@W3P(F0m!1=uXC|N?v^NSZOS}kNbHp1tQ(R( z3s9s=lmTynXgP}H0pbVq?wjrF!YP_08@DT~YaRacZ-$tKb-YTe@Ji~^ou%%YQsNPU z7X+o2NwxJW#CAJ0`RUlArG8xobWrrAZOb4YFOngG7s1zzE`QPR>9~@HIVpMOU0FV( z4uH*sL$0Nlz3)#6^R5~vdgL~GTy_)YhF>A`PfPGPtz(-ReR1g>#J|k^KDS=k#UL9G zI6ustPV|ZVYFmjXV{uKms#Ftf1M*Mpw!K=JCED?#kf{=o7;v~16vWYWY1ue~= zC)478jztqx!aVmY@_mF>sTI(gJabd6^3}^ZD^f523}0IiETM6!@?6MMEfcJg^Ha+i z%u}U&KC9p%)PCh|yl@&$jLUplAEtkX*fa`5A1cx_LFjTtJ=!Hi{pGNJveSnraB^kt zFO0FN=C0PidCS|~oinq0*van=ZSltEwO(~?rkqBJ-0j}L$jNo06(wT( z$iT3ue7D}dupc9gJnrdjLo8)o8K=;?KXclc+v?Ew4|VFI;=>~+22e7&`!7Fui7tDMC*Ui?>@r}vrAp4hj3 zM4w4%+*VFGJ>oy{w`-KluW)dqS1vL#`?|gX9?1K#^z2^lpRtWj_>#R4f1G2*P-iCh zd=?%&JL0OhiI!tGV)=JX-+q=QeS!Wz)u8`dq(LgNK{_J_1*vxf2Vwp1B8{Gty@`pj zi@g(rk-dkrxt%RND>uD67l$4P8@;uKt&2OonXLr2I2mGd{4cnaKcLbU%H^po#jqHV)TIGKDCKp9;l3Cl*ou0XoI($ajYWlI zRAl*B*b*S1*!k5jlM~#W?T80|e5a4^ho3##_;xokSdX(axSftBG!q#{n2}X!FajUS zgF7LE@4T3~qV}g#tH9Vae}(1;eDT5(MsWOs`C7owEDOy2slkAzH^(jT<5FjZFD0$$ zNzK7qLM!P%HgG1MQ$4)`J+$&W!`Nb}Gh%aL*T!PF} zxJhNnu$SJo$XlO(RtQM4^01T26&w5t3{t>pVuoC%%vNkU#+R|93S(-G(h&bAG8lkZ zEPARnAs*+~-;{etT^ttCk_+W$`ww0}YM{Fw%Fyn^@<;Q`LX9iffMlOOTC=12kIR`8#<3jlf zAmnWVPRg`#e8hrxo$PVm-LO5OI2w!etr*-=VXD>7|{6+&ey(|b{76xa2%5BU7B5e))ZpeV?P^R~` zfg4sl0YW?fI#__bY5FU>!C4-5=;s>~unP6$*eGPo1c71Ky;#=2oF2vOmNMf;tKf2f z^49Q2RawGv61D6*B;>rAS~9lEDqKxVAXq_ubJqd|MzRnY#zE{PEmeyK{k(LQHP-n` z7pV#6VQNFj{1_eG^$<6t=wgV5uz}{O2*}Yi{YVQ&YKkfb?2FSR=HWbis1~hhY(?M% z7=HdxN*b0bhBlm-))7eqL~IKN)^x~4_E}+IgA*-1x0+Q5ra{$Tee)0((}FJR7RV$A zqcGEvcmS=`c!Q*VgMRcsj?(Jp5wiZFF)3+}1_*=s7bkI9uRbMXS{#mIeVrE#D}&h} zwBDgglGc^?@sMU}Zf_l?bIsIP1vB9OSUoc2zoiwwK_b7I?7eTuqF@F%hL6sA8;- z(+S_kAM-`oh>14H{KLwcHEn{*OjAkHMjBF)J0dk1wM+m)W0VuJ$*5TZT0&D*G1h+k zy(KH6Pf@cK+=m~(*zm8{R@m;+Mj_DBP{X{SK&$tVjd#nb8C|2M&txt(G&Lz$WN9lb zlo5*vgpm150v&>H13F(plVc+sfMV5xG1U@m2%egtjkMpGol#Q^yu~c}_cDm;@)95E zsBK{3fqA`1YLfcPid8m9SVQDO1gweP#L*rhR{e8|JziZy6P8fX-*^Q=4GKy<1}$MU z=nn5YpZyY0 z(&thZIdt}`93eaSz)ukos$78PTjsv9dcy)n;IwB%iL%JeDuEtuAg7bJ3yeVCzIw=x zG?(umn4awY<**&b?vXiJQs8QK4=IFT-o9Jd&L%-GCq!@JK62>Jvc0zv%%@B2bLbAI zw#C#sT;=$p~oFxB3tly^BPi@wV&qjrWm%f ztlr4>6GG61Ub^YmP2#2;Vo)AxVA@4H1454g1mo(4ZT}a(6_^yzGw(-9Ov#U(NQj~XN ziw(jy<}H*!KmYxvfgP(~H%fxFa6x+5fq4VBoq(P1tfRO;t#Q1SVR{nxm3zAXhnxH# z?)Qq75D1bZ^sqqm2JW8&cD@&@s^k-~pL1*Sg>Qvmn<=IhKd^4sx0DB>*9~PFx&Qpd zyZbx-m$YxkD&%!vokzgKL_Ng*<>&*);2jG9*18}D8TPT@Pl&qXcl=*B=WmT{g5UX` zN1}M|E5v>!mb8V{paxFU;0lO^>QMq(6L*)#Z)!|{vMk<}2-_q8x71y?@teD!AG)}o z47i{92;1tRcFDV}Chm0zg1L5m9w48*Yh(hfVChl|%_9X2kKUxPbjgL*rS6L2 z_K1b1UEeQ^-rTZycOx)vAM23x8ylA(Hx0Lt;3Z@;N5-a!a?WPt0` z-Sv?hFB4!3%eydcPY%L16=0hT@GW>^dDq0WTU*UH%a<*rpO^qL&-y@t3f?{K(1c?i8yq1TLnx};s` zk(+Z9U;xWI1@5OUZjW#%@sIyR-DC{xX6aH46{G?nr|#mL0IhMiXaUC~H)bY4KHMJ3 z(6l!j13eVG#P3&=cP&C)+HTnR4K>R<%ztvq3dx$DJU()|Z-3eFwiV#a`!D#F7B}i3 zW#cH`^9nZU2Wba0-AAWaM4USnrmNqI2)V5r z_)HqD-O&RTC@6~4>gaP0yA{b~yZfq!+J$Sd(eb#5{?0MbW^!Id3RDet$m&y8C{4~=)@~LE z*nvhFs?pqDwStis(U8AG_a+{={UO+2geph!0!tKYPc|xlqaUmt{|@mi!WD5q*+w}q z`mJvz-$?uhebVE8vFyn@5Ra zD}Sda3Zx81{6=9YS3-B_UC6t!-yn}{gty^%LI-!ewh zY_V@P+AhO4@Dl;Le!Ch*=?OZZ1S$r1e)9x_?Kulg@AI2UvQ6t1E=5g zXVQ&to;%wB|F{+CZb5!15KKSiB=IvN}y>F|rFlOJNRg5d?fRYPz z*Z121Gt4vP3#=L$pZ~YJxi1jD`0pM$_?qGcRv_SpB=L*o+mq%uF${$x@f{?K4_r?N zo@fxg9W7~sLL03u?P{9kx$u@V^3rO?!+M{3W}57E>-(VeFmu#psrm4MWImN5MY3W3 zVUb-MzFeQAPUzB(4t3oOdVCq-B7l?N!Y!7S8*1y7Zt3K8u{6ZePm2_0i)&|w7yNS_ zw*r*sU$PD9O4G$yi$rhg4JHI>xVn9kXH+66U2U=JuVT)EXCDUf~uDakcR$u(x9^6&zNSJ788!?}6%tqeg3*NY4i7yP!M8DBme-O>6e-BKh7&j)Fpvwcmw)NR?_N{8nnRF(j@K7?~*DbPkZ-@nDkIt z5`Nw#(&(p)<6En!eyfL`mF1S-G?@2Yl)hg(sxLQ;AVR&JZ@nMUZ+CB$+~6BRVRwju zUno~`H=Lj!SsOv#F8+yUoUxp-tg(cgVjD~o`mXZJovz00@1@S~c->Qd!)awCn+Gc< zT4^R|O@0$jpJWVwN!DCO959`iu*e99RZBFY^n~zEBQ!pkLw~hj?-%ew@l*0PxMJ%L z-rFlzK_wO4CXUYLvvaqIrDJqXWN6zYZ7|115jG7T@)BZGMvdb)TDq<6@ipOb8YCaK zxqe-IWYsH;H2Z)BJ8dy{x@J9j$znh8;9-Jes8FjMnRkI|ci`rU(QIVpKI{_<}FEv51_3|RU85zN_=zi+ug`cOhmQFLIT!LbMCkIvWiJr1qp;UBlr=vj;Zh48Gav?Tv5Jc>B4X(z9 z8x=GiMwN+@mj6@!qh921;ELZd6l;rqxt!F zv_&qf@T6uxTg`NNOX2>w^m?TdOGzXk5zDqweFnr-N4bi)HG72il6Edz7DO=}%lO_yX;X;<~tDVe8*Ik3kX@E7@B3 zEqXuT#}t$ownogUY%Qy@w=#2&qqwd&LD;_&jPML14-h?8Pd0Zy?l4;nN#?;(unX(% zQP%AlqrB(N-u!ec=ur9XES=7-ntHrp8DWEM_{B_})e1|yW5EVXcitBR$(gpnr$7hm zxKIZpoMER0Q@02ru_BxBQDzvOEt7SGBrknv7?AGkPgL^*1N-MQqPzz#JJ*kck9b(- z*@G)P$DAk6&jTBP4oH_ASkvavd;K{AQ{kfk^g~~mTB@|`JmA{r*3J4?h-`8ChU!@o z(oP&~Vd&o0FRBjMG;7Lb2vHCpy~ij1u%FZJ>v`hTPVt_Rqkobhec*46!@JsR>l%^{ z&~36uUHZNdxuna)VWt}Jn$B?yFOj8{tw5A%Cd)x5AS}ob^&N}3+5Fq3GX=oYk+__G zwSqC=ioGx=jl=VR=7Q5D#Tt{n^fK>(IXp4>=r+Myc4ObULZbc$e! zLNwTofrXPi;gaH%Ks6wd;)FmQ5qFhkW~>qJ)w8{h5*W(@xKmEuCNbWD$XCq0H^w0!ISA zb)PpB1$d~{bnYH^FZPvGahhMIv+Np4pWO_MkYI1mlddUflUFzx;95?qOUTCvet^k% zZS5Qn`q!jPikBf(5>`IFyc0)!@^1|?-2USv2kArjQBX8Xm8RUp(NbUuOm$LvGM+|G zBw09c4pl0Ngd{RF&7(rOyK`FT8O#z&MY9!gHB1UY!iJ^Y%MVT(r^!phUt8JsNVDOI z7c#PI+)5zoQ`Xs5UEe)EN6XaFZ^YS{UxeF5ZDh6j$9ZmA=FcN*(MG9joLqh=K;0o? zdIqDdIg=$*6Y}v$C~&-(&9Ifk5hLNHRbWg6i_s&rTffyVP|X@1x(C$e)^JdIV75fCsflN6c@o&Fo&VB z32?ASRpe$AjZP|W5u$hFF&y(GI@wC&4Y$YERxmO8t9m-g@4|dQUSLvB)DB5v&^35a zx~aR;&`WxM6$AY{w!C&YH%2A!AmPE4kJP^JHEWM6%JD*w>yd!i8|K?}QTwtNuL^Pb z;ejFb73_kQO-uhy%m?CQ1K?mZFrxm{)`5BIZIxkr_(1oG`1uLk2gG{qFZ?kJMrZ8t zNjpu3GrHqq37(%J@P?QC{@1s#D^Oe}@^i7HDvpp!5tQ!D`i`QtzDg+8H3erW@`a=Y zHTt_)RQE>etM9rX50r5u8;pZ>Mh#0`omnAZ6QCljB3C8d*BDLEfILwFQ-DWXA2+h< zOWOFR1~CCv?3s7H1uLIkJJ>xtI{GZXzKA!;igQ=4N=&GbdZF}ygKX|{Jv4W7ti-y^lE2;$Rlsmj{6^T!s5e>6w>bYU`+)zx^P?O#%jh+`hoq`3f7t73w-qUH&wi(45|u->oS^6-tYj+^5J_H%8LQ_xo*1VZ!cN(=Es^i zz~{qs$Zgg3x(Le0l<`8XK#%E9r9D^H=F3gC-!1+Ke#dD35*_Tctz_eBRGi3{_q^u1 zm+ar0^DXyszIPFJYhg&&WzDOB@AHjK01WEqk!kK5Z_lvye;{;XJQF`c{ko%MzPh## zjiZSF?Tqx)#OwrZzjuC#oEqmngsY*q0fvOP`U4d!5Y4+mVpT^E!(tB1AYkn+Zr@r! zN2F0@Hj>nBHw7DuIv6q{AYZqo$L#^ze%pM<;Kp+6&ImMB`k*R&Rpvn08tvS%+ zj}|8evC(;G(liUVemB$ka-U}bW({_(fr&&!ckFH^ope5AP#qPCABi*6_Dxthapjjt zv^etZRo$R)s+Yvie9$29TLhSTIcgp~F?I6Xm*U@DPUG1bH(yuWDA(d==c{ZX*;=X2S=DWX#CiX-W zpOH{~i%rH02TZC0vG{#phVVj4w)yk1S->yT+PSB>B8Pl^fvC?@eQjYX!Nzj9iOxcq zSG=XdCtAkpf3=_fCX&OH+>QH5o~b`=tdET)H90hpH!| zDA8X6TyU%#$o(G|%P3no!Fi%>x-DOb^>shm{63flK1|-WVb1^4eBtrw;RM_q?fANV z71v?;x6Ag$TOe~))x8zeu71N_n7YThxY#6RyuH8Jn)qe$Xw*88f6yL ztLHyy0W_NR1Uz|V1{PHjxg{AG7moYhQH9d3JD6YpU^6#2_)BygB5pXjbD0Z_ficI3 z{JWX|k9xIMtfk6=ZiV7BXd~R`l-9bOQFTVauH7Hmh{Zk;y*Hzg7A z5gOlt>YNvb#q;&Y5xM?Ly;OwG8;oUNM5qCN6L(_Z*8Wz9SSGx_ zL{AuZvtTSxYGB0+=Q!8r-xY4s_!+7EB#&nw=FFfinjYe zX3z3l{k`J7yx~AId4Pix2Vr<=#a4yfbwP6Chx0%ilL_s06uO36re&oz!lxd$Cz)_*1X+BBjeYWK**3# zTT(`@9F6_ng(>oz_%9hA1)ivCQ0CkiE}p=F54S+4kN#dmEtxk2Qe>Rg#40v1#y}WX%o2MCEp5|*7>656O96hQe7U|L?#1P z&{tM*LlBWtQa_(6+E8oWSh--%SC8Zut&Iila;DYlJE8b+A}aP${9OqFoejXocYYrN?Fzxa&eL)mIT14IWHl&or9Vq zveI=b8_eVF6L?N4j%V!q8$YJA>$o>yqLnGP@2CqVCB6l^7|cxEQQw^ZHm2F+$CB+2 zs9cSISY3<^`pRW{B&uQ72~RU&A0h!=aB-DKW* z@HV54EDxJ5r)?onxi!`XuYZA>2mfHsO^|FN%Y=4%uB26@a=F<-(O7s^fFK-;0o~u`wN6mkBt=I56W880&k0rI;|LbvPD`}8zg z-q9`{BXnejCw9r*^(zW2cw@sRVm9XPd)M1#`RYjJqlIHuug!IuClV>w1vYHv}+ju6l?73txtb z7x+Y`vYpA+=*YZVxiqPK@Vl+3_-7VcJ28E7kga~;)0~M~(!F%Yl6%FfDZ`ma53|0b z4`82E-*0C&%skO2P*f<7d1N&I8Ksdwn(&6n9J>&=!Id^@)Jo8VgQX(SMoLNJ0kyL8 zrYc`VORjrludv7&j@Sppg=stek80HmOkXo97&(n2a z=cxd0e*3~r7VOE_=;h->(&~>bG!8*;+zs^p7s7obek8Wy&pv6|wRM?Vbkn1os}gWk zuf*AgKm8m(Ig1R5L$u^-&F}}Fm9n)Zw6ULGe)gtMf9(Cve?WvCf>e2Azpkz;-}=zd zye4^GKk-5fc)?^*?lD#~^#g5>>vv6qKHlESQ&GMNYbd7!zTI;X5BIH@+a2f%1YbWk zRkX3=4=i_u^%{$Cr8U`fqE~tsXI5Mxx_Z_VOlva|6axnRd)szuUcj!O@`IahZLn9* zHIgW=4&l18P|}dCW=+Gqm9NC){1@IPj(xv;p69xv!6eZs+-HRI-l%yb z3u*_vXiVjqb=8E1rQcw`ik+0a7?5g;!d6Z#;9P6ADGX%;E+w;<^9_&fo+^dl+qg5~ zCkZydH_Rm8O7E4FZ56zcOix~N&iVqdjiV2a@!j8(u=w2WuzaTWewxo68Mt)^9?oGr zF)|&ry*aIMZZWLKb%85TZo^%1wg>|iS6@dCaN$ZFzv~!FTms83F@NG9Ycgf7;JPDh zEv@@N`m-yCX^V~QmmXw5a^eitB?KoYA0q#@V_5F`KqDA|Hd%9ZvAL(z%Yc+wx~?iM z#txY`o&U}~*N8o*nIQE*xoYc~nB@EE$*~iS4;nBt9ZL~1d1S7%hVBED{)4h@tvtgF z@>)XB`UF|DZz$e?bq)fPa|G&$#6hpTQXH){J^KN?Gb7gq#8ksFPrAX zfC*M8ArszEX{oUYa*4-ZFAe9EK%;tOB`#ZaV-dOpilsffm!_mY%cM-Mbn$yJAqAl? zTon4V$W?S*7yB8-`W-k0LpAC%f>)f}P&+!Fs2@-MDkU1Uzd``{@-n$JKjYU|)roc{ zDHyg!lDQ;xg7+s*m}?!_O2VV4#hwQF1yB+T!$TYBLP>Ssb+ zwnH;CkxD0=9-JhxguyrqlYk?~z0D?CotOzDUzF&3@BF~0AM5%MJQNo!yobkp_Vd59 zQEYhg|8WR4bdh7Nht`p_DkqUw`z6&#>LX~m{|j?cW0)l(f<6xliIZ38sDNgu?@0a! zl%=+~einP;=80_Q39UH}*uOjbW9}AX;dHRHV{@N3d@k^CmhMRkYOFHQI?yQdx{d%* zo!8%{s1=o_Shpc)*QMU4f8H{jmwxj6AHuFFNE4XLwr$(CZQHhOYue_tZQGc(F>SlQ zwr%%6|J&B?!&aqIm3x!ANgk4_+;dI{LwBLriA#xOFJAJ?k}7vfk?2ySvEckfhj!7w55eIch6s1-{tkI38?9Pnt=6~59p%xzAXSR zM8>rLF2^qVJH5rgFjCDVy49BUFWD+dinm&@wj|Zv0b80Eq!Pb)7H_Kr@q!qOb4rpt znB%SXxU2cvkij$7id)2TkS3wAMv3k(t-+NKlRxcj&&-XJay%t5|G;Ht>P_#pDl{3Q z*6q|;<3wV+9=mg;dN7y|2BjAV%edF-l0hylZ`$%FlTr-P0l6u$L|vNn%sR=he{`a# z8TV>)`a{cp7A1cxQyuneBa7jgEs&xuTGn}D<$#YiE#7ludt*d5Ui>#r7m+9?d86N1 z$(Udu>olg40q_y#rF-sGY&SewJdq{g0mq97Vbh;mwxWAI!;k`IqG;zmjBfE8-|H$m zf>G_yT?M8nXwA3IqYlq@ID&A8Y0rBXr~Gf-V@r*jL;q1uOwMBc0Bk@xqxH_ORME%O zSvTk+Mn4a@I!Ype&$4hGFHHq4p_&&M3gCuo@#=l}@?C?5&tL!+Py~lDI_Z+N zE#YL6S6G9)H2%9|U`3PqCfxrYU`L4O1!kOcpC;WA>#_VK5fjf}==qOKF4*XvFS2)H zq~qRjQno=Go+lV#Hxzlb_5^K#U#e93uQGQXqJzKt%xwE$wF~yBCCUsKv z4?8rnIG623OL4kP4Gh&B7m)9k3ZMY8UV4GK`0VZ7kGZ$e<*0r>M^`|TF56Cj6pnP{ z+P{d=vNSY=d3Qe%XbW)g@Z5YQa`4?mEZ!oRUY+LVGR6|DqrmPJZh_O@M69H{nb-M78BE^yJdZp?6@4EMH-KQk}_x`JPdi4jUK+d78gX*S z&5&tP&aH6B!|;@oZ2nC4YXNka+UAb4*(CpmvYB_x?LL(#BwiM&moa7}-QhV@Zx)Pw z$4dMDMXR@Wvhqu;MnCrYPAhGKH9lh!z4>L|AODU?al+dQ{^7!CEO2^zu5-F>63d&r zPwjRK$)?&ehs|_gk=x#-9pxNL5CUeGI;7frfJ36m6xGWzszh-j}U*kyY#O> zjMe#|oOOd?`VsZYu2q?_*6SkI9thqZm_Bpq#-^^-O_l5f+X{K|luW=1XGbd0_>J!U zdw_%cuP?*4qW5)8eZLngkc*3uhnD?tgIaCSX2mR)_Nct}GvDGK9m{1R-aaI@`qn{b zitRl}if39fiZ=eF)8=-Yw!B{DU&XqO?_L**^D_p&0mM*_m+pj&t~prOGl}FCNgLr@ zdWLLV@n29*@u$N#Az8xW$5YMw3nxVWcytbUMo&|3Wru?^)&BGA;9!q&b4t8O;Vl(q zN*t@I1x$bZr>3{a8P0^d8eZd2Uivp>oxI*Me)^H@CpmN+;;&>x)qta3A`n4kyLFwu zERAKm9R;E2?vBSAe`)aT7PD`zTi9}79UaIeU2)q6j0w-8nf^ifc#Y4sR@%STz3%Ua1Vh~0M!gWzytoTum;XGr=6r*8 zZPP+Mr=G^OeX*_ue|dK@Hew?_%I5`L_yp1L+FPi8`JawoG+WVldtp9(WUwy3c|gOYe&doNAISnAG(mnLHk~++DYrQe9<~Cty+Y$e!8e zT|J`*xeHL-I)k=~siu-1suQf-(Ud>XOopg?q*T!%=T3a;>(lUq(m zg!HvHM9r9f@|!bcpl;7tah65uud?jrz7iTyG>JfFsv}+~+wk#UO91kNu5Fi5ZwT$~ zKlF7QK~aJ7=^YwyUHFU9MjvUZ*;%tl9T24df8o9sQam(MFZZIvtglruZ$oP8w~m#Q0S& zc#2s%@VFTI%MOP{X#YC5zN9mzd=j>;n3>Jca2S%qUPfmr3fN)C({*8+x&sfZF1j@E z+Ot#IbUx&$8Q$f+h#Z=&s#{Q1L&-hAONYiaXXwLMY)asg-1xWj_o$f<=l0oTL@}|iRM*YnjeL~X6^c4T)u~fp4-v*`f`|wa zbLI}f$Y5^3ZDIvy7o{rU(LTZcIT#+Z*VZ-(0pL2YT~fUFLrSu=0Oe*WZk2j$9?TyG z3lMd+h|L8APGXAf_K?{zTvyg(vZ2i)ai3e-LM0F{G-FOy9{mXV$ZfNd{xCvW$%t+< zA(OWv^|dWx#-{HbFjn38MqluE_IR6|{kf|pZW${o?(WOAvd43&hJV&4x@p?)0^0&D zL&oAKxhyHo^Y8NyM6aO`>SX6ki|^?gQihI>=&>ufolWM8fsqaK@S-z$O%BOx56X!+ zIxjaij9RZMjSK0&f{bbAV5SAo(&(C$7E27k zOuSGE{^1p3XjmNC^;Rhupq!b+pAR)#k6cb|~FA;en^j$DtkWyLZciNa?aEXS9@es4J33n6)X* zChMfkvc|t_Ptbr5Nu&E@Q#&vdK^u=6f{Jz+Uc z74j;)n&9NPK8l+bbapYj?L{m+9udAQX=NE)rvw^rGvGa=tF)y1b-?AJ?zVGPex9n; zQw~`NV2T_F!)r;}UcAA@*Gp%Tghp1Xvy30Syq7ltnC(YI#rVT-`6hSXR#WYS(d>l% z8DO~lz`PO3Sh(K3vB`Mec<`i`bBy}bM`WA->;d0p{Fx}{$#|Z*eQ9I5`jYF5oO8G| z%LpT7_`9MC&vf2CZ5t#wi>wct=i!Wr=dgcXUn4lw5t|W9%0QAj${u%P2ZNFCm+zlH zki67I8h8E+zn{DJjYAi1ajA7^1^TaJ{_yBiR{Lv*g)c^tf=>No!K4E727JPRU=2Xe)L1{Er-EhuGLHb^bQ|cb(R?7-fI2u-MS@3M}yKxb$)4E%`}a!K?l$Hx&vi<7zie+hG+gj=6wts9^m z`(Jq!@89%PO*CP)+Isgio4;+DYrrU4*9DQUskhwvv1{9WciYpm?ihLA4;Y}nUnP(I zouO5P@sUww=8zd35O*g+rVr(zZ&QVJjd4jOi0RuPJJkC3D8{Ig-n(KheHBm=J6>00 zlMd|}rIP|)#u0ndDhQK!wSE}8{ZXs?Ld9`<#~2HKEM-ke4RJpFxn}=5*2)x|vNT&8 zKw?QDe+gUe03&(!!jXD8O$UCf8fiPn-z*;S5X{4VTG)evz;+42 z5x_I*ZYEPB*easRjXh0MWPHD{h}u0^7zKOtN@QsY9CH>b_5}%slLG`P{Z+C0kQ`=9 z2Kt!y_X4}Iq(62B^T`UAJqQR;x}JxUK6niY2N#ms5MSl1Tk^JxQ|c{inK|`lDMojU zetFS{6TfBMmjl)rd<@M#3I&~vfoV0I3}F-W$t7K~{Ndnk#yhf{9Bw+fu~@HR@kaTI zi4oN}4QsaHrMf94SBFF>o-hHV?t*T(EnBtJw>`8CyY+=(IB*jJ#fDSGzv0MS^U~qY z_8wS1=mlpv!gTkUXu)<53oV|%Q%|MHd^jxlFb6RFni(EG;-rnE& zC!nGlkA4wvp6^F*q738rUAxQ0{+L<<8||mBmyFs1?hcU*X??PtS}?{r^+RDuzR38q z-$A@BQx<6qVEwBXH1+wLH z=w_j3j7!w8g!h^jg~6QIArXe1VjpF7#_&v9Uuf-EED-R?NQWYy{&^~U)PfhZ-fE7f zi+9-RKkj}6-Ft+UzPCSjNi!-MA-jI9R#8jGPQLoogKaaUej&{Z$R9us&@l2vuoJ#F zA?wVh-Ss*J+F*A4LsTm&P$bWBP06#c9Zd`K{0m8Aunwxmw<#UA1!=uzxAv2`!8|!j zpZy;&Z^xU&i!`A(B`5+Ivm4T|koFf*jn)Ukj@l1VgGQ>E$3iB|w+AF0gD){A2kXHu zEXEkbhGFc7$gX-@6he>SZtC$*#>M*zCl!_@vA8+I>tG#ypX4Ozj}Rkc7|mZd%9*P-byDbknJ%i|<+QZ?;2(|; zYjiCDZG3o1>!0aS@dJB;>!5fz>5x9V!0V8_d{OYj-hh2ftj~zlmgI(HYvc{?F_54H z49DAzGUNBkG`}a<-Q~Wr82WwOu6p$2`=B#&J|rdN9{I=pCE%TeQ0iT8Wo!t1sXuTp zpyjAKtmB$(U0r>GbM3oW0bvZ8VIIvB@Aryd&P}*z0h{OEfn}07J`HyvCj$AL1A>kO zIdP!`>TL`dALCp$F>gHuZ4Fda0k;VXKDm=b>I^ZhNN?Zp(kp^2Zy}VXE9Wviirp^; z0{1FwCj;tv!udBI@Yn*j`@Lz3f&{u_-3w+lz^`tCnvlQ$LgBHu5}kKNME}mKY6hcV z=L4`T=f?dL8`lfWQP8*vY6qlv1!5;O`3{6DR0h)k%zcs|{m&) zHN0+5LL87FYV>3Mjv;uq=DUfbc5`Uq`dJ8z1^%6JvT^Ks&`2Pmak&Q3SK^#=(;5&I zT*nvT@Id6n)O=C09v9E=THj%|Vz|Jc2OY47iS_H!N$G04C2M=)1;2wTPOjpwR~CG8 zYBlpG@h*rQ@y;08Iho*&AY|F|2gAKkn;*NN{MVBw0Yt0((+(}McgN(*2V_0Gf3gz= zLdu`9b?++5I!BJ}{N=ubmuAC<-wbmOawV`W*iDP-P}Z;V8*Dcf=_Ln?FIEhVd-Cap zO@NEwQ2$vb=z!VV7tHneURo*H>{5%ZkFWWU=h?@RB){ExUSIY_b)0XkQL~%7bdd52 zaJzpnl(ur}&$^eC%M?F6y{e|NmT5X&k&Y8Pk zm*<%4sgM1PV`j~U)`^Le{)lsj*j$i($gdo#f*;#Vv;Fo%Kreh_;>=q?Uj5s>S-lc0 z7NPzA38$e#-h`%k@kj8<_q|5mjK({JjLHU-)Hn7)KO1(4eJ|7+*Mm-ZFKEZPs>*w! zA%(Z~j0=7*VNv$p`{8w@_ojhLs1=#)jL5=UOl2mDH*h>!al?+4)ZH;u?Vbr zr{0?NJHOs7%rF#aY1&et((a3*_ZRNZ!ZV*~vW>Gwl&mV6w1J7$)O2dX+F+`cY?`NX z92(c@G>p~yGQ$vcV5*{FCMSVYU|>CTrQ6|vVKLT2qpcCOqV2$0X=n&ic4%Q`Yt`XY zwXJHK&{9(VQ7B)1t^Yh~s3{wm(}Fc@8E84G@)u+3*1tn zXvvxVk7uevuBNVKKS*Z0fM&c@q5FXjRGPX>U&0TT!7!)N zSlIGc$+#VxMh0$?=JIGnUBuz-a&j(XeHw&6LeZ_L|xP5FI25jCi!pqqOvtwDgT* zm?g_t^J=C}Cj=YW3YuK#g+iB3UDy*QdSi(;@H3YhjZ<&zIB;Zj5o_mGpdPbkHB~`a zaB&Y>t09P7tyt+y^R`kroE8BqU>l|e5#LOCqs+mOv_IhL7^mlf+7m)cF2G8Gy@YhN zCFz4rP0`%oM`1^5E@kExVMdU&)NN>~Gjw#Qe_<_kqAL>$CSkp9Aa_NoTb&qM>_h|4 zI*fEGYoUC`MmLY?VM-S#X=^ZSsIph%su*%8>MIMX7EGwyG&P)uXfiak%=ex!G|*Gi zf|r)T&C!80QU%PAEz;5^i83ib(cNeF^j(IgnEhhe1Ip@dKOXjy!SmG>Kfca>4y0RBgn6qX*w;B=!1TDRtL$WfsO@-PC=O&2Z4t-`TzFLR=K4lfp3Tr;;^ElYymY62CqX8;S$~NU#Ta%UAhB?1Nuj(4tb|{iKY>+ zie1#Tb_A?792M8Pu4}1}oGD>5FyZVu(}-Xd99|#(2%SUp5hcK>7p_70UxMK3ugxh8G4vYpZP=%@{j=1V#8{A;Mn)Bk zy)bSeu*j$htQhkuHYphM{pZAU)NLpNvM|i@I7~h4G939zbY@^vdinxU;#-9wj>?4kA-+~jM%$j;pumRj8njNel zsFu#67n@sLhYZnr9q^%FiC;;$n+%^{!xPDP8@X1o$eU7?j?T=}O1&cXLkjKqp#)O~XtB*ANrAd@p?rLh6URQ@KVDOp~rikii6WD?v@N}yUoUeYX4VnLRyAGBQ@p>6PYw(H}s#tvQ zUm@F?=b5a0URL-Dx!;(7-tX}&)E$%Fn;AQ#JlfdlrVcHWA%D2uxTbgmGQDFN$Weeu zx*#%^20;}uq62zUwiez00cC~sLnDm3bhjtd_oG^Piy3 z9t2bASV)LB=g_%;Cps*Va$4B$>tQFn`%9~aCEFRezhbRYX@rk2GGONBrmnl!aDHb7 z1a&AFfzpHZ(_SiW^?3o*fVpWd73OzJl`(w{IGY@UcWy}I zj9m?@Zu(v%L0NW{AGt(2aBaU80bRAdRZSBfOH=*icocoO4W}@!@6PSVPhod&91);9 zjxJTjc}T*=M4e^?UYFUKm-!!_$NNi+VoS~l;et!SpMp4Wl`-fCQ<)cBXCAm?F z;=;Z!AX8(1I=1@=?2vLNc3iiuPNJ|%Gt4~b6XpFiE8+8d0|>D=Ggl73Hk(;k6Z!{N zI6)S~?r=D5Tnk0X(4fL}cFg~0%$_XICF_EAjdED^1ot5YzxrJto|{77$KwGHi|iGW z=iazin*Z_zlXDd_uDY=^s@P5S!3{O8)9(m%I@em-^|#-Tt5@MmB*4%mw~r1w_GGW| zxc_5r&3J+KZJ$)B7w4}fgqQM@@@dKX(f{REzhNpmrm;QlpPkUD-(LEXWDkYmt;ifL zYNLz|v?VmRphv7eyl*&ZMXTuki#qFwn-p-J)d!;bnZ5lgCNq7v7*B;zzx%d8JdUS; zHMxhDS4HOk(j-Q`JVu-J9P|2|IG0qes>?a1d7k~?tudq`FXg-X8T;d>aC6d7GS-YY zT7CAacX*4o_j6_Wa>6FbITK>z6=l|)L+&;Ug>%9?CF6zybS5D5CJH05*_ba;G*1I#PoY&hYuzbwRC$C)D z^X}Q(hgR|9){RPW?4c#JyxF@mvRv`bjb4%S){RmT@%9l*arS{N`XkXSZ|Co#03ZI} zMJL5`nly_Zw}a11r0&e2H{(;$d=v%EnMGN~CO3|VlZU10#Z*51p~Y42&ct$fzU`sK zVm|)K#nWXv{6Ep9g!gPw2k?CIx?lNs^{+2vkBlkY7f zTCy=jFl{7J^nIZ8D{`gXu!-FYJ*ei*!{)*^D#bY2LmlKJzhvCXkUHatpK&uBMNdmU zCy3qLiQQDbL5ba-h}{rBBMykRP&X0^pGl7tp$lPK390+ILK#~6N{ZpSbB{)C^mv zNYoxVwD!g3xM&s9~d1qYuj- zc9@x*6=O(UO6()_+p77%5U^GrQ!&Lm@U2| zshsl?rW$UX9axIZC)w7;<`}N)@>Jw_#qh8D|UV0 z|1N%nZ}!;jcM_+$vklBZ#c4{hv_kw?oDa5M2$!Z7*@pAkeZXij@fF3?dU6Up{h@6= z`Ck6w+#8W)(X+>?=5+7j-fvd*4?dR$L2|+*>Pi85b78$z}q-BkAd7vIE1j?Eb!uKTwd9Yon!55&Kx!!p7pEVN}vg(#ABj%bn zYGn5og%1#yTiB=`gDzrVAV(2gs%Ggfg74Lw*q8_moE9%cF;@x!?2e6E{5bP(qQ)1S z5213~nGxK({qScf4j%zx#6XFwnDLnr4ch|c`e*iBRwY;- zagdFGI1xc~@ww(Lp0ID4v^dR{SAra=9+60Vgh~VLs##G}`r*Q7B57KyO%Ms~v`B0l zEMTk6s(K?RYRjs*CeqRVfII5HH1fG-Co|KnRRhr$)zQSt`XJn? z)ybOTyHp0SKa>SXuhPRmKvC>syIob34P|=C-4RwV(k)|TIvPUkc(~ub_k?20WXgqU zA!<2~`dBi5TTQy8$gaSCD0gqKv9XCFCEpAcdb6RL5`o0AP|03_wRO_fguv3IcGk9p zOiQ?z8I=<5)pL_8wp4g+vy|^(c#F%v3w0GsaLE=J9f!YocNtS0BO{_7E5v*lnz&Q7 z!POk2qp3=wXRp;2gsp#VAhkhW5*`e>Y=mX5YcBK%gI3u$xSy${YW>hb%%lnAv@ z#H~4cYJpSEE!2wW`yr}v6SIq%@?&=MXKhDP+RBCI6WH@;EHsebr_JcqLp2zCQ>DoA-d-m)>0C_9S&0@EEe zyG&$Xu;SNy9!~*eYsrJv6X|W;y|F6A7X!^L_ow1FjTBu)+rUrOp0q#_SMjk-%%YUq z;|i@2>EjhxMXQHfTQl^W?Z=?g!W1!)co&Lz z6-9r+h~RrwrmU)2)-#n_rMHwH3&>MS%*=-|2ulljMV2?1nYBAtz?7wG;4^N{8ew6M z-&MQTCPU4Xcv^J_ZmC>%IXALQ* zyOS_3x2Ir?8%Ar5yPeU=nk-Dzxv`5@Z>>97uo9~Tlht|(@_%Psx@I#4H2<%xXAii@ zZw2nN4IHqQ^LcYis|1pDo+=*M4>pi`C3_0tRszVWY8rF8nXIe;D*@5ow*7vu+=o^i z?tqYoCs>US3laq!rZ64l`3rSg?Y(w(o4NQl2-rSR8RQmas=Y2b(G3l%C0{V1Jz}mE z&WhfVL7!;~c?b-D^s(6wdV-;Wl3)1jecVT&>+k#yka znc+{nfK!ml;#gE{-oq)>`S z69&KhyukJv_19H3H`aaJJ$?ZZKWY}}aL>O$SS$Os6Q{K#DeX|y>4oLP`fwVp$SN$i zj^3BX4MnZLSs()JJs2Z&p{acffbVb-hJ>ONF~_XS&bco3VH4?$Cc}S5)b*Mpgb?n; z8OG|@`aS0fhxe!=hXkd(r6P_Ng)j+8HyMc}Bh<(3yQS@xYR3LjnjA@@%DQR25!HNB zR`KccA~5YUvh|o*84jfRm*&t3KXI)1>;1d>YnS%V#vg7MIvf1zi1LsdQ8&6lI2iKe zh5WLoUu~EADD?(j67IhKN#IGve@}CL2C#qqxZ(K#-=&mQQ#n8BZaxh!H@}{!|HOVP zNftK?y4Ag=%fOr2BOYWigQ!zj&=f@jFJEi(;o7|bqbavsBnZoNnea2fncg|H3JWUq zh#k@_C!DM}VLs;gi(KL$Uwx)c_xp6Wv4hY5Vk*bQ4)g&xGu8T=KF}@}EP;Xow{}Xu zsP?)83OGcridAyp_eI$n`c&c14%PQ(Y}qCAv=CWSW`eo`6srTLX&Rf;`&P6W zjaU}0KGH*;Lz<4XgU;PM^jn1Vzt0(0GAq!kh{u$zY8z4y=pIly@JIg$$PH>t!jmLIPo0V5dCW8dKGAO5X9yU z3N~2#$~F3jyZG-ZwBaolX!(}toz(Y8T_;>9d>6ZDn6C<8Oyp?fr49*o*NjV1rf%S# z3MN;(*3cgK5{*M=yVB4vU>w!h!!>M_Hmp#MSm~l3wB@B6E)K*D<=CUOa7SzogLiG!n}`+R2W3f$H@pHaFab|4F_o+jX~P~&qR{V-L~;|m@^Y3Q!d zOxA+K8w4hkzD|rfXvKRr3)5jrhKT0jey%0&TC1MNFL;HM2Tx(5(o+Lrbr z>N*mm)HaY!??f6c%8E4NO~%Ua%<-okfv5|91*TZZzwGp4VwENQUkHD6mFvLYrfe0`)-iD!r66&&J8DiZsCPtk|$_XuB1AA0z zi7&qxy zbxP+3Lh#!pH;cqs*!v7Mj-aAy!jR?(cX$s?Jn@!js6@$gQ9LU~mA%9^A#$k;ywP)Y zLX63G6bz0g%&f7~HjpWUSDseq$F&y1 z)f3@pc9+dYLB53qM>lG_R!AR2p8$t0kW^>j#%-xz(ngm&yZa&zYNHfXj z*K&XS+lv<+tVsW$A0aAQ&!~ajXNzbfmTU>BXAeXt@v8K)mRJ$$MaUCd%58iLk_g(Lsxd zM1&gdm6Y;{BBSw@zyPZK_h{(((NgG*A78Umnd@EIue%?=@&zg7xK9KvEoO4KSzT|o zhbdx+Rdq5`+|&2j>g0mT*iX~etk}Oc)prSMYa#2f%d9q#2V8aT3Vz9-wjAe-x1FCN zV@U|sJw=elXQDz)Bjc-;^ib@> ziddURaK3>I$4jXe)GnxVx*RwTLJhp29re=Mdb16r zB|A2sR2~tJyRNL_yYj(5vY#}uUKnVM_FY8Zw9^cHhYnDsaXlJ;HLB}09#m6$r!jHm88pTz7BE^Ox0ikVwYQBGD{R~^}GA(v}%iPTH6aI%#o z<<8;V+41aWZ3XG6JXYaRzsa+@C66M%c*hqANC6F*^O-9 z1R_;5`r2}rY|Vw>3~W=C=SJTnki?b1#veNYP^tW-@sMqBA(BSeuNY=yC`Qq0UQNjbRzsuNddmFl^+6bk)v!m|a zQ`M`lI$p-`2%D{vS(}YHf?LNVeDPDDb@*LmT3t%kJkzKSWMoa^;-PIfeuW&8!+a=i zBopbVk1VnR%c1XJ_z#+=46WPAstno@1FpZMc>`AwFeYu^`Ym8&qy%|dy-}x_xOLHY z!1^_ns6>@hhGtBU=9#O0r@-oCy?Wd6Knvrq^PVxTq*BrklO)KfV|vnXm$K}>Gtbh4 zR}jFyC75ARVYUBx%ix*q-teH*CbIdIqWwXvrGWm( z0e?*Bc*C%N%b`K__fp|Q6g$*o>ZylkS@cv|${QirdGB+~_>&;^G^a=Sd_IStuGDu#wjD8d?d|e;coGb{(0*7s(d2~pZ&XO7ikDT$tS4u;X{Vs%<*@&-Km~9ys!IB?076Njzj$ifHq*?;aWPzr@|> zX@2k~0(e7f!kq(nbTlOGD2wP#GGY~Q66S(+R!ZV*w0nuA#i|L!--aG}^%L4)+h79O zlz*y$)1~`oge8fnAE&>_AiC?~zgnYQV^us~AH9-~>Diy&%cM5<BmE@NM%&k8(mN=(HBHXK_5@K$W7?1%fHRFp*cIX*#WSLDrB$*L6l%slJ z>!uCAn+ytY2kOx*s*y|vLGUR$e1{B39^{@ict$a>H9IK^@M(y8Ck*i_%%UjL2&YD1 zHTkX=QoIN2?h}raSST5CAY!o}KCpomZdC*kP9-p5N??BAZ6rvyI_Ls9SRzzEn#%-| zOCJI_A83&!`z{Xj8l>~Puq|+h4(P(<9=~zn03px9-7RX1xzv)mFH;ggV+br?n(@q1%A57B?xUib@06 zFH7!xjC043w^c5lYK9cq;za%kikgTqzCYL!9z3Pli$=#$VVkJi2FD3KnJC~QnEvsY zwqlf5c=+nv7D| zCFhn}yd+2?j)O?*%V#}}xh38QN?X51?t-J#ceqW5nh7HPxaPc$De)}c^zPf^qWgPW z#N*n)k@Z|}J>R#-J{adQUef`q2@&N`=eR56ZN;Y^?!NZPLe_j}>Mpvvz0STY4t&|6 zUX6S{mvI6NX=0w$(RkQUhblw2+ghZ@KvZEARgJ^&*eeH|k2iKEU)30r1;Mjo&`*7h z{Q!nWs|;qN8ie$Oexp7%O}#4OAma4OL${BmyST@sxEC+F1FCS_G>W7d+nfW;3qRE3 z@sy5b^WW=K{Fhm1EV9}Vmm`U>cTVX~(i*?mRnVgmWxd-t|+r zB>w`ac)oCaLgfT#<%E`=gJhH=l{*A~B+{gOuc9n>umCb=R<>L^^_S@cErDrz!-?0e zX7C(m5D8I-F0lQ)kS~-K9O#wgn=Y7H7!dY%OwG8PzxHaq#z&A_xbw~>B?2zbS#rd; zaH*X+hA_HrrfB131ttTCwx0J8?`5{7TdrSkSC=8+_aRzRu)qm&vUE=)vwqKBw}+K) z1vY;PNK&Vp(Q#1((*BZ}&&;Ao4kA%;Ku(t2tT&I!v4z>(BCrb!|BW;mU4kpoEH+aDt)5W$r&C z2%^`&`<<3N~P7_LP8@Wn&_i^?}vkHTyzLJfmT0YUOZ+sP(ZlyeA*^9jo0{g^a{^O549~S*N122Q0`$+X- z%9>?%s8#6IJ&JnomTbJ}c-*2R-L4+1bR!C1+!rAS{}1{WuTn45vjPivFOAW~;~$&} zvGUh%NG@T>FI*6jRT9t#xEDj~IQSn9hLWzJbo0W^2h4Pc_uEZM-1Ga!)pN=ekr&q~ zQhd*j2WtTIdY(1>k(H#%i5KqpQ2`?(B>frt$MYjm{Q5j?+Ut$bi#lJvEdR3p^q>aY zd2SChXX~+RW!tI$J9cyb$94#-a=z^L-%K|K_I7r{#n!a~inSpD@h4>daf|O=Y5N@bL1L;RN=rfE@z3*PBK=VM z(HwjJJWS{<;9E7UaJ0}G*xj>ODS}`|1aebk?A!{oU-FtCI$U~?2`8~hPXeTQ1|llmgZX4== zM9onUY5A|8L{Jbfn8gHSRpeza%V;#2pYqp-FTBIRh@(WK^m)nzRE!PIo^qCki@s>t z4XD|x^H*i8C$C;iw4Eqvmn2)EXv%ci`fbr^C2sMm{6o;+V z^YT>7;Vl79f5NhbXlXvdbR^?;La;5JcsGwArqt@PQvx^9^)@6^^QEe}y zEH9&ao`+AK#XPTJI(298C!sr2o&f{Uo$bAA3e(n4C~nuA+jdmeTe@z(mp?lWP#dhK zpUKh8RldKOnJT;D(oSK}a@`Us+Ex`K4$0<=bg1;no)*kZe*xyWHUCJ3Er|Pokm{$_ z=#_|^k+2W0)cZ%fB*K)&uz~&ult63086^lkMwek{-%BmyMbc&J?MWOgA0D&0Onp4H zsKR%^^(sPp;Ue^voZV`Hrj}aZ7kJDfe)U;)QbK{y=D{E-}V z9#ijZ>zMkujv4Tn4Iy_S$sIV!rSS(!W*Fi7sfu{??M&7nu)ThH+ zEigUOZjSa?&r?6OK+ypRxG$9*{3W_M^t`a+tmzSRJ+d~vH-vf)a6NXnLOLaCSWM#> z`7O73taBaMQd|wrJmQ`m#!Z&O@8v3K^0)3-!)XxUG1JDpsEZFmhkwVwza~Pi(Z$E7~y{>L*+A2dcPK7bg@1 zi_fd#3SHdNR-Bm2#mjVY4_k3S73ygh!VeII&6FK)|r7xd=`l9NnxgRV2`O(O@2_fTq z+BqbsxnCeJUK3^dc@S(x=pl~&l01CU&^Kc$Z55JLnhi#ZhYu|BZ3d&3G#GA-&7XC6 ziVxIptOsM^7!DNawW?5EE_wXPgz80$622I#Tr^F({m zFIihrbRI-!31TA>X?5k3DlLi3w;MS{NcBbV?L%S@BHQco${MdPlvPZxteH;F6`gp# z1TfNm8tsNPTrP{r)=UE(BH^-}p5cmlFlYx7^G#vQVp*n^`8BhOWhg1qo#wXyDx_A5 z*4+x`IS75IVST7U;@CqmI;%ruJEh6k0In*MqiYR~Fmj*d?xiP*0xxpnc78OYHR=7; zoJn?JNaq^u!bkSAgM7PPCYV z(B(g&)FS6oT9B5y#VpF7CNp2*@1L1#hYx@j(B-_lF{$clwElI3c4B5Mbq9#+*9P*j zioWs?+})Kl-@F2wA9QECn>~VZAib`)swq5Ng!c3 zjp<5Lj7Z* zc`kzQG!iEfIZlb+kr)WoEkMYuTMA|^yNan#!vx~QP3ZzJF3>iv{3#0 zgRzGi{6XXun-rlFit?K#+@}d!p|i{{B0cXa!o{prlJE~rSV@G(Bd@ri2!8_686qt3 z3`7jYli`E#dMP|M#cz+ zOjO=d%!bmVEY zwxc?Y4J7c#k)EfzGSUIizN3(SMC6=8s)Nc>yO13PkB{JbB6Up{ws;d~sNpFIwn#S<|XI_x^t{QmfL+Vra1Zir(M*Am2RiB!vRHiSr zf15kGZvibH1L-MXEYZ{%_ahNNEpcQ$79+6%o0_EvS@V!shuz1W-RVgJ0Qj~dXCwTn zWj$y)MPdcu78KBOip2114Wk!=?=TYG3Sol~d|x3kzNcXfLg;s9pgdRX|HnYq^3QKm zL-ZlX^o@2#WX#%YST~zqhXRB`(#=BB$(BazplTZf2&)xx%tnzh9U$;P;v)SJ972mn zfPWZ5OQI86yaK7auVZCtQlTUn(OPP8YIjza&q4DELg2*R)s-bTwj!v-0fiExjKaZa z#U&0MOIIyz5oyg;b*1()j1+|2F18tC6u1V#NS>@=|Z^@8gJk**iE$0(H?6g{opL6lz>#!UGC5u@5}5K8%`!NV`6aIt-B; z`vg(_2`n9X3@`T(t%z7&S?*Hvv46z!#pNy|(2VKY@|2m+Q-*h8-z-tX6Q2d(=8;y% z0^Wr!Lv>60aEB^7%NUVm+l9T2@;CdCS5i}l20rGQXum+ptb<8VHB0q}im9)tn#bI= zpCb|ag6t%qPf!A;iv5V}RaKlu`F-L$!4hvL~AC{ zV}FZ+`fU`{Cm}#P0(8DBkT?pO4<_(jx#bo;R|qf9l_0PZCt^?#ayQ>)!!in5fxi-j zPZ3xfB(4Kd!9)hToxvgnjoFF8?m&43fz@AX2NUhN?H<*hJ;ajlN;#?8vj;4@5dsg~ z6Ea_g>0tI3Z&7`ChSdE{5eR|TLR%y~n%kI> z7AZ%snp~~Tm*Hxu>O)qyg02{lSfTfU=1qja#TvXW|5LXH6?#jbFoiY(3O969 zKnwjrE^!zOsKz^8R&HNj=&h-S@z)gA+oM{tJ?(7^{Xo$4M)04wH7HfnzQM6M5;pzj z>zYsKnrUL0i(S?#Rr4kwuA9m=zgDj3;&W^@pGEl(2)TnmaC_qF|4V28dH<+Bh1_lKG@b_c13Pqa`frk^2N>avFSj_!mR$;ZF)(L zPIoFfwo&iQba{U4$4a&Ww988A{5yOdSghB9=k8YQ$B2D_%hS9+v%d${y$HFF*{zuW zRrW^6-Rsg{>p^ZOHbdgtsWnSQ4oz`?Be;WuQxkan?qDGm%vauyyqe6Lt3-;YL&mq< z2~YG7xx0K?6XX-YPItn-P=e<36hSEweBe$vp$Yu!*j;^%J_R&@uR8Mo!9(G{adxn{ znJO;b%*BJ(%$E_euKfnsPY12@X1_)z+1c}Ee;RJu0|0Ql5;HS4ocw zZjEe4M|64OXl`qyc*HPoS%gURpyRVVaTK>T@_O;*EO7+4D^eW6wGl^eFGh-^xBRE+ zQOMnq;>b-t*!q%8C+dl2!MYe=v!zH{07;)KiA7vH;NU(6g?Y?voqalwZ^f8c~T z^FQUXJ^p)Dq}esUjE?>#Fd#XWc}C#efh5pIqppVGZ@hY}nDhN!HrDl1iIb+baA!@h=-;#Wltvl)w@RiwmkX4zg4X=d48 z5NT%V7etzK!4r3R9&vtuP!jj5l!M}k^$i)Cp1Ybi(ka} zLuUn4R(z4lYOS&w>8va(?I`9ryEAS=?r#AgSASOS}MS}KYLxFMu;)X;XeR6d;T5!<{|X6r8TQI$4Cd;iz|JJfnIXWspuAHVy^I+O zMsp|~hNy(VenMg{h-NFW3=P&dNzN$&wjJfq64?ErU^M#{fN(c~d5|~*qLT`&y#}KX z^U`b-V9jU18=XOS&mmwvY2MOvQ@+}Wi~+%j84T1%1H~uHc`P^lC|^TBGeUr{`YYX} z*NGb55PWTDTpu;D)N4a~=xr1)uLZ+yP?o@JH5HaXtOi~yPhNaqMJD%HgdkSGTyeXe zF62wd>2fSWn8Blv?SmQW;`>-cE6PlT90@bk9ru?J>M>P$xAv7xPXxhegdSt3jxo&R z5$b9Bj0Xwn>j-`4EiUH&8zH`}Mt9!ggGS#(h!w)Qe0RCH+NNnM{|m-g=u;7%5jXPH z_CHbKvorZ>`%^^dL{MC9o3r4{irZtl03Ld?8jTG;`fEjheG^}8Hv?hQS$z5150Rd; z=t{=NSKAwrS~H8Uw!P$`&E}KmV;WP%>{r`=+^8NJ1N|I?!0DTVBOY?K{j&x-M8ah` zJsoah<_%!1B4*#TP-cC#{g-A|G5gi_>o?i2w%-KO>$9s}Z7W7+bqIB}eF9wHk{n54 za>%Rg(aa~Vwr6l6r}=ELmHtH-%GcwQnNf$tx@#@096;-0zy`bt7^}Z>P_rn;m3M^oq=0I%AvoF;RSQ9_xGXks>% z)8ZsDzNO6iMu z5FTFJ#n5ep_C09+wUD)EEHR9CD6@o`*-~cGMr{1u>UpzwBFxp}WtVh3b0zwBG=Sm1 zw~t66|2@0XFdn&=%9_Ebk5DhdUK=4?)!p|S#tZke2{iem1(rdyL?U$QCzPK<$h~J$ zP?rF>r#X6u0O`Yn<}DHRsk%2Fz+`-Y4`1$?taM$)^lk5*5q0Ff$vVSWxQ@55TM*g2 zj<>MyBXV$^?eL{z`c;NeHj-M`+Ax>N`r@h#;}1}^+;)|cXJJzV>&5>&Go{bPM`*}8EtTyuCB~4I+ zN3=vDr0I(C&Iq}GgbbcIWiZC7iKb%dYIr(FB-9YGd*vOsqHX?6s z47=L8ZLI2=(s0zF5izqA>ILwfSEy;545RiYM(vD99zx4K&1|DDu&>tLu43xP{mkNs zgaZnD3b-e4V(gWOtWelH5!tcHc5U_}%SeZhKa8?niSglN6P^>|OFyGS4kyKlr@X^< zO$ef7jjo20+nmekV?zE6)(bin88TX3gat<0viWYTV?5TE*GH>ie@zbicaZ<!hKuf-URxgk1+1H8kcB^MBuJM`F(_& z6NWoiYt^UY)EMpJ*f2Fl{s>R{SRSMIfpXvx9;3KN>C4AFM%N=!gwXO#3!ZvQk-Fni zUdAo011grJ@G%YF7{k->wMXSIz65HI50z9*!xJnTO+)Y4n(hJOH>*T{F_bmk16Vc9 zR&fydh!!%vCH@|Wuqwv#(coza_4T9N%};8&1ubpIfny$%KT{ScvdvmOe4>VbGN;4X zMm4+_VI5aBRDpBNV_d^dUBfYZ4M$P_0o5=etOhZVt&gC8j<5I3AHf z+Au!L6{%}$dD}qUk$qi^^qquzO@hm}oYS3+g6Avg&TMhYQ&w7xZKPA4dmN$@uf|S3 zYl@;}*Ud1b$eoI(mr;&*x6Byw4XrJII!v=YdbHD&>EkJtOinQ!?fmJGwF%GTPe(x1 zHg@)C`Y9K#fJ~M7kV96`Z-V4|$RS?LmM_FVJMe&mU#u49<5Pz^_3E5CK^==6ckoHc)jI2xBlL}RP8vB&sD;C1$Mn5UN|dRe z^Z&G1KBYL!A>OiH2yK~y&{qgK%pnfZR>EbZ*DpHKZ=xQbpq|ek=SZOsh0#=w-Aw1s zy(B0-nqG7hC+K^R&?pPuZKHI4XKd&>#Q=u$ebw7ZJIznKxtg{(&|59}2GQI@OXg4a_-X9kIES z818B?bp8j!O+;k;KNxNqB6n-J{TgI{INUtP6?ZAP=fLocg8KxKj})A-#W4O9aAavl za4$G?OkeSjba?hmVoP%+n3`-+Onda;>vU^4wq#WNdJzhsgW85&T< zu2g`xcuf~1DkO=nf6Yd#D1=1$8bHO=FJ_ucy`JxsM9)E*XM{vK;Sz1p5@C@>H3dwd zwx6P!@wyrnbEs-6yq>AJOaSTrk|5B8?ueAHAS7yG<4Jp-V0=~UF}OR zkz64YM$SB1g?=;zXFNL!MLgu@+PkN!t?G}acmdjiVfqct?=TUIjr<{~`;j#dq5X$+ z@cpyQT>rFTJcQ7`KQaFzGrvN{hm=VlH#2{gnU8G6{$#7#e*R{P?PvFA45JG|d-^QB z`MW80n#+(e_ZhX%{X_oXQ=ezCX+vmF-`z6*G{tdG6*5*Mv?lpi<)~5FL$Wv=wd*4{ zs|tTkgXS9qqxEK_26j+{eaXp8>diIDX+5xWII6xe&yqD7&_qX_#-C83Mz|Ng=u?5Rq5K1*FzWy;%t5he7w4oVBBAy4pEnXQT6$ev9VRx;_D67^+| zO0z*w2UnQ#f=0ZUexJ!6#=mHBuVBs(G-rjG7UaC0IonZUk>XrV?VlOLisY;SKC@!uMux7mmg+Dsb@ #ocwS~ zKiRm>uWRgqq1b~>_060Z@^RX*-1OB8iQUG`5Fdp3Z@efLXRGM(JqqwCQ|pG#5m(71%Ki)|V!`x;EO5@@EO`>rgPd zHliOudu2Lb8=V2sNd@+s2BV)n)YnGMcN#|1opc8k3P#sP$3Pfe#@9w;Kr~_}gVk!U zz~brbRb3lZp?nR2y%`E7E>J-@w2ZHfj)Ld|1s2d?^wWs?+9+`s{PA6M2NeoN*G3ya z_*fZV8(jyYf?W(&pur9in7TH)1LYM2_Gl;=T^o^|K3~SyMteZCTY(MNV6Dh7t81fQ zQT`Kw-5&xbu8l^x`P!)UiVuPQ{cDV8&VT9}(Os zko^XR3xx0+5+zYqb$S`}yAc9Wor0aL zw@%+MD}7u1jhS4K&RZviOD>+~SkIYsU2%4%E*QMcM(mvxbQc5fazPDO7sF{4NoTpX z>w)ez8?rY<(GQUO3u=5zByN4hFlHe1%t7K9`92+JpM;z@5PUt5sJF*3k`XfLfFr+? z>K_%;H(8C$#67e4l;#%D&qm0-j;Yp&S4XLbr)z|CTKY0g&mXh6S2u#A3L&tvhF%r- zPkS`;p783MoAS=!V*nf_kb^aVpm*qT4)r_C&+FbPx&<=ipeXWH!}wzl353LAB<3Py z4M3vaYhXn1jX>gQL>@sHG#QDe3>U+2yU^9XQWP|K-7p#<7=!3>id-i1FxeMG_5cbB zU#CxL5g9#C(L0RHJqKhvQBVSsDMZ$S+AyTE>WaS9kIgJoNVysWD_&>$Patyqb#7UQ zH?V}iL2nX)z7I8G5IvhQBCNWlRNbd2m;u`92v?7-{@}+TdSqi-80V|Rc^U<4z_l8o z%dD^`JqFQZ9k++E{Y-3*BCIiBd5PGTgtO739}k4F`EQ}OZBTF=EMF4aLt$(^>G6)`3 z?^cklM!_7A%p$TD)P{!nN+%AHPLxKQLduOGSo=21|05!&-sYBd+lwiU(30r;P$LG> z2VI+mRaZsTy@-Nx(9T1++LvElC+It`ox(UjB+mCx@CdjzB6R7RA2zu3E!cr!Y|$w3 zeL-K<1IydQHZ+`#z856)B{m-lZUV~<#I`M*jlN&ICycEjw9%K3 zf(o!KAhtKd+2|X$ABM3FCbj`6cpNN`65Ge&Z1f%66Jc!k5ZgEuybG57#CAH2ttWje zHy++|zZp%%?DF!7WwqHw8&!2npUwDKkLE)Md!Xn%&`%>|^+%%ZekdbCYhub*XP`#k zD7lBtR7_8S<{$f+=?EhK-cR4`W(NA@3L|h8rGR~fm@l%et*)Mnpdf%iKlN_?Dd*$ zZ{tSfg0aH^ZtFBe#vGsr*+ABZ8r*`MM8)oq?C*Kwg-=-bJoAP4p^xxQZc({ zNRO$D4tN1v+u!33IEKh)?{NoM2ca(q72HPM0UN{n6P{u71q|0549yNQTz^FR9%Q&# zh|Cah~Lq|mTcAqmNd4vC25atb@=E4wfa0h3SH~80rpf|YRMqK+grPTe5fS>EF z!5aizb7rHH`~kOxo#ZQ3)2yZXt4PD?s3V`D_p7d3d;LN*`)d@}BAd zh7fqShG7>#KWHEo(-+2YS1%}_2LZB*fPSw@e>QU_9nhpMtm%M8Nl6DZ{)NEqVabw|-5NVgjys~-}3{%shW5q$LFjF&!uG5$bZ zi1bvtqhk8z;aP9Y`wRI1e)5NgF%iLNP1TlarUf*y)_P5Pn@m*u0Em`-$km#M;T|E; zlF0f{-I;V|qu3obAg*(V*Hd`A{WEyW0C6{hQ81A%O@MO@<-SQs>_GN22)>Y6 z5uW(#d#XW3T=Ybmtn!X5uuY1-oaQAQ~&AWGQ51V%im3|UUaTGPZE+kWq zjqKVTx^X+gyY^{sOv^>wwRc0BrAHLg+nVX^aHh@Pn30O<88B=mCUNI8(l)76W=C09Ye4CfRdv>j*c^5S@VOa||owF|Hu` zE5rEdORhTUIE(=@S`wqEW#`v$3cluruayQ?F};rd=uK*LCogAr38AaZK(82=x>iIFq`QT!( zEk>d{Sh^v!rf<5B=&RJD6&SRh!?zx-!A4s?174|`Hly%1d%D<@gS~5WW{$1ZU=*yI;P=%^EPd_gyD9AVTXeI z0+G)Zoa+R7_XG_neKh|N8hrdN+OQze5!qKE6kJJPv&XvfG2nd7koXI9_q!IM zlpgVLN2NTmge~8--=h`Z(>d#a&@Q7l&-`C7BU!#Tm#94hTfPfisGc1lj@EQ#6xB~v zw~eZcj;i}Emi(+gQM3?Ml_O-GMdB4ic2eTMNW`8r3^zhS6jb9F_~->nUo;Y9k$clg zZc4Gnj;Dud=9n?lmvU3y1kI}mfhPurHih1p42)&Qi>Yj#F0BU5${%ifkxi!*+*%D6jA^*M3I(?x40{#aIYiDVxYX0w3?LYT=*K3GGDvL( zc^v@0TomMjqys|WE2bd#CiIug3h4JEwxRpyRMJ%s8BH(@NANv@MBogpHbTKONVGx) zo9;o$vq;oBYZ!@V*{^ImNa>A==>}aNm6CH0Yj$tYUw4*t^m|rq`YqFb_vqgCJDHt+ z19jp(>P1(>uV87FU3?F(v_Eg)N&+(n%SfU9-B`K*q$|6jgOzwA=*jh|Q3(ml_yNJ` z5a;HztU{_5OUF{V2K}($YS2D#mh8-+P!*CdbrZ^Gx-%-Nwq8*w9hPwiyadh{&nmGV zXR#c{9wM9>m9SQc^(Baoo#j@{MZ9+lGZUKVcx7{{Dr@f00aPP=#;QC>wAd_TA*@u-IVx`u63 z!?>t~b*hF>!Fg2Ga8T17v)54TJX8=NaG|Ce{4a60Y(nQge{WF7j&OdL#|-16d+ifq zp21(!^4DTSdY}2{d)d;ysr1d?l8b3QNvRB7PyF4vkTxqhmDTal!MSQ+=sjouN>0#k z1`n&$N}u~C=hLtH=6-DBkXEE%fKne7Q~#M+QHgsi*^2Z=4_$Yjt;kG7%FeSDc?gjQ z5sX3fQ!`}@qQ2APTuvvyS^`fS^u9uc)RI zKXNgBkH6gteHaoVg?d_XU{FJ9&_1Jpehp|3gh;y&LX1M93IeRT!2OgkP;6^e1j^Pu<)~g1O7Is_x_F z4!Vft<07eMP0ejJFsK%<-xs15syT+g+rXe&d~#n8IT z)+>u%yuAkk-9luDO@5#-d;cZ?dsp=_{^f%9e8vV5d z98+fi^c-ld2l&aEto+lIuDKd_JbgPyHHqWzy(WD$J(k$B@Tcs>ZD zk5H|nkJDe@S^V8-n#M|m{(m;3ld)#>bGN2(4MIUAbfpw3@W?9K10nG^ayKFPC$re( z0QO%MT%5}}pB%tRs|;2{!@rU9$pKuls+t3MWT=cN2Qa9)!qHINF7csb(}=cQtJ%@` z3ex-sK{y(%u9tKkV^2MsqY-eLh7TdI;U-xgvTq2f!DF1E8XVEq0#(D!;2iJd8Vavh zD$uvSt%h$={w0FH==xv{lU8eU6u3AnwC11_r8pc$B@j(#v~^0=+%5t#BM9gAi6M$k z#gz5ZQY-}RZN#%HT^oAaV^WbqIYhNR7Zv>!1|e$@ie3iiV+dJ=NPJNnnn_WZ!Wz%=QfQ;5qwLK80Gg|VhF5261D8wQzRsE)7 z`sDK^N9>F>?5xcK{R{-*tgT069ifr4_9h~)$C>Q=`GzWyec^EX9EoozxYJETG@-nZ@~?<)MoBG@IZMRX(jdTgCLr!j}$D zi?uBKt&n>T$-ZZ3b=m!oaV8yT^js?nB9?EEZ%@*}##`KAeU4m5z3?Tcxhi)WXQ4aJ z1XhA~v^iUlZmVG&XhtCfKB`d(sD_WU+1f@mTyR(qsv0(eb8RBm@R_dRjJ<|4C_hOx zEC@4LzWe;mQ@w$mchn7WeFl8goIXoNuhFrAj;MJRV^6#81S z`GdoHv5M95Zg4I}$US9~)+nI&(^`QxZapS<77}lP=Cx$*llyPb<4<^}9P$9oNHLAy zNs{9=X-)yX;5GvEV+peh5*_-k|!KXy~Okd25OCQiQ;fntQW=-ovW|$4){` zM`9bOH!DG-^5)&JCY$ALX3dNnXM+gznsY$g1yAXzU79X zba!qDN_UXm68daKm6k3yo|`V7J~0aDS9p`^i74uNATqk z86wZ7^3wII)?^jaYt62x*j5koS~I$~X^gDRYt3DVEUC?F%`=E>t!=UsJm^NHsw$@8 z-j0eH`!GAfpMc>bVk!_n58TKwUVNCYc#&|`fd#6~<3IaGrBy^jKNl>HH6dCuMvydE`s&~)wU$1gS+e10MC9_ecaWn51Cir-{8+y3-n!5Y=ooG|UF}w&e~TvZZAf$hZEju0T+Bkb1P%Q# zw!pj><#!S0sv6BU{gUxoen`lW6GIwFRcLo@x9=nES#o#a_XG zE$<+nha$9oG-$#;<$T)F_Is3fwaHq4PTPu0RdK2=b`%AR?^VUMbaC^dV5N@-D;?ao zC^%Mo9t}Rq;2&ixIQnQ%ZB7jh=AW_WvjHS~?|w{Ikh_}uh%BxDSx(S#uJ19ug$;aA zgT{>cl^$9gAq%$X7rnEhuf#SSJ)DD(m5RjYh#a6qVWg+AyrG;BR{ zCa^?Jo}fn|s7Jx~VotBjy;&G7>#Ez>H0mG(o*r34U7|HRMyl4NHv#9!XzR`= zxHVnC*{LzNW{0kg9>&(KnTzt-R72CS)`+!0e2w=dU4x1>QgV)pw#+BFwtoWU*~Z+q zx0uq@F}1Sknm+>V5vuuUSli^vb{5^Wfu7QSlHOB7;!n{2u3FP~lxhvpnAb&1bJV1X zX=ES-w$;>{f{12@aR~HJ5~hX3aM0e+gfZu7OrkOS^B6pc^7{#M*Qgrg^bcZfqTh#m z^~s>_e!%%;P>wyx1|>%uly7Xsf2rbJUHq%9xWQ&F?x>1$^SH~%UGop&1kL`go3*L* zPvCqqDK~5m`gDtI^wVwht2m$5!&RH@>)|{#f&9POD&D$Tw{~!^Q9;bTn}c>R_XaKy z_G<S`p04dxA-mZs3^mTq<^T$ZJO66nTU8YK*W22%ZCJ{!* z*s5p`hM0Dul2}1#1qtIq2(jwM$Jmf5BO%GOBPXVqSJsizBv}G8nQ|zdl5Jz{TqhUf zUkhk%yBw)NvsGW)UVT(lOjL9fQPoKesWZ)v0?QH;(tq_L(56mN)K#)_VyWK@H1z=0 zAlpVPg=&~$P!kLz-CpLvz-HK6Kp9tv4o5FE$}~IIQN+ZZE1KLmG+Smi(V3Q=wkaLS zT$yQvG8jg)&@3W1jH^O1Btr9WU{bF9+N-*V(iZj2KvIA6g)Y{h)S{@N))2J5Wt2IH zo+8OM0!fb49bHn%E-EtOmW0IaUs7R0Zv$dzTP>}C!&Q5E7swn?1!T3ut03YmD~O(* zY1#!$7X)px<@m9-w#_s`X$+&CW$$=py4VSW)!#K)XaC@?0b7?(c%(?C#ZYhS4KL(AxA= z6a|5 z@WFu{XfeScs+a_#+`+nCQdfr9dq56&k&OiV`Y2QJUax>)*5!yW&5aBaW!IaVtdMy> z%nF(J!!sF6_xK21tr)10BtCV=DAMLYlF;VS*_=5hgdJ1!g&XJ`@hE)723&B~yJ_nK_xQTlptW9bG(Q z%vit7MW&>mHo-q;?98%~lH%!O%Y1=W{%Iv8W&Rn{r}>K~j`EKmJ=#CJecRz}vwhRX zj+rpB%vU^d>Wta`fW|WftpXo4v21!sPH6G;In)1drBnpy)aj*T$Bvm%Iz5xVOl6de znlyHFS>^=#M9cKDF=NJ#L)>W?Wphf$PDeCCWKS$X)RNJuWinnmr?g}mbCyk@=A(X6*FQ)9fUp=9G<{Zbz9hb>irfF=OpC;aQ+6 zE}1$WqD>oH%D|Knf{U@Sr^gkSj4ZQfl+Az!gg{Q5US>~^nK(LxVM@uE8O0%TmChME zZCc5+=`w{9(khu4ISOqbsR%=$tJO`|Bg-a?9$8$>Loj;m%#p>q*6A}!gI$j*blk8^ z!{dl=BOMm!opnshN=`~jGA+{;lWtj8y9y0Qgjqy?Dk22;;d&w4;`TzDO zf{c~(?#L~cmBgki7N#q|M$`5A>`M;O>d4FJlFu%U^Wf#+{O8g*Yc2=p(@Wz#bU8Sm z{0)w6sMlT&&c~O=S$8=&A6*)!>T+<7UK(e8c9Us8pIem;(M z)rxkRxumQ6jlHzYA{uAaU2Mho0C3MFD?Z7p>oTq6aY*J_iBiA{@kh$;8c%;oFjKTD z$x5JqxMh;QlK$+n65h5Foui5@ugl%cig%^D6D`Y`Xj&;ftt(s|v6Da@CK@o*YUUF2 zXJ{r#=s_ah-P7_60p|^1tYgJE=M-6q*CRU>5NSnLymMS(g_Yv0Yucb(+o*Mj?X%qC z-}{oRT8P9JTD5{LaJxREze!e#NSK_NC)(jQMIu3F4z;2ytsLj`<(ck6s}XV>&UX!> zuqrJ{=v-5tD``_L590~kJS&d=DU`X_y4=e}zoul;_+63fBDtM;rqu|s1Xm&V#B#(% z52CfAy7A`(y2I6z{!*_yl0{5N>oB<#824IroG+BSGpz=l08{`1r`K^6Mv`iE&9pMa zzeBAit|Y7J5UWY28?C0!TZ*hE{jAg>md|-hu9b7O<-5j89S6GcNl8|o%gnQKa;?0M zR+FAq4tNTO4z)6_x0-Y(q$EHI$RyE(6e|bFjhwF=nO25#cX=W5h9b|jGI9}JFQRRV zLQ;M!r=yjTXSErE?4d&hM}0AJy>tih(7FSt%9J_^%}+1Pv{GHphs%qsE0Nu($ZCyF zj6t-vYqn6Q#zmH2XHBb~HKTgg%<5UC;aQ%Wk-J>wX35;cLOCLwpBPX!F>W)?(Ld)f z2r~=CBsfkJHQf}99_J0YRx@Xl!f>6>lR7^!sPpm8IH-biI>ln#iF<39K$vIOR;z-5 zbN|<5x(r|fS?Y3Q8A}mX!m|kG26>;~0(DJJwW7p$%ygMBE^g;)%R~*ch{XBnE#$(d zCX1pN=R+3h_6#vOV}!w@Kev^_c&$E9a8C>VZ`G^ZcOFcf9 zv?C zmsqh}VrX2M;%|k^ObQxxSzcIE9!W6=sCAOe$|6bfcmJZ}dRmsxRRo@7%W7bm6CiZU zU6z@go}TG)z8Jgf|3SJM^FpPoU}-M(uaI`vCI0=J)>Nq0JTz&S9+`wrMOK_#TWJ{0 ziG>iW(5mOEWz_+HXRA(q%bewM-Ww0YpX5w6lf-|-?Hqv#=1eDj9Z^=1OYw9Or&xvM zc5FAH0j`q(qgilXt${*$o-2WJr$S*8UCx8?CM?u5B^8Czo7fj`3SF~YLj~DZ(i1m?n(^>_)t>7_Y@(b;MdN zW={p8Qq+%1O&dC9+NL;@78>WXrgRpp6hXI9ND)B>i5diB_HaoN3-mDrinB?)Azb25 zK~T#^P!&$_83; ziB~%c8Sd+NT0~WSNzU7*&;%6*w2kvmnC4VkP%4Ed=|0Ck%TVcLXdh;u@G6xE?eTBi zP^z<0T|iw0xNmnE1+8fKy2$N{JfyWCX3m}B?ig)+EgB+B$xA*1gTH2PE}K6 zS3>9v*fTXu8+IosZIG+a%Tp^t30_XnlPst%s<$2xJg-cx!N5m5p8=;yQacxyqpjox zwRhGc|H4^hwUPgzg16_pi`+xSM0wnlzGRB)Ui#PB^mvlhLSQbmT2jNwX<2WjyUg=e zgLQ~6q`1|fLPSZ*=GuI^#bTFex`#UJ76~!m4QV?Hw?V)<0^T`guV|bH=yGkmT`v0Y zCxv#$)5P985N^OE3ggX}q#Fr!^5 zf`9v2ZqnsNY)OwOOUnN~%LD1oqEwk)9+NXcZF>5%>QBVBEt+`g7eCt!rgVV z!1p8}zNI|a1(IP-t@4!EaAkX!299v8FV=AeYbKHsUt)i~ir_^8v;+;=n z5imQWW8jf{YJ+cg8R%+}hyVY>FCT~KZgDUWMYU}&gF}aSZn{WhqV)00@xR4Py{%lD zuD=XYyu2Fxao1E=#TFX;@5m~++>IMzIgKFa9MczJ#cK;Fdy4v_Nx+YVbg`~G#Jr7lZ502;xF(AlzJSvZG`(c%5(RdmS(NT_4uK9j z>zcxS*gILf4{qmD%EfCOFY>O=YnbtPvKru!bIRO<-oy)$+E{HZ$056yBL8Y{i z8zgEBY3g)R)EJ?s)6LglAlBFu`E~!$RJ#tVcW@ zXIsv@=9*IM3r@34Z1l}a6u%=hsTKKWd+Ds}719w|RjF;d$JAk8$8uH(plFx#PbcC1 zm?Ta;VqESFp;IwfYLdjia#&VX-^$XFY7=pkxC4uQhT2Lmr-htWmOQQHVoEvvSn{3y z3$6HTDUq3p&gz#*gqU8Uj%VkGt?K(tlX=_b3c_LO)S@e>%ZE{yUonnQhGkL*!5xeV zStD1vzhMcSw~P}NRD@UXD_4+C!aq;_B6e!d^S9ErxV}u>6Cnv4vUSMuk^nPF0B4D zuIT9`IUQfHS>i3i5`UOPM@LvkrtA&clukm9Sl6v$c|SMRw!9}e7bTE}JtZ3g?1hsl zKi=j1BbhwwizIj^oyP9tL*kX>Yl{VZ{S?yWhR!b%3z07u@cXBPjti9c>qI$u5@>2V zzZA`s%UYS$guI&ba*@SOucy_`-4Ur?WT8YIt=)+e>xUykGak%C+gE?a6&%_M|Apo{%az z$JcB*%4m-rYC0mweRrNofcl{RZ-x4B{neMn5dP&h{%?st*5zDbnrh5XO%l3*ycF;y z78Rkq5BnC*sKYw8g_dmy<>nTW z^+z$1rgK-Qw!f4>EqPW*(RfRtZ2sG#`57+f&J=N89|K*N!aPO7z{^B)J}j25W18I6 zWvC@gyR)&5o#684D^yj}}J1#naoPrcM1xeI) zaMhE0hs9b-vCR+V949MyHOU-G1GlK0ru1({p&ZAzFpgE+t0sv7`;(HS{u2i|)5wXB z#WuX|VJmPLGvGh8DCEj*<9%E!sbYfM>S_O2o>#rd=Tr+-$GXani&I{M&dSfx%IUl} znc`5$a6uFowh&T9htN^$v?+sr90jG+pe+p%LgG z9k-&9x=ruY+t9JXH*(3V5MHr#)6W`Z(6oEY3q?FPJv~z->9WC@SS0AdG$c?-Qt zFg#*o5bMN;2KgH+#iCjf+{Qze6rlkJc@WSBbTkGw10OHQ6?sV$^Ey8>)qjOnT zl{f*sEJdw8W!Z!OgvoyR8?r5YZ4#p8e>0cm>5gRhkQu($3~&uS&X>#Snl5*51?^?s zycMc+nBo8%Y}u0Qw|P9fZgBzaFaL{y+kS{?f1X!E+eO!(tCW=QGv!4) z>hkJh{8NbmgYSIL2(b)Xq^0|cb!dOM0#uCS^@{j+I@CRu+pp&gGQ{-N$Ik+2+q`NG z+v_m3u5O)IZ7@+Rj>>4VKBWntnip(2>_jCueOWS#_!6dPFL7e|l~I;NYC4YQYG1S3 zTzzgz_*{J}vBtUTk&P04Dbw=&Bl^6whYib6NI#$nrhA%hR)z4W}Gp6li+s;Hq` zNXc(;mkES}lS6eAMNhI}crRpZAXAw<6J70c=aSrfy_Ou*n<-dTO}z3i}y?2J2iY5V4` z66eXAlIcMdQ zTqM#7Gc9)q)Vy9egGIK}(iMN>4K8PIu#FUI89RMg$R10s5-wWmi^^e3CFdGGPYy8}34K|HR1msicCSJ&$ru5czfKIsiQ+FJO~kWa(HVN!wT!aj4o#cwD`t zz8|*ekt(mWuUZBFJt<5xc#U{A#ongsT2%Ib$a@p`s*3Az{JwYd9$}NP3a(KU#R>!j z0SO9aM}e2*B_@#M5wbuaBq4bLLd8TB#ibf7wrGXmzG0<`R#Cs=jyqM0mDYu?SZhVA z)>ewYZ~L3&oSFO1%zasEf8YK;|50+zJ@=eh&YU@OX71ekB-`V__G2G52<@H#wrkoP zIU>$!?vHWKY!T=5&_SSdUq_avrlajW)J7G=^q-n8;-`MNcm1pgik}og@v}TAo(-2Q z!yl|u+WGZTqbYaxZ?{i*g-ElCZ}0E*DY7wdElp+1(cyBx$$g~vJ{5JtW3Fy)SAM!@ z)jr{a#DS_+0e;Y@YbGc2gFcL!%1`8lZ()?1`2^daFP<4;qgb{MjN?<-7M{t0J}`>; zpb5`qGQX9isrM|FF=zP(HA^SsWV35}F0`&IQmJo9`fR3nsnp)_oee=+f? zTeaNcyr*g1KAFWkPU8OW7b)8Xzfk&0USKz_^p&&4LCD!Ng#Oa{^7Ch6Xa)GbPjC0A ze0307oJE^$o`%LF-E8b_5@vF&yOQ-)uSpX^{hD|aj^f9G`9_oIl$OwtFte>Q!u&kT zY|%|Ua=xqkHh=6aFgQ8iRUDJ$S(!s+hwx3^Lg*L1frTU7zxSNV zw?khN=jMC!gY2iW{_lNRYJ6)bJ=`mFieQ$<%=uoOWP{^k;q$}HdmQU_Z3&GE^VbK` zMc|W6=F|zHz7tV$5L;6n%RR_2lwRX6eQLNjing?5hK~KIE^`%=;19<8Wr|fq+E)Jj zNN(`5Wy_e2V#LVf@LNLTIrv3r;udC-*Y^`=2~Q2r77pTgcTEeEdYaXTpB_73oV6Mh zo)~V~6-wu=92;gcWoV>mt%m;42l-tKCx&G7d>@Dr6d(Ic7Prld!KY-&oVb(p^>G$_1VP}stRRYVaL zoAM8y0+n=)CT<$mPg6vyhS{C+shXI?R8a3WZjbRzg&l8Hb# zdiUd?aP|9eUig&@^MU~G^B2hsy7%`^4Eb_m0FlSs0N#X2;3xcVfc#0pcmDQ4rRY0< zI6Jvv_m;3^ar=eD`+j)ImY+S~y0`maQ$AX?RAfc+Zb8oBf;wn{w=-9H88RuupnNfO z7)!n%EmJJ~#{?j-`w2Ynl_zq4(}??Xe2tqT2GAkqVm+0V*+Dy4mOYtWR)hw*Cvexk zn;#tyrDx&{AOl=xS7RWGIu+vE{_>jttS(g7@3V=7)8BTVb&9 zss~sd`Gn;@!T)S`#KG!8V#s(jg~InRVR3+Ako##UKuQQ5zaZg?uRb^-lcD+EI|27; zr$WB!!rycWb&K&M$ooQRg<^r#jYSsSuN7$5u-woPrz`krQx?O^?cXOu>ICRN*_^5# ziKn`UQ}mvyeD5lhc0Hryi@2nR+bfknB3dCgp!gDV8y^7u`woDd`O(IJcc-}!9@F57 z&!WCz7SNo`i{9e~^2JH4HTkKZ$i??aez|O)umpxZa}n$Y{`n%yCRLhyi7Ucx`P9h6 z5|`_?BSF630=r6|CS<`+#L2ll&ZVfO$(ipWYAtMT*U82S0U_xtm=_FBZ+p1H4GElTNpEg5isS`UFe_nYn?dwBQC z&kywqg!%hj?xuRaH6Yk3LMOU^>LCWDD5h7KAN<=?-val=ZSiQZJG?5fF?95VP@n60 zK3CN5Lbeg^-+J&h-1U9cGN~6g<_p3HL-Rzwd}rk{Z@x!FzJ;>(8@WQN4kpwgU+gf4 zP8JpH&)POy)FzYEW)`o?mGxUCcUSjY!F?qY=atH|R%&ZPrBp#jgy`j>pd+H7gz7P^ zQ5~_%AGBG&Zf>`&p)>ib886|P<2eFmT%S689mJgXi5Ve9c+7h)&S&=rgu2dUqi;2z z0{ME7HS^JxP*=}_o4@6wR)m%n+(Eh1^l%Tc*TskLjv${YcC1aEZ8fhD3k3L<0c%FL zOvv|od;rjEwxFC|kh&F?IZp)OO=SLd(#8DfO`w8rJWs;8x_1jNB3~X7XsMT@_{$z# z;9ODL_4T^8!{u`DFFi1}mFw+p?!0&?BQtcAJ8%y-n>a5fUzMUa-mb?NeE128e(=O( zbG>{A@{giW)+(b|CV6&v9Xu%cXHRiZB+j2s^bD`(vHxQiarqZrvDvocBEAXKRlYsa zPrjfdpLL5DNkRiI2&J9Ly|H|)Jav9(Kr`>7zH;L>yfkz|xFvWBe-Yx9&^e4Wu!2=` z=(^B&uJoOJku)1yE}q{$>;}+Nh=rtE&?0`;`*0T4a zIBQ_{K>sj*F74h!bD4*^jHJ0d&XYH*r&U$~I7K0@L=EGit}F&+wVf#%DNbO%$PX;L zTbklRk!&IvE;Px4ir3a~O+FOjZ$Y}x@mCSJCZ+ns$*<6{%p`xqTHjC5UXnYXJf2Q1 z3>{a?_ucy9X2N3m+6q71+nXC}54O^NEQD`|urRFKcA@K&6LdYqJx*+4EzV>H&t}=J zTSIA_a5+5EXG?Eh?h}X1cz%=lVZKdJRD`9o3}R?nYx4fIv_KQQla=DVKa1W>9xjQ`0>u?^JEy|F8g9G42g z{U|7(mbOUQ+Zdr|KWOU$*_hzqKJ4OE`S3AgBUg4GW(<4{)IW8*P`qr}9N<5>&mO)N zva^Z%^EVu(pT5%WZf?Xq&2_1>h5Jh4_+V%00QAZyE8F>$Za)b8VWr%PVy%{hk5|g4 zS+Yyt>`8`G9EVd6V>t1lB(ivI1=8qj;#($Nlw+*{i&XJEN&XK*sH;5^lO}={0{-(|oNLrGK|WT% z2qC_y%g0!NiVav$5z26xn;RegI+Q6S=7hTbL@atMc7@%$;W2x_J>=vwRc;cGpbj~4 zfu{>RGky4QxFtK~=ONH~8VtKZv=75w?T`-`wR zg7;=)U{As(GYc?B@Q0Ine2uVd4QDF17ZyR!Zyn1>GY->)tOqsWG2=%GLoNAvoP)r7 z(97FuJec0zBF>at-d*k`tak%^2X3FkJ&pUqnuAP76(0Sx$Wve7s)n!`WDn!miX7oR zp%dH(SOIgGR76ZNv-uPg;-?4s{K6)eU6w5GM^`^2^$Kr({PscjxUCkE9o|}`_BohP zjqSeGctBL6w_Cm|HJ>s4BS4wtNk?uSNAsYApT6fKpuhX!Di-x=Ghj;FmYT|slk;z? zxbLkB#N+XHx!m>LWzT#aCmuFaoZ&jbeZE_=n#Xy~`?%i*0&i~1A(M!;6)u%5h#e@|eyvxg7xnms~}hq`9U%fBG$}5W($@HkArKIq(}KX?i1AIK&JW$ z`fe>-IqRE)#7(&9n%W2RV)p;tnpC;a*)DfX@58_{k9O3v%-C++7JV53`Zk zaPp1m?$=!d;`O|=^Fzl^5EdyKH^jXzkiTnPrikY-0ICR$Sa|arPBIM4PLEph1iT4=6l@&eG?rJgwN+QS-tMQXs})}HiuwXeTU$g8)zW~D~7( z4k+W@$oJM-xbfy2#=FHkT>D71z27weFN$0$c*nb?`S@1E3o8Q{5>xHE|J4L{~&!>N7vtJQG4 z^sOE=niF523c|M<#4CE;;H1XBbsXgz9xK^Wex6v6a~`=hDi6n~Ezw`sC2Wb_37=r_ zZi#-QwnRg2&(w7JN-?Wb&rG@8f$@^8aQ( z^vMCt*g`^!X`zAJLf&sd;Mx60Dz}Sp>g56YmHq9NI#+RK>9qmF(=~ZMe^%{?s2@HWi0gEB?=VAAklyu6K2PC!oT&k^p>YChTrF zIv`)M{#p<@>8hjU$6x-oB()EW5=MfDaa@n8{Q2_5T@S4*to#FR*UVtp2?Xj(ORB5O z>tgY`l9lCk_2o`gd38lYb*WQc%|8WQ7vo=Nj#b9X>)5~L^-iQQ+E`m2n^{sny}Tse zP*?86Yh#Pc<0bKUom0Ppb1rup;uYhZ>P4}VvNES;QLL`KqO>~hEH9~B#){xvCH3`^ z6HDPAZkD(xP~=oyTUAn8&ZKKuNlsaLMM*SeWhE^yiPu%G zjxA>#m9 zbxE~TvOHE&UA{W*l-9GB&CZ!OH#WCqF3%1s6pJ+GNaf8FAD9;TavfE!Dd%iZTBLE7 z_>y!?f;r;j)=ooZb$sO6vA9w|X;pbiol{v|8LzFYDRt_XRn{&mZ>*2;&ug@f)NmVGSy{%5yr8CfacpvZ4%bmkFks(6Z)KOP;tdfsEGvnZ2#s)6 z*2hb#c34M?50djL)>W1+ zDXm#vTf&SM8w)nax|l0$74Pau;}7|#(m`j-V-+QV%6jNN`3ZAoN6X7am7{eHzt zQr4v~+NHHI6A)jF=Vk?cGrg{6IY;k+2ti=jl6dJ>+Zbf!o6U7%aqB070;Lw%dL*q zm6R^yGP2t-tEuH2hyf+hY5e2!s7UU*q%y&H%A|QZ;uizz8pUW~F@MW8x40MFeio!h6iB79G^+@G3DM5NE!tIxcJi zM=T%d{B!*k6|APLCUYCO0nHIVNKh{fietQEYZ~Ir2!*{=R+m)qLP|lfW(ofH3MliD^4mXC4962<7*z$Nob@{}_RSC2b;*x94ghb>MYHt($TVHKxjr{KeVkLeq@jA5n%xp-6=^%n49b|2<V7d~9`TqqC@j#~F(n zDk_9;5yL{LWhKj?rjCz$Q7Oj6!xe$o^IEWe6Bo6O+?oghw8Wt^Du_V5H%?SN-F|o0uN*0xk88@bE%-GSR z$Bi31Zv6PsXPsSEGOA?c=y7AmjIvFje5|5Laiyw!dQQ${fq&HKhoy~fX^{@)7 zxHp) zl+?$;Dr6sV_43;C3h^jKR@V|vI`|VhvE?wKNZ(jrzM_HUR1TNQ1xUNZ+0#4bc)+lP z`Hyrp5z079#J^BoZEGXEzum*jfLK9B%N`?P(~z9`>YY*|o&wVC%R_P!kJj7vP z6&uJ9e}Iu+*p#T= zp8=ArD`dlAg~dmA9`}B7c&q4}hp6ZeL`X3e^cqt+=rN_Iw-|(7mDMX6D(f22m$Q23 zh=7z&RcDRDbrqlFxVzx9DFb5o>Ez7Qf=UIzDF}qF$hTQml~iJ2GYa5n z6)%Y1EP-7H^d}5e^C?>%fLiLr8jx@9=)jcEUaWB?i}+5*l5*w@#VS2<0ur_0L8Bu! zRLH2;3sIb3cwE7&#kx~0+8P#>R6%i^S(r?DnYYym8$K0P4J-mwozAt!OqOMdyI3MJmODQ< ze56rVRy6W?jQf_HDYIt57+_0)x^gzr)t5sIApDc~lQ7YH>ZA0WASldp8S?>NR=uIa zZ193|W?tFlr47u+SC$JSQQKD{kY;f+3!mgR9Iq*C`Ec!MT~FmvRE_A%l1243RShDZ z=B^ck5Kt-_HvaG+ufjBrCsu*S&wPKYtg=iFNN@c`l%VEHxd3BBy@ERzJ~^(bsb-_4 zWVKxRi`#rxjEARc@gw`Tw4`(iuc!)ky;_ppMK>tqW-1$5JkHkL!h3@|wz;fqaIR`w z2q%nXa{EPZYVb(hS_Ls_Af+@YXCeU?nmKQC?TK zyneAB*3yk&KrJI?o}H(;%(54iFJ=v4iuMGFvX=9hjn~yBIsm#8FGqT1soXY&#jjUD zX-;h0L@Zg6M-f#|KH#jLWYrHNbL-W<_+9BIW%I&>fnDc|YS{M!-|y zR@b_Bs7?3z6d6{o^N|L7!0e-6`yMaW%TbV;UCCSq{a678m-U0Mr@-k<4N|L7qaC?PjdlAsLlb5-yQ<6Nb zhTGR_Hk=)vOJ3%NPDwh>^>A}%^6XpT_8pq-p0*`1?d>YzZ@Vg1L_bxeJVd|JT!?-R zu&s!V1slU8d~uk{1ktmHtD+EHI^3HtUfrr05&c5~BVKhGp%|0b=4DlzD58JR6+{%X zOBNVnj=xsoS-&=NjM{R{N~*W#{zLQ@aK3_KdjYfSY>Zge1CDbVFf8#hK1d3-N@K$2 z%u^MQ%p;kyDq@yTXs#znDb|MMz|BH{K~@#Y74+01M`f047HJ)oQ{ndP4oL=`7vSdG zZPbi*tWYNHL|+Xz0OOUqD&L|xC(Wk1@^r0Xin&4l`i&w3^1XxR#oY3@-HmL8?DTMp=IP5LfPqG>8SpC#`SV5~}0jEFw3NJS??Hd9r0 zMfU8ff#G6ZE}|`pl#8ftti>-l&K9`cs@WcETT*L!k=D4$R0TI{lQFGGil~2h8dZBL8m^Ia&q)nq&!5I_LUIA8@O8ES1}^`O#)-`qCZweM-lzIt_`Bz9Q|B5 z=6FbnXB{$fjM{Qc76Yb1<4;lgh#)#owY;zh(50G$Xk3vZaiX83eS=!h)&(Ov*;M&n zO+xf{y5Qd#1=}1jEO00L7aZ3{fdxO%u7W>JQgCQ4#u`=x|t*=t%q~`b8_3m)RB}iQNj%qF}qwucPmmMqAzGJM3+rcT!^j(D9s+P z2LDhoB0BAdUPioXnxz;Ky=s=15wAX-tr!vg+iWi*UhTL*F(Nv4j+YUymSihNL~$%I zvukO>izOFoK0q5U^k#@xZ)!$FKS*H2t8w{?5z*p&Psw=kXU*q)&k0RouIl6{qSGcJ zDGyO^Cr4E$f2A1_Jz=t!5wE6A);R)tNdhBYT{2xUB6_nTWh1&xb0PY{bZ>TewRfgs zMD)N+FC$*9RaTgX=#`3;d!@xNqslOUqzp6fM;613D#QF#8D<`$|D#CR3Z0|45cQgG zRGIGq&4}n135Rx4+d5G@K_cG$u0nK=T*mSa( z;s0I2VX##VgRHHFN6a-nViuxjovXMI{p)#1iXr+xij;+DaFP;4G^|KDh<4Rnh-x1k zv-#jGH9WU#SwvsevWWghk+KlouLTjkM2+AWq8k(`7tt-63(+9>dDm%bY7JVZf-E%^ zoIFKki0CLqiXnRL6t65^&Cs%l4w$NB5%qeBEafF;%+#`gmZ-rWL-Zo;4-j3ixz-b} z;X3iAR-50*QhsBQ@*BB`=AQ3m#H)+XSH&PY?*cC)UR|fWNet2EIbKG*>M~a`B6{XL zFC$*fn5P&Ky(WPXuWr(ehz^Z-8SyGFq8Je^OJKySYR!n~AF`Cj5cN8;Eak}7=P5=+ z@5%Er;+3A-a}gbw?`6a*J!8klSv+2r@_2g6jyau9=#?VM-(*LO2&~99`m-$&SdlFP z%T~kg5@p3jml$(jw#|mKEkRk4Ehx*j1Z73Gpe$R>YPBjTE2=evvdxyDtjHFWWm|%> zB3n?FZ3)VXEJ4|3OHk&s*WOktfUZ1g5@wW*o%XpVVeFKld}=m&-fJ`oJ8_uuf7$2~ z&(|dMbPp*{myMCnmzp#jIyF!CK03eEnq<1K>}De($^OFdG})%B$SyMmcD6Z$v(3Sp zZ4S$99Dwg>lGA}yW6b*bIK`)^DL((N#^jxkUAIw_aB9`_XujEX`DWMUn_ZWWT{lMc zQ+|mtO7qQ5$v2&5zNy=M)a^W_+kEGHOZA3MBdF6JN~e(?By0*gE7MFpM-ZJnNwcBu zH)u9QU-ht={SiU*a}OJixXF_>&Fr@b_S;a^NfAV`E4ifEml3lsBZ$5_Q%fEoK?tXr zeI7CUJVFN|m!u<+)96s-G&=8cnrTB3(}p6Z4Mh;eA27it;}ayX5~Go0p-6r==^{#|+>V^P%q zwgv(Tz?-n8df8Wm4ec{Yk-5f6M;u6DaFRrIUlf{sQD|Cnp=rs5rUNN7)mCV#ty4vn~TvD>4fe`3FrxMV_q`nT3jcUTH1M9Jg7f*0M~kWtm#bGPRav zYAwsuS{7<;pC&mSN_3gxS(0eI8OsmLQiG991B{pk7(ub~`v(t0TPA@h)J;&_y9PIQ` z9e0!(c93J*L5}IujUx`h0PFk!8h~XL5lA!+w1Yk8qC`e3;=R=Vz{pm_=bWec5dX1< z5AkO`e9szIlpmZVQM4k?W^N>8w4%`*@zBs}22a*B#3w2n$w%};fUdK#xd{ztp=ZH^ z_)~hr=P6<)yk(|S%}1ly>{%*pHg*I?wwjibZ*B-=7#s1NX0Gcqj4g6r1T_s#b9~Zy z(7)%au^&aW5uoeDGg@z(Bro(Jj?!uiK1&h8$ohij`)j9*sCELy4S-&(xh^(Fe6e2{ zJYhKO>Kt6792E;!X|5`x93v3svw|_|EJtl;g5qXsof;Jm%Kz$t1z{Jb-Wheu3g_e> z1L4Q?#vm9t2)jEg*sYT{1ycWcOzRdPB0P%S8p)+L1-t!|-M3fcF(~6PRaRV?z9{9FV1L08>VI6q9Saw9lcG&uPmlp_EEn%btWXo>XNeZy9b??KS*OP8D?L@3oUR z$Fs$wn@7k*d$xcq!Y$*$y6$dWfGN$lMbkn$Mqw5v+Xgn?J;co8rAj~qB#6n5IPA^H>ya8_KKT;t9?770wvy^iUSnx94H_biJ%Xbe`U!nn#r1?!_0Xdzw;r9%{DJ zr>VRa8MRnsp4lsT7ZUShBvToAHp`0|miI3VKcBOd=I|@D4ZmDVV++m37Gh)DIv;62 z3~4|4Xg%iG9wpohN_aw_HhO{>g$SjuBMlZrZ0}MpajBt%T&e`YNBdk5X`2O+HdzoY zEpBc{iytv8KF9PWIkaJnWOif@wxC{hWKO+d$j0#r#$}G`qUnYe`@BKmP0vGPUefEJ zm(0%FVC%dMw$9toWa+65ww~Hx>!}U4p4wpRsSRet;=M@meq`r)(jvYlqFu&mv^|_g zo5N|?nv@((L;Pqp1w;@%MUi5Nz7y4wh<~L#dyIN^?_;q>&%$m$QI_{nS#iFmIc=uj zki&p{?~Hgdwy2_3z(}T@7n^ooY3WL7w(QrFk6Abi0y`xcRQ#Tvu-8^53{d`%jTvOLBK~JZ z8`+BZ0gq)P-Ycs4dRYv#eTIiSOlwH#p22aE9xs=W@nRVpo)G6;|0ixCM~}k^I)99& zJo%edW@>9^FlRQFD$m-PlqvaArok2-Ql@}YOW3RiNSRp4tMBtEnJ;85zRKoBE^nJjam$z;C6;T{i1NRC&hO3XT0n9Mp^n9Mp^n9QeeifO!m zoy4QM05Z1k+%{%sf3we4tkD1)lSQfH4JO~u3MQr)2z;R4FDb&qRi1;ccqT`mwl2aQ zn#FnzOV6V)5}u;EP%mp8@;(M5(F4njWI4);<6)qV(9kpP)ui?{yS)k3vqK*&Mf5d* zVpWY77pepJ*|z}tks?J99W)I|Sx*95uV48=6yF9C?g%@jSf6}Dw05?K4|_@3{eA7UcEAGps(3)-nkc!++O zerAj)9;O#PKu^{)J~Y0Ql<{RFiuNd0D8s=LGnGYVqxt<*KbA&xr+3Bkv|*;%Xp<|v zi=eCFqP1fyBQv2veot?Wp;=j8==#+9LYFp=JktZ@nI0g|^Z|i<(P()gK9WcZ;6Pf}Vq48kRF{I-N<5i$I%)e1N(%{P_)6n7!>bjWUai

irIW?XEVaj|K}#ilT$M8l?Li7ej z$~Dc{*d?%^8^?qyf5xNoXGk}&_S0Sv`*Rjwy1{1L8*IkC!RAXhG|_hyd3~tz1*658 zZm>Di4YpCR!RAai*bIJy&6%28lTbkjp5rQ>j$q+8>UTA6H0xtN22;D6DYlP^6CNXB zujWI5&$WnnosRzzy?LstNlVks#-bn}(WTQoe0YK39xvl564Y@TT1laPFACAyyj~G6 z9#nh_=;DEAcd@Zl$VYUIXQ!906*z5y5%cHMnBV&v!%hzk@h7waw=}&47pWdwMLaFy zVH`>fSZvM_`xUz?B=F}n#4qqZ_Ms-t8L35!*I5AX>DjSEdv5j6&~HEP_1}2$g7Pg3 zUNFak>E}ZL!}JCtS!g7o>7F`GR}b+FJ+2VVQKSVqWb}z~74M*xq7`!5ZAQ=&qu#A8 zQ){nX?bgR@5&cA)+UBNDNFd;~pi?~-g!o7`DMdz-C8j6bs`c0zUGeZ2>cP5h@H#3Q zgo&1sr6?hc<%XH7V)Dz)`s}J3p5|%HmmG6SM&8VHc+zAPrsyt#Y`>D(O}T&n}Z#D(6e)5UU z7G0NfNt*%ENUMEM-E_k5Ule(qP7&EzYs+48E%V^KqP@=j3Y z&Od>;2A`uVxwai>Tb=cS+_KU5^Ms8?8XDPm=!<+ly7|qeNCq%d86JU(Fl*3VYDCi|6W0;(~>EQ|FDv?7;HP3cv=RIwXLTa zR4(XL5H_oNC==_|yWzKLti5^x)HbRgCm`xs8QY%q&LC{oex^*UI*#A7UYT$c{vp-M z2%>uPPi<&_lKiB@&Q3`Ng_)tue!a_Mt_O?FP|n!xkmtSknAzRksqBI&-fZ@J=5EaA z3B6p!5PDT|huJyFkdWPPS-L!7E>qT;!92~6tLf=ZNd^^v!p4tTz;D{a#?vH-QD*7~ zdx&EA;xjHL5H_o6QYJPoKJ*)=TrI;PCY_;Au9&M7pI5$bGnPWdI147<$)nlnR69t* z)q@l>qH~TxQXZnYij<3J9zb~v6tDJcS)(bg<1|7M(==NG5-)4XdqHAn@-laKN|LA7LE>XA zc@s$7p1jQ8bxM+_PeH=bY*zrfDS4TH>y#u$MdZ#3L8U?rYV9v!+R+hZX^ExHT)3yl`-Z4S3A$kga)ho$w9-#O`N<50_S31Y9 zEIIl;FQ1huVRj~pM-aV4k@8;3Ow7^deNuV@6GFd_hEqQ4N5d(T^`qedOZBZC_IZNCXZeyi z%6+8OVlsWyc1~Ik-Tbxbwui}<(nd(QaRiFxB3%7tR2)s$1_}=j!QC0$C1?ol5s=>aeHZAE#yO z^mQuPmTo>^rYEH9@JN*>;4*<{MqxC0agU84E{v>&WAj>M(?DbWCwmc}xurYI5Dnb$sp~oh&?S}h4tFkh@Lg{VF@Y%oc!7ZBjek10 zia|ke$4UENdq~|py-fC`4nu_Dd3ekLANOK3vG6dfxr}^*W}LL=n(tr>)s!KDJzP;j z+%UX=z=y5D57Bx+yTO>agNkRIF0~{gYG^oYR(F)mO0e_cM0ov; z&lW{;E)%!j8@a8Jj1qO}P)MdL8!5o_etV9Q zKROzxOFF6X?0t?71{fTz#kaiO*f{%shOP=#gF-(UxBjMpRf+&5-HM%dCz|_p`of1> zCZf_@BaAtol>J%LJ!Cz%H&QoP!?F|=year!xJ%cv*iMubIT=iWBI`+^AlErf zWGusBz>~#jETaND2%H9Rk~w?CH+GzS+;>_iviY6;W6O%}DAO~!Yx4mavV&jx>o1ec zmzumbk~%4t9nZO}zlSp7Vwe<|9HixB#FDd`htBg|?pMxr1wsoujBgGL_dk+nDMi0m z2%Cr$Fqz1dv!Nt?tJ}nw3;JlA7?u8UPi25G5+3qA`T#i@RS@j;NM+IsfiT#byEv)# z#YFt~bBVKjMg;TDHs{1aq+q6%K^2p$j1TkY8$}7t)ThXT6#Xg%^fWTfK&;$tQerPz zDM^SW>yLzy!WnLS*_+8|m>lu#dC*33YLqz1w827@Kuu+O6|Qu z#{lD$Dg75CzdVr}HG^ws_BfANU;b>)XnnnK+&|xh6bg<_hh!JpV{ep-m|x+78%tE~ z=5+IqOVEhBheFkswO;?BT#8ri6Tc-5?B^l5CeacSC-ts2A-_t%BB@EVdmyWUv%wE3 zOPRVDmr4G^<|T!fQnL@bu-Ie|>*q7mIJ52y3n8DYBRWtr z&$xw*nq~=Vk6M4(?8|m z+#8a>Pw<0pBrQY=yNUv|{SJSvXsYC`aErvJjl_B6U?;A2b@c!*xg**cIABq@l~p9J zv@HX9sZiL2)Qvan&9WN)5+3dE7oj<&yuws&qRMoh8SVleIW{yx^7Xaj3W70meImTP z1hCqM*yP*x4)oTgNn7l9CF5YjFguwTxxWy?BHv5R@q10nXCj)aVI!iV`=gfqF8ZTg z6<_WV)EP^r>L5#|n0U$w8!W1wG4<~AM97-Kz(Yr~G>W}&3WO}>1HvWKTq;a2W~c-P zP%0a=Lm+6RS(snCtT=i#{7M;V{A=Z}3@k5*cFBqxdvlo3|842KAJ-dz!BU8=9g7hM z4>}HIjlyFj795E?SuVJ|8H>hhC<@Zx;7LgB4<%t(?d*4^L`wHpCpMA{ua5BiMwXRX z`vHf{Qu;<cS)M6>6>J>e6=!RT{rXEl{(^<17>x zCU;B*M?cW>YZ6l%l)*Zzn?~Q)9{So20PF8~zD7>YIYkQiF5+wyFX6l>CpC)mrfuMQ zJQ{~U)DzI9jOu&PamKHI($wj$AVE4is`aRW8eQS>S&k5R8Kxs`<|2Q6N=Z-X#}1;% z<5F+9q8LvOoVn_A=Ato?Oq#m%4WvkuU2|z8c}b-G(GCE(+>;+?F6I>W7^$%tXK@qm zT$2>s1i*tI4UA66@+M`O7n$V&{|sqV4OA`Ah_Y?%R+#*!#WQQKxG@V}+7HOfo&Sc= zE&XIKlaI_SUcR!M6C3v8-;WFKk8T^$-^mdXL_(84UXzv?j#J%Lk(JWArZqrR56pgK za8n05iibnY_u$ES4KBBVfIXj}?AbQ^Bv7-rc_bFqF$*@=1XaxA-*+f9z>t5rLHHUu%CmZs zeNkD&8adV_wVQK-qJOCU<1KbecjjbdokcdAryrv{k#nmvk|A29?6_#(J4Pdi@Ty{U zWAGfLm_7*kLzIUxbDczarGYEa#J3$}k#&p)s)aMOWB6dDPQUFzYaun6dac0AhFae* zac3AZA6UDW8;&0LxI96TV%y``TvRiGkz(@8$F$IP9`>$p->SJ$embt`}D|)XA z!BU*x->HQb2+Q|3!yYNy7YncIUmu@AG2`O7J(pZ>8VqHbIFu$fN{|yu%Rndy;AWPx6bR z#P%jIdy5J0C?kEKdW@eAmcx{;ba7%cX|@xSaV_{xXWq2Gruv8HbyJ!$EOevv z5=<)P>M2%6`*Ei^ac@x><{)$`Lj!3y38r&DkNK^umoxbJ6Q(uyfLE>}%ls!B)IWaI zT$QB42vEK3uFkjUR^n;)o}vt6$+W)+oAmAh6TS^G5A#6YmZ{1L=n^hmc=CBSzx^@w z%TteS5Rv>T!b#%lvYIU`JP~J8nD(#2YKm^l&o>G$uRNxe=ln30K6pQG7ra8g6U2ZJ zzgIzK-B_+DuaptQ_imq7$fJN22mBGRNAsmK+FnkEnDPC#c8iTnvnp&BuT@JNtiEqy zF9I_Bch&!;LfRB}AncufB>|r7ji&6VbaPMnJFreCS=kYptY-)99*sYo#DcxvqJOAt zzeed6x>q={0Uw1nS>5!Y7AaZ$@_*;ux?{A^7(}^FXqS!5O^?@y*S1ohqO|pfoGTJV zzMbpCO}c{Tyev$Olh6YHJsxiJo)=>;>)rDbwpz{;g%xF00E#M{M857f46zkMtx))H zBN+Hn)^1J8>4N?2;N7Ow3=4Cfmi$I^m$PXG)t0VTnMZbp4rF|CwEbf>Nq)wnsUiS)Ps7O^-+%U86E_Mq~LRbFJAGYtsP7ZUm&WDZy3$M;j6dJw^YRM>q`&7w96{ zy29UZ!e%@_^TBWkQHYcE>})i#k3;ub$iz{R0#eAl514`a)iK2Uvgylk%l7RG;PL!l zX}z1OOArt>_|i(MrC*cGZu5(FsZ}`HNfJiX=GTITw479j^x{A;sd1ZWPv5 zDlSX8S|gO1V4ihc%ZIHqLR_og!hrg!Nd4cgp!2jF^*|H{mbrFu}S((^6Z}oWi zeM<5F79AgAT-TNPJ5))Jh-TD>8M$Wxvg0*$8MidB02dG-t?KOI@rlg@xnIF#d}O$P z&rG|`NM=&Kgtobv5oUFFOz;t`F*}yXvi)7O+hYfoY#%D2#=UM=jnev)m^G@A{%yv@ z0gDdMqUtzz@fd6)pTqo>=ohJ4UJ%l1 z-LzASvy%Ue6e@q+G#jc+8v{Gr<&iloZ|wm~?6>Ih(vqDVSu5*s7<4&m+i1uH*IAm# z7YJ1)JXl^JyF;8(zR`)h|g%Mb51A*0+P zr&wd#W3Cz%D>a`OWCo_;X|gM)o#N(o>((~hpt(_jk$^OPlD0c|*~~;&C>&4}T8Fg{ z&=O}x*G~wo7=w8+kk7KClFee~3Y&8Yut|U%pXBlgY22=Ue56;soCLigkw}H7>3T_% zi{Ak6&k5&TiIQTje!{~UI3Gpiqk+gUGd(tXyH3g(%1xzJP()UKfx}nJfiY{x^jZbY zM#>)-B`$b3XW{?aBVUb@+;O__3r^fRp`|d`+Cm(nAFO_d@i|ilw@W+e>OV)6)<^G% zK-xUzPmN^!sIs5XoHT%kx$C=2yjK|>e?D+3b z-&&Sc%97kXlzGZn+&tuX7`dcv335e-Co(h}pO>{dS+daY(Ua}XxmS(SVk>c7>Qsh2 z`ByvZI7+XZ$umH;Di~mKA9)xzP989twyj+dVIjje+dl>|?X2tl-I0y^l3gW1RTQjS z@^^#7E4oSuNjvxIYnl+lJ)&Ou%Q8N-zn*r%#ZQg$idt3uDpi&$)$c5@yVrSK^Q4IsE3w86Qijc6Yd;bxO}Z+raYd71K7RR)Zmc&01$L~o zR(ujoIMKWDyXCy8WS;(sq+*bnFj+cJ7{SqfyY8s%%PO1o)#Iw8c|g|G;yNRJ$=jx? zY9RPo{8y1Gz|p-$;N3AJ=3bM_w2||BeF6Kri0p-9yxMHO)X5G-OCJ3X_RF=r#VYJU z@Dv*mo^F~xv1~NGp(lf@AnEB=${7LtG7QM-wHDI>ZHEF(s%inulwu~7;MkGqjH1ON z&B&5B3LK<(S_Y%YL8@tbR>F%}ueQ21-tZC)^95FYyH5tfCse;)ep$qbsPbHIK=iRG zJ~)`m=S9OhNH7rf9 zS2&!{WZ{B0U;!9y*C1tL@GF$SA~@z<5fNeY(pFd8P&zeKGvt|oRp(7N3lrQ$B~bGW z+x=RjhTK*9o=R9z?FJA5~yY)`!?(yslX6C4WE#%$WZkL#%-FMhMoG9{MQgVY=GNf1AIH8Xn>om zV5hf}N(c+7M9~ty3|Q!CSnF~9hmg$ptjm@SEfs_FMYHo6>_x_@`ZB+9q%DmifY+J)tuL!|+H<62cK(Y7 zD}7}*!Bo(N(W#VR#4hbt7(n*H2FBl*mlo;_W0=M1_7~%T(bYcv#jSII^(Kr5!)Y(r zxCFq)rBuFbG6vnW&#r?kJoMP}rJRhhN9`U5y9D;~!$>~OT$;x3xpYtAt?e3n*~x)d zuYwiU?($O&G;eNw3a{8?Fv69|!&?mQ?GxeRmAn;>Z(t^MZmI2sCI9wieFlSZj5Tw){YR8R__-Rf8K>@XXxPrSy{MI4 zbK0&(T&6j$&Eo#@F#FK3B_H{B0t*^0$RiZ#bEGU9OCH$=N5bafF7J^dZ$6q$cI4L> zKzL3|<<=kjRBk)x%G%(Hl9aC?H7@6qNoH7YxlSn~SAs{Jzx>iU!B<4TMr?!5SFIXP ziIMR0v8mwq>sxS&Vp8iYB6S>ZwNpq#zXaL(KBD?R&hQ=b^Q^IiCNYfKCOoV0mY zSa^@zX|ZqCpuA=Sp#F+YNc#`(X8S`-iodoi&N$)o?=`8;I>Ls~mb)%AdjW!1zGC!# zuc^Z$N+w7$`KZ=TD32pyDOyZSQeB0FVw>*Ka<3A5GyU@_ghft*61Yf(zAQ z#><;P2Y<^tE&w|nuU-&Oy@`9Ko3)I2*=VtDZf6;C^>cU(vP+L4s-#y2zts%Vw({E|^vv(>xh^akr5%5NBhu4_T0TTI0+)w=Rb*@fg0g zE`#9lf){?s-b4o5{he{R5ZARA535-3{W(8x^gs*@F#u(CwyFYrkQt95_=b^3mL)*A zb883Hg0 zAQdd!xNxhxE%;ab7ap@Zo*-_ES&rcPlcc<%Se1=KiA-B<5zFnn+`e`~=G(vLP z?QXH9qxw~&hA=q7&fkVnE)TR|H1mm>E*MhZ9Y*77%*MPBI4e+@%&t%k)k{x@eUff* zTL>HN9Yym&dLYrh-xiSwzydo30fN`0r326HKiwEh{H{VKqVw;7ksxx5+HvCY>#pUW zk;lU!Z?JgYIlmTR2t+YjD;B~G3!F#oOEsHUOaL!+`B!Kp)P$v*;t)C~q@_DGNP`f; zjs%q?U~nJ!KJp?{zeS4VfqTbUNnIB@JCs2xVTn!y%xHxc?t5aoenr=<(m0U#(jTKFEo&bj_ zr`Z9)?C~KSV0lf^`^+VN`_?jgfwX@GpSz%MAB1xC8oL({3Mm24F*M9%lAhI9(%dpY zF%>1+x&ZF^Zj)Gs<3Xhs@%C9af`&UUi<+QZ66qWFQ&r9ntBN&2XY}(_K2ms|U}YFf z?Th@(v6T}l?OY*s(GZqjlosh%J$W*Q$PdYksI;}_63=Sm?@uU3EchKtsW1;`t7+EC zzLEXi`Ftv@@r<-b5NF1nLv}YiEG#k=lvfzh=ieVhMo#*ygqQmRgJb_Us!5LsZ z2{Nu<#7)ElL!y=F*B#0C(_*+X4(di(ccErZ3}nPKb+UW24XEZq{}7X~_#{iDRdDQ0 zQE5*xxCawy>|QEUIaAF_9%XK~%l+WQYknhu*=8>yjgcy-xEriqnhYlU9OEPjcu_Ri z^?eQ-aFhgyx@Q^=e5}}gzkXU#e~5~w4z~CuPDlnSQN&X8kIQsYF`E(FwoEmN!8I;H zV3uJcV2QS?C6Xa{iav0?GyKvBddiHr<1OBaZrBNTh~S@vjBQ&5wJSC;94oDT8EoER zH$;q;S^HuA3aQd)v@7#yAR#)35IsJ0N{@V)lVvK!i zEUhUv>~D*tow(7)Hr``jLHoOzQI4v7nVS@35UqHj1k8_uCmw*i{crMta&pSe$J z`PcVNoa7bxlboG+joB4auEEatqr^XiHbz^2(#{RS;v+uM+&o3X?V$^ODPH~GDh8*$ z(Polg^LD}C#Gc3~3yh^j5VJ$i1Z=2DA)m!}mt>5~f<_FI3)Kd69cSxAlk4RBcw_X- zm{>{OTC+5BlY*EbBJh49+h35=%7wjc;Zla}Hyz7>gL@|Tx?_pdn& zZL~f=cXKI-)X>NL8&h$0n;n10ix3y1j~Ojt0w z|D5-DMzg9Ie+(@&k(Q7KS_8|D%V@t9;d9(3R6!GT=2)fpG?UzUIaHzzvSu4}1>%OR zX*#rE!G_xTTutW+>Pan0q9S<~!d*&h4av06e=?)FiNWm#MBoKHtIMOGHZq=@?_u7Y zHM8-aHO}oL#Wu|Xty5^(92|if2(HJ-p4z>=uzXQkhQ$bPMSMbf1^L0a%9z{9p~^wh ziJBXovz_81j%vBKr1W%=J{`^=dD#YLN2%$y#3_FuQ;)@b=%ai54h~N0mlKY0KFv|E zi;as%IR+D~31%hpd51=X`x@zzf{&XCX*)RV%l9>&_MFP#uaa5JIxJ#fJD*I_<2uh7 z!B)5Zq&mt*hB8kh$IVUUji5$#Fq$xe4~?*$>k2dbtg=3S`eB-(%-a$ADt@WRO5zp;$6wK$EM3aM)~=R~N!#*kZxGa^Iq&QCW~t7A$ELouIF;9JxRIVsJqJ4U6B! z@$S@Y+qtjtd;zwj8&yR_Yi3YIO0wkOTUK(D)2+y~faVl8<~Z5EEV>qwh`rho)+0g4 zzvGt4^6pi#d>@@;#+ziff>rxaI`|KdITer%Nzm@MjZUAeZ&B`i)}D#L$BWyHWwRm* zl>?td(@Qub66Mt5%A#-2e|`9S72a#amnjMTO$hXX&mn-_INZm&qT84O@P36o{Za+1 zbsrFN_($er*7^yx_*D@4dyWid`I!UCUHNV?LEx6!%i~2kvd~aMpe@{U@?S7tGwcy! zqz9TGboSmTk4dgbyjwfrXxu<1V%#-@IS@V*LO z(dYAO^1Z16EZ@x-~JfJhhW4}pV9o~xq#1S+6J!wzieiA>%f}r5LXWix`ag`g*8|TYl z!CoxQpd((Zg0KUC2=S&?2rrx*^77sr>dmZV)KCA!+&7Ot(<$U&x~cL%#BRj!tHH|d zuPT81)<418FmXDE3;CU(2ouxz|HO0*;6srDlg6|E3d4Xl%Kr-I|4B2}s_REam}vKS z!Q?+4c~N=S?r06B801(#)Bb`z{b5ZdEPK>qzxh$_ipK}Oxsmsxpsix&hh}(oQf@CW zPs7>ZM*?pPf%lS;rb~rUptCFR4&JeJ4@$e3vDCBwd{0(>z6j_;BL@f?q-a2;qIHgq z*UlAm6L(vX|EJjWYw;oJ6`^z%Pz8vvQ4ToN#aT%%-{2~_Eww-TLb)@E)D0hUqZH~q zvNL?6zTteB01B+jwrXh0It-xC8n&!QJ|t&kaa90 z)V#6vA$vr=8bVxs;UV)-OPA$>(Ej^xdH3^G@getSKzbnYTV#T`gb=9JL7=x3aQW>) z&;?tfU2x+0>Inq|9~DT1zIU0e#|Kt3e>}uIAkC8dwkmk_!q)R_x2&|Ue{}HjfI^jz zy2AEGo}=p~=I~8CqI3L}xpVAdh{YQOy$gU=dPkyM3G^QR9xrE_bmavZM|SSVGfkkt zm()+q+#lE%)sN5k>>r|E^O<*Dta<;l-Kvaw4E#9Dncx~*XwpOP8e=YY!;rLrr*Io0 zKM7=T{Y>pyAf^PUW4!%GeGtmh86p97M)Rk*VgtUs5G)7d`)!bItd3IGJA-d9!N57< zBf5V1SB$G@+)-D@a*?3wip;+=%|qp#HbBtwIp~GEU%rPqf@`S+&J;PRA5?PwG$mtt zbEtMz9M!!leVVuoRJrlWYkfHURp2@^b#>@l;H|Qed&!otuXcT%QeMA0b?_wiI0?xg-T2;3CV@Q{GQEApKl00)`;$Lv_=&$N z?$R&WxW~pa`oD{%f-633-ol%Q4~K}3lSsRTmsnQKQaaFmV3i=XCJrQ7SIj2 z=n2|&j9A(Ffw-=+yk;$P^{hTYnw0Z4jdk@jH+;F()BX*HG2MQ!U3ZGw4=Mf1>vaXVgnjeBhZC{?8deM-f;YnY>Gics6n!gX^BsIP z@5!?%4dt>a`fZOzY;Ldscrpu&S0t8I*yV$;%A?cwWrscxVcCbo%*PJJ`Fz#8HGTd- zrDAeJe&zU@ebyGWaxy~f_R#K8Z{68;LtgVkVA0m{kqGRzB>3 zA?xgr`mL+rd>HUqTn7KDOJS3I=k&P;3CaYh1Qyuql!Xz)t)gF~MtQ%A_q~WCC}(Hn zyeSm`#nk#X>Cw{RoREJJ!v>HmlYQ$~CLU)d(z6HsiGXfjnjhXe;!g|{j|yaxcAQ-} ztgsEkd@R_=i$6VM1-!K53BW&d_vQmAJWXgtsLX_VIS|+3FYc~S_C%2%#gN`#cghHo z!T^|jpT5r#VDe!&@9iM*+!UabmyVi_P=oZan52tOh3{0lh|_ z&gXN6dtHG8DQ=p=Q6UT3>ClS6Z7MdMJOV}0ju0+-a|ZmuT2qp*XJ*6pfG7A9Y`2fS zLLry{@T+|X9OMK1D!kh=Hp8=LYgh!J)rguVKHGqVNzmn86GI?V7V4!eBE^R|zy{(k zAa#7PMgHZrNa`DMXugrz!5abO(BoteJR7V!{Ls)f-1obK2{7OtEW0e8`+%OM3ipTx z@X-`a-qq#&u9xuQ++05HotXMTwhswl3Ak5N3j+d_QH1>yC7O8y{~(=W41cLjFnz`A z7XAJb;@|yl6WO=)m?~uUOpF@Tnep%?3#$4(P%*%T?sgJo5#zno@;5h{UX1DP!l`bN zkVO+G(^|DBtfaddfG>ZqPDnxp9N;akKi9#;#?Xu_ zA5ik5h9BQw4ln_@L%7@mfmfG4!cl>S&uX|m-sG2-32j^AcQ}u~g_+e}SVu+SaE8GK zz^8&&l0B2mTxOpi3C}Z>yFe_EA9Ak+PrQ8x=1n&~HRS;xW;V^1UC0i=X5#0yD-x6v za1Q6&gZ;*hgOZ1Mp%o%+yZl(smUuxLG7*SYbbb1a5DKF0Rdl|nM}QIn>fwDcdz}I2 zcS#$<;<(*tQ@4-r=6|5mucEr)hw`m;Qsb^;Uzh`5t)ha}KskF|Vhd;n8^m5q!P&Jp z1Wf%`uiuZua(;6hJQy>b$grO?{Zb_^pZ}z$eSn33Xnc$Q2kpj1wd2S7T2yQ+I6!dN zxfvYLh}8y8a2MFHExvabaB2h3dVAeL9IWf0`9Kc>#36MGGmF`(_5ay(#~t^B1M%2ay2 z;QEy)K=2)8JPd?4<%18^(+Hm@hb`NZ-L!e*{2oZrxY7LiBHP>jo7#(OXy7z8FtFzp zuHZc6MLuxjPLZAXF7v{x#pgY+;GjR?OGJnX`jccEd~kY5NqIkLfKCEPkm#>>^?Tqs z81M{)7k{n#hgeYlr@Oyjq6Yx^#l?+zWE!^D2POSo2nRtAHNigbF{VA@?Oj6l27S0N z#k`G8^j{CV4fA^DvNnUD7ra<5h;;PGI>q$o`Gw~KC;^H*V1j?!C=hEY z5qm>~I!GOy`+4~D7UlzPGQ&XrI42bI*!_jZ2k>u#ed73#6jV|2EBo-<;m;Lsv<1Ov zmuAGiY7L|id-T0qZ{{{a2-W})&e!##r(pGa$!dCNo+RWc1SC`#jCkWI^@ayQKzk7` zD981$Vmqu169Yi73iG$W2J6w+b0NOOdX~P-etjum$^|?hT3YE>xz9N7Q!)-Q~A{fK-WimlLzz8C(PzKiq$jD3R)bt%|! z)EO?92-rwlc*u<~mvCKYs%MgX1ziuy{Mi_5htT*BPXu>wemJ-cl!X1k+wvLzMT>P? za_!z!kbV86rrDfuRrVAJNqCwvy(sM2krv;T7C(_bCvKckv$*j@4=Tcba{~G|V2hqf zyPDsK5kYgsp4FgJrniM}>k**85unA0iQvT1Dm5Tf(R`hgw_9{PBDeTk*wCq-yTaebLC;axFC}%}0ePGK;*$|3XVRui+VS-UB&H8t z?5{ylDICvj=pYZ^rb+%Y%qkW?mkwTtcx}gCV|nSRH5QFsl_Bt!h?Zc1m#v_qksg3NDSk zBBS5OqK}H&EcAtQim9oC?6%RRm&@*0JQKch6*$d|v1}UhmXhdl(^bq4A$$gif^+a} zNxVbT4vdn_Ln(NO2wzADla!ecx@D7-f!u|6$5gr{Y@-&`P1qzFxIYxraFI`V^UQITQFbkI z?xY&|%*@Kj0~&{qT^UTL>}%!x80lO)X^cZ~W!T_C;H4TyRrY<()Y zz4Km>)}t4$*dEi;@aKkAZ|Xj!9)AP=SDXn$3#mJnu*08UwdS`ES8BvKWm%IZ>!keq zjd>5VB>2To_!A;<_u|D)nxuPoh(C+7$O ztk$me477Vk(UTA3v6I&&rhC*%WzN5L)&B^L@yM&Ro!$vBb(`26cH^mTwzew^3OC!} zTvWCtlOG+%B=l^Okb8NlBFM7+M5jq9+D*Kx0JILOoau;Y=vQL82LAn3lnsj6Q|03r zrrNcn$uJ3A2zNGo|99fpBX|7lo8TY@4?)Agl>^tZxtk(dmt7R|6cUJoJkNXvy!A6+ z5HgQ);8n$c=Z4z;)R6f8*?-`=?F*^%WB8q%WpyW!+%U4en!Y>!uu({XGKc-{mkutu zgf&g@=Gh_Y_K@S$V-BvN{n1(*={e@GId6j&fH(7Bgb zATjfnzRvD{ zBl_-Wgdr?oHvvgZATa_ACS0 zq+lP>Wx6a(c+0PQTD%=i`gKK%5CXPbSBn%23ym@@Ftd%OkB^|rV5c?iU6vEBZ=Hs} zMMiI=bPPKj?kDTl#_FX^`Ok9Ps~tpc*=RvdT7MWc)Wt%dj28Yq{JN1YPBN2U9Oa$3 zShYLppvmme{4n$84jC?jg89<88qT8lp4-1Xc=^8YM)y#Ovf?J(YLq-s;E5}dfUwki z=7Y)_#O5_b2PdcH??~ylFCS0Bv&k>@TxIp|F=4Xi3~2 zqrCB5==I3@iy3f=Q&o~ni_H5ay?!M)t&Gezhv} zM_d1T7)G})DReSDsdl_5*ev&^+BN-J9ADkITx6x!()ey7 zcwochijFG(cq0g&3fnkOe64rq`VB}y)dP(6zP=Tc55}Ay_J6BA=NRl5VSNlnzvy;x zTS!L#6F^DxdJjmrEshIFTSp@h1OC149sllIV=Ll`G(D;FH(@y6<>jIUYal}0RhV$9 zr+C<-NX(?$)n3r`@6$=;-h&Ut>tTTl{#Bk~Xz<(LJJ3tm^ULs>PY0jn294Lsf*g^Z< z^_3elQ|EeNkERF1*7+FSKYp!mzLdJX9O!PLuLz?8XkJa#l@JgK0000gAfYKtUrWlY zEDHeu$VLYM2w_(}?48}5tQ|aDUAR0f&0Soq-8tR-e&{&6X1~XIov8oWh%KR1q_R>X zu&i~;kiz3tIqUV5EcX}2A4ei5EmvuIdB}C9M#h`Jq=^oi6rFrLd*&gF>jw20;EbGy zCh-)-hPufWC#CEo5htU%;r;R8fus4wtjJ%RBPKmynNjJ-6do2fL?mafdQMaGS0wld z=efj}CwSJDxxWz**(TfX@WihN=gy|Lf&3fwo#OtowmkPKlwA;^oD$0~m``;WO*+fk zJTjxyab-2+S1#diwqgC}hr2J{lqQo?lD+iXen~c)hs!-T{Vz*qK4F7b-E)S2Su-7C4d=)M|yk9Plo?@Rh0yjWL>;Je8VjLbGkM{fbN)ybF zoQTy3qQ{fZ{~cLFl0G|({rBEOR0A2 zf9yhPwsF>y)YPE*bLPybo#=sH5*{xA$t{T{b0-S5Z6r_RTYr3d9U9L_XN@>>(xv|W z34$=*x+#!257Gom=h{hYn`0c}ebfyYbr5bK@y=Zgi^cUbCoDUvo)(zSlmFB)pJp0aRlsdXh)*SaX5)xSG3ZWdn>YKDMmxGWztz%d9JmZ#}9ST35J9(Ht-vC{B5I087mGDtr6TO z+q#}$^3QH7d^E{+XNOo+WFM!@&PeodP8`GidBpw0ODAZnIQseVMr00oO(7psAt6B_ zpZxIh%|792`ykD?4fGb!UFEoK+J?xfj@CoRwPL{aH};1ioQz9IDj$kF3OO{?*K z3Yv4$#jlvT7!h=p+=p%V^s@7<5@phC{EJl&0aDo(O_dI%laGA z@zJ6MWyw;q%SsWtC`n;MnC~B?SskzCUc5$sCJJ`j*d%nPof_nc55^D*cdP*?k`Wv0RQeAEQ&wTDVJl+e1yyDmd9GaJa;#wv z1ss8PB_AW4h&e4ialTd5C2`g#CZlN1zgXl-A5Aay==^%jf0rILMsxX|vFJ)rLzqUi z&-i@gZcZZ{76!m{r3rm%cz99hHeq7Q+X{{wW$f659@2gCUrfna{4g5LC=7QMlOs-S zUQzGMR&pI^dumB|*;XeRF)ptkv2d9yzi!6SqCQ8wuw{iq<>-VEh+ozJ!(-k!y2}CC zT(GirDHh}H^r#q!FHNxI*)a}*f2{Y#%F9X@w>U4($Psa@_*3oKTk^=}ARoTHY1PaA z;sU|uk?ZPvd~eGqG|R|x&<}9S%S+8E3w=TSzkm<@TD39@1N=}J;FJAd8F6*DvUaz& zGPSa|^n}Sui;i>5jsVW1~8sF2Ax=40M25Z-~ z>9=*#kp>3gfbUYbGz|wTypz0Sehqqo?`ykp-(fiD>ns+yyV+rC)u!rw1hf8z&du8W ze5GbZ@u7Uy@m8sJc)-oYKcZ4e6BR7qSXPm28a+<@veEmxy(YRo?&|JmjY$K4{k%m~JgmJ%n&_FNM~& zaX_?J7_v~>-ga{jeW+};LV3YMNvv?6=iCylk;mlHd>3=kF!S(@yLP1hQXe0nCw*98 zU;B+e@i+>%2y$Qhtr|*JH;$@ zoW-*2->yuqhcKItm`RZ=|t+!D!O)bP(h8L`X6`PkNL; z>K6HR>|%{QMn{T<26{RDZ27wb0=LsN?9n^DhhHl@E(gP-mw^WI6vo9VLmZr6=yx4FTfuY9MHLFNiwft~O<3%UZPSD51F$$45!>Pp1C(8aycz;zb4 z6OVuCm!;z>zL|@BTFRF`Ci4XWcE>b$!A6e)mGnWB?`ijP2VR|A9>NpOaq?8AtRZ9(fXpB1Q>*$`9b;fiZTyl5UYDpj3~xKQ{Qv zjlqEbiv_h2z68lI3|NAFi2g4YxSRW!{$~Zka6mgw@?GD19NGJigG|-$w&4)53(%2_ ze_`0$6tSEt+kfutj?l4!T5cs? zdg%l+js02d5!a*_FEvA5i5k;`koE}i(~LVDl>y_YD+#<*Cg}s7iNTtpN&0v-Oe#)EZZtQ&3oglGQ`UGEem3a~7Tj&0kvXV%!ZZQHhO+qUgBwr$&9GjI00@gm+n zH_lK0cUN_FMpjm~FD9Iy$|Kl+?;??aEISJU0HBTI|AMf_CPsF@HSKp3%h*;PRL#)kwCN~C>6xwlbt8uUT)|BfV|e!aju#( z!w10XG%r0-GHshY8nuSKM-n%u3YqmR#(sQUxIIS#oTnOPo7b*`G&+srBs331he?o8 zsZ}hK8GOhV+DG0*d0ZDRBhNW&;SX%HkpyY+9|E1)?;T)|C#$18sw4{aV@qy`ZxVyd zJo@K)_Yt0}P4QeajVzbWC)~zRArkzD`VABv&OHKQ11V$-$IfGh0D;UKf}XGP+-!yd$7FechhV*0Y^^>%Ln~ zA5MacE@)pP_mU71c~AO5g#Gb_EA)ve_}U#a@Q)pfO4MWb+-TnVv%wO!MowTl=RTFu~tFk8AXzh8rPTf8WeE zUTPa<3jQ8V>|6C0331`mmdQ!R)!Foe?CA^!NK(T&4Tx%gIMV8M{EL$V{3^)ZY^#A!=*}bdyr9^0d;kgt+35VN7Z!a8Hql-1bcGS#BTevn1oO9kJpa^I1GgcI3Ju75%Dy)ungF_KJ&wV-V`8?TDY?6sCMcZO$`~Nq)2XM zkzK4Z{Ojn4=A?yUZ#6bwI5GzY8?M;T%p%eR&v0ERNhA@I_g)%;=Ds|<_x0r?q}Vsv zs|&?nf(MsETY?VTum)JRCfPJm4%YeCtNlW$vn>MB3xZAio42DJ-ZPF(4+Q@O930(+ zHqzr@kR3kbf#;$V2Og)>fhz7chb-on6s;5U)|WR(9xzfNk(i37^=HZIuq6V%7m_T} zMb2`HQ}b>w@_H5hu2h$1(GNoMHFIy!6=+bS&0YvnuDWdQY0s)78S1%e{GRm4v$X&e@XI!uc;@C zVQo{W_hx&Fu+IWlGO#50VlOZlV0gj8L94$7SPBV#skjW?hB$=$tT5WSy!;6NH0)@J&9Y3+cqGR9-LdqPw~mnYE>NKo{4%8HXi)l6-#4W#^lv z8sn1DY+jSk+q*M$@W?R|QkSJg9j;no_)>OR3gCq5WG7@`V2 zEZQEe%v6bPVoH48S|Ytth7p!wO&C}PQ=E2`0jfv|HfMU7C&=D%LbL~d4^e&foZ(qlj!sEnTt za?$i#jdl2)yF%0&X+aU7E-r3PJgq&fH60-?L!@4*Di!>&Tx)?o+s=&#k53wg5Y>Tr^CA@lfNo?#o5`PMZK<-} zRAAv{o6mO5o*)P}vZBkjW!_~9L3UL8P|TwZSf6V+cT#MRrwVt+NohG+c7@!qAiK=$ zJ?q_ppl^Bw{#3;mQ?BL6A{gOLTawwA*fhjS6JN0<2%J5N%nTVkSMn`#fhyf>_X}g|9FLaGjwD6LhM3_*)P+_wJ|U5Dr-hm7K`~RNGRp(7 zOFF{m5pyd=DK$;0^@HTZ@VJ-GMAmJ2!G+G9e6~M)nJ@@(qOddQspR%K-^M>^Fw7_U z{mEr{B1vnx1ybf2VqWafUpybfmnq|EpN}Db3ufIvcV6u_?5!>fvJ}OHUVu4BRLP9T zlPw#@z$mr>e#_PmU=-IpBFc2CN&~zqwFKxt^ynK|?9y10_ zt6^(t#MOPE4%atnz8UYRN&~4AH5Wy$#%i~v>AwsReFnS|%KdWi!K%Je4lppuEtI^o z1~o+)>!JjN84HCg^`B9urJbOIU~q8WD41=};L71#Vm$=tFawKZ3f9eA>+VOZPrhdm z_G%unjajg~cuww3vwDfiV-lkk0F0J>a35L#`97nCbm7QRC~5F#(Cn{Wh{w&v&B?BJ z$<$a@wXgy4l@0jS9*NK_5ak|Lkac2WdIMj$pwKSisTbbmi|NX%5;uf*sQNgm(*f#V zQs^O&E6>3~=xb#YVo4M;ZDbx$yd&E8zqpd_3GTN?{`24T;c?dyUFA26;oA77v^R>r z8fqov$&qY4XSEcO59ij=Sbz&rLza4DB`+f+Y_3fNJOso)CN==0kwGyK z1DP$Nim?!C7qdY$YTqq-rOFhxH5$6i*+IO0TM1EH1ZQBgG|HxmZSeaX( zFWzi|6*5>CG6JjQG&X4GtzAC~CVoD^;x8VG{8!{hS@De2u!ic=AJgMclQmYRJsV&` ze+AyNfl6`STjUFlGk$a|)j=D=lJ#OA&}Q>QAq#MktyGMOY}*Qz&)#CC%7O~;y%}kW zzZCsMcum<=rv6tO5l|<{MF{!}lzfaRCk*h-|7wfq8L92X^G8?}*?;z3n1 z%wkYZ^S$sEJxmhrIUU)BCMhOPpj4f=)qI(SzoH!hfn=)-2b-EDbGs=qsYaH5B!Bex zSG$`tIZ)eZfYuA< za(q%VN8Fw@4?^zscCpIss(`N))k<=gIj5*5T2OW>m1v|Og09KAIsRs~-YXc29`fWi zkkk;jTqF-oqBD%LM81-{i-Op?{>e}tDA(O8h}7F$k=OM!$4za6O{zGaLwVZ(ODX%J z{V@s*Re`U9&FriU7Smn%In4*yWe(`OxJfhUYp*FR?`*DOY`-EPi&0+p8X@dPd-<`> zkOd8IzdVEmSyL*0XojIFYb{CvY`xGdG3BwKJ+Y9dsd#;4tDwhLtT9!#e%L(HUeYuR zHpcO-74NJV1$dm8z=<9EdKN~m*s1rryvMFMz@gS$yHXN6SSeJ^eLtd~08*8kwo5Jn zlo}Gk7MUJ3_hsJtq;c(4#ywN1oHPxwSr_+78Ro`JTH&DR+CPT#cCFVs=T2iXwrM7k zS{8M#4?!a3v`>k-#4;ej{y>2Jof_P}2lK&*2Q^*RPIb=5hAJ3BP^zH%lH}JdfwNg- z8?)K(|AL#ad?o%jzQ6>uw^2_BJZZ;G3jztI1ju-G?@A8fWjw1<(`FflOI|pptZP9M zI{gK)MJ3O%pT>V-C1OZJJoa^%xVuD9LuplfXBv~({q#2lCc9barYWb7cT?~rN7G|_ zzVWiZ>1{MTLJfv`vws==NV@+bLO(r5tRX7Iz{oH%h)(N zpX+*uVcBh1s=1y5${dM$Dty?}fDd$!Ast=_s&B=j7yR?z_&D1+@2~1lnQu?jIR?h@Jx%;1+iMjKC}Y?i&=hs=YHCAFMo=@ny#lv`ARUzTK)|jc_S4QWptoV^5(j)8mD+u|Lv&{tq(gJ_1+46$k*}5$yjueiKJW zJ4dJg9KW)R-6jLfZxaOp6KFFXyLuI%!zK;4Qz%TQQ&8T9bDlsdl!W-Y51(>Va;w<_ zb~vG8bXLrwBAFnWw{Ki#v~Vib34afsAnlR!iCYBBz{P^rtHQnF1h|>6;lWZDS?U zG;|3ul=XZrPdl6!%@y?{E3t&RG@~`fg=M8+7qC-q&sOnAO;> zyw0I=B0ll4a3;BTN}<)Qp^RA~b7lsKeeaR6cBR4(h+eGGS=0sdCXu&?Yda9#oc+|fVJTc;s<(8UXhZZ4PX|r$k%Lf4m0Sj6*H;b6O;$?~g8$~V8a<1n=LwvKQ zm2LOg2f!CKSH}^|`581X=Da#aA&LxR7-FOQLg8fm$&EjIoLN*6M~B6-;TJ%|Z6*K{ z!EoTu7y>maQY7UhlRwH)u#bpQsj9sRXB*-snrd-vgi9?iaXxl3L!SeW+Z$OViR}v? zbj%AcGIe6#m~t~VE@SCj%q$Oo(2>AMs7&(Fr(t?ptle22W_M|(|Ff6Su05GuGrU#tHZw!{b5K1}F=wVN%|(KRNF>{ifQsT2 zQl-2^wS0fnH1!Sq-(}(t2gx$wZ^M2-`~RYD_4F)kEu8iAelzu2+s5gTE%CcnFJNIC zjk2aXhG(3lM6-;JD`RP9q`bs=iu106IaSMB)YvY1e25tU7NqdD1GPMj%2o4LTlClGp zm_s4L3*fWlNt(^591zfbz7{NPA$A6=O=Ky9YiTngN@#8o{$T(#Z%-4YfExT z_(Vgsz?d|K-*4$tnK}j?+CTIXQXLkQQzkC0`H-~gb7a{)I%SbFRtuF;*Qw-|_-ktm z#BGyvAzW%49g+fZ&g$kZdI?pckjey14?tmQ%MAPh3ZzO@Whw@a=pT#K4T4IREDTd9 z*T`Ed0`E!hip-h@`1^O;b_2PtCJF;P+#Z9SqWfyWI%X=@Q#gCWS40qHhDXgQtIWv^ z-~M6F=%IIHhA*C@BRjBl_TVUNo*6>4gvopTF3b*qeSAY6JH{C`J|13}9k~-w)!1JD zV0VkcU)Q{c1$z>^vRLOoPoA#U(-N$N%fvK=Z+F{LcJV9T9Mb#6`5*Tez9heTav)$$ zv-K)^c>UB^Cm=q@(t0kIzE)i7Ya?^az9_p=a#Gq@pZYwWOLJ-jv%41DojJr9L^^9x zXlU($)lKG)L9k-D0T*K`>r7V4*JPCD3?Y!2+ygBA7by-E@=h4{9P&^8o*!91SU)g+ zAaNg8MTF-L-LAH!`NV?K_6Jrbr&LEt=8evSd}oLh0e4~L#9ZyC4Xvvs?LY2cSveOE z#HCak{8?!BY1{})+E(bPf=Or78+hQ26Q|@lee!c8orBA4JIyb9%apYP54ug!sKNM) zZ?ZQ+H#$;18dYj0pzA7=i|PnUx2uusRx^{p!8iK*^ImMH8b&Rac6u{YhYYg9co=;z z;5M9=U+U>A$Muj^U#pS<@QEbP$g7$qtceqjOeybh zRWaW5*?}`BDY^J6QReS7h)3`y%n}s!K7PBS((z!DGvWXSllFph;>{5m)4&QFOUzy; z?M+T?oRA!-{X}NBNBF`16$+dJ2Tty`Xi`2f+l;psirVQlhepKP)2kU@%pfKhbzu3F z=8YHcwaSIFCsZvoBY)L9*2IOAQr6Zuj#JCL5ZRr>05o~LCKY=G!L2=#(pn~B1xaL4 zTFY<_vIpRDsrf!66^970UZ@kfQq6FePlc|kio)Ln0VfF6eEBa~;`Z^VOfks#h)~+J zjL6|zxX$OFdZF}tX-l5GAq6@&OJ4lvPYCcn=6f#(s6!yHF|w*zp{z9y?@$Mzz>v16 zB$%c6z3|EdE)wbYEoWz8eH0l#ss(P}`aP6r~2qZISTWV%U@5R;Ww0A3EhmS`Zp46y|K$fsLU}@vk}x%z&J$&TVIQC|ip1l68Eb z@%+d2tM#WzaB-h^z!hLy-+U`T0_0Yq>}yPbE$s-UyT$7D;{#0pMOy#cCd8}E`lI>* zxaf>P{syWM(1iSY6wO; z6s7dwDkUADgOd#&E1SGZ>tiugbEmVD&h`C}C<8?n51#HPuKVQx%44ji#m(0au0M}* zxdRc~A9+G7OkmJg+r-X-#2Yu4p*Cz%YX}^5I)v^#Rsz{Z}r$du<7N1v#2V5~W~yb*uj5!JjxK zy$GQ41I?C}>B-F!QG{N_N7A)BDdVycd@Q^B*XsMVtb-G069w8<4q9DPg4$>q3ntq< zl?EcWeDKOxRu3%x(JM176y*KihVsq_spa<=FA8SzSDaHZ;mNn(}AUPe=apfKq(4gs*wXF5;%T?zeTx~`| zUtwvEK^9v&fqz{F?ow;0!rLb`>w=nv1m-L}(_-X5jbkje>?MgzM>65RCeXO->tg9>GL$eb?{qnsxCoR zu=P}82Dgn}L{*YEKHC8N1l5*x9zlAg*lS<+iKWiNePFO|PFWGqu zonEfP2^x1y&Pw*H$>F&kf3lMfANP;8ju{NOdpj8?aa?Jj;gZ#9^sA#lkt>5C(>X*C z`YWgcL;f1-2$rZP`u{cbR1%Q8H*esWmx-vtHW=ZYUXn=F)yQVdWb$=yK{L9-BlCOdZg#M#f-*^-p9^-<~M{8c&`;gD~taiWwl1I!9bS zd-Xe)%!=w8n@h^dY8jHQa0hR!Ry3HMq3vWtAp_B0-ioPt(vMKZ3B;;*TK{ ziQ=s-6Ue<6RvDaUy;9pr5HcrLhJMgY=qCEHETw5vDmFcpwt+tt$NDe{c81lK75O&_ zlF0Nvil#>!@)BPr3Q7SB5Q_(`UK3E=gG*-F^G^9 zW$ObcE!Au#PTj}}9yqOrkqQ<_jdTIi-wxOlr%d{uN7ibaT^VTDIVhk;qW>E6&)GTt* zEa@P|YLY=WEYLS(0aLH4wA)xiQ|X!l2$n*x7!MnTfc0@VDOvSMPSMRNWEiL$i-??f zBZgz>J1w1s2?dmcYHx02MCGHhsItM>6q#9A&Ceo$ht;-r>@XK%LIy;LNV7ntgY;^TMI6mSi7bb)CQ3FJohno zuWo$V-bQ~j91EkP@oTfP5h@*!RoD6%FzY!6k0?o?vO%5L&N4j;7=*!?1J0nt%Yo=OmO9Cqpj8tCDA9eDddjN!$q@<)}B1B)h^+omXsBj z8KK*37ZDYb(aww<*5%GO?v`fNjLY=rG1{t@>(R-!%f=CH#fgf^MZAK5C#{Nf4hA@~ zfDp7EY!)#r)POiAST%#(2xPtz(D!!JSsEp8hzEP~BZ(W#^G?fhu+L%w#bK%gj-2f`2OFhqK%l&^Sk4N*ux33KGrGrU#f}fU(dp zAhlH3TQQan)g0r;kVGO?r@PTy>hTs_j*Qu8qGENr9YXXs&9ehu3F3*$f%v<3%ie^w zIDoZ7Z@t#RrsldJwA3Ec->Bx_Z zA7>rzy{RD}G2BqB`65hcW7lDKHS1pm8L7F)ae0*^oeaTJsSq0SdqhLn6X=SuO}E$K zPaNkc;(Df0`?iCrQJ!eI zw`~GoP5@oh3@t~28Xu?EZI3~H`20KBp3Hd5Ljx#SK=Y1vxc}rGRkBeC!3FXhhMmIY zUxW&Zmo-qpW+v#0?E3+$;#nUQetSZy-ohvFLmy7MnZFOES3+Ex0=AM(4hz-xqPZ2Ka3%zS&~7V-Xa14LB3sJoS=6!L zKh2jwaMh{EnIF2at-%_4zGicM0N4nf#>W_^<#qUg6OEdb3RDWxf#3H{z8s?RIhunUr^M2A+R=ir+>s& z)ZcMft4xErq=w0I32(e(srDRG!c7i_g)?up6&Tfw^>GpdhjO>pwntNSp33Gq8?%V$ ze5qF|$?LeJhs#2;TD`nLK%m^2APJD}8QdIfhDKx@ZF`PargWvtC>q6jSKz+u-4IXM zBbqdAN;m-=95(H4Hz406>l6Ir>e#&rT(S>PF=IZ5H26}wecCvXCkO5ahyUd+_=av6 z?8hkicAw2)%Bdr}7GF=x9|Xj_2oXiY_#u4r4K}9JZ#e+Al!!fZUeY~gop4r?JiOxx9I`r*(n++z&n9aT@mfjsp)y%f;Vn}713 zTE+c&Z)ZPzyqtbS#d#3tema61S=w>FZ1zVHfxdnaq);Hvt*GfYf zu{zVEjMIGtlVAFw@BS*TL^mdB_yaV2@haaWqVLFSM@7;PLFz}uFb_Oe_rw`SrZGP7 z&$;!jvvYZ$akHbgi5VErdbO7e5j}pT0+frAZPPTg(zpBv#Dh7unxe1yLwnC%@}Rwm zoIvTbgv_JH^>CoBzpk&!LSekA_plaAw<#~-%8zR_Hy-{9YOg$uRvm0z$Z`h}}khZ_?|M1BPq!Hh>=#0o%AV$|dyV1gOCkFt-adJB0Kv*g_yB zHa9V2f2|o9mPpxK*TH=t0QorLg&z8J4Ut!6`H7=sv)ZL((c z(?DH?$j2bXG~!?j&_!T`fCPm10;2SMXv5co5S7>RweVhQ5WAerwm-UV!w_UD8Wn}3 zYjJ&WT!|JmF^x9nZ}r**p|i3SfV#_4z4e@P$;-u^{21c|7z&VBjh`M+U1hDA%%ufk zEtu*~2_mkG2cv`$kUNj}n3IHz!c*5-NKkjW#9$OQo0;VmzcME>HD6voh*k4K<8GB? zthjK|sJ6i?p!zU|9JubU!X1Tx2IadSh)|9L^e`v$k&2?Kp@nC70Xhm&ixAKWs|p@Y z*Fqd2V!-y>fOb1vtCTurrP&-R3|;JlF__N98Vw~+sccS4HFvnp_lAdH{qry3<` z`&dgk$R;5fz@g@KvY+p~gdC~V<%*$m;$kY?oO#_Q;hA0I;AZ7{r5i~x*b=$|#TII@h=a|NI(fTuomisc$ z7L@qe1Se{W2e#bs9b+_Sq^_t%A>lRw2}GC4EuuyOG`81(CW!SmMlj4jrUy;8vGyb< z5Yx)c^=o?Y4nmLzaD?pd4HPd2@BqpG4F!N?=j41V!6Cng?&=;X}bvFWkWmIVh zrQL)Wb-GS#R|p3X$@biKPdHOM<2;uia;^yTn34YJu^_qmE{Ws3*Cw3(G$)+BcP6wS z0*f8g+Tldx&f;X;{=DVEN7dD89URP3Q5&q;s6u+sl9i?hgT6jq1IyBkyLWg9!_^Xk zRYomvOD^(;+g?h4n%Ay<5}hnR|2;nz9!?LCJ$ol{Vzy(+glK>Jdu)E^_ur)I`@uSc z_%HcC3k3i`_}{%3XA>u9C;I=adZu=c|DQCrMwREc6M(S&Oby{24+0^&XbZ;OaxRa8 z3uPA|z<`F!tS_D-MhF4)^NLp?UdW4(A^Arg$-~?G_Qu`pUfIG(q9(Wn$C@b9uD|Rk zE+5r^e~VcnvB((UD2$Eoo@?UR}3VOvRVauodCmWa>E$06WGzO>!$0kF);vzYI1{9-D!6So3wCg%yz z)N4nmC1I<5+z!UwKdNf2pt4Bi0@@eWoPn-t?8tPziztWwtAeMZQK zZVlzaPVHj(-OoWRIo2ygYd7YH19#Sqgv*GKZLm)N5MG56+LkpI z@A_RgVq5sm2%-!tTzC46;QCW-a_jX=8C#ZZw@#)-S;N1**qJ|cu9S(kZ||s@u*m)$ zrg~H}F#^O(8|V0uy1i3))SJXBHA7T^vUn)_>o-2fJA1SIhqFic|DA@qwV~~Apa1|9 z7ytmc|9cu5So~+AXIp(cZi55C@3ii&M9?3L7pS=_thVxIqh^WA#Y=HB4Y-+U9Ap93 z!IDdhW9jGLh%6AJ#OAZ=#n5p8%*)j5;d?W(jnW7yqSrjspUp&?h++^ziDbE7Rt^+( z&Jqqckn2sU` zuvpr&kb+a_60Cv(5ZNQJaM#o(XIcSz*tsh2)j!EKzJ01Xx`GzKGvP;=?XA2oqOjo` zu77)-M4X=JhXo!>8J`)AAM>fMth*}Bsy{em4P=a9!jpkJ<4D`{#qg3Eo?S;``V|~U zy{Vk^v4GRIb6J}cY-e0rbpX+a%Oa>Cusy*^z_7~KKG8XV1EgZQBc7QS?P!C>y906r zcRZA=%$cF3e!p__qc)^s0|}N>N>BJ}c*@f-gF8Dm_Lr!j4M9CfdrNCH!OftqC?N_q z?lG4U37|MV>v`0bm04#OrDWWU5sXNpk)zdRe@%Kd&4X|n(5xv;AhRQVwVMJFDJY}9 z9>5Jhl!v#f48p|lw1m320YK|AmK^L2znMm~mP*ypC`N6Z+iXXnHZp2wU4t`K-L#Un zxVS3hi9J~fzv@CzbX@R6EIgz+_MjobB6d)hz#~xY#~#!h)r!ERFES(2A-SJO!y&)z zMLx}?{BO`er3Nd$#^|)M@dRHh*xd}kM=tB|8@2>`NatmxVuN5<>h|i(8YAN)FxP9U zA;d~t057zDy(!F)k3Z%g>98`RR|G3nFhdM~;jvSNJL|#_X5lZNgc#ACDnEu85*Yg`AeF$RI#W6Scp7yV*~OT;=pQ?=#CT9fX+|9#gvv~gG@=th4c%*pfF45j1{SkrUg}gIPbiOkU@hh~CW5+=m zjaLwKXpSl7C4)@(Mzz7r-RcB7s83gx3r{Ph zSnFsnuOk9Vw2tCUo1?9>K{b6QV7`(0$4i#`2l>JPWFC#-?^02cfQ^Q;LyNAB?qBm{ zV|{7y-Zr7Y9QcYUjVC;Q(pl8g=+yv4mR!mho!XhwXf}DWtAl&&o5Rn#8)NMFt zx>@lou40+a5*4qW)N?4Ggl@=Y%`Z{%+o$smJ-qby#j;Q{=(3pxl=4aJ`MTpPax4r6 z^7V$Seb~} zO@SDf0N_}nBr?P{jU0=dRfTMPq~Q%w$mQ0F%i8#4D}zYfA_>OoLFZ4Sg_*WC*L&86 zI_ulU5kCe@r5VL&hbv@fX!YSJJJs~hzhO8&qG&N#_;}V8L+~0GbLJK6uQV#*(>FF1 zfj?gRC(A+~Bp1AMTc&7UF2q}lFD~0O(!23hwnB}$Cg&Bc=dyyNF5{}z+l}LSk)bAh z0>yc|@|HMQR{q$TvxefG;!mlz#AzGOhrx>{Wlfol9Pc>eF_qU7hJP9P>lD;w?f&7( zTu@J3q?X5`PH*frYksDgvBJg%%3yujaq4BcvDCt;fPBOM_mct1V^!Jys~SoDeKzp^ z_b0>J?*G+~OeZT?{lb>f-G7v}PX>-5oVu&zrHk?O0z&_59C&`zM<(x zm_Eze?<&iPA4r_T-DWq*4uZ)6wT-?K9c)v}cxkJ+51b*yoM-kw_F$kM+Q&p$b9c@> zcE|r4Z+(u>&O`U0b0b)_DsP7%wNF9ii&e)>Xw@-I)VG2t!&#ub9!l#WZ&uxCX9thJG1&k%fm*-)y~VJ!wKxCx3^JK)_L zzL%MIAX`71OEhNB$HxMWhTDSoJwNZ$Zd<37IN}Ly zFVKAKFOVuuM^-yxvzfudn;;z9(B~S`gozb7{{U&MbBWc9G$Fu{?2UU z|F41kKeKHAL40ajb_X0NzNc#Hx+)UI2vARg33HNNIbj+Wr3`q48q>2kQIm#$>NUFg9kkdvPx)= zm=ajXMJZ+4R;A7*j{t{!5r#36ngh%Ra+1a26vnwB2cEp)e`$!RgS}`yKHi>Z#1Ov@ zDHEdP>6uz*lUT{Na_6_M}gM1PZI>}t;}`%0`|n#hu4TH zoKU66cnyF3F?aU5#Hk4%lVH4)h;R@!srFF$F{o&V=7@0QDMcOW8CL#2%{3ir&y#UD;nyk@YgZUX7CD9!69~B%0m~l%?}Fbt6W4p* zaZUTeWAetCvu}OEP6?GZy?q5j-v6hfX*0p+T~Ape}lsKre{cD7=r}YO(g=D z>8*070B+2+nA_h3q*?*`EHxMfofp;OVyolpxPOZR1%=?No-IIShW#cx#-VL@fJUjO*$s|m0dnbDtWhVTrk$@l3-ZC|Bl zS^q&>+LXUjH=1iQNDoy!H6ONKaA3>6umLb&W-Q&JtFMY z{puum3&3z+&@#qvXA;lqwTN;ph2O!fZHTln6(tQ9F*u*S-7j@IU3_F&p{3X9j?EQd zvzvZ-$F_ctBw*Cp?x4r8_&uQf0ejAhTlm_SUVg3$= ze`!ihU;w-dZ3%Mc7(5Q4<#4r}w5)tty=#eCv8NC|8l1r;Lv2-KM@?I+Jfj@NB;)?T zRTi{!Oi$F2RZ=cdTBfAd|1aUv0#9Rub)m%|m0Y4~^AmFB`lTyZq{umH|Adi(P9TpH zBH0|s5fKD1*uaeCcEAtm(1=!Fpm}QrAYI>H)Z;XJ`1ZVpE>RXp#}!H~QYRlPE@|KT zoMXyjb0|1($?=ELErDJU3Q~ngo>4+5A@kw3nQI%m z-QV$62;x$F3mR~>>u)C)MxgL*DYT&uf)iaW*Y?h|NZDny4+yAr|G8$;!#D`bAD2@+ z%gj^5+f|?0+7P<}+0`1Y=K7H@@c#x=WUU#S{{d6Bzcu-Pr-3Y-O&kpjtxbL_a*C3S z+|aKe^i@sWUOlo>vLDuh90Li5KXALW0;&ca(?ane7@qK(OJbvOfOpN?ob>bk{k;R# zr6>lpEVxCSEdx^rIHEIwgS_TJaTT_WKy$5!Rggz_n@l22oge@?*ey|+1K405C8Y}6 z@WUW?V1E8l%QMvF{lAuh`Gbo>M3AmA111rIRdA57QeixKe(705jWL#xLkIv|TT| zNu6Emf$x)%R)-WK;1)J@rE8UwG)PWBq!aD>^+a~#K<-zmHty_oNvPdCO#ngHL81)} z&3p0k3Upye+pTIK1yn(bH28Y_R!z} zeIw%d2^X2OQl>S1|qGaIyhMnx!J>`E7`~Pn+K1YGe>Q{!n^Gw~W z0c2F4L^)UCd>$|O+X5!00bQCp zf!}AnK(!VDmG_2B2$4I-{YS(i{8Y-jXf9L)Z(x}sdejAI%){>rXsobhN}4ENL0pZ7 zSRWv~atw*#=pm*{PkuZ6?(oxWB2*$8i6ROxcUliH3<~k7BOW;J1sG{3UPQT^U`SY3 zO&u~mzy&seBb4JBuuB3#b=tPV*S$Ijkw0`|%;0?KC{aL6f8h{;t5p#2MHi z2-I}|=f#ZmWi6KmHG)5m{={|X-puPzAN@GAM8Pw?a)zH*MR`gah8@3AaqxoMEQVDj z>(=D{eNqcun%8uA^gpiD$?P@yzu&X%g#ZAc{9hrCp@o@+t+Sqilb(~aqlK;6@6|d^ zma$u6KnT5kM-}=*LOD(~?y5pc1n*ih|av=_Of$8eOpN>4DI=*M5aK!947nRZ`rNj&c^Q|0aiX-7n! zQKKbMLAxgfMpn*%sTGkVZZ9Q(RLOb#LOc1EScGRUY`% zU#*)%{CoUcJbMC8l!4SSk)Aq zXE$rd>dkFs$pH8iDa|(YIf*j|9sp0S;is@Gwa_Czz0`_wyjB{w?;5?e*XOp$1;*`D zgim@)#hr)c+m(_pTM0JIGQYw}0l?m%e+E0BAM?&2A3>0xQP1x{|6P_jl&GR2e{<;a zw=7fquQ_C5`yb1P|CgjUceeRIo<}-zgA6D>yLIL-{HwtP1H%~1?h4_IzT6OYBvR{i z>N&KnIeoh;a3^dR{|{g97#&!bb&bZhZQD-8wrx8V+pgG7DzLy?x~T*Zm&Ha2#2zVAvas7I zWky$-#sB3_)LFe5^V{EJRQg>*7fp2!RvUDVE19c(RsT8b#We7d@gnP%!zKSx}M&8 zO_Oz=opvhA(IxAypOT}5%C;EQoVK7Pk<=>@jwIgrL*7D#yP#aYX4Lz+R!(Eo-uO!4 zxl>YPMyFEhb7BW(zD1Ha}U+tN} zA{@~BW6zkMRSTm3Xio0q#wvNn`R8C|MZ|5c)~G>ePIsp(Zus8^wl!M0>UI@?VRH zu1uTkki@}MP2}h-t^S(o+WQ-sGe1uvsnU7%9UBwTMy*mOLafEq4PXh>@wTAA6>(`$ zQ@Xs3JjR>4Zb2)zgoc7AaZwKwA8REXI;z2O1Mq%B4{&pB0+4SCZ!ba|(of+%(`r`9 zKGUHh-Sn3(2F_O%o9id;Z5MzA7#+QmgZP z9h7wGTt&Yh-?WhM-Nh_oKfcsr+ro5FqicvdmB(-oh*-lrv~yHxmydBlH|TbrFu$AA z$pI4rz5xIA0yJ%HS4`pa%KTZAMdBAk1HHn?O zOA+h<6wy}UR7^uQVlv-Nr;!g!fdEytFM6K(Hqz6mbTEGiC?Xo(ij8Y~!A%xxgoKlz zW25C`5XrVWiwLWy>zaY)?f%z#v__cE`4HTIx7{%bFRoerY$~tB-6B=ns)KbhFdxcY4SL4|AzT)TsXftxKZCElsDIS=d|b+7&C)j-Dp_Zb7?Q7yhk6 zC-@s-zGS~3e&c?wMf$Iruj~WhDhw5BoOi~-f*!quiNO>0-CbJ^uu$(V?(6q6;&ETi z$9Jsdyf<7d-#>PHoZixi_ZjvpLHd@oCA0m*CBX)HpG5> zxdYqi@7(`-)ewE%bijV{x)YfHHd6aPBzcpnQg-Vc2wgw>T^B&fh$8AvwKn=a>;1OS z4~hq|88#4gtYs_W1<3`5*dkx=Q}T7fqYg+94LmCg_SxG!BhuyZgTGbRHHC1P6;vg) zToBk|qGV_i2`(!NsT{Y`l$smu8^E)akFPbMta_aUi?&oWFMHjPOp?NZOjUD|nM2NT z+xb?tC7#5boPr`Zh-l+VsmYy|OdCt~#(w7qQkwGy?&DF7cX35eYf|&hz5RN#->1mx z{R{gRzO5ftP=)!U^H)#Y^v2?ph*C%SC~)6=@;E!^mlpRDDt-~r8^?W=@krL$dp}{_ zg#Bqj%=bA&9P61RSOY;1@*)*l2_AP(r#@kNP*%o2lvtk{kJj)N9vMO40b~ObLSS69 zqDPI^0lx}P4}xS+PIoxlToCjC2$3M1(-qr?0##G<7LNjk1}qRhL2&_Mu}uQ7%JXS) zQt#q2CMNW*&-f&qMj=I6;3s?>nz7ljYvE7Uq&0<1a`s3>AzbrnY8OMdcu zUn+eCq|tH8ENk#F{Tix}8qf>73X|_ZQYECG7JBs!=>1P4EPHZsGg&iaNqQ)Dl-}Ht z;3DU>OLa;svMn&shpSl^KDv}WN;y2t~jTbt+gmYXa^yTw)!11##f}N zw*xvn4)uywsQvtv0u*I*2mmKrbbgFEhE}M6*k;JGx>gVwXJ=#MFB+j1ONpZAsb$Bb{m!QKxx5*|sS|9Jem&ls?O`-smhyHu}&2ZI+1NoOQ540|f0sf~Gd zYX=2!n3muStJww=d+&A*kVwOrXCXv9cV`#Vi*h>Nfb>z}qjAn-@K!oL20w4!(pN<($)3PjRgh$H#A7 z-PYi2~97j8K8OA-8+=~F8Lv~H!d!8h*nW;Pg%R-tMPJxEKa5$ z>Sv7LAXj` z$OIsvGvhxqXX^tougf0ieE;e|MqIXA<$sbD~lNGbW&#g>LDO(#>}S@|{N>3W@2&1M7KnY=`# z5i7Hd1&!_6jUGfZa3C9ey3q2XRK7~0yOTYDa}g?ealUuMT8iDpAF z_W-s>Bs(2yO3e0-e}N@Gn`!1MF9bQ5LcZQA8N#hag`?>fH*^b$@@lz|Rz0P{g=CB@ z>90Jy#e9z#cX$A%4I@y z31g7Aj)4wh6po{!L&XIj(5RuTw<@LI)2Kv@U26By=gY;Lg^3sVW(jj|toDb|s|l<4 zkV_VS>v5tT?zDYf?5(Gq;L z_Y^lY(KVrG#o~L%qLdSKWtL zeUC&t7pM?3eO3ASBUiZ@J-3=+6;-i1b20gNaxaE(DX+-ZdvXLGQQn;1*P*Y2gJF}# zICEf**_XDz?^({;rXoEs5O^MOTi_B1P{A7cS87CNHqR5sK7b7_65)vHO<)i1cPea_ksG*z?t_)8anJb-7pbwz<%{`K*9r^m z-mgkc*R2>=8$R}#J1YOSc1_o>X-l0p$3>uaZ}fUvP&4h_Fa}XH+)J9-@UrgMH#4yX zx`Zf(+oo!cZ9Cx~jS3F>??Zv2;J4;0sYW^Vz0Qs|+Sax5P-f=Yw>!@i<&i+`4>@P7 zSkXK#JfEq5b6nqza=#6JDy$=%|MpV;;rjl6doF_-T6SyV{|uNSM}S2e!~97mMaLxD zJH>S@)-5wClt~p>R*dYec&;Wm{DnWSJ*OgVtgU-emB*p=r(e6SwY`q^^zj`3hG~yQ z)4ybrDCD9fM1UL(p?>%Xk)AuvK_hhuJ;~gK$xGa{dzkGorg%zYjPyCDOdF*e$ywjM zp0~{Z7NRONecPKm`GX|D(#W*;B@)_m9Hu>qkwznctuUS%#~)9iNTUe&6Q=1T22dqP z?su5d9B=&Ig(p*uK|bRsC6WB;?%YdFcY0E#Q>Bn`fObmF<=M@2`B8!8QoM4#19b)j@kvtgQ#E=do86|->Z-KVWfWFWY&0!f)kwnq~mcwpR zt9e^vQl6`hH``Et`jLYXkq-Tk#&GI8Z@JZWAv#IXTOLx z%Z4`asFER_Ns&xJ5jacD59)LXRIAr7R|ihFIb7L9TlDNZ%OKn?1f7%e0pu?9WzjV@ zwRPj`=jU%NR__BAT=|f&Gz;531|sNBopWrfafdNI`s3>P3xzVgf&}X!xz?Jgm-Llb z0RJ%CQ?`!_j(*wk7Jt4?EY76dIeBJqOr4L?DH3>v5FXQNd=dD1zdj&lcbSY(@;EYo z-pJO#BK&$C(mpW+Y75Ji(pu&vwJ5eAsNm%|nzcBdlX>QH5Q_FzC(fUmb;&XTemHm5 zvTc$N5VXsfwpi|3m(jt9=^(dp=gpQD6qS6Cc`0`>XSSx^hb2NdqfQ-sa0>i=xwYCJ zyr7wj{0kElR!{-Mm!B$|SvM;XI?r$XYc=(=M{r~X-#oR3C7ldNbX0CG3!DkA z6ngQCco(YcVFgTX6wH`~$Ey5E2&0Y?_V1TrZ$VHJ3IuMvn(+dGvC2NMrE4K+7+#B1 z(yX8mL*tugiAEZJ!I2SD4g;Y<6uN;~<}A3VpeV04F)w3p8i@0h{RaQ4EkzGTv$Z>F z;mnqqwf`Pkf5PV?=DiT!N4nf|groXi4F;CLWBz@EjE=k(#)HIrC*#0DHV!e8#tJxE=q)tPv*;tNK%}!r)(jR4z&Hh`a_Nu8*q%-4tg&(H`T?RMrW;zV9%7P4<5`dy5Lhy4hcr0D zLuL!t&+zI*?K9<`9#V0TUNLdyTA1xSA_g{HqL1*fBnc{2zO&`7g7yl*+NU)VDq+#e zHc*OHKu(ZlY9bbZf_fl_Pfx-6@hN@3bz#h39K`d{gRty|%C0ZSKO;kNXwLB_*&?hM8vhzh4uW1R0X5Ltksm3JnJLLOrCfOF5`Q&s*KaLv1IVt>J?twAKsUKkmn#-&6FrU@R0Q~K- zly4uwHl!jC-Neq&e@mk1Ew7&HqXZwC!QHQ^I2nmo$HMUm(nW(voG7I7+|xm8|!4x2A!Tfx5cqVzJFvzkKZ zOUe;hm{oo~CdNG79$NTf$Z~iYHl0}{7=ImpzV106lF^VLrEP{*w6-&$nsVNVW$KmTU) z=Memy|G@_IKM?80CZ-0?*8eaAIm>Xv^%KBsdPBt!h;Z^3%G%h?bP5iNmlDWZhiv`g z$XmTjHhcHRv6Nj|5(!ebmmpQ^HOsM!hSbMtaV&s8M#ar%>fz=(+Vm*i(L}kAS%uaQ zE%sY`yAv{tFffPGIo=Xb!P`E{<3tJmmF6uK9Q6Su!=YJ~B-uEhrnbndUl|PhuXWSn zSS+#Qk73Ed|C@3DZ;n2wH2z~;gpOls)x$kW1(KbR1!R7O0Vq(f@H)KdsS6?0q*|CNyZS6_N1Ww42X|WhERkY$DYZ;MhDhuZG||31@}OxPy?Vn zrjT-ss$m1GI2oHVY$xBDn%$myVEh}riiR9}0o#-3sb*5JuNX!u3PT%{bf)rG_aRp3c zb6H@Zjl~O>QnM`cchl7?E;J$#nsJ1t{2zv;J*yuIS7{M>Ckf?FT)ZIcbMd)@xqhws zGOvuiG-s%wZYCttwcM5f+B}vFpg+l2hUW2s3prlsh2fLnHSnK*o-W{Kbn30u?LMwz z<$j-ytQu!_{M}COwELcFe977L{qjpW@KSw@Xu`J2l4X*C`0Hx zrv@ACbs!j#&2VCjRZ0iqbrRUm4(Q31Su-UHrwVm40Qr1|D_v~5;1GBJJFvP%gA*<7 zSO{y+m_R8N(5hjE7KLa|wU^pejTsRT;glW*uB^eMWHDvgq?K>d^m4}w zM2j@|LZY%kMg$@0K@0)Ydnv#mg^|ZDPXs}2^r-;Q(DnJ|0j*~5fCn!}v=(w(^Aa}w z`E+zSc-a1o{|j#aXdaO+e3E*{5N@N0GlU}E9mMhtp?7t4KWENQivo4E_QGd#NPE7}DL?UN8f7vO40^I#$$Tni9?eT#LOb z+>YZ-EwWDO9*1?K@Jfpp#^3T32@PfBxJeXrJUi$kZHpZOW^oO?S?q5lB;ZvbAS@!O+r>-!Kte$(-{+MzY^WWe;I~%7u~K`ZLGk zQ_BfrwLUsts);M)zkt4;8FpYTCl%akgvw7vGS#wvUpaY*Eh_zph1u&#Hq>DjhaFV^ z8K8_z0h-`Kj~yGF<1d1dJ`IwMD+Cfu!_>#DMw$;TWsUCGnhTUNL6!|BNdWP3oCgYm zHtOg-y{W|M;w~HD_QCH}sy^oF#CHyT*B6YI81t2m)GGgMHlDIJwC5(yEc+oE#CzP* zorjfm&Gi$;|4`IWt9~6Nfr1%MY{0Heiq@oM38;MkOe1~3yRg&1lh+Eg1Ex2)hA=A* z0IuOZJAyoo_N;|_efp3Z_?*A(@O|G($(L~gIUE#y*7j29pv_=)fof)Igk%Q7$jzFo zMCB?T7B#0LPiKaz&1>?hn2ZMtHyq&i{d>CB?8I4QWzUPBJaoW;1%oz6bGaZx8)%AV z;VUUjZGZEWw^T2_kXTe;$x{|R?i;Z`RDzrg_q1>0pM^+4wsz z_1^n$jzs(@Ue~0MAHHW}D7C;6K!s0dy?=-9s&@xZ+)J!?lb;NcFFU1Kj zJ_RVgvuzxs$`9KaT%F!$v$W~6EjcjTedP+oU}YmX#7m2;k{`>QVF5*;o(9dWl=G(K zakxQK92Ok&rw0mhh6!bxa&ZEL8xvh-H_XnWDcEJZmfF$^!YdUw3mhB8}I{no%<x zRIFUrL=ir#^cWGN0JTm4fq-4+1S1k!EcTWxJT;Ts{;2ae#oqi1z&-nVx}w2Y8lL66 zfO9l66{~j@Rnn#5KP*j@78ge!50HAPIAm957+$3c+G2L0jld}Z*uX6YQF_RdYP|ph zJo^Zk4!9qe!>^9#l(NNuXE3iR5ESnEEr_5CNS`u3H3RtBA{q?d2f8S6gA@7F&UL#) z+qX&6cZA*0Y_%1QU)T+^L%MYzwcfpTl^Q5h^0~tkK7gtITuS_kc zS$|7gJV-iLW(5lssb^gSN2RM->*$5_}F z!Np-UgkJm^;+Om~Z=|`Q-Ul6OQWl9W7D*PRu?XNo*Ou}uhq7oGXk0W(-w2D0X!Q?+ zB^9A_kAn=198Ek3LblMlzyam}Kw3eVOm>Vwz$Hg!%bJ`&&#;a|AJ?KQc&lssw$yt5 zrQLD<*SY%pXt;NE-Sv9f_wD9>SPs4W!{ha}dHeh2o_^gUeo8TXX}4-Xu1>R#gmroU z3;FYTFLch8{`(h4g>rSYW%bhG)eJW8hv!}nSao-E=h4MfM@e6*QD z7h>KD%hjsw2*qVHdGaili$&ugQ@&W4#bfsG3{Aom)>1&xr$MZv_D$BFKpUPkd$Nf_ z7NM5JUzziu$eMeRysfx{GO$g!ZJL!{)@<{Ia@Fnz>EP9jeme-VdJC5F<*RI@3}wsq z7(B#i5b8j|AQ;jQ-B%2EXFCG@zj=nk8yCD-9`&Cao`~FrW9CNsty#Pou_O0cJ65bb zXs=hQV5X2pucXJU?j{ihoH$3>LqTSh_B8ZT9qG+0sYm?zQlSkz8JXx^vXMTd6HE7MkJJ$>xUMo$R7cSAOX z1RXJ$b6E*m2X$ud=>_z8rr;eHLUSlmjJp#?#SCbk8Er&>!X@>Yky5hxg zmn)C7QYqOz6L|)R9T`NiB_Jc88zY!HXqCH6oR) zgbGb{!UL|Bs~{5|V9`YT1@s)TD4m?}+1ZO0b*1NFuuI*Up;TOPs2rQQ>+9R>W&bR{ z^U-c*q{+BV^xo0Qe;&#vdh|413!>614VTw{xrqLaz@tjVn8jl>lyO3ob8>3WoOJV_ z#lf^$FoGx6#qDg-KAe*kqdkBp06&{&trrY_O>`5+Pj(_Udlr%SE$gU=KnlfKPb)@_ zqr`W1BO`ma+xrHjXCE>B&7q-1Btwu&P}^Ws-I(|WJaMg`0LXT#-wOcE1?C*yroPx9 zujVV&cd_7@i~J?D;R~MA5eR;Ki}83)Zu-aaq)k$|w$EtcaHqP?eqQp^Lmc^WN6>$(v3SUV0o!fHCz#k_EK}$ z!exH893&KUJ@f62`Ah=;?aVnfs>_-z*2DLB#XD~(k1Z@dr#=Ge3R#6dC}{x?_i@Ki zjsq+$B7TrxEe%L^nPy*^&A~Z#$gQP`kez(xq9e9jBVQ;_tG86P-8NEQry>q(#vE}{ z`QAL)=WDHsQJOH}tt{O$`dT_u|F_#8jr&+n*%5Cq@)s~dJ$2yP&^IUcx!gg4@qYPT zpsE&{-^5gd-{6&c1S&%q6(Y5X#d7BK+`Q{kw=`1N>?;RuJQq1LEHkzn)gp+qWi*Ud zTww*qXO6nwlUey&ACa}iCyGmt*dO5ZGi(2rt9;ffiqHOFE1Z7NQvZ36)Y#d^{wG*Y z{xp5}n~;2-tMwb<A-}Uu96CLmB$7!4L zuwy>}D!PZ!n5K3w1Yl-s7Hb@=WK9yAS* z(wEA^H3f%Dh==X-as%jE*8|FFq^K)NV4|oV456WvNE;S3&eBd!zAH42_=Q1$e`sop z7gg+a1#~G>a*dGE{tJDf*#NC0a6)F+E450aaKlAM1wWA-Sp+ip^seXQ zBKZLXmOAl|7d2^KSkq7`GPZ?3X+_w=o0o{HBCWXM%#gZbH4sFG$jju+kpO`_!i*oE zqP$Z_pei!-NES$W=<=afoSIduZE&)LO+G-^6WQl))+~G)J+g&oi7TG5K>5pIqxia*zjWf0KVKsht|W!hE^&)m0A34fD~wM zcH|NrMQ^pojmQVD&^3`x;b1!x)POf2;X9PxL&P2&4etf9cG$Jpq`%Fhm55QLs_wrr_|4jJ5Yf%54vt`aav0 zfNKroB3N!fY7c8Dl%3tcLM!ZfNE5tm`u|4abSEYa0n-(V{#iB!i92s;nql)8KY&q~ z@;Bbd#4*d%B;5@#48stoX#)wIJ|)gwg)u2G_fT3jSaxo=1Lh9lYc;rPs6)P2$RJNh z>Yz=}g34Zvd^*;bG>&|>`(xdNIXNxBx*mD_xREMem80MsYjS_VJ%z2I#(=DpA+0+M zVbiy{dsajO>+7B|rZcm#OZ!K~HDVxFIy_cY@dixpZn<;Ku|YNHQD8%+=m07@py=s* z*IW}NZcPTe&q-uIxisKDA-keASo{@F6ERT z)P9Jf$T)<84HW4xH@!Dlp?+{S>nz#l+!N@g7ksb1_4J$8itDBZnzO2tr4*9Cx)OjO zbQCLmAv5XZi|B}l{$f0gViojdae{EA^CefQ52D41k|)snruGZa9Rp$@qmUFJ>M-~2 z%xHktf_ET6Ca!7)jEvlmHL8&WIi$YAkrNT1je{ys;LJ&8flC;u#5lA+(FR6odpp8Ww)ee2^yY zNnvrSI`pVoNlxa$L8>>6AJa%5vK9=m*)^G+O$v>Fb+{|s%lRO*fV#@Y3{}~F7lf|h z``a;7KFn6LA&`+O?+;$+^nfSwT^M34g?1ZpLlY()Mxa(8lO#ZA9+ceP!VgW;x*w0}3(=nVUzU`Gh} zFF|C(hMaZ;b#NqI07RZ*gJe$_g-4fifd2&T_#|Cxt4w6ty0irygm_>q?IE=UlNSVNJn>A4sD8q?NVpNR-3Dv>05Wgg-poRk@?v+c#7 z0dZKvkYb&7h>H4AdjFPbHXuji-bzY%2T-3K-w9P3)l|w6W^3ibAN|4j+l37 z@gGI?vZAmF-b)YKzxZ!_y2u%xNFca{EHD>D?Z zRd*d}bCXDQa^vxqa_jQ_h31ytby2@KEbuJ?lE+u=MK)&!) z|Eu%fc95AQHK)*Hxfm;AbhJzB6D}Mn9VzGvLtMAP1;k$n6qH?4b20Ajco?0{-Rl+R zyRWc71N4PE17_ zFRqMdC;{=Mxsy{?FZ6TSwRZfQO7Bl|2YN!@Y2%tJ-BKKZ`)R%KsgCFQ`Q$}>m>99g zrvHn&343Vc;$?zY(uvpawQs1}-C(@SyE2~^PNC9<-V6%Qq^QI9GvKob=)DZVaF6v5 zE=K^z^3ZhWV+HK|uf~fWCQZVHM7;L6Ef%UTyh_oWdCmG{c%dVlgnCoh?Fo~mbQ83k zoTO&c*RkVjDKgTK1czlBDP7!_7&SKv-$u=|3Yew6gy#_h6R8hgjf%~s>%`$UZD(yN ztNY2?(F#;incLg+usaMtLV<+;xo=}{Vq)xU{||m= zQO(Bgj1A=<&FdC?B#d#WhBI8n!p309^-#~^&8vPgl5q*yo)mrJ^}kLk-|x}k39CY#>VXVd(HToIZ6~Gy*uZN} zNPpxbp*}q?wwYj)$eJj<78MVm7F*;25l1l={04ToxC{mTEU7@^wC&Ve7pi?D!AX(~ z1t#~wz(_8fxEM){M_CrJ{W#XmyV*|>yij)7L~4~0W?8iWorU^X5$9s%6#e>VsJs61 zQ2stix0)R6lVd{Ul%{^pT`>h7yJl{j0iL_A#jRc}|{i0Sh`3uhvPn!IaZT6>L@m_E+v_r19XKAxln!#6w}f zap{QIm-QB>F%Wxjg3H?D5I)LJw2-k?_aZjYjFYwqGm`X%wQ%Sex(TiK&QT;B)XOCa zxmBUm+0!sBdY`%bbK*q6*LiT{U?F9PM@>hT!M0-HSMJButx;_LjrBRwKhYyisR8PU z=xED9AT->E9R;D0X*Yqi(vTN>*Gw~+i^xD%8KBqY^_6(<*Upbk?08u6EBE9MG@-rgk1K$wv(i>&XY(U^vmY!l?&Il&K~#BvlrVotk}xdl&dS>9#7Z&xGitF!ZDDE zZPjsm%*xg-cbjn5InMDL45Q6=-a5B#cczR`|Yy#U~> zR9a!}4Gg3|gMfpg&7x$D{w}0g3qc%j3RNbTuMhmW0*DuMIzxbH>>0dt>jYk?0BYeY zVvt1tGEL>--^T4yxck245izwVOO(Gr$yM{&mEa<$I`MVR7|cZd)yM%suPYXAy}v?_ zU^0u?3AYHoaYwfqd9c8uj!s)S6WHn1k5osc?>@ztT^vZEm@YF*P)a_QV zeot@bKO|bojJ%$>SHH#2i;`!lX0m>#)r)>BnPruf%M^dU4`=J2AC;=L3}<^VA7}V{ zk4nmlyI=7>2WZdudf2+Ut=d%VC^YlD->i@M_%h@E-a;bM6l};tR8vT1T0{yeEcMC_ z2v2^)8Ylb&!()P70M(KLIbU5dc2nbLqdYoxDg=9aF9;f**$$JQZta8!tJ|o z{ydz2J=DLy;VZP2)3jTrSzZBTRvqW$R^;XKbRF86Nh=29)4SBAt4CfYs;cpQsZ!q? z>3wne5oFK}ZCg3roT269)ygd*UAvUTKD|dF(NTsI(iM6dnIgx86IILh^=~tTd()dTQUfj2tbN{2I*PwHT(B}2$d}<5w3}|M>H5f>Zlt7Wb3>k94i|a zsE%XaF7Nlfw;xtAXRR#C%!D443uD7>V17+IKIZ$WB}?8BSi=grL67Dv+B1{PSBcrj zEsoaSjz=P{#>&LmfrA+J;>xao*yBY$AGMDy#XJlNo`3`Wjav!flZ=s1B0X2pNwP0B zHTDZ?K#kwC!!pV8qID^q_hHMfA;4)DiE9j4C#W>l?UBMsMYAD}r4=`>8E#)EzU7#^ z5H-`JGR8X8Nk;p#F=SB`@CmP?Ta}97?ba#G9MSf*9l38(>ho{Y(P%eaW2B!}a4hzJ zn^rm7TKuyT^z&;wHO?I~I1s+Cx&?)bfwPgoyOD;OTd|vupFC2;ie-*}kzk5~t*Qnf z3J?)KzW8>d!eiI;%ASY7`^{d-y~n$#6*0%W0^OSF=HHeNS{vT3t(Y;Rv?xRLfl3Zl z?R)|s6(l1$x^W#uGou?sA26G0d)uj7AMKI?5ojvui3J4pp-kh=&Wej&=NKeUr!=M? z>QCicbO95J=M^d~y|aR($P9@~8Y7{HlyX~GW^(KsE9=ez+|F8%$nNLZrJ(n}BqZNu zmic4gKP_`ruWk8U6*+<<*5nBSt?R znga&y96ms*NQ@?^m2oU9n<$=&1e#{h^=m?{UvVA`BkaZS1wmh|9olK9beS!qNQGsx z+!9k`8_pDOnSab-UX05u%pLU>ns(;P8?A-9M4dE0TKVvZjA1R`^r445LX*tlcu}|u z&bArCTPN|YN%`XHTtjmR9Nx>&&{o0Y4UxNsTbT-}BqCzVU;H|6nF%*qcm9Ddf6!Sq z%2_Y+WB_K*W?q^-CJM@%9VXv`T`NSB(SWTf0ienAGTLi}R;W}valHez)tGdsO{%Vp zpNmT6a2SeYqbRb!X0lO*VniH3py@QO?sEj2K)UrlKn+&6v9Vm1gM1_v(QCKxkd^teI@6^zVt7P#w$fzB z^Ro(lz>a4pEk5l^;^N40VlPAI?Slx$O{~z_TyAW2j8N|sAUt-#0~b!yB|FhW^xhQc zVV~%Y!odU+OA2w?_hrHaX8A2>zg#GA_>$GRo}#0AxFdODP(TP&hV2AqNY}5{bm!SDn4s{7y6*>hAM~y@>s+idz3^Rg_oH zMRO)w3_pZJc%`J+sN2mbLsa{^QGjD350SyeU5@{CZ8a0Zf zc_F#An|h~b6NxmvK(_8$Ay3b{@M~H$AYMg>!cUeuZF_YtUY)S)Q{{$V2ql0pIE-X* z-g#&LyVwQE*ic1))==#x*rKUtysF9BL~ump9*rYZkvTEpDB>{6N}HD3!FJ~*Np>$W zL}Hwfn0^R5j#&=HT*~TZM7dyln5q0$+>%b}tS{QUNxA}BPSk{R79S^f^ZAsE*j7M+5VENTGWLylu`LA+* zlSE4}uc5;of*&x1o-42OVO)|BhyWv_WH`IT3#t+v#dv*DcV3_G$@|1I^P$$9fX!99 zZpiEgw73-?#U*dA(}KqoXk7i1oo^~7jfIXL6pG6eFiO+&&$;7wqLFjPX2vOM-G_Ht zxNK^F)vaGxQK&zwAy3otV(Se!c=6GcZ8yWX8Hs3v=P|nW>ju1a=@5BU6Gll@7B@&a{bj(LIrDOQo;>^ zlvAoPnx@%HSm*ORftZ2HtIw#0pr*vqaX2I zY}wJx!``juebIZ6Z~Zqm_u7dipY)s0g0ka6NzpH}|8QaFE>Tvmi!~m&yC8ji?^T+c z+H73<>EDV3xH&M9#-AXq|FdCA_8*IcpT&P0Jx4nSCp{|@_kW^_veZA@|6R{&!n?7m zWl#Ehtl_|dI2d9rGD?Ter%SXtlJP*mm)%C-Y%9P=oRTlQxfOu zx`}HXE}`#IHB1m&xM-E}M&-pYG{o4(C?!%BJr?y46InDNNRDX);;8E9N;>(^XfbvN zG};BxYk>W%v6%T83C-B?H0(>ks%00Spqf2XtA7AyO(#>sQ7#eJ7z>a$B7RpT@@pU2 zVPumCFo2ncwPOTU;}2g{gxad@vYx=nX)#*i4OO5j$W{b&80Lnee9-hB&k-}~%@L@w zR!CsEI_vpErI0raK!aal-X(g5Y?ux54p-nXGLnf$LLwXWjieIjNXo}RxPN(N@jZWx zb{=eJ{BaA0996m&&uydp>Dl>rt}bhg0l?Q2|4}f1^@LxJ#&TV((|y-lD#|^9_mja}dvU_F0nK^fLj@9oohOOG`JE~=}tb&`?|$`>zJ&pEU09c)8qzgifO7H#(1oK8Zwmi z+4eJqhxP^iSCo?fd7}{C&t%H@r(6Dmlm7q0tp10lQk3fdRsXWbg&I#ScILI_ugz>i zqo{EnoYO*tD5EXb#2rOAWczx~|3KxI2*m=lj>{A85>uqi-1I{bxwI+{0_ZHQxF^7$ zNp4ij(-P}!VO#SI-p9hm`9&+LkeGyoXnS$EL>;)6&b`)A(Wqw4aF|cg8s?X+jk;sm zFP|g=C2OGbri+^0i`*&oh+c`w%8iJ=Rkd7*q)wT%j9N#nktaD+xmjA{*H7`{f6dO> z;`n&s6)^n(9?1cM-_4T8c7CYO4!zSpz>5;l5M>&{4;X_~_#BP6MLD3N#M;MgQInX> zkG6)wmaQIie9+WtL(mK*bI}{?i4ounjy^itqLHKoPK&_!>y#>}&evT2USM<&5iS~y zrLRcpNhcEljF33(m`j*K3Nc?!+!GtM;`Z_lPBAHkXSY4qj$nN8HnuMO74N!Yt0#>_<0j{+*UbGRn@*MF?p_shX6T;qr=C~a` z*|$MGuHpgt>5PZ-eG;8YGw0C<@@K>7Vsg8@T-GT~PM7jnmneu!TBbEuH4+wxE)c{VF&Nz(vl`Qt}=Nyqx8-98)J6(}W& zoDh#fl$N20DDUfb%F|{3J@SKE8-Nr~NFa;d7zb#lJJwAK$o+kI0z0BM7+8&vw zt!>OXe7vHc`S~br&8>~p*-jRZ9Ljl_m!7-Y+eJiAsSRow1c5l%J#27mO>5 z2D$)yea16cjj(2S2!*3f$sZVYb-fNxtg>8o%cYelasIMqpu$!Yuxfl3$9sUgi8{_f zH9&c!56kZ*cR)iC2y2h(e|Nts)5OK#vGqD@W|bVtqhOCHG16g=vZB}`7gt5Rp{NOp zXkViv@rH0WG!wt-SPjWg0V0jz z2+V6-Bx3m*9Btbge2k$DE~2T75)L!IpUBpsLIdHdfZDqwO6tH+eTs8m(MAfL{P_eI?RFL$oj52i}lBwSh@7X*gz&-9B~_iusn2G^5r-J2DyM1 z{a+T@-y@mKJ6J8w$&)ox&kiKB>K?ihoLQ=(-^yvdMu*$;G}7O+lUH@*WI)4{%*e`B z=CA=pvbpqn*S5QrXyk^dsqH}1zIp9nfg8wcwS1t1dxwv`W#Ad%$e`TH6h}o;&&vZm zlDF9fnfA5~BIhJDe`%j0m*;1)o!l=V4##va#72+(tEr%G*FC8)shthi z;(ljWW>8X%twNa+Nem5XpY4#+WxL)@Z)Q3<{RVWoK3l8>&Uz^=V)@XR+9dd1?A3qT z#Bb;Z>gQ#yfiG{@EkQqTE>nG=02E5)016%lj_n7jaY6CJDS}r4a1hVa`_~ILCSm3Y z_~W<+a(I;*v({M>%zr2syyP zzs^g8$$zT%7hxur=>E=)_KcJ+8XoN))87ek75#Dil-KwTCgG6Z4qh%EA<;7v{PwGJ zYyB$&Ok|XUOhkwkBwVTbX+z<61CYJ(MMeSDpO71jbPWA_N;gKwn^y_FKMK;;8wA+qfi^v`Z6VF4`*jEv+V(QFTTTz$j~0ns#TNP0 z^^tTIG&3q>bn<=<>0*g#^Jx+o#Ozk=Iy0GQeVNrP2B3o-^l%&Vm^9CW0iIo!QpC~8 zVYwIzi3Bq1w@y|XY_uY&ShcLX*Ot^0&?{HZ;MlMsPVdYf%nMd8rZH^WWR^I~* za-^zV73Ta)6%)3qt+;D^Ty)Dz9osV7oq z!hcnzNtW1?_My=Y?T2dN`IjQ%ME8EKD^u36a;^hy*(U&9;vUGg6$hck%6aolJyRK+VD1l|PtTl3<=&EgOhCj7 zE44An8&6P}(25db9!MB5qgmzoaj65_Axzl&`Q7Wd3?SD0(Fi#X@PNTbYokuazA;tY9$1Z2^sVaYeVq6DbE6% zADpCSvaG5OV{*G`c1e!>#qf@9Vu5}kjeixXwTWl!t|*3DR%=q>VxN?(sLq(~6}=N9 zR}HFcRKC=>Hid=izLg2<{dW>QxF6>l*cZ+0QF*i5qVuX!!ESHV`3rh2_O8y>T}dZh z=q8kTFr*6H(7DD0d&4ucZyo=M0d*KlC{n^$30IGMWNZ~2*01b3r@#VCZxTqDC#g} zMb&S5d(z-y$w|s69kV+tIs$2x!LSRnU6rqt?B|kiqFCTa&sqlcLAI*Q)whATgdQ>7 z-}K0LW?TuY*2UKZhO;$BQMUJ4&hm;1z*07yViGM+5;uA}FK$~$(@yePHFUoIdzToM z9(?EbTY8qU4ew%;v{ZUqp<#+x&O0e_TK9DhE0%op%=Q_862afOdw4MUVs_r&s~4)x zSOJqO#!(i#d!eCmjMv;ggkGYB8nK%dzG~LoPq!~|P#ehoCKp93N~UcGY>wzPc`frH zv}>^evL*gv_LM*scsmy{wkqtf@QNJtmQ@KdW- z19xlI{9aUxs|{BWBlu+5rCY8f<|0ih{MsW%L@)c2FD`jK@RquE<=3_t^@d&z)O9Gy zbhJ6vgxeAx=13nORl92xzMQ_t>>FIWT0pJq7wG?HN!*D))xKxuj#6+jcH=fnnbgbPA_Q!_!Q9Q?;zE~}8 zCyCktG7QfMTgXoD>^Lm3(7%>%KcCbZ>B}^7!CrI+zozte^`PdtI-#wS@lPOKcfTij zrFvGV1WOz;d~(Cfe6++U{vys)Ze-i8%Ya3fnExXCnkpdMD)Jnx5`&NKMuLhom)YBrP9X7_5d7Hs_Jm%JcV;iXi5^igbY~ZGWwlaj)Sa3j z+E!k^3P;E*qMd5{cln*&?Cc0C(PXuXd1b7xASdL(uvl@x1aOn==e!@-L zIF6=Cu;4Bty+j%*uRzW>Bn#Oi>CXQ*~ zBgSBkkPZKH`^?H8-;X4nUFa0z4XdcKq3q|P=%OcH*!96e%ptTM^=LxCqO|gcUnWlw zTR;eCMf%P2HX|7;s^mioNHNpZdm#t+$55JC%&;)+9o6_3qI0ZMKe;TYW$$Q|K{aK7 z5t9^`6W=RyI`S$YG4*G}-Sj8yPnqts6HppC?ouEyNm8povZUONM<-$MlE|~uoWbZE zO9)A~l`#57?CX183;~W1@UGm9^c(E)GMy618$^M+LWcek2HGacDUXz;nTD>|q>uTf z0I>-<)E!oz;!l!LjbPUZmrp3H-RUwz(CO%0kxQG{I4I~aa6Xf&BlgaO^suK}Vb}WH zwOv@@nD@>9;-5F;@ZNg1>YW9SgOoKUTsQQx&)R9NMt}Iz+k-Ya9*u;Eh&iYJ`im zhJ>x%5Oxe+5gbTB&D=cw8Ezcg?pFsx_bTFfA9!eN# z)xl?W#o@m~>nzhX&SS~;bjOExQo#l+DpQJ*jzI*;N$Qq35){L&A$Rao!N{F(k0-64 z!LnyxE;wv_r5D!#M|$JDnI4i{>=H*$j-;&sX&5HMmn0{AI4RsVQ{I^}m7?SL4PatC z5$v5f)I234%qV5@G$ro6IJ6!1s$*CDZj_(Lyu4!`Pu(m7Hzt1h5zxWQ_Xjg7Q7PZ| zci=1FIzkv_N3!=tRVnTv_B9?~)Uz%QqL=J7B&ut(&A{j7kyVcB0&60h7O!(%_QgM> zg-a8bOL&!&Wz|!>@?uYPU>WP9&!(mCfU&xe8qOl9DHvaI>h7b3Z%V#(*p7jYU#Z z^y*~Xt3IXsiO-s>(@ZQ@+4&ztYbAxxW-LJbn{i*+Wp$`hrTTc@&t zZnKA&C|_u!Yr#FIB(PuGI*wu4*4spmrQ)sPG^I&(k*TA@L!}o9oKUI1lKZBqd|6Y% zCA!s)FV>>{`ZeqDxV1O~Jd}yRksIOd!AI}b_VMdwSjTEf(j017?d_<7uq8>~hU^1tj}r5GMj%N&G+S0dS@);l5m7=wZn`J_rBOX>lh+zd8e9Op;?LZY?jU=X ziqhq5Q40H3(y*)Z6b;s^-mkFMlWk`c#W*4rUk)u^b9YQ2=iHVWHyAI8gM6Of#rOvO zn`S^0c6tV0@JBsoS5yOCo=@}^bD3AdWmAR3CSnD-Hz?3FI& zOw;%;x3C4JW>m7%-m{2#LeFDjmbe2KdMHG75{8g+p}wO~w2dgZie`|WNf_JUi-7B> z;ocEfiH%T4cB~OfuJZT{DV)z67#FkS6ILK%4lEyD_nN3T;`7>Sat)kKlpR!pM?59# zn6F!XC*gkJ(@GF69nG53+YU*uG180!*8q9-MFid6H*MzSTvNBBkaah}y$d2+&f#M# zE!jOP>vMl2zBq2)y&~vY+Kp`H`PR=1eY<)MCNg_+e%bBU#a_#OTxiFKUctLuQ!ggA zG(A7wzA?W-RXG<&m9v^t8Jdr~(L(;f%a|1Oz2vQ$Vg3t(!fNIArq$M1oUf!qH_M+z zJ<=+Ux)qM`1(0hQA*o$0*$_oMk~-?^_VYed-5J$jjmoF=tr!$NzoOPHq# zZz6@imWXDnc-v{AShBmvBoTJ+DaEZCJ zN;-lqZ9ebIrVUfoP0ub0Ao2F1!mrZZiRzOro1DHVEH3shjy1C~l-gvxw)h$oa2mk1 z?mw1&(*13?YFvVVqfyslZ*cSeb{DKLYP;~8IB%L5Q?dvCa@RS>~a%-=p zV-h8x0#Et7scV9jD>PDdV&AyE1Ibg6)U@L)H=PGC#W4-sNq$Rp{O>!sIzUWJ25tx- zJ1~ME%|JWYKUA*7JkGXkFFzp7AVuH9RHj5N$3VkC-7_>qqc+UUHNiHSoCF>#;@ zuD;z3W^-IK4N=Cc&#$DOy@4=!J*!?8U0g&Ft+rQ;Kd!%2PS+Dhf>e$3GP2Tb==sGw zQ-c|m!}j_u5vSTV@NzhnagW5HGEtrQaNDt?wI?SJl;_U~(5O_Ukc}UvolhLm(&8e! z|5jZ^%aC}l<#8*dW5#QSwuyhAQ_1PLPy-Qk=-6>0ZnK>8y0}yl-}VFDEPJmb#-Xk} zVaHoI<(Oe2-YnCxEhV1k^(hV%s)-8uV@n8|76ts_)k-+fEnPPo2nd4hPBa7wDlk2@ zXjoYlYDE~3m-37DdC4J`5_D9$mNb%EJOkUaTlE9@>_K+kU`Ts$9IJyoIVYUz&`Aw5 zV9z!X4-n~Z!y*bOK5~VPXeUqxl6#G=^T+V0(`HDw)z`V$d%iu}0)x2a5?71O=W?Xj zm4(}AxQh%+ZQ4o2>{^WYL}Y!uY91Odp_M}DCdj+EI+ei?uDWw-o+THdX0gpT%oT8o zu)L&mTT*+4vRPXvu-A;Y@HxS*Y}E1%69Unx$*LO($0&6b+SbL^Ky=Y%yS}#R^x(|} zOoM>P_P|zr`PkO0(`qjlP67J#t~K`r{d`oBRg1UB=WRRI>y11lln!Q%H)y0G098+` z{mnQw`+_}wC!*=dW;Z$4{|y$ zJd?i1u;4u&q{ijOv>*PUID&NIl z63k%Uv{r8ueCUh`GT-Je$rj5)fFdm7D&}a$6P(?Jr{Kz{=-B6_o5O!fZ8;iNVxl?P z(TxN1T>zO1FRN6@sttQ0Z*o%X#XP!(m?Ib=ruoLos=Ieo4d>5DvE$RGYFSoOe5w7U zsMM~+0wwRL(~}{>#i0+;!0i`9x6Vlp%T8#?Z8D8$VrK|ypMOmw{tU?fGSA22wB>-? z4`Glx=|OuJPUuzdZ$ly7=d9pf7$>ZnNv>R`@`IE-r^i+~)}cGWYmQ2E;{L?@0G)q_ zgWbuRJK-sY<8JFQSY<&;1>C74uGUaSj++6sz0vW4gFXPt?l6IQ??8(1X?s&e34A87 zym;Sw&~hg3;5@D#fCoNaUzEgBTYB%|`1DEZ6qZs(8!_U(@yC|(vzi6F&gua--Ph!D z_l-3vP2cyR^gsJ|9tD+ET$79_3^`E8msYlfVjF)#KGgSMtZ0OMt8#guN)}tXCLGjz zP71yBev~`5GK)QTYVvz6gNRqIoflB*e{NeQe(MV-9pIe)TWT?r|H(C`eIHPio|PT3 zrdSx7AioTP%OAsEanQcz-TQbU38mxhCt6_XYTTp*)K?A)rDsaM^>M2*Af79B}_# zWd462>5jIq^{q^uO|5<=R_O-&8M-A0Xa|RY+84iP#LwJt<;;Prm*0WuTGIdLQL7{- zBCjOs5ie1`s(~7CK``>;iN*SW5oQ^&Nuwf$|X8t3#0wpMBMdD&U?5+25dsBc3r`F_We3rvbdZXac(yJS`uyk^<&UakV zjT_iS=d%`p3fwSvS6!D#Lqv7t!J9U>C{9B(Q2T^g7f2yTFjo3l`?u3(`?tnV1Pdr~ z!vvw-ISRVWk0?k?Upr|9>7ZIyzDOXGU=db!Y234&Kt^rJ{c3NFUa>!SJmMfVa+?Hx zgNp1{B4{`SK^x$Jos%a?WN>Vg=~s`1Z8J~84%4(k3ATe32M((;(jV;h0=|zLb@JsZ zeg4pQnjQ-*yVNW>%LX)!#U zI!<%7p8y1}Li4h@RxlU8o)})@IY1xWPo-il8YYa4VJ~haneDS$AG8MXclAvZ#CP+fZnFppOZRXDE<5uBMN8;J%kLaP$oe*|EO z@Xnr08R}O^oiaXgWXsMA-}1e zeP*5)+@4jv=+uRWA!;}oht86q-?!R);I`?Co=NZmbzQvoT*zRCCu>=j69fp@b!Ec6GjP3Ns2aY1Ki!eciYD14_g7=(?{QpI8$+7Tj&Q|*^JO409_j&z)At3`F!y3%c~0TAdb0>&AW zVV~vHIJVWlh$uqea7#I0PqbX}0^~fL3+mp-G#svQ&G7+B*}r&p;uB4EK(nP<91TEf zn^qP3M@4LLnn$}N)qRaSB$F&uGOr|Isz7oxv!cvObsSAfA1t=J0vk0@<%@hX$1dE& za}n45Bgg4ZNLi2A5xw#)Ri;D(+XpZw`(^e%9~|}rDLHAmvMB~Az=!+ks0B*s@2!xhi zdnyZ+hW?tOK92TeITr8K-0>dg*?mxcVkHOEZ7Ek{aLT70ve09G{emLtelsDVz)s)N zjn3*Qt5o<8Vec1toRVt&XimxA%ms*{)mIV31P!+-X}E5?niQRP+PA%1@#muDQiz`; z%^(f9P6Xs>bFEFA-DIz*7h!eukw^B0exk zn(p$r+#tI3^=MZxd5UPgHtXaAZx#m8?-W%%_$}qhR~&Gjx+Ta2_yC4c!A;GPPRW~{ zrP4hT*3D|=`D@7d;7^8NM2MZ6#Pe;}uY>M~u%*Jtrc<~?ou<7~n#nwP;ncG}JnNeQ&y=x#X z2b=|rdi9rEg9c7n1F#6(s)oRpRD#=4Y>$<1N|S{l;8z0OBUPla$xo@^b|r+>A^6># zbF*c+5=%l#5^fW?9JJm0mH=vqQo-anQ&<9526qQlwl?6QaL+VQJEJdUapZWW2&bcl z%^0d~t#47_WArJ8usp?!keQv*6#3y6)*?+EO-&PNeU@G66f*c_XhfDO3%*cLNZp70 z2-RMC8%96>9J?*iDvi!nu$x#4ks!kP!n5}LOjrcabv8?kqV zF9_bWsT1a|2Yt^8Ie13(#dK5Cyn%oGfI{VKJiMq!%KndR8|?QzOKy(RCArjkbizm^ z%+haGk|hK#ogh>LJKJA*|BX8Hwn@*pO7YQe+WzAgFJIAbs6Z zO`5BzVh69j3TSP7T^g#UBih+mY^bZKi+OxNI~wlkrMx#n#C!#Lg@UzKpu7Fk!@$PF;KI$R&&keU^~%P{g~80miP6Cp^dG3aFvv~< zR!1ZQhxqpx?Rmlfd5S+3b!|-lEk>bMg{f0uk;QA^8$8hQ@$W6uM^NB5#GiHqpdnoQ z=Fg1-L+}BH06eL`w@e>nq2G?TwKp-fH#N~Wd1d@lPX&}y6zGEfb6{tHJLcb%pTlh{ z`WxpTmRF#RXkyBgWME6>S8mYZ;1K(b@yosP--g56pKx6kI2=sCQ~Gr^|B5Bk2U6`f zgt4vl>p$#kL4!CBCQx(+RvDfETY-Kj_^SU#_`A>$l)%GHK0yNfI$Lx=hk{n?H^M*a zfI%5ot24|1U=%|@b(^0FrN6dJA1~YA82=D%d}(X1Z{hHVw+$!`)CB$k_ssrL+%HRb zP!y;+@B@m+7bwP}A857K7_!tlunXL4ly=rw_n$x5t2gTcLu&K%M&@VDEe$ zgZ;zD4-^OL2={>V@OupRA2$oA3EBg0#{V(gzgVJyMhWVR^?)S^d<^?%MdZ)x?@yO3 zP%5Z9(*t!MXgd5q&+;rA|QQBWZvY;$bUDF4a&*#S@`%C2%lm;pS`9Mq0 zc#H-j2?>e>RW^J;5@$Vz{P{Kf)HwuYf$FS1uoiP4WBskV1_}cek$Qm16+Q<0Q&I{P z1**aDfYJhXUH$tb;O}YL|DGmjTlE8OvgR?|&msHSWDOb`XeaRli>dB0)SRzTX!Y#_baUXJ(Em*u|DzTc6bibW_yDzB_;2VR zi;JK*&=tN19M$4~ Date: Fri, 6 Dec 2024 09:48:45 -0800 Subject: [PATCH 02/22] PAPP-35185: network group objects related actions --- ciscosecurefirewall.json | 16 +++++++++++ ciscosecurefirewall_connector.py | 49 ++++++++++++++++++++++++++++++++ ciscosecurefirewall_consts.py | 6 ++-- 3 files changed, 67 insertions(+), 4 deletions(-) diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index 9be1030..1dd9ec2 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -66,6 +66,22 @@ "parameters": {}, "output": [], "versions": "EQ(*)" + }, + { + "action": "get network group objects", + "description": "Gets all network group objects in fmc host", + "type": "investigate", + "identifier": "get_network_groups", + "read_only": true, + "parameters": { + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 0 + } + }, + "output": [], + "versions": "EQ(*)" } ], "pip_dependencies": { diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index f86e06e..6891023 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -221,6 +221,53 @@ def _handle_test_connectivity(self, param): self.save_progress("Connectivity test failed") return action_result.set_status(phantom.APP_ERROR) + def handle_get_network_groups(self, param): + self.save_progress("In action handler for: {0}".format(self.get_action_identifier())) + + # Add an action result object to self (BaseConnector) to represent the action for this param + action_result = self.add_action_result(ActionResult(dict(param))) + + domain_name = param["domain_name"] or "default" + domain_uuid = "default" + + if domain_name != "default": + for domain in self.domains: + if domain_name in domain["name"].lower(): + domain_uuid = domain["uuid"] + break + + url = NETWORK_GROUPS_ENDPOINT.format(domain_uuid) + + offset = 0 + limit = 50 + params = {"limit": limit} + while True: + params["offset"] = offset + ret_val, response = self._api_run("get", url, self, params=params) + if phantom.is_fail(ret_val): + return self.get_status() + self.debug_print(f"the response is {response}") + + try: + network_group_list = response["items"] + for item in network_group_list: + action_result.add_data({"name": item["name"], "uuid": item["id"]}) + + except Exception as e: + message = "An error occurred while processing network groups" + self.debug_print(f"{message}. {str(e)}") + return self.set_status(phantom.APP_ERROR, message) + + if "paging" in response and "next" in response["paging"]: + offset += limit + else: + break + + summary = action_result.update_summary({'total_groups_returned': len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def handle_action(self, param): ret_val = phantom.APP_SUCCESS @@ -232,6 +279,8 @@ def handle_action(self, param): if action_id == "test_connectivity": ret_val = self._handle_test_connectivity(param) + elif action_id == "get_network_groups": + ret_val = self._handle_get_network_groups(param) return ret_val diff --git a/ciscosecurefirewall_consts.py b/ciscosecurefirewall_consts.py index ab274a4..5a53866 100644 --- a/ciscosecurefirewall_consts.py +++ b/ciscosecurefirewall_consts.py @@ -19,8 +19,6 @@ DEFAULT_REQUEST_TIMEOUT = 30 # in seconds TOKEN_KEY = "X-auth-access-token" DOMAINS = "domains" -DOMAIN_UUID_KEY = "domain_uuid" -DOMAIN_NAME_KEY = "domain_name" ENCRYPTION_ERR = "Error occurred while encrypting the state file" -LIMIT = 100 -EXPANDED = "true" +NETWORK_GROUPS_ENDPOINT = "/api/fmc_config/v1/domain/{0}/object/networkgroups" + From 49bea95450e184f2fac571b8906dcfb98c438c95 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 6 Dec 2024 17:49:20 +0000 Subject: [PATCH 03/22] Update README.md --- README.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/README.md b/README.md index f0d6ba4..c0b6d12 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,15 @@ +[comment]: # "Auto-generated SOAR connector documentation" +# Cisco Secure Firewall + +Publisher: Splunk +Connector Version: 1.0.0 +Product Vendor: Cisco Systems +Product Name: Cisco Firepower +Product Version Supported (regex): ".\*" +Minimum Product Version: 6.2.2 + +This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules + # Splunk> Phantom Welcome to the open-source repository for Splunk> Phantom's ciscosecurefirewall App. @@ -7,3 +19,46 @@ Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Ap ## Legal and License This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details. + + +### Configuration Variables +This table lists the configuration variables required to operate Cisco Secure Firewall. These variables are specified when configuring a Cisco Firepower asset in Splunk SOAR. + +VARIABLE | REQUIRED | TYPE | DESCRIPTION +-------- | -------- | ---- | ----------- +**firepower_host** | required | string | Device IP/Hostname +**verify_server_cert** | optional | boolean | Verify server certificate +**username** | required | string | User with access to the Firepower node +**password** | required | password | Password +**domain_name** | optional | string | Default firepower domain +**network_group_object** | optional | string | Default network group object + +### Supported Actions +[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity +[get network group objects](#action-get-network-group-objects) - Gets all network group objects in fmc host + +## action: 'test connectivity' +Validate the asset configuration for connectivity + +Type: **test** +Read only: **True** + +#### Action Parameters +No parameters are required for this action + +#### Action Output +No Output + +## action: 'get network group objects' +Gets all network group objects in fmc host + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +No Output \ No newline at end of file From 63053d08e0684c7725568fe1eeb356031dddaf99 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Tue, 14 Jan 2025 09:58:59 -0800 Subject: [PATCH 04/22] PAPP-35185: network and policy related actions for both cloud and on prem --- ciscosecurefirewall.json | 1841 +++++++++++++++++++++++++++++- ciscosecurefirewall_connector.py | 649 ++++++++++- ciscosecurefirewall_consts.py | 14 +- 3 files changed, 2445 insertions(+), 59 deletions(-) diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index 1dd9ec2..62aa021 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -13,7 +13,7 @@ "product_name": "Cisco Firepower", "product_version_regex": ".*", "min_phantom_version": "6.2.2", - "python_version": "3", + "python_version": "3.9", "logo": "logo_cisco.svg", "logo_dark": "logo_cisco_dark.svg", "fips_compliant": true, @@ -21,39 +21,57 @@ "Firepower Management Center 7.1.0" ], "configuration": { - "firepower_host": { - "description": "Device IP/Hostname", + "fmc_type": { + "description": "Would you like to connect to an on-prem or cloud delivered FMC", "order": 0, "data_type": "string", + "value_list": [ + "On-prem", + "Cloud" + ], "required": true }, + "firepower_host": { + "description": "Device IP/Hostname of your on-prem FMC", + "order": 1, + "data_type": "string" + }, "verify_server_cert": { "description": "Verify server certificate", "data_type": "boolean", - "order": 1, - "default": false + "order": 1 }, "username": { - "description": "User with access to the Firepower node", + "description": "User with access to the on-prem FMC node", "data_type": "string", - "order": 2, - "required": true + "order": 2 }, "password": { - "description": "Password", + "description": "Password for the on-prem FMC node", "data_type": "password", - "order": 3, - "required": true + "order": 3 }, "domain_name": { "description": "Default firepower domain", "data_type": "string", "order": 4 }, - "network_group_object": { - "description": "Default network group object", + "cloud_api_key": { + "description": "Api key for cloud delivered FMC", "data_type": "string", "order": 5 + }, + "region": { + "description": "Region your Cisco Security Cloud Control is deployed in", + "data_type": "string", + "value_list": [ + "US", + "EU", + "APJ", + "AUS", + "IN" + ], + "order": 6 } }, "actions": [ @@ -67,12 +85,703 @@ "output": [], "versions": "EQ(*)" }, + { + "action": "list network objects", + "description": "List network object in FMC", + "type": "investigate", + "read_only": true, + "identifier": "list_network_ojects", + "parameters":{ + "name": { + "description": "Network object name to filter results by", + "data_type": "string", + "order": 0 + }, + "type": { + "description": "Network object type to filter results by", + "data_type": "string", + "value_list": [ + "Host", + "Network", + "Range", + "FQDN" + ], + "order": 1 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 2 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.links.parent", + "data_type": "string" + } + ], + "versions": "EQ(*)" + }, + { + "action": "create network object", + "description": "Creates a network object in FMC", + "type": "generic", + "identifier": "create_network_object", + "read_only": false, + "parameters":{ + "name": { + "description": "Network object name", + "data_type": "string", + "required": true, + "order": 0 + }, + "type": { + "description": "Network object type", + "data_type": "string", + "required": true, + "value_list": [ + "Host", + "Network", + "Range", + "FQDN" + ], + "order": 1 + }, + "value": { + "description": "Value of the network object. If type if Range specify value in the following format: ip1-ip2", + "data_type": "string", + "required": true, + "order": 2 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 3 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.parameter.value", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.links.parent", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.value", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.ipType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.lastUser.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.timestamp", + "data_type": "numeric" + }, + { + "data_path": "action_result.data.*.metadata.domain.parentType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.overridable", + "data_type": "boolean" + } + ], + "versions": "EQ(*)" + }, + { + "action": "update network object", + "description": "Updates a network object in FMC", + "type": "generic", + "identifier": "update_network_object", + "read_only": false, + "parameters":{ + "object_id": { + "description": "Network object id", + "data_type": "string", + "required": true, + "order": 0 + }, + "name": { + "description": "Network object name", + "data_type": "string", + "required": true, + "order": 1 + }, + "type": { + "description": "Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update.", + "data_type": "string", + "required": true, + "value_list": [ + "Host", + "Network", + "Range", + "FQDN" + ], + "order": 2 + }, + "value": { + "description": "Value of the network object. If type is Range specify value in the following format: ip1-ip2", + "data_type": "string", + "required": true, + "order": 3 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 4 + } + }, + "output": [], + "versions": "EQ(*)" + }, + + { + "action": "delete network object", + "description": "Deletes a network object in FMC", + "type": "generic", + "read_only": false, + "identifier": "delete_network_object", + "parameters":{ + "object_id": { + "description": "Network object id", + "data_type": "string", + "required": true, + "order": 0 + }, + "type": { + "description": "Network object type", + "data_type": "string", + "required": true, + "value_list": [ + "Host", + "Network", + "Range", + "FQDN" + ], + "order": 1 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 2 + } + }, + "output": [], + "versions": "EQ(*)" + }, { "action": "get network group objects", - "description": "Gets all network group objects in fmc host", + "description": "Gets all network group objects in FMC host or a specfic network group", "type": "investigate", "identifier": "get_network_groups", "read_only": true, + "parameters": { + "group_name": { + "description": "Group name to retrieve from FMC", + "data_type": "string", + "order": 0 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 1 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.group_name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.uuid", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + } + ], + "versions": "EQ(*)" + }, + { + "action": "create network group object", + "description": "Create a network group object", + "type": "generic", + "read_only": false, + "identifier": "create_network_group", + "parameters": { + "name": { + "description": "Name of the network group", + "data_type": "string", + "required": true, + "order": 0 + }, + "network_object_ids": { + "description": "Network objects attached to the group. Note these ids must already exist in FMC", + "data_type": "string", + "example_values": [ + "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" + ], + "required": true, + "order": 1 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 2 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.network_object_ids", + "data_type": "string", + "example_values": [ + "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.lastUser.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.timestamp", + "data_type": "numeric" + }, + { + "data_path": "action_result.data.*.metadata.domain.parentType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.overridable", + "data_type": "boolean" + } + ], + "versions": "EQ(*)" + }, + { + "action": "update network group object", + "description": "Update a network group object", + "type": "generic", + "read_only": false, + "identifier": "update_network_group", + "parameters": { + "network_group_id": { + "description": "Network group to update", + "data_type": "string", + "required": true, + "order": 0 + }, + "name": { + "description": "Name of the network group", + "data_type": "string", + "order": 1 + }, + "network_object_ids_to_add": { + "description": "Network objects to add to the group. Note these ids must already exist in FMC", + "data_type": "string", + "example_values": [ + "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" + ], + "order": 2 + }, + "network_object_ids_to_remove": { + "description": "Network objects to remove frin the group.", + "data_type": "string", + "example_values": [ + "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" + ], + "order": 3 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 4 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.network_group_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.network_object_ids_to_add", + "data_type": "string", + "example_values": [ + "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" + ] + }, + { + "data_path": "action_result.parameter.network_object_ids_to_remove", + "data_type": "string", + "example_values": [ + "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.lastUser.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.timestamp", + "data_type": "numeric" + }, + { + "data_path": "action_result.data.*.metadata.domain.parentType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.overridable", + "data_type": "boolean" + } + ], + "versions": "EQ(*)" + }, + { + "action": "delete network group object", + "description": "Delete a network group object", + "type": "generic", + "read_only": false, + "identifier": "delete_network_group", + "parameters": { + "network_group_id": { + "description": "Network group to update", + "data_type": "string", + "required": true, + "order": 0 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 1 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.network_group_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.objects.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.lastUser.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.timestamp", + "data_type": "numeric" + }, + { + "data_path": "action_result.data.*.metadata.domain.parentType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.overridable", + "data_type": "boolean" + } + ], + "versions": "EQ(*)" + }, + { + "action": "get access control policies", + "description": "Gets all access control polcies in the FMC host for a particular domain", + "type": "investigate", + "identifier": "get_access_policies", + "read_only": true, "parameters": { "domain_name": { "description": "Firepower Domain. If none is specified the default domain will be queried", @@ -80,7 +789,1109 @@ "order": 0 } }, - "output": [], + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ] + }, + { + "data_path": "action_result.data.*.policy_id", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902138" + ] + } + ], + "versions": "EQ(*)" + }, + { + "action": "create access control policy", + "description": "Create an access control policy", + "type": "generic", + "read_only": false, + "identifier": "create_access_policy", + "parameters": { + "name": { + "description": "Name of the network group", + "data_type": "string", + "required": true, + "order": 0 + }, + "description": { + "description": "Description of the policy", + "data_type": "string", + "order": 1 + }, + "action": { + "description": "Type of action to take on matching traffic", + "data_type": "string", + "required": true, + "value_list": [ + "ALLOW", + "BLOCK", + "TRUST", + "MONITOR" + ], + "order": 2 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 3 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.description", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.action", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ] + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.rules.type", + "data_type": "string", + "example_values": [ + "AccessRule" + ] + }, + { + "data_path": "action_result.data.*.rules.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.description", + "data_type": "string" + } + ], + "versions": "EQ(*)" + }, + { + "action": "update access control policy", + "description": "Update an access control policy", + "type": "generic", + "read_only": false, + "identifier": "update_access_policy", + "parameters": { + "policy_id": { + "description": "Id of the policy to update", + "data_type": "string", + "required": true, + "order": 0 + }, + "name": { + "description": "Name of the network group", + "data_type": "string", + "order": 1 + }, + "description": { + "description": "Description of the policy", + "data_type": "string", + "order": 2 + }, + "action": { + "description": "Type of action to take on matching traffic", + "data_type": "string", + "value_list": [ + "ALLOW", + "BLOCK", + "TRUST", + "MONITOR" + ], + "order": 3 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 4 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.policy_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.description", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.action", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ] + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.rules.type", + "data_type": "string", + "example_values": [ + "AccessRule" + ] + }, + { + "data_path": "action_result.data.*.rules.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.description", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.defaultAction.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.defaultAction.type", + "data_type": "string", + "example_values": [ + "AccessPolicyDefaultAction" + ] + }, + { + "data_path": "action_result.data.*.defaultAction.action", + "data_type": "string", + "example_values": [ + "BLOCK" + ] + } + ], + "versions": "EQ(*)" + }, + { + "action": "delete access control policies", + "description": "Deleted the specified access control policy", + "type": "generic", + "identifier": "delete_access_policy", + "read_only": false, + "parameters": { + "policy_id": { + "description": "Id of the policy to delete", + "data_type": "string", + "required": true, + "order": 0 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 1 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.policy_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.description", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.action", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ] + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.rules.type", + "data_type": "string", + "example_values": [ + "AccessRule" + ] + }, + { + "data_path": "action_result.data.*.rules.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.description", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.defaultAction.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.defaultAction.type", + "data_type": "string", + "example_values": [ + "AccessPolicyDefaultAction" + ] + }, + { + "data_path": "action_result.data.*.defaultAction.action", + "data_type": "string", + "example_values": [ + "BLOCK" + ] + }, + { + "data_path": "action_result.data.*.securityIntelligence.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.securityIntelligence.type", + "data_type": "string", + "example_values": [ + "SecurityIntelligencePolicy" + ] + }, + { + "data_path": "action_result.data.*.securityIntelligence.links.self", + "data_type": "string" + } + ], + "versions": "EQ(*)" + }, + { + "action": "get access control rules", + "description": "Gets all access control rules associated with a particular access control policy", + "type": "investigate", + "identifier": "get_access_rules", + "read_only": true, + "parameters": { + "policy_id": { + "description": "Access control policy that the rule is apart of", + "data_type": "string", + "required": true, + "order": 0 + }, + "rule_id": { + "description": "Id of the rules", + "data_type": "string", + "order": 1 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 2 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.policy_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ] + } + ], + "versions": "EQ(*)" + }, + { + "action": "create access control rule", + "description": "Creates an access control rule associated with a particular access control policy", + "type": "generic", + "identifier": "create_access_rules", + "read_only": false, + "parameters": { + "policy_id": { + "description": "Access control policy the rule will be apart of", + "data_type": "string", + "required": true, + "order": 0 + }, + "name": { + "description": "Name of the access control rule", + "required": true, + "data_type": "string", + "order": 1 + }, + "action": { + "description": "Type of action to take on matching traffic", + "data_type": "string", + "required": true, + "value_list": [ + "ALLOW", + "BLOCK", + "TRUST", + "MONITOR" + ], + "order": 2 + }, + "enabled": { + "data_type": "boolean", + "description": "Wether the rule is enabled", + "order": 3, + "default": false + }, + "source_networks": { + "description": "Network groups or objects to determine what action to take against traffic based on where it originated from", + "data_type": "string", + "order": 4 + }, + "destination_networks": { + "description": "Network groups or objects to determine what action to take against traffic based on its intended destination", + "data_type": "string", + "order": 5 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 6 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.policy_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.action", + "data_type": "string", + "example_values": [ + "BLOCK" + ] + }, + { + "data_path": "action_result.parameter.enabled", + "data_type": "boolean" + }, + { + "data_path": "action_result.parameter.source_networks", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491" + ] + }, + { + "data_path": "action_result.parameter.destination_networks", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "AccessRule" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.action", + "data_type": "string", + "example_values": [ + "BLOCK" + ] + }, + { + "data_path": "action_result.data.*.logEnd", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.enabled", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.logBegin", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.logFiles", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.type", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.variableSet.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.variableSet.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.variableSet.type", + "data_type": "string", + "example_values": [ + "VariableSet" + ] + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup", "Network" + ] + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.overridable", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.sendEventsToFMC", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup", "Network" + ] + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.overridable", + "data_type": "boolean" + } + ], + "versions": "EQ(*)" + }, + { + "action": "update access control rule", + "description": "Updates an access control rule associated with a particular access control policy", + "type": "generic", + "identifier": "update_access_rule", + "read_only": false, + "parameters": { + "rule_id": { + "description": "Access control rule to update", + "data_type": "string", + "required": true, + "order": 0 + }, + "policy_id": { + "description": "Access control policy that the rule is apart of", + "data_type": "string", + "required": true, + "order": 1 + }, + "name": { + "description": "Name of the access control rule", + "data_type": "string", + "order": 2 + }, + "action": { + "description": "Type of action to take on matching traffic", + "data_type": "string", + "value_list": [ + "ALLOW", + "BLOCK", + "TRUST", + "MONITOR" + ], + "order": 3 + }, + "enabled": { + "data_type": "boolean", + "description": "Wether the rule is enabled", + "order": 4 + }, + "source_networks_to_add": { + "description": "Add these network groups or objects to the rules source networks", + "data_type": "string", + "order": 5 + }, + "source_networks_to_remove": { + "description": "Remove these network groups or objects from the rules source networks", + "data_type": "string", + "order": 6 + }, + "destination_networks_to_add": { + "description": "Add these network groups or objects to the rules destination networks", + "data_type": "string", + "order": 7 + }, + "destination_networks_to_remove": { + "description": "Remove these network groups or objects from the rules destination networks", + "data_type": "string", + "order": 8 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 9 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.rule_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.policy_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.action", + "data_type": "string", + "example_values": [ + "BLOCK" + ] + }, + { + "data_path": "action_result.parameter.enabled", + "data_type": "boolean" + }, + { + "data_path": "action_result.parameter.source_networks_to_add", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491" + ] + }, + { + "data_path": "action_result.parameter.source_networks_to_remove", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491" + ] + }, + { + "data_path": "action_result.parameter.destination_networks_to_add", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491" + ] + }, + { + "data_path": "action_result.parameter.destination_networks_to_remove", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "AccessRule" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.action", + "data_type": "string", + "example_values": [ + "BLOCK" + ] + }, + { + "data_path": "action_result.data.*.logEnd", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.enabled", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.logBegin", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.logFiles", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string", + "example_values": [ + "Global" + ] + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string", + "example_values": [ + "Domain" + ] + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.type", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.variableSet.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.variableSet.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.variableSet.type", + "data_type": "string", + "example_values": [ + "VariableSet" + ] + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup", "Network" + ] + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.overridable", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.sendEventsToFMC", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup", "Network" + ] + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.overridable", + "data_type": "boolean" + } + ], + "versions": "EQ(*)" + }, + { + "action": "delete access control rules", + "description": "Deletes access control rule associated with a particular access control policy", + "type": "generic", + "identifier": "delete_access_rule", + "read_only": false, + "parameters": { + "rule_id": { + "description": "Access control rule to delete", + "data_type": "string", + "required": true, + "order": 0 + }, + "policy_id": { + "description": "Access control policy that the rule is apart of", + "data_type": "string", + "required": true, + "order": 1 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 2 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.rule_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.policy_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "AccessRule" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.action", + "data_type": "string", + "example_values": [ + "BLOCK" + ] + }, + { + "data_path": "action_result.data.*.logEnd", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.enabled", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.logBegin", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.logFiles", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string", + "example_values": [ + "Global" + ] + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string", + "example_values": [ + "Domain" + ] + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.accessPolicy.type", + "data_type": "string", + "example_values": [ + "AccessPolicy" + ] + }, + { + "data_path": "action_result.data.*.variableSet.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.variableSet.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.variableSet.type", + "data_type": "string", + "example_values": [ + "VariableSet" + ] + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup", "Network" + ] + }, + { + "data_path": "action_result.data.*.sourceNetworks.objects.*.overridable", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.sendEventsToFMC", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.type", + "data_type": "string", + "example_values": [ + "NetworkGroup", "Network" + ] + }, + { + "data_path": "action_result.data.*.destinationNetworks.objects.*.overridable", + "data_type": "boolean" + } + ], "versions": "EQ(*)" } ], diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 6891023..30ab57d 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -19,7 +19,7 @@ import simplejson as json from phantom.action_result import ActionResult from phantom.base_connector import BaseConnector - +from typing import Dict, Any, Tuple, Optional from ciscosecurefirewall_consts import * @@ -37,6 +37,8 @@ def __init__(self): self.firepower_host = "" self.headers = HEADERS self.verify = False + self.default_firepower_domain = None + self.generate_new_token = False def _reset_state_file(self): """ @@ -67,20 +69,27 @@ def initialize(self): self.debug_print(STATE_FILE_CORRUPT_ERR) self._reset_state_file() - try: - if TOKEN_KEY in self._state: - self.debug_print("Decrypting the token") - self._state[TOKEN_KEY] = encryption_helper.decrypt(self._state[TOKEN_KEY], self.get_asset_id()) - except Exception as e: - self.debug_print("Error occurred while decrypting the token: {}".format(str(e))) - self._reset_state_file() + self.fmc_type = config["fmc_type"] + + if self.is_cloud_deployment(): + ret_val = self.authenicate_cloud_fmc(config, action_result) + else: + try: + if TOKEN_KEY in self._state: + self.debug_print("Decrypting the token") + self._state[TOKEN_KEY] = encryption_helper.decrypt(self._state[TOKEN_KEY], self.get_asset_id()) + except Exception as e: + self.debug_print("Error occurred while decrypting the token: {}".format(str(e))) + self._reset_state_file() - self.firepower_host = config["firepower_host"] - self.username = config["username"] - self.password = config["password"] - self.verify = config.get("verify_server_cert", False) + self.firepower_host = config["firepower_host"] + self.username = config["username"] + self.password = config["password"] + self.default_firepower_domain = config.get("domain_name") + self.verify = config.get("verify_server_cert", False) + + ret_val = self._get_token(action_result) - ret_val = self._get_token(action_result) if phantom.is_fail(ret_val): return self.get_status() @@ -116,6 +125,17 @@ def _update_state(self): self._state[TOKEN_KEY] = self.token self._state[DOMAINS] = self.domains + def authenicate_cloud_fmc(self, config): + """ + This method updates the headers and sets the firepower host + based on the users region. + """ + region = config["region"] + api_key = config["cloud_api_key"] + self.firepower_host = CLOUD_HOST.format(region=region.lower()) + self.headers.update({"Authorization": f"Bearer {api_key}"}) + return phantom.APP_SUCCESS + def _get_token(self, action_result): """ This method returns the cached or a new token based @@ -174,9 +194,10 @@ def _api_run(self, method, resource, action_result, json_body=None, headers_only if not (200 <= result.status_code < 399): if result.status_code == 401 and first_try: self._reset_state_file() - ret_val = self._get_token(action_result) - if phantom.is_fail(ret_val): - return action_result.get_status(), None + if not self.is_cloud_deployment(): + ret_val = self._get_token(action_result) + if phantom.is_fail(ret_val): + return action_result.get_status(), None return self._api_run(method, resource, action_result, json_body, headers_only, first_try=False) @@ -203,7 +224,10 @@ def _api_run(self, method, resource, action_result, json_body=None, headers_only return phantom.APP_SUCCESS, resp_json - def _handle_test_connectivity(self, param): + def is_cloud_deployment(self): + return self.fmc_type == "Cloud" + + def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: """ Called when the user presses the test connectivity button on the Phantom UI. @@ -214,44 +238,173 @@ def _handle_test_connectivity(self, param): self.save_progress("Testing connectivity") - if self.token: - self.save_progress("Connectivity test passed") - return action_result.set_status(phantom.APP_SUCCESS) + url = GET_HOSTS_ENDPOINT.format(domain_id="default") + ret_val, _ = self._api_run("get", url, action_result) + if phantom.is_fail(ret_val): + self.save_progress("Connectivity test failed") + return action_result.get_status() + + self.save_progress("Connectivity test passed") + return action_result.set_status(phantom.APP_SUCCESS) + + def get_network_objects_of_type(self, object_type, domain_uuid, action_result, name=None): + url = NETWORK_OBJECTS_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s") + + offset = 0 + limit = 50 + params = {"limit": limit} + while True: + params["offset"] = offset + ret_val, response = self._api_run("get", url, action_result, params=params) + if phantom.is_fail(ret_val): + return action_result.get_status() + + try: + network_obj_list = response.get("items", []) + for item in network_obj_list: + if name and name != item["name"]: + continue - self.save_progress("Connectivity test failed") - return action_result.set_status(phantom.APP_ERROR) + action_result.add_data(item) - def handle_get_network_groups(self, param): - self.save_progress("In action handler for: {0}".format(self.get_action_identifier())) + except Exception as e: + message = "An error occurred while processing network objects" + self.debug_print(f"{message}. {str(e)}") + return action_result.set_status(phantom.APP_ERROR, str(e)) + + if "paging" in response and "next" in response["paging"]: + offset += limit + else: + break + + return phantom.APP_SUCCESS + + def _handle_list_network_objects(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + + domain_uuid = self.get_domain_id(param.get("domain_name")) + obj_type = param.get("type") + name = param.get("name") + + if obj_type: + ret_val = self.get_network_objects_of_type(obj_type, domain_uuid, action_result, name) + if phantom.is_fail(ret_val): + return action_result.get_status() + + else: + for object_type in OBJECT_TYPES: + ret_val = self.get_network_objects_of_type(object_type, domain_uuid, action_result, name) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.update_summary({'total_objects_returned': len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def get_network_object(self, domain_id: int, object_id: int) -> Tuple[bool, Dict[str, Any]]: + url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_id, type="networks", object_id=object_id) + ret_val, response = self._api_run("get", url, self) + return ret_val, response + + def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + name = param["name"] + + object_type = param["type"] + payload = {"name": name, "type": object_type, "value": param["value"]} + domain_uuid = self.get_domain_id(param.get("domain_name")) + url = NETWORK_OBJECTS_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s") + + ret_val, response = self._api_run("post", url, action_result, json_body=payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + + self.debug_print(f"the response type is {type(response)}") + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully created network object with name {name}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_update_network_object(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + object_id = param["object_id"] + name = param["name"] + object_type = param["type"] + payload = {"id": object_id, "name": name, "type": object_type, "value": param["value"]} + + domain_uuid = self.get_domain_id(param.get("domain_name")) + url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) + + ret_val, response = self._api_run("put", url, action_result, json_body=payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully updated network object with name {name}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_delete_network_object(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + object_id = param["object_id"] + object_type = param["type"] + domain_uuid = self.get_domain_id(param.get("domain_name")) + + url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) + ret_val, response = self._api_run("delete", url, action_result) + self.debug_print("response is", response) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully delete network object with id {object_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def get_domain_id(self, domain_name: str) -> str: + domain_name = domain_name or self.default_firepower_domain + + if not domain_name or self.is_cloud_deployment(): + return "default" + + for domain in self.domains: + if domain_name.lower() == domain["name"].lower(): + return domain["uuid"] + + def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") # Add an action result object to self (BaseConnector) to represent the action for this param action_result = self.add_action_result(ActionResult(dict(param))) - - domain_name = param["domain_name"] or "default" - domain_uuid = "default" - - if domain_name != "default": - for domain in self.domains: - if domain_name in domain["name"].lower(): - domain_uuid = domain["uuid"] - break - - url = NETWORK_GROUPS_ENDPOINT.format(domain_uuid) + + group_name = param.get("group_name") + domain_uuid = self.get_domain_id(param.get("domain_name")) + + url = NETWORK_GROUPS_ENDPOINT.format(domain_id=domain_uuid) offset = 0 limit = 50 params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self._api_run("get", url, self, params=params) + ret_val, response = self._api_run("get", url, action_result, params=params) if phantom.is_fail(ret_val): - return self.get_status() + return action_result.get_status() self.debug_print(f"the response is {response}") try: - network_group_list = response["items"] + network_group_list = response.get("items", []) for item in network_group_list: - action_result.add_data({"name": item["name"], "uuid": item["id"]}) + if not group_name or group_name == item["name"]: + action_result.add_data({"name": item["name"], "uuid": item["id"]}) except Exception as e: message = "An error occurred while processing network groups" @@ -262,11 +415,393 @@ def handle_get_network_groups(self, param): offset += limit else: break - - summary = action_result.update_summary({'total_groups_returned': len(action_result.get_data())}) + action_result.update_summary({'total_groups_returned': len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + + group_name = param["name"] + object_ids = param["network_object_ids"] + objects = [{"id": item.strip()} for item in object_ids.split(',') if item.strip()] + payload = {"name": group_name, "type": "NetworkGroup", "objects": objects} + domain_uuid = self.get_domain_id(param.get("domain_name")) + + url = NETWORK_GROUPS_ENDPOINT.format(domain_id=domain_uuid) + + ret_val, response = self._api_run("post", url, action_result, json_body=payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully added network group with name {group_name}" + return action_result.set_status(phantom.APP_SUCCESS) + + def get_network_group(self, domain_uuid, group_id): + url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) + ret_val, response = self._api_run("get", url, self) + return ret_val, response + + def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + + group_id = param["network_group_id"] + domain_uuid = self.get_domain_id(param.get("domain_name")) + ret_val, resp = self.get_network_group(domain_uuid, group_id) + if phantom.is_fail(ret_val): + return self.get_status() + + if param.get("name"): + resp["name"] = param["name"] + + current_network_objects = {obj["id"] for obj in resp.get("objects", [])} + + network_objects_to_add = param.get("network_object_ids_to_add", "") + current_network_objects.update({item.strip() for item in network_objects_to_add.split(',') if item.strip()}) + + network_objects_to_remove = param.get("network_object_ids_to_remove", "") + current_network_objects.difference_update({item.strip() for item in network_objects_to_remove.split(',') if item.strip()}) + + objects = [{"id": object_id} for object_id in current_network_objects] + resp["objects"] = objects + + update_url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) + ret_val, response = self._api_run("put", update_url, action_result, json_body=resp) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully update network group with id {group_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_delete_network_group(self, param): + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + + group_id = param["network_group_id"] + domain_uuid = self.get_domain_id(param.get("domain_name")) + + update_url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) + ret_val, response = self._api_run("delete", update_url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully deleted network group with id {group_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_get_access_policies(self, param): + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + url = ACCESS_POLICY_ENDPOINT.format(domain_id=domain_uuid) + + offset = 0 + limit = 50 + params = {"limit": limit} + while True: + params["offset"] = offset + ret_val, response = self._api_run("get", url, action_result, params=params) + if phantom.is_fail(ret_val): + return action_result.get_status() + self.debug_print(f"the response is {response}") + + try: + policies = response.get("items", []) + for policy in policies: + action_result.add_data({"name": policy["name"], "policy_id": policy["id"]}) + + except Exception as e: + message = "An error occurred while processing access policies" + self.debug_print(f"{message}. {str(e)}") + return self.set_status(phantom.APP_ERROR, message) + + if "paging" in response and "next" in response["paging"]: + offset += limit + else: + break + + action_result.update_summary({'total_policies_returned': len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + name = param["name"] + payload = {"name": name, "type": "AccessPolicy", "defaultAction": {"action": param["action"].upper()}} + if param.get("description"): + payload["description"] = param["description"] + + url = ACCESS_POLICY_ENDPOINT.format(domain_id=domain_uuid) + ret_val, response = self._api_run("post", url, action_result, json_body=payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully created access policy with name {name}" + return action_result.set_status(phantom.APP_SUCCESS) + + def get_access_policy(self, domain_uuid, policy_id): + url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + ret_val, response = self._api_run("get", url, self) + return ret_val, response + + def _handle_update_access_policy(self, param): + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + policy_id = param["policy_id"] + ret_val, policy_data = self.get_access_policy(domain_uuid, policy_id) + if phantom.is_fail(ret_val): + return self.get_status() + + cur_action = policy_data["defaultAction"] + payload = { + "id": policy_data["id"], "name": policy_data["name"], "type": "AccessPolicy", "defaultAction": cur_action, "description": policy_data.get("description", "") + } + + if param.get("name"): + payload["name"] = param["name"] + + if param.get("description"): + payload["description"] = param["description"] + + if param.get("action"): + payload["defaultAction"]["action"] = param["action"].upper() + + url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + print(f"payload is {payload}") + ret_val, response = self._api_run("put", url, action_result, json_body=payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + print(f"updated policy with {response}") + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully updated access policy with id {policy_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_delete_access_policy(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + policy_id = param["policy_id"] + + url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + ret_val, response = self._api_run("delete", url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully deleted access policy with id {policy_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + policy_id = param["policy_id"] + rule_id = param.get("rule_id") + + if rule_id: + ret_val, response = self.get_access_control_rule(domain_uuid, policy_id, rule_id) + if phantom.is_fail(ret_val): + return action_result.get_status() + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Retrieved access rule with id {rule_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + url = ACCESS_RULES_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + + offset = 0 + limit = 50 + params = {"limit": limit} + while True: + params["offset"] = offset + ret_val, response = self._api_run("get", url, action_result, params=params) + if phantom.is_fail(ret_val): + return action_result.get_status() + self.debug_print(f"the response is {response}") + + try: + rules = response.get("items", []) + for rule in rules: + action_result.add_data({"name": rule["name"], "rule_id": rule["id"]}) + + except Exception as e: + message = "An error occurred while processing access rules" + self.debug_print(f"{message}. {str(e)}") + return self.set_status(phantom.APP_ERROR, message) + + if "paging" in response and "next" in response["paging"]: + offset += limit + else: + break + + action_result.update_summary({'total_rules_returned': len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def build_network_objects_list(self, network_ids: list, dommain_uuid: str) -> Tuple[bool, Optional[list]]: + networks_objects = [] + for object_id in network_ids: + ret_val, object_data = self.get_network_object(dommain_uuid, object_id) + if not phantom.is_fail(ret_val): + networks_objects.append({"type": object_data["type"], "id": object_id}) + continue + ret_val, _ = self.get_network_group(dommain_uuid, object_id) + if phantom.is_fail(ret_val): + self.debug_print(f"Id {object_id} is not a network object or network group") + return self.get_status(), None + networks_objects.append({"type": "NetworkGroup", "id": object_id}) + + return phantom.APP_SUCCESS, networks_objects + + def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + policy_id = param["policy_id"] + name = param["name"] + + rule_payload = {"name": name, "action": param["action"], "enabled": param["enabled"], "sourceNetworks": {"objects": []}, "destinationNetworks": {"objects": []}} + + source_networks = param.get("source_networks", "") + source_networks = [network.strip() for network in source_networks.split(',') if network.strip()] + + ret_val, source_networks_objects = self.build_network_objects_list(source_networks, domain_uuid) + if phantom.is_fail(ret_val): + return ret_val + rule_payload["sourceNetworks"]["objects"] = source_networks_objects + + destination_networks = param.get("destination_networks", "") + destination_networks = [network.strip() for network in destination_networks.split(',') if network.strip()] + ret_val, destination_networks_objects = self.build_network_objects_list(destination_networks, domain_uuid) + if phantom.is_fail(ret_val): + return ret_val + rule_payload["destinationNetworks"]["objects"] = destination_networks_objects + + url = ACCESS_RULES_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + ret_val, response = self._api_run("post", url, action_result, json_body=rule_payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully added access control rule with name {name} to policy {policy_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def get_access_control_rule(self, domain_id: str, policy_id: str, rule_id: str) -> Tuple[bool, Dict[str, Any]]: + url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_id, policy_id=policy_id, rule_id=rule_id) + ret_val, response = self._api_run("get", url, self) + return ret_val, response + + def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + rule_id = param["rule_id"] + policy_id = param["policy_id"] + + ret_val, rule_data = self.get_access_control_rule(domain_uuid, policy_id, rule_id) + self.debug_print(f"rule response is {rule_data}") + if phantom.is_fail(ret_val): + return self.get_status() + + rule_payload = {"id": rule_data["id"], "name": rule_data["name"], "action": rule_data["action"], "type": rule_data["type"], "enabled": rule_data["enabled"]} + + if param.get("name"): + rule_payload["name"] = param["name"] + + if param.get("action"): + rule_payload["action"] = param["action"] + + if param.get("enabled"): + rule_payload["enabled"] = param["enabled"] + + current_source_networks = rule_data.get("destinationNetworks", {}).get("objects", []) + source_networks = param.get("source_networks_to_add", "") + source_networks = [network.strip() for network in source_networks.split(',') if network.strip()] + ret_val, source_networks_objects = self.build_network_objects_list(source_networks, domain_uuid) + if phantom.is_fail(ret_val): + return ret_val + current_source_networks.extend(source_networks_objects) + current_source_networks_dic = {network["id"]: network for network in current_source_networks} + source_networks_to_remove = param.get("source_networks_to_remove", "") + source_networks_to_remove = [network.strip() for network in source_networks_to_remove.split(',') if network.strip()] + + filtered_source_networks = [value for key, value in current_source_networks_dic.items() if key not in source_networks_to_remove] + rule_payload["sourceNetworks"] = {"objects": filtered_source_networks} + + current_destination_networks = rule_data.get("destinationNetworks", {}).get("objects", []) + destination_networks = param.get("destination_networks_to_add", "") + destination_networks = [network.strip() for network in destination_networks.split(',') if network.strip()] + ret_val, destination_networks_objects = self.build_network_objects_list(destination_networks, domain_uuid) + if phantom.is_fail(ret_val): + return ret_val + current_destination_networks.extend(destination_networks_objects) + current_destination_networks_dic = {network["id"]: network for network in current_destination_networks} + destination_networks_to_remove = param.get("destination_networks_to_remove", "") + destination_networks_to_remove = [network.strip() for network in destination_networks_to_remove.split(',') if network.strip()] + + filtered_destination_networks = [value for key, value in current_destination_networks_dic.items() if key not in destination_networks_to_remove] + rule_payload["destinationNetworks"] = {"objects": filtered_destination_networks} + + url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id, rule_id=rule_id) + ret_val, response = self._api_run("put", url, action_result, json_body=rule_payload) + + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully updated access control rule with id {rule_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_delete_access_rule(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + rule_id = param["rule_id"] + policy_id = param["policy_id"] + + url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id, rule_id=rule_id) + ret_val, response = self._api_run("delete", url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully delete access control rule with id {rule_id}" return action_result.set_status(phantom.APP_SUCCESS) - def handle_action(self, param): @@ -279,8 +814,38 @@ def handle_action(self, param): if action_id == "test_connectivity": ret_val = self._handle_test_connectivity(param) + elif action_id == "list_network_ojects": + self._handle_list_network_objects(param) + elif action_id == "create_network_object": + self._handle_create_network_object(param) + elif action_id == "update_network_object": + self._handle_update_network_object(param) + elif action_id == "delete_network_object": + self._handle_delete_network_object(param) elif action_id == "get_network_groups": ret_val = self._handle_get_network_groups(param) + elif action_id == "create_network_group": + ret_val = self._handle_create_network_group(param) + elif action_id == "update_network_group": + ret_val = self._handle_update_network_group(param) + elif action_id == "delete_network_group": + ret_val = self._handle_delete_network_group(param) + elif action_id == "get_access_policies": + ret_val = self._handle_get_access_policies(param) + elif action_id == "create_access_policy": + ret_val = self._handle_create_access_policy(param) + elif action_id == "update_access_policy": + ret_val = self._handle_update_access_policy(param) + elif action_id == "delete_access_policy": + ret_val = self._handle_delete_access_policy(param) + elif action_id == "get_access_rules": + ret_val = self._handle_get_access_rules(param) + elif action_id == "create_access_rules": + ret_val = self._handle_create_access_rules(param) + elif action_id == "update_access_rule": + ret_val = self._handle_update_access_rule(param) + elif action_id == "delete_access_rule": + ret_val = self._handle_delete_access_rule(param) return ret_val diff --git a/ciscosecurefirewall_consts.py b/ciscosecurefirewall_consts.py index 5a53866..a35ac6c 100644 --- a/ciscosecurefirewall_consts.py +++ b/ciscosecurefirewall_consts.py @@ -19,6 +19,16 @@ DEFAULT_REQUEST_TIMEOUT = 30 # in seconds TOKEN_KEY = "X-auth-access-token" DOMAINS = "domains" +GET_HOSTS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/hosts" ENCRYPTION_ERR = "Error occurred while encrypting the state file" -NETWORK_GROUPS_ENDPOINT = "/api/fmc_config/v1/domain/{0}/object/networkgroups" - +NETWORK_GROUPS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/networkgroups" +NETWORK_GROUPS_ID_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/networkgroups/{group_id}" +NETWORK_OBJECTS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/{type}" +NETWORK_OBJECT_ID_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/{type}/{object_id}" +ACCESS_POLICY_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies" +ACCESS_POLICY_ID_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{policy_id}" +ACCESS_RULES_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{policy_id}/accessrules" +ACCESS_RULES_ID_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{policy_id}/accessrules/{rule_id}" +# OBJECT_TYPES = ["Network", "Host", "Range", "FQDN"] +OBJECT_TYPES = ["Network", "Host", "Range"] +CLOUD_HOST = "edge.{region}.cdo.cisco.com/api/rest/v1/cdfmc" From a187f7ec1ae292833a545c7a6d6289e608f10bf2 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Tue, 14 Jan 2025 18:01:31 +0000 Subject: [PATCH 05/22] Update README.md --- README.md | 559 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 540 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index c0b6d12..051b401 100644 --- a/README.md +++ b/README.md @@ -10,32 +10,38 @@ Minimum Product Version: 6.2.2 This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules -# Splunk> Phantom - -Welcome to the open-source repository for Splunk> Phantom's ciscosecurefirewall App. - -Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md) if you are interested in contributing, raising issues, or learning more about open-source Phantom apps. - -## Legal and License - -This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details. - - -### Configuration Variables +### Configuration variables This table lists the configuration variables required to operate Cisco Secure Firewall. These variables are specified when configuring a Cisco Firepower asset in Splunk SOAR. VARIABLE | REQUIRED | TYPE | DESCRIPTION -------- | -------- | ---- | ----------- -**firepower_host** | required | string | Device IP/Hostname +**fmc_type** | required | string | Would you like to connect to an on-prem or cloud delivered FMC +**firepower_host** | optional | string | Device IP/Hostname of your on-prem FMC **verify_server_cert** | optional | boolean | Verify server certificate -**username** | required | string | User with access to the Firepower node -**password** | required | password | Password +**username** | optional | string | User with access to the on-prem FMC node +**password** | optional | password | Password for the on-prem FMC node **domain_name** | optional | string | Default firepower domain -**network_group_object** | optional | string | Default network group object +**cloud_api_key** | optional | string | Api key for cloud delivered FMC +**region** | optional | string | Region your Cisco Security Cloud Control is deployed in ### Supported Actions [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity -[get network group objects](#action-get-network-group-objects) - Gets all network group objects in fmc host +[list network objects](#action-list-network-objects) - List network object in FMC +[create network object](#action-create-network-object) - Creates a network object in FMC +[update network object](#action-update-network-object) - Updates a network object in FMC +[delete network object](#action-delete-network-object) - Deletes a network object in FMC +[get network group objects](#action-get-network-group-objects) - Gets all network group objects in FMC host or a specfic network group +[create network group object](#action-create-network-group-object) - Create a network group object +[update network group object](#action-update-network-group-object) - Update a network group object +[delete network group object](#action-delete-network-group-object) - Delete a network group object +[get access control policies](#action-get-access-control-policies) - Gets all access control polcies in the FMC host for a particular domain +[create access control policy](#action-create-access-control-policy) - Create an access control policy +[update access control policy](#action-update-access-control-policy) - Update an access control policy +[delete access control policies](#action-delete-access-control-policies) - Deleted the specified access control policy +[get access control rules](#action-get-access-control-rules) - Gets all access control rules associated with a particular access control policy +[create access control rule](#action-create-access-control-rule) - Creates an access control rule associated with a particular access control policy +[update access control rule](#action-update-access-control-rule) - Updates an access control rule associated with a particular access control policy +[delete access control rules](#action-delete-access-control-rules) - Deletes access control rule associated with a particular access control policy ## action: 'test connectivity' Validate the asset configuration for connectivity @@ -49,8 +55,105 @@ No parameters are required for this action #### Action Output No Output +## action: 'list network objects' +List network object in FMC + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**name** | optional | Network object name to filter results by | string | +**type** | optional | Network object type to filter results by | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.name | string | | +action_result.parameter.type | string | | Network +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | Network +action_result.data.\*.links.self | string | | +action_result.data.\*.links.parent | string | | + +## action: 'create network object' +Creates a network object in FMC + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**name** | required | Network object name | string | +**type** | required | Network object type | string | +**value** | required | Value of the network object. If type if Range specify value in the following format: ip1-ip2 | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.name | string | | +action_result.parameter.type | string | | Network +action_result.parameter.value | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | Network +action_result.data.\*.links.self | string | | +action_result.data.\*.links.parent | string | | +action_result.data.\*.value | string | | +action_result.data.\*.metadata.domain.id | string | | +action_result.data.\*.metadata.domain.name | string | | +action_result.data.\*.metadata.domain.type | string | | +action_result.data.\*.metadata.ipType | string | | +action_result.data.\*.metadata.domain.lastUser.name | string | | +action_result.data.\*.metadata.domain.timestamp | numeric | | +action_result.data.\*.metadata.domain.parentType | string | | +action_result.data.\*.metadata.overridable | boolean | | + +## action: 'update network object' +Updates a network object in FMC + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**object_id** | required | Network object id | string | +**name** | required | Network object name | string | +**type** | required | Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update. | string | +**value** | required | Value of the network object. If type is Range specify value in the following format: ip1-ip2 | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +No Output + +## action: 'delete network object' +Deletes a network object in FMC + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**object_id** | required | Network object id | string | +**type** | required | Network object type | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +No Output + ## action: 'get network group objects' -Gets all network group objects in fmc host +Gets all network group objects in FMC host or a specfic network group Type: **investigate** Read only: **True** @@ -58,7 +161,425 @@ Read only: **True** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- +**group_name** | optional | Group name to retrieve from FMC | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.group_name | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.uuid | string | | +action_result.data.\*.name | string | | + +## action: 'create network group object' +Create a network group object + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**name** | required | Name of the network group | string | +**network_object_ids** | required | Network objects attached to the group. Note these ids must already exist in FMC | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.name | string | | +action_result.parameter.network_object_ids | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | NetworkGroup +action_result.data.\*.links.self | string | | +action_result.data.\*.objects.id | string | | +action_result.data.\*.objects.name | string | | +action_result.data.\*.objects.type | string | | Network +action_result.data.\*.metadata.domain.id | string | | +action_result.data.\*.metadata.domain.name | string | | +action_result.data.\*.metadata.domain.type | string | | +action_result.data.\*.metadata.domain.lastUser.name | string | | +action_result.data.\*.metadata.domain.timestamp | numeric | | +action_result.data.\*.metadata.domain.parentType | string | | +action_result.data.\*.metadata.overridable | boolean | | + +## action: 'update network group object' +Update a network group object + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**network_group_id** | required | Network group to update | string | +**name** | optional | Name of the network group | string | +**network_object_ids_to_add** | optional | Network objects to add to the group. Note these ids must already exist in FMC | string | +**network_object_ids_to_remove** | optional | Network objects to remove frin the group. | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.network_group_id | string | | +action_result.parameter.name | string | | +action_result.parameter.network_object_ids_to_add | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c +action_result.parameter.network_object_ids_to_remove | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | NetworkGroup +action_result.data.\*.links.self | string | | +action_result.data.\*.objects.id | string | | +action_result.data.\*.objects.name | string | | +action_result.data.\*.objects.type | string | | Network +action_result.data.\*.metadata.domain.id | string | | +action_result.data.\*.metadata.domain.name | string | | +action_result.data.\*.metadata.domain.type | string | | +action_result.data.\*.metadata.domain.lastUser.name | string | | +action_result.data.\*.metadata.domain.timestamp | numeric | | +action_result.data.\*.metadata.domain.parentType | string | | +action_result.data.\*.metadata.overridable | boolean | | + +## action: 'delete network group object' +Delete a network group object + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**network_group_id** | required | Network group to update | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.network_group_id | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | NetworkGroup +action_result.data.\*.links.self | string | | +action_result.data.\*.objects.id | string | | +action_result.data.\*.objects.name | string | | +action_result.data.\*.objects.type | string | | Network +action_result.data.\*.metadata.domain.id | string | | +action_result.data.\*.metadata.domain.name | string | | +action_result.data.\*.metadata.domain.type | string | | +action_result.data.\*.metadata.domain.lastUser.name | string | | +action_result.data.\*.metadata.domain.timestamp | numeric | | +action_result.data.\*.metadata.domain.parentType | string | | +action_result.data.\*.metadata.overridable | boolean | | + +## action: 'get access control policies' +Gets all access control polcies in the FMC host for a particular domain + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.domain_name | string | | +action_result.data.\*.name | string | | new-policy +action_result.data.\*.policy_id | string | | 00000000-0000-0ed3-0000-012884902138 + +## action: 'create access control policy' +Create an access control policy + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**name** | required | Name of the network group | string | +**description** | optional | Description of the policy | string | +**action** | required | Type of action to take on matching traffic | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.name | string | | +action_result.parameter.description | string | | +action_result.parameter.action | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | new-policy +action_result.data.\*.type | string | | AccessPolicy +action_result.data.\*.links.self | string | | AccessPolicy +action_result.data.\*.rules.type | string | | AccessRule +action_result.data.\*.rules.links.self | string | | +action_result.data.\*.description | string | | + +## action: 'update access control policy' +Update an access control policy + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**policy_id** | required | Id of the policy to update | string | +**name** | optional | Name of the network group | string | +**description** | optional | Description of the policy | string | +**action** | optional | Type of action to take on matching traffic | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.policy_id | string | | +action_result.parameter.name | string | | +action_result.parameter.description | string | | +action_result.parameter.action | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | new-policy +action_result.data.\*.type | string | | AccessPolicy +action_result.data.\*.links.self | string | | AccessPolicy +action_result.data.\*.rules.type | string | | AccessRule +action_result.data.\*.rules.links.self | string | | +action_result.data.\*.description | string | | +action_result.data.\*.defaultAction.id | string | | +action_result.data.\*.defaultAction.type | string | | AccessPolicyDefaultAction +action_result.data.\*.defaultAction.action | string | | BLOCK + +## action: 'delete access control policies' +Deleted the specified access control policy + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**policy_id** | required | Id of the policy to delete | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.policy_id | string | | +action_result.parameter.name | string | | +action_result.parameter.description | string | | +action_result.parameter.action | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | new-policy +action_result.data.\*.type | string | | AccessPolicy +action_result.data.\*.links.self | string | | AccessPolicy +action_result.data.\*.rules.type | string | | AccessRule +action_result.data.\*.rules.links.self | string | | +action_result.data.\*.description | string | | +action_result.data.\*.defaultAction.id | string | | +action_result.data.\*.defaultAction.type | string | | AccessPolicyDefaultAction +action_result.data.\*.defaultAction.action | string | | BLOCK +action_result.data.\*.securityIntelligence.id | string | | +action_result.data.\*.securityIntelligence.type | string | | SecurityIntelligencePolicy +action_result.data.\*.securityIntelligence.links.self | string | | + +## action: 'get access control rules' +Gets all access control rules associated with a particular access control policy + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**policy_id** | required | Access control policy that the rule is apart of | string | +**rule_id** | optional | Id of the rules | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.policy_id | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | new-policy + +## action: 'create access control rule' +Creates an access control rule associated with a particular access control policy + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**policy_id** | required | Access control policy the rule will be apart of | string | +**name** | required | Name of the access control rule | string | +**action** | required | Type of action to take on matching traffic | string | +**enabled** | optional | Wether the rule is enabled | boolean | +**source_networks** | optional | Network groups or objects to determine what action to take against traffic based on where it originated from | string | +**destination_networks** | optional | Network groups or objects to determine what action to take against traffic based on its intended destination | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.policy_id | string | | +action_result.parameter.name | string | | +action_result.parameter.action | string | | BLOCK +action_result.parameter.enabled | boolean | | +action_result.parameter.source_networks | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 +action_result.parameter.destination_networks | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | AccessRule +action_result.data.\*.links.self | string | | +action_result.data.\*.action | string | | BLOCK +action_result.data.\*.logEnd | boolean | | +action_result.data.\*.enabled | boolean | | +action_result.data.\*.logBegin | boolean | | +action_result.data.\*.logFiles | boolean | | +action_result.data.\*.metadata.accessPolicy.id | string | | +action_result.data.\*.metadata.accessPolicy.name | string | | +action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy +action_result.data.\*.variableSet.id | string | | +action_result.data.\*.variableSet.name | string | | +action_result.data.\*.variableSet.type | string | | VariableSet +action_result.data.\*.sourceNetworks.objects.\*.id | string | | +action_result.data.\*.sourceNetworks.objects.\*.name | string | | +action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network +action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | +action_result.data.\*.sendEventsToFMC | boolean | | +action_result.data.\*.destinationNetworks.objects.\*.id | string | | +action_result.data.\*.destinationNetworks.objects.\*.name | string | | +action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network +action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | + +## action: 'update access control rule' +Updates an access control rule associated with a particular access control policy + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**rule_id** | required | Access control rule to update | string | +**policy_id** | required | Access control policy that the rule is apart of | string | +**name** | optional | Name of the access control rule | string | +**action** | optional | Type of action to take on matching traffic | string | +**enabled** | optional | Wether the rule is enabled | boolean | +**source_networks_to_add** | optional | Add these network groups or objects to the rules source networks | string | +**source_networks_to_remove** | optional | Remove these network groups or objects from the rules source networks | string | +**destination_networks_to_add** | optional | Add these network groups or objects to the rules destination networks | string | +**destination_networks_to_remove** | optional | Remove these network groups or objects from the rules destination networks | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.rule_id | string | | +action_result.parameter.policy_id | string | | +action_result.parameter.name | string | | +action_result.parameter.action | string | | BLOCK +action_result.parameter.enabled | boolean | | +action_result.parameter.source_networks_to_add | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 +action_result.parameter.source_networks_to_remove | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 +action_result.parameter.destination_networks_to_add | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 +action_result.parameter.destination_networks_to_remove | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | AccessRule +action_result.data.\*.links.self | string | | +action_result.data.\*.action | string | | BLOCK +action_result.data.\*.logEnd | boolean | | +action_result.data.\*.enabled | boolean | | +action_result.data.\*.logBegin | boolean | | +action_result.data.\*.logFiles | boolean | | +action_result.data.\*.metadata.domain.id | string | | +action_result.data.\*.metadata.domain.name | string | | Global +action_result.data.\*.metadata.domain.type | string | | Domain +action_result.data.\*.metadata.accessPolicy.id | string | | +action_result.data.\*.metadata.accessPolicy.name | string | | +action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy +action_result.data.\*.variableSet.id | string | | +action_result.data.\*.variableSet.name | string | | +action_result.data.\*.variableSet.type | string | | VariableSet +action_result.data.\*.sourceNetworks.objects.\*.id | string | | +action_result.data.\*.sourceNetworks.objects.\*.name | string | | +action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network +action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | +action_result.data.\*.sendEventsToFMC | boolean | | +action_result.data.\*.destinationNetworks.objects.\*.id | string | | +action_result.data.\*.destinationNetworks.objects.\*.name | string | | +action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network +action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | + +## action: 'delete access control rules' +Deletes access control rule associated with a particular access control policy + +Type: **generic** +Read only: **False** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**rule_id** | required | Access control rule to delete | string | +**policy_id** | required | Access control policy that the rule is apart of | string | **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | #### Action Output -No Output \ No newline at end of file +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.rule_id | string | | +action_result.parameter.policy_id | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | AccessRule +action_result.data.\*.links.self | string | | +action_result.data.\*.action | string | | BLOCK +action_result.data.\*.logEnd | boolean | | +action_result.data.\*.enabled | boolean | | +action_result.data.\*.logBegin | boolean | | +action_result.data.\*.logFiles | boolean | | +action_result.data.\*.metadata.domain.id | string | | +action_result.data.\*.metadata.domain.name | string | | Global +action_result.data.\*.metadata.domain.type | string | | Domain +action_result.data.\*.metadata.accessPolicy.id | string | | +action_result.data.\*.metadata.accessPolicy.name | string | | +action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy +action_result.data.\*.variableSet.id | string | | +action_result.data.\*.variableSet.name | string | | +action_result.data.\*.variableSet.type | string | | VariableSet +action_result.data.\*.sourceNetworks.objects.\*.id | string | | +action_result.data.\*.sourceNetworks.objects.\*.name | string | | +action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network +action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | +action_result.data.\*.sendEventsToFMC | boolean | | +action_result.data.\*.destinationNetworks.objects.\*.id | string | | +action_result.data.\*.destinationNetworks.objects.\*.name | string | | +action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network +action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | \ No newline at end of file From 728d2fbccb8abde01a5e2ac37c7e82e70d31a09c Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Tue, 14 Jan 2025 09:58:59 -0800 Subject: [PATCH 06/22] PAPP-35185: network and policy related actions for both cloud and on prem --- ciscosecurefirewall.json | 354 ++++++++++++++++++++++++++++- ciscosecurefirewall_connector.py | 372 ++++++++++++++++++++++++++----- ciscosecurefirewall_consts.py | 7 + 3 files changed, 663 insertions(+), 70 deletions(-) diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index 62aa021..5b4b284 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -3,22 +3,22 @@ "name": "Cisco Secure Firewall", "description": "This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules", "publisher": "Splunk", - "package_name": "phantom_cisco_securefirewall", + "package_name": "phantom_ciscosecurefirewall", "type": "firewall", "license": "Copyright (c) 2024 Splunk Inc.", "main_module": "ciscosecurefirewall_connector.py", "app_version": "1.0.0", "utctime_updated": "2024-12-04T23:13:40.000000Z", "product_vendor": "Cisco Systems", - "product_name": "Cisco Firepower", + "product_name": "Cisco Secure Firewall", "product_version_regex": ".*", - "min_phantom_version": "6.2.2", - "python_version": "3.9", + "min_phantom_version": "6.3.0", + "python_version": "3", "logo": "logo_cisco.svg", "logo_dark": "logo_cisco_dark.svg", "fips_compliant": true, "latest_tested_versions": [ - "Firepower Management Center 7.1.0" + "Firepower Management Center 7.6.0" ], "configuration": { "fmc_type": { @@ -307,13 +307,11 @@ "name": { "description": "Network object name", "data_type": "string", - "required": true, "order": 1 }, "type": { "description": "Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update.", "data_type": "string", - "required": true, "value_list": [ "Host", "Network", @@ -325,7 +323,6 @@ "value": { "description": "Value of the network object. If type is Range specify value in the following format: ip1-ip2", "data_type": "string", - "required": true, "order": 3 }, "domain_name": { @@ -334,7 +331,98 @@ "order": 4 } }, - "output": [], + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.object_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.parameter.value", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.links.parent", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.value", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.ipType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.lastUser.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.timestamp", + "data_type": "numeric" + }, + { + "data_path": "action_result.data.*.metadata.domain.parentType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.overridable", + "data_type": "boolean" + } + ], "versions": "EQ(*)" }, @@ -369,7 +457,31 @@ "order": 2 } }, - "output": [], + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.object_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.type", + "data_type": "string", + "example_values": [ + "Network" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + } + ], "versions": "EQ(*)" }, { @@ -1893,6 +2005,228 @@ } ], "versions": "EQ(*)" + }, + { + "action": "list devices", + "description": "Lists all devices belonging to a particular domain/tenant", + "type": "investigate", + "identifier": "list_devices", + "read_only": true, + "parameters": { + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 0 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + } + ], + "versions": "EQ(*)" + }, + { + "action": "get deployable devices", + "description": "List all devices with configuration chnges that are ready to be deployed", + "type": "investigate", + "identifier": "get_deployable_devices", + "read_only": true, + "parameters": { + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 0 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "SENSOR" + ] + } + ], + "versions": "EQ(*)" + }, + { + "action": "deploy devices", + "description": "Deploy devices that are ready to deploy", + "type": "generic", + "identifier": "deploy_devices", + "read_only": true, + "parameters": { + "devices": { + "description": "Device IDs of devices to deploy changes to. If left empty all devices with configuration changes will deploy", + "data_type": "string", + "order": 0 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 1 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.devices", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "DeploymentRequest" + ] + }, + { + "data_path": "action_result.data.*.version", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.task.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.task.links.self", + "data_type": "string", + "example_values": [ + "https://hostname/api/fmc_config/v1/domain/default/job/taskstatuses/77309722217" + ] + }, + { + "data_path": "action_result.data.*.deviceList.*", + "data_type": "string" + } + ], + "versions": "EQ(*)" + }, + { + "action": "get deployment status", + "description": "Get status of a deployment", + "type": "investigate", + "identifier": "get_deployment_status", + "read_only": true, + "parameters": { + "deployment_id": { + "description": "Id of the deployment", + "data_type": "string", + "order": 0, + "required": true + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 1 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.parameter.deployment_id", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string", + "example_values": [ + "DeploymentRequest" + ] + }, + { + "data_path": "action_result.data.*.task", + "data_type": "string", + "example_values": [ + "TaskStatus" + ] + }, + { + "data_path": "action_result.data.*.status", + "data_type": "string", + "example_values": [ + "Deploying", + "Deployed" + ] + }, + { + "data_path": "action_result.data.*.message", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.deviceList.*", + "data_type": "string" + } + ], + "versions": "EQ(*)" } ], "pip_dependencies": { diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 30ab57d..4cdb723 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -13,16 +13,24 @@ # either express or implied. See the License for the specific language governing permissions # and limitations under the License. +from typing import Any, Dict, Optional, Tuple + import encryption_helper import phantom.app as phantom import requests +from bs4 import BeautifulSoup import simplejson as json from phantom.action_result import ActionResult from phantom.base_connector import BaseConnector -from typing import Dict, Any, Tuple, Optional + from ciscosecurefirewall_consts import * +class RetVal(tuple): + def __new__(cls, val1, val2=None): + return tuple.__new__(RetVal, (val1, val2)) + + class FP_Connector(BaseConnector): def __init__(self): @@ -38,7 +46,7 @@ def __init__(self): self.headers = HEADERS self.verify = False self.default_firepower_domain = None - self.generate_new_token = False + self.refresh_count = 0 def _reset_state_file(self): """ @@ -72,12 +80,15 @@ def initialize(self): self.fmc_type = config["fmc_type"] if self.is_cloud_deployment(): - ret_val = self.authenicate_cloud_fmc(config, action_result) + ret_val = self.authenicate_cloud_fmc(config) else: + self.asset_id = self.get_asset_id() try: if TOKEN_KEY in self._state: self.debug_print("Decrypting the token") - self._state[TOKEN_KEY] = encryption_helper.decrypt(self._state[TOKEN_KEY], self.get_asset_id()) + self._state[TOKEN_KEY] = encryption_helper.decrypt(self._state[TOKEN_KEY], self.asset_id) + if "domains" in self._state: + self.domains = self._state["domains"] except Exception as e: self.debug_print("Error occurred while decrypting the token: {}".format(str(e))) self._reset_state_file() @@ -87,8 +98,10 @@ def initialize(self): self.password = config["password"] self.default_firepower_domain = config.get("domain_name") self.verify = config.get("verify_server_cert", False) + self.refresh_token = self._state.get(REFRESH_COUNT, 0) ret_val = self._get_token(action_result) + self.debug_print(f"the state file is {self._state}") if phantom.is_fail(ret_val): return self.get_status() @@ -123,7 +136,10 @@ def _update_state(self): This method updates the state with the new values. """ self._state[TOKEN_KEY] = self.token + self._state[REFRESH_TOKEN_KEY] = self.refresh_token + self._state[REFRESH_COUNT] = self.refresh_count self._state[DOMAINS] = self.domains + self.save_state(self._state) def authenicate_cloud_fmc(self, config): """ @@ -144,18 +160,35 @@ def _get_token(self, action_result): self.token = self._state.get(TOKEN_KEY) if self.token: - self.headers.update({"X-auth-access-token": self.token}) + self.headers[TOKEN_KEY] = self.token return phantom.APP_SUCCESS + # Use refresh token + if REFRESH_TOKEN_KEY in self._state and self.refresh_count < 3: + self.refresh_count += 1 + self.headers[REFRESH_TOKEN_KEY] = self._state[REFRESH_TOKEN_KEY] + self.headers[TOKEN_KEY] = self._state[TOKEN_KEY] + ret_val, headers = self._api_run("post", REFRESH_ENDPOINT, action_result, headers_only=True, first_try=False) + if not phantom.is_fail(ret_val): + self.token = headers.get(TOKEN_KEY) + self.headers[TOKEN_KEY] = self.token + self.headers.pop(REFRESH_TOKEN_KEY) + self._update_state() + return phantom.APP_SUCCESS + # Generate a new token self.debug_print("Fetching a new token") - self.generate_new_token = True - ret_val, headers = self._api_run("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=False) + self.headers.pop(REFRESH_TOKEN_KEY, None) + auth = requests.auth.HTTPBasicAuth(self.username, self.password) + ret_val, headers = self._api_run("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=True, auth=auth) if phantom.is_fail(ret_val): + self.debug_print(f"Error {ret_val} while generating token with response {headers}") self._reset_state_file() return action_result.get_status() - self.token = headers.get("X-auth-access-token") + self.token = headers.get(TOKEN_KEY) + self.refresh_token = headers.get(REFRESH_TOKEN_KEY) + self.refresh_count = 0 try: self.domains = json.loads(headers.get("DOMAINS")) @@ -167,30 +200,103 @@ def _get_token(self, action_result): return phantom.APP_SUCCESS - def _api_run(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None): + def _process_empty_response(self, response, action_result): + if response.status_code == 200: + return RetVal(phantom.APP_SUCCESS, {}) + + return RetVal( + action_result.set_status(phantom.APP_ERROR, "Empty response and no information in the header"), + None, + ) + + def _process_html_response(self, response, action_result): + # An html response, treat it like an error + status_code = response.status_code + + try: + soup = BeautifulSoup(response.text, "html.parser") + error_text = soup.text + split_lines = error_text.split("\n") + split_lines = [x.strip() for x in split_lines if x.strip()] + error_text = "\n".join(split_lines) + except: + error_text = "Cannot parse error details" + + message = "Status Code: {0}. Data from server:\n{1}\n".format(status_code, error_text) + + message = message.replace("{", "{{").replace("}", "}}") + return RetVal(action_result.set_status(phantom.APP_ERROR, message), None) + + def _process_json_response(self, r, action_result): + # Try a json parse + try: + resp_json = r.json() + except Exception as e: + return RetVal( + action_result.set_status( + phantom.APP_ERROR, + "Unable to parse JSON response. Error: {0}".format(str(e)), + ), + None, + ) + + # Please specify the status codes here + if 200 <= r.status_code < 399: + return RetVal(phantom.APP_SUCCESS, resp_json) + + # You should process the error returned in the json + message = "Error from server. Status Code: {0} Data from server: {1}".format(r.status_code, r.text.replace("{", "{{").replace("}", "}}")) + + return RetVal(action_result.set_status(phantom.APP_ERROR, message), None) + + def _process_response(self, r, action_result): + + # store the r_text in debug data, it will get dumped in the logs if the action fails + if hasattr(action_result, "add_debug_data"): + action_result.add_debug_data({"r_status_code": r.status_code}) + action_result.add_debug_data({"r_text": r.text}) + action_result.add_debug_data({"r_headers": r.headers}) + + # Process each 'Content-Type' of response separately + + # Process a json response + if "json" in r.headers.get("Content-Type", ""): + return self._process_json_response(r, action_result) + + # Process an HTML response, Do this no matter what the api talks. + # There is a high chance of a PROXY in between phantom and the rest of + # world, in case of errors, PROXY's return HTML, this function parses + # the error and adds it to the action_result. + if "html" in r.headers.get("Content-Type", ""): + return self._process_html_response(r, action_result) + + # it's not content-type that is to be parsed, handle an empty response + if not r.text: + return self._process_empty_response(r, action_result) + + # everything else is actually an error at this point + msg = "Can't process response from server. Status Code: {0} Data from server: {1}".format( + r.status_code, r.text.replace("{", "{{").replace("}", "}}") + ) + + return RetVal(action_result.set_status(phantom.APP_ERROR, msg), None) + + def _api_run(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): """ This method makes a REST call to the API """ request_method = getattr(requests, method) - self.debug_print(f"host is {self.firepower_host} and resource is {resource}") url = "https://{0}{1}".format(self.firepower_host, resource) if json_body: self.headers.update({"Content-type": "application/json"}) - auth = None - if self.generate_new_token: - auth = requests.auth.HTTPBasicAuth(self.username, self.password) - self.generate_new_token = False - try: result = request_method( url, auth=auth, headers=self.headers, json=json_body, verify=self.verify, params=params, timeout=DEFAULT_REQUEST_TIMEOUT ) except Exception as e: - self.debug_print(f"problem here {e}") return action_result.set_status(phantom.APP_ERROR, "Error connecting to server. {}".format(str(e))), None - self.debug_print(f"status code is {result.status_code}") if not (200 <= result.status_code < 399): if result.status_code == 401 and first_try: self._reset_state_file() @@ -199,30 +305,18 @@ def _api_run(self, method, resource, action_result, json_body=None, headers_only if phantom.is_fail(ret_val): return action_result.get_status(), None + self.debug_print(f"Running url that failed because of token error {resource}") return self._api_run(method, resource, action_result, json_body, headers_only, first_try=False) message = "Error from server. Status Code: {0} Data from server: {1}".format( result.status_code, result.text.replace("{", "{{").replace("}", "}}") ) - return action_result.set_status(phantom.APP_ERROR, message), None if headers_only: return phantom.APP_SUCCESS, result.headers - resp_json = None - try: - resp_json = result.json() - except Exception as e: - return action_result.set_status(phantom.APP_ERROR, "Unable to parse JSON response. {0}".format(str(e))), None - - if not resp_json: - return ( - action_result.set_status(phantom.APP_ERROR, f"Status code: {result.status_code}. Received empty response from the server"), - None, - ) - - return phantom.APP_SUCCESS, resp_json + return self._process_response(result, action_result) def is_cloud_deployment(self): return self.fmc_type == "Cloud" @@ -299,7 +393,7 @@ def _handle_list_network_objects(self, param: Dict[str, Any]) -> bool: if phantom.is_fail(ret_val): return action_result.get_status() - action_result.update_summary({'total_objects_returned': len(action_result.get_data())}) + action_result.update_summary({"total_objects_returned": len(action_result.get_data())}) return action_result.set_status(phantom.APP_SUCCESS) @@ -323,7 +417,6 @@ def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: if phantom.is_fail(ret_val): return action_result.get_status() - self.debug_print(f"the response type is {type(response)}") action_result.add_data(response) summary = action_result.update_summary({}) summary["Message"] = f"Successfully created network object with name {name}" @@ -334,11 +427,16 @@ def _handle_update_network_object(self, param: Dict[str, Any]) -> bool: action_result = self.add_action_result(ActionResult(dict(param))) object_id = param["object_id"] - name = param["name"] - object_type = param["type"] - payload = {"id": object_id, "name": name, "type": object_type, "value": param["value"]} - domain_uuid = self.get_domain_id(param.get("domain_name")) + ret_val, curent_object = self.get_network_object(domain_uuid, object_id) + if phantom.is_fail(ret_val): + return action_result.get_status() + + name = param.get("name") or curent_object["name"] + object_type = param.get("type") or curent_object["type"] + value = param.get("value") or curent_object["value"] + payload = {"id": object_id, "name": name, "type": object_type, "value": value} + url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) ret_val, response = self._api_run("put", url, action_result, json_body=payload) @@ -360,7 +458,6 @@ def _handle_delete_network_object(self, param: Dict[str, Any]) -> bool: url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) ret_val, response = self._api_run("delete", url, action_result) - self.debug_print("response is", response) if phantom.is_fail(ret_val): return action_result.get_status() @@ -376,7 +473,8 @@ def get_domain_id(self, domain_name: str) -> str: return "default" for domain in self.domains: - if domain_name.lower() == domain["name"].lower(): + leaf_domain = domain["name"].lower().split('/')[-1] + if domain_name.lower() == leaf_domain: return domain["uuid"] def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: @@ -392,13 +490,12 @@ def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: offset = 0 limit = 50 - params = {"limit": limit} + params = {"limit": limit, "expanded": True} while True: params["offset"] = offset ret_val, response = self._api_run("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() - self.debug_print(f"the response is {response}") try: network_group_list = response.get("items", []) @@ -416,7 +513,7 @@ def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: else: break - action_result.update_summary({'total_groups_returned': len(action_result.get_data())}) + action_result.update_summary({"total_groups_returned": len(action_result.get_data())}) return action_result.set_status(phantom.APP_SUCCESS) @@ -427,7 +524,7 @@ def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: group_name = param["name"] object_ids = param["network_object_ids"] - objects = [{"id": item.strip()} for item in object_ids.split(',') if item.strip()] + objects = [{"id": item.strip()} for item in object_ids.split(",") if item.strip()] payload = {"name": group_name, "type": "NetworkGroup", "objects": objects} domain_uuid = self.get_domain_id(param.get("domain_name")) @@ -464,10 +561,10 @@ def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: current_network_objects = {obj["id"] for obj in resp.get("objects", [])} network_objects_to_add = param.get("network_object_ids_to_add", "") - current_network_objects.update({item.strip() for item in network_objects_to_add.split(',') if item.strip()}) + current_network_objects.update({item.strip() for item in network_objects_to_add.split(",") if item.strip()}) network_objects_to_remove = param.get("network_object_ids_to_remove", "") - current_network_objects.difference_update({item.strip() for item in network_objects_to_remove.split(',') if item.strip()}) + current_network_objects.difference_update({item.strip() for item in network_objects_to_remove.split(",") if item.strip()}) objects = [{"id": object_id} for object_id in current_network_objects] resp["objects"] = objects @@ -515,7 +612,6 @@ def _handle_get_access_policies(self, param): ret_val, response = self._api_run("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() - self.debug_print(f"the response is {response}") try: policies = response.get("items", []) @@ -532,7 +628,7 @@ def _handle_get_access_policies(self, param): else: break - action_result.update_summary({'total_policies_returned': len(action_result.get_data())}) + action_result.update_summary({"total_policies_returned": len(action_result.get_data())}) return action_result.set_status(phantom.APP_SUCCESS) @@ -575,7 +671,11 @@ def _handle_update_access_policy(self, param): cur_action = policy_data["defaultAction"] payload = { - "id": policy_data["id"], "name": policy_data["name"], "type": "AccessPolicy", "defaultAction": cur_action, "description": policy_data.get("description", "") + "id": policy_data["id"], + "name": policy_data["name"], + "type": "AccessPolicy", + "defaultAction": cur_action, + "description": policy_data.get("description", ""), } if param.get("name"): @@ -644,7 +744,6 @@ def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: ret_val, response = self._api_run("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() - self.debug_print(f"the response is {response}") try: rules = response.get("items", []) @@ -661,7 +760,7 @@ def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: else: break - action_result.update_summary({'total_rules_returned': len(action_result.get_data())}) + action_result.update_summary({"total_rules_returned": len(action_result.get_data())}) return action_result.set_status(phantom.APP_SUCCESS) @@ -689,10 +788,16 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: policy_id = param["policy_id"] name = param["name"] - rule_payload = {"name": name, "action": param["action"], "enabled": param["enabled"], "sourceNetworks": {"objects": []}, "destinationNetworks": {"objects": []}} + rule_payload = { + "name": name, + "action": param["action"], + "enabled": param.get("enabled", False), + "sourceNetworks": {"objects": []}, + "destinationNetworks": {"objects": []}, + } source_networks = param.get("source_networks", "") - source_networks = [network.strip() for network in source_networks.split(',') if network.strip()] + source_networks = [network.strip() for network in source_networks.split(",") if network.strip()] ret_val, source_networks_objects = self.build_network_objects_list(source_networks, domain_uuid) if phantom.is_fail(ret_val): @@ -700,7 +805,7 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: rule_payload["sourceNetworks"]["objects"] = source_networks_objects destination_networks = param.get("destination_networks", "") - destination_networks = [network.strip() for network in destination_networks.split(',') if network.strip()] + destination_networks = [network.strip() for network in destination_networks.split(",") if network.strip()] ret_val, destination_networks_objects = self.build_network_objects_list(destination_networks, domain_uuid) if phantom.is_fail(ret_val): return ret_val @@ -730,11 +835,16 @@ def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: policy_id = param["policy_id"] ret_val, rule_data = self.get_access_control_rule(domain_uuid, policy_id, rule_id) - self.debug_print(f"rule response is {rule_data}") if phantom.is_fail(ret_val): return self.get_status() - rule_payload = {"id": rule_data["id"], "name": rule_data["name"], "action": rule_data["action"], "type": rule_data["type"], "enabled": rule_data["enabled"]} + rule_payload = { + "id": rule_data["id"], + "name": rule_data["name"], + "action": rule_data["action"], + "type": rule_data["type"], + "enabled": rule_data["enabled"], + } if param.get("name"): rule_payload["name"] = param["name"] @@ -747,30 +857,32 @@ def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: current_source_networks = rule_data.get("destinationNetworks", {}).get("objects", []) source_networks = param.get("source_networks_to_add", "") - source_networks = [network.strip() for network in source_networks.split(',') if network.strip()] + source_networks = [network.strip() for network in source_networks.split(",") if network.strip()] ret_val, source_networks_objects = self.build_network_objects_list(source_networks, domain_uuid) if phantom.is_fail(ret_val): return ret_val current_source_networks.extend(source_networks_objects) current_source_networks_dic = {network["id"]: network for network in current_source_networks} source_networks_to_remove = param.get("source_networks_to_remove", "") - source_networks_to_remove = [network.strip() for network in source_networks_to_remove.split(',') if network.strip()] + source_networks_to_remove = [network.strip() for network in source_networks_to_remove.split(",") if network.strip()] filtered_source_networks = [value for key, value in current_source_networks_dic.items() if key not in source_networks_to_remove] rule_payload["sourceNetworks"] = {"objects": filtered_source_networks} current_destination_networks = rule_data.get("destinationNetworks", {}).get("objects", []) destination_networks = param.get("destination_networks_to_add", "") - destination_networks = [network.strip() for network in destination_networks.split(',') if network.strip()] + destination_networks = [network.strip() for network in destination_networks.split(",") if network.strip()] ret_val, destination_networks_objects = self.build_network_objects_list(destination_networks, domain_uuid) if phantom.is_fail(ret_val): return ret_val current_destination_networks.extend(destination_networks_objects) current_destination_networks_dic = {network["id"]: network for network in current_destination_networks} destination_networks_to_remove = param.get("destination_networks_to_remove", "") - destination_networks_to_remove = [network.strip() for network in destination_networks_to_remove.split(',') if network.strip()] + destination_networks_to_remove = [network.strip() for network in destination_networks_to_remove.split(",") if network.strip()] - filtered_destination_networks = [value for key, value in current_destination_networks_dic.items() if key not in destination_networks_to_remove] + filtered_destination_networks = [ + value for key, value in current_destination_networks_dic.items() if key not in destination_networks_to_remove + ] rule_payload["destinationNetworks"] = {"objects": filtered_destination_networks} url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id, rule_id=rule_id) @@ -803,6 +915,138 @@ def _handle_delete_access_rule(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully delete access control rule with id {rule_id}" return action_result.set_status(phantom.APP_SUCCESS) + def _handle_list_devices(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + url = DEVICES_ENDPOINT.format(domain_id=domain_uuid) + + offset = 0 + limit = 50 + params = {"limit": limit} + while True: + params["offset"] = offset + ret_val, response = self._api_run("get", url, action_result, params=params) + if phantom.is_fail(ret_val): + return action_result.get_status() + + try: + devices = response.get("items", []) + for device in devices: + action_result.add_data(device) + + except Exception as e: + message = "An error occurred while getting devices" + self.debug_print(f"{message}. {str(e)}") + return action_result.set_status(phantom.APP_ERROR, message) + + if "paging" in response and "next" in response["paging"]: + offset += limit + else: + break + + action_result.update_summary({"total_deices_returned": len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def get_deployable_devices(self, domain_id: str) -> Tuple[bool, Any]: + url = GET_DEPLOYABLE_DEVICES_ENDPOINT.format(domain_id=domain_id, isExpand=True) + deployable_devices = [] + offset = 0 + limit = 50 + params = {"limit": limit, "expanded": True} + while True: + params["offset"] = offset + ret_val, response = self._api_run("get", url, self, params=params) + if phantom.is_fail(ret_val): + return phantom.APP_ERROR, [] + + try: + devices = response.get("items", []) + for item in devices: + deployable_devices.append({"name": item["device"]["name"], "id": item["device"]["id"], "type": item["device"]["type"]}) + except Exception as e: + message = "An error occurred while processing access rules" + self.debug_print(f"{message}. {str(e)}") + return phantom.APP_ERROR, [] + + if "paging" in response and "next" in response["paging"]: + offset += limit + else: + break + + return phantom.APP_SUCCESS, deployable_devices + + def _handle_get_deployable_devices(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + ret_val, devices = self.get_deployable_devices(domain_uuid) + + if phantom.is_fail(ret_val): + return action_result.set_status(phantom.APP_ERROR, "Unable to get deployable devices") + + for device in devices: + action_result.add_data(device) + + action_result.update_summary({"total_deployable_deices_returned": len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_deploy_devices(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + devices_to_deploy = [device.strip() for device in param.get("devices", "").split(",") if device.strip()] + if not devices_to_deploy: + ret_val, devices = self.get_deployable_devices(domain_uuid) + if phantom.is_fail(ret_val): + return action_result.set_status(phantom.APP_ERROR, "Unable to get deployable devices") + for device in devices: + devices_to_deploy.append(device["id"]) + + if not devices_to_deploy: + summary = action_result.update_summary({}) + summary["Message"] = "No devices to deploy" + return action_result.set_status(phantom.APP_SUCCESS) + + url = DEPLOY_DEVICES_ENDPOINT.format(domain_id=domain_uuid) + body = {"type": "DeploymentRequest", "version": "0", "forceDeploy": True, "ignoreWarning": True, "deviceList": devices_to_deploy} + + ret_val, response = self._api_run("post", url, action_result, body) + + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = "Successfully deployed devices" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + + deployment_id = param["deployment_id"] + + url = DEPLOYMENT_STATUS_ENDPOINT.format(domain_id=domain_uuid, task_id=deployment_id) + ret_val, response = self._api_run("get", url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully retrieved status for deployment {deployment_id}" + return action_result.set_status(phantom.APP_SUCCESS) + def handle_action(self, param): ret_val = phantom.APP_SUCCESS @@ -846,6 +1090,14 @@ def handle_action(self, param): ret_val = self._handle_update_access_rule(param) elif action_id == "delete_access_rule": ret_val = self._handle_delete_access_rule(param) + elif action_id == "list_devices": + ret_val = self._handle_list_devices(param) + elif action_id == "get_deployable_devices": + ret_val = self._handle_get_deployable_devices(param) + elif action_id == "deploy_devices": + ret_val = self._handle_deploy_devices(param) + elif action_id == "get_deployment_status": + ret_val = self._handle_get_deployment_status(param) return ret_val diff --git a/ciscosecurefirewall_consts.py b/ciscosecurefirewall_consts.py index a35ac6c..664667c 100644 --- a/ciscosecurefirewall_consts.py +++ b/ciscosecurefirewall_consts.py @@ -14,10 +14,13 @@ # and limitations under the License. TOKEN_ENDPOINT = "/api/fmc_platform/v1/auth/generatetoken" +REFRESH_ENDPOINT = "/api/fmc_platform/v1/auth/refreshtoken" HEADERS = {"Accept": "application/json"} STATE_FILE_CORRUPT_ERR = "Error occurred while loading the state file due to its unexpected format" DEFAULT_REQUEST_TIMEOUT = 30 # in seconds TOKEN_KEY = "X-auth-access-token" +REFRESH_TOKEN_KEY = "X-auth-refresh-token" +REFRESH_COUNT = "REFRESH_COUNT" DOMAINS = "domains" GET_HOSTS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/hosts" ENCRYPTION_ERR = "Error occurred while encrypting the state file" @@ -29,6 +32,10 @@ ACCESS_POLICY_ID_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{policy_id}" ACCESS_RULES_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{policy_id}/accessrules" ACCESS_RULES_ID_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{policy_id}/accessrules/{rule_id}" +DEVICES_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/devices/devicerecords" +GET_DEPLOYABLE_DEVICES_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/deployment/deployabledevices" +DEPLOY_DEVICES_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/deployment/deploymentrequests" +DEPLOYMENT_STATUS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/job/taskstatuses/{task_id}" # OBJECT_TYPES = ["Network", "Host", "Range", "FQDN"] OBJECT_TYPES = ["Network", "Host", "Range"] CLOUD_HOST = "edge.{region}.cdo.cisco.com/api/rest/v1/cdfmc" From 91b94376d17b03acb901289a181d485fca7b73a8 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 24 Jan 2025 01:13:07 +0000 Subject: [PATCH 07/22] Update README.md --- README.md | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 128 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 051b401..f22c9dd 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ Publisher: Splunk Connector Version: 1.0.0 Product Vendor: Cisco Systems -Product Name: Cisco Firepower +Product Name: Cisco Secure Firewall Product Version Supported (regex): ".\*" -Minimum Product Version: 6.2.2 +Minimum Product Version: 6.3.0 This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules ### Configuration variables -This table lists the configuration variables required to operate Cisco Secure Firewall. These variables are specified when configuring a Cisco Firepower asset in Splunk SOAR. +This table lists the configuration variables required to operate Cisco Secure Firewall. These variables are specified when configuring a Cisco Secure Firewall asset in Splunk SOAR. VARIABLE | REQUIRED | TYPE | DESCRIPTION -------- | -------- | ---- | ----------- @@ -42,6 +42,10 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION [create access control rule](#action-create-access-control-rule) - Creates an access control rule associated with a particular access control policy [update access control rule](#action-update-access-control-rule) - Updates an access control rule associated with a particular access control policy [delete access control rules](#action-delete-access-control-rules) - Deletes access control rule associated with a particular access control policy +[list devices](#action-list-devices) - Lists all devices belonging to a particular domain/tenant +[get deployable devices](#action-get-deployable-devices) - List all devices with configuration chnges that are ready to be deployed +[deploy devices](#action-deploy-devices) - Deploy devices that are ready to deploy +[get deployment status](#action-get-deployment-status) - Get status of a deployment ## action: 'test connectivity' Validate the asset configuration for connectivity @@ -128,13 +132,34 @@ Read only: **False** PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- **object_id** | required | Network object id | string | -**name** | required | Network object name | string | -**type** | required | Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update. | string | -**value** | required | Value of the network object. If type is Range specify value in the following format: ip1-ip2 | string | +**name** | optional | Network object name | string | +**type** | optional | Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update. | string | +**value** | optional | Value of the network object. If type is Range specify value in the following format: ip1-ip2 | string | **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | #### Action Output -No Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.object_id | string | | +action_result.parameter.name | string | | +action_result.parameter.type | string | | Network +action_result.parameter.value | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | Network +action_result.data.\*.links.self | string | | +action_result.data.\*.links.parent | string | | +action_result.data.\*.value | string | | +action_result.data.\*.metadata.domain.id | string | | +action_result.data.\*.metadata.domain.name | string | | +action_result.data.\*.metadata.domain.type | string | | +action_result.data.\*.metadata.ipType | string | | +action_result.data.\*.metadata.domain.lastUser.name | string | | +action_result.data.\*.metadata.domain.timestamp | numeric | | +action_result.data.\*.metadata.domain.parentType | string | | +action_result.data.\*.metadata.overridable | boolean | | ## action: 'delete network object' Deletes a network object in FMC @@ -150,7 +175,12 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | #### Action Output -No Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.object_id | string | | +action_result.parameter.type | string | | Network +action_result.parameter.domain_name | string | | ## action: 'get network group objects' Gets all network group objects in FMC host or a specfic network group @@ -582,4 +612,93 @@ action_result.data.\*.sendEventsToFMC | boolean | | action_result.data.\*.destinationNetworks.objects.\*.id | string | | action_result.data.\*.destinationNetworks.objects.\*.name | string | | action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network -action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | \ No newline at end of file +action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | + +## action: 'list devices' +Lists all devices belonging to a particular domain/tenant + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | +action_result.data.\*.links.self | string | | + +## action: 'get deployable devices' +List all devices with configuration chnges that are ready to be deployed + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | +action_result.data.\*.name | string | | +action_result.data.\*.type | string | | SENSOR + +## action: 'deploy devices' +Deploy devices that are ready to deploy + +Type: **generic** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**devices** | optional | Device IDs of devices to deploy changes to. If left empty all devices with configuration changes will deploy | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.devices | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.type | string | | DeploymentRequest +action_result.data.\*.version | string | | +action_result.data.\*.metadata.task.id | string | | +action_result.data.\*.metadata.task.links.self | string | | https://hostname/api/fmc_config/v1/domain/default/job/taskstatuses/77309722217 +action_result.data.\*.deviceList.\* | string | | + +## action: 'get deployment status' +Get status of a deployment + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**deployment_id** | required | Id of the deployment | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.deployment_id | string | | +action_result.parameter.domain_name | string | | +action_result.data.\*.id | string | | DeploymentRequest +action_result.data.\*.task | string | | TaskStatus +action_result.data.\*.status | string | | Deploying Deployed +action_result.data.\*.message | string | | +action_result.data.\*.deviceList.\* | string | | \ No newline at end of file From 776a97082a28e63681748fc23f18eadbaff7b7e6 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Mon, 27 Jan 2025 14:10:30 -0800 Subject: [PATCH 08/22] PAPP-35185: fixed to cloud fmc access --- ciscosecurefirewall.json | 640 +++++++++++++++++++++++++++---- ciscosecurefirewall_connector.py | 73 ++-- 2 files changed, 602 insertions(+), 111 deletions(-) diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index 5b4b284..7866f81 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -1,11 +1,11 @@ { "appid": "21834fdf-826d-4595-a036-d7b8841ab798", "name": "Cisco Secure Firewall", - "description": "This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules", + "description": "This app interfaces with Cisco Firepower devices to adds, updates and deletes network objects, network object groups, access policies and access rules", "publisher": "Splunk", "package_name": "phantom_ciscosecurefirewall", "type": "firewall", - "license": "Copyright (c) 2024 Splunk Inc.", + "license": "Copyright (c) 2025 Splunk Inc.", "main_module": "ciscosecurefirewall_connector.py", "app_version": "1.0.0", "utctime_updated": "2024-12-04T23:13:40.000000Z", @@ -39,27 +39,27 @@ "verify_server_cert": { "description": "Verify server certificate", "data_type": "boolean", - "order": 1 + "order": 2 }, "username": { "description": "User with access to the on-prem FMC node", "data_type": "string", - "order": 2 + "order": 3 }, "password": { "description": "Password for the on-prem FMC node", "data_type": "password", - "order": 3 + "order": 4 }, "domain_name": { "description": "Default firepower domain", "data_type": "string", - "order": 4 + "order": 5 }, - "cloud_api_key": { + "api_key": { "description": "Api key for cloud delivered FMC", - "data_type": "string", - "order": 5 + "data_type": "password", + "order": 6 }, "region": { "description": "Region your Cisco Security Cloud Control is deployed in", @@ -71,7 +71,7 @@ "AUS", "IN" ], - "order": 6 + "order": 7 } }, "actions": [ @@ -90,7 +90,7 @@ "description": "List network object in FMC", "type": "investigate", "read_only": true, - "identifier": "list_network_ojects", + "identifier": "list_network_objects", "parameters":{ "name": { "description": "Network object name to filter results by", @@ -123,6 +123,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.name", "data_type": "string" @@ -140,18 +152,24 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_order": 0, + "column_name": "Object Id" }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Object Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", "data_type": "string", "example_values": [ "Network" - ] + ], + "column_name": "Object Type", + "column_order": 2 }, { "data_path": "action_result.data.*.links.self", @@ -162,6 +180,10 @@ "data_type": "string" } ], + "render": { + "title": "Network Objects", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -210,6 +232,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.name", "data_type": "string" @@ -231,18 +265,24 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_order": 0, + "column_name": "Object Id" }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Object Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", "data_type": "string", "example_values": [ "Network" - ] + ], + "column_name": "Object Type", + "column_order": 2 }, { "data_path": "action_result.data.*.links.self", @@ -254,7 +294,9 @@ }, { "data_path": "action_result.data.*.value", - "data_type": "string" + "data_type": "string", + "column_name": "Object Value", + "column_order": 3 }, { "data_path": "action_result.data.*.metadata.domain.id", @@ -289,6 +331,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Create Network Object", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -340,6 +386,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.object_id", "data_type": "string" @@ -365,18 +423,24 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Object Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Object Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", "data_type": "string", "example_values": [ "Network" - ] + ], + "column_name": "Object Type", + "column_order": 2 }, { "data_path": "action_result.data.*.links.self", @@ -388,7 +452,9 @@ }, { "data_path": "action_result.data.*.value", - "data_type": "string" + "data_type": "string", + "column_name": "Object Value", + "column_order": 3 }, { "data_path": "action_result.data.*.metadata.domain.id", @@ -423,6 +489,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Update Network Object", + "type": "table" + }, "versions": "EQ(*)" }, @@ -466,6 +536,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.object_id", "data_type": "string" @@ -480,8 +562,79 @@ { "data_path": "action_result.parameter.domain_name", "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string", + "column_name": "Object Id", + "column_order": 0 + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "column_name": "Object Name", + "column_order": 1 + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "Network" + ], + "column_name": "Object Type", + "column_order": 2 + }, + { + "data_path": "action_result.data.*.links.self", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.links.parent", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.value", + "data_type": "string", + "column_name": "Object Value", + "column_order": 3 + }, + { + "data_path": "action_result.data.*.metadata.domain.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.type", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.ipType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.lastUser.name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.domain.timestamp", + "data_type": "numeric" + }, + { + "data_path": "action_result.data.*.metadata.domain.parentType", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.metadata.overridable", + "data_type": "boolean" } ], + "render": { + "title": "Delete Network Object", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -511,6 +664,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.group_name", "data_type": "string" @@ -521,13 +686,21 @@ }, { "data_path": "action_result.data.*.uuid", - "data_type": "string" + "data_type": "string", + "column_name": "Group Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Group Name", + "column_order": 1 } ], + "render": { + "title": "Network Groups", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -549,13 +722,18 @@ "example_values": [ "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" ], - "required": true, "order": 1 }, + "overridable": { + "data_type": "boolean", + "description": "Changes to this won't affect parent policies or configurations", + "order": 2, + "default": false + }, "domain_name": { "description": "Firepower Domain. If none is specified the default domain will be queried", "data_type": "string", - "order": 2 + "order": 3 } }, "output": [ @@ -567,6 +745,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.name", "data_type": "string" @@ -584,11 +774,15 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Group Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Group Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -645,6 +839,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Create Network Group", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -696,6 +894,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.network_group_id", "data_type": "string" @@ -724,11 +934,15 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Group Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Group Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -785,6 +999,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Update Network Group", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -815,6 +1033,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.network_group_id", "data_type": "string" @@ -825,11 +1055,15 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Group Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Group Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -886,6 +1120,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Delete Network Group", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -910,6 +1148,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.domain_name", "data_type": "string" @@ -919,16 +1169,24 @@ "data_type": "string", "example_values": [ "new-policy" - ] + ], + "column_name": "Policy Name", + "column_order": 0 }, { "data_path": "action_result.data.*.policy_id", "data_type": "string", "example_values": [ "00000000-0000-0ed3-0000-012884902138" - ] + ], + "column_name": "Policy Id", + "column_order": 1 } ], + "render": { + "title": "Access Control Policies", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -955,9 +1213,7 @@ "required": true, "value_list": [ "ALLOW", - "BLOCK", - "TRUST", - "MONITOR" + "TRUST" ], "order": 2 }, @@ -976,6 +1232,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.name", "data_type": "string" @@ -994,14 +1262,18 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_order": 0, + "column_name": "Policy Id" }, { "data_path": "action_result.data.*.name", "data_type": "string", "example_values": [ "new-policy" - ] + ], + "column_name": "Policy Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -1033,6 +1305,10 @@ "data_type": "string" } ], + "render": { + "title": "Create Access Control Policies", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -1084,6 +1360,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.policy_id", "data_type": "string" @@ -1106,14 +1394,18 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Policy Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", "data_type": "string", "example_values": [ "new-policy" - ] + ], + "column_name": "Policy Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -1160,9 +1452,15 @@ "data_type": "string", "example_values": [ "BLOCK" - ] + ], + "column_name": "Policy Action", + "column_order": 2 } ], + "render": { + "title": "Update Access Control Policies", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -1194,19 +1492,19 @@ ] }, { - "data_path": "action_result.parameter.policy_id", + "data_path": "action_result.message", "data_type": "string" }, { - "data_path": "action_result.parameter.name", - "data_type": "string" + "data_path": "summary.total_objects", + "data_type": "numeric" }, { - "data_path": "action_result.parameter.description", - "data_type": "string" + "data_path": "summary.total_objects_successful", + "data_type": "numeric" }, { - "data_path": "action_result.parameter.action", + "data_path": "action_result.parameter.policy_id", "data_type": "string" }, { @@ -1215,14 +1513,18 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Policy Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", "data_type": "string", "example_values": [ "new-policy" - ] + ], + "column_name": "Policy Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -1251,7 +1553,9 @@ }, { "data_path": "action_result.data.*.description", - "data_type": "string" + "data_type": "string", + "column_name": "Policy Description", + "column_order": 2 }, { "data_path": "action_result.data.*.defaultAction.id", @@ -1269,7 +1573,9 @@ "data_type": "string", "example_values": [ "BLOCK" - ] + ], + "column_name": "Policy Action", + "column_order": 3 }, { "data_path": "action_result.data.*.securityIntelligence.id", @@ -1287,6 +1593,10 @@ "data_type": "string" } ], + "render": { + "title": "Delete Access Control Policies", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -1322,6 +1632,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.policy_id", "data_type": "string" @@ -1332,16 +1654,24 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Rule Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", "data_type": "string", "example_values": [ - "new-policy" - ] + "new-rule" + ], + "column_name": "Rule Name", + "column_order": 1 } ], + "render": { + "title": "Access Control Rules", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -1406,6 +1736,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.policy_id", "data_type": "string" @@ -1445,11 +1787,15 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Rule Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Rule Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -1467,7 +1813,9 @@ "data_type": "string", "example_values": [ "BLOCK" - ] + ], + "column_name": "Rule Action", + "column_order": 2 }, { "data_path": "action_result.data.*.logEnd", @@ -1475,7 +1823,9 @@ }, { "data_path": "action_result.data.*.enabled", - "data_type": "boolean" + "data_type": "boolean", + "column_name": "Enabled", + "column_order": 3 }, { "data_path": "action_result.data.*.logBegin", @@ -1541,6 +1891,7 @@ { "data_path": "action_result.data.*.destinationNetworks.objects.*.id", "data_type": "string" + }, { "data_path": "action_result.data.*.destinationNetworks.objects.*.name", @@ -1558,6 +1909,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Create Access Control Rules", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -1635,6 +1990,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.rule_id", "data_type": "string" @@ -1692,11 +2059,15 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Rule Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Rule Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -1714,7 +2085,9 @@ "data_type": "string", "example_values": [ "BLOCK" - ] + ], + "column_name": "Rule Action", + "column_order": 2 }, { "data_path": "action_result.data.*.logEnd", @@ -1722,7 +2095,9 @@ }, { "data_path": "action_result.data.*.enabled", - "data_type": "boolean" + "data_type": "boolean", + "column_name": "Enabled", + "column_order": 3 }, { "data_path": "action_result.data.*.logBegin", @@ -1823,6 +2198,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Update Access Control Rules", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -1859,6 +2238,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.rule_id", "data_type": "string" @@ -1873,11 +2264,15 @@ }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Rule Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Rule Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", @@ -2004,6 +2399,10 @@ "data_type": "boolean" } ], + "render": { + "title": "Delete Access Control Rules", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -2028,27 +2427,52 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.domain_name", "data_type": "string" }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Device Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Device Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", - "data_type": "string" + "data_type": "string", + "example_values": [ + "SENSOR" + ], + "column_name": "Device Type", + "column_order": 2 }, { "data_path": "action_result.data.*.links.self", "data_type": "string" } ], + "render": { + "title": "List Devices", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -2073,26 +2497,48 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.domain_name", "data_type": "string" }, { "data_path": "action_result.data.*.id", - "data_type": "string" + "data_type": "string", + "column_name": "Device Id", + "column_order": 0 }, { "data_path": "action_result.data.*.name", - "data_type": "string" + "data_type": "string", + "column_name": "Device Name", + "column_order": 1 }, { "data_path": "action_result.data.*.type", "data_type": "string", "example_values": [ "SENSOR" - ] + ], + "column_name": "Device Type", + "column_order": 2 } ], + "render": { + "title": "Get Deployable Devices", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -2122,6 +2568,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.devices", "data_type": "string" @@ -2139,7 +2597,9 @@ }, { "data_path": "action_result.data.*.version", - "data_type": "string" + "data_type": "string", + "column_name": "Version", + "column_order": 0 }, { "data_path": "action_result.data.*.metadata.task.id", @@ -2154,9 +2614,15 @@ }, { "data_path": "action_result.data.*.deviceList.*", - "data_type": "string" + "data_type": "string", + "column_name": "Devices", + "column_order": 1 } ], + "render": { + "title": "Deploy Devices", + "type": "table" + }, "versions": "EQ(*)" }, { @@ -2187,6 +2653,18 @@ "failed" ] }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, { "data_path": "action_result.parameter.deployment_id", "data_type": "string" @@ -2200,7 +2678,9 @@ "data_type": "string", "example_values": [ "DeploymentRequest" - ] + ], + "column_name": "Deployment Id", + "column_order": 0 }, { "data_path": "action_result.data.*.task", @@ -2215,17 +2695,25 @@ "example_values": [ "Deploying", "Deployed" - ] + ], + "column_name": "Deployment Status", + "column_order": 1 }, { "data_path": "action_result.data.*.message", - "data_type": "string" + "data_type": "string", + "column_name": "Deployment Message", + "column_order": 2 }, { "data_path": "action_result.data.*.deviceList.*", "data_type": "string" } ], + "render": { + "title": "Get Deployment Status", + "type": "table" + }, "versions": "EQ(*)" } ], diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 4cdb723..13d9d03 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -18,8 +18,8 @@ import encryption_helper import phantom.app as phantom import requests -from bs4 import BeautifulSoup import simplejson as json +from bs4 import BeautifulSoup from phantom.action_result import ActionResult from phantom.base_connector import BaseConnector @@ -147,7 +147,7 @@ def authenicate_cloud_fmc(self, config): based on the users region. """ region = config["region"] - api_key = config["cloud_api_key"] + api_key = config["api_key"] self.firepower_host = CLOUD_HOST.format(region=region.lower()) self.headers.update({"Authorization": f"Bearer {api_key}"}) return phantom.APP_SUCCESS @@ -168,7 +168,7 @@ def _get_token(self, action_result): self.refresh_count += 1 self.headers[REFRESH_TOKEN_KEY] = self._state[REFRESH_TOKEN_KEY] self.headers[TOKEN_KEY] = self._state[TOKEN_KEY] - ret_val, headers = self._api_run("post", REFRESH_ENDPOINT, action_result, headers_only=True, first_try=False) + ret_val, headers = self.__make_rest_call("post", REFRESH_ENDPOINT, action_result, headers_only=True, first_try=False) if not phantom.is_fail(ret_val): self.token = headers.get(TOKEN_KEY) self.headers[TOKEN_KEY] = self.token @@ -180,7 +180,7 @@ def _get_token(self, action_result): self.debug_print("Fetching a new token") self.headers.pop(REFRESH_TOKEN_KEY, None) auth = requests.auth.HTTPBasicAuth(self.username, self.password) - ret_val, headers = self._api_run("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=True, auth=auth) + ret_val, headers = self.__make_rest_call("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=True, auth=auth) if phantom.is_fail(ret_val): self.debug_print(f"Error {ret_val} while generating token with response {headers}") self._reset_state_file() @@ -281,7 +281,7 @@ def _process_response(self, r, action_result): return RetVal(action_result.set_status(phantom.APP_ERROR, msg), None) - def _api_run(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): + def __make_rest_call(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): """ This method makes a REST call to the API """ @@ -306,7 +306,7 @@ def _api_run(self, method, resource, action_result, json_body=None, headers_only return action_result.get_status(), None self.debug_print(f"Running url that failed because of token error {resource}") - return self._api_run(method, resource, action_result, json_body, headers_only, first_try=False) + return self.__make_rest_call(method, resource, action_result, json_body, headers_only, first_try=False) message = "Error from server. Status Code: {0} Data from server: {1}".format( result.status_code, result.text.replace("{", "{{").replace("}", "}}") @@ -333,7 +333,7 @@ def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: self.save_progress("Testing connectivity") url = GET_HOSTS_ENDPOINT.format(domain_id="default") - ret_val, _ = self._api_run("get", url, action_result) + ret_val, _ = self.__make_rest_call("get", url, action_result) if phantom.is_fail(ret_val): self.save_progress("Connectivity test failed") return action_result.get_status() @@ -349,7 +349,7 @@ def get_network_objects_of_type(self, object_type, domain_uuid, action_result, n params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self._api_run("get", url, action_result, params=params) + ret_val, response = self.__make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -399,7 +399,7 @@ def _handle_list_network_objects(self, param: Dict[str, Any]) -> bool: def get_network_object(self, domain_id: int, object_id: int) -> Tuple[bool, Dict[str, Any]]: url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_id, type="networks", object_id=object_id) - ret_val, response = self._api_run("get", url, self) + ret_val, response = self.__make_rest_call("get", url, self) return ret_val, response def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: @@ -413,7 +413,7 @@ def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: domain_uuid = self.get_domain_id(param.get("domain_name")) url = NETWORK_OBJECTS_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s") - ret_val, response = self._api_run("post", url, action_result, json_body=payload) + ret_val, response = self.__make_rest_call("post", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -430,7 +430,7 @@ def _handle_update_network_object(self, param: Dict[str, Any]) -> bool: domain_uuid = self.get_domain_id(param.get("domain_name")) ret_val, curent_object = self.get_network_object(domain_uuid, object_id) if phantom.is_fail(ret_val): - return action_result.get_status() + return self.get_status() name = param.get("name") or curent_object["name"] object_type = param.get("type") or curent_object["type"] @@ -439,7 +439,7 @@ def _handle_update_network_object(self, param: Dict[str, Any]) -> bool: url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) - ret_val, response = self._api_run("put", url, action_result, json_body=payload) + ret_val, response = self.__make_rest_call("put", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -457,7 +457,7 @@ def _handle_delete_network_object(self, param: Dict[str, Any]) -> bool: domain_uuid = self.get_domain_id(param.get("domain_name")) url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) - ret_val, response = self._api_run("delete", url, action_result) + ret_val, response = self.__make_rest_call("delete", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -493,7 +493,7 @@ def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: params = {"limit": limit, "expanded": True} while True: params["offset"] = offset - ret_val, response = self._api_run("get", url, action_result, params=params) + ret_val, response = self.__make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -523,14 +523,17 @@ def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: action_result = self.add_action_result(ActionResult(dict(param))) group_name = param["name"] - object_ids = param["network_object_ids"] + object_ids = param.get("network_object_ids", "") objects = [{"id": item.strip()} for item in object_ids.split(",") if item.strip()] - payload = {"name": group_name, "type": "NetworkGroup", "objects": objects} + overridable = param.get("overridable", False) + payload = {"name": group_name, "type": "NetworkGroup", "overridable": overridable} + if objects: + payload["objects"] = objects domain_uuid = self.get_domain_id(param.get("domain_name")) url = NETWORK_GROUPS_ENDPOINT.format(domain_id=domain_uuid) - ret_val, response = self._api_run("post", url, action_result, json_body=payload) + ret_val, response = self.__make_rest_call("post", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -541,7 +544,7 @@ def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: def get_network_group(self, domain_uuid, group_id): url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) - ret_val, response = self._api_run("get", url, self) + ret_val, response = self.__make_rest_call("get", url, self) return ret_val, response def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: @@ -570,7 +573,7 @@ def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: resp["objects"] = objects update_url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) - ret_val, response = self._api_run("put", update_url, action_result, json_body=resp) + ret_val, response = self.__make_rest_call("put", update_url, action_result, json_body=resp) if phantom.is_fail(ret_val): return action_result.get_status() @@ -588,7 +591,7 @@ def _handle_delete_network_group(self, param): domain_uuid = self.get_domain_id(param.get("domain_name")) update_url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) - ret_val, response = self._api_run("delete", update_url, action_result) + ret_val, response = self.__make_rest_call("delete", update_url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -609,7 +612,7 @@ def _handle_get_access_policies(self, param): params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self._api_run("get", url, action_result, params=params) + ret_val, response = self.__make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -644,7 +647,7 @@ def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: payload["description"] = param["description"] url = ACCESS_POLICY_ENDPOINT.format(domain_id=domain_uuid) - ret_val, response = self._api_run("post", url, action_result, json_body=payload) + ret_val, response = self.__make_rest_call("post", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -655,7 +658,7 @@ def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: def get_access_policy(self, domain_uuid, policy_id): url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - ret_val, response = self._api_run("get", url, self) + ret_val, response = self.__make_rest_call("get", url, self) return ret_val, response def _handle_update_access_policy(self, param): @@ -689,7 +692,7 @@ def _handle_update_access_policy(self, param): url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) print(f"payload is {payload}") - ret_val, response = self._api_run("put", url, action_result, json_body=payload) + ret_val, response = self.__make_rest_call("put", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() print(f"updated policy with {response}") @@ -707,7 +710,7 @@ def _handle_delete_access_policy(self, param: Dict[str, Any]) -> bool: policy_id = param["policy_id"] url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - ret_val, response = self._api_run("delete", url, action_result) + ret_val, response = self.__make_rest_call("delete", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -741,7 +744,7 @@ def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self._api_run("get", url, action_result, params=params) + ret_val, response = self.__make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -812,7 +815,7 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: rule_payload["destinationNetworks"]["objects"] = destination_networks_objects url = ACCESS_RULES_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - ret_val, response = self._api_run("post", url, action_result, json_body=rule_payload) + ret_val, response = self.__make_rest_call("post", url, action_result, json_body=rule_payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -823,7 +826,7 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: def get_access_control_rule(self, domain_id: str, policy_id: str, rule_id: str) -> Tuple[bool, Dict[str, Any]]: url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_id, policy_id=policy_id, rule_id=rule_id) - ret_val, response = self._api_run("get", url, self) + ret_val, response = self.__make_rest_call("get", url, self) return ret_val, response def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: @@ -886,7 +889,7 @@ def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: rule_payload["destinationNetworks"] = {"objects": filtered_destination_networks} url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id, rule_id=rule_id) - ret_val, response = self._api_run("put", url, action_result, json_body=rule_payload) + ret_val, response = self.__make_rest_call("put", url, action_result, json_body=rule_payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -906,7 +909,7 @@ def _handle_delete_access_rule(self, param: Dict[str, Any]) -> bool: policy_id = param["policy_id"] url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id, rule_id=rule_id) - ret_val, response = self._api_run("delete", url, action_result) + ret_val, response = self.__make_rest_call("delete", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -928,7 +931,7 @@ def _handle_list_devices(self, param: Dict[str, Any]) -> bool: params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self._api_run("get", url, action_result, params=params) + ret_val, response = self.__make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -959,7 +962,7 @@ def get_deployable_devices(self, domain_id: str) -> Tuple[bool, Any]: params = {"limit": limit, "expanded": True} while True: params["offset"] = offset - ret_val, response = self._api_run("get", url, self, params=params) + ret_val, response = self.__make_rest_call("get", url, self, params=params) if phantom.is_fail(ret_val): return phantom.APP_ERROR, [] @@ -1019,7 +1022,7 @@ def _handle_deploy_devices(self, param: Dict[str, Any]) -> bool: url = DEPLOY_DEVICES_ENDPOINT.format(domain_id=domain_uuid) body = {"type": "DeploymentRequest", "version": "0", "forceDeploy": True, "ignoreWarning": True, "deviceList": devices_to_deploy} - ret_val, response = self._api_run("post", url, action_result, body) + ret_val, response = self.__make_rest_call("post", url, action_result, body) if phantom.is_fail(ret_val): return action_result.get_status() @@ -1038,7 +1041,7 @@ def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: deployment_id = param["deployment_id"] url = DEPLOYMENT_STATUS_ENDPOINT.format(domain_id=domain_uuid, task_id=deployment_id) - ret_val, response = self._api_run("get", url, action_result) + ret_val, response = self.__make_rest_call("get", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -1058,7 +1061,7 @@ def handle_action(self, param): if action_id == "test_connectivity": ret_val = self._handle_test_connectivity(param) - elif action_id == "list_network_ojects": + elif action_id == "list_network_objects": self._handle_list_network_objects(param) elif action_id == "create_network_object": self._handle_create_network_object(param) From 69e4a128e8d4cc70c8d326e355730ad547ec5563 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Tue, 28 Jan 2025 01:10:28 +0000 Subject: [PATCH 09/22] Update README.md --- README.md | 1002 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 577 insertions(+), 425 deletions(-) diff --git a/README.md b/README.md index f22c9dd..ba9081d 100644 --- a/README.md +++ b/README.md @@ -1,704 +1,856 @@ -[comment]: # "Auto-generated SOAR connector documentation" # Cisco Secure Firewall -Publisher: Splunk -Connector Version: 1.0.0 -Product Vendor: Cisco Systems -Product Name: Cisco Secure Firewall -Product Version Supported (regex): ".\*" -Minimum Product Version: 6.3.0 +Publisher: Splunk \ +Connector Version: 1.0.0 \ +Product Vendor: Cisco Systems \ +Product Name: Cisco Secure Firewall \ +Minimum Product Version: 6.3.0 -This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules +This app interfaces with Cisco Firepower devices to adds, updates and deletes network objects, network object groups, access policies and access rules ### Configuration variables + This table lists the configuration variables required to operate Cisco Secure Firewall. These variables are specified when configuring a Cisco Secure Firewall asset in Splunk SOAR. VARIABLE | REQUIRED | TYPE | DESCRIPTION -------- | -------- | ---- | ----------- -**fmc_type** | required | string | Would you like to connect to an on-prem or cloud delivered FMC -**firepower_host** | optional | string | Device IP/Hostname of your on-prem FMC -**verify_server_cert** | optional | boolean | Verify server certificate -**username** | optional | string | User with access to the on-prem FMC node -**password** | optional | password | Password for the on-prem FMC node -**domain_name** | optional | string | Default firepower domain -**cloud_api_key** | optional | string | Api key for cloud delivered FMC -**region** | optional | string | Region your Cisco Security Cloud Control is deployed in - -### Supported Actions -[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity -[list network objects](#action-list-network-objects) - List network object in FMC -[create network object](#action-create-network-object) - Creates a network object in FMC -[update network object](#action-update-network-object) - Updates a network object in FMC -[delete network object](#action-delete-network-object) - Deletes a network object in FMC -[get network group objects](#action-get-network-group-objects) - Gets all network group objects in FMC host or a specfic network group -[create network group object](#action-create-network-group-object) - Create a network group object -[update network group object](#action-update-network-group-object) - Update a network group object -[delete network group object](#action-delete-network-group-object) - Delete a network group object -[get access control policies](#action-get-access-control-policies) - Gets all access control polcies in the FMC host for a particular domain -[create access control policy](#action-create-access-control-policy) - Create an access control policy -[update access control policy](#action-update-access-control-policy) - Update an access control policy -[delete access control policies](#action-delete-access-control-policies) - Deleted the specified access control policy -[get access control rules](#action-get-access-control-rules) - Gets all access control rules associated with a particular access control policy -[create access control rule](#action-create-access-control-rule) - Creates an access control rule associated with a particular access control policy -[update access control rule](#action-update-access-control-rule) - Updates an access control rule associated with a particular access control policy -[delete access control rules](#action-delete-access-control-rules) - Deletes access control rule associated with a particular access control policy -[list devices](#action-list-devices) - Lists all devices belonging to a particular domain/tenant -[get deployable devices](#action-get-deployable-devices) - List all devices with configuration chnges that are ready to be deployed -[deploy devices](#action-deploy-devices) - Deploy devices that are ready to deploy -[get deployment status](#action-get-deployment-status) - Get status of a deployment +**fmc_type** | required | string | Would you like to connect to an on-prem or cloud delivered FMC | +**firepower_host** | optional | string | Device IP/Hostname of your on-prem FMC | +**verify_server_cert** | optional | boolean | Verify server certificate | +**username** | optional | string | User with access to the on-prem FMC node | +**password** | optional | password | Password for the on-prem FMC node | +**domain_name** | optional | string | Default firepower domain | +**api_key** | optional | password | Api key for cloud delivered FMC | +**region** | optional | string | Region your Cisco Security Cloud Control is deployed in | + +### Supported Actions + +[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity \ +[list network objects](#action-list-network-objects) - List network object in FMC \ +[create network object](#action-create-network-object) - Creates a network object in FMC \ +[update network object](#action-update-network-object) - Updates a network object in FMC \ +[delete network object](#action-delete-network-object) - Deletes a network object in FMC \ +[get network group objects](#action-get-network-group-objects) - Gets all network group objects in FMC host or a specfic network group \ +[create network group object](#action-create-network-group-object) - Create a network group object \ +[update network group object](#action-update-network-group-object) - Update a network group object \ +[delete network group object](#action-delete-network-group-object) - Delete a network group object \ +[get access control policies](#action-get-access-control-policies) - Gets all access control polcies in the FMC host for a particular domain \ +[create access control policy](#action-create-access-control-policy) - Create an access control policy \ +[update access control policy](#action-update-access-control-policy) - Update an access control policy \ +[delete access control policies](#action-delete-access-control-policies) - Deleted the specified access control policy \ +[get access control rules](#action-get-access-control-rules) - Gets all access control rules associated with a particular access control policy \ +[create access control rule](#action-create-access-control-rule) - Creates an access control rule associated with a particular access control policy \ +[update access control rule](#action-update-access-control-rule) - Updates an access control rule associated with a particular access control policy \ +[delete access control rules](#action-delete-access-control-rules) - Deletes access control rule associated with a particular access control policy \ +[list devices](#action-list-devices) - Lists all devices belonging to a particular domain/tenant \ +[get deployable devices](#action-get-deployable-devices) - List all devices with configuration chnges that are ready to be deployed \ +[deploy devices](#action-deploy-devices) - Deploy devices that are ready to deploy \ +[get deployment status](#action-get-deployment-status) - Get status of a deployment ## action: 'test connectivity' + Validate the asset configuration for connectivity -Type: **test** +Type: **test** \ Read only: **True** #### Action Parameters + No parameters are required for this action #### Action Output -No Output + +No Output ## action: 'list network objects' + List network object in FMC -Type: **investigate** +Type: **investigate** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**name** | optional | Network object name to filter results by | string | -**type** | optional | Network object type to filter results by | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**name** | optional | Network object name to filter results by | string | | +**type** | optional | Network object type to filter results by | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.name | string | | -action_result.parameter.type | string | | Network -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | Network -action_result.data.\*.links.self | string | | -action_result.data.\*.links.parent | string | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.name | string | | | +action_result.parameter.type | string | | Network | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | Network | +action_result.data.\*.links.self | string | | | +action_result.data.\*.links.parent | string | | | ## action: 'create network object' + Creates a network object in FMC -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**name** | required | Network object name | string | -**type** | required | Network object type | string | -**value** | required | Value of the network object. If type if Range specify value in the following format: ip1-ip2 | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**name** | required | Network object name | string | | +**type** | required | Network object type | string | | +**value** | required | Value of the network object. If type if Range specify value in the following format: ip1-ip2 | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.name | string | | -action_result.parameter.type | string | | Network -action_result.parameter.value | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | Network -action_result.data.\*.links.self | string | | -action_result.data.\*.links.parent | string | | -action_result.data.\*.value | string | | -action_result.data.\*.metadata.domain.id | string | | -action_result.data.\*.metadata.domain.name | string | | -action_result.data.\*.metadata.domain.type | string | | -action_result.data.\*.metadata.ipType | string | | -action_result.data.\*.metadata.domain.lastUser.name | string | | -action_result.data.\*.metadata.domain.timestamp | numeric | | -action_result.data.\*.metadata.domain.parentType | string | | -action_result.data.\*.metadata.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.name | string | | | +action_result.parameter.type | string | | Network | +action_result.parameter.value | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | Network | +action_result.data.\*.links.self | string | | | +action_result.data.\*.links.parent | string | | | +action_result.data.\*.value | string | | | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | | +action_result.data.\*.metadata.domain.type | string | | | +action_result.data.\*.metadata.ipType | string | | | +action_result.data.\*.metadata.domain.lastUser.name | string | | | +action_result.data.\*.metadata.domain.timestamp | numeric | | | +action_result.data.\*.metadata.domain.parentType | string | | | +action_result.data.\*.metadata.overridable | boolean | | | ## action: 'update network object' + Updates a network object in FMC -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**object_id** | required | Network object id | string | -**name** | optional | Network object name | string | -**type** | optional | Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update. | string | -**value** | optional | Value of the network object. If type is Range specify value in the following format: ip1-ip2 | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**object_id** | required | Network object id | string | | +**name** | optional | Network object name | string | | +**type** | optional | Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update. | string | | +**value** | optional | Value of the network object. If type is Range specify value in the following format: ip1-ip2 | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.object_id | string | | -action_result.parameter.name | string | | -action_result.parameter.type | string | | Network -action_result.parameter.value | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | Network -action_result.data.\*.links.self | string | | -action_result.data.\*.links.parent | string | | -action_result.data.\*.value | string | | -action_result.data.\*.metadata.domain.id | string | | -action_result.data.\*.metadata.domain.name | string | | -action_result.data.\*.metadata.domain.type | string | | -action_result.data.\*.metadata.ipType | string | | -action_result.data.\*.metadata.domain.lastUser.name | string | | -action_result.data.\*.metadata.domain.timestamp | numeric | | -action_result.data.\*.metadata.domain.parentType | string | | -action_result.data.\*.metadata.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.object_id | string | | | +action_result.parameter.name | string | | | +action_result.parameter.type | string | | Network | +action_result.parameter.value | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | Network | +action_result.data.\*.links.self | string | | | +action_result.data.\*.links.parent | string | | | +action_result.data.\*.value | string | | | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | | +action_result.data.\*.metadata.domain.type | string | | | +action_result.data.\*.metadata.ipType | string | | | +action_result.data.\*.metadata.domain.lastUser.name | string | | | +action_result.data.\*.metadata.domain.timestamp | numeric | | | +action_result.data.\*.metadata.domain.parentType | string | | | +action_result.data.\*.metadata.overridable | boolean | | | ## action: 'delete network object' + Deletes a network object in FMC -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**object_id** | required | Network object id | string | -**type** | required | Network object type | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**object_id** | required | Network object id | string | | +**type** | required | Network object type | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.object_id | string | | -action_result.parameter.type | string | | Network -action_result.parameter.domain_name | string | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.object_id | string | | | +action_result.parameter.type | string | | Network | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | Network | +action_result.data.\*.links.self | string | | | +action_result.data.\*.links.parent | string | | | +action_result.data.\*.value | string | | | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | | +action_result.data.\*.metadata.domain.type | string | | | +action_result.data.\*.metadata.ipType | string | | | +action_result.data.\*.metadata.domain.lastUser.name | string | | | +action_result.data.\*.metadata.domain.timestamp | numeric | | | +action_result.data.\*.metadata.domain.parentType | string | | | +action_result.data.\*.metadata.overridable | boolean | | | ## action: 'get network group objects' + Gets all network group objects in FMC host or a specfic network group -Type: **investigate** +Type: **investigate** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**group_name** | optional | Group name to retrieve from FMC | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**group_name** | optional | Group name to retrieve from FMC | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.group_name | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.uuid | string | | -action_result.data.\*.name | string | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.group_name | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.uuid | string | | | +action_result.data.\*.name | string | | | ## action: 'create network group object' + Create a network group object -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**name** | required | Name of the network group | string | -**network_object_ids** | required | Network objects attached to the group. Note these ids must already exist in FMC | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**name** | required | Name of the network group | string | | +**network_object_ids** | optional | Network objects attached to the group. Note these ids must already exist in FMC | string | | +**overridable** | optional | Changes to this won't affect parent policies or configurations | boolean | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.name | string | | -action_result.parameter.network_object_ids | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | NetworkGroup -action_result.data.\*.links.self | string | | -action_result.data.\*.objects.id | string | | -action_result.data.\*.objects.name | string | | -action_result.data.\*.objects.type | string | | Network -action_result.data.\*.metadata.domain.id | string | | -action_result.data.\*.metadata.domain.name | string | | -action_result.data.\*.metadata.domain.type | string | | -action_result.data.\*.metadata.domain.lastUser.name | string | | -action_result.data.\*.metadata.domain.timestamp | numeric | | -action_result.data.\*.metadata.domain.parentType | string | | -action_result.data.\*.metadata.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.name | string | | | +action_result.parameter.network_object_ids | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | NetworkGroup | +action_result.data.\*.links.self | string | | | +action_result.data.\*.objects.id | string | | | +action_result.data.\*.objects.name | string | | | +action_result.data.\*.objects.type | string | | Network | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | | +action_result.data.\*.metadata.domain.type | string | | | +action_result.data.\*.metadata.domain.lastUser.name | string | | | +action_result.data.\*.metadata.domain.timestamp | numeric | | | +action_result.data.\*.metadata.domain.parentType | string | | | +action_result.data.\*.metadata.overridable | boolean | | | ## action: 'update network group object' + Update a network group object -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**network_group_id** | required | Network group to update | string | -**name** | optional | Name of the network group | string | -**network_object_ids_to_add** | optional | Network objects to add to the group. Note these ids must already exist in FMC | string | -**network_object_ids_to_remove** | optional | Network objects to remove frin the group. | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**network_group_id** | required | Network group to update | string | | +**name** | optional | Name of the network group | string | | +**network_object_ids_to_add** | optional | Network objects to add to the group. Note these ids must already exist in FMC | string | | +**network_object_ids_to_remove** | optional | Network objects to remove frin the group. | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.network_group_id | string | | -action_result.parameter.name | string | | -action_result.parameter.network_object_ids_to_add | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c -action_result.parameter.network_object_ids_to_remove | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | NetworkGroup -action_result.data.\*.links.self | string | | -action_result.data.\*.objects.id | string | | -action_result.data.\*.objects.name | string | | -action_result.data.\*.objects.type | string | | Network -action_result.data.\*.metadata.domain.id | string | | -action_result.data.\*.metadata.domain.name | string | | -action_result.data.\*.metadata.domain.type | string | | -action_result.data.\*.metadata.domain.lastUser.name | string | | -action_result.data.\*.metadata.domain.timestamp | numeric | | -action_result.data.\*.metadata.domain.parentType | string | | -action_result.data.\*.metadata.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.network_group_id | string | | | +action_result.parameter.name | string | | | +action_result.parameter.network_object_ids_to_add | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c | +action_result.parameter.network_object_ids_to_remove | string | | b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | NetworkGroup | +action_result.data.\*.links.self | string | | | +action_result.data.\*.objects.id | string | | | +action_result.data.\*.objects.name | string | | | +action_result.data.\*.objects.type | string | | Network | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | | +action_result.data.\*.metadata.domain.type | string | | | +action_result.data.\*.metadata.domain.lastUser.name | string | | | +action_result.data.\*.metadata.domain.timestamp | numeric | | | +action_result.data.\*.metadata.domain.parentType | string | | | +action_result.data.\*.metadata.overridable | boolean | | | ## action: 'delete network group object' + Delete a network group object -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**network_group_id** | required | Network group to update | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**network_group_id** | required | Network group to update | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.network_group_id | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | NetworkGroup -action_result.data.\*.links.self | string | | -action_result.data.\*.objects.id | string | | -action_result.data.\*.objects.name | string | | -action_result.data.\*.objects.type | string | | Network -action_result.data.\*.metadata.domain.id | string | | -action_result.data.\*.metadata.domain.name | string | | -action_result.data.\*.metadata.domain.type | string | | -action_result.data.\*.metadata.domain.lastUser.name | string | | -action_result.data.\*.metadata.domain.timestamp | numeric | | -action_result.data.\*.metadata.domain.parentType | string | | -action_result.data.\*.metadata.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.network_group_id | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | NetworkGroup | +action_result.data.\*.links.self | string | | | +action_result.data.\*.objects.id | string | | | +action_result.data.\*.objects.name | string | | | +action_result.data.\*.objects.type | string | | Network | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | | +action_result.data.\*.metadata.domain.type | string | | | +action_result.data.\*.metadata.domain.lastUser.name | string | | | +action_result.data.\*.metadata.domain.timestamp | numeric | | | +action_result.data.\*.metadata.domain.parentType | string | | | +action_result.data.\*.metadata.overridable | boolean | | | ## action: 'get access control policies' + Gets all access control polcies in the FMC host for a particular domain -Type: **investigate** +Type: **investigate** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.domain_name | string | | -action_result.data.\*.name | string | | new-policy -action_result.data.\*.policy_id | string | | 00000000-0000-0ed3-0000-012884902138 +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.policy_id | string | | 00000000-0000-0ed3-0000-012884902138 | ## action: 'create access control policy' + Create an access control policy -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**name** | required | Name of the network group | string | -**description** | optional | Description of the policy | string | -**action** | required | Type of action to take on matching traffic | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**name** | required | Name of the network group | string | | +**description** | optional | Description of the policy | string | | +**action** | required | Type of action to take on matching traffic | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.name | string | | -action_result.parameter.description | string | | -action_result.parameter.action | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | new-policy -action_result.data.\*.type | string | | AccessPolicy -action_result.data.\*.links.self | string | | AccessPolicy -action_result.data.\*.rules.type | string | | AccessRule -action_result.data.\*.rules.links.self | string | | -action_result.data.\*.description | string | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.name | string | | | +action_result.parameter.description | string | | | +action_result.parameter.action | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.type | string | | AccessPolicy | +action_result.data.\*.links.self | string | | AccessPolicy | +action_result.data.\*.rules.type | string | | AccessRule | +action_result.data.\*.rules.links.self | string | | | +action_result.data.\*.description | string | | | ## action: 'update access control policy' + Update an access control policy -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**policy_id** | required | Id of the policy to update | string | -**name** | optional | Name of the network group | string | -**description** | optional | Description of the policy | string | -**action** | optional | Type of action to take on matching traffic | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**policy_id** | required | Id of the policy to update | string | | +**name** | optional | Name of the network group | string | | +**description** | optional | Description of the policy | string | | +**action** | optional | Type of action to take on matching traffic | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.policy_id | string | | -action_result.parameter.name | string | | -action_result.parameter.description | string | | -action_result.parameter.action | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | new-policy -action_result.data.\*.type | string | | AccessPolicy -action_result.data.\*.links.self | string | | AccessPolicy -action_result.data.\*.rules.type | string | | AccessRule -action_result.data.\*.rules.links.self | string | | -action_result.data.\*.description | string | | -action_result.data.\*.defaultAction.id | string | | -action_result.data.\*.defaultAction.type | string | | AccessPolicyDefaultAction -action_result.data.\*.defaultAction.action | string | | BLOCK +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.policy_id | string | | | +action_result.parameter.name | string | | | +action_result.parameter.description | string | | | +action_result.parameter.action | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.type | string | | AccessPolicy | +action_result.data.\*.links.self | string | | AccessPolicy | +action_result.data.\*.rules.type | string | | AccessRule | +action_result.data.\*.rules.links.self | string | | | +action_result.data.\*.description | string | | | +action_result.data.\*.defaultAction.id | string | | | +action_result.data.\*.defaultAction.type | string | | AccessPolicyDefaultAction | +action_result.data.\*.defaultAction.action | string | | BLOCK | ## action: 'delete access control policies' + Deleted the specified access control policy -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**policy_id** | required | Id of the policy to delete | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**policy_id** | required | Id of the policy to delete | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.policy_id | string | | -action_result.parameter.name | string | | -action_result.parameter.description | string | | -action_result.parameter.action | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | new-policy -action_result.data.\*.type | string | | AccessPolicy -action_result.data.\*.links.self | string | | AccessPolicy -action_result.data.\*.rules.type | string | | AccessRule -action_result.data.\*.rules.links.self | string | | -action_result.data.\*.description | string | | -action_result.data.\*.defaultAction.id | string | | -action_result.data.\*.defaultAction.type | string | | AccessPolicyDefaultAction -action_result.data.\*.defaultAction.action | string | | BLOCK -action_result.data.\*.securityIntelligence.id | string | | -action_result.data.\*.securityIntelligence.type | string | | SecurityIntelligencePolicy -action_result.data.\*.securityIntelligence.links.self | string | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.policy_id | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.type | string | | AccessPolicy | +action_result.data.\*.links.self | string | | AccessPolicy | +action_result.data.\*.rules.type | string | | AccessRule | +action_result.data.\*.rules.links.self | string | | | +action_result.data.\*.description | string | | | +action_result.data.\*.defaultAction.id | string | | | +action_result.data.\*.defaultAction.type | string | | AccessPolicyDefaultAction | +action_result.data.\*.defaultAction.action | string | | BLOCK | +action_result.data.\*.securityIntelligence.id | string | | | +action_result.data.\*.securityIntelligence.type | string | | SecurityIntelligencePolicy | +action_result.data.\*.securityIntelligence.links.self | string | | | ## action: 'get access control rules' + Gets all access control rules associated with a particular access control policy -Type: **investigate** +Type: **investigate** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**policy_id** | required | Access control policy that the rule is apart of | string | -**rule_id** | optional | Id of the rules | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**policy_id** | required | Access control policy that the rule is apart of | string | | +**rule_id** | optional | Id of the rules | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.policy_id | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | new-policy +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.policy_id | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | new-rule | ## action: 'create access control rule' + Creates an access control rule associated with a particular access control policy -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**policy_id** | required | Access control policy the rule will be apart of | string | -**name** | required | Name of the access control rule | string | -**action** | required | Type of action to take on matching traffic | string | -**enabled** | optional | Wether the rule is enabled | boolean | -**source_networks** | optional | Network groups or objects to determine what action to take against traffic based on where it originated from | string | -**destination_networks** | optional | Network groups or objects to determine what action to take against traffic based on its intended destination | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**policy_id** | required | Access control policy the rule will be apart of | string | | +**name** | required | Name of the access control rule | string | | +**action** | required | Type of action to take on matching traffic | string | | +**enabled** | optional | Wether the rule is enabled | boolean | | +**source_networks** | optional | Network groups or objects to determine what action to take against traffic based on where it originated from | string | | +**destination_networks** | optional | Network groups or objects to determine what action to take against traffic based on its intended destination | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.policy_id | string | | -action_result.parameter.name | string | | -action_result.parameter.action | string | | BLOCK -action_result.parameter.enabled | boolean | | -action_result.parameter.source_networks | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 -action_result.parameter.destination_networks | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | AccessRule -action_result.data.\*.links.self | string | | -action_result.data.\*.action | string | | BLOCK -action_result.data.\*.logEnd | boolean | | -action_result.data.\*.enabled | boolean | | -action_result.data.\*.logBegin | boolean | | -action_result.data.\*.logFiles | boolean | | -action_result.data.\*.metadata.accessPolicy.id | string | | -action_result.data.\*.metadata.accessPolicy.name | string | | -action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy -action_result.data.\*.variableSet.id | string | | -action_result.data.\*.variableSet.name | string | | -action_result.data.\*.variableSet.type | string | | VariableSet -action_result.data.\*.sourceNetworks.objects.\*.id | string | | -action_result.data.\*.sourceNetworks.objects.\*.name | string | | -action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network -action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | -action_result.data.\*.sendEventsToFMC | boolean | | -action_result.data.\*.destinationNetworks.objects.\*.id | string | | -action_result.data.\*.destinationNetworks.objects.\*.name | string | | -action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network -action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.policy_id | string | | | +action_result.parameter.name | string | | | +action_result.parameter.action | string | | BLOCK | +action_result.parameter.enabled | boolean | | | +action_result.parameter.source_networks | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 | +action_result.parameter.destination_networks | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | AccessRule | +action_result.data.\*.links.self | string | | | +action_result.data.\*.action | string | | BLOCK | +action_result.data.\*.logEnd | boolean | | | +action_result.data.\*.enabled | boolean | | | +action_result.data.\*.logBegin | boolean | | | +action_result.data.\*.logFiles | boolean | | | +action_result.data.\*.metadata.accessPolicy.id | string | | | +action_result.data.\*.metadata.accessPolicy.name | string | | | +action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy | +action_result.data.\*.variableSet.id | string | | | +action_result.data.\*.variableSet.name | string | | | +action_result.data.\*.variableSet.type | string | | VariableSet | +action_result.data.\*.sourceNetworks.objects.\*.id | string | | | +action_result.data.\*.sourceNetworks.objects.\*.name | string | | | +action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network | +action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | | +action_result.data.\*.sendEventsToFMC | boolean | | | +action_result.data.\*.destinationNetworks.objects.\*.id | string | | | +action_result.data.\*.destinationNetworks.objects.\*.name | string | | | +action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network | +action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | | ## action: 'update access control rule' + Updates an access control rule associated with a particular access control policy -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**rule_id** | required | Access control rule to update | string | -**policy_id** | required | Access control policy that the rule is apart of | string | -**name** | optional | Name of the access control rule | string | -**action** | optional | Type of action to take on matching traffic | string | -**enabled** | optional | Wether the rule is enabled | boolean | -**source_networks_to_add** | optional | Add these network groups or objects to the rules source networks | string | -**source_networks_to_remove** | optional | Remove these network groups or objects from the rules source networks | string | -**destination_networks_to_add** | optional | Add these network groups or objects to the rules destination networks | string | -**destination_networks_to_remove** | optional | Remove these network groups or objects from the rules destination networks | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**rule_id** | required | Access control rule to update | string | | +**policy_id** | required | Access control policy that the rule is apart of | string | | +**name** | optional | Name of the access control rule | string | | +**action** | optional | Type of action to take on matching traffic | string | | +**enabled** | optional | Wether the rule is enabled | boolean | | +**source_networks_to_add** | optional | Add these network groups or objects to the rules source networks | string | | +**source_networks_to_remove** | optional | Remove these network groups or objects from the rules source networks | string | | +**destination_networks_to_add** | optional | Add these network groups or objects to the rules destination networks | string | | +**destination_networks_to_remove** | optional | Remove these network groups or objects from the rules destination networks | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.rule_id | string | | -action_result.parameter.policy_id | string | | -action_result.parameter.name | string | | -action_result.parameter.action | string | | BLOCK -action_result.parameter.enabled | boolean | | -action_result.parameter.source_networks_to_add | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 -action_result.parameter.source_networks_to_remove | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 -action_result.parameter.destination_networks_to_add | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 -action_result.parameter.destination_networks_to_remove | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | AccessRule -action_result.data.\*.links.self | string | | -action_result.data.\*.action | string | | BLOCK -action_result.data.\*.logEnd | boolean | | -action_result.data.\*.enabled | boolean | | -action_result.data.\*.logBegin | boolean | | -action_result.data.\*.logFiles | boolean | | -action_result.data.\*.metadata.domain.id | string | | -action_result.data.\*.metadata.domain.name | string | | Global -action_result.data.\*.metadata.domain.type | string | | Domain -action_result.data.\*.metadata.accessPolicy.id | string | | -action_result.data.\*.metadata.accessPolicy.name | string | | -action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy -action_result.data.\*.variableSet.id | string | | -action_result.data.\*.variableSet.name | string | | -action_result.data.\*.variableSet.type | string | | VariableSet -action_result.data.\*.sourceNetworks.objects.\*.id | string | | -action_result.data.\*.sourceNetworks.objects.\*.name | string | | -action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network -action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | -action_result.data.\*.sendEventsToFMC | boolean | | -action_result.data.\*.destinationNetworks.objects.\*.id | string | | -action_result.data.\*.destinationNetworks.objects.\*.name | string | | -action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network -action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.rule_id | string | | | +action_result.parameter.policy_id | string | | | +action_result.parameter.name | string | | | +action_result.parameter.action | string | | BLOCK | +action_result.parameter.enabled | boolean | | | +action_result.parameter.source_networks_to_add | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 | +action_result.parameter.source_networks_to_remove | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 | +action_result.parameter.destination_networks_to_add | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 | +action_result.parameter.destination_networks_to_remove | string | | 00000000-0000-0ed3-0000-012884902229, 00000000-0000-0ed3-0000-012884902491 | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | AccessRule | +action_result.data.\*.links.self | string | | | +action_result.data.\*.action | string | | BLOCK | +action_result.data.\*.logEnd | boolean | | | +action_result.data.\*.enabled | boolean | | | +action_result.data.\*.logBegin | boolean | | | +action_result.data.\*.logFiles | boolean | | | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | Global | +action_result.data.\*.metadata.domain.type | string | | Domain | +action_result.data.\*.metadata.accessPolicy.id | string | | | +action_result.data.\*.metadata.accessPolicy.name | string | | | +action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy | +action_result.data.\*.variableSet.id | string | | | +action_result.data.\*.variableSet.name | string | | | +action_result.data.\*.variableSet.type | string | | VariableSet | +action_result.data.\*.sourceNetworks.objects.\*.id | string | | | +action_result.data.\*.sourceNetworks.objects.\*.name | string | | | +action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network | +action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | | +action_result.data.\*.sendEventsToFMC | boolean | | | +action_result.data.\*.destinationNetworks.objects.\*.id | string | | | +action_result.data.\*.destinationNetworks.objects.\*.name | string | | | +action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network | +action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | | ## action: 'delete access control rules' + Deletes access control rule associated with a particular access control policy -Type: **generic** +Type: **generic** \ Read only: **False** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**rule_id** | required | Access control rule to delete | string | -**policy_id** | required | Access control policy that the rule is apart of | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**rule_id** | required | Access control rule to delete | string | | +**policy_id** | required | Access control policy that the rule is apart of | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.rule_id | string | | -action_result.parameter.policy_id | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | AccessRule -action_result.data.\*.links.self | string | | -action_result.data.\*.action | string | | BLOCK -action_result.data.\*.logEnd | boolean | | -action_result.data.\*.enabled | boolean | | -action_result.data.\*.logBegin | boolean | | -action_result.data.\*.logFiles | boolean | | -action_result.data.\*.metadata.domain.id | string | | -action_result.data.\*.metadata.domain.name | string | | Global -action_result.data.\*.metadata.domain.type | string | | Domain -action_result.data.\*.metadata.accessPolicy.id | string | | -action_result.data.\*.metadata.accessPolicy.name | string | | -action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy -action_result.data.\*.variableSet.id | string | | -action_result.data.\*.variableSet.name | string | | -action_result.data.\*.variableSet.type | string | | VariableSet -action_result.data.\*.sourceNetworks.objects.\*.id | string | | -action_result.data.\*.sourceNetworks.objects.\*.name | string | | -action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network -action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | -action_result.data.\*.sendEventsToFMC | boolean | | -action_result.data.\*.destinationNetworks.objects.\*.id | string | | -action_result.data.\*.destinationNetworks.objects.\*.name | string | | -action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network -action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.rule_id | string | | | +action_result.parameter.policy_id | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | AccessRule | +action_result.data.\*.links.self | string | | | +action_result.data.\*.action | string | | BLOCK | +action_result.data.\*.logEnd | boolean | | | +action_result.data.\*.enabled | boolean | | | +action_result.data.\*.logBegin | boolean | | | +action_result.data.\*.logFiles | boolean | | | +action_result.data.\*.metadata.domain.id | string | | | +action_result.data.\*.metadata.domain.name | string | | Global | +action_result.data.\*.metadata.domain.type | string | | Domain | +action_result.data.\*.metadata.accessPolicy.id | string | | | +action_result.data.\*.metadata.accessPolicy.name | string | | | +action_result.data.\*.metadata.accessPolicy.type | string | | AccessPolicy | +action_result.data.\*.variableSet.id | string | | | +action_result.data.\*.variableSet.name | string | | | +action_result.data.\*.variableSet.type | string | | VariableSet | +action_result.data.\*.sourceNetworks.objects.\*.id | string | | | +action_result.data.\*.sourceNetworks.objects.\*.name | string | | | +action_result.data.\*.sourceNetworks.objects.\*.type | string | | NetworkGroup Network | +action_result.data.\*.sourceNetworks.objects.\*.overridable | boolean | | | +action_result.data.\*.sendEventsToFMC | boolean | | | +action_result.data.\*.destinationNetworks.objects.\*.id | string | | | +action_result.data.\*.destinationNetworks.objects.\*.name | string | | | +action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network | +action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | | ## action: 'list devices' + Lists all devices belonging to a particular domain/tenant -Type: **investigate** +Type: **investigate** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | -action_result.data.\*.links.self | string | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | SENSOR | +action_result.data.\*.links.self | string | | | ## action: 'get deployable devices' + List all devices with configuration chnges that are ready to be deployed -Type: **investigate** +Type: **investigate** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | -action_result.data.\*.name | string | | -action_result.data.\*.type | string | | SENSOR +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | | +action_result.data.\*.type | string | | SENSOR | ## action: 'deploy devices' + Deploy devices that are ready to deploy -Type: **generic** +Type: **generic** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**devices** | optional | Device IDs of devices to deploy changes to. If left empty all devices with configuration changes will deploy | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**devices** | optional | Device IDs of devices to deploy changes to. If left empty all devices with configuration changes will deploy | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.devices | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.type | string | | DeploymentRequest -action_result.data.\*.version | string | | -action_result.data.\*.metadata.task.id | string | | -action_result.data.\*.metadata.task.links.self | string | | https://hostname/api/fmc_config/v1/domain/default/job/taskstatuses/77309722217 -action_result.data.\*.deviceList.\* | string | | +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.devices | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.type | string | | DeploymentRequest | +action_result.data.\*.version | string | | | +action_result.data.\*.metadata.task.id | string | | | +action_result.data.\*.metadata.task.links.self | string | | https://hostname/api/fmc_config/v1/domain/default/job/taskstatuses/77309722217 | +action_result.data.\*.deviceList.\* | string | | | ## action: 'get deployment status' + Get status of a deployment -Type: **investigate** +Type: **investigate** \ Read only: **True** #### Action Parameters + PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**deployment_id** | required | Id of the deployment | string | -**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | +**deployment_id** | required | Id of the deployment | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output + DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES --------- | ---- | -------- | -------------- -action_result.status | string | | success failed -action_result.parameter.deployment_id | string | | -action_result.parameter.domain_name | string | | -action_result.data.\*.id | string | | DeploymentRequest -action_result.data.\*.task | string | | TaskStatus -action_result.data.\*.status | string | | Deploying Deployed -action_result.data.\*.message | string | | -action_result.data.\*.deviceList.\* | string | | \ No newline at end of file +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.deployment_id | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | DeploymentRequest | +action_result.data.\*.task | string | | TaskStatus | +action_result.data.\*.status | string | | Deploying Deployed | +action_result.data.\*.message | string | | | +action_result.data.\*.deviceList.\* | string | | | + +______________________________________________________________________ + +Auto-generated Splunk SOAR Connector documentation. + +Copyright 2025 Splunk Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and limitations under the License. From 8dd43247d8ed412ea18f3638cf970aa38c96441e Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Mon, 27 Jan 2025 17:31:39 -0800 Subject: [PATCH 10/22] PAPP-35185: adding init file --- __init__.py | 0 ciscosecurefirewall.json | 2 +- ciscosecurefirewall_connector.py | 58 ++++++++++++++++---------------- 3 files changed, 30 insertions(+), 30 deletions(-) create mode 100644 __init__.py diff --git a/__init__.py b/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index 7866f81..7b04812 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -1,5 +1,5 @@ { - "appid": "21834fdf-826d-4595-a036-d7b8841ab798", + "appid": "268cecc2-a5ea-438b-96f8-3ab1d8443d93", "name": "Cisco Secure Firewall", "description": "This app interfaces with Cisco Firepower devices to adds, updates and deletes network objects, network object groups, access policies and access rules", "publisher": "Splunk", diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 13d9d03..9379c49 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -168,7 +168,7 @@ def _get_token(self, action_result): self.refresh_count += 1 self.headers[REFRESH_TOKEN_KEY] = self._state[REFRESH_TOKEN_KEY] self.headers[TOKEN_KEY] = self._state[TOKEN_KEY] - ret_val, headers = self.__make_rest_call("post", REFRESH_ENDPOINT, action_result, headers_only=True, first_try=False) + ret_val, headers = self._make_rest_call("post", REFRESH_ENDPOINT, action_result, headers_only=True, first_try=False) if not phantom.is_fail(ret_val): self.token = headers.get(TOKEN_KEY) self.headers[TOKEN_KEY] = self.token @@ -180,7 +180,7 @@ def _get_token(self, action_result): self.debug_print("Fetching a new token") self.headers.pop(REFRESH_TOKEN_KEY, None) auth = requests.auth.HTTPBasicAuth(self.username, self.password) - ret_val, headers = self.__make_rest_call("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=True, auth=auth) + ret_val, headers = self._make_rest_call("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=True, auth=auth) if phantom.is_fail(ret_val): self.debug_print(f"Error {ret_val} while generating token with response {headers}") self._reset_state_file() @@ -281,7 +281,7 @@ def _process_response(self, r, action_result): return RetVal(action_result.set_status(phantom.APP_ERROR, msg), None) - def __make_rest_call(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): + def _make_rest_call(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): """ This method makes a REST call to the API """ @@ -306,7 +306,7 @@ def __make_rest_call(self, method, resource, action_result, json_body=None, head return action_result.get_status(), None self.debug_print(f"Running url that failed because of token error {resource}") - return self.__make_rest_call(method, resource, action_result, json_body, headers_only, first_try=False) + return self._make_rest_call(method, resource, action_result, json_body, headers_only, first_try=False) message = "Error from server. Status Code: {0} Data from server: {1}".format( result.status_code, result.text.replace("{", "{{").replace("}", "}}") @@ -333,7 +333,7 @@ def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: self.save_progress("Testing connectivity") url = GET_HOSTS_ENDPOINT.format(domain_id="default") - ret_val, _ = self.__make_rest_call("get", url, action_result) + ret_val, _ = self._make_rest_call("get", url, action_result) if phantom.is_fail(ret_val): self.save_progress("Connectivity test failed") return action_result.get_status() @@ -349,7 +349,7 @@ def get_network_objects_of_type(self, object_type, domain_uuid, action_result, n params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self.__make_rest_call("get", url, action_result, params=params) + ret_val, response = self._make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -399,7 +399,7 @@ def _handle_list_network_objects(self, param: Dict[str, Any]) -> bool: def get_network_object(self, domain_id: int, object_id: int) -> Tuple[bool, Dict[str, Any]]: url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_id, type="networks", object_id=object_id) - ret_val, response = self.__make_rest_call("get", url, self) + ret_val, response = self._make_rest_call("get", url, self) return ret_val, response def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: @@ -413,7 +413,7 @@ def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: domain_uuid = self.get_domain_id(param.get("domain_name")) url = NETWORK_OBJECTS_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s") - ret_val, response = self.__make_rest_call("post", url, action_result, json_body=payload) + ret_val, response = self._make_rest_call("post", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -439,7 +439,7 @@ def _handle_update_network_object(self, param: Dict[str, Any]) -> bool: url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) - ret_val, response = self.__make_rest_call("put", url, action_result, json_body=payload) + ret_val, response = self._make_rest_call("put", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -457,7 +457,7 @@ def _handle_delete_network_object(self, param: Dict[str, Any]) -> bool: domain_uuid = self.get_domain_id(param.get("domain_name")) url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s", object_id=object_id) - ret_val, response = self.__make_rest_call("delete", url, action_result) + ret_val, response = self._make_rest_call("delete", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -493,7 +493,7 @@ def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: params = {"limit": limit, "expanded": True} while True: params["offset"] = offset - ret_val, response = self.__make_rest_call("get", url, action_result, params=params) + ret_val, response = self._make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -533,7 +533,7 @@ def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: url = NETWORK_GROUPS_ENDPOINT.format(domain_id=domain_uuid) - ret_val, response = self.__make_rest_call("post", url, action_result, json_body=payload) + ret_val, response = self._make_rest_call("post", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -544,7 +544,7 @@ def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: def get_network_group(self, domain_uuid, group_id): url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) - ret_val, response = self.__make_rest_call("get", url, self) + ret_val, response = self._make_rest_call("get", url, self) return ret_val, response def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: @@ -573,7 +573,7 @@ def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: resp["objects"] = objects update_url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) - ret_val, response = self.__make_rest_call("put", update_url, action_result, json_body=resp) + ret_val, response = self._make_rest_call("put", update_url, action_result, json_body=resp) if phantom.is_fail(ret_val): return action_result.get_status() @@ -591,7 +591,7 @@ def _handle_delete_network_group(self, param): domain_uuid = self.get_domain_id(param.get("domain_name")) update_url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) - ret_val, response = self.__make_rest_call("delete", update_url, action_result) + ret_val, response = self._make_rest_call("delete", update_url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -612,7 +612,7 @@ def _handle_get_access_policies(self, param): params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self.__make_rest_call("get", url, action_result, params=params) + ret_val, response = self._make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -647,7 +647,7 @@ def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: payload["description"] = param["description"] url = ACCESS_POLICY_ENDPOINT.format(domain_id=domain_uuid) - ret_val, response = self.__make_rest_call("post", url, action_result, json_body=payload) + ret_val, response = self._make_rest_call("post", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -658,7 +658,7 @@ def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: def get_access_policy(self, domain_uuid, policy_id): url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - ret_val, response = self.__make_rest_call("get", url, self) + ret_val, response = self._make_rest_call("get", url, self) return ret_val, response def _handle_update_access_policy(self, param): @@ -692,7 +692,7 @@ def _handle_update_access_policy(self, param): url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) print(f"payload is {payload}") - ret_val, response = self.__make_rest_call("put", url, action_result, json_body=payload) + ret_val, response = self._make_rest_call("put", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() print(f"updated policy with {response}") @@ -710,7 +710,7 @@ def _handle_delete_access_policy(self, param: Dict[str, Any]) -> bool: policy_id = param["policy_id"] url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - ret_val, response = self.__make_rest_call("delete", url, action_result) + ret_val, response = self._make_rest_call("delete", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -744,7 +744,7 @@ def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self.__make_rest_call("get", url, action_result, params=params) + ret_val, response = self._make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -815,7 +815,7 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: rule_payload["destinationNetworks"]["objects"] = destination_networks_objects url = ACCESS_RULES_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - ret_val, response = self.__make_rest_call("post", url, action_result, json_body=rule_payload) + ret_val, response = self._make_rest_call("post", url, action_result, json_body=rule_payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -826,7 +826,7 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: def get_access_control_rule(self, domain_id: str, policy_id: str, rule_id: str) -> Tuple[bool, Dict[str, Any]]: url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_id, policy_id=policy_id, rule_id=rule_id) - ret_val, response = self.__make_rest_call("get", url, self) + ret_val, response = self._make_rest_call("get", url, self) return ret_val, response def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: @@ -889,7 +889,7 @@ def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: rule_payload["destinationNetworks"] = {"objects": filtered_destination_networks} url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id, rule_id=rule_id) - ret_val, response = self.__make_rest_call("put", url, action_result, json_body=rule_payload) + ret_val, response = self._make_rest_call("put", url, action_result, json_body=rule_payload) if phantom.is_fail(ret_val): return action_result.get_status() @@ -909,7 +909,7 @@ def _handle_delete_access_rule(self, param: Dict[str, Any]) -> bool: policy_id = param["policy_id"] url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id, rule_id=rule_id) - ret_val, response = self.__make_rest_call("delete", url, action_result) + ret_val, response = self._make_rest_call("delete", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() @@ -931,7 +931,7 @@ def _handle_list_devices(self, param: Dict[str, Any]) -> bool: params = {"limit": limit} while True: params["offset"] = offset - ret_val, response = self.__make_rest_call("get", url, action_result, params=params) + ret_val, response = self._make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): return action_result.get_status() @@ -962,7 +962,7 @@ def get_deployable_devices(self, domain_id: str) -> Tuple[bool, Any]: params = {"limit": limit, "expanded": True} while True: params["offset"] = offset - ret_val, response = self.__make_rest_call("get", url, self, params=params) + ret_val, response = self._make_rest_call("get", url, self, params=params) if phantom.is_fail(ret_val): return phantom.APP_ERROR, [] @@ -1022,7 +1022,7 @@ def _handle_deploy_devices(self, param: Dict[str, Any]) -> bool: url = DEPLOY_DEVICES_ENDPOINT.format(domain_id=domain_uuid) body = {"type": "DeploymentRequest", "version": "0", "forceDeploy": True, "ignoreWarning": True, "deviceList": devices_to_deploy} - ret_val, response = self.__make_rest_call("post", url, action_result, body) + ret_val, response = self._make_rest_call("post", url, action_result, body) if phantom.is_fail(ret_val): return action_result.get_status() @@ -1041,7 +1041,7 @@ def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: deployment_id = param["deployment_id"] url = DEPLOYMENT_STATUS_ENDPOINT.format(domain_id=domain_uuid, task_id=deployment_id) - ret_val, response = self.__make_rest_call("get", url, action_result) + ret_val, response = self._make_rest_call("get", url, action_result) if phantom.is_fail(ret_val): return action_result.get_status() From a69fd103f352c24428830743146ec90b44568340 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Wed, 29 Jan 2025 13:45:02 -0800 Subject: [PATCH 11/22] PAPP-35185: adding intrusion policy actions --- ciscosecurefirewall.json | 543 ++++++++++++++++++++++++++++++- ciscosecurefirewall_connector.py | 339 +++++++++++-------- ciscosecurefirewall_consts.py | 4 +- 3 files changed, 744 insertions(+), 142 deletions(-) diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index 7b04812..0459339 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -1128,15 +1128,20 @@ }, { "action": "get access control policies", - "description": "Gets all access control polcies in the FMC host for a particular domain", + "description": "Gets all or a particular access control policy in the FMC host for a particular domain", "type": "investigate", "identifier": "get_access_policies", "read_only": true, "parameters": { + "policy_id": { + "description": "Id of the policy to retrieve", + "data_type": "string", + "order": 0 + }, "domain_name": { "description": "Firepower Domain. If none is specified the default domain will be queried", "data_type": "string", - "order": 0 + "order": 1 } }, "output": [ @@ -1325,7 +1330,7 @@ "order": 0 }, "name": { - "description": "Name of the network group", + "description": "Name of the policy", "data_type": "string", "order": 1 }, @@ -1701,7 +1706,10 @@ "ALLOW", "BLOCK", "TRUST", - "MONITOR" + "MONITOR", + "BLOCK_RESET", + "BLOCK_INTERACTIVE", + "BLOCK_RESET_INTERACTIVE" ], "order": 2 }, @@ -1946,7 +1954,10 @@ "ALLOW", "BLOCK", "TRUST", - "MONITOR" + "MONITOR", + "BLOCK_RESET", + "BLOCK_INTERACTIVE", + "BLOCK_RESET_INTERACTIVE" ], "order": 3 }, @@ -2405,6 +2416,528 @@ }, "versions": "EQ(*)" }, + { + "action": "list intrusion policies", + "description": "Gets all intrusion polcies in the FMC host for a particular domain", + "type": "investigate", + "identifier": "list_intrusion_policies", + "read_only": true, + "parameters": { + "policy_id": { + "description": "Intrusion policy to retrieve", + "data_type": "string", + "order": 0 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 1 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ], + "column_name": "Policy Name", + "column_order": 0 + }, + { + "data_path": "action_result.data.*.policy_id", + "data_type": "string", + "example_values": [ + "00000000-0000-0ed3-0000-012884902138" + ], + "column_name": "Policy Id", + "column_order": 1 + } + ], + "render": { + "title": "Intrusion Policies", + "type": "table" + }, + "versions": "EQ(*)" + }, + { + "action": "create intrusion policy", + "description": "Create an intrusion policy", + "type": "generic", + "read_only": false, + "identifier": "create_intrusion_policy", + "parameters": { + "name": { + "description": "Name of the intrusion policy", + "data_type": "string", + "required": true, + "order": 0 + }, + "description": { + "description": "Description of the intrusion policy", + "data_type": "string", + "order": 1 + }, + "base_policy": { + "description": "Base intrusion policy ID. Can be found using list intrusion policies", + "data_type": "string", + "required": true, + "order": 2 + }, + "inspection_mode": { + "description": "The inspection mode for the Snort 3 engine", + "data_type": "string", + "value_list": [ + "DETECTION", + "PREVENTION" + ], + "order": 3 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 4 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.description", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.base_policy", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.inspection_mode", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string", + "column_order": 0, + "column_name": "Policy Id" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ], + "column_name": "Policy Name", + "column_order": 1 + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "intrusionpolicy" + ] + }, + { + "data_path": "action_result.data.*.basePolicy.id", + "data_type": "string", + "column_name": "Base Policy Id", + "column_order": 3 + }, + { + "data_path": "action_result.data.*.basePolicy.name", + "data_type": "string", + "example_values": [ + "Balanced Security and Connectivity" + ], + "column_name": "Base Policy Name", + "column_order": 4 + }, + { + "data_path": "action_result.data.*.basePolicy.type", + "data_type": "string", + "example_values": [ + "intrusionpolicy" + ] + }, + { + "data_path": "action_result.data.*.basePolicy.inspectionMode", + "data_type": "string", + "example_values": [ + "DETECTION" + ], + "column_name": "Base Policy Inspection Mode", + "column_order": 5 + }, + { + "data_path": "action_result.data.*.basePolicy.isSystemDefined", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.description", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.inspectionMode", + "data_type": "string", + "example_values": [ + "DETECTION" + ], + "column_name": "Policy Inspection Mode", + "column_order": 2 + } + ], + "render": { + "title": "Create Intrusion Policy", + "type": "table" + }, + "versions": "EQ(*)" + }, + { + "action": "update intrusion policy", + "description": "Update an intrusion policy", + "type": "generic", + "read_only": false, + "identifier": "update_intrusion_policy", + "parameters": { + "policy_id": { + "description": "Id of the intrusion policy to update", + "data_type": "string", + "required": true, + "order": 0 + }, + "name": { + "description": "Name of the policy", + "data_type": "string", + "order": 1 + }, + "description": { + "description": "Description of the policy", + "data_type": "string", + "order": 2 + }, + "base_policy": { + "description": "Base intrusion policy ID. Can be found using list intrusion policies", + "data_type": "string", + "order": 3 + }, + "inspection_mode": { + "description": "The inspection mode for the Snort 3 engine", + "data_type": "string", + "value_list": [ + "DETECTION", + "PREVENTION" + ], + "order": 4 + }, + "replicate_inspection_mode": { + "description": "Whether to replicate inspection_mode from Snort 3 to Snort ", + "data_type": "boolean", + "order": 5 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 6 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.description", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.base_policy", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.inspection_mode", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string", + "column_order": 0, + "column_name": "Policy Id" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ], + "column_name": "Policy Name", + "column_order": 1 + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "intrusionpolicy" + ] + }, + { + "data_path": "action_result.data.*.basePolicy.id", + "data_type": "string", + "column_name": "Base Policy Id", + "column_order": 3 + }, + { + "data_path": "action_result.data.*.basePolicy.name", + "data_type": "string", + "example_values": [ + "Balanced Security and Connectivity" + ], + "column_name": "Base Policy Name", + "column_order": 4 + }, + { + "data_path": "action_result.data.*.basePolicy.type", + "data_type": "string", + "example_values": [ + "intrusionpolicy" + ] + }, + { + "data_path": "action_result.data.*.basePolicy.inspectionMode", + "data_type": "string", + "example_values": [ + "DETECTION" + ], + "column_name": "Base Policy Inspection Mode", + "column_order": 5 + }, + { + "data_path": "action_result.data.*.basePolicy.isSystemDefined", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.description", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.inspectionMode", + "data_type": "string", + "example_values": [ + "DETECTION" + ], + "column_name": "Policy Inspection Mode", + "column_order": 2 + } + ], + "render": { + "title": "Update Intrusion Policy", + "type": "table" + }, + "versions": "EQ(*)" + }, + { + "action": "delete intrusion policies", + "description": "Deleted the specified access intrusion policy", + "type": "generic", + "identifier": "delete_intrusion_policy", + "read_only": false, + "parameters": { + "policy_id": { + "description": "Id of the policy to delete", + "data_type": "string", + "required": true, + "order": 0 + }, + "domain_name": { + "description": "Firepower Domain. If none is specified the default domain will be queried", + "data_type": "string", + "order": 1 + } + }, + "output": [ + { + "data_path": "action_result.status", + "data_type": "string", + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.parameter.name", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.description", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.base_policy", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.inspection_mode", + "data_type": "string" + }, + { + "data_path": "action_result.parameter.domain_name", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.id", + "data_type": "string", + "column_order": 0, + "column_name": "Policy Id" + }, + { + "data_path": "action_result.data.*.name", + "data_type": "string", + "example_values": [ + "new-policy" + ], + "column_name": "Policy Name", + "column_order": 1 + }, + { + "data_path": "action_result.data.*.type", + "data_type": "string", + "example_values": [ + "intrusionpolicy" + ] + }, + { + "data_path": "action_result.data.*.basePolicy.id", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.basePolicy.name", + "data_type": "string", + "example_values": [ + "Balanced Security and Connectivity" + ] + }, + { + "data_path": "action_result.data.*.basePolicy.type", + "data_type": "string", + "example_values": [ + "intrusionpolicy" + ] + }, + { + "data_path": "action_result.data.*.basePolicy.inspectionMode", + "data_type": "string", + "example_values": [ + "DETECTION" + ], + "column_name": "Inspection Mode", + "column_order": 2 + }, + { + "data_path": "action_result.data.*.basePolicy.isSystemDefined", + "data_type": "boolean" + }, + { + "data_path": "action_result.data.*.description", + "data_type": "string" + }, + { + "data_path": "action_result.data.*.inspectionMode", + "data_type": "string", + "example_values": [ + "DETECTION" + ] + } + ], + "render": { + "title": "Delete Intrsuin Policy", + "type": "table" + }, + "versions": "EQ(*)" + }, { "action": "list devices", "description": "Lists all devices belonging to a particular domain/tenant", diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 9379c49..81a97ca 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -23,7 +23,34 @@ from phantom.action_result import ActionResult from phantom.base_connector import BaseConnector -from ciscosecurefirewall_consts import * +from ciscosecurefirewall_consts import ( + ACCESS_POLICY_ENDPOINT, + ACCESS_POLICY_ID_ENDPOINT, + ACCESS_RULES_ENDPOINT, + ACCESS_RULES_ID_ENDPOINT, + CLOUD_HOST, + DEFAULT_REQUEST_TIMEOUT, + DEPLOY_DEVICES_ENDPOINT, + DEPLOYMENT_STATUS_ENDPOINT, + DEVICES_ENDPOINT, + ENCRYPTION_ERR, + GET_DEPLOYABLE_DEVICES_ENDPOINT, + GET_HOSTS_ENDPOINT, + HEADERS, + INTRUSION_POLICY_ENDPOINT, + INTRUSION_POLICY_ID_ENDPOINT, + NETWORK_GROUPS_ENDPOINT, + NETWORK_GROUPS_ID_ENDPOINT, + NETWORK_OBJECT_ID_ENDPOINT, + NETWORK_OBJECTS_ENDPOINT, + OBJECT_TYPES, + REFRESH_COUNT, + REFRESH_ENDPOINT, + REFRESH_TOKEN_KEY, + STATE_FILE_CORRUPT_ERR, + TOKEN_ENDPOINT, + TOKEN_KEY, +) class RetVal(tuple): @@ -101,7 +128,6 @@ def initialize(self): self.refresh_token = self._state.get(REFRESH_COUNT, 0) ret_val = self._get_token(action_result) - self.debug_print(f"the state file is {self._state}") if phantom.is_fail(ret_val): return self.get_status() @@ -138,7 +164,7 @@ def _update_state(self): self._state[TOKEN_KEY] = self.token self._state[REFRESH_TOKEN_KEY] = self.refresh_token self._state[REFRESH_COUNT] = self.refresh_count - self._state[DOMAINS] = self.domains + self._state["domains"] = self.domains self.save_state(self._state) def authenicate_cloud_fmc(self, config): @@ -281,12 +307,12 @@ def _process_response(self, r, action_result): return RetVal(action_result.set_status(phantom.APP_ERROR, msg), None) - def _make_rest_call(self, method, resource, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): + def _make_rest_call(self, method, endpoint, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): """ This method makes a REST call to the API """ request_method = getattr(requests, method) - url = "https://{0}{1}".format(self.firepower_host, resource) + url = "https://{0}{1}".format(self.firepower_host, endpoint) if json_body: self.headers.update({"Content-type": "application/json"}) @@ -305,8 +331,8 @@ def _make_rest_call(self, method, resource, action_result, json_body=None, heade if phantom.is_fail(ret_val): return action_result.get_status(), None - self.debug_print(f"Running url that failed because of token error {resource}") - return self._make_rest_call(method, resource, action_result, json_body, headers_only, first_try=False) + self.debug_print(f"Re-running endpoint that failed because of token error {endpoint}") + return self._make_rest_call(method, endpoint, action_result, json_body, headers_only, first_try=False) message = "Error from server. Status Code: {0} Data from server: {1}".format( result.status_code, result.text.replace("{", "{{").replace("}", "}}") @@ -477,42 +503,50 @@ def get_domain_id(self, domain_name: str) -> str: if domain_name.lower() == leaf_domain: return domain["uuid"] - def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: - self.save_progress(f"In action handler for: {self.get_action_identifier()}") - - # Add an action result object to self (BaseConnector) to represent the action for this param - action_result = self.add_action_result(ActionResult(dict(param))) - - group_name = param.get("group_name") - domain_uuid = self.get_domain_id(param.get("domain_name")) - - url = NETWORK_GROUPS_ENDPOINT.format(domain_id=domain_uuid) - + def list_objects(self, url: str, action_result: ActionResult, expanded: bool = False) -> Tuple[bool, list]: + objects = [] offset = 0 limit = 50 - params = {"limit": limit, "expanded": True} + params = {"limit": limit, "expanded": str(expanded).lower()} while True: params["offset"] = offset ret_val, response = self._make_rest_call("get", url, action_result, params=params) if phantom.is_fail(ret_val): - return action_result.get_status() + return action_result.get_status(), [] try: - network_group_list = response.get("items", []) - for item in network_group_list: - if not group_name or group_name == item["name"]: - action_result.add_data({"name": item["name"], "uuid": item["id"]}) + objects.extend(response.get("items", [])) except Exception as e: message = "An error occurred while processing network groups" self.debug_print(f"{message}. {str(e)}") - return self.set_status(phantom.APP_ERROR, message) + return action_result.set_status(phantom.APP_ERROR, message), [] if "paging" in response and "next" in response["paging"]: offset += limit else: break + return phantom.APP_SUCCESS, objects + + def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + # Add an action result object to self (BaseConnector) to represent the action for this param + action_result = self.add_action_result(ActionResult(dict(param))) + + group_name = param.get("group_name") + domain_uuid = self.get_domain_id(param.get("domain_name")) + + url = NETWORK_GROUPS_ENDPOINT.format(domain_id=domain_uuid) + ret_val, network_group_list = self.list_objects(url, action_result, True) + if phantom.is_fail(ret_val): + return action_result.get_status() + + for item in network_group_list: + if not group_name or group_name == item["name"]: + action_result.add_data({"name": item["name"], "uuid": item["id"]}) + action_result.update_summary({"total_groups_returned": len(action_result.get_data())}) return action_result.set_status(phantom.APP_SUCCESS) @@ -604,32 +638,23 @@ def _handle_get_access_policies(self, param): self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) + policy_id = param.get("policy_id") domain_uuid = self.get_domain_id(param.get("domain_name")) url = ACCESS_POLICY_ENDPOINT.format(domain_id=domain_uuid) - offset = 0 - limit = 50 - params = {"limit": limit} - while True: - params["offset"] = offset - ret_val, response = self._make_rest_call("get", url, action_result, params=params) + if policy_id: + ret_val, policy_data = self.get_access_policy(domain_uuid, policy_id) if phantom.is_fail(ret_val): - return action_result.get_status() - - try: - policies = response.get("items", []) - for policy in policies: - action_result.add_data({"name": policy["name"], "policy_id": policy["id"]}) + return self.get_status() + action_result.add_data(policy_data) + return action_result.set_status(phantom.APP_SUCCESS) - except Exception as e: - message = "An error occurred while processing access policies" - self.debug_print(f"{message}. {str(e)}") - return self.set_status(phantom.APP_ERROR, message) + ret_val, policies = self.list_objects(url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() - if "paging" in response and "next" in response["paging"]: - offset += limit - else: - break + for policy in policies: + action_result.add_data({"name": policy["name"], "policy_id": policy["id"]}) action_result.update_summary({"total_policies_returned": len(action_result.get_data())}) @@ -675,15 +700,12 @@ def _handle_update_access_policy(self, param): cur_action = policy_data["defaultAction"] payload = { "id": policy_data["id"], - "name": policy_data["name"], + "name": param.get("name") or policy_data["name"], "type": "AccessPolicy", "defaultAction": cur_action, "description": policy_data.get("description", ""), } - if param.get("name"): - payload["name"] = param["name"] - if param.get("description"): payload["description"] = param["description"] @@ -691,11 +713,9 @@ def _handle_update_access_policy(self, param): payload["defaultAction"]["action"] = param["action"].upper() url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - print(f"payload is {payload}") ret_val, response = self._make_rest_call("put", url, action_result, json_body=payload) if phantom.is_fail(ret_val): return action_result.get_status() - print(f"updated policy with {response}") action_result.add_data(response) summary = action_result.update_summary({}) summary["Message"] = f"Successfully updated access policy with id {policy_id}" @@ -739,29 +759,12 @@ def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: url = ACCESS_RULES_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) - offset = 0 - limit = 50 - params = {"limit": limit} - while True: - params["offset"] = offset - ret_val, response = self._make_rest_call("get", url, action_result, params=params) - if phantom.is_fail(ret_val): - return action_result.get_status() - - try: - rules = response.get("items", []) - for rule in rules: - action_result.add_data({"name": rule["name"], "rule_id": rule["id"]}) + ret_val, rules = self.list_objects(url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() - except Exception as e: - message = "An error occurred while processing access rules" - self.debug_print(f"{message}. {str(e)}") - return self.set_status(phantom.APP_ERROR, message) - - if "paging" in response and "next" in response["paging"]: - offset += limit - else: - break + for rule in rules: + action_result.add_data({"name": rule["name"], "rule_id": rule["id"]}) action_result.update_summary({"total_rules_returned": len(action_result.get_data())}) @@ -776,7 +779,6 @@ def build_network_objects_list(self, network_ids: list, dommain_uuid: str) -> Tu continue ret_val, _ = self.get_network_group(dommain_uuid, object_id) if phantom.is_fail(ret_val): - self.debug_print(f"Id {object_id} is not a network object or network group") return self.get_status(), None networks_objects.append({"type": "NetworkGroup", "id": object_id}) @@ -843,21 +845,12 @@ def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: rule_payload = { "id": rule_data["id"], - "name": rule_data["name"], - "action": rule_data["action"], + "name": param.get("name") or rule_data["name"], + "action": param.get("action") or rule_data["action"], "type": rule_data["type"], - "enabled": rule_data["enabled"], + "enabled": param.get("enabled") or rule_data["enabled"], } - if param.get("name"): - rule_payload["name"] = param["name"] - - if param.get("action"): - rule_payload["action"] = param["action"] - - if param.get("enabled"): - rule_payload["enabled"] = param["enabled"] - current_source_networks = rule_data.get("destinationNetworks", {}).get("objects", []) source_networks = param.get("source_networks_to_add", "") source_networks = [network.strip() for network in source_networks.split(",") if network.strip()] @@ -926,61 +919,28 @@ def _handle_list_devices(self, param: Dict[str, Any]) -> bool: url = DEVICES_ENDPOINT.format(domain_id=domain_uuid) - offset = 0 - limit = 50 - params = {"limit": limit} - while True: - params["offset"] = offset - ret_val, response = self._make_rest_call("get", url, action_result, params=params) - if phantom.is_fail(ret_val): - return action_result.get_status() - - try: - devices = response.get("items", []) - for device in devices: - action_result.add_data(device) - - except Exception as e: - message = "An error occurred while getting devices" - self.debug_print(f"{message}. {str(e)}") - return action_result.set_status(phantom.APP_ERROR, message) + ret_val, devices = self.list_objects(url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() - if "paging" in response and "next" in response["paging"]: - offset += limit - else: - break + for device in devices: + action_result.add_data(device) action_result.update_summary({"total_deices_returned": len(action_result.get_data())}) return action_result.set_status(phantom.APP_SUCCESS) - def get_deployable_devices(self, domain_id: str) -> Tuple[bool, Any]: - url = GET_DEPLOYABLE_DEVICES_ENDPOINT.format(domain_id=domain_id, isExpand=True) - deployable_devices = [] - offset = 0 - limit = 50 - params = {"limit": limit, "expanded": True} - while True: - params["offset"] = offset - ret_val, response = self._make_rest_call("get", url, self, params=params) - if phantom.is_fail(ret_val): - return phantom.APP_ERROR, [] - - try: - devices = response.get("items", []) - for item in devices: - deployable_devices.append({"name": item["device"]["name"], "id": item["device"]["id"], "type": item["device"]["type"]}) - except Exception as e: - message = "An error occurred while processing access rules" - self.debug_print(f"{message}. {str(e)}") - return phantom.APP_ERROR, [] + def get_deployable_devices(self, domain_id: str, action_result) -> Tuple[bool, Any]: + url = GET_DEPLOYABLE_DEVICES_ENDPOINT.format(domain_id=domain_id) + device_lst = [] + ret_val, deployable_devices = self.list_objects(url, action_result, True) + if phantom.is_fail(ret_val): + return action_result.get_status(), device_lst - if "paging" in response and "next" in response["paging"]: - offset += limit - else: - break + for device in deployable_devices: + device_lst.append({"name": device["device"]["name"], "id": device["device"]["id"], "type": device["device"]["type"]}) - return phantom.APP_SUCCESS, deployable_devices + return phantom.APP_SUCCESS, device_lst def _handle_get_deployable_devices(self, param: Dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") @@ -988,7 +948,7 @@ def _handle_get_deployable_devices(self, param: Dict[str, Any]) -> bool: action_result = self.add_action_result(ActionResult(dict(param))) domain_uuid = self.get_domain_id(param.get("domain_name")) - ret_val, devices = self.get_deployable_devices(domain_uuid) + ret_val, devices = self.get_deployable_devices(domain_uuid, action_result) if phantom.is_fail(ret_val): return action_result.set_status(phantom.APP_ERROR, "Unable to get deployable devices") @@ -1008,7 +968,7 @@ def _handle_deploy_devices(self, param: Dict[str, Any]) -> bool: devices_to_deploy = [device.strip() for device in param.get("devices", "").split(",") if device.strip()] if not devices_to_deploy: - ret_val, devices = self.get_deployable_devices(domain_uuid) + ret_val, devices = self.get_deployable_devices(domain_uuid, action_result) if phantom.is_fail(ret_val): return action_result.set_status(phantom.APP_ERROR, "Unable to get deployable devices") for device in devices: @@ -1050,6 +1010,107 @@ def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully retrieved status for deployment {deployment_id}" return action_result.set_status(phantom.APP_SUCCESS) + def get_intrusion_policy(self, domain_uuid, policy_id): + url = INTRUSION_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + ret_val, response = self._make_rest_call("get", url, self) + return ret_val, response + + def _handle_list_intrusion_policies(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + + action_result = self.add_action_result(ActionResult(dict(param))) + domain_uuid = self.get_domain_id(param.get("domain_name")) + policy_id = param.get("policy_id") + if policy_id: + ret_val, policy_data = self.get_intrusion_policy(domain_uuid, policy_id) + if phantom.is_fail(ret_val): + return ret_val + action_result.add_data(policy_data) + return action_result.set_status(phantom.APP_SUCCESS) + + url = INTRUSION_POLICY_ENDPOINT.format(domain_id=domain_uuid) + + ret_val, policies = self.list_objects(url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() + + for policy in policies: + action_result.add_data({"name": policy["name"], "policy_id": policy["id"]}) + + action_result.update_summary({"total_policies_returned": len(action_result.get_data())}) + + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_create_intrusion_policy(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + action_result = self.add_action_result(ActionResult(dict(param))) + name = param["name"] + base_policy = param["base_policy"] + domain_uuid = self.get_domain_id(param.get("domain_name")) + + payload = {"name": name, "basePolicy": {"id": base_policy, "type": "IntrusionPolicy"}, "type": "IntrusionPolicy"} + description = param.get("description") + if description: + payload["description"] = description + inspection_mode = param.get("inspection_mode") + if inspection_mode: + payload["inspectionMode"] = inspection_mode + + url = INTRUSION_POLICY_ENDPOINT.format(domain_id=domain_uuid) + ret_val, response = self._make_rest_call("post", url, action_result, json_body=payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully added intrusion policy with name {name}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_update_intrusion_policy(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + action_result = self.add_action_result(ActionResult(dict(param))) + + policy_id = param["policy_id"] + domain_uuid = self.get_domain_id(param.get("domain_name")) + ret_val, policy_data = self.get_intrusion_policy(domain_uuid, policy_id) + if phantom.is_fail(ret_val): + return ret_val + + payload = { + "id": policy_id, + "name": param.get("name") or policy_data["name"], + "description": param.get("description", "") or policy_data.get("description", ""), + "inspectionMode": param.get("inspection_mode") or policy_data["inspectionMode"], + "basePolicy": {"id": param.get("base_policy") or policy_data["basePolicy"]["id"]}, + "replicate_inspection_mode": param.get("replicate_inspection_mode", False) + } + url = INTRUSION_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + ret_val, response = self._make_rest_call("put", url, action_result, json_body=payload) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully updated intrusion policy with id {policy_id}" + return action_result.set_status(phantom.APP_SUCCESS) + + def _handle_delete_intrusion_policy(self, param: Dict[str, Any]) -> bool: + self.save_progress(f"In action handler for: {self.get_action_identifier()}") + action_result = self.add_action_result(ActionResult(dict(param))) + + policy_id = param["policy_id"] + domain_uuid = self.get_domain_id(param.get("domain_name")) + + url = INTRUSION_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) + ret_val, response = self._make_rest_call("delete", url, action_result) + if phantom.is_fail(ret_val): + return action_result.get_status() + + action_result.add_data(response) + summary = action_result.update_summary({}) + summary["Message"] = f"Successfully delete intrusion policy with id {policy_id}" + return action_result.set_status(phantom.APP_SUCCESS) + def handle_action(self, param): ret_val = phantom.APP_SUCCESS @@ -1101,6 +1162,14 @@ def handle_action(self, param): ret_val = self._handle_deploy_devices(param) elif action_id == "get_deployment_status": ret_val = self._handle_get_deployment_status(param) + elif action_id == "list_intrusion_policies": + ret_val = self._handle_list_intrusion_policies(param) + elif action_id == "create_intrusion_policy": + ret_val = self._handle_create_intrusion_policy(param) + elif action_id == "update_intrusion_policy": + ret_val = self._handle_update_intrusion_policy(param) + elif action_id == "delete_intrusion_policy": + ret_val = self._handle_delete_intrusion_policy(param) return ret_val diff --git a/ciscosecurefirewall_consts.py b/ciscosecurefirewall_consts.py index 664667c..7252707 100644 --- a/ciscosecurefirewall_consts.py +++ b/ciscosecurefirewall_consts.py @@ -21,7 +21,6 @@ TOKEN_KEY = "X-auth-access-token" REFRESH_TOKEN_KEY = "X-auth-refresh-token" REFRESH_COUNT = "REFRESH_COUNT" -DOMAINS = "domains" GET_HOSTS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/hosts" ENCRYPTION_ERR = "Error occurred while encrypting the state file" NETWORK_GROUPS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/object/networkgroups" @@ -36,6 +35,7 @@ GET_DEPLOYABLE_DEVICES_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/deployment/deployabledevices" DEPLOY_DEVICES_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/deployment/deploymentrequests" DEPLOYMENT_STATUS_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/job/taskstatuses/{task_id}" -# OBJECT_TYPES = ["Network", "Host", "Range", "FQDN"] +INTRUSION_POLICY_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/intrusionpolicies" +INTRUSION_POLICY_ID_ENDPOINT = "/api/fmc_config/v1/domain/{domain_id}/policy/intrusionpolicies/{policy_id}" OBJECT_TYPES = ["Network", "Host", "Range"] CLOUD_HOST = "edge.{region}.cdo.cisco.com/api/rest/v1/cdfmc" From 77158136c04192c70d83d4fceff56ee342b43c1e Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Wed, 29 Jan 2025 22:07:30 +0000 Subject: [PATCH 12/22] Update README.md --- README.md | 159 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 156 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ba9081d..6dd4b0d 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION [create network group object](#action-create-network-group-object) - Create a network group object \ [update network group object](#action-update-network-group-object) - Update a network group object \ [delete network group object](#action-delete-network-group-object) - Delete a network group object \ -[get access control policies](#action-get-access-control-policies) - Gets all access control polcies in the FMC host for a particular domain \ +[get access control policies](#action-get-access-control-policies) - Gets all or a particular access control policy in the FMC host for a particular domain \ [create access control policy](#action-create-access-control-policy) - Create an access control policy \ [update access control policy](#action-update-access-control-policy) - Update an access control policy \ [delete access control policies](#action-delete-access-control-policies) - Deleted the specified access control policy \ @@ -42,6 +42,10 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION [create access control rule](#action-create-access-control-rule) - Creates an access control rule associated with a particular access control policy \ [update access control rule](#action-update-access-control-rule) - Updates an access control rule associated with a particular access control policy \ [delete access control rules](#action-delete-access-control-rules) - Deletes access control rule associated with a particular access control policy \ +[list intrusion policies](#action-list-intrusion-policies) - Gets all intrusion polcies in the FMC host for a particular domain \ +[create intrusion policy](#action-create-intrusion-policy) - Create an intrusion policy \ +[update intrusion policy](#action-update-intrusion-policy) - Update an intrusion policy \ +[delete intrusion policies](#action-delete-intrusion-policies) - Deleted the specified access intrusion policy \ [list devices](#action-list-devices) - Lists all devices belonging to a particular domain/tenant \ [get deployable devices](#action-get-deployable-devices) - List all devices with configuration chnges that are ready to be deployed \ [deploy devices](#action-deploy-devices) - Deploy devices that are ready to deploy \ @@ -378,7 +382,7 @@ action_result.data.\*.metadata.overridable | boolean | | | ## action: 'get access control policies' -Gets all access control polcies in the FMC host for a particular domain +Gets all or a particular access control policy in the FMC host for a particular domain Type: **investigate** \ Read only: **True** @@ -387,6 +391,7 @@ Read only: **True** PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- +**policy_id** | optional | Id of the policy to retrieve | string | | **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output @@ -449,7 +454,7 @@ Read only: **False** PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- **policy_id** | required | Id of the policy to update | string | | -**name** | optional | Name of the network group | string | | +**name** | optional | Name of the policy | string | | **description** | optional | Description of the policy | string | | **action** | optional | Type of action to take on matching traffic | string | | **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | @@ -725,6 +730,154 @@ action_result.data.\*.destinationNetworks.objects.\*.name | string | | | action_result.data.\*.destinationNetworks.objects.\*.type | string | | NetworkGroup Network | action_result.data.\*.destinationNetworks.objects.\*.overridable | boolean | | | +## action: 'list intrusion policies' + +Gets all intrusion polcies in the FMC host for a particular domain + +Type: **investigate** \ +Read only: **True** + +#### Action Parameters + +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**policy_id** | optional | Intrusion policy to retrieve | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | + +#### Action Output + +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.policy_id | string | | 00000000-0000-0ed3-0000-012884902138 | + +## action: 'create intrusion policy' + +Create an intrusion policy + +Type: **generic** \ +Read only: **False** + +#### Action Parameters + +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**name** | required | Name of the intrusion policy | string | | +**description** | optional | Description of the intrusion policy | string | | +**base_policy** | required | Base intrusion policy ID. Can be found using list intrusion policies | string | | +**inspection_mode** | optional | The inspection mode for the Snort 3 engine | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | + +#### Action Output + +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.name | string | | | +action_result.parameter.description | string | | | +action_result.parameter.base_policy | string | | | +action_result.parameter.inspection_mode | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.type | string | | intrusionpolicy | +action_result.data.\*.basePolicy.id | string | | | +action_result.data.\*.basePolicy.name | string | | Balanced Security and Connectivity | +action_result.data.\*.basePolicy.type | string | | intrusionpolicy | +action_result.data.\*.basePolicy.inspectionMode | string | | DETECTION | +action_result.data.\*.basePolicy.isSystemDefined | boolean | | | +action_result.data.\*.description | string | | | +action_result.data.\*.inspectionMode | string | | DETECTION | + +## action: 'update intrusion policy' + +Update an intrusion policy + +Type: **generic** \ +Read only: **False** + +#### Action Parameters + +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**policy_id** | required | Id of the intrusion policy to update | string | | +**name** | optional | Name of the policy | string | | +**description** | optional | Description of the policy | string | | +**base_policy** | optional | Base intrusion policy ID. Can be found using list intrusion policies | string | | +**inspection_mode** | optional | The inspection mode for the Snort 3 engine | string | | +**replicate_inspection_mode** | optional | Whether to replicate inspection_mode from Snort 3 to Snort | boolean | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | + +#### Action Output + +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.name | string | | | +action_result.parameter.description | string | | | +action_result.parameter.base_policy | string | | | +action_result.parameter.inspection_mode | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.type | string | | intrusionpolicy | +action_result.data.\*.basePolicy.id | string | | | +action_result.data.\*.basePolicy.name | string | | Balanced Security and Connectivity | +action_result.data.\*.basePolicy.type | string | | intrusionpolicy | +action_result.data.\*.basePolicy.inspectionMode | string | | DETECTION | +action_result.data.\*.basePolicy.isSystemDefined | boolean | | | +action_result.data.\*.description | string | | | +action_result.data.\*.inspectionMode | string | | DETECTION | + +## action: 'delete intrusion policies' + +Deleted the specified access intrusion policy + +Type: **generic** \ +Read only: **False** + +#### Action Parameters + +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**policy_id** | required | Id of the policy to delete | string | | +**domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | + +#### Action Output + +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed | +action_result.message | string | | | +summary.total_objects | numeric | | | +summary.total_objects_successful | numeric | | | +action_result.parameter.name | string | | | +action_result.parameter.description | string | | | +action_result.parameter.base_policy | string | | | +action_result.parameter.inspection_mode | string | | | +action_result.parameter.domain_name | string | | | +action_result.data.\*.id | string | | | +action_result.data.\*.name | string | | new-policy | +action_result.data.\*.type | string | | intrusionpolicy | +action_result.data.\*.basePolicy.id | string | | | +action_result.data.\*.basePolicy.name | string | | Balanced Security and Connectivity | +action_result.data.\*.basePolicy.type | string | | intrusionpolicy | +action_result.data.\*.basePolicy.inspectionMode | string | | DETECTION | +action_result.data.\*.basePolicy.isSystemDefined | boolean | | | +action_result.data.\*.description | string | | | +action_result.data.\*.inspectionMode | string | | DETECTION | + ## action: 'list devices' Lists all devices belonging to a particular domain/tenant From 969a31d8bc4adef7cfe78a8ea800787cbec19c4a Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Wed, 29 Jan 2025 14:13:29 -0800 Subject: [PATCH 13/22] trigger pipeline From 27aec9a8e48cc8640c846719a5462b0704a60757 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Wed, 29 Jan 2025 14:15:08 -0800 Subject: [PATCH 14/22] PAPP-35185: fixing static test error --- __init__.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/__init__.py b/__init__.py index e69de29..e7c29da 100644 --- a/__init__.py +++ b/__init__.py @@ -0,0 +1,14 @@ +# File: __init__.py +# +# Copyright (c) 2025 Splunk Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions +# and limitations under the License. From d303affb6283a7628c69a872665ca35b97fe2146 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Wed, 29 Jan 2025 14:32:14 -0800 Subject: [PATCH 15/22] PAPP-35185: linting and static test fixes --- ciscosecurefirewall.json | 40 +++++++++-------------- ciscosecurefirewall_connector.py | 54 +++++++++++++++++++------------- 2 files changed, 48 insertions(+), 46 deletions(-) diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index 0459339..e84d6f1 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -1217,8 +1217,9 @@ "data_type": "string", "required": true, "value_list": [ - "ALLOW", - "TRUST" + "BLOCK", + "TRUST", + "NETWORK_DISCOVERY" ], "order": 2 }, @@ -1343,10 +1344,9 @@ "description": "Type of action to take on matching traffic", "data_type": "string", "value_list": [ - "ALLOW", - "BLOCK", - "TRUST", - "MONITOR" + "BLOCK", + "TRUST", + "NETWORK_DISCOVERY" ], "order": 3 }, @@ -1558,9 +1558,7 @@ }, { "data_path": "action_result.data.*.description", - "data_type": "string", - "column_name": "Policy Description", - "column_order": 2 + "data_type": "string" }, { "data_path": "action_result.data.*.defaultAction.id", @@ -1580,7 +1578,7 @@ "BLOCK" ], "column_name": "Policy Action", - "column_order": 3 + "column_order": 2 }, { "data_path": "action_result.data.*.securityIntelligence.id", @@ -2710,6 +2708,10 @@ "data_path": "summary.total_objects_successful", "data_type": "numeric" }, + { + "data_path": "action_result.parameter.policy_id", + "data_type": "string" + }, { "data_path": "action_result.parameter.name", "data_type": "string" @@ -2808,7 +2810,7 @@ "versions": "EQ(*)" }, { - "action": "delete intrusion policies", + "action": "delete intrusion policy", "description": "Deleted the specified access intrusion policy", "type": "generic", "identifier": "delete_intrusion_policy", @@ -2848,19 +2850,7 @@ "data_type": "numeric" }, { - "data_path": "action_result.parameter.name", - "data_type": "string" - }, - { - "data_path": "action_result.parameter.description", - "data_type": "string" - }, - { - "data_path": "action_result.parameter.base_policy", - "data_type": "string" - }, - { - "data_path": "action_result.parameter.inspection_mode", + "data_path": "action_result.parameter.policy_id", "data_type": "string" }, { @@ -2913,7 +2903,7 @@ "example_values": [ "DETECTION" ], - "column_name": "Inspection Mode", + "column_name": "Policy Inspection Mode", "column_order": 2 }, { diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 81a97ca..9cd4b31 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -20,6 +20,8 @@ import requests import simplejson as json from bs4 import BeautifulSoup +from requests.auth import HTTPBasicAuth +from requests.models import Response from phantom.action_result import ActionResult from phantom.base_connector import BaseConnector @@ -75,7 +77,7 @@ def __init__(self): self.default_firepower_domain = None self.refresh_count = 0 - def _reset_state_file(self): + def _reset_state_file(self) -> None: """ This method resets the state file. """ @@ -83,7 +85,7 @@ def _reset_state_file(self): self._state = {"app_version": self.get_app_json().get("app_version")} self.save_state(self._state) - def initialize(self): + def initialize(self) -> bool: """ Initializes the global variables and validates them. @@ -134,7 +136,7 @@ def initialize(self): return phantom.APP_SUCCESS - def finalize(self): + def finalize(self) -> bool: """ Performs some final operations or clean up operations. @@ -157,7 +159,7 @@ def finalize(self): self.save_state(self._state) return phantom.APP_SUCCESS - def _update_state(self): + def _update_state(self) -> None: """ This method updates the state with the new values. """ @@ -167,7 +169,7 @@ def _update_state(self): self._state["domains"] = self.domains self.save_state(self._state) - def authenicate_cloud_fmc(self, config): + def authenicate_cloud_fmc(self, config: Dict[str, Any]) -> bool: """ This method updates the headers and sets the firepower host based on the users region. @@ -178,7 +180,7 @@ def authenicate_cloud_fmc(self, config): self.headers.update({"Authorization": f"Bearer {api_key}"}) return phantom.APP_SUCCESS - def _get_token(self, action_result): + def _get_token(self, action_result: ActionResult) -> bool: """ This method returns the cached or a new token based on the values present in the state file. @@ -205,7 +207,7 @@ def _get_token(self, action_result): # Generate a new token self.debug_print("Fetching a new token") self.headers.pop(REFRESH_TOKEN_KEY, None) - auth = requests.auth.HTTPBasicAuth(self.username, self.password) + auth = HTTPBasicAuth(self.username, self.password) ret_val, headers = self._make_rest_call("post", TOKEN_ENDPOINT, action_result, headers_only=True, first_try=True, auth=auth) if phantom.is_fail(ret_val): self.debug_print(f"Error {ret_val} while generating token with response {headers}") @@ -226,7 +228,7 @@ def _get_token(self, action_result): return phantom.APP_SUCCESS - def _process_empty_response(self, response, action_result): + def _process_empty_response(self, response, action_result) -> RetVal: if response.status_code == 200: return RetVal(phantom.APP_SUCCESS, {}) @@ -235,7 +237,7 @@ def _process_empty_response(self, response, action_result): None, ) - def _process_html_response(self, response, action_result): + def _process_html_response(self, response, action_result) -> RetVal: # An html response, treat it like an error status_code = response.status_code @@ -253,7 +255,7 @@ def _process_html_response(self, response, action_result): message = message.replace("{", "{{").replace("}", "}}") return RetVal(action_result.set_status(phantom.APP_ERROR, message), None) - def _process_json_response(self, r, action_result): + def _process_json_response(self, r: Response, action_result: ActionResult) -> RetVal: # Try a json parse try: resp_json = r.json() @@ -275,7 +277,7 @@ def _process_json_response(self, r, action_result): return RetVal(action_result.set_status(phantom.APP_ERROR, message), None) - def _process_response(self, r, action_result): + def _process_response(self, r: Response, action_result: ActionResult) -> RetVal: # store the r_text in debug data, it will get dumped in the logs if the action fails if hasattr(action_result, "add_debug_data"): @@ -307,7 +309,17 @@ def _process_response(self, r, action_result): return RetVal(action_result.set_status(phantom.APP_ERROR, msg), None) - def _make_rest_call(self, method, endpoint, action_result, json_body=None, headers_only=False, first_try=True, params=None, auth=None): + def _make_rest_call( + self, + method: str, + endpoint: str, + action_result: ActionResult, + json_body: Dict[str, Any] = None, + headers_only: bool = False, + first_try: bool = True, + params: Dict[str, Any] = None, + auth: HTTPBasicAuth = None + ) -> Tuple[bool, Any]: """ This method makes a REST call to the API """ @@ -344,7 +356,7 @@ def _make_rest_call(self, method, endpoint, action_result, json_body=None, heade return self._process_response(result, action_result) - def is_cloud_deployment(self): + def is_cloud_deployment(self) -> bool: return self.fmc_type == "Cloud" def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: @@ -367,7 +379,7 @@ def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: self.save_progress("Connectivity test passed") return action_result.set_status(phantom.APP_SUCCESS) - def get_network_objects_of_type(self, object_type, domain_uuid, action_result, name=None): + def get_network_objects_of_type(self, object_type: str, domain_uuid: str, action_result: ActionResult, name: str = None) -> bool: url = NETWORK_OBJECTS_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s") offset = 0 @@ -499,7 +511,7 @@ def get_domain_id(self, domain_name: str) -> str: return "default" for domain in self.domains: - leaf_domain = domain["name"].lower().split('/')[-1] + leaf_domain = domain["name"].lower().split("/")[-1] if domain_name.lower() == leaf_domain: return domain["uuid"] @@ -616,7 +628,7 @@ def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully update network group with id {group_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_delete_network_group(self, param): + def _handle_delete_network_group(self, param: Dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -634,7 +646,7 @@ def _handle_delete_network_group(self, param): summary["Message"] = f"Successfully deleted network group with id {group_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_get_access_policies(self, param): + def _handle_get_access_policies(self, param: Dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -686,7 +698,7 @@ def get_access_policy(self, domain_uuid, policy_id): ret_val, response = self._make_rest_call("get", url, self) return ret_val, response - def _handle_update_access_policy(self, param): + def _handle_update_access_policy(self, param: Dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1010,7 +1022,7 @@ def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully retrieved status for deployment {deployment_id}" return action_result.set_status(phantom.APP_SUCCESS) - def get_intrusion_policy(self, domain_uuid, policy_id): + def get_intrusion_policy(self, domain_uuid: str, policy_id: str) -> Tuple[int, any]: url = INTRUSION_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) ret_val, response = self._make_rest_call("get", url, self) return ret_val, response @@ -1082,7 +1094,7 @@ def _handle_update_intrusion_policy(self, param: Dict[str, Any]) -> bool: "description": param.get("description", "") or policy_data.get("description", ""), "inspectionMode": param.get("inspection_mode") or policy_data["inspectionMode"], "basePolicy": {"id": param.get("base_policy") or policy_data["basePolicy"]["id"]}, - "replicate_inspection_mode": param.get("replicate_inspection_mode", False) + "replicate_inspection_mode": param.get("replicate_inspection_mode", False), } url = INTRUSION_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) ret_val, response = self._make_rest_call("put", url, action_result, json_body=payload) @@ -1111,7 +1123,7 @@ def _handle_delete_intrusion_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully delete intrusion policy with id {policy_id}" return action_result.set_status(phantom.APP_SUCCESS) - def handle_action(self, param): + def handle_action(self, param: Dict[str, Any]) -> bool: ret_val = phantom.APP_SUCCESS From 5fbca982e09ea9d64df59b20447c64265705793e Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 31 Jan 2025 00:21:15 +0000 Subject: [PATCH 16/22] Update README.md --- README.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 6dd4b0d..b857257 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION [list intrusion policies](#action-list-intrusion-policies) - Gets all intrusion polcies in the FMC host for a particular domain \ [create intrusion policy](#action-create-intrusion-policy) - Create an intrusion policy \ [update intrusion policy](#action-update-intrusion-policy) - Update an intrusion policy \ -[delete intrusion policies](#action-delete-intrusion-policies) - Deleted the specified access intrusion policy \ +[delete intrusion policy](#action-delete-intrusion-policy) - Deleted the specified access intrusion policy \ [list devices](#action-list-devices) - Lists all devices belonging to a particular domain/tenant \ [get deployable devices](#action-get-deployable-devices) - List all devices with configuration chnges that are ready to be deployed \ [deploy devices](#action-deploy-devices) - Deploy devices that are ready to deploy \ @@ -824,6 +824,7 @@ action_result.status | string | | success failed | action_result.message | string | | | summary.total_objects | numeric | | | summary.total_objects_successful | numeric | | | +action_result.parameter.policy_id | string | | | action_result.parameter.name | string | | | action_result.parameter.description | string | | | action_result.parameter.base_policy | string | | | @@ -840,7 +841,7 @@ action_result.data.\*.basePolicy.isSystemDefined | boolean | | | action_result.data.\*.description | string | | | action_result.data.\*.inspectionMode | string | | DETECTION | -## action: 'delete intrusion policies' +## action: 'delete intrusion policy' Deleted the specified access intrusion policy @@ -862,10 +863,7 @@ action_result.status | string | | success failed | action_result.message | string | | | summary.total_objects | numeric | | | summary.total_objects_successful | numeric | | | -action_result.parameter.name | string | | | -action_result.parameter.description | string | | | -action_result.parameter.base_policy | string | | | -action_result.parameter.inspection_mode | string | | | +action_result.parameter.policy_id | string | | | action_result.parameter.domain_name | string | | | action_result.data.\*.id | string | | | action_result.data.\*.name | string | | new-policy | From 448f5b64e62c1cb66343dc6121298cc216838ba3 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Mon, 3 Feb 2025 09:43:37 -0800 Subject: [PATCH 17/22] PAPP-35185: release notes and further documentation --- ciscosecurefirewall_connector.py | 113 +++++++++++++++++++++++++++---- manual_readme_content.md | 31 +++++++++ release_notes/unreleased.md | 27 ++++++++ 3 files changed, 156 insertions(+), 15 deletions(-) create mode 100644 manual_readme_content.md diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 9cd4b31..8da5b75 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -20,10 +20,10 @@ import requests import simplejson as json from bs4 import BeautifulSoup -from requests.auth import HTTPBasicAuth -from requests.models import Response from phantom.action_result import ActionResult from phantom.base_connector import BaseConnector +from requests.auth import HTTPBasicAuth +from requests.models import Response from ciscosecurefirewall_consts import ( ACCESS_POLICY_ENDPOINT, @@ -172,7 +172,7 @@ def _update_state(self) -> None: def authenicate_cloud_fmc(self, config: Dict[str, Any]) -> bool: """ This method updates the headers and sets the firepower host - based on the users region. + based on the users region when connecting to a cloud FMC. """ region = config["region"] api_key = config["api_key"] @@ -268,7 +268,6 @@ def _process_json_response(self, r: Response, action_result: ActionResult) -> Re None, ) - # Please specify the status codes here if 200 <= r.status_code < 399: return RetVal(phantom.APP_SUCCESS, resp_json) @@ -318,10 +317,20 @@ def _make_rest_call( headers_only: bool = False, first_try: bool = True, params: Dict[str, Any] = None, - auth: HTTPBasicAuth = None + auth: HTTPBasicAuth = None, ) -> Tuple[bool, Any]: - """ - This method makes a REST call to the API + """Function that makes the REST call to the app. + :param method: REST method + :param endpoint: REST endpoint to be called + :param action_result: object of ActionResult class + :param json_body: JSON object + :param headers_only: wether to only return response headers + :param headers: request headers + :param first_try: if the request is eligible to be retried + :param params: request parameters + :param auth: basic auth if passed in. This is only needed with the generatetoken endpoint + :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message), + response obtained by making an API call """ request_method = getattr(requests, method) url = "https://{0}{1}".format(self.firepower_host, endpoint) @@ -357,14 +366,14 @@ def _make_rest_call( return self._process_response(result, action_result) def is_cloud_deployment(self) -> bool: + """Helper to determine if user is connecting to cloud based fmc. + Returns: + bool: If connection is to cloud basd FMC + """ return self.fmc_type == "Cloud" def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: - """ - Called when the user presses the test connectivity - button on the Phantom UI. - """ - # Add an action result to the App Run + action_result = ActionResult(dict(param)) self.add_action_result(action_result) @@ -380,6 +389,15 @@ def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) def get_network_objects_of_type(self, object_type: str, domain_uuid: str, action_result: ActionResult, name: str = None) -> bool: + """Helper to get network objects of a particular type. + Args: + object_type (str): Network object type (Network, Host, Range) + domain_uuid (str): Domain to be queried + action_result (ActionResult): object of ActionResult class + name (str): Name of the object + Returns: + bool: If lookup was successfull + """ url = NETWORK_OBJECTS_ENDPOINT.format(domain_id=domain_uuid, type=object_type.lower() + "s") offset = 0 @@ -435,7 +453,14 @@ def _handle_list_network_objects(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) - def get_network_object(self, domain_id: int, object_id: int) -> Tuple[bool, Dict[str, Any]]: + def get_network_object(self, domain_id: str, object_id: str) -> Tuple[bool, Dict[str, Any]]: + """Helper to get a specfic network object. + Args: + domain_uuid (str): Domain to be queried + object_id (str): Id of the object to retrieve + Returns: + tuple: If lookup was successfull and response object + """ url = NETWORK_OBJECT_ID_ENDPOINT.format(domain_id=domain_id, type="networks", object_id=object_id) ret_val, response = self._make_rest_call("get", url, self) return ret_val, response @@ -505,8 +530,15 @@ def _handle_delete_network_object(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) def get_domain_id(self, domain_name: str) -> str: + """Helper to get a domain_name id. + Args: + domain_name (str): Name of domain + Returns: + str: domain_id + """ domain_name = domain_name or self.default_firepower_domain + # multitenancy on cloud achieved through seperate tenants not domains if not domain_name or self.is_cloud_deployment(): return "default" @@ -516,6 +548,14 @@ def get_domain_id(self, domain_name: str) -> str: return domain["uuid"] def list_objects(self, url: str, action_result: ActionResult, expanded: bool = False) -> Tuple[bool, list]: + """Helper to get list any type of FMC objects (groups, policies, rules). + Args: + url (str): REST endpoint to query + action_result (ActionResult): object of ActionResult class + expanded (bool): Return detailed response of objects + Returns: + tuple: If lookup was successfull and list of objects retrieved + """ objects = [] offset = 0 limit = 50 @@ -588,7 +628,14 @@ def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully added network group with name {group_name}" return action_result.set_status(phantom.APP_SUCCESS) - def get_network_group(self, domain_uuid, group_id): + def get_network_group(self, domain_uuid: str, group_id: str) -> Tuple[bool, Dict[str, Any]]: + """Helper to get a specfic network group. + Args: + domain_uuid (str): Domain to be queried + group_id (str): Id of the group to retrieve + Returns: + tuple: If lookup was successfull and response object + """ url = NETWORK_GROUPS_ID_ENDPOINT.format(domain_id=domain_uuid, group_id=group_id) ret_val, response = self._make_rest_call("get", url, self) return ret_val, response @@ -693,7 +740,14 @@ def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully created access policy with name {name}" return action_result.set_status(phantom.APP_SUCCESS) - def get_access_policy(self, domain_uuid, policy_id): + def get_access_policy(self, domain_uuid: str, policy_id: str) -> Tuple[bool, Dict[str, Any]]: + """Helper to get a specfic access policy. + Args: + domain_uuid (str): Domain to be queried + policy_id (str): Id of the policy to retrieve + Returns: + tuple: If lookup was successfull and response object + """ url = ACCESS_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) ret_val, response = self._make_rest_call("get", url, self) return ret_val, response @@ -783,6 +837,13 @@ def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) def build_network_objects_list(self, network_ids: list, dommain_uuid: str) -> Tuple[bool, Optional[list]]: + """Helper that classifys and builds a list of network objects and groups. + Args: + network_ids (list): Ids of network objects and groups + domain_uuid (str): Domain to be queried + Returns: + tuple: If lookup was successfull and list of network objects and groups + """ networks_objects = [] for object_id in network_ids: ret_val, object_data = self.get_network_object(dommain_uuid, object_id) @@ -839,6 +900,14 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) def get_access_control_rule(self, domain_id: str, policy_id: str, rule_id: str) -> Tuple[bool, Dict[str, Any]]: + """Helper to get a specfic access control rule belonging to a specfic access policy. + Args: + domain_id (str): Domain to be queried + policy_id (str): Id of the policy to retrieve + rule_id (str): Id of the rule to retrieve + Returns: + tuple: If lookup was successfull and response object + """ url = ACCESS_RULES_ID_ENDPOINT.format(domain_id=domain_id, policy_id=policy_id, rule_id=rule_id) ret_val, response = self._make_rest_call("get", url, self) return ret_val, response @@ -943,6 +1012,13 @@ def _handle_list_devices(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) def get_deployable_devices(self, domain_id: str, action_result) -> Tuple[bool, Any]: + """Helper that gets list of devices ready for deployment. + Args: + domain_id (str): Domain to be queried + action_result (ActionResult): object of ActionResult class + Returns: + tuple: If lookup was successfull and list of devices + """ url = GET_DEPLOYABLE_DEVICES_ENDPOINT.format(domain_id=domain_id) device_lst = [] ret_val, deployable_devices = self.list_objects(url, action_result, True) @@ -1023,6 +1099,13 @@ def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) def get_intrusion_policy(self, domain_uuid: str, policy_id: str) -> Tuple[int, any]: + """Helper to get a specfic intrusion policy. + Args: + domain_uuid (str): Domain to be queried + policy_id (str): Id of the policy to retrieve + Returns: + tuple: If lookup was successfull and response object + """ url = INTRUSION_POLICY_ID_ENDPOINT.format(domain_id=domain_uuid, policy_id=policy_id) ret_val, response = self._make_rest_call("get", url, self) return ret_val, response diff --git a/manual_readme_content.md b/manual_readme_content.md new file mode 100644 index 0000000..e0fe56d --- /dev/null +++ b/manual_readme_content.md @@ -0,0 +1,31 @@ +[comment]: # " File: README.md" +[comment]: # "Copyright (c) 2025 Splunk Inc." +[comment]: # "" +[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" +[comment]: # "you may not use this file except in compliance with the License." +[comment]: # "You may obtain a copy of the License at" +[comment]: # "" +[comment]: # " http://www.apache.org/licenses/LICENSE-2.0" +[comment]: # "" +[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under" +[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND," +[comment]: # "either express or implied. See the License for the specific language governing permissions" +[comment]: # "and limitations under the License." +[comment]: # "" + +This connector supports both cloud and on-prem delivered FMC. Below are the steps for connecting to both + +## Connecting to a cloud delivered FMC + +1. On Cisco Security Cloud Control navigate to User Management +2. Create a new Api Only User with an Admin role +3. Copy the Api key and enter it in the "Api key for cloud delivered FMC" input box in the SOAR Asset Settings page +4. Specfiy Cloud for the type of FMC you are connecting to +5. Specify your region in the "Region your Cisco Security Cloud Control is deployed in" input box and click Save + +## Connecting to an on-prem delivered FMC + +1. On the SOAR asset setting page select On-prem for the type of FMC you are connecting to +2. Specify the device ip/hostname of your on-prem FMC along with the username and password used ot login to FMC + +**Note** that you can optionally specify a default firepower domain that will be queried. You an overide this domain when running an action. In addition, cloud versions of FMC only support the default domain, to achieve multi tenancy you must use seperate tenants. diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index fbcb2fd..2c3e8ce 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1 +1,28 @@ **Unreleased** +* Initial Cisco Secure Firewall connector with the following actions and features: + * Support for both cloud and on-prem delivered FMC + * test connectivity + * list network objects + * create network object + * update network object + * delete network object + * get network groups + * create network group + * update network group + * delete network group + * get access control policies + * create access control policy + * update access control policy + * delete access control policy + * get access control rules + * create access control rule + * update access control rule + * delete access control rules + * list intrusion policies + * create intrusion policy + * update intrusion policy + * delete intrusion policy + * list devices + * get deployable devices + * deploy devices + * get deployment status From cf119b25f6fed5c261c800282958f9c129dfc240 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Mon, 3 Feb 2025 19:16:59 +0000 Subject: [PATCH 18/22] Update README.md --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index b857257..921f759 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,23 @@ Minimum Product Version: 6.3.0 This app interfaces with Cisco Firepower devices to adds, updates and deletes network objects, network object groups, access policies and access rules +This connector supports both cloud and on-prem delivered FMC. Below are the steps for connecting to both + +## Connecting to a cloud delivered FMC + +1. On Cisco Security Cloud Control navigate to User Management +1. Create a new Api Only User with an Admin role +1. Copy the Api key and enter it in the "Api key for cloud delivered FMC" input box in the SOAR Asset Settings page +1. Specfiy Cloud for the type of FMC you are connecting to +1. Specify your region in the "Region your Cisco Security Cloud Control is deployed in" input box and click Save + +## Connecting to an on-prem delivered FMC + +1. On the SOAR asset setting page select On-prem for the type of FMC you are connecting to +1. Specify the device ip/hostname of your on-prem FMC along with the username and password used ot login to FMC + +**Note** that you can optionally specify a default firepower domain that will be queried. You an overide this domain when running an action. In addition, cloud versions of FMC only support the default domain, to achieve multi tenancy you must use seperate tenants. + ### Configuration variables This table lists the configuration variables required to operate Cisco Secure Firewall. These variables are specified when configuring a Cisco Secure Firewall asset in Splunk SOAR. From ef75eb7372b565f3b7e97129789e1cf65dcf3e4d Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Mon, 3 Feb 2025 13:30:36 -0800 Subject: [PATCH 19/22] trigger pipeline From 42d74afc683cb664a46a67fdc6b1eac24152a51f Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Tue, 4 Feb 2025 11:51:07 -0800 Subject: [PATCH 20/22] PAPP-35185: addressing comments from code review --- ciscosecurefirewall.json | 30 ++---- ciscosecurefirewall_connector.py | 87 +++++++++--------- ciscosecurefirewall_consts.py | 2 +- manual_readme_content.md | 19 +--- requirements.txt | 1 - ...linux_2_17_x86_64.manylinux2014_x86_64.whl | Bin 128190 -> 0 bytes ...linux_2_17_x86_64.manylinux2014_x86_64.whl | Bin 129814 -> 0 bytes 7 files changed, 55 insertions(+), 84 deletions(-) delete mode 100644 requirements.txt delete mode 100644 wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl delete mode 100644 wheels/py39/simplejson-3.17.2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index e84d6f1..eaaf3c1 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -1,7 +1,7 @@ { "appid": "268cecc2-a5ea-438b-96f8-3ab1d8443d93", "name": "Cisco Secure Firewall", - "description": "This app interfaces with Cisco Firepower devices to adds, updates and deletes network objects, network object groups, access policies and access rules", + "description": "This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules", "publisher": "Splunk", "package_name": "phantom_ciscosecurefirewall", "type": "firewall", @@ -212,7 +212,7 @@ "order": 1 }, "value": { - "description": "Value of the network object. If type if Range specify value in the following format: ip1-ip2", + "description": "Value of the network object. If type is Range specify value in the following format: ip1-ip2", "data_type": "string", "required": true, "order": 2 @@ -356,7 +356,7 @@ "order": 1 }, "type": { - "description": "Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update.", + "description": "Network object type. Note this cannot change and is only used to identify the network object value you'd like to update.", "data_type": "string", "value_list": [ "Host", @@ -872,7 +872,7 @@ "order": 2 }, "network_object_ids_to_remove": { - "description": "Network objects to remove frin the group.", + "description": "Network objects to remove from the group.", "data_type": "string", "example_values": [ "b2df29e8-5e6f-4c5d-9d5e-3fa9b3c9467b, a1c2f7d9-4b5e-42b1-8d9f-2f6b4a8e5e3c" @@ -1470,7 +1470,7 @@ }, { "action": "delete access control policies", - "description": "Deleted the specified access control policy", + "description": "Deletes the specified access control policy", "type": "generic", "identifier": "delete_access_policy", "read_only": false, @@ -2811,7 +2811,7 @@ }, { "action": "delete intrusion policy", - "description": "Deleted the specified access intrusion policy", + "description": "Deletes the specified access intrusion policy", "type": "generic", "identifier": "delete_intrusion_policy", "read_only": false, @@ -3239,21 +3239,5 @@ }, "versions": "EQ(*)" } - ], - "pip_dependencies": { - "wheel": [ - { - "module": "simplejson", - "input_file": "wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl" - } - ] - }, - "pip39_dependencies": { - "wheel": [ - { - "module": "simplejson", - "input_file": "wheels/py39/simplejson-3.17.2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl" - } - ] - } + ] } diff --git a/ciscosecurefirewall_connector.py b/ciscosecurefirewall_connector.py index 8da5b75..d94014b 100644 --- a/ciscosecurefirewall_connector.py +++ b/ciscosecurefirewall_connector.py @@ -1,6 +1,6 @@ # File: ciscosecurefirewall_connector.py # -# Copyright (c) 2024 Splunk Inc. +# Copyright (c) 2025 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,12 +13,12 @@ # either express or implied. See the License for the specific language governing permissions # and limitations under the License. -from typing import Any, Dict, Optional, Tuple +import json +from typing import Any, Optional import encryption_helper import phantom.app as phantom import requests -import simplejson as json from bs4 import BeautifulSoup from phantom.action_result import ActionResult from phantom.base_connector import BaseConnector @@ -169,7 +169,7 @@ def _update_state(self) -> None: self._state["domains"] = self.domains self.save_state(self._state) - def authenicate_cloud_fmc(self, config: Dict[str, Any]) -> bool: + def authenicate_cloud_fmc(self, config: dict[str, Any]) -> bool: """ This method updates the headers and sets the firepower host based on the users region when connecting to a cloud FMC. @@ -313,12 +313,12 @@ def _make_rest_call( method: str, endpoint: str, action_result: ActionResult, - json_body: Dict[str, Any] = None, + json_body: dict[str, Any] = None, headers_only: bool = False, first_try: bool = True, - params: Dict[str, Any] = None, + params: dict[str, Any] = None, auth: HTTPBasicAuth = None, - ) -> Tuple[bool, Any]: + ) -> tuple[bool, Any]: """Function that makes the REST call to the app. :param method: REST method :param endpoint: REST endpoint to be called @@ -372,7 +372,7 @@ def is_cloud_deployment(self) -> bool: """ return self.fmc_type == "Cloud" - def _handle_test_connectivity(self, param: Dict[str, Any]) -> bool: + def _handle_test_connectivity(self, param: dict[str, Any]) -> bool: action_result = ActionResult(dict(param)) self.add_action_result(action_result) @@ -429,7 +429,7 @@ def get_network_objects_of_type(self, object_type: str, domain_uuid: str, action return phantom.APP_SUCCESS - def _handle_list_network_objects(self, param: Dict[str, Any]) -> bool: + def _handle_list_network_objects(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -453,7 +453,7 @@ def _handle_list_network_objects(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) - def get_network_object(self, domain_id: str, object_id: str) -> Tuple[bool, Dict[str, Any]]: + def get_network_object(self, domain_id: str, object_id: str) -> tuple[bool, dict[str, Any]]: """Helper to get a specfic network object. Args: domain_uuid (str): Domain to be queried @@ -465,7 +465,7 @@ def get_network_object(self, domain_id: str, object_id: str) -> Tuple[bool, Dict ret_val, response = self._make_rest_call("get", url, self) return ret_val, response - def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: + def _handle_create_network_object(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -485,7 +485,7 @@ def _handle_create_network_object(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully created network object with name {name}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_update_network_object(self, param: Dict[str, Any]) -> bool: + def _handle_update_network_object(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -511,7 +511,7 @@ def _handle_update_network_object(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully updated network object with name {name}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_delete_network_object(self, param: Dict[str, Any]) -> bool: + def _handle_delete_network_object(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -547,7 +547,7 @@ def get_domain_id(self, domain_name: str) -> str: if domain_name.lower() == leaf_domain: return domain["uuid"] - def list_objects(self, url: str, action_result: ActionResult, expanded: bool = False) -> Tuple[bool, list]: + def list_objects(self, url: str, action_result: ActionResult, expanded: bool = False) -> tuple[bool, list]: """Helper to get list any type of FMC objects (groups, policies, rules). Args: url (str): REST endpoint to query @@ -581,7 +581,7 @@ def list_objects(self, url: str, action_result: ActionResult, expanded: bool = F return phantom.APP_SUCCESS, objects - def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: + def _handle_get_network_groups(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") # Add an action result object to self (BaseConnector) to represent the action for this param @@ -596,14 +596,17 @@ def _handle_get_network_groups(self, param: Dict[str, Any]) -> bool: return action_result.get_status() for item in network_group_list: - if not group_name or group_name == item["name"]: + if not group_name: action_result.add_data({"name": item["name"], "uuid": item["id"]}) + if group_name == item["name"]: + action_result.add_data({"name": item["name"], "uuid": item["id"]}) + break action_result.update_summary({"total_groups_returned": len(action_result.get_data())}) return action_result.set_status(phantom.APP_SUCCESS) - def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: + def _handle_create_network_group(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -628,7 +631,7 @@ def _handle_create_network_group(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully added network group with name {group_name}" return action_result.set_status(phantom.APP_SUCCESS) - def get_network_group(self, domain_uuid: str, group_id: str) -> Tuple[bool, Dict[str, Any]]: + def get_network_group(self, domain_uuid: str, group_id: str) -> tuple[bool, dict[str, Any]]: """Helper to get a specfic network group. Args: domain_uuid (str): Domain to be queried @@ -640,7 +643,7 @@ def get_network_group(self, domain_uuid: str, group_id: str) -> Tuple[bool, Dict ret_val, response = self._make_rest_call("get", url, self) return ret_val, response - def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: + def _handle_update_network_group(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -675,7 +678,7 @@ def _handle_update_network_group(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully update network group with id {group_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_delete_network_group(self, param: Dict[str, Any]) -> bool: + def _handle_delete_network_group(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -693,7 +696,7 @@ def _handle_delete_network_group(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully deleted network group with id {group_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_get_access_policies(self, param: Dict[str, Any]) -> bool: + def _handle_get_access_policies(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -719,7 +722,7 @@ def _handle_get_access_policies(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) - def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: + def _handle_create_access_policy(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -740,7 +743,7 @@ def _handle_create_access_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully created access policy with name {name}" return action_result.set_status(phantom.APP_SUCCESS) - def get_access_policy(self, domain_uuid: str, policy_id: str) -> Tuple[bool, Dict[str, Any]]: + def get_access_policy(self, domain_uuid: str, policy_id: str) -> tuple[bool, dict[str, Any]]: """Helper to get a specfic access policy. Args: domain_uuid (str): Domain to be queried @@ -752,7 +755,7 @@ def get_access_policy(self, domain_uuid: str, policy_id: str) -> Tuple[bool, Dic ret_val, response = self._make_rest_call("get", url, self) return ret_val, response - def _handle_update_access_policy(self, param: Dict[str, Any]) -> bool: + def _handle_update_access_policy(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -787,7 +790,7 @@ def _handle_update_access_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully updated access policy with id {policy_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_delete_access_policy(self, param: Dict[str, Any]) -> bool: + def _handle_delete_access_policy(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -805,7 +808,7 @@ def _handle_delete_access_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully deleted access policy with id {policy_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: + def _handle_get_access_rules(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -836,7 +839,7 @@ def _handle_get_access_rules(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) - def build_network_objects_list(self, network_ids: list, dommain_uuid: str) -> Tuple[bool, Optional[list]]: + def build_network_objects_list(self, network_ids: list, dommain_uuid: str) -> tuple[bool, Optional[list]]: """Helper that classifys and builds a list of network objects and groups. Args: network_ids (list): Ids of network objects and groups @@ -857,7 +860,7 @@ def build_network_objects_list(self, network_ids: list, dommain_uuid: str) -> Tu return phantom.APP_SUCCESS, networks_objects - def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: + def _handle_create_access_rules(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -899,7 +902,7 @@ def _handle_create_access_rules(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully added access control rule with name {name} to policy {policy_id}" return action_result.set_status(phantom.APP_SUCCESS) - def get_access_control_rule(self, domain_id: str, policy_id: str, rule_id: str) -> Tuple[bool, Dict[str, Any]]: + def get_access_control_rule(self, domain_id: str, policy_id: str, rule_id: str) -> tuple[bool, dict[str, Any]]: """Helper to get a specfic access control rule belonging to a specfic access policy. Args: domain_id (str): Domain to be queried @@ -912,7 +915,7 @@ def get_access_control_rule(self, domain_id: str, policy_id: str, rule_id: str) ret_val, response = self._make_rest_call("get", url, self) return ret_val, response - def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: + def _handle_update_access_rule(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -973,7 +976,7 @@ def _handle_update_access_rule(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully updated access control rule with id {rule_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_delete_access_rule(self, param: Dict[str, Any]) -> bool: + def _handle_delete_access_rule(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -992,7 +995,7 @@ def _handle_delete_access_rule(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully delete access control rule with id {rule_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_list_devices(self, param: Dict[str, Any]) -> bool: + def _handle_list_devices(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1011,7 +1014,7 @@ def _handle_list_devices(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) - def get_deployable_devices(self, domain_id: str, action_result) -> Tuple[bool, Any]: + def get_deployable_devices(self, domain_id: str, action_result) -> tuple[bool, Any]: """Helper that gets list of devices ready for deployment. Args: domain_id (str): Domain to be queried @@ -1030,7 +1033,7 @@ def get_deployable_devices(self, domain_id: str, action_result) -> Tuple[bool, A return phantom.APP_SUCCESS, device_lst - def _handle_get_deployable_devices(self, param: Dict[str, Any]) -> bool: + def _handle_get_deployable_devices(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1048,7 +1051,7 @@ def _handle_get_deployable_devices(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) - def _handle_deploy_devices(self, param: Dict[str, Any]) -> bool: + def _handle_deploy_devices(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1080,7 +1083,7 @@ def _handle_deploy_devices(self, param: Dict[str, Any]) -> bool: summary["Message"] = "Successfully deployed devices" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: + def _handle_get_deployment_status(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1098,7 +1101,7 @@ def _handle_get_deployment_status(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully retrieved status for deployment {deployment_id}" return action_result.set_status(phantom.APP_SUCCESS) - def get_intrusion_policy(self, domain_uuid: str, policy_id: str) -> Tuple[int, any]: + def get_intrusion_policy(self, domain_uuid: str, policy_id: str) -> tuple[int, any]: """Helper to get a specfic intrusion policy. Args: domain_uuid (str): Domain to be queried @@ -1110,7 +1113,7 @@ def get_intrusion_policy(self, domain_uuid: str, policy_id: str) -> Tuple[int, a ret_val, response = self._make_rest_call("get", url, self) return ret_val, response - def _handle_list_intrusion_policies(self, param: Dict[str, Any]) -> bool: + def _handle_list_intrusion_policies(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1136,7 +1139,7 @@ def _handle_list_intrusion_policies(self, param: Dict[str, Any]) -> bool: return action_result.set_status(phantom.APP_SUCCESS) - def _handle_create_intrusion_policy(self, param: Dict[str, Any]) -> bool: + def _handle_create_intrusion_policy(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) name = param["name"] @@ -1161,7 +1164,7 @@ def _handle_create_intrusion_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully added intrusion policy with name {name}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_update_intrusion_policy(self, param: Dict[str, Any]) -> bool: + def _handle_update_intrusion_policy(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1189,7 +1192,7 @@ def _handle_update_intrusion_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully updated intrusion policy with id {policy_id}" return action_result.set_status(phantom.APP_SUCCESS) - def _handle_delete_intrusion_policy(self, param: Dict[str, Any]) -> bool: + def _handle_delete_intrusion_policy(self, param: dict[str, Any]) -> bool: self.save_progress(f"In action handler for: {self.get_action_identifier()}") action_result = self.add_action_result(ActionResult(dict(param))) @@ -1206,7 +1209,7 @@ def _handle_delete_intrusion_policy(self, param: Dict[str, Any]) -> bool: summary["Message"] = f"Successfully delete intrusion policy with id {policy_id}" return action_result.set_status(phantom.APP_SUCCESS) - def handle_action(self, param: Dict[str, Any]) -> bool: + def handle_action(self, param: dict[str, Any]) -> bool: ret_val = phantom.APP_SUCCESS diff --git a/ciscosecurefirewall_consts.py b/ciscosecurefirewall_consts.py index 7252707..ee8c533 100644 --- a/ciscosecurefirewall_consts.py +++ b/ciscosecurefirewall_consts.py @@ -1,6 +1,6 @@ # File: ciscosecurefirewall_consts.py # -# Copyright (c) 2024 Splunk Inc. +# Copyright (c) 2025 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/manual_readme_content.md b/manual_readme_content.md index e0fe56d..b97f443 100644 --- a/manual_readme_content.md +++ b/manual_readme_content.md @@ -1,18 +1,3 @@ -[comment]: # " File: README.md" -[comment]: # "Copyright (c) 2025 Splunk Inc." -[comment]: # "" -[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" -[comment]: # "you may not use this file except in compliance with the License." -[comment]: # "You may obtain a copy of the License at" -[comment]: # "" -[comment]: # " http://www.apache.org/licenses/LICENSE-2.0" -[comment]: # "" -[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under" -[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND," -[comment]: # "either express or implied. See the License for the specific language governing permissions" -[comment]: # "and limitations under the License." -[comment]: # "" - This connector supports both cloud and on-prem delivered FMC. Below are the steps for connecting to both ## Connecting to a cloud delivered FMC @@ -26,6 +11,6 @@ This connector supports both cloud and on-prem delivered FMC. Below are the step ## Connecting to an on-prem delivered FMC 1. On the SOAR asset setting page select On-prem for the type of FMC you are connecting to -2. Specify the device ip/hostname of your on-prem FMC along with the username and password used ot login to FMC +2. Specify the device ip/hostname of your on-prem FMC along with the username and password used to login to FMC -**Note** that you can optionally specify a default firepower domain that will be queried. You an overide this domain when running an action. In addition, cloud versions of FMC only support the default domain, to achieve multi tenancy you must use seperate tenants. +**Note** that you can optionally specify a default firepower domain that will be queried. You can override this domain when running an action. In addition, cloud versions of FMC only support the default domain. To achieve multi tenancy you must use separate tenants. diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 614d435..0000000 --- a/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -simplejson==3.17.2 diff --git a/wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py36/simplejson-3.17.2-cp36-cp36m-manylinux2010_x86_64.manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl deleted file mode 100644 index fbd5f1c0a5210aebb80d2515c2ad7e044627ed8f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128190 zcmaI71yCHp76ppS;uhS4WN~*77J@q=xVyW%yL)i=;ILS5cXxMZ@y~l-s@|{qe`{-I zPv6tC=XQ19s_8SMAOj794e_5(R6~&Fe}DX62c*xlqq()6m9d4RtqqgH|0j{?e~1ih zj4WJ?tc*tHj!q2bHYT?JKRq%2rzew>v7?jY|3gRkucA#k>Szai2#5?@2nd}2r5oEA z+8P-Tey&se+z-CUKUeuj?Tjhl&0He#HU zGcSW*c41#*Y?hzVRk3q*q^@*dwn|XVIsJg{St(jPW6^<1=Iwso*T<(mPUa77M0r(G zq{%N7Nn9GJ>bA9O_zpMc&T4$ioK(!EFqy|68fzxuZbNN;;h75dl}{*jjsEJOAE^l+O%w5_TZf>4)>Bo5>9)v2ZD4Ua z7AGv+1MKY;J>%eT^LpP%MESEfHbyEv)S zg$$3jxs#{6`M$`<@^tw~iT8FtyEu(ztHXZ+@q*C9n2I`9lhf&M4?_2ZyWBuwykdIg zJK!tv+EwxOuik7=A$vv>7+u-%%F z$ricOn7|RHv1W9S4&$5_Gl1~tY5#TSb<@^|@F(O5b@ldpSTRY?6XFV`u%?Tq+IkcV^EgEhS!9C}9gP2qmg|$j(M=J|MEmwgug!uF9Y9I9DAB(& zU#-(;8sd_FI1M^Z5dNhYOlY2bph|og-k*HfuBArF2T=n+hcg4aP0fuC7xWDAr{enw zGZ3p$LWmDQ4?IImd{^2d{hC4DE2A>bKfF_p>0!=Je?u*2=D^$>HTwhVx2+z|47=i- zrKV2bIwO0DB8+bV0=j|hIIuNT504M3@r&pvyOpUnwPh%Y$~LFuR9?>n@d03YRvTHr zs4j=&ISrZBk>k#Lc0P{prX|r^kioO5x4tA{JrUc58G~Pmv1Zpnb^5jW@X{Qr92vp; zOW#di%&^B?eY+al=1kaeIeo_Yl~+G{k3oGp(MEoqK<>y^5>FrILD9N3Lw-~@+|+20Z+$@#qZAM)j|8E&3#6M-m4M)= zK#THS?JT5*cB7UJIst)k;|Me6m_w`p+)M~e6W0=)=91wg`FBHcr}|2LmJbX}Qp=6p z%{kVZ8F%XCQX!qi`-h!|N#?tpFZ(CqQ~vyL*&`iHJG>Il88Ekv79%0=&JF*hIx+J) znR!PeEW5?8B5;;@Mtr&_kZ^Q#uEt&xA8m2Mu9pwY)2$(H2eK*aDDni)aNfkF*h9|* z+T1N&m!Vo9+_f<;t3Pxq>;>qrj?6Vgv@h1G{Iz5ON zM{Xc!6^B`)8}1JAR5HlEiAdaccF;q7af`H8jGu_Ds=)cy^5{HmgcRT34W+VEzC4m( zw}&uMvxywfeY2jLI^e3S6H_d*ramgGGHgA@k&%ukJS8e$y*J?t@$Dk~x=}Idz&sjN z!$f9lLA5OyaXt!0AK9d=mjFYv4Ii-9V*FRUK4n-nsnB@F$bPusdsN7`kzH-?np)0n zVVgkdTUc~~-J4L67A3AB!2rO7%2&>Xf#}@k9**QF6@BSHdJJe&Sl1!<(?%ijEQ$~Z z$ACM$%X*$8nqW>b#YzN-;k+M_2Ucw(NL%y{rMZ+72GjgiiTNx<0USS)1S7xt+Xqmg zN1KXIpcd*)?tn{KBHfGL5)4XQ*xWj`3EaDd-G{>hhYn~5%=g6;HFhfeFRZNt>HnIh zHKL;{<+mj9hT=7!QwWPb7q_&byb#eRadQl3ENNqO0Fq54cbgox6SpFmp-K@UfI8E2 zt04%Q9Awt+4Es>WX);VOi`B{FP_)(nC+j%I^REdUKjrnrfaDclC9wHl#jxpVI8YbA zbq70heAk(!>0e}vP0Au7*WkOWyFy!OD=a%PD1eF-hv(>^5P@w|49IkUl@@ZJ z-4vHs0&B~pPkjOg)aJQOn1iz*LaYyzFOj(!8wF{H&IrBAb&>($&Fwqphl75 z@@^S|3V$@J(g-Qhk<@`>xh*RPSkO&ykL63dR!-pf9loMDVFklUMU1MbF`$wo2;=5U z``uE#`~ssjIW8N0fbPsI&zADwVV&o{quTE%9DP<) z*b9mpr4QzY4;%g0cN}>9l!lWbrxZ4>3EL#l6SVv%wYThtI`xv>35q^7W;yK4{YJf(WB;+!$lqJqiIkR=>VX=*Nqx(Wl7D z0Y-`7=70d|WDIq7N)aWq+)zFa*uUNe3%G8!k{pkxUB)U~hd5=~ zkW$Q@I%|+8gCfd=^>B7aB!F0o@5%l9<#G53;K3kJEkNMuALDQDj)*la#*Lp4O+xe` zeUmQ?<_7mTZJuQHqfJ*IWyz`)e4*>ZK{Tn|>QuAys&Pd7W-uV@RJkG-*$6zLNVx6* zlaXWgaHsE$?U|WLlLZItlLbS;{q2Yhv^gU?+a;v_@lGq+o~ZB~xx9qE1Q0 zUnhfkrMz~f1Fzm)UOUAfocng6%4ULpLgy=?1H26NlPrnF?6M92rRS$d6yRIZLNl!= zx7WS}bZ}QGZYQ!(cNUM&rW_pL}2We0!B;?zt8#ofa(&~CP6we|wKuZc!>2su&W6Zn+fF&E(p5k;ytXHUBJTL=U+i<>0g2#;4cS&{%mn;VG~ zWLy*I2OlvM8CeW&*CImlf>A$wW3qA4)>bm=AxaifJt1zY5g`-4Vi*h~6XeN06@lfD z3b-#wFgnUb!`G||vYacWyf(*B?EU)*gk;3wWS2XyJ9shF$Ay`y;V}6NtzGfo?vx~B zK=E6SwEhK8Wp_kObeC~cR>qyH39G)ZU#jjzhtn)6USV7VS;-yzDvYH`Vig2iqVAYg z^){OQ+tJv4`FpLL5XY&L?t6cC>ll>nE}G2~EZ%0@p}hI>f##@o^Mc*jz!(?hyFx)F zTR}4EJ_pa@qrRA5oL*J^&|<@4J~L9$c?GuXY$-9z@o4(2`_6K z78#NVaYs6&wXqW9XA=S|hcr>bZ~NNT)#Typ?|f6YZIIq{t>9IHzt*Z8~7E5>d%0 z;V*}|&T*S+6G;J*IMbl{w-jJNK;wAIPkr7C zM%mq9#j1{QjNY_0BKTf(7=P}REnLkvyM}>1G_0SZ^nEC;83mdiRN)Vikyx>pFPbGa z3*YKAr8Oaq(L=;v+?2BM34gRhT00YOX0Eu$M5f-9YIG4=5P8T;WZ#^#7tXtqnNV2A ziMVrv<@PPtI>-deUNKWC38Am0X$IVIW@#z(BPqZ^61))-YC$|hCn$1s<|XRc6C7GvbjooI(Z_Tc`pMz@eqZr8`SO>drQ ze_rOkDfLW2*ikW~NI)I8tXY7Ah?ba|3o1e-m%aOb(%b7rWbdgbNHq zUn$)sXUK*-e`dNwD(d>Tsn(N;U;X1hiSBnnlcw~m(=wi_RL|b)D*sqeu)LYqmMvDl z1XtFo1Xxr;d%D2du-)o0ztu^R>x9Ve%`|0lW`9!_nQv-ILO>H84zAo~FK|FgAywFa zLZAB5Nw%$3)sT&JTtXd8tLBj6htRpw8Iq}y6|2*)I-asY(SQFSu5S#~zWJg!2fL_n>Zp3UD(rcK8QL?pFUo! zs$PO|oS4SMiX?2BPD;`7oLupjOBu|9k^wG^kN;b*(FgPyN5-^`DV_%tueZqFxAupz zBrzzM939hePiq&|c2j63rrwF&6bi%Nc~KM(x$wTs#wgI=psZmzw4<{h{@ zk>M(Db3;#m%R5`Im}jsKbCrF9bj=+U_!W`{@S=3<6IT|C% zMDJ!U7Xu1rYh#;b;W|WiewDKujcXx6dQPPj>>B80{6ecFE*Xc&7o6VLeBBIvNnS(_ z+oriE`|;gddzmjYeHl$}2L8_|--*P6LC{^Ck(11Jx*J0gx98Q?G~Sa`a8bPo(}3hS znSAavA>enSVi2N>x>=R+7gNvr@~eh`MR~Rbb6&g<4TAU!1Qc4~rjqhLxjlK1V}xw^ z=iEqf;)4!uI8XqKW<|URKnlg!YE!pf9Uq##5wp|vyr%p!0S|u|ppgzo_ z^5+V$zbC8$UU6fI+LtL7H8eBbcUzca{-UBHDUpC5Y-mH-9&XO+YF(BzYpn}c?gOrK zdIQSL?jdIWwbUV?lx(!xSHLYmmsd=1TmbF<9=h7^ynD*siS!$zw*A#PNAw2eGK>jT#q8Wl0=Maasj0k!13h>ORgzEs?a3%x&ksstU3EPZ3x+U?l z!h3~>aov8P`XPOqhrX32He&Z=1?xuj`CHr)>4gx#FE~tMc94mzke*yIz%OdzW6nIz z)k|@hpxs0R#!##ChWCtJbIW%&STIVZO0~@uB0=DwA3zup~XRMmxT-)Jd3A{mg(G##37H3yIeYZC;2y$T(v7-2XSX|(`U7mI~|zL zzCH#v?VazUoO+h3D)D;l)ApL)bg3V>lkE%)O8^0@Q})#oMcwOO77`nhaXr2t*iKil zA9DAe5`psYuQ%sUPkkU%iNP^9D-*9ABCg%=Y;yQ>yi^YZw8g$Qf384Rl#>jt0Kuld zvrb1)ts@9wdUpg~R+)*riT|(tm}01MOru!L3JDLO!w%bHYsf!ZyR<(5;JYZ&fnHF?Gs$;uU#~MRFAA5`OIMYv?Zs$`QExiqUU&%Z+ zNMX#XxsYcWdnGlg4g5)LWFoXOs3DQ1*f~vQco2?ueh~G}Yv=#S_S)B+RMz8axV~$4 zC!@Rkg$eXSmbz)NM=b8B`{az#j;AnzF^yzM3$Z>^K* zX@*RUcw_gEobf8& z!8oR+jcw;f*pWi0IF04MxAX!Sx3YtWA*ZM<`R48e6w2A(Go8|1L%gy?B0nK(UpYF$ zr3km?*z$>yo2RVt0|iRC&22TejiS~&?NV^yINPY~yB#v-H#|_Hpw9ECS5%=6&aEhm z)a)y{^cx;EaG4fh4GIPL5tEYY6hZ2LbZ8J#w>Qi4LbF4cK#uzl0Vj{KsBzx|RU?|O zR-2Hm{#xs6Ov6^!I9Utl{Un0$9}jsEj{8dFCsI@73}N0d>^d)bE;_eu@=z(9*lSnQ8CR`wu3PRJ-}%$}w8$FF_6>R)7E)9Dl!FXy77hMYM(vZ9Y&4tN}@5`DllGB6t4G!e@lz|l66?beJCV^fjR5V9emzxQko7u%gnm8c+5$^= zi*OXt<=!*WGdi!+9~H9ecUqr0zsJ{%wP^sR1#a}|O)2uov!andnt12)OpLIb1-fgC zGA{)x2Td5;nzZ*E9JvyW|4RU7wj!m!e?kz+bv*T8m@S;Z-+iT97A!-B82;sbgcFfG+BY5^<0ST{pWIeq*Hm!|R z)YSKV5? z`0+#!2ZD*;2JmKOo8%XEq~xjEZm&P9lEpzI;;%<_FtFlr@0Rgnf>YeZ8aXLHiq zAbYz_J%@bO%7Xo_gIHcMvr{*$gcNrfOV{a2+5OaIZszZ=PE=K0(**&%h6}_?ktW}c zXRHeASd(SQ;=EZ3ErG`vOd%zlQ{Mugdw7*~%#ykIur`7grA-zCY*Je4U-yQ``IP0$%XuFZ`aX6_=*UsWfPv zZgost+(%lGVm9}TjPuGjtF3dp(IRN09$wa@Kdj1Q6`FUaj_Y%p?YsYBOg!4eG^au~ z+jlhU&j?DeG?Z3Zg0L7pHueOh=6^Tc(?)skU5s4`LH+f%_pD!T{&o?vr@gto`2yZ zdyCT8$<{G#&}lSNN96IS(5U+E?YyOi=F^>!)xT^amr!k8_%bcLuaGM*pX*gw$kZ)GAbIL2#OIqZa zh;&h3cN;;}0+xT276!Mnf`xy5JBHM-p3+FHuy|7XzYyWWsJ>Im%8Mol0Oe&UbCZ?*7e2mGX z?m1$?SBK}4y4JsTU1*2)72-T5i6iVud(gQY5sm9qH_PwTGe72ic0|h`uF#p$ab+Wa!`m|e%lx1UQnbA96)T1a03n`+_Qk4s{@^Del^!-Pb zG&hV^+D>DKT$-X&-Y$QxO)02Up@X-+=D6GD=$dFJd?l@1=w)}LLJ_T1n}(AY9hQKB zi4Z*SD5UkdfUN$5p0d#P=JJ0R$o ztLi1!LFS;i;JN4{@JElozS~d0|MIWC4;mtR)2MhPtKCYt39jEqL=LF^R=@oMk@+s5HUCV*aOOO3iipSMLu$Y-rtwQ5A%v4h<7$9w&eaVb>KItE*%=0 zoNeFe5$d+B=VQtr9!rT?OI#xn)O?UPky%2x`lU5)bcMHGrssw@*Ui-;q2rR8p^Mkq zk{fyqe--9&7q^YjNi40Py|Bvrk{uU*M|4`i>2sGgEk_}LoSzhsVu@idJGG4;K|R&D zq2^?y3K?7$q-F72miAOQbr(L-SxAQLY#DXazu6q2u}XCIJ~5lJ^UhI!JM4q7%gIT~ zD)xVa`QJJ698kVG_gV1$KMOv=|IQIxhfh!5*htsN+|cQBuKZQAj@;!$f4|UW+0$5P z^=KGR);Si5`BJSwYyC%CsEFL{e7HJ{-jd4Lc75h!1An-ViqA7x^q#!#P?l|yjljK5 z!;8793j=^`p{cf%=U``sqEeNl!7~kPf1aN+t9>T}!n+c`s=3HkSb#CIu}(;2Qv|q6 zHrF@QtfMOuI&!AkX12>MGJgdoPnp?*-Ve@KZ9#40_5TdwiGQwkUw(;30}`wgz`wpW zxP1YR0yVXerU%?*h5nht~IeBG{lbc%&P)9;!eXc@{b;?0xO;gst3|W$#d9# z6J%liI)5xZ5s8|_v4G#?Gwoj=4*t#Lriv+(7+cqQRcIN&B~M2Ti704=pDc6$L5Kia zT~9+r>>?Xxs_G5ce4Vrz+Q)gK%O|9wHCTR>TF<#Kf>$b~?D-n(JUgDDG|TDxhBA8( zh*|0xANO3E5rbUWQicTNuBTzLbw&ILM{GU{>ND9|gLen+BP#d0&hBoL&*g|YW zadng@vOt!edvMKKZJxpH;{}fFJ7{2z7|cQ#Y0aA=g`HL^%8lnky=bIH!DS+LNY~S? zpYYe2^eGS$q8a!gCfAEN+z@5>?9$fZ#z!l7vl-kRi%22!>I>)^#W~C)COP}PkMa;> z*PBvJL@S9K*1g+4ReglME-3m02{bG?O59FZ3uc&q-00j6pfsG&oINZ4^A=8QV<$cg zjdodgo`G!qz>k9X7lA*X>O(y<;gg?GpOEX(oC_jWM-*rrF?$fsed9M4ygzu zk?nhCE!NhMr@C+Q`6KLJ*Pel9R16!k?hQT$Rnj^3=teq?9Y4@~AWqUfLHokav09?8 z8Q>~yfbm^N#)t;!F&Pq58x9PsPg_$wrZUamrYN>xBBE#PC;b;V|Ia&s{anObU#ioq z11f7#om2M)MMys(M`c+-2AA!5X@A6PE&M_jv60m79B8&R4tuQR%_k*!~XPqNLUhD-v%-r!3M|AXxc` z-{gr{M5h&+5~2=@Q21-g!Q z#>Pg@c8-jOcJ5AQwl)lGoYo9(+?=|c>AT_v((l@ zvRqP{(AcyHOB8y`jYSNF8hQ2M0V$%&v`I}(h}f_U#gI1){?BW6p80|}Yb5esVV;nh zYv}i7El~Ms3Yx~c8Jj$&2ODdJ<1by0Z{EHiuYycoBWsQaW9dAm6IncLj;WrvfC01b zigCVL+i;M7?#qxTcEEuqRicShMgW#8U->`q(f~3i*P;p^rx}&`=-JL#JAgVLFk$xN{G~1N`|OOTt^l9&NA@fq=vcs*_xW=z zZ-R_F@yp&48%6NvKq89PyV)5{*YXnGLiA11mw5iZ9|(7B6jQEWjF6Dth-0R5dN8g+ zDdt{?r)V1eH!=KU8KB-95Inl5px$;d_K1lgH@`vovIJ-oQcUGyuMB{&{pIapp1azb zt|!0ek$(9j5J@rgA_wyfjdA5jdGz#-aED7d*ZvjiO@ut)J-F$7me?Oe36yU~avUyOMV=5AL?T zYA0ZN$mT-w|48%`2BTCfbOhhl?7Y^bLWk$)w<6KeMOYC1n~%w-_)}V$KSqw7EJ}gB zFORRQVo=jG$xvaxR8bN&`K_k1R{mSgZyQs0>qG4EG6o5_fBVL+%fY==u%A0~kpn8~ zj9J>yVHEIr#oQGm=i*prk=q^?;>%ehnD`moo?YHC1!h)q({mBu=Knc<8A7hN4ET3j zUJ*$>k-l45-IR(T9xM|K{Bfz31EBUuTb7^f$+khODk$Tdak#2oUeOsY~Dt)`jNfJxCh~kZ9 zEf2(Dl)c)ReUg8D34IyGcYAl9@=99MoNSnJ2566B__iRmeZI4vle%LKH5>Q1U5$3J zE>s{g*5CIMwYjA6s@haC3V!)uG4H6dN*#@;l@VPHRm6~S;fWsmjpm@>7%p z<;Rcgb>Zs6I803cTd;^i<{6 z+VYka!M6H(ZSimqRcsz(9gZ;OWyP~vL$P7zvQ3)ho;XY4lYshQ|K`a(pc=|i8(8tj{-##+3|pbka;T4j zcglfNb{GlzI77(14V>KdNRfdL^vY$=niB*Sb88_OFp|`xD&M|%R8V_0=6|79OU+v~ z=TN}GLckyUsa%-BYO+t|!Y=RmkEpTHi#aDhKLgm_*{`WenHgafYDJ5^FI>WV78nqA zmVmjjc2mEsih6SA&yfs0i;)wkE*4DTDP329hwS7ci{jYf7ogA5MCR)xH=XAn2#0EJ zC=u_Q;hXUIaZ*yPY;|wj1%$JAp=Tp|v*?n}tGsmgQDsW80rZtPzAi9#AR|o%?=W3G z$&!Y|YV{~t;^|CYAM3lZ4Vs2*Cvy9!;dPM?P9pW8?SRXfUp;M77DBc|9iQ8ny*LMJ z0Dba%-~r}WVj>VDvQX^qV(9ke9vDR*+|J{pjMtU3+Z?h@$kX)=`GaWi60r|7asASJ zMe6wa&g>QIkwSvpw`kwNg#5v9=*Wuvfi$R#(DyNM-E=5+%|N7!7t$=)x235Mz9-Tl z4Oy%)Iu2p>+C@mQK{@Pu;tJlTaeP_E3dvRNoq5|n_e$yMMf&5mY*U4CWv=hGoMVk~ z75sUgsG!)g?7MRKsE+j0B@Ia(lu?Fx&0+4~kMY8|qUpQ30khhg5!xd5jqWnCK?%|! zGsO;SVqD$!UfsB9<3MiWeRi2HMgUjoyU{gIzF}O!_gz8r=qxR9{)hXxTZsU6*9RlV z=>C^Gxd)cTxcb$1)k*{sf_m4(^C1{SVrq*192QeYFD)1^54^6dT_nn_#o%p82LW3^ zUoO!QlMdh??uuKdKA8T(l(p~bz$u3`WOFgINcB@c$O@I#Zx-~HR9wBNfKOGxZ@|}k;HwCZPa5D-dD~G1 zoCtiy!+8$?2&n}(SDJ$H$lXHxg(?6wF|4yHZdHKX>R!pRt8`$;vlmb%SUq=gNd=6D z)1?sn`G>QrU~U|r6o9SD_F>u8xe6GFvr*W)SbmiN&@Jh$cuZF-ySfH?6#!}keKksY zY09roRl#3zd;$TvmA$q~+p85vdLPxc$AMm?I2-xBC1qD?I9)Y>+~VFxZc#6q!nQT=Rro)eL2ALD`IweoHK>3^fUo>GKD7YdqTUMi*1y141)MIq z;7OHj^|GrzRj>q(PY?hk7ff2#Tcf`HIRu0%;Loot@HHCvs)i#d6a1M#gDO}6_-cmZ zlMBeL=)F|mzEuGS0$;!5Y<#BwcJ(Q`_&=g=Ro%AJ$$YW^RqETHy*@?z18g1Nsvn&r zdn3{A_yWM)aVMTtqIs#%@2PFZJvhC$%%i@{5FnjfjDc@`pxCWtgk6;YGqhzn#<)tgM{UdJSU)B7*-O=MmK`fS7USBgQq z(mnyc65RfKG+@3UtWN+E<_`Y^ltGD~pqX+l=Myjl@x{HufI@16KY@6VvXoCiu1E{z z=LHNATq&Lq-?4hLKiMBh+l*g@dLGHwl0SKjLGAIc>KN4$OFwR~_(``fK0^%{7a})U zUWB~@pL81Xtp7w%w{<=v1sE5ypMYpv@Dl{0%TYcdUWD4|Cggr*_V^zVcE#}-K}2|@ zc|wd4cY_#~uZ7$8|7=Q4f%IY+_6>d}-FEt<7a*8^YW;}1BKriF=v^_NQjmh+6JKF` zgRam&+s+ZtsGbmgkhV`hHRy_QC;m65(D+vvp};GS;80l*BHECTj+*%)>(K%u9*PmeB|INJ>OJuMzwsX!t+n zYkE&@iZXdwTOBUt;~anr467VnVhKGy&;k$~Uk9pBm1STx1tghzem05 z(!PLnHi)oc40Eaib1I6U#ulKOMMi?4R)#<%9=BXNVx?k=8ek%uielUr5M#LT=i)={ zp`PtO&rB|lb})Ok2qMRz27=HUQf2jP`H;I9kh?gMV*r7mP67ak0InSyEb-BS8CvJ0mpuy=dO9fIbIQAy>sX+v zD|w~BzUCW;?ATgWTYfjKtRjamMHPl-#!adm(WMQGxsWosg@8YlZweXy&i8G70V3=G zbn~88P6L&B7?g0YKjm-C4k<~FU@AYFlObSyVq`w5VJXt5-C!!I+%VwGZ4#(jK3F<_ zP!-g4)?__YFWpKr(C!<*um)+iXk5z?wPKZ1P(4ae_72~Yvo-E5M|OR?**}hmyp!R{ z>f7;3aY4AGlwnmJm}*r`T`>MvV1)XD5wB^TrGR|FxlS_WZi;d7U;2!gtmb_?(Rqg} z$y$VBLB)QIxUP+OaojN&9Rb&t@#?J3`?w){^N^P|20Q#4vmGf6lBW4I!g)G@Bno`6s)q7AKV+ZUU1UykcufQ>b&SmshRK}>{HPu!n?EIC(YG7O=!in%Z9`?#D&q4^M%`IU=yvJR60N(U1kDWbn0(R8E zEssjuI4Nve;X_Z>Hx|XTs`1AazY;}Jf!4>_JgOJ?3jve0909hMhcmvZ0FlKhG&7u3 zlOOk%NBP-%U26g4L!2ma>Xd{ZK*5V5u3~Q34_OG7_O0(Y-`Qz2&<6Pse3j{5t$KAA z0lGiHa#dGsh&9&1mm=VU3K1`{s%XMZtvdnOjc|&YC&M9@UT!|Y4a>7hiN#+xM?mYO zrtj^HcYZp7_PcEm1*V=ZZ-Svor{lcfFDtf9r@h3Ha2?{ihrK@~C!6z+%LjLopeDQG zMDAdtAn}A(3+k|}cetMV=ejJPoz{;OLC+suhos8Z zISnVmh1uh`&RcX>xHdKDQ6k8&Ih0|}8w~Imfa0Gq#MomD4nui*H+wv~J=!#bsDNTV z2}XR`FiRomIL=r!D-r{(qE2o&7xwqj^UM4Q>D6nkudY#e$hiSa%A(8;00R(ifQT}B zyE4LnjL4a8uwE&4zaS8%ppa~V3Z{Te{GCs=CpI9f4B&>nr=c2GKn7nHKnS}G8%R(* z8-$*nK#H(PQ+kcINl7#9)3nO3#cG&&s??1U4Jn_pMQ9I1PxE&i4wRiqDJE{*z-O@# z4py~WgTZ~fHW1YA?+IpuO`+~ftuGp8&6GhmXX)PotREto|1QW5iWs_k^P)iaGhu}q zi#3JKZr87?e>6$^MFvG7qbB@S|vCM}-haE_9u|L4j1u$#UFWo7KRu#D3$0UJ)KOrY4UU^_u9M}vx=f6vFNQ7Wj2O3>U1TlaMrVt zk5A6HSd|*m`kukN{;#EP` z`hg75KhU-d;ZOC!nfrY<>BqjT5oCw2|Z@}GsEL7*E+QR!Yv^Gmzm1l7Mp`iR+~@hT_mq$-j!f8Bxrf9lp#mGE`cjj7_!l zmb~O}hfvs%VWfUd<_sA;$KMP*pYFas3q9&o)bW3w)G@y0j#^|TcqFE-wfDtdp;YFu zy%`t2y{G;Vhi~nBU||yDv*)*o|EA8o^mu(~b-XqzyGWznYC$8-S#c)WkoH3+LuGkV6Fx!b;&;g*1;+w5{Wg? zjpHB4lq>wP7P-BazVQ9mHU0FLrC6|JACKcVGe`@&ev@EyUi^VzuBZO*PP$@U!sWVe zOP_9+-g=YxR=S}*%q{_9iWW+nI_~zCgr_j4IqfS_C8)l{gnj!NA=SMJPFX}O-M!-_ z%`jx#xghS62U=$q@^+S%i)HE5bFqdVhVF(?qS(X>0SRGJaZ^qR|94lFKFoKAE*wdB z$1KDay}*oUtIh>K^+x7?1y{+>TkP(~KWOe2@uq{XaE2DQT8)&zsssbN2isdz?G&Hz z#DtfuhJk~pZ@WlShc=ZlM5JSiD4O+$4qvyd`jAyMH#xBbvf30KrBB6@8OtO&nw#!9 zN91Q#2`>6DYBApLCj1G@%3Gb8cjpLLfNWqX+*OTjXf~TiCc&bJK+7@C%k_mQCa?8a zV4D{L{Ka@llHeM7Yr`euM+tX&>uK5VN@(%{N>J_BZ{UhY9{}=j9AAXnXspN@&T85NMlNAlPwbvc(cC znQ3)rijm4KdL@Q>%{|bo*B8y7*zSJXdQI*(OUxYQz@r$Ps62pPb?=%G(%4}3?H|{s z9d0Z10N9B`F@Fs;GL(CdlC0gqtVBs#8e&JAct=$IiA8!EEJul99$kY8K6)A?M~@L6 zKITLG6vMu$uYxTfNSu38WTSP=quV~Rb>#=SWu%=25)`R4Q((dYBz7)OTeuiy5e!}K zL>x~wORXxdcL*{67JaSKb$LCP&8iC$lgC5vYf!@aBkc6J+2ecL?%uXwZo$%N zAMA~r%+0mg6o24gWaOT`K3EoiT*$x_jc+3K;Lu7YjMF#ZMbtKQrG4Bnxp~<^i&dUE z^@sVYoXj<>-T}PtAGjEpZE_@LGbOwa+bOAwL2`y8m&6piie$Ay4O{oj~3-y%8V=l15f2TsX=wXP%GRx~ZyDmy*wSAU+( zcJ}#<>uqEWf}XoQCOC>P-+X;W<&H^hyIMW0_yX-zsr52 z3qiQ1{?qn6|HRp`N_UfC4tJS@GVcf zT;7i=Ac6TU_HTFnu<)7mJ9{2Td5*_Gik;axNu)-n6MB3tdb(tHq1j0rW08ac-pC&+ zO^i?@>{8fGlDG1K|4`3K{jmG!eHOCPl}rM9V#y1y7&hmY8>I!5dLmP&HYr~!MJux3 zN+Ee7isK&p)slLf2!mW^_zgFWHh}*P4R-f3g#6ky&qPk^yANXB4P++Nprt5K?DS!KGYTy%AHS0_L51X~`W5xQHQsX7l9y;Y{W=4>Vq(&b6 z#oGXwXxBcfnnMUm@DYu;=x}zxuSJv#UaeT^3m>fv#GH)qg=Bb9Js0y_gE9vZPdnOI(V%N^BCVbi-wZ~VqiVc}rAe5v2`>!YNZ0X}G z?fRlBBx(CkB9VHkDS&Q$#C75jck295#v)C>lIwM%koZNT%O3x0Xg5Xu?_8MImu(8B zzzXsQcqOr&s`$C9f3%t?^4>K{eGjATPz+u+`q;mFt!Id5ps^U^Vjl!vy)!w%9b~Ip zC)|o=&czvr@8adYP-X)Kq$Dr|SFvsM?f#bleuhevr}ByN=Dc!4KkO0iG45yk`gqB% zn%}D^t@7q!kDgP>mqV^U9rqNi$zU!gr17khy=h#v9*oN+%P*b%IgnQNJWu%q-Ff~G z08c=$zuIHHqOH56O?QRqNYR zF$%#s4(}&HiunCs`2dgIEcqWf~Zh)Wc@i0zWdzkjzKgh(+3%0Y77k&i` zn|a}Wyl`H|FTwH-iZ^s6Q%J38(nGlMY7?VUp?TA0Q&(g~v;Bf86kXu@R>L&k;VTMw zDB#T@+~pB-?LL4o{o1Plj^&%x-Lw{y4>s0Wz;8XX$<}F4>pGM)YmJaYx6SB zfqh{$>%R)dFPCXyChx05w0KyDop-Mpmg@WQvSBd{18C0+6!4Bw_LuCOLf)b3#RZC0IWnq!94aj?)YdFpMV>_m8`~j z!5W)qvV9r!(nn#r>x=)I$?@hD#b$@Xa?$tbKN$Y$D`7UfW;Mk~H8?%_9`Lh~TFc^X zyb-`%iBr_lE9&uyCeDil?c6`jFRxEfS-vk={9S&Plm=?|uWgazbMRo28}D|)%}2hx zdFm?jz!(TUI}}Fq5#qphEjQ6V{6p*6-bMi~3t`olE33O9io3hwOU2pgF~*L*X?4-vqXj!X@6|FPV~m7Wvv&Uf(6# zpzbu(aE6bO;L!+~u6otj;7mtWzTdxKM2|)0<7d0UZni&bOl8&st4&b-D<@dq43XKg zdY-nqKok)>=$p@j1Ni|>*g%dIm4O@(_(1kJQmr(awKSy0T7xcvo!T$6`7~by$MaB% zesGHnW;+`&Z3*3<-8g~fs}t9; z`Rc8GY!wz70)-hIYmfUwseUt!Ix#q|!Tg`P!Xpm(Zof5Gg6n%!HT048cXcpxjBVYI znSc(G9SD+U-OsBOxf6e9AngROzk-nkbe^DYRzp zrbvuOF!IZRvPCzMx~ zdnpKz-YutD)STBJv;6Kv4`OX zICGtQKVg=>w@4g>$TsuY5c%wSZIq!S# zW4UJM3i1H;gYlMz-JkHGw}^(`F-LFe<^s=g-xIt=c(T=o7bL~3x&;)I$O-dX!lRHk zX?A79uN`YWDdzlse|Kdb=5}=y>rDHUZ_&}#6vP{!1iJ+9tM)HY?}stQuk&razhM4i zRX%ItkJF%uRUb2&=dXrowz^u6jPnzQyJp1Fb!k?fFK& z_ZbE#%t@7IiYo9%XqyM;22Vk%6>o#~;2xs)mh=MeT-%1M0x9q3{9%5n{$4H4jUP&@ zzQs@&Fl+b0MUzhh76~Dj>tGD9OTrBANLrzxEr5~ad0O&4C%``@*%~^hx-Q^@3AkNw zLF4S;AA|SgusCgpm_O`*v<3tH?1uhNxUTk)>L=hP+tr!uBs$N1&avNhwcFw^@gDO` z7Grq};L5AZ`&@QZ-sFr7+R*=kE&D$0Pl5d4kCa2i&XDz+Q@(w6?6K`6&E5Xe!B!W;%+q!rha zOChRzziT9^=pHFqwE6pjq76-Fv0$dZlYIWq`R~q_-snFQ`FBD77McIzpZt5(_JC@2 z_d&-ntaGYk0*crly}ce>@g^$f4PSlXLr3k$*}YMhQX;Ul<<7#JMd93Y<@2W z?@601QoqGRq4C4Mk?IFPGl6>&l-`bg36~nFz7JHC)6oAxa6=lLR$Nz|QvFuy>)8;& zK(4gnS!!&BRR0)(KM+_g)h{42hvdc=5Wj1nfbE!LkSs%IwG0xM;r5s|CU_Xg?|&F< ze+#Uc3WkkLl~&)3L)O9XqbBRa2O0gdQH_nk^8Qn}v*fyZElk)bB@*6A7oY%q{DXBR znJVwfr}hTB^5%Xp*G^U957*UF=iYbeG0gtz^ZJ5@xi%bA?&TE2;k|RnK;}4}IF33p z32i;O!$8`Q|E@2$60rM`yMt$KLup1G_2wjI`x(3B^U^LFL3M!UH)(Jvu=?MnCqW-o z{9+E6agw^<+%~#7DJMFA*luY}S5*Iqs8ngqvpRfcAT`N#3HtukD7;@?gPUUco-d{P z@92DJ@PpopeXgrRrImO_crX7%CYnQ4mV)4w@Ja@O|*h}H-FvsOU|2x%;zP#VgBC<7 z9&{@<+%@v`nb3hikmFkVgx)DVxUC*mfbU@~5Q*ixwrLB7eI~7W1rShSQpSg#k6bOl z2=7pLwP>8f{5YOiyz{m!+<5nX$z6l|&o{BIxC;QoN5D=bc59;0dkkQYuW@gOk8t$)=p$g145o;id5T0>w)~_ovYy*s`>< zHq>760rJ+K=5Jz%p8~U7gziz=;^-U|>Z$Mn^48_IiHfJ13?`VAiucj3sg-%?KmwHw zPQfMiVrAYzSCetfzx9GVU#UlWJghf~vwt!kuZ0ZO`XMCrM*pl!yr_RwYogJd=uitM zqBZ|kkZis)j5}WU|#?|;54cC)IhR^QE>%Uh%L`inH%2^&fhr! zw*M>_lOr=$EEhLm%>L=;)GfqeT#ts}I&q8Ps{boG>W2~RY4Mj{YDM^)z-;8K|LDb5 znGYyjuBY?TuWg=@sebDv)E^c}ge$NRe?O3pdpLI=+y^;!na6RV{5C0-^=S!~cpM{> zw=b*rN3&&r`4>PNKJ}Y{DH)T$10a;#6)YETZeSfc9&_tP4h9FZ28!g=E$ys92jYKA zU2GyNcJTtXextwq5(UL;)_u+;EI4%d& ziw`N5g6EnUMHS;=AdNx)pOmY^^o0G6m|!U7--U;=%zZe1F?{3?0Ey>o&*x~!%a71Z z+9Ldb+WO^eAh7%x&Z^7(h`}z|_G_%c@7;(`3;I7eOZRjAo{0y5-gc*P(YYH8h1U4q zDR>Xq@3=#})5^9-=ox89lgI&h;eyTx$%#W;=3D+AJ1BH4#$Yr}aNNxf-;~Wxvm?9i zUaL@R@|}B|_Jt-80YphgTuy`khZUG_+-aN+Xjg8xZ`lX5@#u!*%J_ z#Z@rB8G3=gnv>L6AZ`!*oZqm_*8FzRex)~(ikiO&!gWi#iTTc9kZ3BLgCNnCI>U-=TuTl5+JtEMScIA!hdf{8~on{WHv>j*gp5%I2jxbvtqUD$bnKG@q(1Csj?VEh^*t%rGiOWTcx$#4*B;i9AY7z?jJ z=@APOW!1F|blwb*V~{9|@pNoZjAVb;6g59-wJC*{<~)y(02eGA%cVGS066DK^}S-z zmVYYnoW}Enx$guQH80W5KmgX9BHOjew2c^b$MyKMO%%I*-De~6oqjq@2+D&RQOmPM zpw20U-l-mVlXvh?$-NU-fp0hlX=Ir`H3Vf!@sG2hOm!jsGSnh#o6E%(j!OSEOts0j z=%%~KwhZnFG7ga3cjGqDupP^m7IY z9n{SI0#itqd^h8!H%Skz9=&IK*Xhl6y6U5Z9AIybm7W~ol0*@cPobK@Z=oOPc z>O@P-#gO<8ZdLYFU{yM*IG3#}zkP$>=bRX`L-x18ds^8xHxxz{#L|O4JMoTqd|qeb*tu6yn_gGlp2n zD_TaF?}3HvsGM&2{MZ{T__zZ%SfwpatId0pn0;=S6{b29#46yl(C=k89oL|jG~2w> z1G%1)Y|qPzoB!#y5jqQJoh8*@HRDn%JxQPG>d zVG!mFE6A#C$1cIWB$`mZsI{&OR%yjy3HQvF;Z`NeRgceC#It#*5MQ)lwt0SRmFjKzbvGs_!4qPTuleeMM&y5#={zgE@UhvDZx8NX8a|r&)b9mcK~hU@ULX%|`it z?Cgf5m99%5=L}Q|Qh$a-mxfF3T{!l=h2X8eTH1w*-CydK(wDe((+HooRpR z)+~xmrgWf<*SB9+oJ3E^9GS(O#Os^6lQ0FH1o;8nb8Ypo7t@+M;DFdCMs=bWqujFq zYZ!dKvk}%num;;MdH=veG~ACQ2O{wqyBCgxk&jdtc%vR-lkdksH`=u{27*xc`}|sO zm)x7_5N<$0hE-tCXLu(^@n>Akw4uVEN4&f_)W2L#5A`pb(NjLWnfaHNOSCY|vtrBW z)gzt*uHRxj5Cv`kU-K01Q#RaAz6NhMgh5&0tqu6z_!~15E7{>rsosR!i^DESYhT9O zRo+y&5Hm>YWcvhWkT*SsukRb89-!`A8i#J=cF8?ExZe%R+>T<=^WN9U@&rg85Trri zclp)DDR=o@k9YYAoB2I;Wc)x+>W)l@Pqm6-hrS1$9xdpnc}Zg*^_H0(XGbw zj)svh@^IdV>!^7Rxi4OE`O;k%Ao6TM+3}{Eqx5{k--3Fi42eTTq7U2 zU8--1QM}YevW5rb*=e>>#rHMfi+9k`!67a=To<53vL?*0Md8Lg(%&btIKax{0AHNy zw!hz~!*}5s?wMEUc7yzeXsLd4G`;0T4x9KrT1mk@BvmGO;XuiP%5>8FVnFbTz(jh{<_Ri&{>Sj;|j;w&ymJY^x;_X_!QTLORIc z@6PTgMjkaClve$N7G6=4OF@~74ijoy5Cu(2g?I(7s7ZUS2A{8!3rQ=FUzJ<-%hh1Z z4)}{hUT|m&t#@Wfy;PMu6L;PIae?VA-#b2iyf+Wu59aweU&`I@pLikke#ItSRxeG$ z_dUhbK}5S!#LWfi*{`b)WBhYH3lHRV6^o%(yoNE;8o=vhJsRe7Ih=0Ycz?+8<&>701k>eyf4UuSxktS%3?_1M<@*bpP1> zIL|`(D!Esl3%OUS_8j_G5GzUoTaiGbUDAE;D(CkYdcFhDNQgTFdI&e`MoQE>tIvk) zSF-Zb$_;0!dv-~#KjTcwg3)CM{g0nz?;()ufezX(-RG6-8Hp<(f6Hm*J`GT8jfHDn zTKyP1C`uYz3X6$FKND^Rt`~77QNQI6elvz@KZTmG;}2#bwqZx5wMYd#qHbY!^a6m* z`_=SVA2nB6{Sk@uM$|+yn4bx^MTG-p|WrRc+(NA?Me*DNqkSfuUtXP;7ykNU&7?TlO4@_WHZ5^qns zPbM_Dr=ffFuQYTUzzzAkD(#nBiJlvi0e+v{qdEwy7y@cnxi_P*`xr_{9UmBz&*JiL5Z$AtN0Pgb^4+*;$gnV z>;-(E9qmPOJx;GyXkwAVascRwB%TlTZ$1^Q-}@-$KYdD_|G;Uvqx{mEB>?!hwW#wy zR`Nl!f5ZF_PIJFY?YrxYs(r-(_zz!H^0!N_#FKJ)(D20*kpC#>&!2IrB?dH6NpAC{ zkcT(LOX~XvJdV`q{%ejab_c@}SO5O2C;0Q;bYm4Rma{jgm%R8ch0mhG-9={5U1TyZ zG2>K-mnh(R@;&fEKzR{F(P_4|&R#%@yCMF|&?54@7fj`aXW1@2Jo#gzz3K&&U2fN`K*gIIK*2`C;TN z?WTd?xFfsN!leY4{>n3Ie}?qMlKZTW(ZizZC|vrVKh4KG&;QD&@cW2eY9ZEspIt^l zsQo&YYCNN?>#!WGPM+lDU;*NnQu;nx38F$yHhC#S}sw_ zfu3(s+6PR=A(P&J@czN_`K)|~QXZs8Rmy{~9hCAQQmi5$kX=0@%Lh3pWxxo+9+m+U z2#fDG@xOHnpNxb0oUFcWM^x>7T?T0VhvYG*=}E7keD^E#U}g14l64YC32xPl7!_x= z3XU6b>-jhzQ@-?Pg99pwUgCi-x4|I;dL_?5fhr7}HinYkUwnekP;{D4j$oPOZjW2S z18`y)nRq)}p8EToQ0x}kI~maRh&Ia%{5}kA!a`KdMw+xn&~D?9hv_kyQC?VT`tLcz z&JQXAa`|bv$L#7S5(Mja1eGm2eG}IJWwTk#)ml0XPsl=rayz; z;3zLeR|Xa3?u+KJ%O{8Ns1(l$iWOxgQK;wdb&f?X6a8z?tNaZ<@3^%mt}oifZ(^^P zRGxPnMUS%lo~}Ce%uTiM2OllI?T0YN=dWMnEvxy;cVYfziVP)%O|8tCI6RV|m|T-e#6p zAm`zS%<1L583ErdPg9;%&cpqu_s(irr9JWf@u$dE18Jl+dP35rI|-0T%Gm9*uP1^V z`d9__RP;i6Tu|2^5Tb7^LSa6O*sAL~#omW}8K)$XjE~~C#m@53#YEdbEW0hZ*RmfM=q+$Sj z^qSg3D6On6nqN~{Ay^mBD=W8Km8KS3$4#C%!OD0GMa4BGSS@ASOIVSdvg$d`^5SZ1 zwY}6{4Ow<;iQNI@_7Y*@#NNY;K&Wa~LbzMFdl?B?!<0~McQ~sntb+zP@Pn{5LQQ40 zLzp4VxLruQ3(EF|no6u?HP%X}!&+Hton7gyD5(+hD;5=(mz7v&PPf`YKUH>Xjr~q1 z)!eHZ>s)$Q*>F@GS8rZz6*LFMS%hDhR>6IS_kqTi<0pPW$6<8V%4%z$+xw6Z$gQXn zKkqxCc!Dq>zklVx}d`VBaWapNUq{*bz}9 zl$F#9&?^r7VlU`hD55WES2&>4N-!z6FS3_Ih1Cn}Kn=!L>@0T(EK^uuUs6oU$^Iy0)kszp9KM8y6OqRj449CKW~l^LUrEnK_w{DFM2+^>27cpR!-uvRc!6 zm6!BYhVxwd>TtEyF|WA7nrKZVX$MK-CE&XI2-cOkjor3m=;@Sp&(ZLZgBCfpxS};187cxxx0TJE0Z%9R7uKh#SCHfP<=@>s)A8@s%A@e=GX0 zUIR1JYZzaym9)Mg!#5(iFp-Vh>f(yIb}Km|HneJ>PCHSPdzn)Sy;O$Yi2u+=mDT|B z{wQC6#-TsBfy#1}1LcwH%t*&dr{c%q!91WJN_eBJ^eJcZWe&x2;5e%WCUfS&5SfFW z)~i~bKhrrKe&OClklka6y)E}>Ev>Fx2q-7}_Oz&R@hh5g6%2V}Mc`EWu%liBe_$npYFM>QYEdPl(|Fm7;F@?edfxxWq z|FyrSU;lO5|Bb)&HtNH7^d}hx9>6Eq{i#L%J1WPcue6koJevg5fx%`ys7^H0?PE z=OLXA>3+V-&H|1rRjrtJ>|u0U$}7Vt5EhsDBDNcThf4y2h7 z`d{H6g_OUEDBd+m5Npk1Cu5AhQDood#E)EMJpi&n-Ga$H#$*{M#Vyv?2{(2e(eJuc z`dpw@VBc}muY+(xN-3Rm^h-rFP;qseLkU)X|ykhkZt2c_zXL~ zOmEZUfq?R@TliZKe=h@$;>2+#^9oJ2$>P$EGo>$yHCcdBHu9JP*E#%JV>9V@?7|N; z;WI#4PXq$%vHhb><~5qpCW}`)+GJfFm2FB}q02U^Uy9{ZzB&sOoiW`*aLZVyB@Gyt;sc6R%mlgR#%kferW1g zs-_?=ndAEt{ z%8N3u)*6a!py91+0Uzij?cIapkJImja6o!0*AA1A(uQ->spx zkqbu?xhl-~IA<*BmRZ!;xU$fEfxe@d z24e`%K+oz~Kdr^FvA$A*~XX($D3@~(B+MaF2=;65X$g|BB&31pyh)%0)dl;*6qm)Z%-Aq zXH2X1+!TkyF*B!CMoygeA7HGRwl<2e`ZHmy4Bi$9Jfe-DkK7P_90X?Bt(c9C(@tu; znmp{LHX26qqkV0K`loyl2y|;F*I&>^e`I6*xu!Z%J56k}NAi##e#}n~^F`|Cfqid;YX>Q%t6{#YQe zQ;=<9A{&RciHc3kRE?EcvPJOnd!Rh-5#B0*`_Jz`zyJLH^ZU>5KfnK*UsW%brt@^`lU7Pao`0K82!ZEw z*vR2pMlQ7D@CFx4Q)HO)>%?I>lIzIRO+3GISpM0TKqaOpdBwb1!5qudXbz`qSjy4D zI!+kJVGB>SJQdcn`ZO}k8Oi%Ed^<+yz|-1}q4+9uXgl@1VnbMcEdkd4LQWsxu&l?E z9Nr)?_#%gI7ykeFHSvB8|2@yqTX?#Qr(g5*2v5)PG`c%W+w-(HPlxh!3{R)=w3Mfd zc)Eh85A*bSo^IjkE}nkP(<3}R$J6K@yndec=IKzLj^XJvo|f`-5l>g}^kJSp&(keD z-NnA5o<7Xe=Xtt?r@MIiHBXQ5^c+v4 zQ+fS7?akAnJRQT+X*@0E=^~!4;OWCWm4CrwEUSEq6|2ryow24>&Ys`j+UDV5U+aJy ztn%?&2!Go3=SR)*VXyiZ;an~)h#=l@85=u^9|~1ivnS`|=MSi?C||;k6{_u3)%F@_ zPO+m5B%$-K!X=J*D3$7Pp^abgFjrM&f2+Nsq`z`j-QUU%#Yau4cG{^qX>@V~M15mp z@yw47;p9^xYbhR_v4%0+Kx-a5ZALQGTP-#bfY{(MQ5iJVT3pJG`S_s<9`HHXF_XQ7 z&}yc!Q!Cgp5|k@1x3cpk6+!qRQw<#)Ru`9nnAT}{SVjlNv7n@4hr_vJ)FS zJNRQPWf}5IxgJoGF?bUKHmSl|P90w!+v@0xoyF0CFgq{`YH6U{n?Pfw<6o{3UcYk2 zhD{FFnl)5wu|cijp+0GDpxnO~_&gZ3qV4|IhvCf}PKrPu{_Dr-2J!SgH%o_eIGd*v zd3py==kfGTp5D#VdY(4&^f{is&eM;1+JoIbBGmEpTaN#Qr@#M;?HB)h68g1pe%5EK zlm_^3y*!cp4}bcVENvXYVUAzV>zT~;Ije-Fa(k`M{%iHh{UgUIJPc6yg!i9JX9=SV z?_ZhD8b&AQ%l#9HPR<`5R&QDuUAP@7@m3gJxSh##nPGI{b|}+jh0%rEsZ2L3j84wK zJB-d2Mt66Z{mOLf!sz6D>&j5NRbg~;{=hK0#xOcL|9|=m@5gZak@GXc=)&zs&d&^^ z3-50^KR1jnyuaoAX<>BX{VnIu4x`Hoqm%Q?!|1~MQO^HYf06vlNZv1-!tf^twj%w% z`W4##dm8#>MX`kY9Wz(>zTW?4g)dnD%>r%z3J3kKu=#I)k^1LW-apgB@YZYpck9nu z{;v|U{;A{rQ^?y<*X!S`Z=?0!D-hvVIP8CgO{?G7oSfm-w6PPW_O%WkIC$Xo)?7GK6kX; zkj1aci*>#DOjkiLKGPne`NUws7hFMNjXuiR3Fybi!}b0SS%ivt57sVGbS>&XfmKBm z9+YV`G2?-gCMsqJW*1R*^xjy^(ZyXO2)Za8-b|{|>!$PpmK&iFT5n1n&}nb(0ROG& zgxAq}tsWYqeVw2f{bt7JE35{uwOhKtRYnSa7E%8iT<_OOqP_|=VCa$rm6*ktCD?Mq z5m*rEl10NSNN89Bl)Cl|G8^uM`g9!_WHI~zK3!*Fkkw!?0hGd^G($P~OI=3>r5h5F zOD6_p8V(_s&J4;j+yyg;t}BCVhOe>qZVW0kq$C4mWzclPd))x)A+~=78a>N!3rMC* z6_YjtG|w;-D0ID<3{?gQxlxqx&1{W^`PdelXm|>sb%rU>&ANOB ztvB3>dE*$g!BC6PO$^#(xEG-UF&1y<*lKtiH8_E_v&k?TWhfN&pFw>e2(fsQtb5%Q zcOnIpt$Rz4VjGK4%Wsnk1fvf-?j6#A-nbh%HxVl{^na}etpIzw9d;V~@C`kC`MA2LTmaV%@?1DL>Xx4)f>t-n6->|}&G8m)Bcg#g4ph3oh?M2N^d>Rn( z`#Zz+b19pND83Q;FzR_3+6Ek=UXY=kFm$3j8L`cx*vfvQf_YXs@3kHv*7c@WSl%Nhgwhz4I0LLrV-qb)XbkEm_MxHpCRl;_R#aSP zjdV!M#33V}fyk~hGX4Yb4u%mj>)ue>kS{mlF6chP1Q~h*1T{?JkoJ%y2(cL!9O2pz zfMx8U&S-JkvmN1ja0eXb+9O7|&g_I8pdA6`6*ncN3o0`w0j_UPx+4nRLexYk5g!jI zNQKK`7O3gn|5kF%}B98%aPE*vwZz&;hC1(csr{!x06u zGX}1cM3Y`eHsb9LV6w=YYJLYQFtr!s>lnBgi90F8YmvC8LX533r7Faqf(}h9{2;b{pSQ+KSPR!n-+jE<=Rf@|q+F)@oAQyvUcX&KYRCc|A;fR>91qvFsp zt;H82)r;-Y4Ct8rpm1rG82=OS+++A1WoTeJ+h=I#fp2mVrHQk3K^s*6@IsG7X@UhTTZ{pqTO!Ko?R>sNIJ|>OnzFIo}SzhehcX>`*bK z1nYQ2Ou(1zn8lRu`vJI4Oc(^9MND}WUoiA2??W-=Ni6%AXu1({)5MfFQ3H>Q(h>mE z#gtU=KhhIoy8<)bqL=bJ8qSlVX)owLOH9GnNK1caV%x+Ne2bs-6l+GIm~tA$SSm|j7&Jt4wp+L_ta2|+&+I^ORRbomun%!TRG1ZDGHW;PS3t|GgfjTke4-{b| z%UvbHXhRd%-Uee{s?aWn>y8$w%76xJBx}CYbSEmx_!i1qO_G}h?MywIg?5=9eLNCq z@l}7)#`f8qkFOaA)@$Ap|~PbaIy_p>r3tR1|%~XWHQuK zkc`v*2>wcXSsF~V!-*CL@Hm4)fm;{SEA6Kd#Z00=5z2!Ue*#OBUQMngihGp$9#HC| zajz{vliFl@ipZW*s(L?!jI(?hb@iI*W1{_Bp>1wMgt#<_R|=&q=2bATyUcc$3ep>K zIDZRW@Np4oD>KY4<@O3edXuT&ScA^vEdngYk=Xn1kn^+}pTwd3E&-{=pRh~bi=!yX zI1F>%kH>1#jo+Y^HxZC&`~l5&8v$8HE&7n{)B+nc9;?v$a1iX!V)L~t(3*Bi&&Q%@ zFUQKF;d{=QRCKk3P5x`(TKhYWw_WD_RN^Q2zpHp6gj&#^K-btTT_zGSPG;IZF0{9w zgg{UFUFs2sWN8Z7D20slrhNmA;+T|AWD^y#GKGxz5^XoDD4jIep}UOu&Ti?f`71K^ z>-z$5jsU%JIgYmT1elF@ZS9=4qhSQ*8Cbb>hR0E`SO%>( z>_eI37_`A)K>>^m+GNN=<+Nk7#a6>PoX1QougS0&y_UqFJ%$_5%*+hhXV7E0cn0k^ zyo^?tz@USMZOA2wK|aIZkTRJ;Ck>CG<+f+gg_OnUVmmMheEByxd89Crz?b9eHKk50 z7kv4A6sj`=EuxUP4?STQQHzFQEtFs-fa?mwby$N{Y==%nF#H9FT6b1RZ1AV zhuN?jO{OPRwX#O69W&I%&x&WMh*ceP) zgPoWqnlDi{SUqH8=)*>RVivL*BT6X}W_Oe1@jOf>=}cGL<=`8Q5{q!a*~H`mDl$ou zefnIb$SYKH0ctm2OvWiGaWGC#<3wpW6X1O+uQaUdPosAN2z_??on7o3BS1ZI% zE5tM##^}A&S?D=q^ai@ViT+2^h&zZQ$~;t$!I;qk=3~A-0Yg8*I2amZ&Ws<|5gltM z=y>z6cv?mpw}X2yk03G&_9Ijnw;G02T6}^T!#LwR;DzE7X*Ls#yCEk&iRL-IaVGeg z_+&meb_J&K?J397rKEC>5Z{5ySb=E_@QJI28qyNt%rD7I6O4>$m$`O_kkHP!)QS^s z4FV=39(9avR*5LlduEa3b+VI?;34;46y)ghu}IHY==S)O2AdDxi9+tm$dPH5{U3i zbiD~t@qDp!59TIDSze)X9W9Ahb@$^c?{*xXEh$?QP^S~YEE59+=nY5v;!0giV)0)0 z6`%%7;uQ%qd(539B*GfD2(EiR(+>xLXdJ+XA978c1znk_6}1SMjo{i7bz%*Zk>*BSZ=mV2AYDkxN|=NsT^3{rN!fG_ z6qcl19qx)5$3n}K@;cx(=Q4)4n1yz@D84O`uOKBXW7FNEl*#91u<=Rbc$rj7(on+= z!1r>_5t1?!>9Vw9k&rYh<{-4b_fi;MNuy&>fZi97&Da=hXzym2Ig)OQ!RlDWU&cg1X2%=d(@PLAbW6@N2Wc5<8yt%If|8)fKaFrDOfGNgg3 zlT9)t;p$wHp>trP$z~b)5QboKybKwkYm*aX=uT*Ka-s~KhVD#GlA#Bn?~;>cXa(4I za(e}Wp`YAAhGs)hkZh5mS7CBVPLUx)N4#}}TXcMRSG~`o8iyLTGL3<-YeYF}W6aNv&)S|oeB8v9&I{gTNcF+#Fbr?rM;*-kc=C&pkqrnu{|!H zqBLEFK8YZxWduiPI|+S$17o*jafH}W=ramT#F8r`QiMK_;@HWT5iq_xrdvKVT-%=S z7g!QS9WAj8$rzX4e)7+ zHkg7f6GbgH+-kE-5e;sv;}fi7s+c&WJ=S5yI;OEY(hc}h2g`IZj%}89#~N>Cd09f@ zK(Iv13{g88E74nKi@ML@sz-6f62US@l+ge6YywNRl!ytK)AJ(8X0eM2-yqO}K&hDU zV|#K8HOct@T>5_oHn7k#OEkoGkQ-Pmc6L((Ps0phnJdQpsXYZi0?=CKiQ2F)%t}Xj9v=S&S|Q*6q*WP;7rYZUD94-VXPvS~}q#Q@hE4FYmzi z{~$4c307yhQ{NqNq8N7y49J=?RllJFx4@KX8fJl77(6Mr=nrCd2=SkT_#KV1G2@Wm z)qxNB08BiXJGRpn;;D_sk^{)_+WiAiCp#$Hr19lI*(p{w*uO%c+9|%wpY@VSOJMN_Tl!$LD|sx(}40 z6r838$*z65hOUAY^tfJzmV+DXktsu^P_CyW zLp2DQWvDmwbkBGh8i;v{mN!BV^i;IG4t!UtqStMpj?_3Anh&z~%HvaZ{2nmSUgPDw zSuid1njk|7(9T{HW#}##24<7&?jFS$D}f?hErw<0QJvqX*lrqb^{xO*>8;fN9XPw* zX&j2fmuIK-zQ(+(Bk$YZ{k6>6vY__f1Efzn;`IJ1aO*wL#P%Xy2MKy#OWkc1{tt8S z0bf5lla4);U{Dt?XKGF|BVq7lf`Lz71$1 zod-w0O=nS^h0xG>NK=|D#yMMK>f5;twx`2GX=Yn%;fHkDFSn&5Lgl+8s+1=XjED6-IH* zX+g>3TZdh2L(}MNI8J<9vELNx{0`*!SOLU1r@>9)+X*1n8Hz&1w--R1GXSm--$4LL z&Rwu@d?x{7vDty1D)+rkm` zMis>;$}LalPw=w%B)Q?~j6kX4d$nkZ5>}(6MR;}}S68c@vB!@HrLs7O!;|AnMY*`d zZZ70Q=y~GHnp@gZA!A6MI>S-j@iV#jNyJvo#iy%};;)yxz0N3Ns}aCFC;hBde4PLmJKMpXmNVxV-C~^q3LNcKkH~!SDapW!eO*^(Fj&5z$5`9oxwTd-c0B;#CKzoee zZYA}hqo_PFIybV2v&dt7y58b?p=_>DM&h@SGWr87DGnWlP9i>AZ#Su}XpW!4l-=8^ z#`!+_`W_BmkcH(Vzdc$h+G4bn9<3GB2Gy3J`sJ_*=r$7V3JODE6CDb2piv~6y)td_ zB&i8=*r(|0lgu%x3SD24IVOeC-fo71e#0yxX}E%ZfI}yhC}=etC253$3Q6Zk)xo&Y zJj3l#%VWh3ZmjBHXd&#q%lZ#kBizw+k6?Q$R#nA`Sf4$Nt+F#B)nQH0SA-8%iPCSs zgby)$Q5Y`V9Ny?>^TN&H?I#p6+#KFsMPm#vR?tDxX%>>ccnGgl(026NJHYz9{ zo|m#oL5GmDl+6ly5_Ot#kAk|Q?@!sHAiB6BWt)QjLW4}XS3&fFdCGkXItGVIxnDse zDQ6ETXdb4#Dcco92jx>9R1lpVN!h6&7nR{*1{3t<*fV9fnHQKR z^Bb`qvs2i1N0IEP$zn_90gUM6&n>j-h zPI+2E6EISwJfooR$?^vjw4cgwP(d@v@`n_(f-Lc@g2utsQ=U^0U2&80yn;rN!J|&x-R8T)E?OO^uO}T#Cv>I=yOUwfiTly0o0pbi8mHAW`@aK&sQ)IWXuYq3A0@b+kmoXT;KK^PUR^| zYJ*WzeazwK77XEi%;9GVhLOyPYEfGWg_}B?i`sxyq^vVak`)rWNhBZ^)6aRaJW4E! zVb-h`?Vb}XVLRb_SuGi|ga%a8i8b2Z4U4hTu57|GIIcc8oT}1cO?xy}tP>OFK};XQ z*d&D=K(pFH#>Oe^2--L*Vr;C!Hlby6NfZ?Z*jj9vV&#I^|4M>+0BbvviS zI(n&?ooLPxu(Ix!uVFRo9?TH*GAr%N2JZ`{m-E%3sd2nQ(y!P

XTEZoC<@&T!MTIkNT~=7#M+;tKY^YC?{L5<`M|^S;HmRLX<`>K^jrkatVZ`*6{@RWvZ6- zJOQQ~O7+`$0!(j(^gD#vrZ}gQ%$)+La{fel+aQ2yXLro4bvYNUbH0XtQomaO^PJC9 zMmGuIM(0-aBKl?lEOt_J)$bAMEO-6^+v!_)o*YFoTLrMe`4cRs%lYdz=iQXfy+XlG z&3cToeV=to9NYc%u59-ZEnx|9J`j1JE7@HgP)-y_k^*#g));oy#0si`KP-$6Wwh8N zZHtzWL^@CFTB4Pdz8#=9=_b7TelNZO-8k*ZT4E>Ka<>|Ks$f%JbtKkP1>Wq?>Fgi8 z|2{A2rAj(kOT0vO+3M8mgtR)F9YXsCk0>^amUx~j<4tGeCYi{CUfSMPY>`^xP2_*4 zo%)M1%PKE_QRDj9*^;&bfM)5Q`f+N32_d?edR8|Gta<8H-z?rY^rAnCX3-W?1to}(c(IG(>P}Qm1nef}gnsx^ez4eg}>m&S8iI)0;7x_s= z-fNOS@gl#Y$a@qy?N^oRBZ8zS_0~sN?DY^_$dnjRoZVSabyZsGS}$_EBC9@2OKriW z=mPREQ<@ElG^{~CTD8zs;?uex|(HswI_;^(?&2g7XucW_#a5V zZ!J1=XEUPHrFV@8*`erPx4;-#ACSdvllhGUvLixru~n6XDHDMhD-NY+FUI4vDY;tG zHv_qWB=?$2Oep|jfM~_p^a;WcQ?gOgmjbz% zB&$tHraTA40Vzp0?kzJV*Gl>?bcGm6o-`$y(hL5SAU>earVs89o097!y^1b5L`Y6D zlq6Fg1mZp^IUbMSOv&|oNwU$DWJ(LTV>9v9PxfKD%PUDq-Y)61iYP`%zGzA^ zWi_xXrDQA~Gfl}mB%Q9JdYL3iTuL&-mqk;Fzn-Bu+G_Oh@Lk+T8^-#@|p*2UM#2!h%=VJxXosOmTpHMTIfOOh8 z$v~^Ek*zkbQ!h=+&uv2UMW-RQc=OUs)EtExY@+5W)L0WWPob_iQS%jQsfk*kP0TOIrP`ieHgHfLhTdHr> z!V}HjZ(XwL{U$qGl4U)ZM~U&n;Y=fXH@eF+nD{ELC*(lNWRO$Sz5_Dz znO1_+O?#&UFfB?#Nc@s!s!nG!IU_u}J65EZm=7=4LlpY3LcdB2fF=t4G^4Z9Xt-)B zhb#K2*%XAV)ietXmB{aa_?UjMmyVq3VG{WgOud^HapAN|33rOw?k=RTlYWSIs-{Os z)OP^SA`H&Q98MqS)Uyv`;yoY*k~h$#ucK3(Q<;mgs}>4Cq$GXF&z&i%6&E-i zRKz{V&u)Z5e@@w=nd@C}yp52fsFdS+(W4y3WcUYD>k!!k{0`oq5t4~2H8CXx6Y`!2 zIlW3fnif%HNGmQz4}OkFRa%G3T+D#nbc8~GPMHF8tpi6RrJ$&k!a|W(x^CuS(z=P( zMdM|To&oPuq}9z-n2s&Sa6#O}53e1%W zjtqpHd0r_<%P7ohe$F&gm?&i@KyDnRu+WcFroddwz(MQnoYh__2+I`pTa6_O*R8H4 z(Q2-@)6qLk(}qq2=@CfLE1;nx0epzasR$Y_z~-7olJqu{w!uivUN*bMj2+^qo}%k< zP+3eWg{ol?8j4Wp&pM3MrYUIdo!;}nTKn)uP{kZlE9uC&-tmZ8kUB;MXyd6MdCst} zRYB$;vARf3eKR6=N7C4)3PRsYJs-(xHkkHkY#}rMkx%Bo1|xkFmP}-s;q4=@lHq{0 zPuJVLv)tg5Wnnbst5!2su8cOu>3AcZvroV19TLUqXVR7$LZQEiC`vgf>LhE_6?JmbEZ{{lW;2oifq6^c%6U5ui6 zo~n}p%`lEMV>LgS1<7qGGhdtGo%vh9xC9}Y$RfidLe&VxImT!<0$Dcj=pb`V7|Qk; zpKPaI;34iQfOltjdg&**_0TH!nG9aMg_w)rSG~xm6*<%-f9OU2S&^G6a*4sd@iG!k zox;F709y4idxX^I8Q-M{^8v=+DCB{&0FwdA8chZk1&hhRdDO`}&D3OI zQLvZ{9K^ErA%ucS<#mJtOH@tU0%=m3DzwcqyX@3t#?w@xcb2TO8-X9ic$zAV%DQ5zu(eP|)KuX{ z;V+c=>}@bWV?X3WWd51p2+I5@Cn)g6p!?#NdNqanNQx zw9$um&nZ)2uG_#t-~8nq^h!ZYJ4AP=(zS@2_Vmw# zL*C8dUX?!5-P@kK#nbKO)nduSCVEvm*!6pRRu=E-d{u(HRr!6YFaC=qEgFRWR^IiSe01CrtwpMH#qE} zzMLg{M|sVf$Wj6#-4P1?MMQ~9KpEDN)nBKSnK4s6N_=-;?~1$;LJLT(KdUUMg8sfz zuPOGf)YSXA;MC)v>Z=9{b1({6yP@7@4o7WR_D{%O6wJ`Sw;q&RneygcSkd;=r07nh zyd4BF?!Ltw)OYpj=aHozj7CM`Yx!hFLef!&)kCkwx3r%Wd_pjALhxx z6^Ub(&wbK-e*Vx;HR!K{#q9ci*mWz})}K>0Xy*C^93LR$%=ha2#2kFcHpV>8&k_Aq z3KwN(5Jle+AQbv@$`qI@0~~1xIgfj#KzHP8d2^sKU#uJcl(`uodsl|QvBBi{%ZKAH z#gSc%;p)5oYW<<{`UC0FtKvdc2hE0g=Zv}T2FC`Cq%yf^@}V zg8ENWmsLun)7gnGw9go&bTQ?6U}quZ)D-yDi0FMUG1j8dX(|2o;Lv;WxlgzgQuOtj zXuPi>@&YA5Y@#3N9;az>ajZrwl4@*X22X8&b-s7or;lzXBP0`9PK{fz$p1Vwwhoq@ zUNicn!7AHlD7^=R9kl~E+s`7IXW}^Bz^+i!m29lC-4{?+SMI*v;u(o<#y(LP6rps0 zcM%pr=thJ>e^%LjDd_K(Cb?b(DcN7>Q>rDHg7fxVAd7Xi3+h}8NZKi{ErZ(1gI zy8nSt)_4^z*V<)rM>_@~=iVW{InzqFfgFqZ{-31n-eqzRdpPmF=*3GNf_plsx$K=~ z{Op0O4yy(sXGD>&>eM2Zr@lRZpt)E{yNU76UGj}%FEui|_d?I7OufX#uV4%h&&I>e$r6q$%C*US?C2YDEvx(7NK`^y$C`F7iQ52WhVg4_v3P%1acs# z0}ygn`di3-76!b7y=FT2yVq`^RM-@;-i^AhzE?SO=Cy%0S>PS8}=N zCdvJvK1CVWSLC08XpmoF>}UM!ini-&1;WRW`H(bsy$YAB+bz@=YT93<`7=M)*Gkht zu7-K%lD2FBap3KUP&ODqEHBAZ_~{w~=5mna|XX+@G{Si&-<+v)9ugi z5TC~9u-eTXmRp%EAL7Hk#9u1%6k*yBvj}OgvM-O=rLxaMlbS$T&Dc49>c0j%#uxHv zw+xnCn!-cW6No&9Q0OlrM!pY0IhDfdPb+0+%v6t&Z&;!C$QPZ8$qGWDKdT)16!do^ z-;2z{)AoP!p3Ov*dS0Q&N}G8$Li%$1Tz}FmTb_yTGKYKW&nDgdsA(Yq^ z`B|Y(n5aJ_YCuNajB3mtgIjvdn(e_+a@MTnoizm_f>}oZ3Z1{5PXEM66ickv>$Z%}{EGn5bMv4agUpTlo@{3I|9akCy&YX(4AeZx5lwX4LTDC}ESW zCevtU;*5+{1(KS#;KLEfZ2z|WL}tb@LOe+3Iv8}f>Not*+m5T+6Sa!z^z>pCCAE1&dGdjEMe zh)>~s$gXxYD2`lBde_mQ6ro3$|BaxgUU~X3$iaHvq7*kPJ(EhnArSqX3gFRBEz^o_Jbxj?0`cbHPUAgG0?^!dOfK1;Mk z663IHe9}(KyOW3!^ulwQBL2cVr`mwTujxSDYDKuH2wLtPl!tOoQ(b%d0CzI_X8qC# z^=i62NE}xlfbJ{2g?;w#&rF zh_X$V*0!w8O%!c=N|4xZwX7XTCx4~}i8BO?prwX1iHe>U)RgwJEo+NYzCu6Q$eFg7 zu}Ar-R|h#>Lhm#558A*=!|EW-4@ld_tX(~WNYSgeY1$j6(#2%bIYG`N7;}ey2+}IZ z-JC}2xd@tw0P_z(rx9G2Z=(-$u*gLy)#;@gSO!ASWusR+z)nCYivaK~C-5sjU6DX8 z2X$FGf$k2pf5z3Ynx894Q%4YXgXa;_)RR_Meq6(P(W(-2Ue-*5%ifazFu@Lnn7 zF-#l*JZ+vJ9PV+<-ntv^*jq1iSjYF|c9QlgE9+9^yH&sy1s-ys!2WN z2q#_0Cg+@*%$p9;WR`(zF>#9H(8nC2m08ywUX&<~L?3fBmx!Z_62-CTV~$P|adJ_j zI2wJ-kth+T7bS}0(Z?KV5^-ixqBtUbTq*r>QKC2|ecTZ%5f>LFiet~m9o;43mqm#K zV+5kNL@cgPOp`kLOT_Z}L~#WAgi_jApD2z&pK!F6hz<3L;wbb9hf5;1)hCMM&?g-E z60x&B@jM;9KB;uEt_#u|Q)De?H)5>1zZ9#fbQ-iGgF0SA{+`vD z5|0XMvKUauOigQpP(l+#`nL#vnwrAEtpKho6}}eObB<>Jt3^jGwUCK-gLs1^+8uu} zHSH^=?%c(T*lo8c?;a-nb-2ZzOGiJDr7AaE;~~m*dQclVDA;)@DRi)_mhdxcEt#lK zkeDLXBF8fjvMh)u46eH-+Xm2;qF#l4Q0jKq0^8Q_3 z%?o+*KH=NOEY5JzO$|}j-p0=zW_HHP(f@N~+X}2Uxq*WVFm2|-o zZ7oBm_83S(Sr{J>QnxYBE6CRuZqE+IDOPB17@RlnHBRl!GSu%3F1u>KGtW~LPwPd$ zLk$!i4>e2ex?I*Xsm!bMM#)RQVFJD3F6rj-0qgIZ9-EKuESy5wr$AA~?RyWu+3%@)XRc0d+2LDkI`$ZmE65bLs3H(MaP z*{^{(hcKqRZXRaXsxxrQZnwx0PG3Pdtg&9*?odZFN-#GYC8oEMqMIp}lFtCKCtGzB ziyiu5IYMdK^ut^8#;6_Xa)gihtq$DIJa%uswP_6tAto(?@4 zGQ}j5cA2rXh!o8`-rPh>{U@hI?I`hDPdlpY<5%Hc?PxyBP&-<6?N!@Rg!lLz>pgzE zwd-zW`3J7`Z9l0`GJ!TEUb>bOZf~x3qcS|?vx=;Ki2)5R!{e~21H5>fT*tg=rmFE? zWpY)cY9a^PcY!#bs~S}k zIoNjYi}@i!;#Qg(gsDa~P=2ToF5x*~s6iMb4qrq#crj3%xQ@p0NCk6CjB@arLi1{g z&16e_5?Xd4q}DI-xY4I$uj)qkn4fSA_vjLCG|+b%ShAg!(HGaLhZ!KF1da1J*>G~d zk~f*!npi(z;3V8Tah%8h|6sg1X3sM_yxeDj0JIp~jo`Wuz;jp=JwPj}JpjIf8y%s=${_%= zM^UN(UISoY)c+lGE!VpM76F)t;Q9=}dx*S>kTMtxk2zcrs~MZmPyOw{CS4~$<5;j& zVdR{KpcRqOy{6E3YCZ1;wjZt-?*h{rlkrQXOPtlwKMQo+pcq?WNNhG*F}9wp7?Wsf zd@iv41B!7an3fV_>37I{BgoAsq9m69{08*J(X8S^jZ$%uR9p^h|AkU93j@ql1Z^xa z>b1&MRV;v?`pcZh zOg;5i0z;mLlA)zwYlptNEsbD901QNA00B7wW*{;hq0nD`+$2!-62Ek;X6&R&=fgn9 z{&G&|9%$OA(m9RDDV5H@5&7La9VPFgbZ7wRir~H;zi`k5ki z8zbV;q1;=}{YAL<7j0ub{g^mS?sizKyDC%}Eq}B$m2k#x&0NB2sm-TI>_A{YDpxzX zo}-EM&R`((l!E6{xtX!lDgIFcZP`F@QUe zkNF6$uK*mIj=luJ^%H>MRdhQX0PAej#!Rdv5r%~VaJ9ytg6lE=MHts@wp`?n>WxTg zF8+je(6qHMwJRUMT9~XBp>#Nai=cETN(q4XC`APKcmO-6OKZHy&-ajhR|N$~7VRXBObNEI6_dGj zcLOPI4!7>%h!oA?*1Zyu<#Xsut&ZHH4*=RXhg)=qxl(5?KYL8(7X1S_E+XWl%{4P4 zTXY~Js72RKzFLc(`CqhXm9S5Xc7KB6FS$WdHu3Wv%FjV!b=|cc^1OE_0&J&CM z>nU{}`{OPsn>NMMqK5~pZKRWD>zPhx(w0u)b7dr&+K=6W=4B60QRjBlCpJp{M&_bJ z25(LA95mo}lky~)mU@=i=>6NJDV)RQ;_W3TH;YS42i!uYGRMV5HZAS^jUI}RW>Lbi z)y8@T3c5UEBe^p`i? z%H0+jS;gM{1V7u*kkyeY1+rTZavr_WV|Q`NsTZiZFkCvZ_6G18*j}Rclln3b%k&~* zSe02NqpaH;5$o33`p>qMuK?0NN=_B9H^g;rdYZhx-PXyP#S~`dZ z-$ih}1Rw!x=2i`K!Ucd8tG=%Y_yj@DXJ`TQ34mLRNH?Ffbb^1hSnaf?+tDz==TdegwLg({s4Xi8nq z>C8r?b~&eWHzFG-9e;Tk1^eg1&~l;c6!R2PdFw?{e%Xg=rTUGGrDPH4Yj&BNS6n zi>Zjo7rS^BXFTcpMOCG$ln#L*e?Y?o(m>QcGfp+B@0pJs8`T#*obIg(g-me)` z!XWm`EaetvteQ)D#vXGowa|`Wi&}|>i7<2!fDA;^2*?C50g-V8Bm!85$kLT$0zYNr zMuDo2;zXBLt3*|-Q6>7lJ*L_9oaiIa^pHyQBqGOEqCX?@qe`^ZDotyFQ0TABH__PZ zRiY}E%TN6;d(6Ws(Z0}>vx*a~L}bz`PIL_-t5$KMuOo7l67^T+qD21%$_0e9o{Uv} z;v%z8Oikqum*!U|ulHFo>7ucGi78A;K6BO4F4i;#8UXxpJ@4}FT*1XE**?>Y_w|_` z-nbg(owri)&YtDrE!pM;XzAN&H+oMXZ&H%!=%B@(z&P6F>L+%$_5_Lp8~tvx3*Z{s zf$ArAv-SjzrroT3v5R#eQ0!u5h~2A$fnxV6zb8$B4h4!`s|>L%_N)Z*>6#1uxj?Z? zl~Jzg&j*Ilh2Qdc$>Bh;rImk~-YC2vfjrvO$X`X7_$E;N;D9>S5o1@!Pdd=PR+1{s zBrZ)-V0%%TZjvfqwe}a8NeayKlqM-~q$rKZK_8i@mfo2*Y0ubLC9P>m zs0Yojq0QN!Z6WeJj`$YB8W`er=!GHt%cD+19tP?b=>6#eLna)r;PeahuK8Poi~sr@ zS^RGeFaP+~NbwZ^Tf@sgzBSxbd|Bcj4X+aaWJoU%hWXhLhLI)y#gHYw5DVZ}2E^xt zzeylNd}jAM1Hxo~FxxG(~{wpV2ZHG zgI}~1mj-EPlc%NfXiY7RoMrPqPQ?&7_M05pJ{;L5$LprrTpOP!`@}@`S1J8v>KW*x zXQ0x=@o>&l}EARqR!$#YM6`6gPkh`au-oUPdDTVH1+efZ}Qbe`eyyyJoPFh-4KT^W2XB=(HEF}T|?JOn37Dn4%o6aLh_<67ot+Kzog#<+Io_V zwJ1rZyantrDOn8KZc{Q((t{hZUTvgPTBamZ@`3Fue(*hcuSH4aOWH!2NrW8{i z0Ct=FnfP=%JFUmDXXww(SJ&di8D7`o#2H@K;=~!|wK(0RXXIthS69aLF!&akp(ZLp zp(dKBM1`7dqLLJ9xryqjP@7CtFNJ#4L?s(Om(;inbx95V5TV`{B~w4x-OqDLP45ND z-`g7ED9Blu<3ohhuFOQ2)HoM-HimmLp1SCc9{fO4sd-6FdIwA!^&r)!S1eE_4Kg|l zlZswF$jFj!DSK1bc_u(|kDny94XQA+N>dt{)iVL2Y38p*ov&4IDbEBX5ppRIi`J?a zl4k?dkstXA>vIXe4Th5lV=87&()4oy<_kz0X*#dq@$y{JKLf-Ml33PGNfg&*ei0!0 zddu1&se3q^jbIpigZFDlhjoZ&%Mah}VxlF+iog=?1w+ zxOTi&Vr4_nyT-Kc3|!>}SsFBa zBg%-7MK|EfHjwDE|}w zTtvt!r#V-=Ont^SIvoTg{e+v|T_SJ14+-6;&TG68pjY$n*=H{X;>*QQjM-sYKordm zUwi12<%fcGIBKO6Bd2fKEiY2<+0_Hl8)x_rF z5UwLypKe%m#pYr;lYLgKST7G^>yPGVc)hB@#{M?XUX?m&_CUlAn52Kv?!-)*bLTFpsnD z97M7nXWf;EOhPF1m-lSoEacqM*38(&KAY|0gOhuiPH*^bR&@C(5q+pm{U;4PeMfuL zY`=<{2~6JtHP0?K_Zm~Xuv5`4#k-5uPDNU&7n(OOhWt1|;+jm9&w?e&Z(fuhaXU)7 zj!Ns#DgB1Io&m>xgq)y>ett8g2V?U2xywx9RVn)q$bC#H_;bn>n9KSE;s`l?y;2Z+ zRoO}C2rUij^x3fhG0{l?Z)b$UCG0`#+}>K5Yc)7-C9R6;$+yDn;O8VWh2v883CKN0 zDct49$=8iYuG8Q+MJep?O2MS*IOqyk;f;Sm!|zY9H>N)cEl;vH zjz?tdlQcnW%e_t`pj)5h9kOwLT7Pfg9_T1IUO~uF6tf4)V+8d;{cpP3+q{7*6fm6K z_G<6*RMI|ORT14a)QYRnqV1(I?4^LvJE@@U>5V3`^bJBy#~dJ5a1uTqu+Ll%{ohN}V{0 zwYq3Peiw-22z~3Su{Q2tmDg_XL-&M`RYUtO9VK!N5H}+XIn8N($a$4FhCa4b*d%@%AG9cZ~=F`b>`&ZT05lWnD*Crkp7dcpTU8m33`_HJI zOrZEF0NT~~(;|%8Urf0EwDc5vG8OYM{m`u5pD9_b>N6#JU8!%faEkP0HR;)85ntBz z7gsiIvZRVhvAF!`9*f+l5O*eRkwAvX<5r8;PRBL|#3fAkGSH0<2;IlP9dumnehDP@ zj|K36g|Bcr$=@5vZH^x-dLDi5E_42bMXtE>=sRnsFx&%|Iv+6+6}< zw&lKi8q>w6spVk-GH1CuEnR7eqMwSGd_dDG5K5+HORaQfc*Gh8^w;I#9&y=4EPo0x zq$yL~{A`b0^c7#;Etbx*8VXk)pbm(>z*{1buK{u70Nu{)Cw_6c>J64jN6`;rC;?~A zz-+(Xpd}+{gFR%0>~e2ZZzPr84|aRKNO^{h_9c+zPpV>NZo(RKg(}*}4%PB}>WJYN zip6yvBen9QChss!o4vx*^Q8X86k6onzJj~=P;+0tXO1Vu5oTR+rsP#2>DSYydt23Q zSXQbvcUz0t(~ujX?YOB=r4K^dTf94<&dNmwb)oIq%Q_!h<=#_WdJ7L(wo0ukFYDra zp#&JW<3V{d>(BBxJf8#jAVO9gbt=C|ow?<4N^&6uO2ix*eA~5N_x96`x_XVUH5Ool(sbF> z)S$QUXj;meVhOm}N7E`(QwZ%8&tyaBbTpQR+?jeO@iDvjsCcH{ON`?pg_(N3)U$)$ zNYv@x--yrG)tiy@R-|o;${>A{NwqXZZzk+NaW(n&1dw&w4emdoyqrMsb#xwmK`Dou za^1TlFW1d(UQj3bP$wy>mR>*ub&)C(U3(xCDAGGn0vR?8OtXbc)_ieEGejm7t3)y!;6S^p>q&OD`hD(Mt3y zQ#4wdMRGTn+yi78TFT!d&tFfq)JhidI{%LX$7rOX*uKUEk7SyLpK$HW9F-xR)tVGohf|efezCQxsh=<^Ya`@^@Y@W zNUTN3S;7=kWHlr1;%9Utz3+#}(_r66BJ2G`dQn*wyM>PXiw$&9n9m^a(W_j{8CPeCw(z^=q52LcWX+L}$>v@Qu8!7q8AUp@&LkN}IuPmpVw#^@B{6T)6B*_IJ zd=9D45OVhWW!z0$>n}6%7(WA1L$2FEu)n5hHiVql{KaVd{S+fVmgYV!UafugOGERU&h_^a|O3E@?L)Ck=Ps%!jGW_5pp*Ai_uRSJj}@b{Jeq0=oYBn z$LKfoAhyR}jDGguFe8ug^KlZ}48pY#8BJnG{Ke>}5l%7kQ+|F$VtYVX0+D(W`^aC6 zem>zFMqcJ;?Co^w9fSuV@&Jil^cSO_SkTyC9sDdMvG+iD10t`Hn9~{$lh~4c!=-%+Dhv_B-i2u4xg+X-B|MY&89x!(nQMLCK;S7N`bx zMKh#1j(Szo=xK(F?tm9wL-QZ#PeT|w96&uHvk{6&YO&(h=(j&<`ZGld{RE!NN+|XO z=9CB}H?sg;s-vY%W$0&f7C#c%p_PHkhPrtG*`X^Sh7JX7#tFKJi?;rd=9@?_Eswd( zk2c>iKfoOFC2I<0o_~{o<}dJ?DUd?RD`txsOH&zH5TuVmPKqffW%Ipw6-Qc}zw+az zaxLv2oE`I9(GN^w1x*vG`Qzc(G_&AzDQGd>bs_$^?!lj;lUR)+jDC1E{R|wi^iq2{ zFiR0!PXjoD$nyv(w7GRVYc3flQ)&NAbJI-Xb;f+o z&jFBeeXyFYMnwc6=TpD0<=sa>wR16=^K&7Iy$-?{h?J3-qL?4qA5?jLRMWPK`%p*F zuXPQR#~DzyoIwz~8{mgjp^LZ6?>y9#J|8&!+-)}^j_kwmiGO-Aun66tD ze_YSv&n<7G-*}ro(ExBG%ipT>Yyj6AAiNEZlL$GtdX++an@q`WQ+22n(}e$MkiKuD zcS0h4;~h==@ooAJ2Ry?l>0b1bTFF|a?D3$`DFt-$dT1&Bz5O8k8pyT;~D&fXH_Ur9Z5o-{C{vHqtkC0J^=W zX>kZS(dmA*_C0HjK&=&TWJARA7Q$aDiz~g3ucyAsSb7hzI2wOU5s}&`hK33rmD~s-D!$eki8rEL*wL3(?w`EV<;KD3?(jnk8OV$ zk#p~{?SJW`Z2ybDJZ%5n-E8}ZPGKp3icWO;aS7Z16O^;3*!Jz-*R<9MZnAxJrZ4-! zySX09z)^~j(>>GI?@|LZJ@s(V{P*5?B{z7Fy*5_gB<&tok16+a6gG80X&3+!H^tFG~BQc^#S%9&8r)?1pGBH`IsE4Vj4+cd( zxmgV?G^{ClE*?VYdl`LnDIj23<$NZR$rfrUTgbG3M0>L&pIa`zi8?FtrLmeGzHBRqfGf z;(X56LHa8XGxv*UFaVulJw4810`M89F!vm-DLL(a=g}FSr`c~4`oIMk%Re>kYhc`T zQ{F?Iz)60dzXx26Ap8QZpAgcXVG3WXjVh6sYSTM|Qo6qGBorUnN_SV%*VtcZT1$i? zy2|wGbPRwy5LxpD9qwvMC(%g~&_BN5i;9&Rn>Jo- z#|MSlw(`}D$zP)EU-BJ`4T#+MC7nxa%GWiX0QAO}tR^j2RQqAebklAAqN1p-A z@`xe`&)#F+)=^3~C&q?i4tyW7e?Ndfkod)~=>A;*b6Dvk{G7NAT#td!@HIvwgwp2# zjE8&@QJx2I0NAGyavt%@5KXmH8yG?TLg6;Qe&J3gs{M14NTHp&gSjfND%P$q8_*ft za`L^fTi|V2(j&=FzV-*&0%-XSh6seA;Q-u-j6iUA2k>t{g-KB6>H)$!aIF4@u4)F* zh|)D7N*@5P1A7!9N6DyH)oD!_k@F~bJ2#jYmhhX|&p5dva1`F_sgPlMik9}P7turL z$?dEME4OKfX&G)+Rx3h9U6TamJqSV;6i=nce zExV5!$V%`m`<5HX%ZMB%HN+;`*&l#@`u`Zp79cVZ zq0nDMw!g6q{ayP@XC9y5ZxAhFDZBX!eu{QD3#rYxAmFr}{d~QP8b~Q!!x|%blxu3dP>J7h#gCXS1_Vb5Qy0&vMw0}UX^#Jm~ zmW$xNl_>os`!;^gBCfR{+z5^Zr119s9);p!>s-Z(;@@(==jf%I@$@@0Tkn^qpvq^_8LBF!s( zdBHVZR=O7^e}}XM0~iOs>kvlAFvZoJyakvB(hxDwPlKB-Gga8`{OqwEa$P}q2r@em z%2Kbw&skyK81y-lsk1$>-M6z%wXo@E0`kwRBwFj0XwWsDL`&9t0|&f; z_ZhhEQ97>50Nn%J>p{~cOEL#~Bs4eO&^wPCW+OjWQd@i%giA2vzo@F0G9{Cz)(bCk zS;Xs7F-a++EqR^YUDwXgTZQc4@K>R0XlsyK{7ciCA*9)uXS&zqvxr_osb*+sp>#Ag zI=J18z>i3lJ6} z`S}PXfA#nBoNjp@&v}2x6`nJc$#g%TzVoWN<1t&Mr!LC;4=$vY(ml%6u+8t3F$aMC z$kY=ErOg2B1!Wddq5*sl>;s1LI`*|v%$HP}tLLVkm zKR4{*tC?3T>EF+*hO4}R^ZmS%UE^K%2fXV3fh&?td+%>+6#ojg875K~}@23XM*9WO%DOM2LJU8kP~r;vJQ44{Lp zF_lF~9Za-GEt*ClqbKQkCEYlF!fcE}i;<)!p_!&pXg`DW z{D9;rqzos{-Q2@vm-%3XkSWdZ*Qw<6xt6U+RkV+K7`n0%6V@)?1hls%^)?yv4W(~ z&PA+WVn2WX%s@6H;3TAkOGAmw-EdsnW4~rY&eJ~qR{RUvge3W9!8lc zq!bY`wk67o5c9Sr8pPL7s}x#wqukcQb0}m#BqW!^0Vu>DBj`|PbVPK^LK!9bJn}*z zwJp_bY74{=V)_M;Qx1i9P>6XhkP_*OtWjtYMTs0ifhojn6TI~>2Zg3hgdg4?0~;VT zJum$EEjo9D(4sk+B@-R!hItG^_5dSH)5G*mO(KG=O(G;5OpRY0o0jNm@O>A{1LbUs(0A%?aPH9VrRtcg=<7wu=A_N<7D(ILdAR2`#z^3lmVRZZ(0 z;!~Afyk&!fLxP>bl(V>KpB!`zKo0y()h$Y+0;1i(Gb|#dPazPDM7|GSuZ2ZJQ6h0yL{AcM+FICDDN2|4eX|<%1xO9u$Gl9 z80>tEi`1_56oo40I+-GgkG+aRVRbBA4ua!bvvyDUCKybc=xtBwP32xiA$XE3B^RwC zft8tNuax}j$s&_YSpiO=WT^a8DKFHMO-stgy2P3(iIXbk)XkbzRa;TlBQ3FJ)~ve3*|jx^ zRZ}M>PA)G`oR^k5F4fheree~R33WZHrp}x_FEK4~>df-0*^??X!OB45#Hn?)J{XzA zxT!PiDr#mt1D^|wF>mqS%{*@$he9^!MKW=nyRU_b&?IhOs37A3G5^ppIlLg zjIs9#miJ4SUTVCVMf;iQT1ghsxnNT}L#V1uvoIP0r6X(}eOsJ`uFyC90khR_j6s>&L zqzZ3T)vTG5QLLJZ>KYHiM+rQ@8?LOHHKEQMQ9g?tXP!5zX2Q(L6}}~(F{{QWZ*{XF ztmkEslEc$^UEhx z*FuW|YwIS|F;G`Cp}b<^g!1W}c-7Q$AKCJXDj%~=g{OPNlPhL=gL5k;Os}b^ywW#n zE3TK|%n36pYO5#srGnZluT|ND6VIxtHH%+6yV~QWvMJTfo~gj9sg)Jw^UGD?$}8qf zU?+pSnPL;G>ZZ<=ru3v}T8G-11SU+ZC5w19iSh|mRon(OL)RP@bwz~rnIPRTBJfW) zbX${H!^pK2XqEuoO@A8bk8b|4ZLvk@|2L?W|0k&^cSNRP0JPZJh`)8>F9`BUe-%Ty zhoMnK!~PEm`{J(IwnEJw-jn;CW+Jl{GWM4L6(ZG;GLcBTB5aLP zhoIW*qJqOjyiryz{k4Z1q1L&S&Cmp!_29x&R1oB&snK$|5qb^sHaNlvjWAjwpOLZ% z;Wpj$l?GAqx@|K3C0EcR&6s2pY1s>muu>!3I?-(e+3ayfs4W@^M_D5Z45JUSTxP_P zschD=1hT6GK&XAN;V1?B7;ra-1?Rhs@XCer5I zeJk>0M9Ew+GK-?{ zmKyEEbF$G1Ew1w*qf_>^MrZ4SN~6;-Bf8Y+VO@}Er1v#?XZI>zGU<&e|!{-)$46 z+fMbkZK$;=+`(GwZa_4o@n`{gKKbt{)hbSTDJFH9f7c33b)?N6e$;G7ko+QY3yJEs zP>jCWwz8Y3wUTSXC5*OkZ5!rO>Ix$3lh^D2Gq?JXCfaN2g+y{ir(_eoiY-(8l^sn3 zMijH*OLDZWuG37vVM#5QA>MYb>Z;AVTOT042BDpjc~2>ON!WG#n2kWhX{U$tqM9{ zUPOKzC0dM~y5ZM^F`NyEt}ml5&-%D7dsi4|taX7Kv8GC8GZl%Jk--XML{JCqJ#H@r z&uAkBt*wT7YGzBJu@UZLJ0Q9e8`ztQr_S(ehF!r>k%ni}G9#_jXeBFK=A_I_gBY4+ zc`-Ee48Dq|EuO8n_@HP2iS|X2X55Fx*AE+3d%}7}%T`W{W}C0mBHR+cQNiM%c!p78g)0hWpxe_CZyz z9s{fVRe4W)wir%1aO;WWv&-vGaj$IsWYG_HS+6@pz20P`2?a3Nh?=&_sY#xy`v*(6vVM0mw#3qnM%EW9@r%y%OS>Tk1V+)@gQ3 zU1Pv-s1EsTMoqcEu%oZA&1El@ZWdCB=pnJ#42Get`|6NO#4}?BK=a?HfM{Hxi-|0G zad%7z3cMzXqvfRWCc{}ujfJvNaE@~IF9RBF_6~+4-gYmPJZ87Y%Jpm{4+}wE#PlB7 z>Q50ohZ%NiUpHUTi^=EX?CN&aCf7l3s2Fu6{KnNgEt-pkS-XfZk;OiF|@+8PEFWdVym;!P;YIa3)BQmFRUX(dv`?mkKsn-0Xc-*tf`_y z388jWOU)=mw4z$k&aKm^tBRC;&Y@Xw@(AgwyA1sql<`i&!&D(-X)FmnKs8V&X4+VG z1qo01QPu>FRP@|pB*_Psfb&I%5+cVJ*>_%!pfv;{=edVjFMJ||iYtc$|F!E6MklfU z9j6=ZC?XeNvBE}W+_|lj)oV?JVXVUojL=d75>U)xG%-mOB_5VQy$U8hgPA*3bdh7l zRH!|fXDpegeI3b-r6J)CqO>MTIZ;|?5~VzWOc5@JRRf+Soo1f>N0Avlu~LjC^Xp_X zV!{5Dv`vA4EM$*^q&kRH&mq-8LiL;kH_yiTgpBo*Q0b-)>VBITt?apmbBmF%#fUg2 zwkYPn%}9-CS9M0`UC7lQx$J9D-8ft~M9lTt*z`=d!ZuQydrKobY^@hgq+8#rqSPXz zr3;*+Zl(naMY8tc)B$1u&_$=9Tkq6$_|`uc{eXU4_68?O+8QMW9L$ldn`mBaJzrHI zme8Aoq}#~G=!mBA1UHS{5tJE>i7+;@?WR~3FN<#%^Pi}jjJBnK(1j=1+?9|KJr4NR zia`@8pRKA>eQhTic`nI57F9IZ$g}qWR45!K1dIIGe1LsPS3xE66)iMb*F@+%Mq|{m z4*zfLK?%>;;wf<^@@Ty&5~bXN9tTCV=94~@Exa*vixGAUPzShUum(4pu>)e}6t>Ig zSZ8D$*d-dUm|mc}6q7gmI^y`4Dh>v;SvrPWuSGxI&eM!gW^0)!N7xT!lZH%MHNH@# z@1hhgN9df`%!Z6!XbDNgpd5|mbHLUdYOfV%HQT8%n6tRTZS0z2V1)21`(PD`?s5z%0 z+93O0H0*oiu#Gz3Wwf#W8BTe4Kf>EI&FrrOcR+M^p$Cm-OU#K&7^a%QV&zR6Y0UJSeO-6}BE7g$ zcZ+6=X`!_mRp_wxgWYz{*oC?97Mt~Yot~uVY2-l)*xQlBDWgSmsBRFpjVvSEdK%MI z!k(hNiA&SP9**@vZjsT}Gny{?h}P~ai}QmlPMLRcFrrbGPnj;+K0-|MY!RwuLh&h@ zoD*}l zDmhbvcMUe8Dr^auT!z`A1a6D%9IS&(?S(V{y3pPrr*-(pi`^irgNB2-byR#urWnHs zEFemzq#%YVDNPB*>~Ql8(HF#sK7OsRY)qZkI?no8IQ2MaF?O*eDuT@E8N$UQ<@WDE zBba8Oi70lXD0ilq649i&D8f{1r&f&Q!gaAVJQ4BlW{7P}_^Vq=*1=#Z3i^69iO_2> zuNLFYr!yKj1=PV-VD6V4D@uO9nEtUT)I7Hq?rsgSQ&(QwK+yuDrQCq-Nn_M0B>V{# zER)uUYO0GVON4ZJtRBpTg!6&3bb<)xhsF>?HNEGH(>`H|#d2{%RRBNcBGj<~n*E zKkeE4rs1GKG__7?G$O4nDvjV>a<53N?F)?dM*;5TS@d9@tllNZA6hQIDQ1!8!~ukL zqTPkqj`1vQFt`781aA>z6(d9oq#3IlUW(4kR!M0`sgW3~XKJ8WNYY4!e8D(f8>LX4 z=nJGR$=9q+L1-jjv1M)*y@h!BMgQz|q7@Jht5Tcw*)ZLDT$6JWcn8g7M1tpNtrUHg zn!0ibKjk%Pv0Fcmlv@wlF6gw2=JWV8p4T9LkT|VJgijods*8;+kRX-S`ng36v>3vz zN$yM<^J#)c#V!!#g=)D8gfNVYGah#B~cqh4$;(? z`ZV>c{jpSTC7DY2MzMZ{&k~on->x<1{7rpev5=s?IEy=?wY0fezyRjk*3bUGlm<v1Y6g1E1%$n_ro14Qi{|Vrw+5sTz(PVZ&*>9cMo!Hn`v$FM4`O|9UVn zbsh{QaLU(+_Dn%OK!0f#X}v~FX^)zXRJCS@?Sv>&^z$HXp;EbJd2C{ezj-FD?%_?3 z*ULF^c%9jog8Zg-O4kn%GY$XN0$r8BB@1A4($cqJQ!u0Q#U`&zqc6jAA5@e8a4MsiLyHyq)jYw zn6&(BhHOl`sHX<9(Pq}G&C)F#Uj9y)939eiA!g|IlmCmoH-V3%I2MOzHC|ah02yN& zFoytRPTP`iKm^^S65e8chAnKlLM(I zN9TqyY-_rSz>k`56CT(e=RZm*^$}%=80@8FI=)5wv+ihJ64HV2-nq@(Q&QJs{5Fl+{;R6Z*4IKnU9VM zc*jIK-~J}CoKCoROsu45%rxIt&+;@t`*nieyL007GJHP8?Rbeh3breeqH#G{c8rJp zl2Ugx-A(UV&JI?~ma$;IbUZy^WWG7zrk9h&$l)wd-Nd(Tcux&F;_(M|)DvLCZVS`I zWVXF|#DepJN1a3M?Qr5Wk0RrYgb+v20?%|0FCoUZoJ}O-WGpp6-105dEpKH9?*aFz ztJor(VCtD6m*lXse@*v?Y1uEhe8Y!rm->%CpV5h9mpEvmb>eN#-_DLgirjZLY-g5K zv|MaLz}!I>V{6&uapsRmBih)>Ks{Yoy5G90p2QgRn1W0e1EihbBvH_)0ws*1`-0pP zeFhIyP|P5my-G@`hc5{f{8PNWcp}86B>F97#cj!pY-xV1#IqqstJn_Dd8}amsic^O zyEl&~q90#$+OgD1zw6W=v^=Az&PTCP%2!A1%!qlYO>~o-ngTK0(R5MIDBov)54e*8 zB`i)HThE8i%~#cn?k7{XyO(J5_{RE|g6z2@x}{`1Xu@oY-O? zVbi7OBvij2kJ+2SQ@Km27L`7^px-X;>U?_6TZEjHG716A??W#bgFc} zaMgC=C5cwHxpZl9822lm?`LMjLM$HHv8~N(0?K$S=FtbCjw{3^mBcId2a2=VN}|-D zdpock@7~d0GEg67G1J6)Xz;~ElST873{E*BUlA8eMHGF+Y?UABxhAQqu8Z^3<&L4p zBY(M)dLd?#rNSQR-mLp6H^4W`$ZB`aWJclL^2haaBeWd9qzInTeH1Uev zCEJOGm%PO`VR^63p<+x}PDbh@w-ERvFmdd1HX+Z#nO+x47AFDrolY2Wj@hq2FYq zFD7y0VMma8r+0alt*3wPs0Lb3h27b&mPb3ZzPRKpA%A^6r6S%+BIu|IlfDnSzjE*Z z%N<2WL6AL&6J%REY}1A#O4vGR2*0_V`9ZoD{lb+2_JGt*m(Ib@U5N+T^(=P$rV9tz z%pct{bfmM@5o-k&?tlWW;bA1x05lI&N{^1#2Oi@+sofE(KujegX0!vE9?3K(lvYAb z3e<|M#NQuN{2Y$R;4w{lRb;&Q-aUo+=g|Q+)&dXHKQB?1q{5=qPc=6`0JH2Zu+5w+ zrV_Xd4Hj%ey;-MA&kt#x?ziZO8v9n>fU4JqS0h>T(5>p;0WnAmW}L;U|I>G<*40rY9oC;7H=~ zN{@xju0+zvbo$`-o(N!b#*rebLT@^rc`8PEQ(=^FO! zreI{khEY8yu7tV1w=%>|S5b9NpidqWy$l3PDp_bUx)PR-Tj+sa1_MuO+;5Ln_g2^$H#;ZYl3`Cv@GaOA z-QSIsE65|NIl%zjXSdl_`xyQ_(Iis$HNi<&Q?eT~ZAdo5eUClIcJp`E6ZXBGX8RmA0X8_2M6Po<{o9=)4x zceT;Q)PlUdUAoQ1AIxH#uyl8pozyI=x3%i50LJ3Cu>?5Y7n z@Idf%cl=uXyt3h@!`s@|U**X;t0A6NVoJ^GYX`<1i7;casX3@x`q#<}*H(k1pKMI=A z&L0wTd#2Mz&!*F@lyO&!?Ts<+=(gYq1MCp{d%<%F=IHIg@$Q&S!Kv=J`ufV{B$HyN zioNxu(}+JG7@*PdVa3-|jlLvCIo-mfJ2j;xC()s-oN%sSTV8Ec2gkrVp@H?rRI)MSBf$x5fA)HiU=?Z2{T7Q6T_W#f!4IR(z>#jarw7r#O$2s|C#WtX>9mx+qvx9t_G(d&i8VHmeS)3)& z&%FV5?&99+2Ka$1+cBk^r0zg)_GWrMGka6}dH$e}tSJKUgs2IvjsFF*96F1W4@n^cm zTt+Oa=v4a1*b{J&=~mDHiYJ7igg-w3#g`4k*5A3m-mYW^vCX!_SS< z$vVNE5t&>{DvQT!j%WL0!8+oR=tMPsIg8hi;qm$ecklZ8t;&p5Lfyo+63SdbpOJWd zeIT378qS8D;e4TldPDll1mdj57UzP&X+-&T^a*9CDmZn3j-f}OvDXEs{$7D7{T;oIPSe zN7pzvTQZ$YO+>(_H%JNV=_4dR?Q1JJvYtLT&732d_HZ^%ifZ3L%q1@x|0G0pk@lq8fUAq<8cN5Vc>1RIe zw`}H|>K=E%X#Ybvy-h9on5xLB18=##XNF8 z(Kch3p2AzMLw zhPq>ehGIK)?tMWv8U6Lj?QH1nrYHGiXzif$?g8Qwp16`dEjQx;-+4cZZoieBoc{;| zf1+qBdy@Uh{s7;^##6K-+;s!|R|A7Z{3)GdxJNywgf9Ba-S@8|6^(M+={er-oax!% zIot7AYg2I2^UM)u`RcVkc*F~|mU0iInPYx{4G)0!#X|pnC&5U_6R%PaGB; z?T)6;l=Zws9~~P_&$oKA!O}G}mSVv=-=HXC8x(#U6D3FSIE$V~@u#$jD2G*E44V}E z$HIMOC6ACACk9KG1_Lw8irpth?q-Kpbc#6o=Aio9A~=tuN6W<>gq@vVo$Dx1R`VYf zUxEi6fwDGUE?EIpZlXH~0s6x(_}RyCG_GhZgNI3!=SqU?vFsohpZ-X%I472`?6(N{ zDC!(0s;FD|uMQ~cqqxxH&(j5iC6j&@9JPV=!}x28$N!`F8rY|1r(#&ZC2TD+LBWlJ zl~ceSHN7ZEJU@LSN+#BsbwYj1;z=*k*By7-GVIM5ULu*uCSsk5E8?x>w#Q!DL0<#n zc*+}K950v5W#X+folHwCnT)3?T~9oni8~&BB}g*mkUxwqo}}fbJ^C&ZkG|4_{Oih) zqL=ixc&pfJGFGRuOH;XI>k|4h4!E---p8}qZm&I_jb*cVhf2$DW!BLGyPRCMZN8Ii z_F}EAtVP*yJiC~_6o$8qzl$T|HTRLmwZ?m$RI`_kx3wf``y=$FDx8iK7t3ULktj87 zEQeVG2*aXSCccKfPlR)Ep%!K`@pLwkN=nI+-JL{rq^9n8EbFw!+hV!SY+KT~e0^(% zwknn(|MyYFhWZv#fON%0=~#Dnyfqr@%z;p(SzWPgI??NO5%xrPXCFm%W;zmWS+$y$ zRI-IsL&{BLyms1K9jSD-IoC$XyHo4qX(!g%nOg6q(q5uHnM%jKWGv~#y1ZC2-kWvk zyG*>cbgYZEs4CvsskW|~s4YqQK(wzVL%L&mc+F~Wb!;^i16t{M@nlaTok}__xpbUx z_Ry9vsc5egqjEBdZfbr|a=4F_+j~(golGR#DK44o61@R!3iVa9*Q!kZ2Hn3 z!n`Kz)y8A3orz?8DKTH#$!Tfqpclij)Og{jo#{G~EpCLT+-ba*YX zmJXr0H7FIDWgFE-Gclr!L-gQv#}es`*Fg(m`V7U$AX-8#jw;0SQf+ObjgeTh7$WJk zM~dTyNb+_3HAUXyI8EvzOXrhDXQ_>mo+2fA&53La8Do@o6?>9b@}V}} z)|pCCuhNrfjYIup6o#pdF@;4sh-|G(sYMgj)BYn&I9g!*)W+6Rr7MlgPkmMN?JXxJO^=#2OMw z=i*`Z!Y8$7g_mR#SvJ;8y?utbA)8BQQ(0H6uQ~3m%cY2j%?bKuFPs*{=&GXnYso^t z0=lI$m5F=o4Pvw_qw#bzLGS_8mQGy}Pde-A_*>_(H(imjoV|hxk5gt#C-E1ok@Q_= z)H6s=2eLEA(~ai6G@a_A0R2asm6diIBFZIwwm9BR%!u_88U--{)<49t%Koe+o*>Z` zM;bbTdSt?G&vrP~VQ+Euvg!yIj2L7z5nnHcJ(-@UH>qZGxJTxCBB=BSybaM<8dT&_ zj%2Jo-nuB))`ote#Us57FAj64wZ+m|aA`|ZX)@cfxttjbvw7-&NTujXGhUK7cqi3O z_}cS4I_iR(-%8?BbKPKsa!^w5-bb}U-?rtj8Q3E;6(w1nO2Vw$p6FyRF7uerB*sa! z&Ef*=J9JmVtu3qa>XH!>EL~2^#_5r}V=e<20}U~_LF9D>$jJ?}mHQfpz3MOB2M(0Q z8Du1Nbj7oY7S2HAqH_tgSR%JDSSm<-5fMh6#d#kH-&38;bQ5ZBup|Vbp=_QxUka#BET1F~QtCk3p5Dqrl z+pU*1_s*IXBUHpjNIS{o!d*)@@0MIMnG+M;INw%h77Dk_)kfd+=dnNZ{fsmapze(t zsK=~bac)%Pr4Uci!s?REG{#+-B9idJn0l&{Yzz^9Mbt_n=q&L8Wa6en9p^GSJJJ{V zwY3rTL1`pbq~17{UecS$vY3bZ5biEB${gS3q;gpjr7$;;NV2%ziIFaWSJrhVnrUay z*ZLV@K_;6bKEd&5n9@e(TKb|(9;tLO=c>#NEPhodh^5Q{k_d$t70a|F5*{f!*3G6D zs&T1pIvBwhdNsL39Bh(!0uoInS<8g|dDyl*Q`IIgKKaoIaqespJ%#&--|qr_LAby? zDXDcS@kadqVjic92uw978u~jVC}4{sesd+6K|otw#KK_e%uo-;0!kt-Rl?$2R~MZn zs`$$hMc74*f(^~wsKhdAfltBiybqM!R zT@bT!e+`BNGbve-D3fz{HVuoCF7D&m9J`d849&vOWn-=<%?vS2-59ooX<~JJJ@p1` zMZvXB)^^qOWtUxK0U;wK7}aDrJIx8<;z$eI$%rA%?@94VjIUz&oG&LzVWA#1G;(hV zncp#{1cTSrv@pYh;+BqF@^TUM=SQX7u848B5=HajLHvAooGyM^`kdxAx)A04B^Hjf z!EGc;?(pcKBEbh8lk^>^bfwFe&D7VWQ~92isFuA6(j!BRt<5r2T++#04}Elq(WHLvz5LIwTn!iWI|^4B`4N}Xm!#DqAO(s zzX~#JD8?|%XpWOG*GUoUYNO`Y>QF)3V_nF_BTd;E1!hAVZ30=l}&}F1S ztjlmfQN!pJ3zXV;CY4LK#Fd3gGTu%`c#k?nt6AK@bjqiBsuQx9VDSWMi7hWzbN>Rt zGM{U>o6acZ(XmNpu2^R#uI{lc3{zqGIP@~mdt}8#)Q|p>Rzh7SR=Ng|T^Udfm5G_p z3^LkgbSJu}rQ_?SHRs6UXIf(3?74lpt{&vm3xTHal`Nl6g&V3RW=ZT_Y^J4go#v65 zk_3HZ8AFy4BwW0LgsLDc31xaAj-di%Nn}P`M>ic3JmRDAu&S4fsxDku%V!MYo4UI5 zTvJyknLT5CO-^Q@{NMna!kV=>-bqzL#AWW8+2j&BBJ0H5Bd5-AXDZKkP-Wxdy*19? z+sn+QO89Xeee$WCx{aA$1({xng{M7-rw*T7g-hj8#`+F2TG(rU9WO&Sz##r2UdnI` zV63P&>7M8SwQr!%EiJxbLAQ(8mWQxSwm;AkSC!Qk%Vc2?@evC9T%DbX?o1+skyb02 zwH%Kbke8-gam?j;?3K@~E2xUel85}y7M{diu}um8y%h)F_3d?usF2LYbgzN=G_eX} zMewOV1I`DsVy@$^1jBxH3Lt7?Q*@aK!}PyS1Tx`-KX4=Y@Uwl_eaT+A7!31&t|l4hY0{(wS+=g{gVUV`dD?IPf>v z4DQ`!#Hj4Er>Hkf$JVoepT)ba@sA=OgioeD^H5V#u)C>Xb^e+t&n3JI66*foP_$EqD#MM+KU9t4#${u!{O=pg}*_yXprmkO!QfU~c%pi2Q ztx31i#Q|)^(i4tO(u+wxdE~9QaHo>@xiW>YV~&ivMZqv)%ZAx~tUXRW51sLGT4XDs z#bA@3C>dNwBDpS?VEd>n+9FM5>l79f&zgxLERC$yX@v|Uk9rkYYG6x=^<^*^!IO|) z2%=(%P9+i}OQl4ngDffOo+6!?*2x~HI|gN>3a&-k^cD2TL20-&IqrJ-s+Yxm?QHkD zoJB*#v|93~VvlXb!o&u_DvNY*FMyOs-;~e36@WVk*t*$r?U-*E;7i%?rMo(0h!Wk< zA?8pwmP&TAEwom?{E)l+#B6xVR>O2yC-K}2rl{&ngvVJ_Ph=1)#|6agk+lRfK`%u^ zVDwc&$xebDM0uTL@ON@0v-t|!%Dy)Nfdid~#Ja;HE2NmJ3h?dBS&Mxf>M@zqAU(jO z<`ZBd*_IL>iw+ESqLxWO__`_vKAgtGto7~6Qn`~X>f&NsK+FTwG3QM$Z1;-J{32wg z+XAF*au=N*$;e4_VQZ_{?xWjlo|q@)%3I&Q;x{at#B^t(vs3m3-TKE3VO$!qKI(|E zgPl%xip9?HlrcmmB%vn}!YVFC>1(3c1fGY0HHyVSYog0pwz{sYs$yQ*{OPl%SCq{x zuQ;cCRz*eG>9r)nxG=g*xscXrvd_OfYf zW|d8AqqAcVNki3DYzu`+ei?Dm>#?RL@C>rBV1UlUrg+JpRTv2a5d#7}PN^esFvPIuHg=p3L-dt|i6 z=-C}xK`A>_as@?voH9G}iJpM+NrCnj9)NXqqphXc<~%*ZmNOd|C#{|zUhxwmM?dt; z4})3rS(wRAShdMZo-<%1+shlw7VnD_?Fl|Pv1XF~WP8`SX7>4$cwPj|kJj_INtB&# zx>c|!m4efBdJx0?W3zHlMVwP#XQI7>9;Gq&L&avzrH=@(-3>you9!M$h*1F{8+YkU zaDKeP&ZU?UGyls=;79OjWoJ&EIQU8`FGN|5A5Rg-@z6(bM1dncZ)qLrNT=3|PG>tw zR7AGL%2w&jfW;w7ss-g@gE8K!YBukH*RnMTGc{`lE~Caf6-V-fp^nl%MF4 z28yeBIFDz0S^QiWofvo9iMBo(j^}MLp+8+1uBxsUewdhZZ!0yP3_KCQJ}*N&emn6p zX|{!!Ci4-gOf0Pw2gu7*S4w=pp7|NJ<-h|8_9t(>CASG$NfbeRGRYFx)tT!`I(Zdp zBUE|L3|Z;3wI&@8WO>}0>PlR} zdW`iwJxrj=gwtGV0y2hLOm_lO%-mzm#O39PH_Lmpg7hUmIYPWkb1If@WxGb{TsM#A z=-yop`cq7{G&)C{Lq~+)(PF!nRbD$kPa#s4=dbX1a87rO=mCCfqLoh!bimM^Ms@2X zuQN%6pUhBZao%P>W8n9h!WNS-_aeG-p(aglF@-68lA?PNZeDRIfoLm6H)r$3f~dM=V2(NdXh@y%!p?!*w|CN zMyj*b%R8o816zz@%_7W;4>WEjg-&1A=nDn?8HS!XbNBk93RmXB?^i3Eh*kXiTe86X zwJSVTK-Q`WF+1|JaMS^AvMAv_`;!on0@SJ=0P~8H_|O91XCu>c^^zq^JVzX^V=${s zza$uheaAQrn=a2NJFO5gh$l7J1686z<#DD6f99f#20g+&chb%+= zwtl;eoz@jxPh#(moqggy6d5TwWsFqi>yDmFDoe&o;_1}l1fAgJgD-qzIMzbrZCv5x zoftdx_?aC-c(dku3l~*;6((vXY@)NxmGyMAFi*{*p-h}@a*9P*2C7+;zf>dkOM(FQ z(JtJdfJUJrmXle`xqN*mUjs4 zx+{^9eZ`lm+N>tM96T`?Zx@H&8L=%aCtZG0&kju0bFv)U-cr_)xZCOw)n?f7S68N8 zh8^4q$vsT3nmzTXM7cZ`VY`>Ke#Jb*WWO|*C959{l8B0w4KuHYZHu78<4aRe^cpgo zrPKNGjQ$uW4?7YqY#idbm&zb)jh)2OV+`;dV#7xSha^fOqmmG=30K#%T`e-qiEGcS zCqoyGkYVn}SWRwP(?^U*)EZB72SKl|Hu9G(KL%;Q2_ZPC2~lCkat$=_^zH^Et3&V| zNJlt-4Ac$Um zwG=s<>-`$I6=-%yb_BmAP+@G!s}hBU|3)(EWfv*p6)wzAI(mfyJgpBPc^!i97l{%O z{41oqb1^sC6@&qaQsGa*6CbSi1;CK(klZTH%ZPH zf#apZb#6Q)PI`R`IPRC6-vW;B6t45mL*k^@7lC7!|}*>l|5hD4g_~032sa z&Q9RyDO~5thr~&*a^P4dIU9hZt#F;^9}*|MRsct{NzOBXV{YL(?>Hn*dVL8vzAZVA0gkDK>wNr>IO(+;IQ~s?;_NW7 zaGkFl5~t(53G~H>Pstkz_wWV)Ee z2#mm0MVV%*lndeagWwhThEvjWilG zRHLM_J#5tPl|~^P5G@EHxLlw-1mjAVAe@z)S*_;?CxQb?qp-)eOLc5FJeQ|8onBqg znCqlbq1HTEn9emyfrqE6=*ikxqhxPr4u_BxYMpFK)Yg=Tpt5hvreJ9!{hLzc=v`sa zRPk_#X!LNI(O*rb^i5{*hss&x;Mjgh@HLvn4}-`h|Lqx`)tluHgUA&(6{ld9Gz=nF z+&opz9dkMFIn1HBicAww6O-ky9KK8ZcDRkM6+j46@&K5KP-QZiKC0R^XPiQ-Tp z*DAPcHI0xJ$w0p@F0MYDK)|;tQtonL2U5s#(Z5ola?wKrXGk2vlg<(XJ<)p5a9lEX$U+F7 zb++UzV5e_NG6er9P4|zQ=@KfN;l8P9&u1Yho2U$%(v9%VP#`ck}fXv;ZZ4m_9&r;}6Zlx!8^y@M)q%IXh9;95i z_kY5WD`b)DcAH$c3%S0dA}w;=Zph_2mVu%Z6|sNV-&5471T%9*_txrtY4!5-cwo{n z3pB;ijn=vh9tKg7qdOhz(tH?1Mb67m-LHg~>nZoA8Yzmhtef5iqGBNOT|545=+cUW zxjiKZ{cwmZa@_|vpFE?WTmk1RLs#ioh%8m2-}#PkPd%0uIa2+ukXC;PH{TgbtFI4T z8a3ZHjk%*ypJgrkB_j`+v&g{^WTxOV&WDPJLo~`6EhchxLO0_J!_E(LhC$>yx0;cP zDd{kX#*zTg1^Ha7%%for9IFHzSl|n)W5LW%rDH+xHI=SYi}M(ASdnWH{4H|6{?7=| zYZIVo`Y;5bm7{JB$T(PE_*pE%wejgh0Ve~|-6lv!IqoY3H*_4qBA2#dl;cp=?zU<^ zu2lg8yGJXtz%I|fRG=cU)O<>+>1|NcX}~=9bmLZ`l3thE!x9>$uqG$*cE;kTyYvEW z@#E_OYlg1F)$*_V?@WwV6jpE_0hc_S5aWko?=Ec1Bh=$~`A35Nkvfl zLW7|6YJ9iIjstC+Eff?&Fegw=Uox~~g!XKKYzgo69-y8O;d5oB2!8A|L^UG#tKwiv+;qW?VvZx*N!f}fXE zg|zZjVG-Wr#<1~**VSU>{bYfz7N@2K27syngnuN57=nM7Izg~Vv^Ij^Sb=InaJe!} z5dNzqLp?pN=n3H;$YG7(c``=UO^2X{r@AK73mF0TXr2W5HYMun^OhmMPZ1p9F;sm8 zP#j&bF3#c}TowyXaCdhJ1a}Vv2<{Nv-Q8V-1!r-03GR@^-R157s_w12RXe*!cI5P& zGc8|Fw-XbUMJ~J7&?4h1!w`f_L&N8wZmyaAPJN4_ol~NHdlr40g9@cP5 z+Sv=Vpz;Q!{MX0#pNYhY2i(|OE))5< zfxjEHa^>v>)Uq(f?O)W)qf$IsAyiQ zX-d)O#&5x2LaFxV^X*Is>V926Fw^*%xRL+%r$Wive1tT5Sh?(a=Y+p|u?MfDi%m80 z-Ip%A1`Y@VIt4NXCs%*Fe-?HN7^o?fJTXI5*l~j`t_OhZq6nZ{7IoidT+5eplRTfZ zk`g-6K?2HR5Jn&XJh0kI_twLvd{l-=9Hk>vFMV^JRK*b#1h^>+@Xfo(LW%)2=lC>B zr#$k}f908co}X_%XuKG)Rp~LO1Ct+vXDBQ)B{g?wm1w2IGP)9#>#}FTi#I~ic>UED z+ER!3i&T-Qz(*Z_LSKXhT8cGFlq@Kc&m$a=%)zpNS;imJ)W;;~Sjf*0Uojh3)bmR4 zT_}g!$nAwS%e(8)mG*h3L6bblDYr=l5s%GQOqj6{CL-*dZjBN6GIZ56!-`Wsz#|ob z1$P0t!VL%d*=1s=7lFcoO!sJPsut|GPUse^IAaW;_P5CL%jmgRY~P&gps<_Uihik| z)3A?b5&U?Od|J3xx%R(L+{zzVfbsy)8w_4esA*y$FZqLy0Hz?tiPRkj6`B(e~yf9fk{tjHb>PdoF>N8npF;k1f>b+^uzlGkGz zvrD1N;RtZ9Z0t2sBBWP@=K8_8c$+H;#v8X?*3Ip1`V?`3X_qJ>Cv!R1*$QubP9zt; z?b`2A1NH5#vYbC~d#i*KV92u{_hAv?4evc^STqn`Bl+@I2LYFHfBG5gcK-y)g=IZr z?P04}#_y~xpseVVG0+td3RejY3NIF~|Jjf)Uhmofi6%^jS4nbxx2+S?7 zoo&>>$68D=q61**GpRNM?rX6$0Dj{6-?5Sl^>|j_oAJ5*-eIbn5X4rfOyKk&BC0zx zwg%w*SMnOuA-5)yIGhMjl?&h}p$`00C(n%TTozu7lxGUgB%0+KX2A*ud=oq72fvF= z2m-*eRyXfxgLuPel)DKii>7SL+RTwsm!aR8+zdV_EDh^E4cecU4N~q#AAD~}e|bh$ zV+x$EQAJ{V2ulgX1o>BMAhET&ra%Ot1Wixo!1et_NbB)p=4H6Ym+I7jw!APYB)}$- z8e|7mNk)7u#uE*v3D+f?{qV=&PS6V~R@`AqP}{{4(i3LqE+s^w!Ak>(!?7AwVVj=I zvwiCa2xrRt`&+kbih@173%wKm9jhANjP_){m1jZswCmg7mpgoh;&inif4=>_>{vtw zcYNxo#&gT4RFh?M_NbAM^2}{=STu-xr4> zqZ!2lX6##8K>kd%F3-$xD;D8J(rZP7?8+zg7^J(fg3gv|`*YzOr>N!A@X?~F&r-K- z^uX%I&`c#)P1{n_nr_pKp-I6Ihi8lJI!vzokr6)prA~w{!fGTE{8E9+7L!`*uhed) zCQU1b`Y8=#Qie;vf?j@&?SAoJu9iiE(2MuAMk;X{<%L6?xiL85dBCoG<5w9|+i0C~thpZ(y9^SM!3wbCYMCsRi`gHx0 z^jADcCIjxwK%W0TOW*mVIazTRuw~^|Z13n5kcx{>o7>4h@P{SB2wr)o?5+1KXNQP< zr9YR4b9>|9a=$2GTX1(EWW5p3o)X#JGZ(IKl}at8Pu8+!83auler`<-UAFTw;iT%| zG3VX@=rf5Si)AQbWC)S5dkY3Debh>J0k$uw$C{$zEArzjD9p%ONxs50Ew~j_-ZP7? zehI8&mDIoq{Gf-ZnI+;`ss&whg!e@J_UuC9IL972F0m)5%{&FGJ+up(!Q107c)mK$ z1;NOm(K&xgZF*Iu6loR7$=vWvp;_~1iW?o0_bmOZR@u+S`1ew*<*A{F01;M4yr5~~ zt{tEUh;lUYGE^!NZzpVUa{0H^ejErg`1b7tlC*wm>l!yghyJe{|o6}HC3zfCN|yE za6?cX4EB8gXbtjMbBXn>$cS$T0ja7?Sh;OZlB=??#Q-NA!hFAnK^dIK4=G;R%6jf8 zEsgq?j)K&VyHqZ5=9re$$zS}3;qAz+Ocb9y>WHRFMoGGqZVKYali%k_Qj`wMImyE< zVoqTU6=nE^Iuo|w;7XekgbH7vBEUQQ-*(RX!8#eGN}hhEx*a;$_BzJ$OQZrZVQ{cg z&*))iXwnF?*26#AV}q6s3g{GTi`?$b4kdToUKA@x6#znL;_WNNgM{!y z2V&9?S=HjbDQ+?&nV|7ks#(lGz@&RYZK`FOyU7)wKv4tq^M`N5UmA_(fRFfMX=mj6 zEy-5G-MC^7S}BnlK_K(*4tL14J`;^b(K^c1l*541 zAdJ;GLO+e-k6!J}jMF<%4M0Yiph+pnK{KRSvf99N`}NmpNq+JfS?Lltn_Rcy_IW_Bp( z460@(!xXh^1MYsZol3EF%}j;4&%6Z`ixVdw&Xfya2hME(#4_Gy$~!Ov=STr!;Paq- zmm@LN_LF=ILS&*tXh8-U?hcThThPiWLgNaWWh3!~B~SXK{g(-47N!21 zysuxu7^4YUv75GQvEp9i$U4iIyq~c2wrmt?T*+Or%X{c2Sr3^e@X>*YhTCujWpu~% zjDpU%r1r`l%hpqncouLk2ggKW70y4O{Y2FZoP{)9Bs?N^xQZ;NA&U|#?5I&{TGGmP zDo)kJ>PLzOK$xY%4fgT3WPw?77l~ABtCWikuJ@A_b_khc;J>+l4N$q1YX6AvWfx%j z^+K_#(=xTNU_lhmVWdOM}5J_grfEJn4=qIJ$osenp^cZKHd|Um^rWQZO4%GoN5=ciO z1h@5pl|5C-7E916Lp&_wWU#No$FZ`7g0d4JTvMBrxAY1qm|s>pm02BPu=x>j$Vx}3 zo2q}BjFIVlyNVxUF`?^AD8c7?0^x>0iJyQEWnJ*u+bzWoT}I260h&-I^2DAvJ#S) zu)iv$ECzy?$RhDJ5ZH$_&jkx>UG}%ZtATe^}UOV*ZsCaeSYY?A531E6#w3l3snM4^eU=OeKc&=aw`XFNwMb^by4Dh4%-mW6?7lY>xiT5L?M=x`; z8^cPI+!})QmC%n$I_qlgpbjk%&_@(OAf(#1qKR54v>?&v8zkWad#zGir9f6)dQdl- zL=+1Cm$oq6Y#YOnsSUejmM=y5yOx+_wS)&uH`+aexaf3$#5cO<=5iXDH`+8oE6-D> z<<}tbF4K9pf?rX~NZUO}a;$O2CDBZn`o+=|bZ%8H-dE5!|%xV45&-iSbe?9HBuBkVzLVZ5h=#F%TWfw;hE?(sIly#PU1( z#H!~l|EJgBgU14WKEIhdN*Q;~dme9V$>N*)%@Hx%qa37Mi%|Xev(w>dFUNc%Xf`co ztl8!RJ$inu1gm!?`29A_eM3efLh<^q`AlweUpN!S+iU0lTEv;=d;D21ohidzixZCm zQ;dtTEsyW!^6XCS;C)6>qtatK;BiVZ=e8q|6r-%Id3FC)B1xu6Sjgv3mT8?#$K`B?NT3*j8^Re#v)6(7p zta7$qP2_3nC@=KA%|NkGV?pXs%v^?0lbB5`xDt0*G4L}joxvJhNc(%Ek#mT5>B8`B~8v_OBq$m#;~7IHr#Du|Ds(wqYu*q8VECW*R z4t_f~*T1L7CO+9<-6G%I%_7LThd7A$GGeYKhCD3I1RL3MR|xj>3Amk@>NpmOrTTH~ z7S9*4!!D-}a83c;%;fNrm$tSLqtOm-8DoTRh}1mxV8-|FbBmIrE<$SAwRDm5T$5EpfQ+u(&2^zh^2faAuX;aQ6$7 z7(&;q*Af6ALjRvgvEXIx2@^xv-9y3~uR)4FR(clKbZTo?G!u|2)H;Q6FqE;f0PEVpkI@;ZqW0%TFi<-GIk!W#IP>- zsC0s$_`VK{-N;Bbi~!e1IbHXkvo1&V8u|m8(mq2gN{6We$2Q`yR>T&CUY}^rh*h&i zszn5cB4rT@%oO0!_lE8&$tp^NKOs)TQs+~JB4w1uS~R(7mO6aAwU$W*b-_Uj#Erm^ zp2LOI?K5_-X>NQSlt0peYL zYyF5H^XwJu*>n~a5ZEekp1}3A>=pubv3k^$I@j(C67wE@s>SKaadphTeFhYJB*l{= zl6*y3Zrg=`S0P7C8;QLVj)CKmmp#sBcKIEi*mr*7D7Z)}UI zoBRJzwytqEbvB+&6c!uch zR)_+xB60jt+1d34*Y5=j6upgtk2=V-A~Tk@0^~KwKZY1Xn!4)h5zig4tA*=a50+UT zQ}07Kq?7=)dHrAAN`o^Hj{y8|{sJlm{ffrj`4X2gada+z*SJ30eT!rxbYn)r=|3VU z9_fm28T(Tjd9$-jd`0Dkg7iO1oT!jfNN6VW&lf)Mxt#uX`0PA+7dc#ennqYp*tJqVep`w-R)*8_l# z4AG%@2|TnbFwn%qw+%dl)AcB-JCHz!d<-Uy+}r?QU>DfD{Jc;S{#pvP-JvV0OJe zhpsrmTyz3X=F;C{Ju06yG$-=3V1OTO+$Be7#;4c)I-N65B=DWVXiLt?4hLStM5V;Pc)oo%chbcm>QC7dFiw`Nmbo} zGE6Fw$U?{O(+2S7%wgxozfFhO*;?pu%%Zq;68`{5#pQW}zo5TGuE1y(OePQDox@&A zSct!=W(gpb3AGGxts`v<0Gr6c*%gI8NXU&;ogo7Ifj8sOm_e8TeXB5k;X5%+??cjDlkbG=`)r@EuE! zVwJAf&+x!H|J2PK2r;}>qJtn`2x8fjI%VnekGjrdh8?>`UxYrwwqqzfZlA;r;f?^1 zlRm*{25pN&ZXxn7-6-QnA9|v`nnYC4Nii-&eW<{EZK%cu8OaWb!1Bt6Vgm{v%G7bg z6)I^y2b%nfOfQH$Xpp{pF5yOrc6GAQgJ~?C$dKRC{k8XKiE2N(N_+uCPs4o54);Zv zQ*Sq>6P7CI-MLNkv|I`Aw~+B$2_FOxGU+)qJ{fX#Z9spntmBZSFd0%OYgY!J32v+< z{GJ#Yo`>}cWS2<$NBv{$_RZ4{vpAbd(zcva()N#AtfBrd9%|j?A5P6fQwBk+oRY2o zTn8JDe&357auS9fubR8G3lm=JDixg~%4W(F0vTL8BG>IDlYl~*)N>S%C@FXN(w{?a zl?#7UbbbhiXvLApkpkQ_7+gq0ld9))s7<6USyJ#g){5gKFM*?x+s=IlsVEnf10pRl zr`x+Sr(b%iwoFD=%Wi}NpxeZk;SkAIVrUn#N)3)^iV1|=0G^3_-sIT zsbhBuJZCTtsDCisM)Fc}@Nt5m>?bd`{K$mKmi9>D{`Yn@BPARgSDd13z>#@+Hpk)m zHK+rbU{H=dTX;NOl<6pXC`9c>>~%@HYb-{z#RqdI+hqoDPjBuU+8{OiyE4Q=3QJ!| z!Ks$JZTI2&mjHKH&5j$x1*E49F?X&E3?1jzNx-4|Q~Fcf*IR_LA+n6#eBP}2SD!S0AtwrJzMs}EAD=|cptLnQN-cg zQytChgQ(Z@pU9N0Yx$@E!VFT9mvTTH{AKKIQ4ljBn94pXEpU$JC-Nh47ERf$had4G z8RLB{9m-bKpq&0*&*lvC*X~3~+mmD0Z7%o7Xqr`1JOmTpiH~)8{)0tjn%FrzZLf$h z0RI~kuIg4C6DzF=Pzto*?jd7$m*P^iQNM%6CI&_$CsHo#NX2 zmS4EeDPo-t&g^PZ%3)E?EeEXZ2gu%3t#P|9Gy0rFIXL2x=kaeXvae5lD z60TIc_v@HR2PzQwE3)uY7DPtbNF38Bu;7Z8a+MXzlI&*yBmD6!^Op;$drR{0nw!-Y zg-ohX5Qmzccnv@*2~|0!AdI@bM!JA5<`R%s>6(&P;qnmS8Ig@gpiXjvIr$V|m=5u- zii5aWIgC*atS2R6f{v~MITC+V2g^_nq?CCy)&sT$AfVx_cqIZHMp!aaDhsLLdf`L3 z)CCrt)d-B0wby42?h={cxhiVbz;W|wmd0BN$=m*z#0O~w5lKmr(?kgV#mMNnG{@Bv zhVAd}(*4_qOx_1>Bo{vuL#Xa9F7M+n@&kElH3qSPE#X=msuFdb(3h62G!_C-!X*Pc zyRO?khG}grLBoPM8$Ro&Q-B-3&xi}0bANTIXud43#nFZ8(*y-~na`zCfQYIix%DpQ z{CB7?noOgZ!k)zx67{g^_kGS2`t;yh*!oh*d_gD?O-ftQ$JY2y0y<^GeD;_(JweHS z_ytTS*@BOsMWab+P-dGY>bmkHV#JFPa4Yl#=L7~2H}8p7v-!d=gT(gBt2j7$oWEE# zxt3a=E;-)i$+EM=1*h6*ten1}`@#3Nh~*@`@ZvHGZ7 zMiOkU0OwzX0tFP~w$bOQ{`BAeZ*^5Lu*m3AsIWhJ3Ws*XB(q7wcw@daMeq2FXk#}~ zwL^y_@R7P$%xYsOh6;i0rAgFCY}P^ap2ta93?c>}@2X>ZR9H)(1up(3pG;j!XKwB` zkxt8q2VWy(E7)bf?8pU+?BXCPLtFwS_!m~qFrqJv##Tr`<1$nX(Zeq{C3nX6 zV8vzmO~U=tig_ zR+b`{cxj&eW}dD&!#>h`SUXrjbyy1}W3F}Q5G5qsFf_{n)gsy96(^EKf43n0Yr%D> zM(1cdhW3ZPED8%QyQLy@q1pDKTu8WO@1$o)cxvyYW=Qx_pHdyB8qfN~C(3qo`%Ufe zf9QYOnlWdo9B-;Z!bz-H*ZuV37lGRRsbvzL^o`+wKyq0s(aU~8ls^3{ZL#ot-7cH& z&}ynCY_Revhz1d7;;}c9CawUMsU$dOd6QVvlUhW>ksDnp*42atjg4HDKm zhk04M%yrX=thv1+%pavfyX^5Dw(#=SEPEIuUay z$h8A zHmj;Dz%W~jLr|xE)XKVBUAm6{?!MnPomEqwdI1uTW(cLkdO;zm04Q@%_GA{QdrMC{m!LH)tDB zDD@>ww<+?CS_T?l?i*av`b}>o(vmprmt%q31_WmBk0aOb@7(rGD^`~=~0Ab${dsOM?B^fE_QA;GTI%U;? z9v#Kvmt;~Z2_SFIGb{)MA3x}8T+R}?EnCnI2uuo*E(GM#swT{%x}v^xwfA?Z+I+B( zeXbCzSLdYHuK*{=;H2v@A}#BlR!RR|whET+0~A{F0uTKdZ*iqBr-v&b^r6?lBeP-a zB#PPz`2mR`g*weAhDqr$fdo-j4IxuPSwM|uV7=orvN&9j1*C1)0)oY>9AKHA%RvSe z1);FBa$*d$<3?2-{@_{^h_{vevT)OL(45ISCYc==PvIvUN<8V}x zE+7m1=}-g?MpquJ2F+b-&y2+Lzq5Wd06S`G<;r+$eyE2$8l_symC#&eQMJpq@~H|jEV`R*j%t}Kq`DY`JM86Bf@IkJ_rU1^;W|D1y;E~N%d%6 zJbGq+wVYbRKeXWL7XfntM$@c#IlBc(XQ^U-E$m6V8iD>l=}C5^MRsfX8f$e}UA;WX z4VZ1W2rrFBxfAa`*B%R@-5HtuJG1!P?;+~K%%nwxuEfCXX$K9vK`CajPMz$ynoVom z<$yt7rNVBj1!GP($y^tnu~ZYbErIf(XFPnaC}L$Z@V7CU=Dt8>mH)g|wYNE*th<6K zhvzVJMj9{)fB!knt9Y#c@8eN46<~I)!@s8fM~-?+#sen$@$29S2GAo;lneM6pFNKC zT2jnE4w2M-b+4aHG%=AgC`v>xnZSwB(f}|Drdky5bbRwH?!+NeRQxub?@y{uUWe)EXNNWU2V!>9`r>M$+3d9eLv>6j3#Qr!^f1W~2M&j?{GFGO8jHY- z({$WxvW}}iE+C_sHxt@w9j{o{qv$sp3oZtX0a}n?=c_Cv9h2hPq7LM6hYP3&_-h~YIUr8U)StVWY);kCD=y*vem)T&2g8l;uoRD-X6*X6-hPM|T zU--qog>B!xv!M-|`n!!;P_tav)88BnSj8s1V9SDMBzS2h&eGN7k__d3Ids5J!MCLR z9!QanK-1ox6hFlb{7sYEMtJb{fa4SKFC^;3R~=$kD7*83)>`|(M2VRZX@dXbs<@p= z<5BK`SOR-XYx*&s8VuH>BV(f+U{9>5+dA*7Si0ABi@>F`1g=M{p z^$@@%|8?c~$KT2>quPx8cZlczj%Q0@uzh#~*4h%AquTI|Pwn{cti%6RT7k^YH&3@G zSO5LZKd5QpzkRgO6Uo5u(Q786Jab|1BIt?TTHZoa+_LT~-FoFS8~G(`KL5)4RN}S7 zDnB@%bRSdpp^95Yy%>uhJ1l(e#Ias!YjD+H2c5?0yx*QNWIKR^dDtfov45cFa^lZJ zo5*_7$_*YH>&Kh&!fNLIW?FtW<$V11PbBw`zNUVKf%1>ICMkYggS<9;`a0rX{)#U6 zgFG15-_3DATi^+`*9Z!%d{*K6M&!w>QYO(3#ob*vgh0@P0M$c2cl=XODYkKbnkY@h zovQf7=N~!ZD~oJi*zITGTbfml$Bk7CwA(7w+%*GeFp;b+Fvc2#!V_-s zXu8$;?+oy=4~oCj++V1@+sDJ+moH&*AAoO|>i9;?a9~;4t2c#`;lJZ3eRJ%^%v@Jr z4xwd#BF@D5SErJF_w>823v8{C(c;)VInFHW`d}B)T%1iu`*TX@b=}h3iSKEZ;#%%P zp5I)Zrl@;DOJ3ybbBI9f<7wY#3R1L#2k}S@_Qxyo0FABh3w1WD-6Sor!(HUQC8_9X zTd?iHEm&%>uE3j=V-NHkt?Y|(!@PsQVD9n{>kFY5ma|qyqj{6o9HuHvBmt^fxp4t#o}XBDgL2M z8@lK!w9}7Un;zvJd%*KVgm(Redg9Nm;!XXT zcm;aMdY-#^;ClRk8+pp(tjl#h4vTkCE=CUp7YH4?9<(Ya6kUeI%k3LoF%^fOZ>uoI zdXVQ%fTRJp7P2zAp4PAa#DV@yBmUIII21XEU=3@Twz&5?*dA9{$O3CeoO{@TDrxGQ zigT&62CoUfJC38~o(DFOjMd!If6(Nwp@8!!gqnRkZe`N&OM6f+b!5q*_{i=OKEpkd z$<_tjewP(N2SXL>QFJYqb>;>!sq|cS=rRJ&0$fCjQJOGxOxm$Fd(V1Xoi9&3y(u;@ zY%=Z%1${X9{jMIDAKUOAWkEh?I0Vmk<+S8}l)hBOu<`amxFU_0!Xy(rWxSD1bCSw3he>kfj3P>j`Rd_HSw z^+d!5sG<^f>m!RV!T(*&&x^NskHS||;R9{Xh~@Y4GW0txw*yQHT@i_VD{(6!5F2;2U+Z0L9%2>)SER zGiveH!rW(y4R~;s?lXU}x7NzI2$b6`zN|>V?JpEhT|=`pXJQ{56O3YDeVx55B4>wf zz_2hP#fAr#3M0!7I4C|fz~I>Jxje4RUJu6U`?WBd4SlC>6aL(fc>9G_XQ(+8s*ts? zvy8fCE8^mUsOz;>_|-cd*|-olrhq0x+d89{zz^~tTMX7R@(S)cMy3qoB2o(YkI8Xv zvuNOqnN5^Q2e18E0}T4(r{Q>Xi#WcRkEfvh9>YDEZg=0?g881Rl@LEJQIQ`rLu(Df z*ZJgsp>2L}sjvpRFc-f7rFuf$_>=Sg;LI5a`-wlGJU7D}d&AE001X;L%j!hi@pFsU z3PywOOrBRU@4$CHXk%M#Lz}q;k70#zqHRjLtBpg-aZWz?bNF0B|CZBsbOvRB5L&6! z#FZxc*^j7vK!Hake91;GoN@vh*RCCj-kKKt7&l$V?s$aQUIAqbPS$7qVn@HI>>f=& zoAWKW<|HV$;u-DU>Y^LyTP6R6n;wpHL#Tdao8lg~Y&eN_CHpfJDl)NRGe~|u@ez#X zAN=)Qj<|clv)74Xn}08x^xJE~lrp1VXXALJ$QU6()6Qp1R^xsZm$CEaozHv%WWRUf zxE)CxM8GbjFGv|De^pBL1=-jy@00MC8}ics#Ckf3PI?62g!%vTU@%D-B%8V|$b-G@ z;C%KB*s9w}gYAA@@Odp!q^+ldhZ=)^sDJ2-w2NGWWP|fx5KdxV{21AznUW z+M-^T)O$9=?W@4PtN-Qf>#ECwip!GgfcjX0TK@2x5otL=32-Ny8umxKys*99lIAl> z@D>!@zx9_~1x3DqK_`w>N(d8@xjA&C?hFk8?ijh{k1U zmu>gA1z><^`xO6eg;KIu5spOI^FZIC7$*p#jkS>-3mH^B%m=V8U#>xk81;)ppY^fc zi$6^lX5$AK2J9RKY$1r<{&HffM!NyY%-3Repb9(d6q3gwqo zIeI=h*uHgRUV3x+FmD^pUNQ%4746IiY}M@4LBFz~eGv9uES!B>ZHD>;|CwxPemJ08 zV}9EG*ZbVJTz|yNx_rM~!4Eyh#h(7_9q`jpz&mR`kIej9IF_-NZBXFUIC+RkLaNDA*b$Km((h% z?CZBReQBAkN|G!r)@0xiF6ulZi`k-u^YKQaqHzW81m z5n8l<;QRi2c;4Q+0mYF_4x7Rci3ZQxu)E(!r@C;n2^};I@C$U^*J{j-o11~FC1x`0YHNOYMa>hb46os2 z*a@ClbabXpX|U)16s+SqXm&5nG|MrxY>+N8`NJDlVWJ{;&Yt^W#C6iu-PFN}fLz@S@j+wuxiHk zwj}rFBH47}J7d`Z$Mnxte&-By)}^_`lQGvJ*+B%tFucjBy18BN{Ys%{I}t6u$T^Y%IaAo_dkP2On{wJl6raWp8BRX zKU94xpV)~r1C@W+2{Cg)0!_BgHqq+-o^z9}WB8uKwI$~|oD?0pfAlR`VBneKXGFQ< zu7(yi+x%$poH?HL3cPkq=7biLpV@&5b6}0k z`_^JpR6~XpN@gw8*iPEXT%IkYyO1ZL(nQrQ>`f0yiqhso{=J$j?tqa;8fkQisgp=6 z0reU}bsn*oOyZs@z-NR6{s2JqW37i42O;Aw*&!r^#aW-GLMKfXzBkz&O-AxEmO@J+ z=$N_NB$Pb|7^15`f{ z_AFyfY#281#IS0ZXt?-T+$P};vDuC;+^7EEB zjXr($(JYqGYKYCJEDi5$!g3u|EEFPiC;>djJ*)AD@1lHS($ncGAIswNJ-p@noosP+ z+GoejEIEA7tU{AWXQIiF5kr$Gj#u2aGbM>K>(|MZ8lyHZS4N+jCU?E)601#mF*z0~ zi-wLPl^7-etC;_*k|K?Cb=n*x*5|CY75YRrRXM^J*39T!&IK8Vs9ckWl03ZT1zKJH z%8^@Kg<<>>^_;&W7M&Q2fkhRPwscttzpDQFz%Xe4RSI=xE{Lk;)Rgc@Xl=>@=iWQuee3HGj_PYauxsJLW z1aMNPf<=EZ+|^tYN^W#IzTub+S*i`v`;q~ZGTD>~aJr~mX0t~{C9#jI`n+tY@HFd( zoRn0-|F(B3hrPc9s*Z#Z(o%2=_lknf%Y|r>+_{^y=r#ejX(R{{x<)?{`Z~21-t~OQ8^9CiYQK79E*x@+^&7e%8Tf!pbU%$#2I5R?tpRvtwg5S`S z%=}_M;Km*!h_4VRw)-^u-7=nXvg7#tFIL(a*5XKDTiWnOujNA3$wuGJ2FFv#oo2VQ zir=QY;ba^RX&|jyHx5p)PYL`l+o<30SuojrVyp(7w6`b^3QcmOrL5lFgp>~x+DpZQ zJHMYS55-!{hvtct8g1XMzY!c>p$)X#eA-(TYM{-+s4)C4_d)d+Y}oNZc+28pA`5xH z0OL=IyB}JZ?>2~BV#_%?!?S% zZ4RbC@@>0DLGJ#7%4Qk!wPG9OAmP?Idru|lh2e3z9e)Pv`u6&ovD>hO;o~`)mG+UQ zcQ{AbQ|P8dxmhtTVb0q65pcP^1++r?qHz6b2Q)6;0$%5Q*Ly(UVe>~CwL++Wd%%r* zM!dlA%p!_jyTICE`#^tk#(1+09_EJ`!TGv(*K=76F_ZP8i1_pK`)BRj-f(;c1%++C z%Dn0|lY3m^>3MHsZFoJh?Jvwc{ZM>N#L&U{ znY`5X<(+W{r01GjA>>jn9(MXvYLRkRcN3AtinnDf(&xT7?JW|}BMxRx?CIJNo(%<~ zCFrvp<=Dpz<$ZgdjJbNGLVMKGqH#6-ojc_j$FtokF8AhPFZixu>+-f?l$Jeg{S|9@ zD+A%}MBY&Zh}i2n&AolJB{$q}*-q=T=&sR!kD;Xbd+a>r+_U4Y=Ps^jDrO}&ej%)> zJL-cY-Fa35U-Jgx z|BfP&f;Kw~6AG%87YYjR|Bk}k!pyC~Eb z@5`MZsb$u4n){0gkaq2h@gM1wt)02`F&X?GrDnRO+)F}=O0D7?&k(_}(ckx>%o8|v z9lFc;8-C3_9Z8WE|18$7|I~(XbGSS#^o?4req_NN>rt+cL&z9xbQR&X+!!w~^_%m= z=~4%Z%p|udpas*Mj>72U?jTVKIs|X59d;IO4*tS z_@#WBpakjSZ+QI<^P?-jfSn7!u;uyQyPy9w@d6K`-WC+Nkk^u<*73l(Ey4#2sYUTf zYC;F#^4BD>dX_1&$Yg{UV!PWO<#!gcZYSWqbY0b$Ez>E;-c##AWZuVwV@igv{K7-hpyxS5qY=9 zLBQVl!X?(k6mtExDU6%8`LB#4SAw5>jHiR;g1b(7gWxs#zUFO<`KtRYDct{Mc|CKH zelH*1EZ&7Pig`RhnzWxOna?1}iJck>D`Go;G=iI337J)c@o`4@Zm;53zsdObTBtfy z!enxaJZEa<@oe-FOzPd>L zuhS~nhMS28KH3PKdG|K0HwwPa zLdB#`QTJj|#mZ38t=_y_`N?jTU%|^HfB1@k#w3UtZMC#bc%@{&{&NZs$o5Dml^uo0xgto)cBQfNI>hb;Z;9fz=nUC{I* z>?-dBI1iZV@uJNfJP2qFNHnh&d$Jfg z#;)Z3My&<&;}Bj*<#iD`ji8d%_epWf@|9hDEpW?yMYv0kRg`h1TPMD>AV-@4*gBz7 z-pyT4%^0j-Er8m}9z1Ys08^|j9g#=Oo~Vc=bi-n;rc!vUqe17s5azw?BQ_;oK4V5i z2k0d8%qZDbuK@|1%AyaGZYzqwpnps?CKos;h*2Zc^wNBnHfL~&cdWz>c#z9Xno2a@ zmY}Bm-30Bfpi$*zYxEs(DjLI<)I{NtA{V*gmEN`301Q`mFE%BrjJXs2of65pSY!nP zqOij*)0i4Di9#Fe$r7+5x+_Ku@P&`MV7l5`n- zlR_1Kjm-(ESr#_%+#7_NE~PKC^gzYH{VoJxD}l12Z2bscyS~xN$brT&QUc>M{D>C zUG`VLajg9R@%4^Pq5#d(;Mmp~+qP}nwrzXnjBVSt&e*nX+uXVD#zyROH=g~{KcFkS zt0F723an$utL_KL322KHza9or{?W$#6GD4K%CSp za?5=o%t5@Hm|5qJ(KmoWc-a(IG9VI(pw(nNeTq@!spB04wIQso53i{hGbCXeiYP=M zy-^sWvJwyS6+3(Lgh+OD4JvK}-s%FG94?;#-lF6=U*o?_`qd4g?(3~df*uPT$-v^^ z^WDH;fWdhS2d&;_U@0W{#iG(bHblwHxXeQeS0dqu0e_`@^*j|{T*s^hAZt}M8X+9? zgRk=_Tu8=Wq;k7?7u?moNUbfs13J0p%-AjQ66N!nFFIZ=)fg6yW^x;SUf-Olf`^Zg zkUA|bYH`#G!WOeilL5z7CpsVl8@5LBVI=1m(f}$SM@cv4=3uCehB zcmkN=s6Z^^h!%v6zt1j-;2r;TSx(FBmNX9FCfk!zcuXaQ%A)Pk$V?XNCM3t@t|rha zr5j-yR{sS{XN=X3G(Z(8#^OvX^#s{nijVRDbl6&-IWEwwn)869-H3WVqcJ}5bADVn zOfZ^_X!YrH!VlIP--tY#o1P3GE`Si9agB5Oa+e708KBAOe=s zd0hv56OfW&RiezH6LOCW!-p#DRn&kIl+lIZ>hDstW!htFN7CKczq0ZcvuFtxb{JUx ztrr1YZDsP!Rh25eze+XZto(pu0i-L2ypp!1mop@qu}^%dNlFf=J7Vy&O8-$%SPlWs zeHUUVupPodhLp6XUrKDD^cwS*G0YTilmIHMQU(31SIC zVZ6@|hBU-!VMso-!nDOon95(OYIN*l)REq$rbUA~P#QlOQU5<&HWj@n6bBrL|!1717 zHRCoz2(rD(hkOpL&-zTmxr2ObEJe60R!Ym!vNPnG8QEoe_et*-B9_b(V0Ves5;xf`gewMI$ zqjMERNZG ztzKa)ouiS`nO_%0Oo$nFcx`BT!y^(Ycj{kLJt!uM6ef89Hc3bLTq16zNTtR}wO)|y zXdd^H>4@4*FSyXzfVb0(I>!5p`1?#AIz#t$ob0SRmkf<1RSO#sU)ccKbWjoM zdBU87a?%bA3~%6b7ZjRBT=jz6JTYB)RigT^c2yrIby`6E3vxXKGUZuV2z{+A0!)b_ z#`TPS@;5~L-e*^mUBSJ!h%f&QA0Brd(G`BPXs-2d3VWld%YhaGo@~j6GZsq``7mxB zO>PwKAbX~F9S*M47rGC2KyhiE$gtb%4K^|9_briN@U2u`XrHKCUVfh7r+VWgQiRDA z6_R}e=qc$g#e5uyYSNTzD|s0qVRLOl-~k~1QL#Q4jdb$9Xvi!PRrL8#yXbYo5&JID zOI60dnyg>VKoizBS6NKWf4SHiihjukoi`r=I{m?8bOA;YjrPNV&H z-r98|VB%+e%>Lq`$U`DO%8I8XhSii8{umw{jn4m+i`EN0KpRct1V22rFuco?n`JXIfl_o{SMp@$heX>00!dfq_ct_)XLpjLQ;aPAh&l9k<(w#l(QX)&0b6?x;}9ec zjB%b@-1LzuqKtIO;xy2hBNPF#S)5v=SGt-q*il=lf!6Y8vwc!BhTWbt_e1XVb}-BA zDuFK*)rxbLI43E`n^Cqal&Ga3g09H8*@rS)?i36~4|sCwiK~g4&yxlw{?LywN4$`^ zi-Op?a-=KwmFaHgN9b)V%js=!ymW^_~pi|H=^ zoa6!QFa`9SU#A-Mv{e_Bbu?8nv|ZwpMk}v*4HI;sJ^xsz%YufrT^zuItSS}VH^ESs zwiG4&nzxWg*n$EMO;y;Kt0UoKG1c{`*V2U3-rvP&uklo}Ai5}6t?_hs7rpmyz6 z#yM4~m@o~oSrhk39^}SITxKWl+&hBvcCFJo<4$EXwrL`iS`u}x3qc~`v`>z{z%;t zU9Temp0MMl0f7Wl0%W+nb0q`tGM>?>ZngZ2Lsl@VtZP9WI`s*$Nh#01m&$)`C1OZT zH2Qgvu(OC?O<`4ZYZ{%<^*EFalhq`2-I(3OyCHa-t?98f*KpB%?pD30EsvP5(mssf zK+()8p(;{SUe)RDgl`?Y8=ri-KBdj>JhUCHcg1VOM8&6E?bUC@haa(ILg2D0bdxfr za|hV1%RIe*1aWBr?SamEF*MpDTAogMXi5qn4%gK0Pg*xp;e^Lp!5@^uZnSG`A zBIzzJ-L(EMZ~me5~mm{LN~`RL$`eP-aii zQ{ls!8grZ=sCpB)X|iZ1;iPa>32rqLEHU>CW%f+!S}Zi)vq(XLSLc5C6TIj>bLTt& z#IPuN4SYjQ$?d6PKyj~GJXE6~qQ=!o&tz-FJ@W+IdD|q#LVewOYkZY}j%!+|E{NGY z`mP-aSj5}}NAS~@bMaI7*?2Wc!dHw=+Wggb=#5kW(Ye%C)n<3D#^VDyVEOqRd9?bb zNmVGQjWvn7M28#3%Jx9>@xREVyKo!@S0Dg@2eALo^_w_4+BrJ?&-E+I*lp0m{QFQt zzyR7v!>U>VXtznl=@9y>(;+Bt!#Rg96-rEW)q_W|A-UOP0XrC9J~AWb*sS?wKh0Uz z{D{i~gNxP@IjJzKwv@d;3fyGkxuFxra=g(uM{&YSN^VIb;rna#XN$MX7F_g7DE>An`XU%2x zLo2cP*;J!bV1ia9-dGckQn_w^4}G`N!*$xYYVWJoIgBbSS6=5(IT4?@7&w!hTcyyd zmQaRFky$f?gr2vE7`qbTdqgjms7$K-Ig^N+gVk+_Ghtx~=^@b&H6HcPcu(|LWVywr zmw^R{7MiTlZP! zE@qYoKYx(Gh$&6-{!GF0uBt5SR|gci*o0UDa~D}Dp;+UvS{9ngoI^wW~#MA{@J5GrU^ISrK-}9 z{3aUiqHtx*g9BsQX~?2=>a1o8<)sJlluz9R1lj(2J)&kv<7SaEF1ZK_Rm)sPbY6|r zk@6-fxTDcgW!%hG;My>+l}?lQC26maPO6r!3Bhi`SX{cV5`7>5kg|WTg zq3vBSKE+{PIeGlTnh!~ zqMJY^5~)w$QAxkH2@P zbtjPPa=ak0-R&XRDXOOitbMv-Et#`BY*_?RW^lxuqSBny@bwF0TJKMLM%cpHA7lsC zj(^w+8>fa4&41;+eh(%Gz#hH|Hv6RLOwLYjWqIuJcq+-R7R>6LcXwtNqZjF@L7}Fx2Ua(kI|9Ls<_27d zuBbIxE?bpRnl*$#W^@m*^j{!9P{=)I*mcM|9y&X;zPG+-ct_$sstgay8Ms+#P4$TZ zrRfcpH>WfXTFyNSP@@ZKAo4BR$ zuM#GWRj==!H&&d2>*UeTkz^JwqxB@O^fg1)4m{{4S)&?#2+w49n092iY9zA6OhDIF zCI{6Kly*lW$E|ugo}F(5P68~ZLk+zKQ#-ARv0VmPVeBtmH{ceWmS4)r3;Wfnd@VZn z&wiwoa!DhlrVE&zRB{oclwXUI0r0UT&+v*I?VUvxhP7*$}|q~^63@0H5AvnNyyGy{L- z8|L`AlTzm97`9XMoDk`)LmxC*oF*k(IR1@2lG17hVmWa{VQTYWHnIocQi=Hm8l1XFOVOjp_A z)!a|GBXh))bFf%hRZ1y0{X0}09G`c?!X-Ykat7xrE-DBHS`?+U;7TPOp#9@@9xI#N z3hN^=RCA}(99D0Vq<>1=5-!-Ymf_yKtQ~-MOsC@Qa!mDLh{hd zxCq)dCuJN~{P!hy{~CS2<~4AlEW$wBihipr3Q!v@W5Fbw$C5zg=67Bh%c{Nw4!zRk zl82r#ENc{4TJSPe;EPT}lOJX3p~?p8-V^A%5tI5)c!WgVQi#-UP$ujRqqlwKeBE{3 z%Tud!<$F`vZ4*n3kjW)f_!s$Lo9RB*GJP2OJ2_wS3cj9?3qQD7lc~c=o{7~b>mvTV zary+*I2$7eohvh1Lr(j{b7>w4Wf>oFWsS%iOMvLO&Iflb$g1|Ms@>s-WSc9OeLZN; zyBLESPcdc)u*^xfd&#Nj_DlDmfO<`*%q6X_Pgk8UxSI6%o`RBWgG|;meE-^XoW+(< zh1U-%mU%S`35*$d#)XJ4jU!C8tVM|oM^fRTF;x<^2jc1k(!^vpKr~GU;5?$2ap`m6 zbSSsQ(9D)u!?uUA@)fe3v?pV>?-pI)v^i?vTKLUZRhJ+u*g8rvgPVp z{3^>@k08AgtkuuEgc9e$9xzxpr%Ynca{-W&C)CBQLr`?Y>iyLBf|H4+k~%YC47UQ| zT*1eVEN8MZGso*3^f@Lj!m&vh5T`{xz5=&|e#j0Z$H6;{4lmcic#T^|XC?cUq_7+h zj;zFkhrPqiBYH#b?hb|tY*%V%xFmII{i;Y%}lR^Lq93JSSOfXlm0)mDWecU$!KG^sN``#spb5Ed zuaEsDs(@ZKQhF22FOgk+d&0acTzPyAg1@(sOaKv7+2Zn9E8jV!R+QgZTvAq6OOUh$ z+qk1OqQPwRt;g#M>4^UFR*X#(egrCJFu+jh;uc#F9EOauDNGwvu;?hY4g4wD*9M8P(ycbF$i9h@M5gvoG(B387x^+!Q1Y39 zm_2Cp8i8u>T{23aw#ycBVoLU_4Fkh~;UxE91UcG3s`0Mjo>vqF8rm8R z^vKh#MM`Q^LYINmqpV!d(Za*#tcP>O=$kRjpyb=AnB}6F(?E>XB!jM*p|42;CSO!( zwlD`K(=-JTEQMas@7D_e>te5yGwYC?qMDLP(NWhI5IJ#&4M+cMH+K}o=Tr2ny}FSS zmW{~%j=;bo&&b4VdJ+LVsIpa*X@IU*XvS*S=$sTox9b4$?-;lhfY(h z#5N5+afKFI!dJu)ioV)rX<>`moOjv4+%YYuGJwS6xr@GiapTMKHX2HIEQpH2tI5nl zsBl15UG1gEsAKOxq#%aM0(D|N&G5*l7Y1VzI2+8lIO8%ZZ-s8{6p$l60yVOf_359k zfuT2p`tEvJ1I%2XXVhSmMw|)Y~$ZW#^DDKp8ntOX-N6DZHKAM z)sPL9ajsl#w3WJnM7sD^g`BZDxG3h4n&XGnnnhgH;?km0qdzuVg@gs9G}FTewK;PQ zJ0+RbV=}$D47RFedbF}_vay7lv7%yf;V&TIi7O%<{Q-{5Aowl&8-?`q)gaFCR!tz+ z0vRv(blqLFmPSeI;=$rDTZ}E^P}O|}B+??CsuDEJbS^GHn8^t7l(!d{S-GT}ph{gl z)0s@cGP9H$;2(;3Va#{=)XotX5{Iz1f`rpFX#u9_V9eC?NX_N;RtzNr)kk>I#1TkU zX>QaPdc64;!=pBusF)pY2N1oDb8LW@g1Dk`ApY)Mve$o`9l+Y4H(%@(_H8aKcVvl~ zgI@hNK)`OXHpizpyk1`K-U)2zh= FeG$gB zv1+k8oAfV(jMUs?xxC7djt5{VRR|3EJ)$7&@pZ*mr`l@qCXg|!0R5+#ouyKOuwEcS ziKixY1@mI(GOKJv1o2(*mRFX|g1^50>J5ZbL}@Jv7Qn52u@{}y!Y_fGO85L|W2v*!lRZL2W{ zo~~G3AHl0@ZOhCT9fMt^#VuXY1%I|N4YlE(5TLr2t^6oA9JxjSM^;zJlp}D;P2f4Z zQv4VpJ0aR@Zk_kzb*@M6w155S59+ng_VbFm&-m6RZ*&h>iu&6Qs}-p*7gR8rE@2I~ z%vGMFN;pZuuyE!rwgMxXF+NUW;85}w`v*4x zNP7f1TphbMfQ$D4%BRg|f7g$eY@Iap<;sEk!Qp+n3%>p_4EAG?e7(z}H|5lkU5%@w z;SU00T7Zb8W_TCA{stS>>9y>GdLSLe3KJ4e)>O(;=%U{s*T)sEaqot+mJzRziyCN8 zo(J(lK=W6%!zb*E+E!=f2$i+f|Eh?u?bQ1IYx$E{W|1kdEg{1f9Pi5h`G9UQLy!Hn zO8HZ9+3*VZKKOTw09L~Skr(6!3C-{1AxB%GVO()SE=%SNQAvXO@A~cluzn+qDz$BO zF%Hq5#w9s;J`0_em3QWkK})12QtgJEF@KuV2CAup9Cq7C03Dj^fawWue<0lp3qckx zZkF(yHoLVDE{5&O6y0EGC(aQ%^0um{VPCHLtzI(d$n}@}hgMNS3YueUSPg5zIZ$kDR;0Ize{_b!;~LZsjof!71UmM7_8b^JIOFU?eu~Kvjn**3RXdndeiU;krBI$ z{9dKkB>N0k=WGDq$pf}^@WE-s+{4`KkAo9>jFpSt)19TA> zARqzZy?`h@?_2ToAVlT0d@Z~e>%}f6vg{A9TG0g=3r9rZXq#Q{9haj7O-!SV`CGhp zKxnNj1)y#-Rc}0JU2=19Cf-Lm0R{pjR^q1mR99H4Cvs>&Sn?;kl7on9!BXQMr=Hu0!F3=f-&8BB~#V^eXP0g3q_G8q%(70P98OqOHG^%WH^C{nrA^Wa+ zD{)33ph5ZW`ofiC0X@t~eWW5Ot7+irpMeg8)WQXH{#FM64njg4CZxymTZeW#Smmu+ zc3erZWXtk|vEaOxAo8Vrw6~Cdk8?tb%(cpQ3nz%1-?m z!6KZ(vjh9I46+NJX$dqa>U7-rl340=NF zRleXr$k@tTetwgczoBg{`TAMkZ`n#dG4%=eu+-O9G9l);RKU9TZ^^sh_d#wBV|<35 zux=_?#P9qi@O>iYpdUfwV;r|VbgdPx9C!9992YH)S+tzzzSf|Gk489AQ(Um6`tN9? zStE5tEpiFBaY!KA3~muMVxZC8dNe`I*HQdI{!u+>+V#~(If3XFCa!lffHx5QT!2Gl ze{Y~TIe>de{%1 z4nJb%evL|Lba8|4`9(cn+~MV04Dha4EnOY$VO^4Q#q2LwE{DN|Je1Yd=M&aa)rZr} zj}woS@ys{eNk*h^X((m;WB!fufqZKtgR7o7)LO=%o{6|!#P&CFV+5Q#!dR}kI4yvM zH=Paxa|#b{@K5e;p`Hzlrq5br%z7^6kyE5f*IG2QNH<#(&|5Zi0!wP`g{XH zDSHj%Kw*Ccics#O4qUH!Q7?!Y*QutL#^|V8L_v&7C}yn7PL$%ux`@7*(BtF()J{w5 z7Jy0m1M_O$ls6PDO|A=XuhyLq8_PN=QB-#SsADj96uNTVl-(ya)gN=6Fcucl46$|9 zqZ_{;bv1+5wmxEBB1a*Ej2w`1@Q!|rtg@jmw$xq=49Tcc6G*!WG3a!j)GQP9A(HO8 z?HqHabi{ft-Dh7ClBf=D#7jLkze;NN7DNGLQ0IQ+}X zcgMBx68mZXU?XUs^eHU6E^n3&m|EKE!3NXXtZ>L;13ORC-tO$)bEmFbBc|fZXV`-9 zW-|Gd3V;>uohrGRg3DQVvv0n^B#9`NFm^r}+JRG!Hl6(lXzH~s)EvLrHf9Io?jPB* zxysj}dbAxjKJW(wCy4KPQf4l@Ya=rQoGda21reR8+P&v=n2b*>CnTu|Ocr4pXUx(9 z+?C&zH=EVuOE~~qa=Y3Il4!Bqg}>hC3@|H4hUos;ZpxSy;DKMU5s7g$vM)g`mn^$5 z3)mu3uATEd0T^^bSt4CHziF(*!5;|dUn)46i-hK+oL$H2Nu)O>TvI!MGWmG}W6r#l z=kj`8Y9A^knha1$s(S@(&{<>M3HdX?B?mY&``z{UTf)4E>`JIn`OgWZI zL~A#u`+awo_4teMkS(weF;8@b%o;r*S#ENh%@AINVw&bvX79QkHzHg3j&QKF1zE$PZmf(ST33n$+t)W#O;}|Ac2hmd>1Y9>#q~412;J^U zT&fMC<>~>-Kv`Ury|rtfqwU=p{)3rAy#IuuZcS+0D<}ZKI643T&VPrYfra%i#lNM# z6}!%k;P<=Ov{=v|lNYF|^KVVX^?LOpmy4I;Mk;U<;~2<1tb-+&7W?AQ*RU)QgT%&@ z>iNJ?0L=5`%)wg|vW?O(38L2=6vsvab$Ag7fkcwrFDnO%I%|mv479`GjY3VJjPPXJ zj2nMv?mYJ*`ZbrhoO`pa+vEMQkK-YFOcOXm)DX{@4f{93qxaRbOx^Yq_O-S5uVu4= zc;PCRIWx(;gD+V`c#$(66DC5vfd+OQDnbTA%lq$ExhUjuj;&5&g9Ld(;@E_z-m^B< zi5RMh>1_CLJSIQ^IGae8a($eJL#1J25VqF3Ttsj`&^1$Y%}o*B1Mm95T+EJsSw~6l zmMz5*9Zf+VhCHB@YD0Xm0+z!CO5*Rf!MExivJG(vXPEXv2e25L(~$fV=wi(Ld=S|~ zurSw@MrRrUI@sAt?-h=uYTq7J9bG{S;OVeKjJ6iuXHnR&b=RS8ClRMdx;ZfdizXyTYFs7wl+)#<~Ks1-Ctvtjw99r4Fjf{HP2m zSwVv3l+xmd3{QCKr*URRM~4XWTM^WQv^TXz;@u2t3*#eUV;^!DkN}F(GM`3VS(tQo zP>RRQ7{CZ68rWN0_Ex1=QauQ!0L>cz3S_jWt#pwiA_b+_)d9HSh4S!LmO_{qo)l9R z)dOf<#E^l#;x$o=)=;WC8bzy(ahq)`)I>yXuW4|msGC;M6cts5JhCMz;Z>dsijD~$ zi-mO&=g(7OA49vF>m>{ z>KM|U{7>-4ZQ?@1u0#MBB0Qo63)KcAXR`xnzb;K#E-bZ#e6_u;tdK2?c?TmOPSCLFdv5MEflrt!w z_%6sM%}-IXo5!0anh0;(n=+fzWl(Gq|x!R*kGE8)O^+8=2`BPF!!R4!|ej-nYzRcV1OUenCXynyYGhkv zuP9{UAq}pJLN2w8U)01USs6s&6iP5u^*etU%}=+sy56zW*IM5+4ExbzC`~IyIb0$; zL#q!)+Nq{}4E@FS5k-r}#KW~NAAr|5pEWOEd!bedo4U3s5B%}kJ6;lcCqCz$-84n> zav|DWcy`&Mmfnf0v=wT|F*z%5Ig=G6aT!ys+G-ffjR-a26DZ2vk+;OgwDQNwm@yRZ z5PwXuB}!d)J_ueoE^W+cV1L6Ni>|mDHymQ%uT@Z&wfn-AIj0&wPbrH*om$^*()>s@ zV}Xqcl)?P8|vgyN1EIS>s<1TJ0`Ss!|nJjg82Na;AG)VWLeu}t;QU0Vu?)GYbNhIz{6WO zG_hL%iNGJ^sYg0#5pGq@tSAo#m(r6VF^GVUkzibjAiv+Vs_arvEM|kerK}GG;H7d1 z0L$LTV=8X`qJeOEQbbiX@rWyb1*+#Vt|YITO}&$M{=POVZ3?U6?keJ?=`11X)3l%r zGUjZ`?Hd@Udkd#)v?8ZTcsn&H_cdtZtQ;d}LUDpaW~ZK3Ey7x(DG*!9N8s>=x}xw- z8%*oE7WqfNyhp$Ur$I14kaZ0H^4w@D%?z2d!FKIAoU+vlj?eNJ*${>Qsxh=LY=6CmzN91!07{n z(6>Mw|MnBT-3!B_pWVU#a&I;KAs7t%jd{(lQi$lk#@xxo-oVko`Ttg~_$W=;{wi0x zFDM{%jDc3~Z%&c8z=fKBn^4|&p zc)_T|)Ah`q392fgvtmM6l8Qa6eavwxYygWn)o--UO}>*n@Ud9lWuGLGs~@suBD`L$ z^xSSzWGc`VpHHM%Y9hp*Ao%>Upj4^;HXEqm#4BEIgLkd_US!;YXfYi2&Yrjnnzvtu z@)wipYNWeyFM1+%9(}L#zK|A(51pwl<}^zXtOE_Oks?#iyoax6h8^ zd!nYUt0GZ^0QD#sKP%ap{a3@HWWHtn4}Uyz=058n#)gG~!p{dT7i6&2nR5=>6myKv z^vO-ut2TGMVQ9a7!i9DNy|8x*WI1AZlDOkk|NcJ(StYaw3<*r+!sJqIs}kqp2Y>^< zaKmUx%|0drImx0ha^swkeNW!7A!;J3U@sbv_t&RsF~rXUiug!*I>wf2)v+CkapJ;O z?&WCFEQI1&wi-fK5<35f5unwrlXwApD|6kRfL*b*!Brx1CsZj?UPFp5|LxsQaVmm` zL>TWxLTp4$%3V}`bV{0mSwd`i3XyZpcmr2?Do3e*iZEWu4#NYjphx3t#hkf$%D;7G zggK2`C9flYti+cJM{_hxq-8gAj{kra(yLt37MYiGiI6}^Oz|uRwo8Y(3_|>j=Y~!BrsJwB;%xjOZQ+$O@ zcTc|8b3bw1HiA$s0>8N^xsWGRKv|AQCuVws zeZXm;7LS^v4S*zhAy%M zL@1_E)WW`cy1HPC&q=h^s+TFe-v(3TO}EB?&!^$ec9xsYzb5%Fr2g8botCc|({$Zn zLQli`?YmB(i0S(&jxLQUfFl7kPX-4iJ_s-a_HSySVZMMm3v&a*G(=hzcGP{3o_hCh zX@?#gY_y(zUvMyC%gvj9ea_syZ%`QDv~($SW02t5$pip1y%p|c!1dW?bNlOn6e~cV z#d@Qlv%(r2EOk5`_is_4pb$LO(|M@$Y;R{3@?KNkj_2Xr+j9m`yeoFAxHt`A$c&dc z?Ar#VxXlVeOsLG3s~;bIH37ClGrAMa5T1TD`5xWKt;@7bYYw!<4f(s4`AInBqA@1p zU};B!c3l*X3Q`MW*-z%u*Sj_(1^6E3qF4 zsZ$3voc&tEcMMCBY6VuR%jFEBk?ljj*DCbfl-_$qUOtsR3`1^K%wvypT&nC%N}CMI zF)Q_p87tS}@Crq>wGR-#tsNgaP9qQZo9H~JR5*us^EWWO3sWk51K<^COORW~;4ug- zhs&kJCFP5%9ZQVzU4^ib;B+n-DywQcDw-PQY2`>p8TWgx(xB}lI>PqM;xdVnQYE$C zulNfKT#a>>`DTL@GKtEK56J1O=gu6FLg&c6V+L|sfm}|ABy%7~L=eDW12g8EK0l-b zBN}~yrp;x5G<|zfkCUvyo3m=#1X&;*S17dzojlCg#69aX_DPG4?I5*19llR^oO)h< zLb-A%n;g)it;o4C2l?TmGO~W$e@G@yO z{mu`T-nU@iYynb{*E_75EtT`(10tQLmgb` zfx(1tn)PP8>#Tia72r58~?AfVR0XPSxkV<5~NE+@E_87GD}D?T$dA$Iw)E7e*} zb;FXe+T`~~PF9kU8~7E3zNo3&t4CBw_QG0_ zp(A1Q2X2*=Lsf%gSSaoX!xMaSNvt>Y@veHClYG3ry|tsd6h?!V1~-edreo*;hj+xY zlU3g{8igZBKlc;fJQo3u z^8vosuL*=C6{&J7_=|TVqPK?o(d<)fse2O3XUpf1m54GLL~>(yR5!FrB;@pYRek5K z>0;%7OMjtgP||UJ!%hnF{}=ZEmoYwDfy?SwhQ0kn)uaJrRF_CGTkd=oC-~a}CZYyi z99OMK{GCnhS3B)0bhQZY7&*K3()O2DZrMXqZQTnr=kytVkL4WIS_D+y8!|pb?hNOP zkXiV#gm=MQs1V-3GFkMn6VRB4-xbhUVbhc(LB5=*3JtL?KzR8G65Y{5OqY)AX7J77 zr^!U9STq7f6kztG4qy-z;zLI~aLfxZ!cM%9VkzE`ptg!CWUP-1Y#duC+cjW^7=rSo zb(ybgr60zd2^Zc}Geq|NT{g>UaFU%mQ4jo0fsv6juwD?Tb05x&3G>rhE){ARZ|u(_ z*R6XKuR~qb!@wdr&(!iMUT!7D3C&-uxb^b=XPhQ6%t~3eM)&XI8t9VT#)HHE^`wqx zuKs-e-fcGo006~*EpZGj%q(o3^$eW!oSYpkY|Vb3)=`p--6B0g=*=6d5C<{E80DC& z3JE1RKQ=pl+&VB)1tHtT7R%E*!2!PN(zn~N?5VG@Mz?T$?_c)%TsKp0rs=9VDf49d z&_claDi@>Oh;2Rk!<-d5{HX*#{%U`M)wPE%Nk-uj-ak(HlT2OA(ee+wmE6?ad3WgB zHIsowYvxFRO!yo`dZv8>RI*GodxDGNxwjcAx5r4^BJvCx%?S$H|B_*3oi_aKrk)-nmpidun#=7Lw^ z1>Ptnfu!fBHS>vFV_1lW1r#8!(<{n6@$aQt=pmn8N_iP>3$@#KwchH>Q|rV$!`2DH2c4zj_Wjb$a`C6F1S>|V zU%`X`V0X}$!S=`doHNLK5adVX(;Lu#e#`7il#vm?7`piVmdXDshD>b#XXL~GA?eMX zZT^QLEmqQz>!(NY*{L;u=3fcM?;AvCa#sjr@a2ZEBbHjDRnMkr$?n-%hC60G=l^hQ z^t$1A*<48eXBVn=doA&igH>tILGqOS$7$ZcKB{&CK>&x~$9GjB`bXLgj>VYfj0Fv`q+XeD6wziRSsNwJqH^WBQQy~kCACp!^BcL_J`Jb^y{R057(!>kvm@=Ro_qrX&3A@n$8P7~+;lRG%c*g!(EeQW> zJRMDpTpXP&{?8h0OC}<_=<8%&$B{A%?fmtWsdshS)MkWEmZPJ zezkv10PRw>DOKu0h7Z^dJnX<)jbjm_?s2ohT`s9T+9G%GiUz1NVQ8l@bF*0Rac;9r znp39xN^4tlF?>I6gPVKC@MCCgjm>)hQ~`55VPUkhHQU5N#mHB~9F4_`QulkklDlx{ z*ub`Yj^_F7$+vRVA!q!x>NiE#$YcJxJJf4SL1$IWSXIUraMzL z6Ku(HF?^ArvWjp5C9R+a`g7W;I=v8Os7b}}PQGa%(OGM}l5Y{won?~~nlzNAi5!!y zHBeVu|8OgF?(an?RlcCUYhxnXtX1wzfVq^m2`qs+(GeW9DlQFbN?Wj5z;N5pBWUHG z*i`f^F6wFGYpsM$OF1-Q06t*o32v^95As9q<4u4~@+G`)TFWBYZ#rCJybx-k{N*{o z-9tSQq>tx-H}$2pm@;PFG8q9e@j+eG7T^oMA8?ZDr{el5wYI?5MM0avS>o{Yu7!l> zA!ZTx`K=b$5vGe8Q%Cquc^v1EkR`lJJ6Dxv=*riTBO8I)yW7klML8RElBIw(UU`x&Z7uS3RrttqU$J@ODopooqt=Td6Y zQImxpT8%P($={ z*8%&j>rP?*|5|F!c6R@hFs4+c>^9gDx_|v$mq00qBI?fdHv0b;U+)xMYqxZb#;xh|9Er zsAnx-5id+BG{hG9dY_W77any)dT8WXS+LL9<{6Q$NEmcbUDp)CVOCI;)N(~&i;b3{ zNg}wcETVGSN>^%WvTp>>RzAMggtF>&7A)RU(Y)++M>0tc2QpR7O<@i>$L-)-)s}b? zb9N4j+90BhFQX=RUNUVe-5YZ#2&6RU4cy108t>+cnbxG{oqPNBX1`C7-TMdjEqq%) ztgspr8}p-qxcQC6ISHkn@=@Tv<>Ya8&M!UwB~<((pf{fTDD#o5tM`7wx*7Y^f|&1f zh&awGS+Ev@9^^$TvnvNR(UJ6dnHfr}ISj7i>@Q0l?0;jNfti6A*?-SaYNSS~Gy zwFwW$KyTex?2)U7_V~rheg);Gp8`{3;pdl!UrLsTHUu~R!GdOjJ!!N<%UCfl$=#go zI>$_C#lhYWHWD65rvG^Sy3ZW2fBQ(tD!){(h6jTe3dvw3FbsPtr>Tp5cJBZMah#Um z46EG+6npP+36My~m}enGJojK1(~EO^$`}>wBz*5OvjvCq4DC8#nY7B>oOJk54XzE2 z(+8@N&(MmiQ~gTSNFD@6K4Ip z6?b7@s>ldmd$!Blc?M{nb@vYCzFU4s?Tw2I9imNC+e_B2A3@7-~Hm12#VnbI=;Dvh7?9YwTd4 zuurUHE*3^lPSk)wC4NQvbWZpJe=tadP6Ih<7GZ42(|xNmVt@oIr+Ad2L%TD1D1U2JKnvJ5f>o|RuSUT)XfHEcG(T`5aM8gVkqSkTyR zJ?KF+0|&Cf*9(>iAYaCnPk*6W>Jcsbc%ul7v`E8tWHnec)xGD~;@65vfm^65{hb1{ zcXlShaM=eKC;e9#D&jIW^hU@h_@KmU+72iMK+K4zt&=$ycohJ}K zl9>bcHOMKqUYEaYAQH-8nQ6PFHZ(j+2SeNX^XkrHw@?o)?#u1CB++ar<{rTIh-9Zj zO^Mmw@h`CCXS2-Q7r zWtxv6k9_`(GVi4(lsNr?4u$alt@mMTU}IwJ?DDhI?tiknOzhhK;DwhI1oFxQXygVDm!r5L`nhwrc&^^h-{oM>wLB$SI}PK08~3kM^G8hbFow^sHEX z?^u*_gN{7K82PV?GamgIOcK^~MAcYIN&B3lCt+tQqnxj>OT%s8Ev>=YT_*|sTq;qv z?@m@tqv>-9E=gr7M4(u~b}a-$EzPaelLjgyJ2Jp*&XT?Nn&C*cs zf#)ONrCnB0YHHbPWOIKY>I^9ZE2+For2KlQ@LWdTT8!Iaz`l1|!uuYHb{X2z=W z^GBX?3wmA+!z!v`P1a({@#J1C;ZlCFtUMZZ>@E zGj~+}?H!tKU(=R4?M{n89X{v{w4i3%yI~BXXtU&+CZ?tV|6`{<`vu}4^smddP+8=T*SaG8HTzJ2y{w;BR zH_15|{8U&+IR7nDoQw=?|1akP36lFArgWzpzjxuu zG-Hs@cuGkmf4V!5GSi*EY0_y@$T&bdW#;niX1e^S!1AfgyF{eqijWvrPQ8j0=;i{H z@dTQdv%q(RW3^%j@rYC~+;BorBm@Zl8f4%*BS96ILps}q@uAYdPCYyA`Y1-#rYEf= zc(KkfOyG{OcpgZe3~ypc2a=4EK%2Kf+h#ytXi4Ue z?08E)-zFAkQtzC-GC8KsN9hy^yh8|&X*IqGe0^RY5OcasMksllm_Ki1Yhe+7y$)%g z7y`A2c4usD48~<8O`}`|7vVw1(R?Ct>1|&KvHaF;H$lyKfxuX0AK22Zh%^kZRVsN_P>7-F&8t)+ z9l!9%h$)wW&>$M!z$|MPTvSk$SDToZu{RyWWy*eof7O=aFGh>C2WrvGmYKEx9$J6m z=OX645Z*_I+;fDJ`d%#tmcV1deWQ-CX{^5`Cq1v*H(a6aUOP|F8j%802<)Cxec#f| zn}L^=XV;&eR&%O6^NsgpW_=%Zf--YJTz|EH>*Uwa(TI z77M^Qg{N{EkH*+u%^9q5@$32lq9UdnT5XO>tg z6<(fF@sQrJ@fBK_9XlchHr=9+@USF_D%HNT6>fs|3c=c^wGt{}G0HYjiq$~QkmYJ3 z7J!0!Acs#+!TJfQeGa-X<}Z%o1?WLoc0=V?p1#|4r&Wro01q9dL-avY+$)8r3 z=osNL(@MYPft-~3hRg~aE;%QLN>iuEBR)0<4QB^^4$&q(Cz?NWGdDUHU$}+xnrcVP z8MmL2p*S?>c#~}rR*Ve+FE9I^J3b#VZotVt;`pjVcPRM6u(OchRW(TTd;|bTcOVTj z@H14dz~jf_=XMVgq|@^yA)(6=5|VX8NmQx>J*G*jXB=gc99#b~?B&tUek8Ro)3|5> zWzTjK^*@aWADac4(#= zo6PT6;JcY@TWt0_w0(fXTRb0Gp+w%RlDu0%8ZiY*D0;oZm4e zPOa_(sfgPgD3xV`-kgB2=0kbB(n!gytlnY-2`BG)06$ywQqYHo=lRQfS>zjx18R(8 z(vfInkA@jib8@qyp2xCoaZM`{=gXzK0HK;}9gp*<$-44ouB+z=TY_zz(3%yK)nn$C z1>2Wvw!)+_v?1<7?0p`;aM}g4_|K`jNyjox0O^bUXDk9PnalO@>K-zDef|JJLJ7*T z-MSyjwG92Cb8oZ*8QWL8T(QQ)qFZd4U>H0#S0Q9Qe(DLMq>bU~`v&+|Xr0N+#=i4I z{{;NN>;J4>vj2hAOg}KrM6Or%pI+NBb>-!Zs$leh0}}Z_a6f+lwxH5Ns}^B&!^-Y^ zxD=+i7y7Wr@9AlyVob>_;W*G@P6aggs%x)d^Q9as*q2_EUPg0PQ|JOoIU) z>z6Rf?l=PI_zB}tv_=?eqIJQ!LIp)ce#cBcZGH~?_OpSK#qOQbW(OH=oOE&b8)u-K z!K#tTPbRV(ORs#Y>_5XnrXC#V=t*6#cB+RuX5Ifrk+Fw8IR^fGo6Vm?@N@pxHlY8d zNH;byHE^;1XETtC3^!aq0nDZkR4joACx4NwjonO_;GlRJfxLCd)-R6y)w>k4cOM)} z*_9=cAa#2QQng;QT)P-ZeVkUOLil4;+ybV*++0VSo+Ue)DEG0e(E6bzers=cLS_*L z=1@AvTLLP0+ei7FD8awdeWZe;KcHkdG^>*(o95Hi7J2onf?@ylau>(qh@E~emK^-Q zUGD$E=z~h*KbMQpc}%T(xF@MVvJUo0BDaXqynRQ*al^r zTDpHx)BIDO+OT&Y&Kb}xO{$~|lzxoM+D&>6_?vrdJwC%n;pA-}|M46jZr!1x(}eSYV)y#fz5G zvMmdCGt?_DG$IgMaD=A(ABLs9Y95MKX%TrR3FS^)y&>%L@VSGzey#d4uZ+F4WU8QU zCZ^D}-j)K|JeCfiKgn2z=JSCIIbG<5;gjGs@}Ga6F5qT%>8;i8KCWWreV>i28fSI> z*-q)Q`<`lg$=&q%w^$^d9je;@sjF@v|NH;V$il|pAFAv}@$(}nL+CoE1{>{lBp8v+ zbY_fG$^hbZ7TC`T_?suQW=a%J73ypN^7#x`w%B~ZA@1>KV0DWICq~+-2-co4ky0w4 zP1WKNxIWLva^9LO8qu6;FRi-L}i1F z2tv}67y_pEQh-4UBcENK2!h(^Qvsl{`}55cTFu@O4_=OFE#$WLC2ach>F9Fsu;Us3 z7u^2QJR)8AB=wFV+(t2H2t|Sih~*nX@9OG)?wp?%1?p<)P3ULFPM7oCA9Uhw#pa_K zAc@AK{@U5?Qu2PrSIWk=SDR5Wq`R@bUg+weslw^z zE+63jjo+(ObIj9)?-Kg1FBl^+<|`egRq@$kJY{WY&rO_F{?=3T8N|5xXimMw6B$pz8fIo%8|k!cGHEUMtWJnBL$T!mK0!xR&?q2=X+> zs}An<=|gJZbN;r|_kAn1K*ky5a8UGF+gqWNHj~vAs)eZuk{JjiFMF;Em8)b})SQYu zgBhwWzxj9NWCB>Y;Q+typVPG#XU<|PdtUsMp#u&q7_>Q>%LN(QKvOgeUrAwV`L@! zC%Av|*}+eckp9Pn{8LKl{Vy(PP+{_)H>>-Za)P5UvD`&`pD7$U0DXl7&M&{xWtl%C zX=Qe0JyF?+cFlj^JAD7;y>8xpS)eupGhD!}>mFu3jgP92h8vY42aIoIwNk?Gw!2h& zxq><2Hj@F%RJpnGxbo{3EMTi3@5zg6rkkJwrPy2 zAZ%xFb$Xx8(x%V0^uTQQl`9Z~m5tyKFFmSSek^N-1r&jL8Z@s;&WDo6@dizCSa8gr z9w^8KCX{W;)fo_OOmvyuFejU)aF^|38tk_l+pHXQvdf95MOHaDIPzj6x}=pmYCZs? z)hq_Pltl({^w+V=2?d?hek>_-k{r}1(P1igkw?^p z=2|MxH@GGgUQxc}d8nDmp4$NA?|(~Ad)YX?0Y7rrxu1geze5GapX6ktV&%3bitt&j z$A}mWsC5De1nfE|7?Id&vA1O5rJ2$msm|XVck?R%_w4KGiUwn8c$V`5&dJPFtierG zNtcHIuq;VhTpWEoKi`kVn0;d#U1GfZ3=^?2@0;C@^V zzb1iG$`%8j!MwImP`KMc5J4A^K6QL*2Jo|0G#I=ObW!34C+dgJb-zU0w@MLLFLH!K zq**bXXkEu`Pjd47E;Yr}s?}~U2(4Oo#gAe0qOGOjFD z7}5_tR}6P&I|BU_I5?fdxKFQp(o44mcube+Ph6Ke3;UdCL1@g$@ZR7E{TSNY+nTeTJ1^?M^>qM}w zB)b~v<-8zi4-dxdMd$FKj-BsWV=Xy70?pc2lNtl9fJl*Pf%rwb;>~fFCy%sJCD}6* zbqGnu2k1PzdR@ut@c6>M9Z{KwtRNt$>c$YV(udrn9ud*JUEp3{!)&Y#XNx+C@OYuW z)}`t4^=~2|yvMy#=AY<=_!+PK&pKxdTVoU3f3R%RPaCd)0ipYzTJ!;6RuKhauA1nu zR0KQ4hiG_(=l_P8i51E0WAYbw|AVVWGiCK|~ba<_4zd4;7mn zjE$#MebH4ny8z&AnBn(yNLXPYp-~_Bkk|)v z4Vm}=izeDHpyz}|>FkWp&R)EzD?JZ`UFN|IrQ(J|<N4uGsF5^DY zdq*e#c_^FY`M3F65S3nOxT4|9RrF5;9#tB~EFPnwj5DH~vvWt*q`Utt4yMh55j?Rj zZda@J;hd}(?EyRi_}M&bgJAG$lDjZ|iZijso#I=4RAls>aF90+bm`ixO`eLKJny*yf#e!2F z@|VztFL-WeAo%eu#^X7WGjs+sl0t`UqwMramf;QKAarY2M^8rIb+lw1_?s<5rAruy zuYfLO1kYY9Kss@@GZzjwIY?=eAQ1+#m32bgXf`~{k|*S7+ImwE2RhUUp;G#}X{6;z zyQFYkpV7kQV)uF5zTH*&=llET^&I!f(7w^7J9m1(@=}p%xFQzqrRK1O>-=m5NGRxf z*4rENnFRjZnM+!9w>4Rur|1r@&X?2OQ)*DVyeM! z@G3n5l_88uk-DT3Idgh$-u0>L4i`*HO8QYB-5yaVY8b&LwutMWACtaV( z?1HV2sJfC9#id8=4{-XKwSU7ZpLL4jvp?Dj=O4Ayf1V>XcCoSliMGif(s#cZ>GyMu zeiM8GP?Zt)sOvI6T-^K*iSF5NG1c#HRGK8bZfPumN=Y8F`~BOr^nI}|8w}Nzcr0st zIDOY%R8zP&W1yQFWIv$woFNRv!|xV8si7ChjPv8Hj?ZHU{!$-zF6+V#vF+>bOD)jd zzlUXz%^0k1C-;2bJo6Xy6VcqR-FF98VP&wiAZPEpzP?wI(_OSMa^Ic4W&f-u%L0ac1p@!k#WQ?3ayJXpDeC7~{sA3$KK7yo!s zljemr4V5BeTZl|A#unbZL{t@N!xd+S)D^3RATmT=CTETU2;>oF{P+~*ojL+lk)cPj zK*~p#54GadtX^%0lO=5a4Rk$`bN*({!l&_9w&*Nr#VZb|Kw5SYNgHcj$9j^yxk{@a z)q1j*n0aze8B>M|iv?SSU{nelUW^~Wm%I4Tdf3>|O66}=Hh()H1)94ZxkP92TitOJ z^1&-~ZIp93*vA=`wrvkJP)g)S|+Iu1uwg=69pB+lTb%yZ~EH@x^ zhqV;SF79BVmG(TOi9R;{f1+@Dl9Gpj>54=nmrX(9&s&>k*gVG%U=*hOjW@Dz%(65| zcLNN=FvMxvK?0{wiSt%rObX3Cl~xUwT{`T5xkLEc46YjMk?$2U$rF=1X*05+a#o|B zj`bytqn_;|t(!3?rv+HoqmCap(!{HC6?k~8fur<^ekd-o}b%!Br`ZjmZib-I7 zJu=61W;S+dBURiY2J)oC<5U%Iz~t_hyVjf*3!*|jt8wAAQ-_nMV)CK(Lli~EArx$+ z$bh-&y}=6ggR@y@$vNkqKsUYMd+lwY-?Ua-H#N|lRh=xOko?u12n3;{Sm_IyMJHcO zM?CZg<6#u5urHevge!wDrCNOuEnbv7k={40Ux4ly5Ca*7q!3Yuxp!wq1GEmj6A3bD zRV!d*o1?G=ukhyZOIRDl9#PBIGw8Uq@L988q{hOv?g!dachBoHd9(nzlL z&oPjsmDYb9O4)U9{@o!z_9zeuo~U=-v-L#meS7$Y2v@BEY8)3p4BTU zDLgnx4WuWD%1v;``DrMnO@dl=^huDB9hZi@!CARBvg z<%y6ONVxNEVZ>qAc8ib*0!-)VQ>Ejfo^q% z*k5q*BQ4=wkRTwj#$sL5b8q-HrmeL;6A?~SB1!bBe8fdKDKl6X+l$BnaahBU5}gi+ z%7#&T|JG?XASdJADoS`q(BC`06RI?-X_O<(*2+cmk5CD>3mag7WiuIxM4g)~eUShk zva`_J%Q5koSs`)vP?j>Z(_){Gr6JKnh3fZlr8|ev@<-Xw~`!!$-K1esZ5Y7Hx#f{cN=MUmq>GV z=kbwp@AmzL?t&u;wod6d-`itc&=)J|X6}Nz%3C9KE+Z2zC3~DmzVOuWtLxr&keMVc zx5#t31S?{6v|H;FE*vQXDd-AAT({8`#9s&$lwDJEG5+p&7@f_-`xWN9tSYN^q`GC1 zqI0;$@vZ7(O?l&3oy47cn9T+Mjs^+$#(GZ%@$b?G!*!bN`rJajn2I!Bd^yihBH~L+ z7pJUV=;yLq-S{_^USvxrdSd=*)0!LIQapjjX@l^oj@SA54W_W$6DCU;CTO|2$t|X@W5+d8 zWTYX9j>|Msy11>eYVH)iO`2zwFiU%h&m#sVQXjk;m77b~NyF{hF4|O9_mg#_m8haJ zx3}--I>>8fp0RQkw7Dr>d<85Yi77$)&pM`Vuk#unHmNl|sxo*(Da_eP+pZeF&o%lj zBH$0(WY4pc&$&Jx@m{NKlYLvqzN+Q{kHh3S=wQ{lQ}ASej1EUJTc`zNCfl=bwSet4 z!Q7WG-meTE=vvDOSzrDQ3t^ZBmh%2+cNl(*0tx>!Z)0y_V(eo7kA7!S&BpGG4drX9 zrnVIy31b|p@eEh7s3}--J=CjY^QxbWWL!e_Z>m1=`X6VN@AsJS#5n#AHn)t%uo3#K z`(!~%=^+1N~n9QZv_7l?pY~VF#q)7QFs86qp zZ6?@cvSv!}Ma2WC#a4Mh#8Hd|zkwYtE<-^-ODd3fZ9Db0g&N-|aFS$0fysR^Fp>*r zE=CgLQIh3>0lny5uR+EE$ za!iPv($vp+E2h9>*UU{bz;o9%c-GSrE1~3G7fPbIVLRIs7>DT2aAD7&GPTy8u&1A{ z7|ZgG_$c|mpHn7W!Gey&YjjdgADy+^SIO>}i-5 zzt7x7o;VZmbsZczT1eU9QPYuSvaJ~SRroRWXq1?LV||YFPyCgp)Btrtbh70j5E|~o zj)u_4vYS9!Y0QtiYoVFULu8<<3efBJ{z|&{>)^*Gb~-G5^6DZ;bp-gC_?J8I7;D)G z30nUHy<)p;Rr2!Sop*8vn%L1D=>}lxqO?`j)pAVWZn~!xIEej?IDgjW zRUfu!Vog~w{j&Lb<;u0Kv&TL3?9H|fE4H#V<>tn>$J0GOZp&Mta13N(TYcOSyRx;* z-7cJcj&uA5!)WuJzs{}OljZK4XXM^JunK0zrQ=UIvBJ;F90|zm0nbL0|V*L zAmFHIvnW}szY8hWN)XSRN|nXs`y2jT0mK_RgCRgP?hIbKZ2~V;0JZ29F-W3+nWpOS zPt$f8+Xygj)pP zxTD*QJXm1SN2hI^iR|?1N2;UJcb{T4Wv3j_#UAHJdKEY-cUJww4%6EO4@p)s zBd;eOHE#*?qU71CS*+jb4Wi#lX4$0`G9{ny!#VorM`dcQ!#SSJ$CY2V2sU1j3<@Q}Te;zKl9_ruU z@D00}b#?*me+J9;e$Ibq zEt!83k4zk+-H+XBu-kWp5=MeJ1zx+znX*fsP^7Y}aRM|XiR;a3a(Tq}7I&gx*Gl*E z*6Y2?mJGrr0+6DgK}I%w?f!ivp|T|YW=7XOR{ z{e0RkjdQ0=4utQk9zmfJ;2b3I9;9LBHtd$;C(l%|5}D&)B$%RLtEvHr0z`z5FTOpf z@YuDzvgaZ2ezR9{?+LDI#mup4-0Pz zlmK`9U2SQ;Z(KNEk=@zwQ&TgmH)obFsIXJrAH3=`!@pp-9~M3Pir3qKfFj|kQxGzse4oy=I>EN)%Usll0()7VPa ztMDMpVq2+o67fPC($>0UPZ{yymZ#zyt$S~`{F{w?dI)pTwtp)4YY{X(9@ri+=Ri*K zmxC#!2Y_1@C}LJj1_Ay@TpX9>ARkF(%-StHWL1Hz&U6`#7#>l*tu)#3{H#JBu+!N| z>+cRFadG5$v6rFqjzI+DW>)ANE_b$iMyPiR5FWeWfeYv9(w&$gdLIh(uut?R;b4M^ zC53qH`*PvbL(JO6MBTPvNrec|gpK6XaEfbOU zP&sY-bd+FT zm-0Ds`t@Qo6izKr$iafLL?ZF`)n_j@4oPN1J$*i~7jd7}(d$1{MMceA3}=eP@IyF+ zcWSDQy4{R2M2)XI1vobH5E)$j<@g`B)-y9W%45LYP&ULgE?>p>#`$%T7m{1Msdsud zktov(Wb5t~@{Ifozve{);#G7g{1mCv_E(pZ)d|Z!Rc`o&Pyz^p!zdP)op<&>i`|fn zjnxEbjWzCqt(tnqtD2n61V=<3F*rh%SrZdZB95c1wCQ=BYrCR=CVG)2!z+Mk(p;|=;VS7mtC_Y!6TQIb^c5c#9> zNojRmsPWmjpTTBH0iY}oJbm!vSqc=Q$wmS5dM#>D_!{wNnTOSA^_8amz~ z_yI%cx$(Lj#wQDb2rx2AhO{s^+Vp!xeC;VhGv^ThxR6xAv4QYZNeiX6doHBpcJv!Q7ZogVfsbH;4O1UABa?3PE(=~eu z>wiB_AZDWS>NBb#sHt)RCehgxtfxFDp8RHsxRUX>j!xE8Wk5dT(U15pvFz;OVeirN zx#&G8u>KR5ckRqlK>E#RLD_ksr0AE`f4H!7mn5s#&6)t*Q<$;7_bSazZ8k3b^lwE1 z+#Hxl)6XNV|1)7q_8*IcpTU0{JtsRyXFV$ukAGejWvPFr|GS^ngm>dq%b)c3Si^w@ zaWKSMWt0wGPM2tPBolyuFMEu@*;b%2kc7*#rpvOYzcx%o(JM2KrX z>%a)C!5_Y;47F9;Wj%qD(_*y38>&QAkgW{pG|US{`Jm}No+D<|nmmssydp>DF10i| zfLj@9n`=IQG`JE~=}9@u|GLF~>zu5rDy(9c)8qzgj%}_R#(1oI8Zwmqz3pcT5A6&3 zuPP<~^Cls@pU#x=4_p4Dlm7q8tp1m$Qnc#-asRT%g&I#QapAS*ughviqo{QmoYO*t zD5ova#2rOAWczw9_(0{B2*m=lj?WkG7E`3m+Vn#ZxwI+?0_ZBMyeGh)Noi8c*AnY$ zWn1$K-p9hm`9&+Lkd%ysXnS$EL>;)6!M)a5*`#L8a9BXm7Uq|ujk;smFP|&|C2OGb zri+@>i`*skh+c)s%8iJ=RlQt>hyTw9Wea> z9>oEI-@}s6c7CYO4!zScz>5;l7;PHC4;YJ7^c;h@MLD3N#M;MgQJa**kG6)wmZKhY ze9+uxL(l>xbI}{;g%RKjjy^its*$V&PK&_!>y#>}-q&3IUSM<&5iSOerLS1(Nhb>d zjF33}m`j*K3Nb-61n_P!npJ3P_>?!!(S#|J`Z)#ZgRgr(hJxHPjHPFK{x)C@C?}0D>_k+BAHk% zSbdQj$nN8Hx`dvd4NymZB36fr0j{+*UW^g9@*MF?k(j*H6T;qr=C~a`*|$LhuHpgt z>5Qk#eKMU&3+K@X@@M1dVoHa+T=pqVZnyGSw^*G2#F@y69{EwN4M2(~CX&T%jCw2%aL+G(5pbSlrl)Frel;d=7(>#Z5<}cXh`!1E z4VGcZa1?cyA^6n8Mr*)au|Y~-86hWqi!dCej%HIGs$*OUEinJVAAH9j&DitlCnwoX zd=gH{7ciPm_Dh-sT;8?T^gU);8uGzrACg z`S~br&8>~p*-jRZ94mO4m!7*jI?B4JUn2)hvQ41sO2_^5P!M_ZO;WEe2Z0O;1z!XQ z8fGQY?~`_mwL;9-BbLCD?=NVAKe2qzGrp*Uo(stne%-=Np5Xs$Tp@5_?~(i{We9)b z>OXgU|F5y$rb^vEYO>8oRB-wvfWEM7Suie?=v27T8CwZL`8i5`!T9nRpbN0qXFQYD z2y1r7P&nGuf`MT-x9jkvYRhH!JX(oTmoIAuDr_|YtEOjhya%|O=;K^e1C&Slu!3H4 zM>G_Hu#V{dcaN)bO_fk3igOnBOUf=D~c_0aaF_{irSz!KGJRT_q1R8 zDT**NX){T@bpTEK=68SvZXmDK@qrHR9X|G!gJ*^#gK{fV92HAFFAwlY-sTi$+1oaX zoRiRy+qW?THmCXhp?!*4o}bBa_PBsJ9MioJ8$I@~p@P0$_oBk2b}?LwcgU&Aq@)^K zg)$|Q7#h+(+aaaPal4z|%yM>i0Cc@RTdV`lekm(v`Oui!B=}zJ)qmQ=Z|ni;=Vh*i zujtS%ML%yTSAC!W6iVX&3LXcJ>j$ZIMe)NahF1Y_6wlZD*FV^pgqauMPvR#0(JM0i z|0VAK+1UL5?u0NjaQfNb{Lf;MpA{oU78XBm_oRxAQzAdY56jo8NSr55D8U+CrOEvX zT9xaF2+u*o%HN5;4mY%YwIzUM9?`@#H3Bodb$4-paY-Zf zi!cjIbbseYdqzqZ4Ucw@>Cc3?ivBo$>TALVlW>TGqqnPPNX*Oxzy0dmTK~!b6B*?o z6A@x130Ina`cU}Y0Az1Mu~9(HC*%er9Yg<~(v8va=2c?vkAt)|x%bzeIa`hDww_$w zp{G}<-IgX@y>y;xYB=_nXr6*O$&W=Jh!{o*1`Gdz0qVTt#v^C#L*OpN`0dxYnz}5U zI7m69OtNOy!UGre1_8Etpv_;{_K=p-{d$B-ZF`xzE$0XBM~ft`5{m-rhA27Q-Qy}9J)5APd zOkTWyvdUz^+~ctHckjq5!Id$3wW^5)^MyEc3SqT%EYE|vO4$vq&OAOpVrC~vzBYyH zQBV(kh?mZbRzNBu6$mwMQ^C&{Ewj%76=z%&@W;sx8wogrzXjpvpoKso`epb>IEmB5cvC&?@fSR-i6% z{!qz>NH$|tUs!^058vtMA{*F&+bVXM)JW~S!ks%adn*TU^#Cf3_LehY+k5@Rfrg#g z{EK&KE9dmmG*2R3uWs#9m&d8*>$Oe=4W;J;06g0~paS_++f0w4VkhdEnv&3Ks%=+q zcQ)D0yxqtc*Yw5`|C+F_sUanhHb(X#X!kP9nYeKJ8{iVlAx$8;jAepy%`N_?7l0E8 zIU0cKS2PdoRd`W>RJl9m7?u04;gpf7RYUXxfRlehiu^x@laaZJk(Hj2g`<&+wSnVL z6jdcmTLv*83|)IfY_J8muNd{t&;8=p@I;Ka#<6JDAWk3slho~n{H;>?R9i)m?mfZ& zYQhxVz<#AA10t@y&2=7@E99L3VZC9b4y!%etW6Y4ZN$pL^D&2A&f=el4&0|(Jqo

%_m+v|(PTYa)#q&XM#R^wD)r)`K`Z4GufH&ephWAx(Z!GoGJeGHuq3a*y--MH^~R z0BB@$<@#wVaC6HW?E)C zMs_+TI%5kbXIcweQ#*QT2_X?#B@sGjcjqq6b;tD)M4w?b=`yM&L)1ZaFPZveaLs&c zV-rQfGM5hy5U@RKei$_1up{(CzB?1nP3Ayo35`q{6>YlA0h8jI61nG@GoADby-LcU zW+EHo-^u5~sH#PM8I@b(k}|^D^E$6IE_Cc|NHX!|k_%d-mMWLl#!O##gu2k*PwE)Y ze_7(o)=q^tR3yW_+|+m~#w;&h9}hf%7}o6{vk|+`mJGx&}q5Ya&~j5ppcUy2x@5H@`Frn0#+9k(c9evj3L?j5*1{|z)E&@mBp=O z@=2GF%OtQ8R?1RNwKW_hz*-^7^`hJpl}B-0qfT_KlDk5ZGc=XQ`XC^y7@vm7F#9gG zuN$}hbE^mFmgIjRC4Q z9H6H!m`GhDflFJ$jWsKFleRZB8eCT8Kw9k>;xfjt*DsNhX9%e2qlkQknuZa|iK0*R z3c~Re>_-}PbW?4?WrXF({y6fkx{oavs)A3^XZcF#5JNnUXYyqFURwRPSk3e@gYV(Q ztcX_U&&+k28&!O=smzEq1O1M-PTt%dsOa;k-Fi`j!|tEIZ(Gsa4LP%G_`(OX)28^s zbN5~^)hE7gYqP3U4eO%z;NhQdVV3t^CqMUXcznsX_PSnyW^ss%>rOlg&4qfDd9-E? z@lD4wpI^9qu(yZL<@QhLbf+yQI|db{2m77dV(jp)OQddZTD{dPO;^6q#;5jQH<3Cf zeoY)%5e(rh4_ugeBUU`mzk97wW&9F+BON8TMT5^xx$Stiy8Z3o%iTZN!Yt0_d~N!%1XMvo>^UJp{;NB8mUPW7qKEz5ospc?7VZ8KNpE<@vCUTR z6Qjn|h*4*VnrURy@zww*p7VAn0KM1iK3ywVnidSNm-yk+fz=8frKRDNcS&=0ywK1c zW6K-xjV#F1hl2C z=-kWwhjmzowfLUd^POS%X3yU5dr2LXZyj@#Fuy(02!d1eYQxZis0}gg{{-Q6io=Cv zYfH&Wne>2iiFCnhU~^s}FHr9y%PpQ*pu4_LGp_kYdg99WSf9hAYD#?gM7o{=jtYy9 z?n;W9{4KMu6`kN~7-7WG)va-Z0^i&oLK6d$Qn-#z)T$bljM!@pA&kw!A~lY13zF>` z$KaxlE_QY#wKxipa$z~E1@yS$7?p{`+por$Hs@RD(HIBKFqe2!hzI02P}fYhb#lk$ zL57@h3>qHyNa&*|F$~HBEYV2m`6v)XmJhKZjqpw}-X%xzJGMsFvAwK;J!*}v)Wa+! zh49}v2$`EE;iHAOdnD#Lg(;3%6Lc=*@$@jhUccMdjEDEbTCiSuJuOFMRi4p$oq>?;6cr%SxP|9zngS2$E;d$F zwLOC&xQw~ChoI&mGoD;;@W@(UMC0^y`Yl;4DMuck>islnP2?=3aK2G|m0Zd*hJV>@r-FL>nFHcz_hku0lodVZ&F$JWgnGpBLZeu!;sXq;Cpg`D`U%)Z9 z>igFN8CQ2YrKBexsqx>^c($F?({)mR z|I<<^NTi_P3N!L`_`^jy6*4zu!Mb-0eZvg2jWUzosSDE$oe3#vMIWRk#ud=FS^Y}W zWne!+Tq2#{qqOm&%MHh*qw_%h(8$I?Nr#1(Nv?_9GacT|o^6c_^1E(5v%V@H(RyaM zh5vSPqg8Ouzvz8n;j~kP&CJJOOFSo88*GFwxc8hYdO}SNoSJ-yql(Y1J#x zrUb3MA{i07-k^HL7ok=N9uq;jpsP<{rW>%d!AkQ=@Gk{1O5Z^2W!Z{7SZGcYGkmw* zlr)ma$n8vhY$@QaM(33)9dcuHwry8HI~qiXOxJFMr-c}{*5XQobhgrvytxz3j>Rj6 z2Q6JYJ4b(lpU8H8QFPVSg=LMSl+CIu?1Zwxotvss8B?6-Yc&-b(KH%hFc*Z>rC{i< z_;JQSH=Fk{vX2Z@E;4HaUTn!i z%Jq#4S@K_a5hA*%;Yxp2r4lC}g$h-W(Jyl*Dn(d9ZRe+cpm4-Jma=*R&z^ri@3dA; zFR2BI;^w-M9sZ`&J(2z)imnp$lSp~K6a|ql6C$nC6&7!a3kBJ9j4S#0GfJDLNPO)Xgw(V-r>!fE~R2zcZtgeBk>U47miUCyZ5o z@c5?WW2#rUW3Bgl&AhYyxCKWosTxqe8RVQIs@g$aNNr5x=gYV5dy=oRqU4AxqFT9LY|Bt$@OmKOU3$F3RG&uE&PG{G zgN2demFCLB$y`}lxAW);JWe)02AW+#v3q+q5sFkti{`RYtr1s>n`KI4)o97#>%&Bh z9?uyr;iL9%MMA5%B!jZ%7nAvv80n;od+t0Kz3wORzSu8NkIp(DF;l)W_l#+a`7 zrMs#)T#F7U_*CS3La~##?5IA@kj*np7OoX|vnRrwNuZd;~@1^06TplMn`lFhygS zBunuOkZfc3o;tzEU+#9jQ*Y$_TwgfXT|k^QD~lc~*_+@>YF#M)Xm*v_7OvG1YP@2; zm9828l#0l4W%DqeWy@d#HG!JndwRV57=)_>n#C2}_~O!Ap<)!5-w} z9si|vE#XbvjSX9(a!Wh1>@DbCh_+Y>9~dGTn!%a!N~(Is`b~!pqwfS8?5l$-Dg67E zJh56)@`hGfE{V$JE>$MUWicZ}itZRZ)(MF04@DYj-y~TncQUC*)r8=;rq---I}hWe zMD8=2=WI8$B$Vp3NDoSi)HM)OS<@9sUm;+L4D5Dpu!qy98dMvo?}F z6<*r)bj-hI#C}lR{SG!ASsmUFI<%SX^V2BrPbO@NIs+*K^U@alxtntB6fhZRovxN2 z;GfGp>FhYhfcL2ncn5mHw!ML79GyX^fRUuVGb&hcYDa?~Mv%hsaE{;I_zH7f8#bv^ zlcL?KfroHwDBo^d-8FLu6=H@Yqen)Z{opM8Wf^oE<=xd)@Fo0qRfkrh~8kYayMt1B7C-q zD25aliGS2W7jVI>do9P$$>V_QNoNIebwYtoMr z!!$ANE5tI(Jbr^pr*lTerR;>nmB`rri(f8#Of)|c^4e*0^`DHF?^i)a-=}Dwt6L71 z^4j-nA&QfWV@>U8gQnLSZo)%ofWCMyhUw^^HT`V1vCCQ5rc2tZ6DnW9DXoQ;;s%{n zAn++)A~)}D3ET|rT0Zk!OXhsR(eX{~7ir(z z%rDT@P9@P5tY_5*=Mt}UP+##fri6Yid#>@MNR;SZjcQxta!UeUHTmGxVy3uvR^>sL z(jlQBDu@x9#>0vYS6~VM-Y}zRd1|Tj2+Xvhnd7>LU$(eWjAga^Azz_j7W8v zc)psigASS%yBDabz(`^VsjI2!cpp(RPQ54Y#gS3@jo9~Mj8AxBD4U*Y>Aj+_JBSmI zd0SN{6sa(s_VvcE4J(BG+9=RFLDADh%JsRd>)8g2;a%;c@JMhq6Pi@9FjV%=U9Vst&zx2!W1;r%!~6@17|hy#CNf_ z_arfPln||6#BH)kDq)A_^p!;1eq8{iV5#&;MZO_559>~fIC3N8=s{4TgX1nVY_L$^ z!uxwsLxbUmXpb5w$UrAN@c|wYMz#a%TxJlb8(x@euI`(i{jW~Z9eB7T+*@RvAr>|S zdh=-`)%COUOM=LJeW(dP>Tk#PJ}#e_I(t`I8d#cOX8lBVgYnX`IzH$)h-)=)H2sL=ov;@2J#PRC~&%i?6*|MKkvacr6nZf5eB6n_YWh< zG0+b54OXZykFhN}D)!4U$kKN+m8(e0cGEM4F~Jrp4>1q1aSpSMtityUG7X>5Pax4S z$o6;3gMUY^?~%e9yo`LciZmlL=jeU3T2O7+^8}vP&-1V(VS-@}v9O;VKBKC^YA0xa zgRW*G9l;X3eoq}z-vmmv?LMFv(ln~=uoYa<$P1P7Vc)Yc*vC~SjP3i)c?pH`Q#NSBJYJ#1dgesz6G?3*i2`66_?Tb>5W^K^Hb zVBtf2p0ncx7eTS}n_=4LRG)i;*~*KyEN`q`=v)g5x+{{pW#`WGWAg_$sXl8D>F89G z-gG)xsT;6eKR;R$aM0b1d#vO5En{M4$mI(y=}i`afvY35P=Zrh|A=#r-r7;_&|{FB zfG6e#aXwYfg0q6Aeu356@wsDnq?(Il?SK!5UQr1=_i_oXFr46L{rQn|F}=wVKbiPg zYflGdIjeCU7GIwYhDnfBjf?Y2?oncSMEYo4X(XffQl>~a^gVYYw{i0QI62<4JkcS- zK1pU8H+we|G+VEl+U%oJHV=f+-I!IBlvJGZRY@#oi)1$(#Q~-TL0(^o?~$>Ob7qhl z681X8E{uept#p>OuUW>&p==`i0RegS8{?a&sS3sw5G$#QBPlTHy z8Vmzx$9SVT?-lJdZ%E?0ShBCw$6Y&Yb*7FlxYN4#cXv*KcX6GfefhnPXVl_xF_ta%Gm6w^s~Xd$S?D&LC@62+ zY`N@&%NU9(V4!0oNxzvYq#)JhWD@5>Ku^2q?pKAWs<_g&)13DORTM@Z(F$;E%bD)I zv>`LB_W&txHBl3t*F(0lnehwB@9M%*xc3a$Z=iI1h1}JXQb}B`;mdD;p#SDbm>vO1 zPG!e4i%o9((hv&ieW;4)>&elZ(CWqovMh>>(6T9fwIfMv0qy7#qq%R$@QX5{&TCL* z138%;0lu8L)%c70xQjM^Ejmj34s{HchS_~4av+2gS}Ra8H-$(u?6OG?`$XU#E;P^N z3`jh5HvEBHa7m5|&I`k@&E{0XxU_FPVZ903AU_$oYIJ&scdS-~(p6tcy90ju@$R;S#iMn$Ey zRC|FXp1OoAJf+nMlc-}#%YYhXXGBo7n5Y_oAk?NobB=+S>c&blc~NG=%T9{1(obIn zM@FApH~6N1@yqH8YoF|&l;sWe90c1C8y-C*y;&18C7tKn+uxTpkTa~SJbdL6P!3m0fdpDWqvKrq|M8(>D@Sho_9rGpGwlurHT;#up3H5L6y_(3EZs;SM1 zSaw!=l2WOWRSphIJ3obB{iT|PH_F$y2lK@Ww8jMixCun!s9AV<4n+r5>~A&gp6~5U zkyy^4ld+z=f`&MF`*5(j{o22-oCMj6EXdm8*_f;Ob&yTE!DUIQb1nwI&t~q?E}e`y zMBkLA6^zMLE)&=z%ZEg_F_tVS*AJv&;cU^upt(tR)`!VHgEajdxR)t~gW#O-ZeMVi znG#mW_)zOZ@#6S9a;45EFr&pN0D(-A&Z)k1mYHIx> zmr6I#$IvCyPdhLOmb>^p3I3ep$*wK3m(b`aBR9+_ z^;l?T<5?GUYVHjkW&H2~%u3gDJ`*&>geZp385Wq7j|9iEW1S>_cAYBjt^ z)PguMk7~hKb61$hcub{OeoCL=DPcvi2@qHU@32>VpLkPmh^Un$FIxv8U@atA%@M1CdpninUjZr?p1 zym)S8h}ADlPTTrn@r`dh|0--kPc|3B+roc68|2 zz;06S$5e`tM11+wj=iZ+qfc+Cl|diBO)TKxbj8NT_Qal-C-1SdS*;t#o2mErZo;n3 zDn42ES)par#JPHDZR(JZo8{t0olWx_Jb&>%JRalA7fI}n>0qNKsjG07t$_C)5^@90 zhj`&aducH^B&W0>D@9DnP8_D$9P~U&-e^zh{#`CyBcbiX_~!zFQE821$2dTV3 z5W(2#!nA|pdAbp{CzuW`C*EdO7NX`7YTf;M z%=<9Yyeh(!0vc52L=bVwxo!s)DfZ#v4Rr!&){j}@u_pUVJ-FzzU9lVCqK-E+`mwvt zdts+*b6=H9OK3lkNFD1+rm3d14@@~*xjc`WnTa-?KR&!yG~!JjY|Ph0t6iC^y9fjE z>YQ6v6<59afLB_<#nH|!D3@=6qU>Y!eCJjA8Jq1{O`l})h5X}E;wk)USIS@?aW0Xx zww19@RbDuIYr5f#oZCUC*bc!SYIVv5B`lVE;c6e5k+4gGp4Ta0T)uQG!)a=)EF~tz zqLhVg!cL1JI-XF1UR)h21h1J$f)E4-c=`<|2s0tCK2Xf6qkaprLRcj`ndY6Us~e)s z#Gt=toGQmj$b0>q{1pKQ1Eec^R38j8$>fvN+-9`~# zR*17bBuJ_l1zVd)d=pD}B8^ErSKf4OWz8H0(u5~W)Qma%V}eQ;B9hBe2_Bs`LwK1u z4`c~g5=20f)b23SZ!cEu)rd=yB=%G|%`WvKv8>Y#pTU+-1g7&Cn%(b0JYai0JYh=} zHh3C&J*dMJzM-5wUP!s2o8PON*&0T*GM^pIdf_!QSx>~{P-7ojmlYO$bB@XKJu5#Y;+kZ|SNdxh zwIG};y~f>9&bjq9GMywYQX#?fFLj3`r&v*J*svVT313m$nr1(%R2Z$>H^cX$B+BW- z!W<{RnD@MQI^E0^*^I!oV0My?|Mp8OAv>2&gN_#K(F@E<%7+zZ2vMDfMWNNpbW}p? z{bOJiS1y&Y5}jokD(4_YA@{}x@)M3lnQmXF7Hv-lbx9?~1XwQiOYN5&K2|=y*P9D* z8wf(i*qA9Gwc_;qsOVJ@AM3UAC6{tPOZR0S8~1!TTanO-M;{Ve`M$c%#}F$4(#;VX zM)H6>D}l-}nGMfua9hc%le2Nb{5lJ|obV)}5DZy4J7RytP_|2jWD`VJ8>*B8OG<2O zJAL^08db}(-u|O(e*`mB#M&>8@d_g3Reh7V!>eUTvG&ECb$TJkF>GPLWpHZo)OLbQ2@nTNqYTO9fAxrtkREwrsXrES| z64k9axxPAQ9+@>3d(VA&5_z=)WhTR&*51EVK824WTe^fpG+qkuyNWjxN~zFamGhF zy8<%eNU2iafSW0+xq%bD@;l?FZ{@#DxNjiw>SOSPGl3`V=jr@2mR!FNiobEKT=75ZMl977QZomk!*Zs=V)l@^oOer5C^n>zr|Hr-HH2Y1`k95ZGmr5 z8xD7({xk^&vVeB8x2##Pz~e8ce2+{0d0P6d8vVS@$NGH0kVOrjKon4Y;T8o~ zb{FdJ#mzqt6WCCFiwmr{3-@EnezaEuLj(2@-?HW_?_%9{6a#6%4zgPsL)~38U_Tj< z32aWfWl}Z#3-dn~D!_J(ThfcBeop*Hn=^YOY3s`!83tMQp6ZX@b@m~t@fplOc z@-3aQ<1YF?>XLy_VBPIs&`Q6A&R?Pb%pLzyg$slNA0++-&Go~Z{BP(Vj}?J9;A6d8 z+|2*M{q>L!NCf7{Z;1CZ85RCNi3I;eq-SMd=44=D zFt%`Vrnj&)wfp~>iTYnN8J$g>oSpt(I?Vq>v@J&wK8hTDVIS)_7Y@Zpis!t6Z^hz zk49S{5>gINEmwh3#%SrMr&p)XZ0??(uZ~TV2VzGqI%T2^ktM+O^Xnd;T*`mHQYp*I z$|%PhSHh{ZI9!y+sL)PLwUhsbAFC#?|BVK|MRfd;%2lv7!Ce-u2rK)$QEmJOe1`Q_ zmGrJ~DXu3`vLk}EK|(rXVO4G+BwP^V6wKd5v4vkySQwl7k~ZlTUW( zP-9}AkHJl`dwr~-{7|+=K+PrNi1t+}Ml^HT@u&31&f}HljE- zC0K38#w~Q0yGwU1u2pUt+Dghgw6Y{!%#p)SOe}|#;?ot}#)vxOADHK;;a!pkEm({e z3CAXy$=JJK+gRK)A%60S(=UQpLthzvK3@4QF6W#0QL zetw+C_)bnnqnxQnVpE)sPDKa!CGCp$F?hD`u8qGnp%c(dvg;0R-j8vf z!!OfcQry#elTRB;V*>C7P!N8{Hj+oVg=YYxKMn*dIH6%sDp21uIQmz$OD* znIeQ=5e$l<>?BQlm_80KSTokIaW-o+9SW;3B9&bZ@tOSoDZ(ST)p;ERgOY|^_SbX- z7AN)xpZUdj-n+IW9|3x=mVw5y#LXlOS0+?GC5F0vN7dQ)*5hjnuu23NA1uIKe(b2{ zLSv^I>-JpuX(e6e<&F0sO7qK?+x;YPu z)p9}I<;SPJrfH^!T&%;hh?xLBsGPAb#yuXf*G!1}X3MeAPnV{D65VL|-Ap{=kyd@8 zH<6gD++)6dQ}CF&x;GPVNl%zto$};5!6LWC-H1=@QZFKv8!jI|oJJfUl2ZX)6G7>VwWVCmS8g!)KwYR!k)<^aG zZlN!w)@-w(PiviSUg?a6^<1D6C2rSGOtbBw?nknzn~3swuTVaOBny3=m8!2JlcdJ8@xEDA~d8`Kg2Nj-bFCzDA|#gsry1)*njKJ zQw}b(#wBMHkZSNgG~6Jsbre^e85V&>i9)k?kqJX~DDoj(C^4A8vXVw?upPWi=q`nT zLPnfIHA~XcY(`tu8IB=v?|Wf6T}DQ`kEOG6`daXn9~xUUj}K% zXh3lWgsabYpE3(;U;?G=iRmSbN{gP3)nuO4V_)nE2YYl7wHj#Y77k-cI|qtrCG!Xt z&y=kNa%+~tuA5Zrno`5WsBUn>qyMnNynu2H{cWnO0z&$U(knNHk%$ycg3YsI)LSgo ztV$`UL`&2FjN`JZ9%4o@#XglU?^!#8;&c3g?2H})B@sEUqDGHI3L}JFDCvLy^GzFw z+~Txq{DZwjN7!A;OIO5PhuM(omV;a5pBaVaa0D$_o&K8wOv91h01IR)751&I5;i&z z+9L&utszhU9#E=?Dtf~WOu7)xXdh#@`w^<$l3V8ir=+voIodJ^0Ka^PG%nT5Jcr4` z6;dgeKv6<~eMwuSJqV6AAZAgBL|DxPXVpK!AmGeo3x^FIaWgR&?~9CPL$yncM!`n2 z5)7I{HiXK8V!LGXTvX}ucR6-&gp7D7G(>UXk!MYP^0dhh*i#*J5{kJfDIVyJ9;XZ8 zf({@52RIEneM!g6lv4_y)P!u|?+;!rNE@h-Qm0t4KSMO2K0c+qh`-(;+!kpTJvU`@LsR!T8! zYK=G7%4%P;*`YcMXBU_%c)^MLiXx4vxlku|`xOHBthKSG3=%}t=u&0n;Km7{7HHro zQc%^QwwC#4nuITd3r_ZuDH@wt3@lCwG2#Q5g=@*hs6>rLHQHwo%E6MbOG9flxKYb4 zN|Vz*Xz+eu6||66_KT=%2!rql^T6-ZW<|cEC0byC*qFjcsK`9nSm}Z*zU)p$jgk|q zQ~E9pDI>W2iupZ&2m=_tQAEtDG?I^}8QkoEgu89E7N1O@T1Bte1UYBkl2FW>xoDCn z0VBwQ^mOrn#RFMM=+FC$^*nk4=Sk0B%a7+35F6m&0gFB>!iAd{LqzZ;c~>X|zt6O4Tof%tJmbBnrY6+5^uYJB&2BlTp0%w z2j=FIBq4!^Bq3l>f4icBY%fSI_VFpOurz-Um?=j_33Rz#Gv+11>Xudgbv9g7%I{P< z@*dddu~(GhIJ6H_HWw%eTdW2T^fod`wjva<&oTO!QJ4`~glk0w&bXPbx!^Aa)+3}tgmNK}J9F;?nztvMH~HAeHAFB; zCn>DlFbo*3Zb^nIELXok#*SzNJ@+mk^AE zBo@18875`Pco4cd#iV3sCk5#kF&n-SA3Mz$pAlCv9D;!n^z85_p4Es75D+X76YZ+u zXI=wZ$(dSNpKB!Y`TGn+Jo0$D$AiZMxE$u|%Jj48I0cK!zVvTjYO)Dj=|`@l!4-FP zUu0}dk4Z~*=7XCli-Dhin%-2G^E@$5aeNa=*#q=Cgq3Mh4G3$J-h_4SF0#YN$;4yj zXT6*t`?<5;=U`v^1eo1Evh52b&UVMKyv6E~=D1GllKsTc1Sk2YLQyqqQ7b525gN>h zH!PG()|zG^&1M!H~ z)>^Q?Z78H1{3PCfb<#=@tpcITPT?6uj931NA}hbZg1QNX*^uE{WHp0?lW@xoyk}{9 z++_qy_X&}8K~^OwL1}v8Uv>-K(+<@Zq9S-v#$gNURGPrR=E+nU1D-1e+5Hg3nyv`c zf%FXm=m8Xn0It*>Y|Rh*rlA95beUgt0L1ppB2CYq5l>N3=yBI?nq_rM)D4=FnxG~q zp`vf@N;$arQk|eSE`-}zYaX#tX?NusJ@}Rcp7LTjcb9C%i*6*QWH#}_9$Y}VL#vH0 z5`l_$v@~*j@LNgBA$QDqDl&s8GGMS6Po$VyF!#t=s(vr(q?+<;rp~*vf_QT-pT_`y zmK?K)3v&lz-Ie`wxNGq%XIO7GL)6~GuP*+a;lopnK0(2}p07#Ufqb*U{H#MWin*fj zlTrrZzy>Z^^FT*oEfFUxzx%W7~h zS4dmddwr&l1_@H#P}zgImMo4OYGvWYmbPRVwW)WUC zuBr(-qn@6B1`v*Z$0^U???QhGNHj~k^Dv|LzPFfxUocr}2>Mp#Og$1UZZ)0tj1qED zoj=(PbT-kkv7Xi#pgzkTHydN`Bjtn6?{+6017 z?*R%ksT#!}eb41KJnijvWeRD&thx91s*t6?o`Fyx+05M-hBF;$At2;}Hs zm}g@{+E_R(48 z&B|Cs)}Mne80S3`TQUrOh&OhY-pz2QFX8gK*_p+8kq9Yi6lNR}pCpmbo5hFwlcX37 z>#A;EV}fPo)mVAc6u2zUx@5tF6RLria0P=%CDc+@36MLG?{$ilt^9sAQk{9hLz<2h zfWNXM-}pfV6L4nAar~QCpwm}u4@z%h?CmOFj$I_wk3B%B5rc2wdxdncDW* z@}}H-@p-e`*btOQi*9_^+jzA%8h(|XzQMS&*Y-U)CY2)>-TY#<%f`?-2(n*VXIY5UFg4KFstu}o<_R&vsb7gWB#;JNJx3zN~$#_WV)h> z67se#9=t&T+Q6l2?Fn$BxWMdD1H2+_;$A5bJ0bJ>7{v=qnNHoIHvZ;i|%Cm8VI=VUYSU zUAm`%wI&8^-*gqrR_*0S{0i}vAfF#FTx@=rk))W8R58#$dg^PzBHqngaTKr9R0G0D ztNV`Uf=zSBZ$3mITBSy{!wn>n|ETM%sct@IfwF6zjM|>(}yc7U14mS|F+R|>=V2J%bp(Mv2y9{T<6 z^5q54izGHY;cji}olC&EACW@}eTkFiX^6ZG=m_8pazi}J)Cv@60bF!D_0~J}!p!cE zLCY#La<%aNb(l~LQ;uyGiCrV&hU>D&@Z1^k)B|qpTF_H1uSb@zH;MV^vY$DW;gMhR zTte&%6tx^juWilId}IJ$Pn&x6{P{<)lMLaHV5f6V7iA7s(gGK(QZSunFs@w3A|V8{ zZ(ddHoQ98>Sl?y^T;Us7uhr2fP%bAvVm&Vm(q}t))yB*3!#~%uP7PBTvg@wonJ3F3vK6~$e;OS{AYUFufAZJ|JhQ$7T9YgK-HbN(%^#%oRg4uOb}D>VF_&AQuRZ_xwZqFJ zX&=wNcM<|$i%U&c$Uk-y0s_`~cW-5~;ajQDF%rENCz29o%^8O~(w3^7w4yO)l!rM_ zIbU{W;}hMVA(fdJXXRxT@7p8u{4NX>X}=IFmAWU;kSDmNjg&=08|HJ&iTnm$R|#oY zH~xv(fLZ=zynG(=^oBLZmm>-vj(d}M=$>zXtRl>`fJ1GS`P-mK=C_eKG(t57F9mPes{>nvnzzd+7p9p`8g&C1rUdn^1z zAxxCg>fc935rlii(bI@?^p1RM-w`7D{GYjQ$(|7&Sps1h(E4}wt_TVIodwoHLWI^C z8{8oNaxM!y&0XW@&2IZtOel_ypALPFnTuPVh|yq|`4nraU`LnMIJ%#FloEnmHA;gVJp2(hfjfL&v8iczk^gGTW{7|5Ul^&7--Bw z*48=O2<6KVfCNm2z6r(uAn+HiD{%p_Xc~1}6u6XwfV{=|&17xKJ--QI#)H!D-L7qp3ewWt2RAF$@@~NP!1IYQb9{-pvUbDS2 zee-+U(1TZ-ZYjX;{x^2vy0}rKesx}=#7MJ)mUCJBCtA(P^QGFoM%b%bjnnJovLr*d zl!;N*x$D{Mh9^;Zf__lIJn?b~!uGW7C$rm%P>>pa2yfFp1I|N);$K&Kq9)$)LTn*y&e2unH#fkXqMP9=Xd1@W3P(F0m!1=uXC|N?v^NSZOS}kNbHp1tQ(R( z3s9s=lmTynXgP}H0pbVq?wjrF!YP_08@DT~YaRacZ-$tKb-YTe@Ji~^ou%%YQsNPU z7X+o2NwxJW#CAJ0`RUlArG8xobWrrAZOb4YFOngG7s1zzE`QPR>9~@HIVpMOU0FV( z4uH*sL$0Nlz3)#6^R5~vdgL~GTy_)YhF>A`PfPGPtz(-ReR1g>#J|k^KDS=k#UL9G zI6ustPV|ZVYFmjXV{uKms#Ftf1M*Mpw!K=JCED?#kf{=o7;v~16vWYWY1ue~= zC)478jztqx!aVmY@_mF>sTI(gJabd6^3}^ZD^f523}0IiETM6!@?6MMEfcJg^Ha+i z%u}U&KC9p%)PCh|yl@&$jLUplAEtkX*fa`5A1cx_LFjTtJ=!Hi{pGNJveSnraB^kt zFO0FN=C0PidCS|~oinq0*van=ZSltEwO(~?rkqBJ-0j}L$jNo06(wT( z$iT3ue7D}dupc9gJnrdjLo8)o8K=;?KXclc+v?Ew4|VFI;=>~+22e7&`!7Fui7tDMC*Ui?>@r}vrAp4hj3 zM4w4%+*VFGJ>oy{w`-KluW)dqS1vL#`?|gX9?1K#^z2^lpRtWj_>#R4f1G2*P-iCh zd=?%&JL0OhiI!tGV)=JX-+q=QeS!Wz)u8`dq(LgNK{_J_1*vxf2Vwp1B8{Gty@`pj zi@g(rk-dkrxt%RND>uD67l$4P8@;uKt&2OonXLr2I2mGd{4cnaKcLbU%H^po#jqHV)TIGKDCKp9;l3Cl*ou0XoI($ajYWlI zRAl*B*b*S1*!k5jlM~#W?T80|e5a4^ho3##_;xokSdX(axSftBG!q#{n2}X!FajUS zgF7LE@4T3~qV}g#tH9Vae}(1;eDT5(MsWOs`C7owEDOy2slkAzH^(jT<5FjZFD0$$ zNzK7qLM!P%HgG1MQ$4)`J+$&W!`Nb}Gh%aL*T!PF} zxJhNnu$SJo$XlO(RtQM4^01T26&w5t3{t>pVuoC%%vNkU#+R|93S(-G(h&bAG8lkZ zEPARnAs*+~-;{etT^ttCk_+W$`ww0}YM{Fw%Fyn^@<;Q`LX9iffMlOOTC=12kIR`8#<3jlf zAmnWVPRg`#e8hrxo$PVm-LO5OI2w!etr*-=VXD>7|{6+&ey(|b{76xa2%5BU7B5e))ZpeV?P^R~` zfg4sl0YW?fI#__bY5FU>!C4-5=;s>~unP6$*eGPo1c71Ky;#=2oF2vOmNMf;tKf2f z^49Q2RawGv61D6*B;>rAS~9lEDqKxVAXq_ubJqd|MzRnY#zE{PEmeyK{k(LQHP-n` z7pV#6VQNFj{1_eG^$<6t=wgV5uz}{O2*}Yi{YVQ&YKkfb?2FSR=HWbis1~hhY(?M% z7=HdxN*b0bhBlm-))7eqL~IKN)^x~4_E}+IgA*-1x0+Q5ra{$Tee)0((}FJR7RV$A zqcGEvcmS=`c!Q*VgMRcsj?(Jp5wiZFF)3+}1_*=s7bkI9uRbMXS{#mIeVrE#D}&h} zwBDgglGc^?@sMU}Zf_l?bIsIP1vB9OSUoc2zoiwwK_b7I?7eTuqF@F%hL6sA8;- z(+S_kAM-`oh>14H{KLwcHEn{*OjAkHMjBF)J0dk1wM+m)W0VuJ$*5TZT0&D*G1h+k zy(KH6Pf@cK+=m~(*zm8{R@m;+Mj_DBP{X{SK&$tVjd#nb8C|2M&txt(G&Lz$WN9lb zlo5*vgpm150v&>H13F(plVc+sfMV5xG1U@m2%egtjkMpGol#Q^yu~c}_cDm;@)95E zsBK{3fqA`1YLfcPid8m9SVQDO1gweP#L*rhR{e8|JziZy6P8fX-*^Q=4GKy<1}$MU z=nn5YpZyY0 z(&thZIdt}`93eaSz)ukos$78PTjsv9dcy)n;IwB%iL%JeDuEtuAg7bJ3yeVCzIw=x zG?(umn4awY<**&b?vXiJQs8QK4=IFT-o9Jd&L%-GCq!@JK62>Jvc0zv%%@B2bLbAI zw#C#sT;=$p~oFxB3tly^BPi@wV&qjrWm%f ztlr4>6GG61Ub^YmP2#2;Vo)AxVA@4H1454g1mo(4ZT}a(6_^yzGw(-9Ov#U(NQj~XN ziw(jy<}H*!KmYxvfgP(~H%fxFa6x+5fq4VBoq(P1tfRO;t#Q1SVR{nxm3zAXhnxH# z?)Qq75D1bZ^sqqm2JW8&cD@&@s^k-~pL1*Sg>Qvmn<=IhKd^4sx0DB>*9~PFx&Qpd zyZbx-m$YxkD&%!vokzgKL_Ng*<>&*);2jG9*18}D8TPT@Pl&qXcl=*B=WmT{g5UX` zN1}M|E5v>!mb8V{paxFU;0lO^>QMq(6L*)#Z)!|{vMk<}2-_q8x71y?@teD!AG)}o z47i{92;1tRcFDV}Chm0zg1L5m9w48*Yh(hfVChl|%_9X2kKUxPbjgL*rS6L2 z_K1b1UEeQ^-rTZycOx)vAM23x8ylA(Hx0Lt;3Z@;N5-a!a?WPt0` z-Sv?hFB4!3%eydcPY%L16=0hT@GW>^dDq0WTU*UH%a<*rpO^qL&-y@t3f?{K(1c?i8yq1TLnx};s` zk(+Z9U;xWI1@5OUZjW#%@sIyR-DC{xX6aH46{G?nr|#mL0IhMiXaUC~H)bY4KHMJ3 z(6l!j13eVG#P3&=cP&C)+HTnR4K>R<%ztvq3dx$DJU()|Z-3eFwiV#a`!D#F7B}i3 zW#cH`^9nZU2Wba0-AAWaM4USnrmNqI2)V5r z_)HqD-O&RTC@6~4>gaP0yA{b~yZfq!+J$Sd(eb#5{?0MbW^!Id3RDet$m&y8C{4~=)@~LE z*nvhFs?pqDwStis(U8AG_a+{={UO+2geph!0!tKYPc|xlqaUmt{|@mi!WD5q*+w}q z`mJvz-$?uhebVE8vFyn@5Ra zD}Sda3Zx81{6=9YS3-B_UC6t!-yn}{gty^%LI-!ewh zY_V@P+AhO4@Dl;Le!Ch*=?OZZ1S$r1e)9x_?Kulg@AI2UvQ6t1E=5g zXVQ&to;%wB|F{+CZb5!15KKSiB=IvN}y>F|rFlOJNRg5d?fRYPz z*Z121Gt4vP3#=L$pZ~YJxi1jD`0pM$_?qGcRv_SpB=L*o+mq%uF${$x@f{?K4_r?N zo@fxg9W7~sLL03u?P{9kx$u@V^3rO?!+M{3W}57E>-(VeFmu#psrm4MWImN5MY3W3 zVUb-MzFeQAPUzB(4t3oOdVCq-B7l?N!Y!7S8*1y7Zt3K8u{6ZePm2_0i)&|w7yNS_ zw*r*sU$PD9O4G$yi$rhg4JHI>xVn9kXH+66U2U=JuVT)EXCDUf~uDakcR$u(x9^6&zNSJ788!?}6%tqeg3*NY4i7yP!M8DBme-O>6e-BKh7&j)Fpvwcmw)NR?_N{8nnRF(j@K7?~*DbPkZ-@nDkIt z5`Nw#(&(p)<6En!eyfL`mF1S-G?@2Yl)hg(sxLQ;AVR&JZ@nMUZ+CB$+~6BRVRwju zUno~`H=Lj!SsOv#F8+yUoUxp-tg(cgVjD~o`mXZJovz00@1@S~c->Qd!)awCn+Gc< zT4^R|O@0$jpJWVwN!DCO959`iu*e99RZBFY^n~zEBQ!pkLw~hj?-%ew@l*0PxMJ%L z-rFlzK_wO4CXUYLvvaqIrDJqXWN6zYZ7|115jG7T@)BZGMvdb)TDq<6@ipOb8YCaK zxqe-IWYsH;H2Z)BJ8dy{x@J9j$znh8;9-Jes8FjMnRkI|ci`rU(QIVpKI{_<}FEv51_3|RU85zN_=zi+ug`cOhmQFLIT!LbMCkIvWiJr1qp;UBlr=vj;Zh48Gav?Tv5Jc>B4X(z9 z8x=GiMwN+@mj6@!qh921;ELZd6l;rqxt!F zv_&qf@T6uxTg`NNOX2>w^m?TdOGzXk5zDqweFnr-N4bi)HG72il6Edz7DO=}%lO_yX;X;<~tDVe8*Ik3kX@E7@B3 zEqXuT#}t$ownogUY%Qy@w=#2&qqwd&LD;_&jPML14-h?8Pd0Zy?l4;nN#?;(unX(% zQP%AlqrB(N-u!ec=ur9XES=7-ntHrp8DWEM_{B_})e1|yW5EVXcitBR$(gpnr$7hm zxKIZpoMER0Q@02ru_BxBQDzvOEt7SGBrknv7?AGkPgL^*1N-MQqPzz#JJ*kck9b(- z*@G)P$DAk6&jTBP4oH_ASkvavd;K{AQ{kfk^g~~mTB@|`JmA{r*3J4?h-`8ChU!@o z(oP&~Vd&o0FRBjMG;7Lb2vHCpy~ij1u%FZJ>v`hTPVt_Rqkobhec*46!@JsR>l%^{ z&~36uUHZNdxuna)VWt}Jn$B?yFOj8{tw5A%Cd)x5AS}ob^&N}3+5Fq3GX=oYk+__G zwSqC=ioGx=jl=VR=7Q5D#Tt{n^fK>(IXp4>=r+Myc4ObULZbc$e! zLNwTofrXPi;gaH%Ks6wd;)FmQ5qFhkW~>qJ)w8{h5*W(@xKmEuCNbWD$XCq0H^w0!ISA zb)PpB1$d~{bnYH^FZPvGahhMIv+Np4pWO_MkYI1mlddUflUFzx;95?qOUTCvet^k% zZS5Qn`q!jPikBf(5>`IFyc0)!@^1|?-2USv2kArjQBX8Xm8RUp(NbUuOm$LvGM+|G zBw09c4pl0Ngd{RF&7(rOyK`FT8O#z&MY9!gHB1UY!iJ^Y%MVT(r^!phUt8JsNVDOI z7c#PI+)5zoQ`Xs5UEe)EN6XaFZ^YS{UxeF5ZDh6j$9ZmA=FcN*(MG9joLqh=K;0o? zdIqDdIg=$*6Y}v$C~&-(&9Ifk5hLNHRbWg6i_s&rTffyVP|X@1x(C$e)^JdIV75fCsflN6c@o&Fo&VB z32?ASRpe$AjZP|W5u$hFF&y(GI@wC&4Y$YERxmO8t9m-g@4|dQUSLvB)DB5v&^35a zx~aR;&`WxM6$AY{w!C&YH%2A!AmPE4kJP^JHEWM6%JD*w>yd!i8|K?}QTwtNuL^Pb z;ejFb73_kQO-uhy%m?CQ1K?mZFrxm{)`5BIZIxkr_(1oG`1uLk2gG{qFZ?kJMrZ8t zNjpu3GrHqq37(%J@P?QC{@1s#D^Oe}@^i7HDvpp!5tQ!D`i`QtzDg+8H3erW@`a=Y zHTt_)RQE>etM9rX50r5u8;pZ>Mh#0`omnAZ6QCljB3C8d*BDLEfILwFQ-DWXA2+h< zOWOFR1~CCv?3s7H1uLIkJJ>xtI{GZXzKA!;igQ=4N=&GbdZF}ygKX|{Jv4W7ti-y^lE2;$Rlsmj{6^T!s5e>6w>bYU`+)zx^P?O#%jh+`hoq`3f7t73w-qUH&wi(45|u->oS^6-tYj+^5J_H%8LQ_xo*1VZ!cN(=Es^i zz~{qs$Zgg3x(Le0l<`8XK#%E9r9D^H=F3gC-!1+Ke#dD35*_Tctz_eBRGi3{_q^u1 zm+ar0^DXyszIPFJYhg&&WzDOB@AHjK01WEqk!kK5Z_lvye;{;XJQF`c{ko%MzPh## zjiZSF?Tqx)#OwrZzjuC#oEqmngsY*q0fvOP`U4d!5Y4+mVpT^E!(tB1AYkn+Zr@r! zN2F0@Hj>nBHw7DuIv6q{AYZqo$L#^ze%pM<;Kp+6&ImMB`k*R&Rpvn08tvS%+ zj}|8evC(;G(liUVemB$ka-U}bW({_(fr&&!ckFH^ope5AP#qPCABi*6_Dxthapjjt zv^etZRo$R)s+Yvie9$29TLhSTIcgp~F?I6Xm*U@DPUG1bH(yuWDA(d==c{ZX*;=X2S=DWX#CiX-W zpOH{~i%rH02TZC0vG{#phVVj4w)yk1S->yT+PSB>B8Pl^fvC?@eQjYX!Nzj9iOxcq zSG=XdCtAkpf3=_fCX&OH+>QH5o~b`=tdET)H90hpH!| zDA8X6TyU%#$o(G|%P3no!Fi%>x-DOb^>shm{63flK1|-WVb1^4eBtrw;RM_q?fANV z71v?;x6Ag$TOe~))x8zeu71N_n7YThxY#6RyuH8Jn)qe$Xw*88f6yL ztLHyy0W_NR1Uz|V1{PHjxg{AG7moYhQH9d3JD6YpU^6#2_)BygB5pXjbD0Z_ficI3 z{JWX|k9xIMtfk6=ZiV7BXd~R`l-9bOQFTVauH7Hmh{Zk;y*Hzg7A z5gOlt>YNvb#q;&Y5xM?Ly;OwG8;oUNM5qCN6L(_Z*8Wz9SSGx_ zL{AuZvtTSxYGB0+=Q!8r-xY4s_!+7EB#&nw=FFfinjYe zX3z3l{k`J7yx~AId4Pix2Vr<=#a4yfbwP6Chx0%ilL_s06uO36re&oz!lxd$Cz)_*1X+BBjeYWK**3# zTT(`@9F6_ng(>oz_%9hA1)ivCQ0CkiE}p=F54S+4kN#dmEtxk2Qe>Rg#40v1#y}WX%o2MCEp5|*7>656O96hQe7U|L?#1P z&{tM*LlBWtQa_(6+E8oWSh--%SC8Zut&Iila;DYlJE8b+A}aP${9OqFoejXocYYrN?Fzxa&eL)mIT14IWHl&or9Vq zveI=b8_eVF6L?N4j%V!q8$YJA>$o>yqLnGP@2CqVCB6l^7|cxEQQw^ZHm2F+$CB+2 zs9cSISY3<^`pRW{B&uQ72~RU&A0h!=aB-DKW* z@HV54EDxJ5r)?onxi!`XuYZA>2mfHsO^|FN%Y=4%uB26@a=F<-(O7s^fFK-;0o~u`wN6mkBt=I56W880&k0rI;|LbvPD`}8zg z-q9`{BXnejCw9r*^(zW2cw@sRVm9XPd)M1#`RYjJqlIHuug!IuClV>w1vYHv}+ju6l?73txtb z7x+Y`vYpA+=*YZVxiqPK@Vl+3_-7VcJ28E7kga~;)0~M~(!F%Yl6%FfDZ`ma53|0b z4`82E-*0C&%skO2P*f<7d1N&I8Ksdwn(&6n9J>&=!Id^@)Jo8VgQX(SMoLNJ0kyL8 zrYc`VORjrludv7&j@Sppg=stek80HmOkXo97&(n2a z=cxd0e*3~r7VOE_=;h->(&~>bG!8*;+zs^p7s7obek8Wy&pv6|wRM?Vbkn1os}gWk zuf*AgKm8m(Ig1R5L$u^-&F}}Fm9n)Zw6ULGe)gtMf9(Cve?WvCf>e2Azpkz;-}=zd zye4^GKk-5fc)?^*?lD#~^#g5>>vv6qKHlESQ&GMNYbd7!zTI;X5BIH@+a2f%1YbWk zRkX3=4=i_u^%{$Cr8U`fqE~tsXI5Mxx_Z_VOlva|6axnRd)szuUcj!O@`IahZLn9* zHIgW=4&l18P|}dCW=+Gqm9NC){1@IPj(xv;p69xv!6eZs+-HRI-l%yb z3u*_vXiVjqb=8E1rQcw`ik+0a7?5g;!d6Z#;9P6ADGX%;E+w;<^9_&fo+^dl+qg5~ zCkZydH_Rm8O7E4FZ56zcOix~N&iVqdjiV2a@!j8(u=w2WuzaTWewxo68Mt)^9?oGr zF)|&ry*aIMZZWLKb%85TZo^%1wg>|iS6@dCaN$ZFzv~!FTms83F@NG9Ycgf7;JPDh zEv@@N`m-yCX^V~QmmXw5a^eitB?KoYA0q#@V_5F`KqDA|Hd%9ZvAL(z%Yc+wx~?iM z#txY`o&U}~*N8o*nIQE*xoYc~nB@EE$*~iS4;nBt9ZL~1d1S7%hVBED{)4h@tvtgF z@>)XB`UF|DZz$e?bq)fPa|G&$#6hpTQXH){J^KN?Gb7gq#8ksFPrAX zfC*M8ArszEX{oUYa*4-ZFAe9EK%;tOB`#ZaV-dOpilsffm!_mY%cM-Mbn$yJAqAl? zTon4V$W?S*7yB8-`W-k0LpAC%f>)f}P&+!Fs2@-MDkU1Uzd``{@-n$JKjYU|)roc{ zDHyg!lDQ;xg7+s*m}?!_O2VV4#hwQF1yB+T!$TYBLP>Ssb+ zwnH;CkxD0=9-JhxguyrqlYk?~z0D?CotOzDUzF&3@BF~0AM5%MJQNo!yobkp_Vd59 zQEYhg|8WR4bdh7Nht`p_DkqUw`z6&#>LX~m{|j?cW0)l(f<6xliIZ38sDNgu?@0a! zl%=+~einP;=80_Q39UH}*uOjbW9}AX;dHRHV{@N3d@k^CmhMRkYOFHQI?yQdx{d%* zo!8%{s1=o_Shpc)*QMU4f8H{jmwxj6AHuFFNE4XLwr$(CZQHhOYue_tZQGc(F>SlQ zwr%%6|J&B?!&aqIm3x!ANgk4_+;dI{LwBLriA#xOFJAJ?k}7vfk?2ySvEckfhj!7w55eIch6s1-{tkI38?9Pnt=6~59p%xzAXSR zM8>rLF2^qVJH5rgFjCDVy49BUFWD+dinm&@wj|Zv0b80Eq!Pb)7H_Kr@q!qOb4rpt znB%SXxU2cvkij$7id)2TkS3wAMv3k(t-+NKlRxcj&&-XJay%t5|G;Ht>P_#pDl{3Q z*6q|;<3wV+9=mg;dN7y|2BjAV%edF-l0hylZ`$%FlTr-P0l6u$L|vNn%sR=he{`a# z8TV>)`a{cp7A1cxQyuneBa7jgEs&xuTGn}D<$#YiE#7ludt*d5Ui>#r7m+9?d86N1 z$(Udu>olg40q_y#rF-sGY&SewJdq{g0mq97Vbh;mwxWAI!;k`IqG;zmjBfE8-|H$m zf>G_yT?M8nXwA3IqYlq@ID&A8Y0rBXr~Gf-V@r*jL;q1uOwMBc0Bk@xqxH_ORME%O zSvTk+Mn4a@I!Ype&$4hGFHHq4p_&&M3gCuo@#=l}@?C?5&tL!+Py~lDI_Z+N zE#YL6S6G9)H2%9|U`3PqCfxrYU`L4O1!kOcpC;WA>#_VK5fjf}==qOKF4*XvFS2)H zq~qRjQno=Go+lV#Hxzlb_5^K#U#e93uQGQXqJzKt%xwE$wF~yBCCUsKv z4?8rnIG623OL4kP4Gh&B7m)9k3ZMY8UV4GK`0VZ7kGZ$e<*0r>M^`|TF56Cj6pnP{ z+P{d=vNSY=d3Qe%XbW)g@Z5YQa`4?mEZ!oRUY+LVGR6|DqrmPJZh_O@M69H{nb-M78BE^yJdZp?6@4EMH-KQk}_x`JPdi4jUK+d78gX*S z&5&tP&aH6B!|;@oZ2nC4YXNka+UAb4*(CpmvYB_x?LL(#BwiM&moa7}-QhV@Zx)Pw z$4dMDMXR@Wvhqu;MnCrYPAhGKH9lh!z4>L|AODU?al+dQ{^7!CEO2^zu5-F>63d&r zPwjRK$)?&ehs|_gk=x#-9pxNL5CUeGI;7frfJ36m6xGWzszh-j}U*kyY#O> zjMe#|oOOd?`VsZYu2q?_*6SkI9thqZm_Bpq#-^^-O_l5f+X{K|luW=1XGbd0_>J!U zdw_%cuP?*4qW5)8eZLngkc*3uhnD?tgIaCSX2mR)_Nct}GvDGK9m{1R-aaI@`qn{b zitRl}if39fiZ=eF)8=-Yw!B{DU&XqO?_L**^D_p&0mM*_m+pj&t~prOGl}FCNgLr@ zdWLLV@n29*@u$N#Az8xW$5YMw3nxVWcytbUMo&|3Wru?^)&BGA;9!q&b4t8O;Vl(q zN*t@I1x$bZr>3{a8P0^d8eZd2Uivp>oxI*Me)^H@CpmN+;;&>x)qta3A`n4kyLFwu zERAKm9R;E2?vBSAe`)aT7PD`zTi9}79UaIeU2)q6j0w-8nf^ifc#Y4sR@%STz3%Ua1Vh~0M!gWzytoTum;XGr=6r*8 zZPP+Mr=G^OeX*_ue|dK@Hew?_%I5`L_yp1L+FPi8`JawoG+WVldtp9(WUwy3c|gOYe&doNAISnAG(mnLHk~++DYrQe9<~Cty+Y$e!8e zT|J`*xeHL-I)k=~siu-1suQf-(Ud>XOopg?q*T!%=T3a;>(lUq(m zg!HvHM9r9f@|!bcpl;7tah65uud?jrz7iTyG>JfFsv}+~+wk#UO91kNu5Fi5ZwT$~ zKlF7QK~aJ7=^YwyUHFU9MjvUZ*;%tl9T24df8o9sQam(MFZZIvtglruZ$oP8w~m#Q0S& zc#2s%@VFTI%MOP{X#YC5zN9mzd=j>;n3>Jca2S%qUPfmr3fN)C({*8+x&sfZF1j@E z+Ot#IbUx&$8Q$f+h#Z=&s#{Q1L&-hAONYiaXXwLMY)asg-1xWj_o$f<=l0oTL@}|iRM*YnjeL~X6^c4T)u~fp4-v*`f`|wa zbLI}f$Y5^3ZDIvy7o{rU(LTZcIT#+Z*VZ-(0pL2YT~fUFLrSu=0Oe*WZk2j$9?TyG z3lMd+h|L8APGXAf_K?{zTvyg(vZ2i)ai3e-LM0F{G-FOy9{mXV$ZfNd{xCvW$%t+< zA(OWv^|dWx#-{HbFjn38MqluE_IR6|{kf|pZW${o?(WOAvd43&hJV&4x@p?)0^0&D zL&oAKxhyHo^Y8NyM6aO`>SX6ki|^?gQihI>=&>ufolWM8fsqaK@S-z$O%BOx56X!+ zIxjaij9RZMjSK0&f{bbAV5SAo(&(C$7E27k zOuSGE{^1p3XjmNC^;Rhupq!b+pAR)#k6cb|~FA;en^j$DtkWyLZciNa?aEXS9@es4J33n6)X* zChMfkvc|t_Ptbr5Nu&E@Q#&vdK^u=6f{Jz+Uc z74j;)n&9NPK8l+bbapYj?L{m+9udAQX=NE)rvw^rGvGa=tF)y1b-?AJ?zVGPex9n; zQw~`NV2T_F!)r;}UcAA@*Gp%Tghp1Xvy30Syq7ltnC(YI#rVT-`6hSXR#WYS(d>l% z8DO~lz`PO3Sh(K3vB`Mec<`i`bBy}bM`WA->;d0p{Fx}{$#|Z*eQ9I5`jYF5oO8G| z%LpT7_`9MC&vf2CZ5t#wi>wct=i!Wr=dgcXUn4lw5t|W9%0QAj${u%P2ZNFCm+zlH zki67I8h8E+zn{DJjYAi1ajA7^1^TaJ{_yBiR{Lv*g)c^tf=>No!K4E727JPRU=2Xe)L1{Er-EhuGLHb^bQ|cb(R?7-fI2u-MS@3M}yKxb$)4E%`}a!K?l$Hx&vi<7zie+hG+gj=6wts9^m z`(Jq!@89%PO*CP)+Isgio4;+DYrrU4*9DQUskhwvv1{9WciYpm?ihLA4;Y}nUnP(I zouO5P@sUww=8zd35O*g+rVr(zZ&QVJjd4jOi0RuPJJkC3D8{Ig-n(KheHBm=J6>00 zlMd|}rIP|)#u0ndDhQK!wSE}8{ZXs?Ld9`<#~2HKEM-ke4RJpFxn}=5*2)x|vNT&8 zKw?QDe+gUe03&(!!jXD8O$UCf8fiPn-z*;S5X{4VTG)evz;+42 z5x_I*ZYEPB*easRjXh0MWPHD{h}u0^7zKOtN@QsY9CH>b_5}%slLG`P{Z+C0kQ`=9 z2Kt!y_X4}Iq(62B^T`UAJqQR;x}JxUK6niY2N#ms5MSl1Tk^JxQ|c{inK|`lDMojU zetFS{6TfBMmjl)rd<@M#3I&~vfoV0I3}F-W$t7K~{Ndnk#yhf{9Bw+fu~@HR@kaTI zi4oN}4QsaHrMf94SBFF>o-hHV?t*T(EnBtJw>`8CyY+=(IB*jJ#fDSGzv0MS^U~qY z_8wS1=mlpv!gTkUXu)<53oV|%Q%|MHd^jxlFb6RFni(EG;-rnE& zC!nGlkA4wvp6^F*q738rUAxQ0{+L<<8||mBmyFs1?hcU*X??PtS}?{r^+RDuzR38q z-$A@BQx<6qVEwBXH1+wLH z=w_j3j7!w8g!h^jg~6QIArXe1VjpF7#_&v9Uuf-EED-R?NQWYy{&^~U)PfhZ-fE7f zi+9-RKkj}6-Ft+UzPCSjNi!-MA-jI9R#8jGPQLoogKaaUej&{Z$R9us&@l2vuoJ#F zA?wVh-Ss*J+F*A4LsTm&P$bWBP06#c9Zd`K{0m8Aunwxmw<#UA1!=uzxAv2`!8|!j zpZy;&Z^xU&i!`A(B`5+Ivm4T|koFf*jn)Ukj@l1VgGQ>E$3iB|w+AF0gD){A2kXHu zEXEkbhGFc7$gX-@6he>SZtC$*#>M*zCl!_@vA8+I>tG#ypX4Ozj}Rkc7|mZd%9*P-byDbknJ%i|<+QZ?;2(|; zYjiCDZG3o1>!0aS@dJB;>!5fz>5x9V!0V8_d{OYj-hh2ftj~zlmgI(HYvc{?F_54H z49DAzGUNBkG`}a<-Q~Wr82WwOu6p$2`=B#&J|rdN9{I=pCE%TeQ0iT8Wo!t1sXuTp zpyjAKtmB$(U0r>GbM3oW0bvZ8VIIvB@Aryd&P}*z0h{OEfn}07J`HyvCj$AL1A>kO zIdP!`>TL`dALCp$F>gHuZ4Fda0k;VXKDm=b>I^ZhNN?Zp(kp^2Zy}VXE9Wviirp^; z0{1FwCj;tv!udBI@Yn*j`@Lz3f&{u_-3w+lz^`tCnvlQ$LgBHu5}kKNME}mKY6hcV z=L4`T=f?dL8`lfWQP8*vY6qlv1!5;O`3{6DR0h)k%zcs|{m&) zHN0+5LL87FYV>3Mjv;uq=DUfbc5`Uq`dJ8z1^%6JvT^Ks&`2Pmak&Q3SK^#=(;5&I zT*nvT@Id6n)O=C09v9E=THj%|Vz|Jc2OY47iS_H!N$G04C2M=)1;2wTPOjpwR~CG8 zYBlpG@h*rQ@y;08Iho*&AY|F|2gAKkn;*NN{MVBw0Yt0((+(}McgN(*2V_0Gf3gz= zLdu`9b?++5I!BJ}{N=ubmuAC<-wbmOawV`W*iDP-P}Z;V8*Dcf=_Ln?FIEhVd-Cap zO@NEwQ2$vb=z!VV7tHneURo*H>{5%ZkFWWU=h?@RB){ExUSIY_b)0XkQL~%7bdd52 zaJzpnl(ur}&$^eC%M?F6y{e|NmT5X&k&Y8Pk zm*<%4sgM1PV`j~U)`^Le{)lsj*j$i($gdo#f*;#Vv;Fo%Kreh_;>=q?Uj5s>S-lc0 z7NPzA38$e#-h`%k@kj8<_q|5mjK({JjLHU-)Hn7)KO1(4eJ|7+*Mm-ZFKEZPs>*w! zA%(Z~j0=7*VNv$p`{8w@_ojhLs1=#)jL5=UOl2mDH*h>!al?+4)ZH;u?Vbr zr{0?NJHOs7%rF#aY1&et((a3*_ZRNZ!ZV*~vW>Gwl&mV6w1J7$)O2dX+F+`cY?`NX z92(c@G>p~yGQ$vcV5*{FCMSVYU|>CTrQ6|vVKLT2qpcCOqV2$0X=n&ic4%Q`Yt`XY zwXJHK&{9(VQ7B)1t^Yh~s3{wm(}Fc@8E84G@)u+3*1tn zXvvxVk7uevuBNVKKS*Z0fM&c@q5FXjRGPX>U&0TT!7!)N zSlIGc$+#VxMh0$?=JIGnUBuz-a&j(XeHw&6LeZ_L|xP5FI25jCi!pqqOvtwDgT* zm?g_t^J=C}Cj=YW3YuK#g+iB3UDy*QdSi(;@H3YhjZ<&zIB;Zj5o_mGpdPbkHB~`a zaB&Y>t09P7tyt+y^R`kroE8BqU>l|e5#LOCqs+mOv_IhL7^mlf+7m)cF2G8Gy@YhN zCFz4rP0`%oM`1^5E@kExVMdU&)NN>~Gjw#Qe_<_kqAL>$CSkp9Aa_NoTb&qM>_h|4 zI*fEGYoUC`MmLY?VM-S#X=^ZSsIph%su*%8>MIMX7EGwyG&P)uXfiak%=ex!G|*Gi zf|r)T&C!80QU%PAEz;5^i83ib(cNeF^j(IgnEhhe1Ip@dKOXjy!SmG>Kfca>4y0RBgn6qX*w;B=!1TDRtL$WfsO@-PC=O&2Z4t-`TzFLR=K4lfp3Tr;;^ElYymY62CqX8;S$~NU#Ta%UAhB?1Nuj(4tb|{iKY>+ zie1#Tb_A?792M8Pu4}1}oGD>5FyZVu(}-Xd99|#(2%SUp5hcK>7p_70UxMK3ugxh8G4vYpZP=%@{j=1V#8{A;Mn)Bk zy)bSeu*j$htQhkuHYphM{pZAU)NLpNvM|i@I7~h4G939zbY@^vdinxU;#-9wj>?4kA-+~jM%$j;pumRj8njNel zsFu#67n@sLhYZnr9q^%FiC;;$n+%^{!xPDP8@X1o$eU7?j?T=}O1&cXLkjKqp#)O~XtB*ANrAd@p?rLh6URQ@KVDOp~rikii6WD?v@N}yUoUeYX4VnLRyAGBQ@p>6PYw(H}s#tvQ zUm@F?=b5a0URL-Dx!;(7-tX}&)E$%Fn;AQ#JlfdlrVcHWA%D2uxTbgmGQDFN$Weeu zx*#%^20;}uq62zUwiez00cC~sLnDm3bhjtd_oG^Piy3 z9t2bASV)LB=g_%;Cps*Va$4B$>tQFn`%9~aCEFRezhbRYX@rk2GGONBrmnl!aDHb7 z1a&AFfzpHZ(_SiW^?3o*fVpWd73OzJl`(w{IGY@UcWy}I zj9m?@Zu(v%L0NW{AGt(2aBaU80bRAdRZSBfOH=*icocoO4W}@!@6PSVPhod&91);9 zjxJTjc}T*=M4e^?UYFUKm-!!_$NNi+VoS~l;et!SpMp4Wl`-fCQ<)cBXCAm?F z;=;Z!AX8(1I=1@=?2vLNc3iiuPNJ|%Gt4~b6XpFiE8+8d0|>D=Ggl73Hk(;k6Z!{N zI6)S~?r=D5Tnk0X(4fL}cFg~0%$_XICF_EAjdED^1ot5YzxrJto|{77$KwGHi|iGW z=iazin*Z_zlXDd_uDY=^s@P5S!3{O8)9(m%I@em-^|#-Tt5@MmB*4%mw~r1w_GGW| zxc_5r&3J+KZJ$)B7w4}fgqQM@@@dKX(f{REzhNpmrm;QlpPkUD-(LEXWDkYmt;ifL zYNLz|v?VmRphv7eyl*&ZMXTuki#qFwn-p-J)d!;bnZ5lgCNq7v7*B;zzx%d8JdUS; zHMxhDS4HOk(j-Q`JVu-J9P|2|IG0qes>?a1d7k~?tudq`FXg-X8T;d>aC6d7GS-YY zT7CAacX*4o_j6_Wa>6FbITK>z6=l|)L+&;Ug>%9?CF6zybS5D5CJH05*_ba;G*1I#PoY&hYuzbwRC$C)D z^X}Q(hgR|9){RPW?4c#JyxF@mvRv`bjb4%S){RmT@%9l*arS{N`XkXSZ|Co#03ZI} zMJL5`nly_Zw}a11r0&e2H{(;$d=v%EnMGN~CO3|VlZU10#Z*51p~Y42&ct$fzU`sK zVm|)K#nWXv{6Ep9g!gPw2k?CIx?lNs^{+2vkBlkY7f zTCy=jFl{7J^nIZ8D{`gXu!-FYJ*ei*!{)*^D#bY2LmlKJzhvCXkUHatpK&uBMNdmU zCy3qLiQQDbL5ba-h}{rBBMykRP&X0^pGl7tp$lPK390+ILK#~6N{ZpSbB{)C^mv zNYoxVwD!g3xM&s9~d1qYuj- zc9@x*6=O(UO6()_+p77%5U^GrQ!&Lm@U2| zshsl?rW$UX9axIZC)w7;<`}N)@>Jw_#qh8D|UV0 z|1N%nZ}!;jcM_+$vklBZ#c4{hv_kw?oDa5M2$!Z7*@pAkeZXij@fF3?dU6Up{h@6= z`Ck6w+#8W)(X+>?=5+7j-fvd*4?dR$L2|+*>Pi85b78$z}q-BkAd7vIE1j?Eb!uKTwd9Yon!55&Kx!!p7pEVN}vg(#ABj%bn zYGn5og%1#yTiB=`gDzrVAV(2gs%Ggfg74Lw*q8_moE9%cF;@x!?2e6E{5bP(qQ)1S z5213~nGxK({qScf4j%zx#6XFwnDLnr4ch|c`e*iBRwY;- zagdFGI1xc~@ww(Lp0ID4v^dR{SAra=9+60Vgh~VLs##G}`r*Q7B57KyO%Ms~v`B0l zEMTk6s(K?RYRjs*CeqRVfII5HH1fG-Co|KnRRhr$)zQSt`XJn? z)ybOTyHp0SKa>SXuhPRmKvC>syIob34P|=C-4RwV(k)|TIvPUkc(~ub_k?20WXgqU zA!<2~`dBi5TTQy8$gaSCD0gqKv9XCFCEpAcdb6RL5`o0AP|03_wRO_fguv3IcGk9p zOiQ?z8I=<5)pL_8wp4g+vy|^(c#F%v3w0GsaLE=J9f!YocNtS0BO{_7E5v*lnz&Q7 z!POk2qp3=wXRp;2gsp#VAhkhW5*`e>Y=mX5YcBK%gI3u$xSy${YW>hb%%lnAv@ z#H~4cYJpSEE!2wW`yr}v6SIq%@?&=MXKhDP+RBCI6WH@;EHsebr_JcqLp2zCQ>DoA-d-m)>0C_9S&0@EEe zyG&$Xu;SNy9!~*eYsrJv6X|W;y|F6A7X!^L_ow1FjTBu)+rUrOp0q#_SMjk-%%YUq z;|i@2>EjhxMXQHfTQl^W?Z=?g!W1!)co&Lz z6-9r+h~RrwrmU)2)-#n_rMHwH3&>MS%*=-|2ulljMV2?1nYBAtz?7wG;4^N{8ew6M z-&MQTCPU4Xcv^J_ZmC>%IXALQ* zyOS_3x2Ir?8%Ar5yPeU=nk-Dzxv`5@Z>>97uo9~Tlht|(@_%Psx@I#4H2<%xXAii@ zZw2nN4IHqQ^LcYis|1pDo+=*M4>pi`C3_0tRszVWY8rF8nXIe;D*@5ow*7vu+=o^i z?tqYoCs>US3laq!rZ64l`3rSg?Y(w(o4NQl2-rSR8RQmas=Y2b(G3l%C0{V1Jz}mE z&WhfVL7!;~c?b-D^s(6wdV-;Wl3)1jecVT&>+k#yka znc+{nfK!ml;#gE{-oq)>`S z69&KhyukJv_19H3H`aaJJ$?ZZKWY}}aL>O$SS$Os6Q{K#DeX|y>4oLP`fwVp$SN$i zj^3BX4MnZLSs()JJs2Z&p{acffbVb-hJ>ONF~_XS&bco3VH4?$Cc}S5)b*Mpgb?n; z8OG|@`aS0fhxe!=hXkd(r6P_Ng)j+8HyMc}Bh<(3yQS@xYR3LjnjA@@%DQR25!HNB zR`KccA~5YUvh|o*84jfRm*&t3KXI)1>;1d>YnS%V#vg7MIvf1zi1LsdQ8&6lI2iKe zh5WLoUu~EADD?(j67IhKN#IGve@}CL2C#qqxZ(K#-=&mQQ#n8BZaxh!H@}{!|HOVP zNftK?y4Ag=%fOr2BOYWigQ!zj&=f@jFJEi(;o7|bqbavsBnZoNnea2fncg|H3JWUq zh#k@_C!DM}VLs;gi(KL$Uwx)c_xp6Wv4hY5Vk*bQ4)g&xGu8T=KF}@}EP;Xow{}Xu zsP?)83OGcridAyp_eI$n`c&c14%PQ(Y}qCAv=CWSW`eo`6srTLX&Rf;`&P6W zjaU}0KGH*;Lz<4XgU;PM^jn1Vzt0(0GAq!kh{u$zY8z4y=pIly@JIg$$PH>t!jmLIPo0V5dCW8dKGAO5X9yU z3N~2#$~F3jyZG-ZwBaolX!(}toz(Y8T_;>9d>6ZDn6C<8Oyp?fr49*o*NjV1rf%S# z3MN;(*3cgK5{*M=yVB4vU>w!h!!>M_Hmp#MSm~l3wB@B6E)K*D<=CUOa7SzogLiG!n}`+R2W3f$H@pHaFab|4F_o+jX~P~&qR{V-L~;|m@^Y3Q!d zOxA+K8w4hkzD|rfXvKRr3)5jrhKT0jey%0&TC1MNFL;HM2Tx(5(o+Lrbr z>N*mm)HaY!??f6c%8E4NO~%Ua%<-okfv5|91*TZZzwGp4VwENQUkHD6mFvLYrfe0`)-iD!r66&&J8DiZsCPtk|$_XuB1AA0z zi7&qxy zbxP+3Lh#!pH;cqs*!v7Mj-aAy!jR?(cX$s?Jn@!js6@$gQ9LU~mA%9^A#$k;ywP)Y zLX63G6bz0g%&f7~HjpWUSDseq$F&y1 z)f3@pc9+dYLB53qM>lG_R!AR2p8$t0kW^>j#%-xz(ngm&yZa&zYNHfXj z*K&XS+lv<+tVsW$A0aAQ&!~ajXNzbfmTU>BXAeXt@v8K)mRJ$$MaUCd%58iLk_g(Lsxd zM1&gdm6Y;{BBSw@zyPZK_h{(((NgG*A78Umnd@EIue%?=@&zg7xK9KvEoO4KSzT|o zhbdx+Rdq5`+|&2j>g0mT*iX~etk}Oc)prSMYa#2f%d9q#2V8aT3Vz9-wjAe-x1FCN zV@U|sJw=elXQDz)Bjc-;^ib@> ziddURaK3>I$4jXe)GnxVx*RwTLJhp29re=Mdb16r zB|A2sR2~tJyRNL_yYj(5vY#}uUKnVM_FY8Zw9^cHhYnDsaXlJ;HLB}09#m6$r!jHm88pTz7BE^Ox0ikVwYQBGD{R~^}GA(v}%iPTH6aI%#o z<<8;V+41aWZ3XG6JXYaRzsa+@C66M%c*hqANC6F*^O-9 z1R_;5`r2}rY|Vw>3~W=C=SJTnki?b1#veNYP^tW-@sMqBA(BSeuNY=yC`Qq0UQNjbRzsuNddmFl^+6bk)v!m|a zQ`M`lI$p-`2%D{vS(}YHf?LNVeDPDDb@*LmT3t%kJkzKSWMoa^;-PIfeuW&8!+a=i zBopbVk1VnR%c1XJ_z#+=46WPAstno@1FpZMc>`AwFeYu^`Ym8&qy%|dy-}x_xOLHY z!1^_ns6>@hhGtBU=9#O0r@-oCy?Wd6Knvrq^PVxTq*BrklO)KfV|vnXm$K}>Gtbh4 zR}jFyC75ARVYUBx%ix*q-teH*CbIdIqWwXvrGWm( z0e?*Bc*C%N%b`K__fp|Q6g$*o>ZylkS@cv|${QirdGB+~_>&;^G^a=Sd_IStuGDu#wjD8d?d|e;coGb{(0*7s(d2~pZ&XO7ikDT$tS4u;X{Vs%<*@&-Km~9ys!IB?076Njzj$ifHq*?;aWPzr@|> zX@2k~0(e7f!kq(nbTlOGD2wP#GGY~Q66S(+R!ZV*w0nuA#i|L!--aG}^%L4)+h79O zlz*y$)1~`oge8fnAE&>_AiC?~zgnYQV^us~AH9-~>Diy&%cM5<BmE@NM%&k8(mN=(HBHXK_5@K$W7?1%fHRFp*cIX*#WSLDrB$*L6l%slJ z>!uCAn+ytY2kOx*s*y|vLGUR$e1{B39^{@ict$a>H9IK^@M(y8Ck*i_%%UjL2&YD1 zHTkX=QoIN2?h}raSST5CAY!o}KCpomZdC*kP9-p5N??BAZ6rvyI_Ls9SRzzEn#%-| zOCJI_A83&!`z{Xj8l>~Puq|+h4(P(<9=~zn03px9-7RX1xzv)mFH;ggV+br?n(@q1%A57B?xUib@06 zFH7!xjC043w^c5lYK9cq;za%kikgTqzCYL!9z3Pli$=#$VVkJi2FD3KnJC~QnEvsY zwqlf5c=+nv7D| zCFhn}yd+2?j)O?*%V#}}xh38QN?X51?t-J#ceqW5nh7HPxaPc$De)}c^zPf^qWgPW z#N*n)k@Z|}J>R#-J{adQUef`q2@&N`=eR56ZN;Y^?!NZPLe_j}>Mpvvz0STY4t&|6 zUX6S{mvI6NX=0w$(RkQUhblw2+ghZ@KvZEARgJ^&*eeH|k2iKEU)30r1;Mjo&`*7h z{Q!nWs|;qN8ie$Oexp7%O}#4OAma4OL${BmyST@sxEC+F1FCS_G>W7d+nfW;3qRE3 z@sy5b^WW=K{Fhm1EV9}Vmm`U>cTVX~(i*?mRnVgmWxd-t|+r zB>w`ac)oCaLgfT#<%E`=gJhH=l{*A~B+{gOuc9n>umCb=R<>L^^_S@cErDrz!-?0e zX7C(m5D8I-F0lQ)kS~-K9O#wgn=Y7H7!dY%OwG8PzxHaq#z&A_xbw~>B?2zbS#rd; zaH*X+hA_HrrfB131ttTCwx0J8?`5{7TdrSkSC=8+_aRzRu)qm&vUE=)vwqKBw}+K) z1vY;PNK&Vp(Q#1((*BZ}&&;Ao4kA%;Ku(t2tT&I!v4z>(BCrb!|BW;mU4kpoEH+aDt)5W$r&C z2%^`&`<<3N~P7_LP8@Wn&_i^?}vkHTyzLJfmT0YUOZ+sP(ZlyeA*^9jo0{g^a{^O549~S*N122Q0`$+X- z%9>?%s8#6IJ&JnomTbJ}c-*2R-L4+1bR!C1+!rAS{}1{WuTn45vjPivFOAW~;~$&} zvGUh%NG@T>FI*6jRT9t#xEDj~IQSn9hLWzJbo0W^2h4Pc_uEZM-1Ga!)pN=ekr&q~ zQhd*j2WtTIdY(1>k(H#%i5KqpQ2`?(B>frt$MYjm{Q5j?+Ut$bi#lJvEdR3p^q>aY zd2SChXX~+RW!tI$J9cyb$94#-a=z^L-%K|K_I7r{#n!a~inSpD@h4>daf|O=Y5N@bL1L;RN=rfE@z3*PBK=VM z(HwjJJWS{<;9E7UaJ0}G*xj>ODS}`|1aebk?A!{oU-FtCI$U~?2`8~hPXeTQ1|llmgZX4== zM9onUY5A|8L{Jbfn8gHSRpeza%V;#2pYqp-FTBIRh@(WK^m)nzRE!PIo^qCki@s>t z4XD|x^H*i8C$C;iw4Eqvmn2)EXv%ci`fbr^C2sMm{6o;+V z^YT>7;Vl79f5NhbXlXvdbR^?;La;5JcsGwArqt@PQvx^9^)@6^^QEe}y zEH9&ao`+AK#XPTJI(298C!sr2o&f{Uo$bAA3e(n4C~nuA+jdmeTe@z(mp?lWP#dhK zpUKh8RldKOnJT;D(oSK}a@`Us+Ex`K4$0<=bg1;no)*kZe*xyWHUCJ3Er|Pokm{$_ z=#_|^k+2W0)cZ%fB*K)&uz~&ult63086^lkMwek{-%BmyMbc&J?MWOgA0D&0Onp4H zsKR%^^(sPp;Ue^voZV`Hrj}aZ7kJDfe)U;)QbK{y=D{E-}V z9#ijZ>zMkujv4Tn4Iy_S$sIV!rSS(!W*Fi7sfu{??M&7nu)ThH+ zEigUOZjSa?&r?6OK+ypRxG$9*{3W_M^t`a+tmzSRJ+d~vH-vf)a6NXnLOLaCSWM#> z`7O73taBaMQd|wrJmQ`m#!Z&O@8v3K^0)3-!)XxUG1JDpsEZFmhkwVwza~Pi(Z$E7~y{>L*+A2dcPK7bg@1 zi_fd#3SHdNR-Bm2#mjVY4_k3S73ygh!VeII&6FK)|r7xd=`l9NnxgRV2`O(O@2_fTq z+BqbsxnCeJUK3^dc@S(x=pl~&l01CU&^Kc$Z55JLnhi#ZhYu|BZ3d&3G#GA-&7XC6 ziVxIptOsM^7!DNawW?5EE_wXPgz80$622I#Tr^F({m zFIihrbRI-!31TA>X?5k3DlLi3w;MS{NcBbV?L%S@BHQco${MdPlvPZxteH;F6`gp# z1TfNm8tsNPTrP{r)=UE(BH^-}p5cmlFlYx7^G#vQVp*n^`8BhOWhg1qo#wXyDx_A5 z*4+x`IS75IVST7U;@CqmI;%ruJEh6k0In*MqiYR~Fmj*d?xiP*0xxpnc78OYHR=7; zoJn?JNaq^u!bkSAgM7PPCYV z(B(g&)FS6oT9B5y#VpF7CNp2*@1L1#hYx@j(B-_lF{$clwElI3c4B5Mbq9#+*9P*j zioWs?+})Kl-@F2wA9QECn>~VZAib`)swq5Ng!c3 zjp<5Lj7Z* zc`kzQG!iEfIZlb+kr)WoEkMYuTMA|^yNan#!vx~QP3ZzJF3>iv{3#0 zgRzGi{6XXun-rlFit?K#+@}d!p|i{{B0cXa!o{prlJE~rSV@G(Bd@ri2!8_686qt3 z3`7jYli`E#dMP|M#cz+ zOjO=d%!bmVEY zwxc?Y4J7c#k)EfzGSUIizN3(SMC6=8s)Nc>yO13PkB{JbB6Up{ws;d~sNpFIwn#S<|XI_x^t{QmfL+Vra1Zir(M*Am2RiB!vRHiSr zf15kGZvibH1L-MXEYZ{%_ahNNEpcQ$79+6%o0_EvS@V!shuz1W-RVgJ0Qj~dXCwTn zWj$y)MPdcu78KBOip2114Wk!=?=TYG3Sol~d|x3kzNcXfLg;s9pgdRX|HnYq^3QKm zL-ZlX^o@2#WX#%YST~zqhXRB`(#=BB$(BazplTZf2&)xx%tnzh9U$;P;v)SJ972mn zfPWZ5OQI86yaK7auVZCtQlTUn(OPP8YIjza&q4DELg2*R)s-bTwj!v-0fiExjKaZa z#U&0MOIIyz5oyg;b*1()j1+|2F18tC6u1V#NS>@=|Z^@8gJk**iE$0(H?6g{opL6lz>#!UGC5u@5}5K8%`!NV`6aIt-B; z`vg(_2`n9X3@`T(t%z7&S?*Hvv46z!#pNy|(2VKY@|2m+Q-*h8-z-tX6Q2d(=8;y% z0^Wr!Lv>60aEB^7%NUVm+l9T2@;CdCS5i}l20rGQXum+ptb<8VHB0q}im9)tn#bI= zpCb|ag6t%qPf!A;iv5V}RaKlu`F-L$!4hvL~AC{ zV}FZ+`fU`{Cm}#P0(8DBkT?pO4<_(jx#bo;R|qf9l_0PZCt^?#ayQ>)!!in5fxi-j zPZ3xfB(4Kd!9)hToxvgnjoFF8?m&43fz@AX2NUhN?H<*hJ;ajlN;#?8vj;4@5dsg~ z6Ea_g>0tI3Z&7`ChSdE{5eR|TLR%y~n%kI> z7AZ%snp~~Tm*Hxu>O)qyg02{lSfTfU=1qja#TvXW|5LXH6?#jbFoiY(3O969 zKnwjrE^!zOsKz^8R&HNj=&h-S@z)gA+oM{tJ?(7^{Xo$4M)04wH7HfnzQM6M5;pzj z>zYsKnrUL0i(S?#Rr4kwuA9m=zgDj3;&W^@pGEl(2)TnmaC_qF|4V28dH<+Bh1_lKG@b_c13Pqa`frk^2N>avFSj_!mR$;ZF)(L zPIoFfwo&iQba{U4$4a&Ww988A{5yOdSghB9=k8YQ$B2D_%hS9+v%d${y$HFF*{zuW zRrW^6-Rsg{>p^ZOHbdgtsWnSQ4oz`?Be;WuQxkan?qDGm%vauyyqe6Lt3-;YL&mq< z2~YG7xx0K?6XX-YPItn-P=e<36hSEweBe$vp$Yu!*j;^%J_R&@uR8Mo!9(G{adxn{ znJO;b%*BJ(%$E_euKfnsPY12@X1_)z+1c}Ee;RJu0|0Ql5;HS4ocw zZjEe4M|64OXl`qyc*HPoS%gURpyRVVaTK>T@_O;*EO7+4D^eW6wGl^eFGh-^xBRE+ zQOMnq;>b-t*!q%8C+dl2!MYe=v!zH{07;)KiA7vH;NU(6g?Y?voqalwZ^f8c~T z^FQUXJ^p)Dq}esUjE?>#Fd#XWc}C#efh5pIqppVGZ@hY}nDhN!HrDl1iIb+baA!@h=-;#Wltvl)w@RiwmkX4zg4X=d48 z5NT%V7etzK!4r3R9&vtuP!jj5l!M}k^$i)Cp1Ybi(ka} zLuUn4R(z4lYOS&w>8va(?I`9ryEAS=?r#AgSASOS}MS}KYLxFMu;)X;XeR6d;T5!<{|X6r8TQI$4Cd;iz|JJfnIXWspuAHVy^I+O zMsp|~hNy(VenMg{h-NFW3=P&dNzN$&wjJfq64?ErU^M#{fN(c~d5|~*qLT`&y#}KX z^U`b-V9jU18=XOS&mmwvY2MOvQ@+}Wi~+%j84T1%1H~uHc`P^lC|^TBGeUr{`YYX} z*NGb55PWTDTpu;D)N4a~=xr1)uLZ+yP?o@JH5HaXtOi~yPhNaqMJD%HgdkSGTyeXe zF62wd>2fSWn8Blv?SmQW;`>-cE6PlT90@bk9ru?J>M>P$xAv7xPXxhegdSt3jxo&R z5$b9Bj0Xwn>j-`4EiUH&8zH`}Mt9!ggGS#(h!w)Qe0RCH+NNnM{|m-g=u;7%5jXPH z_CHbKvorZ>`%^^dL{MC9o3r4{irZtl03Ld?8jTG;`fEjheG^}8Hv?hQS$z5150Rd; z=t{=NSKAwrS~H8Uw!P$`&E}KmV;WP%>{r`=+^8NJ1N|I?!0DTVBOY?K{j&x-M8ah` zJsoah<_%!1B4*#TP-cC#{g-A|G5gi_>o?i2w%-KO>$9s}Z7W7+bqIB}eF9wHk{n54 za>%Rg(aa~Vwr6l6r}=ELmHtH-%GcwQnNf$tx@#@096;-0zy`bt7^}Z>P_rn;m3M^oq=0I%AvoF;RSQ9_xGXks>% z)8ZsDzNO6iMu z5FTFJ#n5ep_C09+wUD)EEHR9CD6@o`*-~cGMr{1u>UpzwBFxp}WtVh3b0zwBG=Sm1 zw~t66|2@0XFdn&=%9_Ebk5DhdUK=4?)!p|S#tZke2{iem1(rdyL?U$QCzPK<$h~J$ zP?rF>r#X6u0O`Yn<}DHRsk%2Fz+`-Y4`1$?taM$)^lk5*5q0Ff$vVSWxQ@55TM*g2 zj<>MyBXV$^?eL{z`c;NeHj-M`+Ax>N`r@h#;}1}^+;)|cXJJzV>&5>&Go{bPM`*}8EtTyuCB~4I+ zN3=vDr0I(C&Iq}GgbbcIWiZC7iKb%dYIr(FB-9YGd*vOsqHX?6s z47=L8ZLI2=(s0zF5izqA>ILwfSEy;545RiYM(vD99zx4K&1|DDu&>tLu43xP{mkNs zgaZnD3b-e4V(gWOtWelH5!tcHc5U_}%SeZhKa8?niSglN6P^>|OFyGS4kyKlr@X^< zO$ef7jjo20+nmekV?zE6)(bin88TX3gat<0viWYTV?5TE*GH>ie@zbicaZ<!hKuf-URxgk1+1H8kcB^MBuJM`F(_& z6NWoiYt^UY)EMpJ*f2Fl{s>R{SRSMIfpXvx9;3KN>C4AFM%N=!gwXO#3!ZvQk-Fni zUdAo011grJ@G%YF7{k->wMXSIz65HI50z9*!xJnTO+)Y4n(hJOH>*T{F_bmk16Vc9 zR&fydh!!%vCH@|Wuqwv#(coza_4T9N%};8&1ubpIfny$%KT{ScvdvmOe4>VbGN;4X zMm4+_VI5aBRDpBNV_d^dUBfYZ4M$P_0o5=etOhZVt&gC8j<5I3AHf z+Au!L6{%}$dD}qUk$qi^^qquzO@hm}oYS3+g6Avg&TMhYQ&w7xZKPA4dmN$@uf|S3 zYl@;}*Ud1b$eoI(mr;&*x6Byw4XrJII!v=YdbHD&>EkJtOinQ!?fmJGwF%GTPe(x1 zHg@)C`Y9K#fJ~M7kV96`Z-V4|$RS?LmM_FVJMe&mU#u49<5Pz^_3E5CK^==6ckoHc)jI2xBlL}RP8vB&sD;C1$Mn5UN|dRe z^Z&G1KBYL!A>OiH2yK~y&{qgK%pnfZR>EbZ*DpHKZ=xQbpq|ek=SZOsh0#=w-Aw1s zy(B0-nqG7hC+K^R&?pPuZKHI4XKd&>#Q=u$ebw7ZJIznKxtg{(&|59}2GQI@OXg4a_-X9kIES z818B?bp8j!O+;k;KNxNqB6n-J{TgI{INUtP6?ZAP=fLocg8KxKj})A-#W4O9aAavl za4$G?OkeSjba?hmVoP%+n3`-+Onda;>vU^4wq#WNdJzhsgW85&T< zu2g`xcuf~1DkO=nf6Yd#D1=1$8bHO=FJ_ucy`JxsM9)E*XM{vK;Sz1p5@C@>H3dwd zwx6P!@wyrnbEs-6yq>AJOaSTrk|5B8?ueAHAS7yG<4Jp-V0=~UF}OR zkz64YM$SB1g?=;zXFNL!MLgu@+PkN!t?G}acmdjiVfqct?=TUIjr<{~`;j#dq5X$+ z@cpyQT>rFTJcQ7`KQaFzGrvN{hm=VlH#2{gnU8G6{$#7#e*R{P?PvFA45JG|d-^QB z`MW80n#+(e_ZhX%{X_oXQ=ezCX+vmF-`z6*G{tdG6*5*Mv?lpi<)~5FL$Wv=wd*4{ zs|tTkgXS9qqxEK_26j+{eaXp8>diIDX+5xWII6xe&yqD7&_qX_#-C83Mz|Ng=u?5Rq5K1*FzWy;%t5he7w4oVBBAy4pEnXQT6$ev9VRx;_D67^+| zO0z*w2UnQ#f=0ZUexJ!6#=mHBuVBs(G-rjG7UaC0IonZUk>XrV?VlOLisY;SKC@!uMux7mmg+Dsb@ #ocwS~ zKiRm>uWRgqq1b~>_060Z@^RX*-1OB8iQUG`5Fdp3Z@efLXRGM(JqqwCQ|pG#5m(71%Ki)|V!`x;EO5@@EO`>rgPd zHliOudu2Lb8=V2sNd@+s2BV)n)YnGMcN#|1opc8k3P#sP$3Pfe#@9w;Kr~_}gVk!U zz~brbRb3lZp?nR2y%`E7E>J-@w2ZHfj)Ld|1s2d?^wWs?+9+`s{PA6M2NeoN*G3ya z_*fZV8(jyYf?W(&pur9in7TH)1LYM2_Gl;=T^o^|K3~SyMteZCTY(MNV6Dh7t81fQ zQT`Kw-5&xbu8l^x`P!)UiVuPQ{cDV8&VT9}(Os zko^XR3xx0+5+zYqb$S`}yAc9Wor0aL zw@%+MD}7u1jhS4K&RZviOD>+~SkIYsU2%4%E*QMcM(mvxbQc5fazPDO7sF{4NoTpX z>w)ez8?rY<(GQUO3u=5zByN4hFlHe1%t7K9`92+JpM;z@5PUt5sJF*3k`XfLfFr+? z>K_%;H(8C$#67e4l;#%D&qm0-j;Yp&S4XLbr)z|CTKY0g&mXh6S2u#A3L&tvhF%r- zPkS`;p783MoAS=!V*nf_kb^aVpm*qT4)r_C&+FbPx&<=ipeXWH!}wzl353LAB<3Py z4M3vaYhXn1jX>gQL>@sHG#QDe3>U+2yU^9XQWP|K-7p#<7=!3>id-i1FxeMG_5cbB zU#CxL5g9#C(L0RHJqKhvQBVSsDMZ$S+AyTE>WaS9kIgJoNVysWD_&>$Patyqb#7UQ zH?V}iL2nX)z7I8G5IvhQBCNWlRNbd2m;u`92v?7-{@}+TdSqi-80V|Rc^U<4z_l8o z%dD^`JqFQZ9k++E{Y-3*BCIiBd5PGTgtO739}k4F`EQ}OZBTF=EMF4aLt$(^>G6)`3 z?^cklM!_7A%p$TD)P{!nN+%AHPLxKQLduOGSo=21|05!&-sYBd+lwiU(30r;P$LG> z2VI+mRaZsTy@-Nx(9T1++LvElC+It`ox(UjB+mCx@CdjzB6R7RA2zu3E!cr!Y|$w3 zeL-K<1IydQHZ+`#z856)B{m-lZUV~<#I`M*jlN&ICycEjw9%K3 zf(o!KAhtKd+2|X$ABM3FCbj`6cpNN`65Ge&Z1f%66Jc!k5ZgEuybG57#CAH2ttWje zHy++|zZp%%?DF!7WwqHw8&!2npUwDKkLE)Md!Xn%&`%>|^+%%ZekdbCYhub*XP`#k zD7lBtR7_8S<{$f+=?EhK-cR4`W(NA@3L|h8rGR~fm@l%et*)Mnpdf%iKlN_?Dd*$ zZ{tSfg0aH^ZtFBe#vGsr*+ABZ8r*`MM8)oq?C*Kwg-=-bJoAP4p^xxQZc({ zNRO$D4tN1v+u!33IEKh)?{NoM2ca(q72HPM0UN{n6P{u71q|0549yNQTz^FR9%Q&# zh|Cah~Lq|mTcAqmNd4vC25atb@=E4wfa0h3SH~80rpf|YRMqK+grPTe5fS>EF z!5aizb7rHH`~kOxo#ZQ3)2yZXt4PD?s3V`D_p7d3d;LN*`)d@}BAd zh7fqShG7>#KWHEo(-+2YS1%}_2LZB*fPSw@e>QU_9nhpMtm%M8Nl6DZ{)NEqVabw|-5NVgjys~-}3{%shW5q$LFjF&!uG5$bZ zi1bvtqhk8z;aP9Y`wRI1e)5NgF%iLNP1TlarUf*y)_P5Pn@m*u0Em`-$km#M;T|E; zlF0f{-I;V|qu3obAg*(V*Hd`A{WEyW0C6{hQ81A%O@MO@<-SQs>_GN22)>Y6 z5uW(#d#XW3T=Ybmtn!X5uuY1-oaQAQ~&AWGQ51V%im3|UUaTGPZE+kWq zjqKVTx^X+gyY^{sOv^>wwRc0BrAHLg+nVX^aHh@Pn30O<88B=mCUNI8(l)76W=C09Ye4CfRdv>j*c^5S@VOa||owF|Hu` zE5rEdORhTUIE(=@S`wqEW#`v$3cluruayQ?F};rd=uK*LCogAr38AaZK(82=x>iIFq`QT!( zEk>d{Sh^v!rf<5B=&RJD6&SRh!?zx-!A4s?174|`Hly%1d%D<@gS~5WW{$1ZU=*yI;P=%^EPd_gyD9AVTXeI z0+G)Zoa+R7_XG_neKh|N8hrdN+OQze5!qKE6kJJPv&XvfG2nd7koXI9_q!IM zlpgVLN2NTmge~8--=h`Z(>d#a&@Q7l&-`C7BU!#Tm#94hTfPfisGc1lj@EQ#6xB~v zw~eZcj;i}Emi(+gQM3?Ml_O-GMdB4ic2eTMNW`8r3^zhS6jb9F_~->nUo;Y9k$clg zZc4Gnj;Dud=9n?lmvU3y1kI}mfhPurHih1p42)&Qi>Yj#F0BU5${%ifkxi!*+*%D6jA^*M3I(?x40{#aIYiDVxYX0w3?LYT=*K3GGDvL( zc^v@0TomMjqys|WE2bd#CiIug3h4JEwxRpyRMJ%s8BH(@NANv@MBogpHbTKONVGx) zo9;o$vq;oBYZ!@V*{^ImNa>A==>}aNm6CH0Yj$tYUw4*t^m|rq`YqFb_vqgCJDHt+ z19jp(>P1(>uV87FU3?F(v_Eg)N&+(n%SfU9-B`K*q$|6jgOzwA=*jh|Q3(ml_yNJ` z5a;HztU{_5OUF{V2K}($YS2D#mh8-+P!*CdbrZ^Gx-%-Nwq8*w9hPwiyadh{&nmGV zXR#c{9wM9>m9SQc^(Baoo#j@{MZ9+lGZUKVcx7{{Dr@f00aPP=#;QC>wAd_TA*@u-IVx`u63 z!?>t~b*hF>!Fg2Ga8T17v)54TJX8=NaG|Ce{4a60Y(nQge{WF7j&OdL#|-16d+ifq zp21(!^4DTSdY}2{d)d;ysr1d?l8b3QNvRB7PyF4vkTxqhmDTal!MSQ+=sjouN>0#k z1`n&$N}u~C=hLtH=6-DBkXEE%fKne7Q~#M+QHgsi*^2Z=4_$Yjt;kG7%FeSDc?gjQ z5sX3fQ!`}@qQ2APTuvvyS^`fS^u9uc)RI zKXNgBkH6gteHaoVg?d_XU{FJ9&_1Jpehp|3gh;y&LX1M93IeRT!2OgkP;6^e1j^Pu<)~g1O7Is_x_F z4!Vft<07eMP0ejJFsK%<-xs15syT+g+rXe&d~#n8IT z)+>u%yuAkk-9luDO@5#-d;cZ?dsp=_{^f%9e8vV5d z98+fi^c-ld2l&aEto+lIuDKd_JbgPyHHqWzy(WD$J(k$B@Tcs>ZD zk5H|nkJDe@S^V8-n#M|m{(m;3ld)#>bGN2(4MIUAbfpw3@W?9K10nG^ayKFPC$re( z0QO%MT%5}}pB%tRs|;2{!@rU9$pKuls+t3MWT=cN2Qa9)!qHINF7csb(}=cQtJ%@` z3ex-sK{y(%u9tKkV^2MsqY-eLh7TdI;U-xgvTq2f!DF1E8XVEq0#(D!;2iJd8Vavh zD$uvSt%h$={w0FH==xv{lU8eU6u3AnwC11_r8pc$B@j(#v~^0=+%5t#BM9gAi6M$k z#gz5ZQY-}RZN#%HT^oAaV^WbqIYhNR7Zv>!1|e$@ie3iiV+dJ=NPJNnnn_WZ!Wz%=QfQ;5qwLK80Gg|VhF5261D8wQzRsE)7 z`sDK^N9>F>?5xcK{R{-*tgT069ifr4_9h~)$C>Q=`GzWyec^EX9EoozxYJETG@-nZ@~?<)MoBG@IZMRX(jdTgCLr!j}$D zi?uBKt&n>T$-ZZ3b=m!oaV8yT^js?nB9?EEZ%@*}##`KAeU4m5z3?Tcxhi)WXQ4aJ z1XhA~v^iUlZmVG&XhtCfKB`d(sD_WU+1f@mTyR(qsv0(eb8RBm@R_dRjJ<|4C_hOx zEC@4LzWe;mQ@w$mchn7WeFl8goIXoNuhFrAj;MJRV^6#81S z`GdoHv5M95Zg4I}$US9~)+nI&(^`QxZapS<77}lP=Cx$*llyPb<4<^}9P$9oNHLAy zNs{9=X-)yX;5GvEV+peh5*_-k|!KXy~Okd25OCQiQ;fntQW=-ovW|$4){` zM`9bOH!DG-^5)&JCY$ALX3dNnXM+gznsY$g1yAXzU79X zba!qDN_UXm68daKm6k3yo|`V7J~0aDS9p`^i74uNATqk z86wZ7^3wII)?^jaYt62x*j5koS~I$~X^gDRYt3DVEUC?F%`=E>t!=UsJm^NHsw$@8 z-j0eH`!GAfpMc>bVk!_n58TKwUVNCYc#&|`fd#6~<3IaGrBy^jKNl>HH6dCuMvydE`s&~)wU$1gS+e10MC9_ecaWn51Cir-{8+y3-n!5Y=ooG|UF}w&e~TvZZAf$hZEju0T+Bkb1P%Q# zw!pj><#!S0sv6BU{gUxoen`lW6GIwFRcLo@x9=nES#o#a_XG zE$<+nha$9oG-$#;<$T)F_Is3fwaHq4PTPu0RdK2=b`%AR?^VUMbaC^dV5N@-D;?ao zC^%Mo9t}Rq;2&ixIQnQ%ZB7jh=AW_WvjHS~?|w{Ikh_}uh%BxDSx(S#uJ19ug$;aA zgT{>cl^$9gAq%$X7rnEhuf#SSJ)DD(m5RjYh#a6qVWg+AyrG;BR{ zCa^?Jo}fn|s7Jx~VotBjy;&G7>#Ez>H0mG(o*r34U7|HRMyl4NHv#9!XzR`= zxHVnC*{LzNW{0kg9>&(KnTzt-R72CS)`+!0e2w=dU4x1>QgV)pw#+BFwtoWU*~Z+q zx0uq@F}1Sknm+>V5vuuUSli^vb{5^Wfu7QSlHOB7;!n{2u3FP~lxhvpnAb&1bJV1X zX=ES-w$;>{f{12@aR~HJ5~hX3aM0e+gfZu7OrkOS^B6pc^7{#M*Qgrg^bcZfqTh#m z^~s>_e!%%;P>wyx1|>%uly7Xsf2rbJUHq%9xWQ&F?x>1$^SH~%UGop&1kL`go3*L* zPvCqqDK~5m`gDtI^wVwht2m$5!&RH@>)|{#f&9POD&D$Tw{~!^Q9;bTn}c>R_XaKy z_G<S`p04dxA-mZs3^mTq<^T$ZJO66nTU8YK*W22%ZCJ{!* z*s5p`hM0Dul2}1#1qtIq2(jwM$Jmf5BO%GOBPXVqSJsizBv}G8nQ|zdl5Jz{TqhUf zUkhk%yBw)NvsGW)UVT(lOjL9fQPoKesWZ)v0?QH;(tq_L(56mN)K#)_VyWK@H1z=0 zAlpVPg=&~$P!kLz-CpLvz-HK6Kp9tv4o5FE$}~IIQN+ZZE1KLmG+Smi(V3Q=wkaLS zT$yQvG8jg)&@3W1jH^O1Btr9WU{bF9+N-*V(iZj2KvIA6g)Y{h)S{@N))2J5Wt2IH zo+8OM0!fb49bHn%E-EtOmW0IaUs7R0Zv$dzTP>}C!&Q5E7swn?1!T3ut03YmD~O(* zY1#!$7X)px<@m9-w#_s`X$+&CW$$=py4VSW)!#K)XaC@?0b7?(c%(?C#ZYhS4KL(AxA= z6a|5 z@WFu{XfeScs+a_#+`+nCQdfr9dq56&k&OiV`Y2QJUax>)*5!yW&5aBaW!IaVtdMy> z%nF(J!!sF6_xK21tr)10BtCV=DAMLYlF;VS*_=5hgdJ1!g&XJ`@hE)723&B~yJ_nK_xQTlptW9bG(Q z%vit7MW&>mHo-q;?98%~lH%!O%Y1=W{%Iv8W&Rn{r}>K~j`EKmJ=#CJecRz}vwhRX zj+rpB%vU^d>Wta`fW|WftpXo4v21!sPH6G;In)1drBnpy)aj*T$Bvm%Iz5xVOl6de znlyHFS>^=#M9cKDF=NJ#L)>W?Wphf$PDeCCWKS$X)RNJuWinnmr?g}mbCyk@=A(X6*FQ)9fUp=9G<{Zbz9hb>irfF=OpC;aQ+6 zE}1$WqD>oH%D|Knf{U@Sr^gkSj4ZQfl+Az!gg{Q5US>~^nK(LxVM@uE8O0%TmChME zZCc5+=`w{9(khu4ISOqbsR%=$tJO`|Bg-a?9$8$>Loj;m%#p>q*6A}!gI$j*blk8^ z!{dl=BOMm!opnshN=`~jGA+{;lWtj8y9y0Qgjqy?Dk22;;d&w4;`TzDO zf{c~(?#L~cmBgki7N#q|M$`5A>`M;O>d4FJlFu%U^Wf#+{O8g*Yc2=p(@Wz#bU8Sm z{0)w6sMlT&&c~O=S$8=&A6*)!>T+<7UK(e8c9Us8pIem;(M z)rxkRxumQ6jlHzYA{uAaU2Mho0C3MFD?Z7p>oTq6aY*J_iBiA{@kh$;8c%;oFjKTD z$x5JqxMh;QlK$+n65h5Foui5@ugl%cig%^D6D`Y`Xj&;ftt(s|v6Da@CK@o*YUUF2 zXJ{r#=s_ah-P7_60p|^1tYgJE=M-6q*CRU>5NSnLymMS(g_Yv0Yucb(+o*Mj?X%qC z-}{oRT8P9JTD5{LaJxREze!e#NSK_NC)(jQMIu3F4z;2ytsLj`<(ck6s}XV>&UX!> zuqrJ{=v-5tD``_L590~kJS&d=DU`X_y4=e}zoul;_+63fBDtM;rqu|s1Xm&V#B#(% z52CfAy7A`(y2I6z{!*_yl0{5N>oB<#824IroG+BSGpz=l08{`1r`K^6Mv`iE&9pMa zzeBAit|Y7J5UWY28?C0!TZ*hE{jAg>md|-hu9b7O<-5j89S6GcNl8|o%gnQKa;?0M zR+FAq4tNTO4z)6_x0-Y(q$EHI$RyE(6e|bFjhwF=nO25#cX=W5h9b|jGI9}JFQRRV zLQ;M!r=yjTXSErE?4d&hM}0AJy>tih(7FSt%9J_^%}+1Pv{GHphs%qsE0Nu($ZCyF zj6t-vYqn6Q#zmH2XHBb~HKTgg%<5UC;aQ%Wk-J>wX35;cLOCLwpBPX!F>W)?(Ld)f z2r~=CBsfkJHQf}99_J0YRx@Xl!f>6>lR7^!sPpm8IH-biI>ln#iF<39K$vIOR;z-5 zbN|<5x(r|fS?Y3Q8A}mX!m|kG26>;~0(DJJwW7p$%ygMBE^g;)%R~*ch{XBnE#$(d zCX1pN=R+3h_6#vOV}!w@Kev^_c&$E9a8C>VZ`G^ZcOFcf9 zv?C zmsqh}VrX2M;%|k^ObQxxSzcIE9!W6=sCAOe$|6bfcmJZ}dRmsxRRo@7%W7bm6CiZU zU6z@go}TG)z8Jgf|3SJM^FpPoU}-M(uaI`vCI0=J)>Nq0JTz&S9+`wrMOK_#TWJ{0 ziG>iW(5mOEWz_+HXRA(q%bewM-Ww0YpX5w6lf-|-?Hqv#=1eDj9Z^=1OYw9Or&xvM zc5FAH0j`q(qgilXt${*$o-2WJr$S*8UCx8?CM?u5B^8Czo7fj`3SF~YLj~DZ(i1m?n(^>_)t>7_Y@(b;MdN zW={p8Qq+%1O&dC9+NL;@78>WXrgRpp6hXI9ND)B>i5diB_HaoN3-mDrinB?)Azb25 zK~T#^P!&$_83; ziB~%c8Sd+NT0~WSNzU7*&;%6*w2kvmnC4VkP%4Ed=|0Ck%TVcLXdh;u@G6xE?eTBi zP^z<0T|iw0xNmnE1+8fKy2$N{JfyWCX3m}B?ig)+EgB+B$xA*1gTH2PE}K6 zS3>9v*fTXu8+IosZIG+a%Tp^t30_XnlPst%s<$2xJg-cx!N5m5p8=;yQacxyqpjox zwRhGc|H4^hwUPgzg16_pi`+xSM0wnlzGRB)Ui#PB^mvlhLSQbmT2jNwX<2WjyUg=e zgLQ~6q`1|fLPSZ*=GuI^#bTFex`#UJ76~!m4QV?Hw?V)<0^T`guV|bH=yGkmT`v0Y zCxv#$)5P985N^OE3ggX}q#Fr!^5 zf`9v2ZqnsNY)OwOOUnN~%LD1oqEwk)9+NXcZF>5%>QBVBEt+`g7eCt!rgVV z!1p8}zNI|a1(IP-t@4!EaAkX!299v8FV=AeYbKHsUt)i~ir_^8v;+;=n z5imQWW8jf{YJ+cg8R%+}hyVY>FCT~KZgDUWMYU}&gF}aSZn{WhqV)00@xR4Py{%lD zuD=XYyu2Fxao1E=#TFX;@5m~++>IMzIgKFa9MczJ#cK;Fdy4v_Nx+YVbg`~G#Jr7lZ502;xF(AlzJSvZG`(c%5(RdmS(NT_4uK9j z>zcxS*gILf4{qmD%EfCOFY>O=YnbtPvKru!bIRO<-oy)$+E{HZ$056yBL8Y{i z8zgEBY3g)R)EJ?s)6LglAlBFu`E~!$RJ#tVcW@ zXIsv@=9*IM3r@34Z1l}a6u%=hsTKKWd+Ds}719w|RjF;d$JAk8$8uH(plFx#PbcC1 zm?Ta;VqESFp;IwfYLdjia#&VX-^$XFY7=pkxC4uQhT2Lmr-htWmOQQHVoEvvSn{3y z3$6HTDUq3p&gz#*gqU8Uj%VkGt?K(tlX=_b3c_LO)S@e>%ZE{yUonnQhGkL*!5xeV zStD1vzhMcSw~P}NRD@UXD_4+C!aq;_B6e!d^S9ErxV}u>6Cnv4vUSMuk^nPF0B4D zuIT9`IUQfHS>i3i5`UOPM@LvkrtA&clukm9Sl6v$c|SMRw!9}e7bTE}JtZ3g?1hsl zKi=j1BbhwwizIj^oyP9tL*kX>Yl{VZ{S?yWhR!b%3z07u@cXBPjti9c>qI$u5@>2V zzZA`s%UYS$guI&ba*@SOucy_`-4Ur?WT8YIt=)+e>xUykGak%C+gE?a6&%_M|Apo{%az z$JcB*%4m-rYC0mweRrNofcl{RZ-x4B{neMn5dP&h{%?st*5zDbnrh5XO%l3*ycF;y z78Rkq5BnC*sKYw8g_dmy<>nTW z^+z$1rgK-Qw!f4>EqPW*(RfRtZ2sG#`57+f&J=N89|K*N!aPO7z{^B)J}j25W18I6 zWvC@gyR)&5o#684D^yj}}J1#naoPrcM1xeI) zaMhE0hs9b-vCR+V949MyHOU-G1GlK0ru1({p&ZAzFpgE+t0sv7`;(HS{u2i|)5wXB z#WuX|VJmPLGvGh8DCEj*<9%E!sbYfM>S_O2o>#rd=Tr+-$GXani&I{M&dSfx%IUl} znc`5$a6uFowh&T9htN^$v?+sr90jG+pe+p%LgG z9k-&9x=ruY+t9JXH*(3V5MHr#)6W`Z(6oEY3q?FPJv~z->9WC@SS0AdG$c?-Qt zFg#*o5bMN;2KgH+#iCjf+{Qze6rlkJc@WSBbTkGw10OHQ6?sV$^Ey8>)qjOnT zl{f*sEJdw8W!Z!OgvoyR8?r5YZ4#p8e>0cm>5gRhkQu($3~&uS&X>#Snl5*51?^?s zycMc+nBo8%Y}u0Qw|P9fZgBzaFaL{y+kS{?f1X!E+eO!(tCW=QGv!4) z>hkJh{8NbmgYSIL2(b)Xq^0|cb!dOM0#uCS^@{j+I@CRu+pp&gGQ{-N$Ik+2+q`NG z+v_m3u5O)IZ7@+Rj>>4VKBWntnip(2>_jCueOWS#_!6dPFL7e|l~I;NYC4YQYG1S3 zTzzgz_*{J}vBtUTk&P04Dbw=&Bl^6whYib6NI#$nrhA%hR)z4W}Gp6li+s;Hq` zNXc(;mkES}lS6eAMNhI}crRpZAXAw<6J70c=aSrfy_Ou*n<-dTO}z3i}y?2J2iY5V4` z66eXAlIcMdQ zTqM#7Gc9)q)Vy9egGIK}(iMN>4K8PIu#FUI89RMg$R10s5-wWmi^^e3CFdGGPYy8}34K|HR1msicCSJ&$ru5czfKIsiQ+FJO~kWa(HVN!wT!aj4o#cwD`t zz8|*ekt(mWuUZBFJt<5xc#U{A#ongsT2%Ib$a@p`s*3Az{JwYd9$}NP3a(KU#R>!j z0SO9aM}e2*B_@#M5wbuaBq4bLLd8TB#ibf7wrGXmzG0<`R#Cs=jyqM0mDYu?SZhVA z)>ewYZ~L3&oSFO1%zasEf8YK;|50+zJ@=eh&YU@OX71ekB-`V__G2G52<@H#wrkoP zIU>$!?vHWKY!T=5&_SSdUq_avrlajW)J7G=^q-n8;-`MNcm1pgik}og@v}TAo(-2Q z!yl|u+WGZTqbYaxZ?{i*g-ElCZ}0E*DY7wdElp+1(cyBx$$g~vJ{5JtW3Fy)SAM!@ z)jr{a#DS_+0e;Y@YbGc2gFcL!%1`8lZ()?1`2^daFP<4;qgb{MjN?<-7M{t0J}`>; zpb5`qGQX9isrM|FF=zP(HA^SsWV35}F0`&IQmJo9`fR3nsnp)_oee=+f? zTeaNcyr*g1KAFWkPU8OW7b)8Xzfk&0USKz_^p&&4LCD!Ng#Oa{^7Ch6Xa)GbPjC0A ze0307oJE^$o`%LF-E8b_5@vF&yOQ-)uSpX^{hD|aj^f9G`9_oIl$OwtFte>Q!u&kT zY|%|Ua=xqkHh=6aFgQ8iRUDJ$S(!s+hwx3^Lg*L1frTU7zxSNV zw?khN=jMC!gY2iW{_lNRYJ6)bJ=`mFieQ$<%=uoOWP{^k;q$}HdmQU_Z3&GE^VbK` zMc|W6=F|zHz7tV$5L;6n%RR_2lwRX6eQLNjing?5hK~KIE^`%=;19<8Wr|fq+E)Jj zNN(`5Wy_e2V#LVf@LNLTIrv3r;udC-*Y^`=2~Q2r77pTgcTEeEdYaXTpB_73oV6Mh zo)~V~6-wu=92;gcWoV>mt%m;42l-tKCx&G7d>@Dr6d(Ic7Prld!KY-&oVb(p^>G$_1VP}stRRYVaL zoAM8y0+n=)CT<$mPg6vyhS{C+shXI?R8a3WZjbRzg&l8Hb# zdiUd?aP|9eUig&@^MU~G^B2hsy7%`^4Eb_m0FlSs0N#X2;3xcVfc#0pcmDQ4rRY0< zI6Jvv_m;3^ar=eD`+j)ImY+S~y0`maQ$AX?RAfc+Zb8oBf;wn{w=-9H88RuupnNfO z7)!n%EmJJ~#{?j-`w2Ynl_zq4(}??Xe2tqT2GAkqVm+0V*+Dy4mOYtWR)hw*Cvexk zn;#tyrDx&{AOl=xS7RWGIu+vE{_>jttS(g7@3V=7)8BTVb&9 zss~sd`Gn;@!T)S`#KG!8V#s(jg~InRVR3+Ako##UKuQQ5zaZg?uRb^-lcD+EI|27; zr$WB!!rycWb&K&M$ooQRg<^r#jYSsSuN7$5u-woPrz`krQx?O^?cXOu>ICRN*_^5# ziKn`UQ}mvyeD5lhc0Hryi@2nR+bfknB3dCgp!gDV8y^7u`woDd`O(IJcc-}!9@F57 z&!WCz7SNo`i{9e~^2JH4HTkKZ$i??aez|O)umpxZa}n$Y{`n%yCRLhyi7Ucx`P9h6 z5|`_?BSF630=r6|CS<`+#L2ll&ZVfO$(ipWYAtMT*U82S0U_xtm=_FBZ+p1H4GElTNpEg5isS`UFe_nYn?dwBQC z&kywqg!%hj?xuRaH6Yk3LMOU^>LCWDD5h7KAN<=?-val=ZSiQZJG?5fF?95VP@n60 zK3CN5Lbeg^-+J&h-1U9cGN~6g<_p3HL-Rzwd}rk{Z@x!FzJ;>(8@WQN4kpwgU+gf4 zP8JpH&)POy)FzYEW)`o?mGxUCcUSjY!F?qY=atH|R%&ZPrBp#jgy`j>pd+H7gz7P^ zQ5~_%AGBG&Zf>`&p)>ib886|P<2eFmT%S689mJgXi5Ve9c+7h)&S&=rgu2dUqi;2z z0{ME7HS^JxP*=}_o4@6wR)m%n+(Eh1^l%Tc*TskLjv${YcC1aEZ8fhD3k3L<0c%FL zOvv|od;rjEwxFC|kh&F?IZp)OO=SLd(#8DfO`w8rJWs;8x_1jNB3~X7XsMT@_{$z# z;9ODL_4T^8!{u`DFFi1}mFw+p?!0&?BQtcAJ8%y-n>a5fUzMUa-mb?NeE128e(=O( zbG>{A@{giW)+(b|CV6&v9Xu%cXHRiZB+j2s^bD`(vHxQiarqZrvDvocBEAXKRlYsa zPrjfdpLL5DNkRiI2&J9Ly|H|)Jav9(Kr`>7zH;L>yfkz|xFvWBe-Yx9&^e4Wu!2=` z=(^B&uJoOJku)1yE}q{$>;}+Nh=rtE&?0`;`*0T4a zIBQ_{K>sj*F74h!bD4*^jHJ0d&XYH*r&U$~I7K0@L=EGit}F&+wVf#%DNbO%$PX;L zTbklRk!&IvE;Px4ir3a~O+FOjZ$Y}x@mCSJCZ+ns$*<6{%p`xqTHjC5UXnYXJf2Q1 z3>{a?_ucy9X2N3m+6q71+nXC}54O^NEQD`|urRFKcA@K&6LdYqJx*+4EzV>H&t}=J zTSIA_a5+5EXG?Eh?h}X1cz%=lVZKdJRD`9o3}R?nYx4fIv_KQQla=DVKa1W>9xjQ`0>u?^JEy|F8g9G42g z{U|7(mbOUQ+Zdr|KWOU$*_hzqKJ4OE`S3AgBUg4GW(<4{)IW8*P`qr}9N<5>&mO)N zva^Z%^EVu(pT5%WZf?Xq&2_1>h5Jh4_+V%00QAZyE8F>$Za)b8VWr%PVy%{hk5|g4 zS+Yyt>`8`G9EVd6V>t1lB(ivI1=8qj;#($Nlw+*{i&XJEN&XK*sH;5^lO}={0{-(|oNLrGK|WT% z2qC_y%g0!NiVav$5z26xn;RegI+Q6S=7hTbL@atMc7@%$;W2x_J>=vwRc;cGpbj~4 zfu{>RGky4QxFtK~=ONH~8VtKZv=75w?T`-`wR zg7;=)U{As(GYc?B@Q0Ine2uVd4QDF17ZyR!Zyn1>GY->)tOqsWG2=%GLoNAvoP)r7 z(97FuJec0zBF>at-d*k`tak%^2X3FkJ&pUqnuAP76(0Sx$Wve7s)n!`WDn!miX7oR zp%dH(SOIgGR76ZNv-uPg;-?4s{K6)eU6w5GM^`^2^$Kr({PscjxUCkE9o|}`_BohP zjqSeGctBL6w_Cm|HJ>s4BS4wtNk?uSNAsYApT6fKpuhX!Di-x=Ghj;FmYT|slk;z? zxbLkB#N+XHx!m>LWzT#aCmuFaoZ&jbeZE_=n#Xy~`?%i*0&i~1A(M!;6)u%5h#e@|eyvxg7xnms~}hq`9U%fBG$}5W($@HkArKIq(}KX?i1AIK&JW$ z`fe>-IqRE)#7(&9n%W2RV)p;tnpC;a*)DfX@58_{k9O3v%-C++7JV53`Zk zaPp1m?$=!d;`O|=^Fzl^5EdyKH^jXzkiTnPrikY-0ICR$Sa|arPBIM4PLEph1iT4=6l@&eG?rJgwN+QS-tMQXs})}HiuwXeTU$g8)zW~D~7( z4k+W@$oJM-xbfy2#=FHkT>D71z27weFN$0$c*nb?`S@1E3o8Q{5>xHE|J4L{~&!>N7vtJQG4 z^sOE=niF523c|M<#4CE;;H1XBbsXgz9xK^Wex6v6a~`=hDi6n~Ezw`sC2Wb_37=r_ zZi#-QwnRg2&(w7JN-?Wb&rG@8f$@^8aQ( z^vMCt*g`^!X`zAJLf&sd;Mx60Dz}Sp>g56YmHq9NI#+RK>9qmF(=~ZMe^%{?s2@HWi0gEB?=VAAklyu6K2PC!oT&k^p>YChTrF zIv`)M{#p<@>8hjU$6x-oB()EW5=MfDaa@n8{Q2_5T@S4*to#FR*UVtp2?Xj(ORB5O z>tgY`l9lCk_2o`gd38lYb*WQc%|8WQ7vo=Nj#b9X>)5~L^-iQQ+E`m2n^{sny}Tse zP*?86Yh#Pc<0bKUom0Ppb1rup;uYhZ>P4}VvNES;QLL`KqO>~hEH9~B#){xvCH3`^ z6HDPAZkD(xP~=oyTUAn8&ZKKuNlsaLMM*SeWhE^yiPu%G zjxA>#m9 zbxE~TvOHE&UA{W*l-9GB&CZ!OH#WCqF3%1s6pJ+GNaf8FAD9;TavfE!Dd%iZTBLE7 z_>y!?f;r;j)=ooZb$sO6vA9w|X;pbiol{v|8LzFYDRt_XRn{&mZ>*2;&ug@f)NmVGSy{%5yr8CfacpvZ4%bmkFks(6Z)KOP;tdfsEGvnZ2#s)6 z*2hb#c34M?50djL)>W1+ zDXm#vTf&SM8w)nax|l0$74Pau;}7|#(m`j-V-+QV%6jNN`3ZAoN6X7am7{eHzt zQr4v~+NHHI6A)jF=Vk?cGrg{6IY;k+2ti=jl6dJ>+Zbf!o6U7%aqB070;Lw%dL*q zm6R^yGP2t-tEuH2hyf+hY5e2!s7UU*q%y&H%A|QZ;uizz8pUW~F@MW8x40MFeio!h6iB79G^+@G3DM5NE!tIxcJi zM=T%d{B!*k6|APLCUYCO0nHIVNKh{fietQEYZ~Ir2!*{=R+m)qLP|lfW(ofH3MliD^4mXC4962<7*z$Nob@{}_RSC2b;*x94ghb>MYHt($TVHKxjr{KeVkLeq@jA5n%xp-6=^%n49b|2<V7d~9`TqqC@j#~F(n zDk_9;5yL{LWhKj?rjCz$Q7Oj6!xe$o^IEWe6Bo6O+?oghw8Wt^Du_V5H%?SN-F|o0uN*0xk88@bE%-GSR z$Bi31Zv6PsXPsSEGOA?c=y7AmjIvFje5|5Laiyw!dQQ${fq&HKhoy~fX^{@)7 zxHp) zl+?$;Dr6sV_43;C3h^jKR@V|vI`|VhvE?wKNZ(jrzM_HUR1TNQ1xUNZ+0#4bc)+lP z`Hyrp5z079#J^BoZEGXEzum*jfLK9B%N`?P(~z9`>YY*|o&wVC%R_P!kJj7vP z6&uJ9e}Iu+*p#T= zp8=ArD`dlAg~dmA9`}B7c&q4}hp6ZeL`X3e^cqt+=rN_Iw-|(7mDMX6D(f22m$Q23 zh=7z&RcDRDbrqlFxVzx9DFb5o>Ez7Qf=UIzDF}qF$hTQml~iJ2GYa5n z6)%Y1EP-7H^d}5e^C?>%fLiLr8jx@9=)jcEUaWB?i}+5*l5*w@#VS2<0ur_0L8Bu! zRLH2;3sIb3cwE7&#kx~0+8P#>R6%i^S(r?DnYYym8$K0P4J-mwozAt!OqOMdyI3MJmODQ< ze56rVRy6W?jQf_HDYIt57+_0)x^gzr)t5sIApDc~lQ7YH>ZA0WASldp8S?>NR=uIa zZ193|W?tFlr47u+SC$JSQQKD{kY;f+3!mgR9Iq*C`Ec!MT~FmvRE_A%l1243RShDZ z=B^ck5Kt-_HvaG+ufjBrCsu*S&wPKYtg=iFNN@c`l%VEHxd3BBy@ERzJ~^(bsb-_4 zWVKxRi`#rxjEARc@gw`Tw4`(iuc!)ky;_ppMK>tqW-1$5JkHkL!h3@|wz;fqaIR`w z2q%nXa{EPZYVb(hS_Ls_Af+@YXCeU?nmKQC?TK zyneAB*3yk&KrJI?o}H(;%(54iFJ=v4iuMGFvX=9hjn~yBIsm#8FGqT1soXY&#jjUD zX-;h0L@Zg6M-f#|KH#jLWYrHNbL-W<_+9BIW%I&>fnDc|YS{M!-|y zR@b_Bs7?3z6d6{o^N|L7!0e-6`yMaW%TbV;UCCSq{a678m-U0Mr@-k<4N|L7qaC?PjdlAsLlb5-yQ<6Nb zhTGR_Hk=)vOJ3%NPDwh>^>A}%^6XpT_8pq-p0*`1?d>YzZ@Vg1L_bxeJVd|JT!?-R zu&s!V1slU8d~uk{1ktmHtD+EHI^3HtUfrr05&c5~BVKhGp%|0b=4DlzD58JR6+{%X zOBNVnj=xsoS-&=NjM{R{N~*W#{zLQ@aK3_KdjYfSY>Zge1CDbVFf8#hK1d3-N@K$2 z%u^MQ%p;kyDq@yTXs#znDb|MMz|BH{K~@#Y74+01M`f047HJ)oQ{ndP4oL=`7vSdG zZPbi*tWYNHL|+Xz0OOUqD&L|xC(Wk1@^r0Xin&4l`i&w3^1XxR#oY3@-HmL8?DTMp=IP5LfPqG>8SpC#`SV5~}0jEFw3NJS??Hd9r0 zMfU8ff#G6ZE}|`pl#8ftti>-l&K9`cs@WcETT*L!k=D4$R0TI{lQFGGil~2h8dZBL8m^Ia&q)nq&!5I_LUIA8@O8ES1}^`O#)-`qCZweM-lzIt_`Bz9Q|B5 z=6FbnXB{$fjM{Qc76Yb1<4;lgh#)#owY;zh(50G$Xk3vZaiX83eS=!h)&(Ov*;M&n zO+xf{y5Qd#1=}1jEO00L7aZ3{fdxO%u7W>JQgCQ4#u`=x|t*=t%q~`b8_3m)RB}iQNj%qF}qwucPmmMqAzGJM3+rcT!^j(D9s+P z2LDhoB0BAdUPioXnxz;Ky=s=15wAX-tr!vg+iWi*UhTL*F(Nv4j+YUymSihNL~$%I zvukO>izOFoK0q5U^k#@xZ)!$FKS*H2t8w{?5z*p&Psw=kXU*q)&k0RouIl6{qSGcJ zDGyO^Cr4E$f2A1_Jz=t!5wE6A);R)tNdhBYT{2xUB6_nTWh1&xb0PY{bZ>TewRfgs zMD)N+FC$*9RaTgX=#`3;d!@xNqslOUqzp6fM;613D#QF#8D<`$|D#CR3Z0|45cQgG zRGIGq&4}n135Rx4+d5G@K_cG$u0nK=T*mSa( z;s0I2VX##VgRHHFN6a-nViuxjovXMI{p)#1iXr+xij;+DaFP;4G^|KDh<4Rnh-x1k zv-#jGH9WU#SwvsevWWghk+KlouLTjkM2+AWq8k(`7tt-63(+9>dDm%bY7JVZf-E%^ zoIFKki0CLqiXnRL6t65^&Cs%l4w$NB5%qeBEafF;%+#`gmZ-rWL-Zo;4-j3ixz-b} z;X3iAR-50*QhsBQ@*BB`=AQ3m#H)+XSH&PY?*cC)UR|fWNet2EIbKG*>M~a`B6{XL zFC$*fn5P&Ky(WPXuWr(ehz^Z-8SyGFq8Je^OJKySYR!n~AF`Cj5cN8;Eak}7=P5=+ z@5%Er;+3A-a}gbw?`6a*J!8klSv+2r@_2g6jyau9=#?VM-(*LO2&~99`m-$&SdlFP z%T~kg5@p3jml$(jw#|mKEkRk4Ehx*j1Z73Gpe$R>YPBjTE2=evvdxyDtjHFWWm|%> zB3n?FZ3)VXEJ4|3OHk&s*WOktfUZ1g5@wW*o%XpVVeFKld}=m&-fJ`oJ8_uuf7$2~ z&(|dMbPp*{myMCnmzp#jIyF!CK03eEnq<1K>}De($^OFdG})%B$SyMmcD6Z$v(3Sp zZ4S$99Dwg>lGA}yW6b*bIK`)^DL((N#^jxkUAIw_aB9`_XujEX`DWMUn_ZWWT{lMc zQ+|mtO7qQ5$v2&5zNy=M)a^W_+kEGHOZA3MBdF6JN~e(?By0*gE7MFpM-ZJnNwcBu zH)u9QU-ht={SiU*a}OJixXF_>&Fr@b_S;a^NfAV`E4ifEml3lsBZ$5_Q%fEoK?tXr zeI7CUJVFN|m!u<+)96s-G&=8cnrTB3(}p6Z4Mh;eA27it;}ayX5~Go0p-6r==^{#|+>V^P%q zwgv(Tz?-n8df8Wm4ec{Yk-5f6M;u6DaFRrIUlf{sQD|Cnp=rs5rUNN7)mCV#ty4vn~TvD>4fe`3FrxMV_q`nT3jcUTH1M9Jg7f*0M~kWtm#bGPRav zYAwsuS{7<;pC&mSN_3gxS(0eI8OsmLQiG991B{pk7(ub~`v(t0TPA@h)J;&_y9PIQ` z9e0!(c93J*L5}IujUx`h0PFk!8h~XL5lA!+w1Yk8qC`e3;=R=Vz{pm_=bWec5dX1< z5AkO`e9szIlpmZVQM4k?W^N>8w4%`*@zBs}22a*B#3w2n$w%};fUdK#xd{ztp=ZH^ z_)~hr=P6<)yk(|S%}1ly>{%*pHg*I?wwjibZ*B-=7#s1NX0Gcqj4g6r1T_s#b9~Zy z(7)%au^&aW5uoeDGg@z(Bro(Jj?!uiK1&h8$ohij`)j9*sCELy4S-&(xh^(Fe6e2{ zJYhKO>Kt6792E;!X|5`x93v3svw|_|EJtl;g5qXsof;Jm%Kz$t1z{Jb-Wheu3g_e> z1L4Q?#vm9t2)jEg*sYT{1ycWcOzRdPB0P%S8p)+L1-t!|-M3fcF(~6PRaRV?z9{9FV1L08>VI6q9Saw9lcG&uPmlp_EEn%btWXo>XNeZy9b??KS*OP8D?L@3oUR z$Fs$wn@7k*d$xcq!Y$*$y6$dWfGN$lMbkn$Mqw5v+Xgn?J;co8rAj~qB#6n5IPA^H>ya8_KKT;t9?770wvy^iUSnx94H_biJ%Xbe`U!nn#r1?!_0Xdzw;r9%{DJ zr>VRa8MRnsp4lsT7ZUShBvToAHp`0|miI3VKcBOd=I|@D4ZmDVV++m37Gh)DIv;62 z3~4|4Xg%iG9wpohN_aw_HhO{>g$SjuBMlZrZ0}MpajBt%T&e`YNBdk5X`2O+HdzoY zEpBc{iytv8KF9PWIkaJnWOif@wxC{hWKO+d$j0#r#$}G`qUnYe`@BKmP0vGPUefEJ zm(0%FVC%dMw$9toWa+65ww~Hx>!}U4p4wpRsSRet;=M@meq`r)(jvYlqFu&mv^|_g zo5N|?nv@((L;Pqp1w;@%MUi5Nz7y4wh<~L#dyIN^?_;q>&%$m$QI_{nS#iFmIc=uj zki&p{?~Hgdwy2_3z(}T@7n^ooY3WL7w(QrFk6Abi0y`xcRQ#Tvu-8^53{d`%jTvOLBK~JZ z8`+BZ0gq)P-Ycs4dRYv#eTIiSOlwH#p22aE9xs=W@nRVpo)G6;|0ixCM~}k^I)99& zJo%edW@>9^FlRQFD$m-PlqvaArok2-Ql@}YOW3RiNSRp4tMBtEnJ;85zRKoBE^nJjam$z;C6;T{i1NRC&hO3XT0n9Mp^n9Mp^n9QeeifO!m zoy4QM05Z1k+%{%sf3we4tkD1)lSQfH4JO~u3MQr)2z;R4FDb&qRi1;ccqT`mwl2aQ zn#FnzOV6V)5}u;EP%mp8@;(M5(F4njWI4);<6)qV(9kpP)ui?{yS)k3vqK*&Mf5d* zVpWY77pepJ*|z}tks?J99W)I|Sx*95uV48=6yF9C?g%@jSf6}Dw05?K4|_@3{eA7UcEAGps(3)-nkc!++O zerAj)9;O#PKu^{)J~Y0Ql<{RFiuNd0D8s=LGnGYVqxt<*KbA&xr+3Bkv|*;%Xp<|v zi=eCFqP1fyBQv2veot?Wp;=j8==#+9LYFp=JktZ@nI0g|^Z|i<(P()gK9WcZ;6Pf}Vq48kRF{I-N<5i$I%)e1N(%{P_)6n7!>bjWUai

irIW?XEVaj|K}#ilT$M8l?Li7ej z$~Dc{*d?%^8^?qyf5xNoXGk}&_S0Sv`*Rjwy1{1L8*IkC!RAXhG|_hyd3~tz1*658 zZm>Di4YpCR!RAai*bIJy&6%28lTbkjp5rQ>j$q+8>UTA6H0xtN22;D6DYlP^6CNXB zujWI5&$WnnosRzzy?LstNlVks#-bn}(WTQoe0YK39xvl564Y@TT1laPFACAyyj~G6 z9#nh_=;DEAcd@Zl$VYUIXQ!906*z5y5%cHMnBV&v!%hzk@h7waw=}&47pWdwMLaFy zVH`>fSZvM_`xUz?B=F}n#4qqZ_Ms-t8L35!*I5AX>DjSEdv5j6&~HEP_1}2$g7Pg3 zUNFak>E}ZL!}JCtS!g7o>7F`GR}b+FJ+2VVQKSVqWb}z~74M*xq7`!5ZAQ=&qu#A8 zQ){nX?bgR@5&cA)+UBNDNFd;~pi?~-g!o7`DMdz-C8j6bs`c0zUGeZ2>cP5h@H#3Q zgo&1sr6?hc<%XH7V)Dz)`s}J3p5|%HmmG6SM&8VHc+zAPrsyt#Y`>D(O}T&n}Z#D(6e)5UU z7G0NfNt*%ENUMEM-E_k5Ule(qP7&EzYs+48E%V^KqP@=j3Y z&Od>;2A`uVxwai>Tb=cS+_KU5^Ms8?8XDPm=!<+ly7|qeNCq%d86JU(Fl*3VYDCi|6W0;(~>EQ|FDv?7;HP3cv=RIwXLTa zR4(XL5H_oNC==_|yWzKLti5^x)HbRgCm`xs8QY%q&LC{oex^*UI*#A7UYT$c{vp-M z2%>uPPi<&_lKiB@&Q3`Ng_)tue!a_Mt_O?FP|n!xkmtSknAzRksqBI&-fZ@J=5EaA z3B6p!5PDT|huJyFkdWPPS-L!7E>qT;!92~6tLf=ZNd^^v!p4tTz;D{a#?vH-QD*7~ zdx&EA;xjHL5H_o6QYJPoKJ*)=TrI;PCY_;Au9&M7pI5$bGnPWdI147<$)nlnR69t* z)q@l>qH~TxQXZnYij<3J9zb~v6tDJcS)(bg<1|7M(==NG5-)4XdqHAn@-laKN|LA7LE>XA zc@s$7p1jQ8bxM+_PeH=bY*zrfDS4TH>y#u$MdZ#3L8U?rYV9v!+R+hZX^ExHT)3yl`-Z4S3A$kga)ho$w9-#O`N<50_S31Y9 zEIIl;FQ1huVRj~pM-aV4k@8;3Ow7^deNuV@6GFd_hEqQ4N5d(T^`qedOZBZC_IZNCXZeyi z%6+8OVlsWyc1~Ik-Tbxbwui}<(nd(QaRiFxB3%7tR2)s$1_}=j!QC0$C1?ol5s=>aeHZAE#yO z^mQuPmTo>^rYEH9@JN*>;4*<{MqxC0agU84E{v>&WAj>M(?DbWCwmc}xurYI5Dnb$sp~oh&?S}h4tFkh@Lg{VF@Y%oc!7ZBjek10 zia|ke$4UENdq~|py-fC`4nu_Dd3ekLANOK3vG6dfxr}^*W}LL=n(tr>)s!KDJzP;j z+%UX=z=y5D57Bx+yTO>agNkRIF0~{gYG^oYR(F)mO0e_cM0ov; z&lW{;E)%!j8@a8Jj1qO}P)MdL8!5o_etV9Q zKROzxOFF6X?0t?71{fTz#kaiO*f{%shOP=#gF-(UxBjMpRf+&5-HM%dCz|_p`of1> zCZf_@BaAtol>J%LJ!Cz%H&QoP!?F|=year!xJ%cv*iMubIT=iWBI`+^AlErf zWGusBz>~#jETaND2%H9Rk~w?CH+GzS+;>_iviY6;W6O%}DAO~!Yx4mavV&jx>o1ec zmzumbk~%4t9nZO}zlSp7Vwe<|9HixB#FDd`htBg|?pMxr1wsoujBgGL_dk+nDMi0m z2%Cr$Fqz1dv!Nt?tJ}nw3;JlA7?u8UPi25G5+3qA`T#i@RS@j;NM+IsfiT#byEv)# z#YFt~bBVKjMg;TDHs{1aq+q6%K^2p$j1TkY8$}7t)ThXT6#Xg%^fWTfK&;$tQerPz zDM^SW>yLzy!WnLS*_+8|m>lu#dC*33YLqz1w827@Kuu+O6|Qu z#{lD$Dg75CzdVr}HG^ws_BfANU;b>)XnnnK+&|xh6bg<_hh!JpV{ep-m|x+78%tE~ z=5+IqOVEhBheFkswO;?BT#8ri6Tc-5?B^l5CeacSC-ts2A-_t%BB@EVdmyWUv%wE3 zOPRVDmr4G^<|T!fQnL@bu-Ie|>*q7mIJ52y3n8DYBRWtr z&$xw*nq~=Vk6M4(?8|m z+#8a>Pw<0pBrQY=yNUv|{SJSvXsYC`aErvJjl_B6U?;A2b@c!*xg**cIABq@l~p9J zv@HX9sZiL2)Qvan&9WN)5+3dE7oj<&yuws&qRMoh8SVleIW{yx^7Xaj3W70meImTP z1hCqM*yP*x4)oTgNn7l9CF5YjFguwTxxWy?BHv5R@q10nXCj)aVI!iV`=gfqF8ZTg z6<_WV)EP^r>L5#|n0U$w8!W1wG4<~AM97-Kz(Yr~G>W}&3WO}>1HvWKTq;a2W~c-P zP%0a=Lm+6RS(snCtT=i#{7M;V{A=Z}3@k5*cFBqxdvlo3|842KAJ-dz!BU8=9g7hM z4>}HIjlyFj795E?SuVJ|8H>hhC<@Zx;7LgB4<%t(?d*4^L`wHpCpMA{ua5BiMwXRX z`vHf{Qu;<cS)M6>6>J>e6=!RT{rXEl{(^<17>x zCU;B*M?cW>YZ6l%l)*Zzn?~Q)9{So20PF8~zD7>YIYkQiF5+wyFX6l>CpC)mrfuMQ zJQ{~U)DzI9jOu&PamKHI($wj$AVE4is`aRW8eQS>S&k5R8Kxs`<|2Q6N=Z-X#}1;% z<5F+9q8LvOoVn_A=Ato?Oq#m%4WvkuU2|z8c}b-G(GCE(+>;+?F6I>W7^$%tXK@qm zT$2>s1i*tI4UA66@+M`O7n$V&{|sqV4OA`Ah_Y?%R+#*!#WQQKxG@V}+7HOfo&Sc= zE&XIKlaI_SUcR!M6C3v8-;WFKk8T^$-^mdXL_(84UXzv?j#J%Lk(JWArZqrR56pgK za8n05iibnY_u$ES4KBBVfIXj}?AbQ^Bv7-rc_bFqF$*@=1XaxA-*+f9z>t5rLHHUu%CmZs zeNkD&8adV_wVQK-qJOCU<1KbecjjbdokcdAryrv{k#nmvk|A29?6_#(J4Pdi@Ty{U zWAGfLm_7*kLzIUxbDczarGYEa#J3$}k#&p)s)aMOWB6dDPQUFzYaun6dac0AhFae* zac3AZA6UDW8;&0LxI96TV%y``TvRiGkz(@8$F$IP9`>$p->SJ$embt`}D|)XA z!BU*x->HQb2+Q|3!yYNy7YncIUmu@AG2`O7J(pZ>8VqHbIFu$fN{|yu%Rndy;AWPx6bR z#P%jIdy5J0C?kEKdW@eAmcx{;ba7%cX|@xSaV_{xXWq2Gruv8HbyJ!$EOevv z5=<)P>M2%6`*Ei^ac@x><{)$`Lj!3y38r&DkNK^umoxbJ6Q(uyfLE>}%ls!B)IWaI zT$QB42vEK3uFkjUR^n;)o}vt6$+W)+oAmAh6TS^G5A#6YmZ{1L=n^hmc=CBSzx^@w z%TteS5Rv>T!b#%lvYIU`JP~J8nD(#2YKm^l&o>G$uRNxe=ln30K6pQG7ra8g6U2ZJ zzgIzK-B_+DuaptQ_imq7$fJN22mBGRNAsmK+FnkEnDPC#c8iTnvnp&BuT@JNtiEqy zF9I_Bch&!;LfRB}AncufB>|r7ji&6VbaPMnJFreCS=kYptY-)99*sYo#DcxvqJOAt zzeed6x>q={0Uw1nS>5!Y7AaZ$@_*;ux?{A^7(}^FXqS!5O^?@y*S1ohqO|pfoGTJV zzMbpCO}c{Tyev$Olh6YHJsxiJo)=>;>)rDbwpz{;g%xF00E#M{M857f46zkMtx))H zBN+Hn)^1J8>4N?2;N7Ow3=4Cfmi$I^m$PXG)t0VTnMZbp4rF|CwEbf>Nq)wnsUiS)Ps7O^-+%U86E_Mq~LRbFJAGYtsP7ZUm&WDZy3$M;j6dJw^YRM>q`&7w96{ zy29UZ!e%@_^TBWkQHYcE>})i#k3;ub$iz{R0#eAl514`a)iK2Uvgylk%l7RG;PL!l zX}z1OOArt>_|i(MrC*cGZu5(FsZ}`HNfJiX=GTITw479j^x{A;sd1ZWPv5 zDlSX8S|gO1V4ihc%ZIHqLR_og!hrg!Nd4cgp!2jF^*|H{mbrFu}S((^6Z}oWi zeM<5F79AgAT-TNPJ5))Jh-TD>8M$Wxvg0*$8MidB02dG-t?KOI@rlg@xnIF#d}O$P z&rG|`NM=&Kgtobv5oUFFOz;t`F*}yXvi)7O+hYfoY#%D2#=UM=jnev)m^G@A{%yv@ z0gDdMqUtzz@fd6)pTqo>=ohJ4UJ%l1 z-LzASvy%Ue6e@q+G#jc+8v{Gr<&iloZ|wm~?6>Ih(vqDVSu5*s7<4&m+i1uH*IAm# z7YJ1)JXl^JyF;8(zR`)h|g%Mb51A*0+P zr&wd#W3Cz%D>a`OWCo_;X|gM)o#N(o>((~hpt(_jk$^OPlD0c|*~~;&C>&4}T8Fg{ z&=O}x*G~wo7=w8+kk7KClFee~3Y&8Yut|U%pXBlgY22=Ue56;soCLigkw}H7>3T_% zi{Ak6&k5&TiIQTje!{~UI3Gpiqk+gUGd(tXyH3g(%1xzJP()UKfx}nJfiY{x^jZbY zM#>)-B`$b3XW{?aBVUb@+;O__3r^fRp`|d`+Cm(nAFO_d@i|ilw@W+e>OV)6)<^G% zK-xUzPmN^!sIs5XoHT%kx$C=2yjK|>e?D+3b z-&&Sc%97kXlzGZn+&tuX7`dcv335e-Co(h}pO>{dS+daY(Ua}XxmS(SVk>c7>Qsh2 z`ByvZI7+XZ$umH;Di~mKA9)xzP989twyj+dVIjje+dl>|?X2tl-I0y^l3gW1RTQjS z@^^#7E4oSuNjvxIYnl+lJ)&Ou%Q8N-zn*r%#ZQg$idt3uDpi&$)$c5@yVrSK^Q4IsE3w86Qijc6Yd;bxO}Z+raYd71K7RR)Zmc&01$L~o zR(ujoIMKWDyXCy8WS;(sq+*bnFj+cJ7{SqfyY8s%%PO1o)#Iw8c|g|G;yNRJ$=jx? zY9RPo{8y1Gz|p-$;N3AJ=3bM_w2||BeF6Kri0p-9yxMHO)X5G-OCJ3X_RF=r#VYJU z@Dv*mo^F~xv1~NGp(lf@AnEB=${7LtG7QM-wHDI>ZHEF(s%inulwu~7;MkGqjH1ON z&B&5B3LK<(S_Y%YL8@tbR>F%}ueQ21-tZC)^95FYyH5tfCse;)ep$qbsPbHIK=iRG zJ~)`m=S9OhNH7rf9 zS2&!{WZ{B0U;!9y*C1tL@GF$SA~@z<5fNeY(pFd8P&zeKGvt|oRp(7N3lrQ$B~bGW z+x=RjhTK*9o=R9z?FJA5~yY)`!?(yslX6C4WE#%$WZkL#%-FMhMoG9{MQgVY=GNf1AIH8Xn>om zV5hf}N(c+7M9~ty3|Q!CSnF~9hmg$ptjm@SEfs_FMYHo6>_x_@`ZB+9q%DmifY+J)tuL!|+H<62cK(Y7 zD}7}*!Bo(N(W#VR#4hbt7(n*H2FBl*mlo;_W0=M1_7~%T(bYcv#jSII^(Kr5!)Y(r zxCFq)rBuFbG6vnW&#r?kJoMP}rJRhhN9`U5y9D;~!$>~OT$;x3xpYtAt?e3n*~x)d zuYwiU?($O&G;eNw3a{8?Fv69|!&?mQ?GxeRmAn;>Z(t^MZmI2sCI9wieFlSZj5Tw){YR8R__-Rf8K>@XXxPrSy{MI4 zbK0&(T&6j$&Eo#@F#FK3B_H{B0t*^0$RiZ#bEGU9OCH$=N5bafF7J^dZ$6q$cI4L> zKzL3|<<=kjRBk)x%G%(Hl9aC?H7@6qNoH7YxlSn~SAs{Jzx>iU!B<4TMr?!5SFIXP ziIMR0v8mwq>sxS&Vp8iYB6S>ZwNpq#zXaL(KBD?R&hQ=b^Q^IiCNYfKCOoV0mY zSa^@zX|ZqCpuA=Sp#F+YNc#`(X8S`-iodoi&N$)o?=`8;I>Ls~mb)%AdjW!1zGC!# zuc^Z$N+w7$`KZ=TD32pyDOyZSQeB0FVw>*Ka<3A5GyU@_ghft*61Yf(zAQ z#><;P2Y<^tE&w|nuU-&Oy@`9Ko3)I2*=VtDZf6;C^>cU(vP+L4s-#y2zts%Vw({E|^vv(>xh^akr5%5NBhu4_T0TTI0+)w=Rb*@fg0g zE`#9lf){?s-b4o5{he{R5ZARA535-3{W(8x^gs*@F#u(CwyFYrkQt95_=b^3mL)*A zb883Hg0 zAQdd!xNxhxE%;ab7ap@Zo*-_ES&rcPlcc<%Se1=KiA-B<5zFnn+`e`~=G(vLP z?QXH9qxw~&hA=q7&fkVnE)TR|H1mm>E*MhZ9Y*77%*MPBI4e+@%&t%k)k{x@eUff* zTL>HN9Yym&dLYrh-xiSwzydo30fN`0r326HKiwEh{H{VKqVw;7ksxx5+HvCY>#pUW zk;lU!Z?JgYIlmTR2t+YjD;B~G3!F#oOEsHUOaL!+`B!Kp)P$v*;t)C~q@_DGNP`f; zjs%q?U~nJ!KJp?{zeS4VfqTbUNnIB@JCs2xVTn!y%xHxc?t5aoenr=<(m0U#(jTKFEo&bj_ zr`Z9)?C~KSV0lf^`^+VN`_?jgfwX@GpSz%MAB1xC8oL({3Mm24F*M9%lAhI9(%dpY zF%>1+x&ZF^Zj)Gs<3Xhs@%C9af`&UUi<+QZ66qWFQ&r9ntBN&2XY}(_K2ms|U}YFf z?Th@(v6T}l?OY*s(GZqjlosh%J$W*Q$PdYksI;}_63=Sm?@uU3EchKtsW1;`t7+EC zzLEXi`Ftv@@r<-b5NF1nLv}YiEG#k=lvfzh=ieVhMo#*ygqQmRgJb_Us!5LsZ z2{Nu<#7)ElL!y=F*B#0C(_*+X4(di(ccErZ3}nPKb+UW24XEZq{}7X~_#{iDRdDQ0 zQE5*xxCawy>|QEUIaAF_9%XK~%l+WQYknhu*=8>yjgcy-xEriqnhYlU9OEPjcu_Ri z^?eQ-aFhgyx@Q^=e5}}gzkXU#e~5~w4z~CuPDlnSQN&X8kIQsYF`E(FwoEmN!8I;H zV3uJcV2QS?C6Xa{iav0?GyKvBddiHr<1OBaZrBNTh~S@vjBQ&5wJSC;94oDT8EoER zH$;q;S^HuA3aQd)v@7#yAR#)35IsJ0N{@V)lVvK!i zEUhUv>~D*tow(7)Hr``jLHoOzQI4v7nVS@35UqHj1k8_uCmw*i{crMta&pSe$J z`PcVNoa7bxlboG+joB4auEEatqr^XiHbz^2(#{RS;v+uM+&o3X?V$^ODPH~GDh8*$ z(Polg^LD}C#Gc3~3yh^j5VJ$i1Z=2DA)m!}mt>5~f<_FI3)Kd69cSxAlk4RBcw_X- zm{>{OTC+5BlY*EbBJh49+h35=%7wjc;Zla}Hyz7>gL@|Tx?_pdn& zZL~f=cXKI-)X>NL8&h$0n;n10ix3y1j~Ojt0w z|D5-DMzg9Ie+(@&k(Q7KS_8|D%V@t9;d9(3R6!GT=2)fpG?UzUIaHzzvSu4}1>%OR zX*#rE!G_xTTutW+>Pan0q9S<~!d*&h4av06e=?)FiNWm#MBoKHtIMOGHZq=@?_u7Y zHM8-aHO}oL#Wu|Xty5^(92|if2(HJ-p4z>=uzXQkhQ$bPMSMbf1^L0a%9z{9p~^wh ziJBXovz_81j%vBKr1W%=J{`^=dD#YLN2%$y#3_FuQ;)@b=%ai54h~N0mlKY0KFv|E zi;as%IR+D~31%hpd51=X`x@zzf{&XCX*)RV%l9>&_MFP#uaa5JIxJ#fJD*I_<2uh7 z!B)5Zq&mt*hB8kh$IVUUji5$#Fq$xe4~?*$>k2dbtg=3S`eB-(%-a$ADt@WRO5zp;$6wK$EM3aM)~=R~N!#*kZxGa^Iq&QCW~t7A$ELouIF;9JxRIVsJqJ4U6B! z@$S@Y+qtjtd;zwj8&yR_Yi3YIO0wkOTUK(D)2+y~faVl8<~Z5EEV>qwh`rho)+0g4 zzvGt4^6pi#d>@@;#+ziff>rxaI`|KdITer%Nzm@MjZUAeZ&B`i)}D#L$BWyHWwRm* zl>?td(@Qub66Mt5%A#-2e|`9S72a#amnjMTO$hXX&mn-_INZm&qT84O@P36o{Za+1 zbsrFN_($er*7^yx_*D@4dyWid`I!UCUHNV?LEx6!%i~2kvd~aMpe@{U@?S7tGwcy! zqz9TGboSmTk4dgbyjwfrXxu<1V%#-@IS@V*LO z(dYAO^1Z16EZ@x-~JfJhhW4}pV9o~xq#1S+6J!wzieiA>%f}r5LXWix`ag`g*8|TYl z!CoxQpd((Zg0KUC2=S&?2rrx*^77sr>dmZV)KCA!+&7Ot(<$U&x~cL%#BRj!tHH|d zuPT81)<418FmXDE3;CU(2ouxz|HO0*;6srDlg6|E3d4Xl%Kr-I|4B2}s_REam}vKS z!Q?+4c~N=S?r06B801(#)Bb`z{b5ZdEPK>qzxh$_ipK}Oxsmsxpsix&hh}(oQf@CW zPs7>ZM*?pPf%lS;rb~rUptCFR4&JeJ4@$e3vDCBwd{0(>z6j_;BL@f?q-a2;qIHgq z*UlAm6L(vX|EJjWYw;oJ6`^z%Pz8vvQ4ToN#aT%%-{2~_Eww-TLb)@E)D0hUqZH~q zvNL?6zTteB01B+jwrXh0It-xC8n&!QJ|t&kaa90 z)V#6vA$vr=8bVxs;UV)-OPA$>(Ej^xdH3^G@getSKzbnYTV#T`gb=9JL7=x3aQW>) z&;?tfU2x+0>Inq|9~DT1zIU0e#|Kt3e>}uIAkC8dwkmk_!q)R_x2&|Ue{}HjfI^jz zy2AEGo}=p~=I~8CqI3L}xpVAdh{YQOy$gU=dPkyM3G^QR9xrE_bmavZM|SSVGfkkt zm()+q+#lE%)sN5k>>r|E^O<*Dta<;l-Kvaw4E#9Dncx~*XwpOP8e=YY!;rLrr*Io0 zKM7=T{Y>pyAf^PUW4!%GeGtmh86p97M)Rk*VgtUs5G)7d`)!bItd3IGJA-d9!N57< zBf5V1SB$G@+)-D@a*?3wip;+=%|qp#HbBtwIp~GEU%rPqf@`S+&J;PRA5?PwG$mtt zbEtMz9M!!leVVuoRJrlWYkfHURp2@^b#>@l;H|Qed&!otuXcT%QeMA0b?_wiI0?xg-T2;3CV@Q{GQEApKl00)`;$Lv_=&$N z?$R&WxW~pa`oD{%f-633-ol%Q4~K}3lSsRTmsnQKQaaFmV3i=XCJrQ7SIj2 z=n2|&j9A(Ffw-=+yk;$P^{hTYnw0Z4jdk@jH+;F()BX*HG2MQ!U3ZGw4=Mf1>vaXVgnjeBhZC{?8deM-f;YnY>Gics6n!gX^BsIP z@5!?%4dt>a`fZOzY;Ldscrpu&S0t8I*yV$;%A?cwWrscxVcCbo%*PJJ`Fz#8HGTd- zrDAeJe&zU@ebyGWaxy~f_R#K8Z{68;LtgVkVA0m{kqGRzB>3 zA?xgr`mL+rd>HUqTn7KDOJS3I=k&P;3CaYh1Qyuql!Xz)t)gF~MtQ%A_q~WCC}(Hn zyeSm`#nk#X>Cw{RoREJJ!v>HmlYQ$~CLU)d(z6HsiGXfjnjhXe;!g|{j|yaxcAQ-} ztgsEkd@R_=i$6VM1-!K53BW&d_vQmAJWXgtsLX_VIS|+3FYc~S_C%2%#gN`#cghHo z!T^|jpT5r#VDe!&@9iM*+!UabmyVi_P=oZan52tOh3{0lh|_ z&gXN6dtHG8DQ=p=Q6UT3>ClS6Z7MdMJOV}0ju0+-a|ZmuT2qp*XJ*6pfG7A9Y`2fS zLLry{@T+|X9OMK1D!kh=Hp8=LYgh!J)rguVKHGqVNzmn86GI?V7V4!eBE^R|zy{(k zAa#7PMgHZrNa`DMXugrz!5abO(BoteJR7V!{Ls)f-1obK2{7OtEW0e8`+%OM3ipTx z@X-`a-qq#&u9xuQ++05HotXMTwhswl3Ak5N3j+d_QH1>yC7O8y{~(=W41cLjFnz`A z7XAJb;@|yl6WO=)m?~uUOpF@Tnep%?3#$4(P%*%T?sgJo5#zno@;5h{UX1DP!l`bN zkVO+G(^|DBtfaddfG>ZqPDnxp9N;akKi9#;#?Xu_ zA5ik5h9BQw4ln_@L%7@mfmfG4!cl>S&uX|m-sG2-32j^AcQ}u~g_+e}SVu+SaE8GK zz^8&&l0B2mTxOpi3C}Z>yFe_EA9Ak+PrQ8x=1n&~HRS;xW;V^1UC0i=X5#0yD-x6v za1Q6&gZ;*hgOZ1Mp%o%+yZl(smUuxLG7*SYbbb1a5DKF0Rdl|nM}QIn>fwDcdz}I2 zcS#$<;<(*tQ@4-r=6|5mucEr)hw`m;Qsb^;Uzh`5t)ha}KskF|Vhd;n8^m5q!P&Jp z1Wf%`uiuZua(;6hJQy>b$grO?{Zb_^pZ}z$eSn33Xnc$Q2kpj1wd2S7T2yQ+I6!dN zxfvYLh}8y8a2MFHExvabaB2h3dVAeL9IWf0`9Kc>#36MGGmF`(_5ay(#~t^B1M%2ay2 z;QEy)K=2)8JPd?4<%18^(+Hm@hb`NZ-L!e*{2oZrxY7LiBHP>jo7#(OXy7z8FtFzp zuHZc6MLuxjPLZAXF7v{x#pgY+;GjR?OGJnX`jccEd~kY5NqIkLfKCEPkm#>>^?Tqs z81M{)7k{n#hgeYlr@Oyjq6Yx^#l?+zWE!^D2POSo2nRtAHNigbF{VA@?Oj6l27S0N z#k`G8^j{CV4fA^DvNnUD7ra<5h;;PGI>q$o`Gw~KC;^H*V1j?!C=hEY z5qm>~I!GOy`+4~D7UlzPGQ&XrI42bI*!_jZ2k>u#ed73#6jV|2EBo-<;m;Lsv<1Ov zmuAGiY7L|id-T0qZ{{{a2-W})&e!##r(pGa$!dCNo+RWc1SC`#jCkWI^@ayQKzk7` zD981$Vmqu169Yi73iG$W2J6w+b0NOOdX~P-etjum$^|?hT3YE>xz9N7Q!)-Q~A{fK-WimlLzz8C(PzKiq$jD3R)bt%|! z)EO?92-rwlc*u<~mvCKYs%MgX1ziuy{Mi_5htT*BPXu>wemJ-cl!X1k+wvLzMT>P? za_!z!kbV86rrDfuRrVAJNqCwvy(sM2krv;T7C(_bCvKckv$*j@4=Tcba{~G|V2hqf zyPDsK5kYgsp4FgJrniM}>k**85unA0iQvT1Dm5Tf(R`hgw_9{PBDeTk*wCq-yTaebLC;axFC}%}0ePGK;*$|3XVRui+VS-UB&H8t z?5{ylDICvj=pYZ^rb+%Y%qkW?mkwTtcx}gCV|nSRH5QFsl_Bt!h?Zc1m#v_qksg3NDSk zBBS5OqK}H&EcAtQim9oC?6%RRm&@*0JQKch6*$d|v1}UhmXhdl(^bq4A$$gif^+a} zNxVbT4vdn_Ln(NO2wzADla!ecx@D7-f!u|6$5gr{Y@-&`P1qzFxIYxraFI`V^UQITQFbkI z?xY&|%*@Kj0~&{qT^UTL>}%!x80lO)X^cZ~W!T_C;H4TyRrY<()Y zz4Km>)}t4$*dEi;@aKkAZ|Xj!9)AP=SDXn$3#mJnu*08UwdS`ES8BvKWm%IZ>!keq zjd>5VB>2To_!A;<_u|D)nxuPoh(C+7$O ztk$me477Vk(UTA3v6I&&rhC*%WzN5L)&B^L@yM&Ro!$vBb(`26cH^mTwzew^3OC!} zTvWCtlOG+%B=l^Okb8NlBFM7+M5jq9+D*Kx0JILOoau;Y=vQL82LAn3lnsj6Q|03r zrrNcn$uJ3A2zNGo|99fpBX|7lo8TY@4?)Agl>^tZxtk(dmt7R|6cUJoJkNXvy!A6+ z5HgQ);8n$c=Z4z;)R6f8*?-`=?F*^%WB8q%WpyW!+%U4en!Y>!uu({XGKc-{mkutu zgf&g@=Gh_Y_K@S$V-BvN{n1(*={e@GId6j&fH(7Bgb zATjfnzRvD{ zBl_-Wgdr?oHvvgZATa_ACS0 zq+lP>Wx6a(c+0PQTD%=i`gKK%5CXPbSBn%23ym@@Ftd%OkB^|rV5c?iU6vEBZ=Hs} zMMiI=bPPKj?kDTl#_FX^`Ok9Ps~tpc*=RvdT7MWc)Wt%dj28Yq{JN1YPBN2U9Oa$3 zShYLppvmme{4n$84jC?jg89<88qT8lp4-1Xc=^8YM)y#Ovf?J(YLq-s;E5}dfUwki z=7Y)_#O5_b2PdcH??~ylFCS0Bv&k>@TxIp|F=4Xi3~2 zqrCB5==I3@iy3f=Q&o~ni_H5ay?!M)t&Gezhv} zM_d1T7)G})DReSDsdl_5*ev&^+BN-J9ADkITx6x!()ey7 zcwochijFG(cq0g&3fnkOe64rq`VB}y)dP(6zP=Tc55}Ay_J6BA=NRl5VSNlnzvy;x zTS!L#6F^DxdJjmrEshIFTSp@h1OC149sllIV=Ll`G(D;FH(@y6<>jIUYal}0RhV$9 zr+C<-NX(?$)n3r`@6$=;-h&Ut>tTTl{#Bk~Xz<(LJJ3tm^ULs>PY0jn294Lsf*g^Z< z^_3elQ|EeNkERF1*7+FSKYp!mzLdJX9O!PLuLz?8XkJa#l@JgK0000gAfYKtUrWlY zEDHeu$VLYM2w_(}?48}5tQ|aDUAR0f&0Soq-8tR-e&{&6X1~XIov8oWh%KR1q_R>X zu&i~;kiz3tIqUV5EcX}2A4ei5EmvuIdB}C9M#h`Jq=^oi6rFrLd*&gF>jw20;EbGy zCh-)-hPufWC#CEo5htU%;r;R8fus4wtjJ%RBPKmynNjJ-6do2fL?mafdQMaGS0wld z=efj}CwSJDxxWz**(TfX@WihN=gy|Lf&3fwo#OtowmkPKlwA;^oD$0~m``;WO*+fk zJTjxyab-2+S1#diwqgC}hr2J{lqQo?lD+iXen~c)hs!-T{Vz*qK4F7b-E)S2Su-7C4d=)M|yk9Plo?@Rh0yjWL>;Je8VjLbGkM{fbN)ybF zoQTy3qQ{fZ{~cLFl0G|({rBEOR0A2 zf9yhPwsF>y)YPE*bLPybo#=sH5*{xA$t{T{b0-S5Z6r_RTYr3d9U9L_XN@>>(xv|W z34$=*x+#!257Gom=h{hYn`0c}ebfyYbr5bK@y=Zgi^cUbCoDUvo)(zSlmFB)pJp0aRlsdXh)*SaX5)xSG3ZWdn>YKDMmxGWztz%d9JmZ#}9ST35J9(Ht-vC{B5I087mGDtr6TO z+q#}$^3QH7d^E{+XNOo+WFM!@&PeodP8`GidBpw0ODAZnIQseVMr00oO(7psAt6B_ zpZxIh%|792`ykD?4fGb!UFEoK+J?xfj@CoRwPL{aH};1ioQz9IDj$kF3OO{?*K z3Yv4$#jlvT7!h=p+=p%V^s@7<5@phC{EJl&0aDo(O_dI%laGA z@zJ6MWyw;q%SsWtC`n;MnC~B?SskzCUc5$sCJJ`j*d%nPof_nc55^D*cdP*?k`Wv0RQeAEQ&wTDVJl+e1yyDmd9GaJa;#wv z1ss8PB_AW4h&e4ialTd5C2`g#CZlN1zgXl-A5Aay==^%jf0rILMsxX|vFJ)rLzqUi z&-i@gZcZZ{76!m{r3rm%cz99hHeq7Q+X{{wW$f659@2gCUrfna{4g5LC=7QMlOs-S zUQzGMR&pI^dumB|*;XeRF)ptkv2d9yzi!6SqCQ8wuw{iq<>-VEh+ozJ!(-k!y2}CC zT(GirDHh}H^r#q!FHNxI*)a}*f2{Y#%F9X@w>U4($Psa@_*3oKTk^=}ARoTHY1PaA z;sU|uk?ZPvd~eGqG|R|x&<}9S%S+8E3w=TSzkm<@TD39@1N=}J;FJAd8F6*DvUaz& zGPSa|^n}Sui;i>5jsVW1~8sF2Ax=40M25Z-~ z>9=*#kp>3gfbUYbGz|wTypz0Sehqqo?`ykp-(fiD>ns+yyV+rC)u!rw1hf8z&du8W ze5GbZ@u7Uy@m8sJc)-oYKcZ4e6BR7qSXPm28a+<@veEmxy(YRo?&|JmjY$K4{k%m~JgmJ%n&_FNM~& zaX_?J7_v~>-ga{jeW+};LV3YMNvv?6=iCylk;mlHd>3=kF!S(@yLP1hQXe0nCw*98 zU;B+e@i+>%2y$Qhtr|*JH;$@ zoW-*2->yuqhcKItm`RZ=|t+!D!O)bP(h8L`X6`PkNL; z>K6HR>|%{QMn{T<26{RDZ27wb0=LsN?9n^DhhHl@E(gP-mw^WI6vo9VLmZr6=yx4FTfuY9MHLFNiwft~O<3%UZPSD51F$$45!>Pp1C(8aycz;zb4 z6OVuCm!;z>zL|@BTFRF`Ci4XWcE>b$!A6e)mGnWB?`ijP2VR|A9>NpOaq?8AtRZ9(fXpB1Q>*$`9b;fiZTyl5UYDpj3~xKQ{Qv zjlqEbiv_h2z68lI3|NAFi2g4YxSRW!{$~Zka6mgw@?GD19NGJigG|-$w&4)53(%2_ ze_`0$6tSEt+kfutj?l4!T5cs? zdg%l+js02d5!a*_FEvA5i5k;`koE}i(~LVDl>y_YD+#<*Cg}s7iNTtpN&0v-Oe#)EZZtQ&3oglGQ`UGEem3a~7Tj&0kvXV%!ZZQHhO+qUgBwr$&9GjI00@gm+n zH_lK0cUN_FMpjm~FD9Iy$|Kl+?;??aEISJU0HBTI|AMf_CPsF@HSKp3%h*;PRL#)kwCN~C>6xwlbt8uUT)|BfV|e!aju#( z!w10XG%r0-GHshY8nuSKM-n%u3YqmR#(sQUxIIS#oTnOPo7b*`G&+srBs331he?o8 zsZ}hK8GOhV+DG0*d0ZDRBhNW&;SX%HkpyY+9|E1)?;T)|C#$18sw4{aV@qy`ZxVyd zJo@K)_Yt0}P4QeajVzbWC)~zRArkzD`VABv&OHKQ11V$-$IfGh0D;UKf}XGP+-!yd$7FechhV*0Y^^>%Ln~ zA5MacE@)pP_mU71c~AO5g#Gb_EA)ve_}U#a@Q)pfO4MWb+-TnVv%wO!MowTl=RTFu~tFk8AXzh8rPTf8WeE zUTPa<3jQ8V>|6C0331`mmdQ!R)!Foe?CA^!NK(T&4Tx%gIMV8M{EL$V{3^)ZY^#A!=*}bdyr9^0d;kgt+35VN7Z!a8Hql-1bcGS#BTevn1oO9kJpa^I1GgcI3Ju75%Dy)ungF_KJ&wV-V`8?TDY?6sCMcZO$`~Nq)2XM zkzK4Z{Ojn4=A?yUZ#6bwI5GzY8?M;T%p%eR&v0ERNhA@I_g)%;=Ds|<_x0r?q}Vsv zs|&?nf(MsETY?VTum)JRCfPJm4%YeCtNlW$vn>MB3xZAio42DJ-ZPF(4+Q@O930(+ zHqzr@kR3kbf#;$V2Og)>fhz7chb-on6s;5U)|WR(9xzfNk(i37^=HZIuq6V%7m_T} zMb2`HQ}b>w@_H5hu2h$1(GNoMHFIy!6=+bS&0YvnuDWdQY0s)78S1%e{GRm4v$X&e@XI!uc;@C zVQo{W_hx&Fu+IWlGO#50VlOZlV0gj8L94$7SPBV#skjW?hB$=$tT5WSy!;6NH0)@J&9Y3+cqGR9-LdqPw~mnYE>NKo{4%8HXi)l6-#4W#^lv z8sn1DY+jSk+q*M$@W?R|QkSJg9j;no_)>OR3gCq5WG7@`V2 zEZQEe%v6bPVoH48S|Ytth7p!wO&C}PQ=E2`0jfv|HfMU7C&=D%LbL~d4^e&foZ(qlj!sEnTt za?$i#jdl2)yF%0&X+aU7E-r3PJgq&fH60-?L!@4*Di!>&Tx)?o+s=&#k53wg5Y>Tr^CA@lfNo?#o5`PMZK<-} zRAAv{o6mO5o*)P}vZBkjW!_~9L3UL8P|TwZSf6V+cT#MRrwVt+NohG+c7@!qAiK=$ zJ?q_ppl^Bw{#3;mQ?BL6A{gOLTawwA*fhjS6JN0<2%J5N%nTVkSMn`#fhyf>_X}g|9FLaGjwD6LhM3_*)P+_wJ|U5Dr-hm7K`~RNGRp(7 zOFF{m5pyd=DK$;0^@HTZ@VJ-GMAmJ2!G+G9e6~M)nJ@@(qOddQspR%K-^M>^Fw7_U z{mEr{B1vnx1ybf2VqWafUpybfmnq|EpN}Db3ufIvcV6u_?5!>fvJ}OHUVu4BRLP9T zlPw#@z$mr>e#_PmU=-IpBFc2CN&~zqwFKxt^ynK|?9y10_ zt6^(t#MOPE4%atnz8UYRN&~4AH5Wy$#%i~v>AwsReFnS|%KdWi!K%Je4lppuEtI^o z1~o+)>!JjN84HCg^`B9urJbOIU~q8WD41=};L71#Vm$=tFawKZ3f9eA>+VOZPrhdm z_G%unjajg~cuww3vwDfiV-lkk0F0J>a35L#`97nCbm7QRC~5F#(Cn{Wh{w&v&B?BJ z$<$a@wXgy4l@0jS9*NK_5ak|Lkac2WdIMj$pwKSisTbbmi|NX%5;uf*sQNgm(*f#V zQs^O&E6>3~=xb#YVo4M;ZDbx$yd&E8zqpd_3GTN?{`24T;c?dyUFA26;oA77v^R>r z8fqov$&qY4XSEcO59ij=Sbz&rLza4DB`+f+Y_3fNJOso)CN==0kwGyK z1DP$Nim?!C7qdY$YTqq-rOFhxH5$6i*+IO0TM1EH1ZQBgG|HxmZSeaX( zFWzi|6*5>CG6JjQG&X4GtzAC~CVoD^;x8VG{8!{hS@De2u!ic=AJgMclQmYRJsV&` ze+AyNfl6`STjUFlGk$a|)j=D=lJ#OA&}Q>QAq#MktyGMOY}*Qz&)#CC%7O~;y%}kW zzZCsMcum<=rv6tO5l|<{MF{!}lzfaRCk*h-|7wfq8L92X^G8?}*?;z3n1 z%wkYZ^S$sEJxmhrIUU)BCMhOPpj4f=)qI(SzoH!hfn=)-2b-EDbGs=qsYaH5B!Bex zSG$`tIZ)eZfYuA< za(q%VN8Fw@4?^zscCpIss(`N))k<=gIj5*5T2OW>m1v|Og09KAIsRs~-YXc29`fWi zkkk;jTqF-oqBD%LM81-{i-Op?{>e}tDA(O8h}7F$k=OM!$4za6O{zGaLwVZ(ODX%J z{V@s*Re`U9&FriU7Smn%In4*yWe(`OxJfhUYp*FR?`*DOY`-EPi&0+p8X@dPd-<`> zkOd8IzdVEmSyL*0XojIFYb{CvY`xGdG3BwKJ+Y9dsd#;4tDwhLtT9!#e%L(HUeYuR zHpcO-74NJV1$dm8z=<9EdKN~m*s1rryvMFMz@gS$yHXN6SSeJ^eLtd~08*8kwo5Jn zlo}Gk7MUJ3_hsJtq;c(4#ywN1oHPxwSr_+78Ro`JTH&DR+CPT#cCFVs=T2iXwrM7k zS{8M#4?!a3v`>k-#4;ej{y>2Jof_P}2lK&*2Q^*RPIb=5hAJ3BP^zH%lH}JdfwNg- z8?)K(|AL#ad?o%jzQ6>uw^2_BJZZ;G3jztI1ju-G?@A8fWjw1<(`FflOI|pptZP9M zI{gK)MJ3O%pT>V-C1OZJJoa^%xVuD9LuplfXBv~({q#2lCc9barYWb7cT?~rN7G|_ zzVWiZ>1{MTLJfv`vws==NV@+bLO(r5tRX7Iz{oH%h)(N zpX+*uVcBh1s=1y5${dM$Dty?}fDd$!Ast=_s&B=j7yR?z_&D1+@2~1lnQu?jIR?h@Jx%;1+iMjKC}Y?i&=hs=YHCAFMo=@ny#lv`ARUzTK)|jc_S4QWptoV^5(j)8mD+u|Lv&{tq(gJ_1+46$k*}5$yjueiKJW zJ4dJg9KW)R-6jLfZxaOp6KFFXyLuI%!zK;4Qz%TQQ&8T9bDlsdl!W-Y51(>Va;w<_ zb~vG8bXLrwBAFnWw{Ki#v~Vib34afsAnlR!iCYBBz{P^rtHQnF1h|>6;lWZDS?U zG;|3ul=XZrPdl6!%@y?{E3t&RG@~`fg=M8+7qC-q&sOnAO;> zyw0I=B0ll4a3;BTN}<)Qp^RA~b7lsKeeaR6cBR4(h+eGGS=0sdCXu&?Yda9#oc+|fVJTc;s<(8UXhZZ4PX|r$k%Lf4m0Sj6*H;b6O;$?~g8$~V8a<1n=LwvKQ zm2LOg2f!CKSH}^|`581X=Da#aA&LxR7-FOQLg8fm$&EjIoLN*6M~B6-;TJ%|Z6*K{ z!EoTu7y>maQY7UhlRwH)u#bpQsj9sRXB*-snrd-vgi9?iaXxl3L!SeW+Z$OViR}v? zbj%AcGIe6#m~t~VE@SCj%q$Oo(2>AMs7&(Fr(t?ptle22W_M|(|Ff6Su05GuGrU#tHZw!{b5K1}F=wVN%|(KRNF>{ifQsT2 zQl-2^wS0fnH1!Sq-(}(t2gx$wZ^M2-`~RYD_4F)kEu8iAelzu2+s5gTE%CcnFJNIC zjk2aXhG(3lM6-;JD`RP9q`bs=iu106IaSMB)YvY1e25tU7NqdD1GPMj%2o4LTlClGp zm_s4L3*fWlNt(^591zfbz7{NPA$A6=O=Ky9YiTngN@#8o{$T(#Z%-4YfExT z_(Vgsz?d|K-*4$tnK}j?+CTIXQXLkQQzkC0`H-~gb7a{)I%SbFRtuF;*Qw-|_-ktm z#BGyvAzW%49g+fZ&g$kZdI?pckjey14?tmQ%MAPh3ZzO@Whw@a=pT#K4T4IREDTd9 z*T`Ed0`E!hip-h@`1^O;b_2PtCJF;P+#Z9SqWfyWI%X=@Q#gCWS40qHhDXgQtIWv^ z-~M6F=%IIHhA*C@BRjBl_TVUNo*6>4gvopTF3b*qeSAY6JH{C`J|13}9k~-w)!1JD zV0VkcU)Q{c1$z>^vRLOoPoA#U(-N$N%fvK=Z+F{LcJV9T9Mb#6`5*Tez9heTav)$$ zv-K)^c>UB^Cm=q@(t0kIzE)i7Ya?^az9_p=a#Gq@pZYwWOLJ-jv%41DojJr9L^^9x zXlU($)lKG)L9k-D0T*K`>r7V4*JPCD3?Y!2+ygBA7by-E@=h4{9P&^8o*!91SU)g+ zAaNg8MTF-L-LAH!`NV?K_6Jrbr&LEt=8evSd}oLh0e4~L#9ZyC4Xvvs?LY2cSveOE z#HCak{8?!BY1{})+E(bPf=Or78+hQ26Q|@lee!c8orBA4JIyb9%apYP54ug!sKNM) zZ?ZQ+H#$;18dYj0pzA7=i|PnUx2uusRx^{p!8iK*^ImMH8b&Rac6u{YhYYg9co=;z z;5M9=U+U>A$Muj^U#pS<@QEbP$g7$qtceqjOeybh zRWaW5*?}`BDY^J6QReS7h)3`y%n}s!K7PBS((z!DGvWXSllFph;>{5m)4&QFOUzy; z?M+T?oRA!-{X}NBNBF`16$+dJ2Tty`Xi`2f+l;psirVQlhepKP)2kU@%pfKhbzu3F z=8YHcwaSIFCsZvoBY)L9*2IOAQr6Zuj#JCL5ZRr>05o~LCKY=G!L2=#(pn~B1xaL4 zTFY<_vIpRDsrf!66^970UZ@kfQq6FePlc|kio)Ln0VfF6eEBa~;`Z^VOfks#h)~+J zjL6|zxX$OFdZF}tX-l5GAq6@&OJ4lvPYCcn=6f#(s6!yHF|w*zp{z9y?@$Mzz>v16 zB$%c6z3|EdE)wbYEoWz8eH0l#ss(P}`aP6r~2qZISTWV%U@5R;Ww0A3EhmS`Zp46y|K$fsLU}@vk}x%z&J$&TVIQC|ip1l68Eb z@%+d2tM#WzaB-h^z!hLy-+U`T0_0Yq>}yPbE$s-UyT$7D;{#0pMOy#cCd8}E`lI>* zxaf>P{syWM(1iSY6wO; z6s7dwDkUADgOd#&E1SGZ>tiugbEmVD&h`C}C<8?n51#HPuKVQx%44ji#m(0au0M}* zxdRc~A9+G7OkmJg+r-X-#2Yu4p*Cz%YX}^5I)v^#Rsz{Z}r$du<7N1v#2V5~W~yb*uj5!JjxK zy$GQ41I?C}>B-F!QG{N_N7A)BDdVycd@Q^B*XsMVtb-G069w8<4q9DPg4$>q3ntq< zl?EcWeDKOxRu3%x(JM176y*KihVsq_spa<=FA8SzSDaHZ;mNn(}AUPe=apfKq(4gs*wXF5;%T?zeTx~`| zUtwvEK^9v&fqz{F?ow;0!rLb`>w=nv1m-L}(_-X5jbkje>?MgzM>65RCeXO->tg9>GL$eb?{qnsxCoR zu=P}82Dgn}L{*YEKHC8N1l5*x9zlAg*lS<+iKWiNePFO|PFWGqu zonEfP2^x1y&Pw*H$>F&kf3lMfANP;8ju{NOdpj8?aa?Jj;gZ#9^sA#lkt>5C(>X*C z`YWgcL;f1-2$rZP`u{cbR1%Q8H*esWmx-vtHW=ZYUXn=F)yQVdWb$=yK{L9-BlCOdZg#M#f-*^-p9^-<~M{8c&`;gD~taiWwl1I!9bS zd-Xe)%!=w8n@h^dY8jHQa0hR!Ry3HMq3vWtAp_B0-ioPt(vMKZ3B;;*TK{ ziQ=s-6Ue<6RvDaUy;9pr5HcrLhJMgY=qCEHETw5vDmFcpwt+tt$NDe{c81lK75O&_ zlF0Nvil#>!@)BPr3Q7SB5Q_(`UK3E=gG*-F^G^9 zW$ObcE!Au#PTj}}9yqOrkqQ<_jdTIi-wxOlr%d{uN7ibaT^VTDIVhk;qW>E6&)GTt* zEa@P|YLY=WEYLS(0aLH4wA)xiQ|X!l2$n*x7!MnTfc0@VDOvSMPSMRNWEiL$i-??f zBZgz>J1w1s2?dmcYHx02MCGHhsItM>6q#9A&Ceo$ht;-r>@XK%LIy;LNV7ntgY;^TMI6mSi7bb)CQ3FJohno zuWo$V-bQ~j91EkP@oTfP5h@*!RoD6%FzY!6k0?o?vO%5L&N4j;7=*!?1J0nt%Yo=OmO9Cqpj8tCDA9eDddjN!$q@<)}B1B)h^+omXsBj z8KK*37ZDYb(aww<*5%GO?v`fNjLY=rG1{t@>(R-!%f=CH#fgf^MZAK5C#{Nf4hA@~ zfDp7EY!)#r)POiAST%#(2xPtz(D!!JSsEp8hzEP~BZ(W#^G?fhu+L%w#bK%gj-2f`2OFhqK%l&^Sk4N*ux33KGrGrU#f}fU(dp zAhlH3TQQan)g0r;kVGO?r@PTy>hTs_j*Qu8qGENr9YXXs&9ehu3F3*$f%v<3%ie^w zIDoZ7Z@t#RrsldJwA3Ec->Bx_Z zA7>rzy{RD}G2BqB`65hcW7lDKHS1pm8L7F)ae0*^oeaTJsSq0SdqhLn6X=SuO}E$K zPaNkc;(Df0`?iCrQJ!eI zw`~GoP5@oh3@t~28Xu?EZI3~H`20KBp3Hd5Ljx#SK=Y1vxc}rGRkBeC!3FXhhMmIY zUxW&Zmo-qpW+v#0?E3+$;#nUQetSZy-ohvFLmy7MnZFOES3+Ex0=AM(4hz-xqPZ2Ka3%zS&~7V-Xa14LB3sJoS=6!L zKh2jwaMh{EnIF2at-%_4zGicM0N4nf#>W_^<#qUg6OEdb3RDWxf#3H{z8s?RIhunUr^M2A+R=ir+>s& z)ZcMft4xErq=w0I32(e(srDRG!c7i_g)?up6&Tfw^>GpdhjO>pwntNSp33Gq8?%V$ ze5qF|$?LeJhs#2;TD`nLK%m^2APJD}8QdIfhDKx@ZF`PargWvtC>q6jSKz+u-4IXM zBbqdAN;m-=95(H4Hz406>l6Ir>e#&rT(S>PF=IZ5H26}wecCvXCkO5ahyUd+_=av6 z?8hkicAw2)%Bdr}7GF=x9|Xj_2oXiY_#u4r4K}9JZ#e+Al!!fZUeY~gop4r?JiOxx9I`r*(n++z&n9aT@mfjsp)y%f;Vn}713 zTE+c&Z)ZPzyqtbS#d#3tema61S=w>FZ1zVHfxdnaq);Hvt*GfYf zu{zVEjMIGtlVAFw@BS*TL^mdB_yaV2@haaWqVLFSM@7;PLFz}uFb_Oe_rw`SrZGP7 z&$;!jvvYZ$akHbgi5VErdbO7e5j}pT0+frAZPPTg(zpBv#Dh7unxe1yLwnC%@}Rwm zoIvTbgv_JH^>CoBzpk&!LSekA_plaAw<#~-%8zR_Hy-{9YOg$uRvm0z$Z`h}}khZ_?|M1BPq!Hh>=#0o%AV$|dyV1gOCkFt-adJB0Kv*g_yB zHa9V2f2|o9mPpxK*TH=t0QorLg&z8J4Ut!6`H7=sv)ZL((c z(?DH?$j2bXG~!?j&_!T`fCPm10;2SMXv5co5S7>RweVhQ5WAerwm-UV!w_UD8Wn}3 zYjJ&WT!|JmF^x9nZ}r**p|i3SfV#_4z4e@P$;-u^{21c|7z&VBjh`M+U1hDA%%ufk zEtu*~2_mkG2cv`$kUNj}n3IHz!c*5-NKkjW#9$OQo0;VmzcME>HD6voh*k4K<8GB? zthjK|sJ6i?p!zU|9JubU!X1Tx2IadSh)|9L^e`v$k&2?Kp@nC70Xhm&ixAKWs|p@Y z*Fqd2V!-y>fOb1vtCTurrP&-R3|;JlF__N98Vw~+sccS4HFvnp_lAdH{qry3<` z`&dgk$R;5fz@g@KvY+p~gdC~V<%*$m;$kY?oO#_Q;hA0I;AZ7{r5i~x*b=$|#TII@h=a|NI(fTuomisc$ z7L@qe1Se{W2e#bs9b+_Sq^_t%A>lRw2}GC4EuuyOG`81(CW!SmMlj4jrUy;8vGyb< z5Yx)c^=o?Y4nmLzaD?pd4HPd2@BqpG4F!N?=j41V!6Cng?&=;X}bvFWkWmIVh zrQL)Wb-GS#R|p3X$@biKPdHOM<2;uia;^yTn34YJu^_qmE{Ws3*Cw3(G$)+BcP6wS z0*f8g+Tldx&f;X;{=DVEN7dD89URP3Q5&q;s6u+sl9i?hgT6jq1IyBkyLWg9!_^Xk zRYomvOD^(;+g?h4n%Ay<5}hnR|2;nz9!?LCJ$ol{Vzy(+glK>Jdu)E^_ur)I`@uSc z_%HcC3k3i`_}{%3XA>u9C;I=adZu=c|DQCrMwREc6M(S&Oby{24+0^&XbZ;OaxRa8 z3uPA|z<`F!tS_D-MhF4)^NLp?UdW4(A^Arg$-~?G_Qu`pUfIG(q9(Wn$C@b9uD|Rk zE+5r^e~VcnvB((UD2$Eoo@?UR}3VOvRVauodCmWa>E$06WGzO>!$0kF);vzYI1{9-D!6So3wCg%yz z)N4nmC1I<5+z!UwKdNf2pt4Bi0@@eWoPn-t?8tPziztWwtAeMZQK zZVlzaPVHj(-OoWRIo2ygYd7YH19#Sqgv*GKZLm)N5MG56+LkpI z@A_RgVq5sm2%-!tTzC46;QCW-a_jX=8C#ZZw@#)-S;N1**qJ|cu9S(kZ||s@u*m)$ zrg~H}F#^O(8|V0uy1i3))SJXBHA7T^vUn)_>o-2fJA1SIhqFic|DA@qwV~~Apa1|9 z7ytmc|9cu5So~+AXIp(cZi55C@3ii&M9?3L7pS=_thVxIqh^WA#Y=HB4Y-+U9Ap93 z!IDdhW9jGLh%6AJ#OAZ=#n5p8%*)j5;d?W(jnW7yqSrjspUp&?h++^ziDbE7Rt^+( z&Jqqckn2sU` zuvpr&kb+a_60Cv(5ZNQJaM#o(XIcSz*tsh2)j!EKzJ01Xx`GzKGvP;=?XA2oqOjo` zu77)-M4X=JhXo!>8J`)AAM>fMth*}Bsy{em4P=a9!jpkJ<4D`{#qg3Eo?S;``V|~U zy{Vk^v4GRIb6J}cY-e0rbpX+a%Oa>Cusy*^z_7~KKG8XV1EgZQBc7QS?P!C>y906r zcRZA=%$cF3e!p__qc)^s0|}N>N>BJ}c*@f-gF8Dm_Lr!j4M9CfdrNCH!OftqC?N_q z?lG4U37|MV>v`0bm04#OrDWWU5sXNpk)zdRe@%Kd&4X|n(5xv;AhRQVwVMJFDJY}9 z9>5Jhl!v#f48p|lw1m320YK|AmK^L2znMm~mP*ypC`N6Z+iXXnHZp2wU4t`K-L#Un zxVS3hi9J~fzv@CzbX@R6EIgz+_MjobB6d)hz#~xY#~#!h)r!ERFES(2A-SJO!y&)z zMLx}?{BO`er3Nd$#^|)M@dRHh*xd}kM=tB|8@2>`NatmxVuN5<>h|i(8YAN)FxP9U zA;d~t057zDy(!F)k3Z%g>98`RR|G3nFhdM~;jvSNJL|#_X5lZNgc#ACDnEu85*Yg`AeF$RI#W6Scp7yV*~OT;=pQ?=#CT9fX+|9#gvv~gG@=th4c%*pfF45j1{SkrUg}gIPbiOkU@hh~CW5+=m zjaLwKXpSl7C4)@(Mzz7r-RcB7s83gx3r{Ph zSnFsnuOk9Vw2tCUo1?9>K{b6QV7`(0$4i#`2l>JPWFC#-?^02cfQ^Q;LyNAB?qBm{ zV|{7y-Zr7Y9QcYUjVC;Q(pl8g=+yv4mR!mho!XhwXf}DWtAl&&o5Rn#8)NMFt zx>@lou40+a5*4qW)N?4Ggl@=Y%`Z{%+o$smJ-qby#j;Q{=(3pxl=4aJ`MTpPax4r6 z^7V$Seb~} zO@SDf0N_}nBr?P{jU0=dRfTMPq~Q%w$mQ0F%i8#4D}zYfA_>OoLFZ4Sg_*WC*L&86 zI_ulU5kCe@r5VL&hbv@fX!YSJJJs~hzhO8&qG&N#_;}V8L+~0GbLJK6uQV#*(>FF1 zfj?gRC(A+~Bp1AMTc&7UF2q}lFD~0O(!23hwnB}$Cg&Bc=dyyNF5{}z+l}LSk)bAh z0>yc|@|HMQR{q$TvxefG;!mlz#AzGOhrx>{Wlfol9Pc>eF_qU7hJP9P>lD;w?f&7( zTu@J3q?X5`PH*frYksDgvBJg%%3yujaq4BcvDCt;fPBOM_mct1V^!Jys~SoDeKzp^ z_b0>J?*G+~OeZT?{lb>f-G7v}PX>-5oVu&zrHk?O0z&_59C&`zM<(x zm_Eze?<&iPA4r_T-DWq*4uZ)6wT-?K9c)v}cxkJ+51b*yoM-kw_F$kM+Q&p$b9c@> zcE|r4Z+(u>&O`U0b0b)_DsP7%wNF9ii&e)>Xw@-I)VG2t!&#ub9!l#WZ&uxCX9thJG1&k%fm*-)y~VJ!wKxCx3^JK)_L zzL%MIAX`71OEhNB$HxMWhTDSoJwNZ$Zd<37IN}Ly zFVKAKFOVuuM^-yxvzfudn;;z9(B~S`gozb7{{U&MbBWc9G$Fu{?2UU z|F41kKeKHAL40ajb_X0NzNc#Hx+)UI2vARg33HNNIbj+Wr3`q48q>2kQIm#$>NUFg9kkdvPx)= zm=ajXMJZ+4R;A7*j{t{!5r#36ngh%Ra+1a26vnwB2cEp)e`$!RgS}`yKHi>Z#1Ov@ zDHEdP>6uz*lUT{Na_6_M}gM1PZI>}t;}`%0`|n#hu4TH zoKU66cnyF3F?aU5#Hk4%lVH4)h;R@!srFF$F{o&V=7@0QDMcOW8CL#2%{3ir&y#UD;nyk@YgZUX7CD9!69~B%0m~l%?}Fbt6W4p* zaZUTeWAetCvu}OEP6?GZy?q5j-v6hfX*0p+T~Ape}lsKre{cD7=r}YO(g=D z>8*070B+2+nA_h3q*?*`EHxMfofp;OVyolpxPOZR1%=?No-IIShW#cx#-VL@fJUjO*$s|m0dnbDtWhVTrk$@l3-ZC|Bl zS^q&>+LXUjH=1iQNDoy!H6ONKaA3>6umLb&W-Q&JtFMY z{puum3&3z+&@#qvXA;lqwTN;ph2O!fZHTln6(tQ9F*u*S-7j@IU3_F&p{3X9j?EQd zvzvZ-$F_ctBw*Cp?x4r8_&uQf0ejAhTlm_SUVg3$= ze`!ihU;w-dZ3%Mc7(5Q4<#4r}w5)tty=#eCv8NC|8l1r;Lv2-KM@?I+Jfj@NB;)?T zRTi{!Oi$F2RZ=cdTBfAd|1aUv0#9Rub)m%|m0Y4~^AmFB`lTyZq{umH|Adi(P9TpH zBH0|s5fKD1*uaeCcEAtm(1=!Fpm}QrAYI>H)Z;XJ`1ZVpE>RXp#}!H~QYRlPE@|KT zoMXyjb0|1($?=ELErDJU3Q~ngo>4+5A@kw3nQI%m z-QV$62;x$F3mR~>>u)C)MxgL*DYT&uf)iaW*Y?h|NZDny4+yAr|G8$;!#D`bAD2@+ z%gj^5+f|?0+7P<}+0`1Y=K7H@@c#x=WUU#S{{d6Bzcu-Pr-3Y-O&kpjtxbL_a*C3S z+|aKe^i@sWUOlo>vLDuh90Li5KXALW0;&ca(?ane7@qK(OJbvOfOpN?ob>bk{k;R# zr6>lpEVxCSEdx^rIHEIwgS_TJaTT_WKy$5!Rggz_n@l22oge@?*ey|+1K405C8Y}6 z@WUW?V1E8l%QMvF{lAuh`Gbo>M3AmA111rIRdA57QeixKe(705jWL#xLkIv|TT| zNu6Emf$x)%R)-WK;1)J@rE8UwG)PWBq!aD>^+a~#K<-zmHty_oNvPdCO#ngHL81)} z&3p0k3Upye+pTIK1yn(bH28Y_R!z} zeIw%d2^X2OQl>S1|qGaIyhMnx!J>`E7`~Pn+K1YGe>Q{!n^Gw~W z0c2F4L^)UCd>$|O+X5!00bQCp zf!}AnK(!VDmG_2B2$4I-{YS(i{8Y-jXf9L)Z(x}sdejAI%){>rXsobhN}4ENL0pZ7 zSRWv~atw*#=pm*{PkuZ6?(oxWB2*$8i6ROxcUliH3<~k7BOW;J1sG{3UPQT^U`SY3 zO&u~mzy&seBb4JBuuB3#b=tPV*S$Ijkw0`|%;0?KC{aL6f8h{;t5p#2MHi z2-I}|=f#ZmWi6KmHG)5m{={|X-puPzAN@GAM8Pw?a)zH*MR`gah8@3AaqxoMEQVDj z>(=D{eNqcun%8uA^gpiD$?P@yzu&X%g#ZAc{9hrCp@o@+t+Sqilb(~aqlK;6@6|d^ zma$u6KnT5kM-}=*LOD(~?y5pc1n*ih|av=_Of$8eOpN>4DI=*M5aK!947nRZ`rNj&c^Q|0aiX-7n! zQKKbMLAxgfMpn*%sTGkVZZ9Q(RLOb#LOc1EScGRUY`% zU#*)%{CoUcJbMC8l!4SSk)Aq zXE$rd>dkFs$pH8iDa|(YIf*j|9sp0S;is@Gwa_Czz0`_wyjB{w?;5?e*XOp$1;*`D zgim@)#hr)c+m(_pTM0JIGQYw}0l?m%e+E0BAM?&2A3>0xQP1x{|6P_jl&GR2e{<;a zw=7fquQ_C5`yb1P|CgjUceeRIo<}-zgA6D>yLIL-{HwtP1H%~1?h4_IzT6OYBvR{i z>N&KnIeoh;a3^dR{|{g97#&!bb&bZhZQD-8wrx8V+pgG7DzLy?x~T*Zm&Ha2#2zVAvas7I zWky$-#sB3_)LFe5^V{EJRQg>*7fp2!RvUDVE19c(RsT8b#We7d@gnP%!zKSx}M&8 zO_Oz=opvhA(IxAypOT}5%C;EQoVK7Pk<=>@jwIgrL*7D#yP#aYX4Lz+R!(Eo-uO!4 zxl>YPMyFEhb7BW(zD1Ha}U+tN} zA{@~BW6zkMRSTm3Xio0q#wvNn`R8C|MZ|5c)~G>ePIsp(Zus8^wl!M0>UI@?VRH zu1uTkki@}MP2}h-t^S(o+WQ-sGe1uvsnU7%9UBwTMy*mOLafEq4PXh>@wTAA6>(`$ zQ@Xs3JjR>4Zb2)zgoc7AaZwKwA8REXI;z2O1Mq%B4{&pB0+4SCZ!ba|(of+%(`r`9 zKGUHh-Sn3(2F_O%o9id;Z5MzA7#+QmgZP z9h7wGTt&Yh-?WhM-Nh_oKfcsr+ro5FqicvdmB(-oh*-lrv~yHxmydBlH|TbrFu$AA z$pI4rz5xIA0yJ%HS4`pa%KTZAMdBAk1HHn?O zOA+h<6wy}UR7^uQVlv-Nr;!g!fdEytFM6K(Hqz6mbTEGiC?Xo(ij8Y~!A%xxgoKlz zW25C`5XrVWiwLWy>zaY)?f%z#v__cE`4HTIx7{%bFRoerY$~tB-6B=ns)KbhFdxcY4SL4|AzT)TsXftxKZCElsDIS=d|b+7&C)j-Dp_Zb7?Q7yhk6 zC-@s-zGS~3e&c?wMf$Iruj~WhDhw5BoOi~-f*!quiNO>0-CbJ^uu$(V?(6q6;&ETi z$9Jsdyf<7d-#>PHoZixi_ZjvpLHd@oCA0m*CBX)HpG5> zxdYqi@7(`-)ewE%bijV{x)YfHHd6aPBzcpnQg-Vc2wgw>T^B&fh$8AvwKn=a>;1OS z4~hq|88#4gtYs_W1<3`5*dkx=Q}T7fqYg+94LmCg_SxG!BhuyZgTGbRHHC1P6;vg) zToBk|qGV_i2`(!NsT{Y`l$smu8^E)akFPbMta_aUi?&oWFMHjPOp?NZOjUD|nM2NT z+xb?tC7#5boPr`Zh-l+VsmYy|OdCt~#(w7qQkwGy?&DF7cX35eYf|&hz5RN#->1mx z{R{gRzO5ftP=)!U^H)#Y^v2?ph*C%SC~)6=@;E!^mlpRDDt-~r8^?W=@krL$dp}{_ zg#Bqj%=bA&9P61RSOY;1@*)*l2_AP(r#@kNP*%o2lvtk{kJj)N9vMO40b~ObLSS69 zqDPI^0lx}P4}xS+PIoxlToCjC2$3M1(-qr?0##G<7LNjk1}qRhL2&_Mu}uQ7%JXS) zQt#q2CMNW*&-f&qMj=I6;3s?>nz7ljYvE7Uq&0<1a`s3>AzbrnY8OMdcu zUn+eCq|tH8ENk#F{Tix}8qf>73X|_ZQYECG7JBs!=>1P4EPHZsGg&iaNqQ)Dl-}Ht z;3DU>OLa;svMn&shpSl^KDv}WN;y2t~jTbt+gmYXa^yTw)!11##f}N zw*xvn4)uywsQvtv0u*I*2mmKrbbgFEhE}M6*k;JGx>gVwXJ=#MFB+j1ONpZAsb$Bb{m!QKxx5*|sS|9Jem&ls?O`-smhyHu}&2ZI+1NoOQ540|f0sf~Gd zYX=2!n3muStJww=d+&A*kVwOrXCXv9cV`#Vi*h>Nfb>z}qjAn-@K!oL20w4!(pN<($)3PjRgh$H#A7 z-PYi2~97j8K8OA-8+=~F8Lv~H!d!8h*nW;Pg%R-tMPJxEKa5$ z>Sv7LAXj` z$OIsvGvhxqXX^tougf0ieE;e|MqIXA<$sbD~lNGbW&#g>LDO(#>}S@|{N>3W@2&1M7KnY=`# z5i7Hd1&!_6jUGfZa3C9ey3q2XRK7~0yOTYDa}g?ealUuMT8iDpAF z_W-s>Bs(2yO3e0-e}N@Gn`!1MF9bQ5LcZQA8N#hag`?>fH*^b$@@lz|Rz0P{g=CB@ z>90Jy#e9z#cX$A%4I@y z31g7Aj)4wh6po{!L&XIj(5RuTw<@LI)2Kv@U26By=gY;Lg^3sVW(jj|toDb|s|l<4 zkV_VS>v5tT?zDYf?5(Gq;L z_Y^lY(KVrG#o~L%qLdSKWtL zeUC&t7pM?3eO3ASBUiZ@J-3=+6;-i1b20gNaxaE(DX+-ZdvXLGQQn;1*P*Y2gJF}# zICEf**_XDz?^({;rXoEs5O^MOTi_B1P{A7cS87CNHqR5sK7b7_65)vHO<)i1cPea_ksG*z?t_)8anJb-7pbwz<%{`K*9r^m z-mgkc*R2>=8$R}#J1YOSc1_o>X-l0p$3>uaZ}fUvP&4h_Fa}XH+)J9-@UrgMH#4yX zx`Zf(+oo!cZ9Cx~jS3F>??Zv2;J4;0sYW^Vz0Qs|+Sax5P-f=Yw>!@i<&i+`4>@P7 zSkXK#JfEq5b6nqza=#6JDy$=%|MpV;;rjl6doF_-T6SyV{|uNSM}S2e!~97mMaLxD zJH>S@)-5wClt~p>R*dYec&;Wm{DnWSJ*OgVtgU-emB*p=r(e6SwY`q^^zj`3hG~yQ z)4ybrDCD9fM1UL(p?>%Xk)AuvK_hhuJ;~gK$xGa{dzkGorg%zYjPyCDOdF*e$ywjM zp0~{Z7NRONecPKm`GX|D(#W*;B@)_m9Hu>qkwznctuUS%#~)9iNTUe&6Q=1T22dqP z?su5d9B=&Ig(p*uK|bRsC6WB;?%YdFcY0E#Q>Bn`fObmF<=M@2`B8!8QoM4#19b)j@kvtgQ#E=do86|->Z-KVWfWFWY&0!f)kwnq~mcwpR zt9e^vQl6`hH``Et`jLYXkq-Tk#&GI8Z@JZWAv#IXTOLx z%Z4`asFER_Ns&xJ5jacD59)LXRIAr7R|ihFIb7L9TlDNZ%OKn?1f7%e0pu?9WzjV@ zwRPj`=jU%NR__BAT=|f&Gz;531|sNBopWrfafdNI`s3>P3xzVgf&}X!xz?Jgm-Llb z0RJ%CQ?`!_j(*wk7Jt4?EY76dIeBJqOr4L?DH3>v5FXQNd=dD1zdj&lcbSY(@;EYo z-pJO#BK&$C(mpW+Y75Ji(pu&vwJ5eAsNm%|nzcBdlX>QH5Q_FzC(fUmb;&XTemHm5 zvTc$N5VXsfwpi|3m(jt9=^(dp=gpQD6qS6Cc`0`>XSSx^hb2NdqfQ-sa0>i=xwYCJ zyr7wj{0kElR!{-Mm!B$|SvM;XI?r$XYc=(=M{r~X-#oR3C7ldNbX0CG3!DkA z6ngQCco(YcVFgTX6wH`~$Ey5E2&0Y?_V1TrZ$VHJ3IuMvn(+dGvC2NMrE4K+7+#B1 z(yX8mL*tugiAEZJ!I2SD4g;Y<6uN;~<}A3VpeV04F)w3p8i@0h{RaQ4EkzGTv$Z>F z;mnqqwf`Pkf5PV?=DiT!N4nf|groXi4F;CLWBz@EjE=k(#)HIrC*#0DHV!e8#tJxE=q)tPv*;tNK%}!r)(jR4z&Hh`a_Nu8*q%-4tg&(H`T?RMrW;zV9%7P4<5`dy5Lhy4hcr0D zLuL!t&+zI*?K9<`9#V0TUNLdyTA1xSA_g{HqL1*fBnc{2zO&`7g7yl*+NU)VDq+#e zHc*OHKu(ZlY9bbZf_fl_Pfx-6@hN@3bz#h39K`d{gRty|%C0ZSKO;kNXwLB_*&?hM8vhzh4uW1R0X5Ltksm3JnJLLOrCfOF5`Q&s*KaLv1IVt>J?twAKsUKkmn#-&6FrU@R0Q~K- zly4uwHl!jC-Neq&e@mk1Ew7&HqXZwC!QHQ^I2nmo$HMUm(nW(voG7I7+|xm8|!4x2A!Tfx5cqVzJFvzkKZ zOUe;hm{oo~CdNG79$NTf$Z~iYHl0}{7=ImpzV106lF^VLrEP{*w6-&$nsVNVW$KmTU) z=Memy|G@_IKM?80CZ-0?*8eaAIm>Xv^%KBsdPBt!h;Z^3%G%h?bP5iNmlDWZhiv`g z$XmTjHhcHRv6Nj|5(!ebmmpQ^HOsM!hSbMtaV&s8M#ar%>fz=(+Vm*i(L}kAS%uaQ zE%sY`yAv{tFffPGIo=Xb!P`E{<3tJmmF6uK9Q6Su!=YJ~B-uEhrnbndUl|PhuXWSn zSS+#Qk73Ed|C@3DZ;n2wH2z~;gpOls)x$kW1(KbR1!R7O0Vq(f@H)KdsS6?0q*|CNyZS6_N1Ww42X|WhERkY$DYZ;MhDhuZG||31@}OxPy?Vn zrjT-ss$m1GI2oHVY$xBDn%$myVEh}riiR9}0o#-3sb*5JuNX!u3PT%{bf)rG_aRp3c zb6H@Zjl~O>QnM`cchl7?E;J$#nsJ1t{2zv;J*yuIS7{M>Ckf?FT)ZIcbMd)@xqhws zGOvuiG-s%wZYCttwcM5f+B}vFpg+l2hUW2s3prlsh2fLnHSnK*o-W{Kbn30u?LMwz z<$j-ytQu!_{M}COwELcFe977L{qjpW@KSw@Xu`J2l4X*C`0Hx zrv@ACbs!j#&2VCjRZ0iqbrRUm4(Q31Su-UHrwVm40Qr1|D_v~5;1GBJJFvP%gA*<7 zSO{y+m_R8N(5hjE7KLa|wU^pejTsRT;glW*uB^eMWHDvgq?K>d^m4}w zM2j@|LZY%kMg$@0K@0)Ydnv#mg^|ZDPXs}2^r-;Q(DnJ|0j*~5fCn!}v=(w(^Aa}w z`E+zSc-a1o{|j#aXdaO+e3E*{5N@N0GlU}E9mMhtp?7t4KWENQivo4E_QGd#NPE7}DL?UN8f7vO40^I#$$Tni9?eT#LOb z+>YZ-EwWDO9*1?K@Jfpp#^3T32@PfBxJeXrJUi$kZHpZOW^oO?S?q5lB;ZvbAS@!O+r>-!Kte$(-{+MzY^WWe;I~%7u~K`ZLGk zQ_BfrwLUsts);M)zkt4;8FpYTCl%akgvw7vGS#wvUpaY*Eh_zph1u&#Hq>DjhaFV^ z8K8_z0h-`Kj~yGF<1d1dJ`IwMD+Cfu!_>#DMw$;TWsUCGnhTUNL6!|BNdWP3oCgYm zHtOg-y{W|M;w~HD_QCH}sy^oF#CHyT*B6YI81t2m)GGgMHlDIJwC5(yEc+oE#CzP* zorjfm&Gi$;|4`IWt9~6Nfr1%MY{0Heiq@oM38;MkOe1~3yRg&1lh+Eg1Ex2)hA=A* z0IuOZJAyoo_N;|_efp3Z_?*A(@O|G($(L~gIUE#y*7j29pv_=)fof)Igk%Q7$jzFo zMCB?T7B#0LPiKaz&1>?hn2ZMtHyq&i{d>CB?8I4QWzUPBJaoW;1%oz6bGaZx8)%AV z;VUUjZGZEWw^T2_kXTe;$x{|R?i;Z`RDzrg_q1>0pM^+4wsz z_1^n$jzs(@Ue~0MAHHW}D7C;6K!s0dy?=-9s&@xZ+)J!?lb;NcFFU1Kj zJ_RVgvuzxs$`9KaT%F!$v$W~6EjcjTedP+oU}YmX#7m2;k{`>QVF5*;o(9dWl=G(K zakxQK92Ok&rw0mhh6!bxa&ZEL8xvh-H_XnWDcEJZmfF$^!YdUw3mhB8}I{no%<x zRIFUrL=ir#^cWGN0JTm4fq-4+1S1k!EcTWxJT;Ts{;2ae#oqi1z&-nVx}w2Y8lL66 zfO9l66{~j@Rnn#5KP*j@78ge!50HAPIAm957+$3c+G2L0jld}Z*uX6YQF_RdYP|ph zJo^Zk4!9qe!>^9#l(NNuXE3iR5ESnEEr_5CNS`u3H3RtBA{q?d2f8S6gA@7F&UL#) z+qX&6cZA*0Y_%1QU)T+^L%MYzwcfpTl^Q5h^0~tkK7gtITuS_kc zS$|7gJV-iLW(5lssb^gSN2RM->*$5_}F z!Np-UgkJm^;+Om~Z=|`Q-Ul6OQWl9W7D*PRu?XNo*Ou}uhq7oGXk0W(-w2D0X!Q?+ zB^9A_kAn=198Ek3LblMlzyam}Kw3eVOm>Vwz$Hg!%bJ`&&#;a|AJ?KQc&lssw$yt5 zrQLD<*SY%pXt;NE-Sv9f_wD9>SPs4W!{ha}dHeh2o_^gUeo8TXX}4-Xu1>R#gmroU z3;FYTFLch8{`(h4g>rSYW%bhG)eJW8hv!}nSao-E=h4MfM@e6*QD z7h>KD%hjsw2*qVHdGaili$&ugQ@&W4#bfsG3{Aom)>1&xr$MZv_D$BFKpUPkd$Nf_ z7NM5JUzziu$eMeRysfx{GO$g!ZJL!{)@<{Ia@Fnz>EP9jeme-VdJC5F<*RI@3}wsq z7(B#i5b8j|AQ;jQ-B%2EXFCG@zj=nk8yCD-9`&Cao`~FrW9CNsty#Pou_O0cJ65bb zXs=hQV5X2pucXJU?j{ihoH$3>LqTSh_B8ZT9qG+0sYm?zQlSkz8JXx^vXMTd6HE7MkJJ$>xUMo$R7cSAOX z1RXJ$b6E*m2X$ud=>_z8rr;eHLUSlmjJp#?#SCbk8Er&>!X@>Yky5hxg zmn)C7QYqOz6L|)R9T`NiB_Jc88zY!HXqCH6oR) zgbGb{!UL|Bs~{5|V9`YT1@s)TD4m?}+1ZO0b*1NFuuI*Up;TOPs2rQQ>+9R>W&bR{ z^U-c*q{+BV^xo0Qe;&#vdh|413!>614VTw{xrqLaz@tjVn8jl>lyO3ob8>3WoOJV_ z#lf^$FoGx6#qDg-KAe*kqdkBp06&{&trrY_O>`5+Pj(_Udlr%SE$gU=KnlfKPb)@_ zqr`W1BO`ma+xrHjXCE>B&7q-1Btwu&P}^Ws-I(|WJaMg`0LXT#-wOcE1?C*yroPx9 zujVV&cd_7@i~J?D;R~MA5eR;Ki}83)Zu-aaq)k$|w$EtcaHqP?eqQp^Lmc^WN6>$(v3SUV0o!fHCz#k_EK}$ z!exH893&KUJ@f62`Ah=;?aVnfs>_-z*2DLB#XD~(k1Z@dr#=Ge3R#6dC}{x?_i@Ki zjsq+$B7TrxEe%L^nPy*^&A~Z#$gQP`kez(xq9e9jBVQ;_tG86P-8NEQry>q(#vE}{ z`QAL)=WDHsQJOH}tt{O$`dT_u|F_#8jr&+n*%5Cq@)s~dJ$2yP&^IUcx!gg4@qYPT zpsE&{-^5gd-{6&c1S&%q6(Y5X#d7BK+`Q{kw=`1N>?;RuJQq1LEHkzn)gp+qWi*Ud zTww*qXO6nwlUey&ACa}iCyGmt*dO5ZGi(2rt9;ffiqHOFE1Z7NQvZ36)Y#d^{wG*Y z{xp5}n~;2-tMwb<A-}Uu96CLmB$7!4L zuwy>}D!PZ!n5K3w1Yl-s7Hb@=WK9yAS* z(wEA^H3f%Dh==X-as%jE*8|FFq^K)NV4|oV456WvNE;S3&eBd!zAH42_=Q1$e`sop z7gg+a1#~G>a*dGE{tJDf*#NC0a6)F+E450aaKlAM1wWA-Sp+ip^seXQ zBKZLXmOAl|7d2^KSkq7`GPZ?3X+_w=o0o{HBCWXM%#gZbH4sFG$jju+kpO`_!i*oE zqP$Z_pei!-NES$W=<=afoSIduZE&)LO+G-^6WQl))+~G)J+g&oi7TG5K>5pIqxia*zjWf0KVKsht|W!hE^&)m0A34fD~wM zcH|NrMQ^pojmQVD&^3`x;b1!x)POf2;X9PxL&P2&4etf9cG$Jpq`%Fhm55QLs_wrr_|4jJ5Yf%54vt`aav0 zfNKroB3N!fY7c8Dl%3tcLM!ZfNE5tm`u|4abSEYa0n-(V{#iB!i92s;nql)8KY&q~ z@;Bbd#4*d%B;5@#48stoX#)wIJ|)gwg)u2G_fT3jSaxo=1Lh9lYc;rPs6)P2$RJNh z>Yz=}g34Zvd^*;bG>&|>`(xdNIXNxBx*mD_xREMem80MsYjS_VJ%z2I#(=DpA+0+M zVbiy{dsajO>+7B|rZcm#OZ!K~HDVxFIy_cY@dixpZn<;Ku|YNHQD8%+=m07@py=s* z*IW}NZcPTe&q-uIxisKDA-keASo{@F6ERT z)P9Jf$T)<84HW4xH@!Dlp?+{S>nz#l+!N@g7ksb1_4J$8itDBZnzO2tr4*9Cx)OjO zbQCLmAv5XZi|B}l{$f0gViojdae{EA^CefQ52D41k|)snruGZa9Rp$@qmUFJ>M-~2 z%xHktf_ET6Ca!7)jEvlmHL8&WIi$YAkrNT1je{ys;LJ&8flC;u#5lA+(FR6odpp8Ww)ee2^yY zNnvrSI`pVoNlxa$L8>>6AJa%5vK9=m*)^G+O$v>Fb+{|s%lRO*fV#@Y3{}~F7lf|h z``a;7KFn6LA&`+O?+;$+^nfSwT^M34g?1ZpLlY()Mxa(8lO#ZA9+ceP!VgW;x*w0}3(=nVUzU`Gh} zFF|C(hMaZ;b#NqI07RZ*gJe$_g-4fifd2&T_#|Cxt4w6ty0irygm_>q?IE=UlNSVNJn>A4sD8q?NVpNR-3Dv>05Wgg-poRk@?v+c#7 z0dZKvkYb&7h>H4AdjFPbHXuji-bzY%2T-3K-w9P3)l|w6W^3ibAN|4j+l37 z@gGI?vZAmF-b)YKzxZ!_y2u%xNFca{EHD>D?Z zRd*d}bCXDQa^vxqa_jQ_h31ytby2@KEbuJ?lE+u=MK)&!) z|Eu%fc95AQHK)*Hxfm;AbhJzB6D}Mn9VzGvLtMAP1;k$n6qH?4b20Ajco?0{-Rl+R zyRWc71N4PE17_ zFRqMdC;{=Mxsy{?FZ6TSwRZfQO7Bl|2YN!@Y2%tJ-BKKZ`)R%KsgCFQ`Q$}>m>99g zrvHn&343Vc;$?zY(uvpawQs1}-C(@SyE2~^PNC9<-V6%Qq^QI9GvKob=)DZVaF6v5 zE=K^z^3ZhWV+HK|uf~fWCQZVHM7;L6Ef%UTyh_oWdCmG{c%dVlgnCoh?Fo~mbQ83k zoTO&c*RkVjDKgTK1czlBDP7!_7&SKv-$u=|3Yew6gy#_h6R8hgjf%~s>%`$UZD(yN ztNY2?(F#;incLg+usaMtLV<+;xo=}{Vq)xU{||m= zQO(Bgj1A=<&FdC?B#d#WhBI8n!p309^-#~^&8vPgl5q*yo)mrJ^}kLk-|x}k39CY#>VXVd(HToIZ6~Gy*uZN} zNPpxbp*}q?wwYj)$eJj<78MVm7F*;25l1l={04ToxC{mTEU7@^wC&Ve7pi?D!AX(~ z1t#~wz(_8fxEM){M_CrJ{W#XmyV*|>yij)7L~4~0W?8iWorU^X5$9s%6#e>VsJs61 zQ2stix0)R6lVd{Ul%{^pT`>h7yJl{j0iL_A#jRc}|{i0Sh`3uhvPn!IaZT6>L@m_E+v_r19XKAxln!#6w}f zap{QIm-QB>F%Wxjg3H?D5I)LJw2-k?_aZjYjFYwqGm`X%wQ%Sex(TiK&QT;B)XOCa zxmBUm+0!sBdY`%bbK*q6*LiT{U?F9PM@>hT!M0-HSMJButx;_LjrBRwKhYyisR8PU z=xED9AT->E9R;D0X*Yqi(vTN>*Gw~+i^xD%8KBqY^_6(<*Upbk?08u6EBE9MG@-rgk1K$wv(i>&XY(U^vmY!l?&Il&K~#BvlrVotk}xdl&dS>9#7Z&xGitF!ZDDE zZPjsm%*xg-cbjn5InMDL45Q6=-a5B#cczR`|Yy#U~> zR9a!}4Gg3|gMfpg&7x$D{w}0g3qc%j3RNbTuMhmW0*DuMIzxbH>>0dt>jYk?0BYeY zVvt1tGEL>--^T4yxck245izwVOO(Gr$yM{&mEa<$I`MVR7|cZd)yM%suPYXAy}v?_ zU^0u?3AYHoaYwfqd9c8uj!s)S6WHn1k5osc?>@ztT^vZEm@YF*P)a_QV zeot@bKO|bojJ%$>SHH#2i;`!lX0m>#)r)>BnPruf%M^dU4`=J2AC;=L3}<^VA7}V{ zk4nmlyI=7>2WZdudf2+Ut=d%VC^YlD->i@M_%h@E-a;bM6l};tR8vT1T0{yeEcMC_ z2v2^)8Ylb&!()P70M(KLIbU5dc2nbLqdYoxDg=9aF9;f**$$JQZta8!tJ|o z{ydz2J=DLy;VZP2)3jTrSzZBTRvqW$R^;XKbRF86Nh=29)4SBAt4CfYs;cpQsZ!q? z>3wne5oFK}ZCg3roT269)ygd*UAvUTKD|dF(NTsI(iM6dnIgx86IILh^=~tTd()dTQUfj2tbN{2I*PwHT(B}2$d}<5w3}|M>H5f>Zlt7Wb3>k94i|a zsE%XaF7Nlfw;xtAXRR#C%!D443uD7>V17+IKIZ$WB}?8BSi=grL67Dv+B1{PSBcrj zEsoaSjz=P{#>&LmfrA+J;>xao*yBY$AGMDy#XJlNo`3`Wjav!flZ=s1B0X2pNwP0B zHTDZ?K#kwC!!pV8qID^q_hHMfA;4)DiE9j4C#W>l?UBMsMYAD}r4=`>8E#)EzU7#^ z5H-`JGR8X8Nk;p#F=SB`@CmP?Ta}97?ba#G9MSf*9l38(>ho{Y(P%eaW2B!}a4hzJ zn^rm7TKuyT^z&;wHO?I~I1s+Cx&?)bfwPgoyOD;OTd|vupFC2;ie-*}kzk5~t*Qnf z3J?)KzW8>d!eiI;%ASY7`^{d-y~n$#6*0%W0^OSF=HHeNS{vT3t(Y;Rv?xRLfl3Zl z?R)|s6(l1$x^W#uGou?sA26G0d)uj7AMKI?5ojvui3J4pp-kh=&Wej&=NKeUr!=M? z>QCicbO95J=M^d~y|aR($P9@~8Y7{HlyX~GW^(KsE9=ez+|F8%$nNLZrJ(n}BqZNu zmic4gKP_`ruWk8U6*+<<*5nBSt?R znga&y96ms*NQ@?^m2oU9n<$=&1e#{h^=m?{UvVA`BkaZS1wmh|9olK9beS!qNQGsx z+!9k`8_pDOnSab-UX05u%pLU>ns(;P8?A-9M4dE0TKVvZjA1R`^r445LX*tlcu}|u z&bArCTPN|YN%`XHTtjmR9Nx>&&{o0Y4UxNsTbT-}BqCzVU;H|6nF%*qcm9Ddf6!Sq z%2_Y+WB_K*W?q^-CJM@%9VXv`T`NSB(SWTf0ienAGTLi}R;W}valHez)tGdsO{%Vp zpNmT6a2SeYqbRb!X0lO*VniH3py@QO?sEj2K)UrlKn+&6v9Vm1gM1_v(QCKxkd^teI@6^zVt7P#w$fzB z^Ro(lz>a4pEk5l^;^N40VlPAI?Slx$O{~z_TyAW2j8N|sAUt-#0~b!yB|FhW^xhQc zVV~%Y!odU+OA2w?_hrHaX8A2>zg#GA_>$GRo}#0AxFdODP(TP&hV2AqNY}5{bm!SDn4s{7y6*>hAM~y@>s+idz3^Rg_oH zMRO)w3_pZJc%`J+sN2mbLsa{^QGjD350SyeU5@{CZ8a0Zf zc_F#An|h~b6NxmvK(_8$Ay3b{@M~H$AYMg>!cUeuZF_YtUY)S)Q{{$V2ql0pIE-X* z-g#&LyVwQE*ic1))==#x*rKUtysF9BL~ump9*rYZkvTEpDB>{6N}HD3!FJ~*Np>$W zL}Hwfn0^R5j#&=HT*~TZM7dyln5q0$+>%b}tS{QUNxA}BPSk{R79S^f^ZAsE*j7M+5VENTGWLylu`LA+* zlSE4}uc5;of*&x1o-42OVO)|BhyWv_WH`IT3#t+v#dv*DcV3_G$@|1I^P$$9fX!99 zZpiEgw73-?#U*dA(}KqoXk7i1oo^~7jfIXL6pG6eFiO+&&$;7wqLFjPX2vOM-G_Ht zxNK^F)vaGxQK&zwAy3otV(Se!c=6GcZ8yWX8Hs3v=P|nW>ju1a=@5BU6Gll@7B@&a{bj(LIrDOQo;>^ zlvAoPnx@%HSm*ORftZ2HtIw#0pr*vqaX2I zY}wJx!``juebIZ6Z~Zqm_u7dipY)s0g0ka6NzpH}|8QaFE>Tvmi!~m&yC8ji?^T+c z+H73<>EDV3xH&M9#-AXq|FdCA_8*IcpT&P0Jx4nSCp{|@_kW^_veZA@|6R{&!n?7m zWl#Ehtl_|dI2d9rGD?Ter%SXtlJP*mm)%C-Y%9P=oRTlQxfOu zx`}HXE}`#IHB1m&xM-E}M&-pYG{o4(C?!%BJr?y46InDNNRDX);;8E9N;>(^XfbvN zG};BxYk>W%v6%T83C-B?H0(>ks%00Spqf2XtA7AyO(#>sQ7#eJ7z>a$B7RpT@@pU2 zVPumCFo2ncwPOTU;}2g{gxad@vYx=nX)#*i4OO5j$W{b&80Lnee9-hB&k-}~%@L@w zR!CsEI_vpErI0raK!aal-X(g5Y?ux54p-nXGLnf$LLwXWjieIjNXo}RxPN(N@jZWx zb{=eJ{BaA0996m&&uydp>Dl>rt}bhg0l?Q2|4}f1^@LxJ#&TV((|y-lD#|^9_mja}dvU_F0nK^fLj@9oohOOG`JE~=}tb&`?|$`>zJ&pEU09c)8qzgifO7H#(1oK8Zwmi z+4eJqhxP^iSCo?fd7}{C&t%H@r(6Dmlm7q0tp10lQk3fdRsXWbg&I#ScILI_ugz>i zqo{EnoYO*tD5EXb#2rOAWczx~|3KxI2*m=lj>{A85>uqi-1I{bxwI+{0_ZHQxF^7$ zNp4ij(-P}!VO#SI-p9hm`9&+LkeGyoXnS$EL>;)6&b`)A(Wqw4aF|cg8s?X+jk;sm zFP|g=C2OGbri+^0i`*&oh+c`w%8iJ=Rkd7*q)wT%j9N#nktaD+xmjA{*H7`{f6dO> z;`n&s6)^n(9?1cM-_4T8c7CYO4!zSpz>5;l5M>&{4;X_~_#BP6MLD3N#M;MgQInX> zkG6)wmaQIie9+WtL(mK*bI}{?i4ounjy^itqLHKoPK&_!>y#>}&evT2USM<&5iS~y zrLRcpNhcEljF33(m`j*K3Nc?!+!GtM;`Z_lPBAHkXSY4qj$nN8HnuMO74N!Yt0#>_<0j{+*UbGRn@*MF?p_shX6T;qr=C~a` z*|$MGuHpgt>5PZ-eG;8YGw0C<@@K>7Vsg8@T-GT~PM7jnmneu!TBbEuH4+wxE)c{VF&Nz(vl`Qt}=Nyqx8-98)J6(}W& zoDh#fl$N20DDUfb%F|{3J@SKE8-Nr~NFa;d7zb#lJJwAK$o+kI0z0BM7+8&vw zt!>OXe7vHc`S~br&8>~p*-jRZ9Ljl_m!7-Y+eJiAsSRow1c5l%J#27mO>5 z2D$)yea16cjj(2S2!*3f$sZVYb-fNxtg>8o%cYelasIMqpu$!Yuxfl3$9sUgi8{_f zH9&c!56kZ*cR)iC2y2h(e|Nts)5OK#vGqD@W|bVtqhOCHG16g=vZB}`7gt5Rp{NOp zXkViv@rH0WG!wt-SPjWg0V0jz z2+V6-Bx3m*9Btbge2k$DE~2T75)L!IpUBpsLIdHdfZDqwO6tH+eTs8m(MAfL{P_eI?RFL$oj52i}lBwSh@7X*gz&-9B~_iusn2G^5r-J2DyM1 z{a+T@-y@mKJ6J8w$&)ox&kiKB>K?ihoLQ=(-^yvdMu*$;G}7O+lUH@*WI)4{%*e`B z=CA=pvbpqn*S5QrXyk^dsqH}1zIp9nfg8wcwS1t1dxwv`W#Ad%$e`TH6h}o;&&vZm zlDF9fnfA5~BIhJDe`%j0m*;1)o!l=V4##va#72+(tEr%G*FC8)shthi z;(ljWW>8X%twNa+Nem5XpY4#+WxL)@Z)Q3<{RVWoK3l8>&Uz^=V)@XR+9dd1?A3qT z#Bb;Z>gQ#yfiG{@EkQqTE>nG=02E5)016%lj_n7jaY6CJDS}r4a1hVa`_~ILCSm3Y z_~W<+a(I;*v({M>%zr2syyP zzs^g8$$zT%7hxur=>E=)_KcJ+8XoN))87ek75#Dil-KwTCgG6Z4qh%EA<;7v{PwGJ zYyB$&Ok|XUOhkwkBwVTbX+z<61CYJ(MMeSDpO71jbPWA_N;gKwn^y_FKMK;;8wA+qfi^v`Z6VF4`*jEv+V(QFTTTz$j~0ns#TNP0 z^^tTIG&3q>bn<=<>0*g#^Jx+o#Ozk=Iy0GQeVNrP2B3o-^l%&Vm^9CW0iIo!QpC~8 zVYwIzi3Bq1w@y|XY_uY&ShcLX*Ot^0&?{HZ;MlMsPVdYf%nMd8rZH^WWR^I~* za-^zV73Ta)6%)3qt+;D^Ty)Dz9osV7oq z!hcnzNtW1?_My=Y?T2dN`IjQ%ME8EKD^u36a;^hy*(U&9;vUGg6$hck%6aolJyRK+VD1l|PtTl3<=&EgOhCj7 zE44An8&6P}(25db9!MB5qgmzoaj65_Axzl&`Q7Wd3?SD0(Fi#X@PNTbYokuazA;tY9$1Z2^sVaYeVq6DbE6% zADpCSvaG5OV{*G`c1e!>#qf@9Vu5}kjeixXwTWl!t|*3DR%=q>VxN?(sLq(~6}=N9 zR}HFcRKC=>Hid=izLg2<{dW>QxF6>l*cZ+0QF*i5qVuX!!ESHV`3rh2_O8y>T}dZh z=q8kTFr*6H(7DD0d&4ucZyo=M0d*KlC{n^$30IGMWNZ~2*01b3r@#VCZxTqDC#g} zMb&S5d(z-y$w|s69kV+tIs$2x!LSRnU6rqt?B|kiqFCTa&sqlcLAI*Q)whATgdQ>7 z-}K0LW?TuY*2UKZhO;$BQMUJ4&hm;1z*07yViGM+5;uA}FK$~$(@yePHFUoIdzToM z9(?EbTY8qU4ew%;v{ZUqp<#+x&O0e_TK9DhE0%op%=Q_862afOdw4MUVs_r&s~4)x zSOJqO#!(i#d!eCmjMv;ggkGYB8nK%dzG~LoPq!~|P#ehoCKp93N~UcGY>wzPc`frH zv}>^evL*gv_LM*scsmy{wkqtf@QNJtmQ@KdW- z19xlI{9aUxs|{BWBlu+5rCY8f<|0ih{MsW%L@)c2FD`jK@RquE<=3_t^@d&z)O9Gy zbhJ6vgxeAx=13nORl92xzMQ_t>>FIWT0pJq7wG?HN!*D))xKxuj#6+jcH=fnnbgbPA_Q!_!Q9Q?;zE~}8 zCyCktG7QfMTgXoD>^Lm3(7%>%KcCbZ>B}^7!CrI+zozte^`PdtI-#wS@lPOKcfTij zrFvGV1WOz;d~(Cfe6++U{vys)Ze-i8%Ya3fnExXCnkpdMD)Jnx5`&NKMuLhom)YBrP9X7_5d7Hs_Jm%JcV;iXi5^igbY~ZGWwlaj)Sa3j z+E!k^3P;E*qMd5{cln*&?Cc0C(PXuXd1b7xASdL(uvl@x1aOn==e!@-L zIF6=Cu;4Bty+j%*uRzW>Bn#Oi>CXQ*~ zBgSBkkPZKH`^?H8-;X4nUFa0z4XdcKq3q|P=%OcH*!96e%ptTM^=LxCqO|gcUnWlw zTR;eCMf%P2HX|7;s^mioNHNpZdm#t+$55JC%&;)+9o6_3qI0ZMKe;TYW$$Q|K{aK7 z5t9^`6W=RyI`S$YG4*G}-Sj8yPnqts6HppC?ouEyNm8povZUONM<-$MlE|~uoWbZE zO9)A~l`#57?CX183;~W1@UGm9^c(E)GMy618$^M+LWcek2HGacDUXz;nTD>|q>uTf z0I>-<)E!oz;!l!LjbPUZmrp3H-RUwz(CO%0kxQG{I4I~aa6Xf&BlgaO^suK}Vb}WH zwOv@@nD@>9;-5F;@ZNg1>YW9SgOoKUTsQQx&)R9NMt}Iz+k-Ya9*u;Eh&iYJ`im zhJ>x%5Oxe+5gbTB&D=cw8Ezcg?pFsx_bTFfA9!eN# z)xl?W#o@m~>nzhX&SS~;bjOExQo#l+DpQJ*jzI*;N$Qq35){L&A$Rao!N{F(k0-64 z!LnyxE;wv_r5D!#M|$JDnI4i{>=H*$j-;&sX&5HMmn0{AI4RsVQ{I^}m7?SL4PatC z5$v5f)I234%qV5@G$ro6IJ6!1s$*CDZj_(Lyu4!`Pu(m7Hzt1h5zxWQ_Xjg7Q7PZ| zci=1FIzkv_N3!=tRVnTv_B9?~)Uz%QqL=J7B&ut(&A{j7kyVcB0&60h7O!(%_QgM> zg-a8bOL&!&Wz|!>@?uYPU>WP9&!(mCfU&xe8qOl9DHvaI>h7b3Z%V#(*p7jYU#Z z^y*~Xt3IXsiO-s>(@ZQ@+4&ztYbAxxW-LJbn{i*+Wp$`hrTTc@&t zZnKA&C|_u!Yr#FIB(PuGI*wu4*4spmrQ)sPG^I&(k*TA@L!}o9oKUI1lKZBqd|6Y% zCA!s)FV>>{`ZeqDxV1O~Jd}yRksIOd!AI}b_VMdwSjTEf(j017?d_<7uq8>~hU^1tj}r5GMj%N&G+S0dS@);l5m7=wZn`J_rBOX>lh+zd8e9Op;?LZY?jU=X ziqhq5Q40H3(y*)Z6b;s^-mkFMlWk`c#W*4rUk)u^b9YQ2=iHVWHyAI8gM6Of#rOvO zn`S^0c6tV0@JBsoS5yOCo=@}^bD3AdWmAR3CSnD-Hz?3FI& zOw;%;x3C4JW>m7%-m{2#LeFDjmbe2KdMHG75{8g+p}wO~w2dgZie`|WNf_JUi-7B> z;ocEfiH%T4cB~OfuJZT{DV)z67#FkS6ILK%4lEyD_nN3T;`7>Sat)kKlpR!pM?59# zn6F!XC*gkJ(@GF69nG53+YU*uG180!*8q9-MFid6H*MzSTvNBBkaah}y$d2+&f#M# zE!jOP>vMl2zBq2)y&~vY+Kp`H`PR=1eY<)MCNg_+e%bBU#a_#OTxiFKUctLuQ!ggA zG(A7wzA?W-RXG<&m9v^t8Jdr~(L(;f%a|1Oz2vQ$Vg3t(!fNIArq$M1oUf!qH_M+z zJ<=+Ux)qM`1(0hQA*o$0*$_oMk~-?^_VYed-5J$jjmoF=tr!$NzoOPHq# zZz6@imWXDnc-v{AShBmvBoTJ+DaEZCJ zN;-lqZ9ebIrVUfoP0ub0Ao2F1!mrZZiRzOro1DHVEH3shjy1C~l-gvxw)h$oa2mk1 z?mw1&(*13?YFvVVqfyslZ*cSeb{DKLYP;~8IB%L5Q?dvCa@RS>~a%-=p zV-h8x0#Et7scV9jD>PDdV&AyE1Ibg6)U@L)H=PGC#W4-sNq$Rp{O>!sIzUWJ25tx- zJ1~ME%|JWYKUA*7JkGXkFFzp7AVuH9RHj5N$3VkC-7_>qqc+UUHNiHSoCF>#;@ zuD;z3W^-IK4N=Cc&#$DOy@4=!J*!?8U0g&Ft+rQ;Kd!%2PS+Dhf>e$3GP2Tb==sGw zQ-c|m!}j_u5vSTV@NzhnagW5HGEtrQaNDt?wI?SJl;_U~(5O_Ukc}UvolhLm(&8e! z|5jZ^%aC}l<#8*dW5#QSwuyhAQ_1PLPy-Qk=-6>0ZnK>8y0}yl-}VFDEPJmb#-Xk} zVaHoI<(Oe2-YnCxEhV1k^(hV%s)-8uV@n8|76ts_)k-+fEnPPo2nd4hPBa7wDlk2@ zXjoYlYDE~3m-37DdC4J`5_D9$mNb%EJOkUaTlE9@>_K+kU`Ts$9IJyoIVYUz&`Aw5 zV9z!X4-n~Z!y*bOK5~VPXeUqxl6#G=^T+V0(`HDw)z`V$d%iu}0)x2a5?71O=W?Xj zm4(}AxQh%+ZQ4o2>{^WYL}Y!uY91Odp_M}DCdj+EI+ei?uDWw-o+THdX0gpT%oT8o zu)L&mTT*+4vRPXvu-A;Y@HxS*Y}E1%69Unx$*LO($0&6b+SbL^Ky=Y%yS}#R^x(|} zOoM>P_P|zr`PkO0(`qjlP67J#t~K`r{d`oBRg1UB=WRRI>y11lln!Q%H)y0G098+` z{mnQw`+_}wC!*=dW;Z$4{|y$ zJd?i1u;4u&q{ijOv>*PUID&NIl z63k%Uv{r8ueCUh`GT-Je$rj5)fFdm7D&}a$6P(?Jr{Kz{=-B6_o5O!fZ8;iNVxl?P z(TxN1T>zO1FRN6@sttQ0Z*o%X#XP!(m?Ib=ruoLos=Ieo4d>5DvE$RGYFSoOe5w7U zsMM~+0wwRL(~}{>#i0+;!0i`9x6Vlp%T8#?Z8D8$VrK|ypMOmw{tU?fGSA22wB>-? z4`Glx=|OuJPUuzdZ$ly7=d9pf7$>ZnNv>R`@`IE-r^i+~)}cGWYmQ2E;{L?@0G)q_ zgWbuRJK-sY<8JFQSY<&;1>C74uGUaSj++6sz0vW4gFXPt?l6IQ??8(1X?s&e34A87 zym;Sw&~hg3;5@D#fCoNaUzEgBTYB%|`1DEZ6qZs(8!_U(@yC|(vzi6F&gua--Ph!D z_l-3vP2cyR^gsJ|9tD+ET$79_3^`E8msYlfVjF)#KGgSMtZ0OMt8#guN)}tXCLGjz zP71yBev~`5GK)QTYVvz6gNRqIoflB*e{NeQe(MV-9pIe)TWT?r|H(C`eIHPio|PT3 zrdSx7AioTP%OAsEanQcz-TQbU38mxhCt6_XYTTp*)K?A)rDsaM^>M2*Af79B}_# zWd462>5jIq^{q^uO|5<=R_O-&8M-A0Xa|RY+84iP#LwJt<;;Prm*0WuTGIdLQL7{- zBCjOs5ie1`s(~7CK``>;iN*SW5oQ^&Nuwf$|X8t3#0wpMBMdD&U?5+25dsBc3r`F_We3rvbdZXac(yJS`uyk^<&UakV zjT_iS=d%`p3fwSvS6!D#Lqv7t!J9U>C{9B(Q2T^g7f2yTFjo3l`?u3(`?tnV1Pdr~ z!vvw-ISRVWk0?k?Upr|9>7ZIyzDOXGU=db!Y234&Kt^rJ{c3NFUa>!SJmMfVa+?Hx zgNp1{B4{`SK^x$Jos%a?WN>Vg=~s`1Z8J~84%4(k3ATe32M((;(jV;h0=|zLb@JsZ zeg4pQnjQ-*yVNW>%LX)!#U zI!<%7p8y1}Li4h@RxlU8o)})@IY1xWPo-il8YYa4VJ~haneDS$AG8MXclAvZ#CP+fZnFppOZRXDE<5uBMN8;J%kLaP$oe*|EO z@Xnr08R}O^oiaXgWXsMA-}1e zeP*5)+@4jv=+uRWA!;}oht86q-?!R);I`?Co=NZmbzQvoT*zRCCu>=j69fp@b!Ec6GjP3Ns2aY1Ki!eciYD14_g7=(?{QpI8$+7Tj&Q|*^JO409_j&z)At3`F!y3%c~0TAdb0>&AW zVV~vHIJVWlh$uqea7#I0PqbX}0^~fL3+mp-G#svQ&G7+B*}r&p;uB4EK(nP<91TEf zn^qP3M@4LLnn$}N)qRaSB$F&uGOr|Isz7oxv!cvObsSAfA1t=J0vk0@<%@hX$1dE& za}n45Bgg4ZNLi2A5xw#)Ri;D(+XpZw`(^e%9~|}rDLHAmvMB~Az=!+ks0B*s@2!xhi zdnyZ+hW?tOK92TeITr8K-0>dg*?mxcVkHOEZ7Ek{aLT70ve09G{emLtelsDVz)s)N zjn3*Qt5o<8Vec1toRVt&XimxA%ms*{)mIV31P!+-X}E5?niQRP+PA%1@#muDQiz`; z%^(f9P6Xs>bFEFA-DIz*7h!eukw^B0exk zn(p$r+#tI3^=MZxd5UPgHtXaAZx#m8?-W%%_$}qhR~&Gjx+Ta2_yC4c!A;GPPRW~{ zrP4hT*3D|=`D@7d;7^8NM2MZ6#Pe;}uY>M~u%*Jtrc<~?ou<7~n#nwP;ncG}JnNeQ&y=x#X z2b=|rdi9rEg9c7n1F#6(s)oRpRD#=4Y>$<1N|S{l;8z0OBUPla$xo@^b|r+>A^6># zbF*c+5=%l#5^fW?9JJm0mH=vqQo-anQ&<9526qQlwl?6QaL+VQJEJdUapZWW2&bcl z%^0d~t#47_WArJ8usp?!keQv*6#3y6)*?+EO-&PNeU@G66f*c_XhfDO3%*cLNZp70 z2-RMC8%96>9J?*iDvi!nu$x#4ks!kP!n5}LOjrcabv8?kqV zF9_bWsT1a|2Yt^8Ie13(#dK5Cyn%oGfI{VKJiMq!%KndR8|?QzOKy(RCArjkbizm^ z%+haGk|hK#ogh>LJKJA*|BX8Hwn@*pO7YQe+WzAgFJIAbs6Z zO`5BzVh69j3TSP7T^g#UBih+mY^bZKi+OxNI~wlkrMx#n#C!#Lg@UzKpu7Fk!@$PF;KI$R&&keU^~%P{g~80miP6Cp^dG3aFvv~< zR!1ZQhxqpx?Rmlfd5S+3b!|-lEk>bMg{f0uk;QA^8$8hQ@$W6uM^NB5#GiHqpdnoQ z=Fg1-L+}BH06eL`w@e>nq2G?TwKp-fH#N~Wd1d@lPX&}y6zGEfb6{tHJLcb%pTlh{ z`WxpTmRF#RXkyBgWME6>S8mYZ;1K(b@yosP--g56pKx6kI2=sCQ~Gr^|B5Bk2U6`f zgt4vl>p$#kL4!CBCQx(+RvDfETY-Kj_^SU#_`A>$l)%GHK0yNfI$Lx=hk{n?H^M*a zfI%5ot24|1U=%|@b(^0FrN6dJA1~YA82=D%d}(X1Z{hHVw+$!`)CB$k_ssrL+%HRb zP!y;+@B@m+7bwP}A857K7_!tlunXL4ly=rw_n$x5t2gTcLu&K%M&@VDEe$ zgZ;zD4-^OL2={>V@OupRA2$oA3EBg0#{V(gzgVJyMhWVR^?)S^d<^?%MdZ)x?@yO3 zP%5Z9(*t!MXgd5q&+;rA|QQBWZvY;$bUDF4a&*#S@`%C2%lm;pS`9Mq0 zc#H-j2?>e>RW^J;5@$Vz{P{Kf)HwuYf$FS1uoiP4WBskV1_}cek$Qm16+Q<0Q&I{P z1**aDfYJhXUH$tb;O}YL|DGmjTlE8OvgR?|&msHSWDOb`XeaRli>dB0)SRzTX!Y#_baUXJ(Em*u|DzTc6bibW_yDzB_;2VR zi;JK*&=tN19M$4~ Date: Tue, 4 Feb 2025 21:00:11 +0000 Subject: [PATCH 21/22] Update README.md --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 921f759..d5d4899 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Product Vendor: Cisco Systems \ Product Name: Cisco Secure Firewall \ Minimum Product Version: 6.3.0 -This app interfaces with Cisco Firepower devices to adds, updates and deletes network objects, network object groups, access policies and access rules +This app interfaces with Cisco Firepower devices to add, update and delete network objects, network object groups, access policies and access rules This connector supports both cloud and on-prem delivered FMC. Below are the steps for connecting to both @@ -21,9 +21,9 @@ This connector supports both cloud and on-prem delivered FMC. Below are the step ## Connecting to an on-prem delivered FMC 1. On the SOAR asset setting page select On-prem for the type of FMC you are connecting to -1. Specify the device ip/hostname of your on-prem FMC along with the username and password used ot login to FMC +1. Specify the device ip/hostname of your on-prem FMC along with the username and password used to login to FMC -**Note** that you can optionally specify a default firepower domain that will be queried. You an overide this domain when running an action. In addition, cloud versions of FMC only support the default domain, to achieve multi tenancy you must use seperate tenants. +**Note** that you can optionally specify a default firepower domain that will be queried. You can override this domain when running an action. In addition, cloud versions of FMC only support the default domain. To achieve multi tenancy you must use separate tenants. ### Configuration variables @@ -54,7 +54,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION [get access control policies](#action-get-access-control-policies) - Gets all or a particular access control policy in the FMC host for a particular domain \ [create access control policy](#action-create-access-control-policy) - Create an access control policy \ [update access control policy](#action-update-access-control-policy) - Update an access control policy \ -[delete access control policies](#action-delete-access-control-policies) - Deleted the specified access control policy \ +[delete access control policies](#action-delete-access-control-policies) - Deletes the specified access control policy \ [get access control rules](#action-get-access-control-rules) - Gets all access control rules associated with a particular access control policy \ [create access control rule](#action-create-access-control-rule) - Creates an access control rule associated with a particular access control policy \ [update access control rule](#action-update-access-control-rule) - Updates an access control rule associated with a particular access control policy \ @@ -62,7 +62,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION [list intrusion policies](#action-list-intrusion-policies) - Gets all intrusion polcies in the FMC host for a particular domain \ [create intrusion policy](#action-create-intrusion-policy) - Create an intrusion policy \ [update intrusion policy](#action-update-intrusion-policy) - Update an intrusion policy \ -[delete intrusion policy](#action-delete-intrusion-policy) - Deleted the specified access intrusion policy \ +[delete intrusion policy](#action-delete-intrusion-policy) - Deletes the specified access intrusion policy \ [list devices](#action-list-devices) - Lists all devices belonging to a particular domain/tenant \ [get deployable devices](#action-get-deployable-devices) - List all devices with configuration chnges that are ready to be deployed \ [deploy devices](#action-deploy-devices) - Deploy devices that are ready to deploy \ @@ -128,7 +128,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- **name** | required | Network object name | string | | **type** | required | Network object type | string | | -**value** | required | Value of the network object. If type if Range specify value in the following format: ip1-ip2 | string | | +**value** | required | Value of the network object. If type is Range specify value in the following format: ip1-ip2 | string | | **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output @@ -171,7 +171,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- **object_id** | required | Network object id | string | | **name** | optional | Network object name | string | | -**type** | optional | Network object type. Note this cannot change and is only used to identify the network object value you'd liek to update. | string | | +**type** | optional | Network object type. Note this cannot change and is only used to identify the network object value you'd like to update. | string | | **value** | optional | Value of the network object. If type is Range specify value in the following format: ip1-ip2 | string | | **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | @@ -327,7 +327,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS **network_group_id** | required | Network group to update | string | | **name** | optional | Name of the network group | string | | **network_object_ids_to_add** | optional | Network objects to add to the group. Note these ids must already exist in FMC | string | | -**network_object_ids_to_remove** | optional | Network objects to remove frin the group. | string | | +**network_object_ids_to_remove** | optional | Network objects to remove from the group. | string | | **domain_name** | optional | Firepower Domain. If none is specified the default domain will be queried | string | | #### Action Output @@ -502,7 +502,7 @@ action_result.data.\*.defaultAction.action | string | | BLOCK | ## action: 'delete access control policies' -Deleted the specified access control policy +Deletes the specified access control policy Type: **generic** \ Read only: **False** @@ -860,7 +860,7 @@ action_result.data.\*.inspectionMode | string | | DETECTION | ## action: 'delete intrusion policy' -Deleted the specified access intrusion policy +Deletes the specified access intrusion policy Type: **generic** \ Read only: **False** From 220b2adb0ebf7ac140532733ae987dc5913d7a05 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 4 Feb 2025 16:42:54 -0800 Subject: [PATCH 22/22] Release notes for version 1.0.1 --- LICENSE | 4 +- README.md | 2 +- ciscosecurefirewall.json | 94 +++++++++++++++++++------------------ release_notes/1.0.1.md | 27 +++++++++++ release_notes/unreleased.md | 27 ----------- 5 files changed, 79 insertions(+), 75 deletions(-) create mode 100644 release_notes/1.0.1.md diff --git a/LICENSE b/LICENSE index 81a1474..821417d 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2024 Splunk Inc. + Copyright (c) 2025 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -198,4 +198,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file + limitations under the License. diff --git a/README.md b/README.md index d5d4899..7a9d502 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Cisco Secure Firewall Publisher: Splunk \ -Connector Version: 1.0.0 \ +Connector Version: 1.0.1 \ Product Vendor: Cisco Systems \ Product Name: Cisco Secure Firewall \ Minimum Product Version: 6.3.0 diff --git a/ciscosecurefirewall.json b/ciscosecurefirewall.json index eaaf3c1..8f12c25 100644 --- a/ciscosecurefirewall.json +++ b/ciscosecurefirewall.json @@ -7,7 +7,7 @@ "type": "firewall", "license": "Copyright (c) 2025 Splunk Inc.", "main_module": "ciscosecurefirewall_connector.py", - "app_version": "1.0.0", + "app_version": "1.0.1", "utctime_updated": "2024-12-04T23:13:40.000000Z", "product_vendor": "Cisco Systems", "product_name": "Cisco Secure Firewall", @@ -28,7 +28,7 @@ "value_list": [ "On-prem", "Cloud" - ], + ], "required": true }, "firepower_host": { @@ -70,7 +70,7 @@ "APJ", "AUS", "IN" - ], + ], "order": 7 } }, @@ -91,7 +91,7 @@ "type": "investigate", "read_only": true, "identifier": "list_network_objects", - "parameters":{ + "parameters": { "name": { "description": "Network object name to filter results by", "data_type": "string", @@ -101,10 +101,10 @@ "description": "Network object type to filter results by", "data_type": "string", "value_list": [ - "Host", - "Network", - "Range", - "FQDN" + "Host", + "Network", + "Range", + "FQDN" ], "order": 1 }, @@ -184,7 +184,7 @@ "title": "Network Objects", "type": "table" }, - "versions": "EQ(*)" + "versions": "EQ(*)" }, { "action": "create network object", @@ -192,7 +192,7 @@ "type": "generic", "identifier": "create_network_object", "read_only": false, - "parameters":{ + "parameters": { "name": { "description": "Network object name", "data_type": "string", @@ -204,10 +204,10 @@ "data_type": "string", "required": true, "value_list": [ - "Host", - "Network", - "Range", - "FQDN" + "Host", + "Network", + "Range", + "FQDN" ], "order": 1 }, @@ -335,7 +335,7 @@ "title": "Create Network Object", "type": "table" }, - "versions": "EQ(*)" + "versions": "EQ(*)" }, { "action": "update network object", @@ -343,7 +343,7 @@ "type": "generic", "identifier": "update_network_object", "read_only": false, - "parameters":{ + "parameters": { "object_id": { "description": "Network object id", "data_type": "string", @@ -359,10 +359,10 @@ "description": "Network object type. Note this cannot change and is only used to identify the network object value you'd like to update.", "data_type": "string", "value_list": [ - "Host", - "Network", - "Range", - "FQDN" + "Host", + "Network", + "Range", + "FQDN" ], "order": 2 }, @@ -493,16 +493,15 @@ "title": "Update Network Object", "type": "table" }, - "versions": "EQ(*)" + "versions": "EQ(*)" }, - { "action": "delete network object", "description": "Deletes a network object in FMC", "type": "generic", "read_only": false, "identifier": "delete_network_object", - "parameters":{ + "parameters": { "object_id": { "description": "Network object id", "data_type": "string", @@ -514,10 +513,10 @@ "data_type": "string", "required": true, "value_list": [ - "Host", - "Network", - "Range", - "FQDN" + "Host", + "Network", + "Range", + "FQDN" ], "order": 1 }, @@ -635,7 +634,7 @@ "title": "Delete Network Object", "type": "table" }, - "versions": "EQ(*)" + "versions": "EQ(*)" }, { "action": "get network group objects", @@ -1217,9 +1216,9 @@ "data_type": "string", "required": true, "value_list": [ - "BLOCK", - "TRUST", - "NETWORK_DISCOVERY" + "BLOCK", + "TRUST", + "NETWORK_DISCOVERY" ], "order": 2 }, @@ -1708,7 +1707,7 @@ "BLOCK_RESET", "BLOCK_INTERACTIVE", "BLOCK_RESET_INTERACTIVE" - ], + ], "order": 2 }, "enabled": { @@ -1883,7 +1882,8 @@ "data_path": "action_result.data.*.sourceNetworks.objects.*.type", "data_type": "string", "example_values": [ - "NetworkGroup", "Network" + "NetworkGroup", + "Network" ] }, { @@ -1897,7 +1897,6 @@ { "data_path": "action_result.data.*.destinationNetworks.objects.*.id", "data_type": "string" - }, { "data_path": "action_result.data.*.destinationNetworks.objects.*.name", @@ -1907,7 +1906,8 @@ "data_path": "action_result.data.*.destinationNetworks.objects.*.type", "data_type": "string", "example_values": [ - "NetworkGroup", "Network" + "NetworkGroup", + "Network" ] }, { @@ -1956,7 +1956,7 @@ "BLOCK_RESET", "BLOCK_INTERACTIVE", "BLOCK_RESET_INTERACTIVE" - ], + ], "order": 3 }, "enabled": { @@ -2176,7 +2176,8 @@ "data_path": "action_result.data.*.sourceNetworks.objects.*.type", "data_type": "string", "example_values": [ - "NetworkGroup", "Network" + "NetworkGroup", + "Network" ] }, { @@ -2199,7 +2200,8 @@ "data_path": "action_result.data.*.destinationNetworks.objects.*.type", "data_type": "string", "example_values": [ - "NetworkGroup", "Network" + "NetworkGroup", + "Network" ] }, { @@ -2377,7 +2379,8 @@ "data_path": "action_result.data.*.sourceNetworks.objects.*.type", "data_type": "string", "example_values": [ - "NetworkGroup", "Network" + "NetworkGroup", + "Network" ] }, { @@ -2400,7 +2403,8 @@ "data_path": "action_result.data.*.destinationNetworks.objects.*.type", "data_type": "string", "example_values": [ - "NetworkGroup", "Network" + "NetworkGroup", + "Network" ] }, { @@ -2503,15 +2507,15 @@ "base_policy": { "description": "Base intrusion policy ID. Can be found using list intrusion policies", "data_type": "string", - "required": true, + "required": true, "order": 2 }, "inspection_mode": { "description": "The inspection mode for the Snort 3 engine", "data_type": "string", "value_list": [ - "DETECTION", - "PREVENTION" + "DETECTION", + "PREVENTION" ], "order": 3 }, @@ -2671,8 +2675,8 @@ "description": "The inspection mode for the Snort 3 engine", "data_type": "string", "value_list": [ - "DETECTION", - "PREVENTION" + "DETECTION", + "PREVENTION" ], "order": 4 }, diff --git a/release_notes/1.0.1.md b/release_notes/1.0.1.md new file mode 100644 index 0000000..12cfb22 --- /dev/null +++ b/release_notes/1.0.1.md @@ -0,0 +1,27 @@ +* Initial Cisco Secure Firewall connector with the following actions and features: + * Support for both cloud and on-prem delivered FMC + * test connectivity + * list network objects + * create network object + * update network object + * delete network object + * get network groups + * create network group + * update network group + * delete network group + * get access control policies + * create access control policy + * update access control policy + * delete access control policy + * get access control rules + * create access control rule + * update access control rule + * delete access control rules + * list intrusion policies + * create intrusion policy + * update intrusion policy + * delete intrusion policy + * list devices + * get deployable devices + * deploy devices + * get deployment status diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index 2c3e8ce..fbcb2fd 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1,28 +1 @@ **Unreleased** -* Initial Cisco Secure Firewall connector with the following actions and features: - * Support for both cloud and on-prem delivered FMC - * test connectivity - * list network objects - * create network object - * update network object - * delete network object - * get network groups - * create network group - * update network group - * delete network group - * get access control policies - * create access control policy - * update access control policy - * delete access control policy - * get access control rules - * create access control rule - * update access control rule - * delete access control rules - * list intrusion policies - * create intrusion policy - * update intrusion policy - * delete intrusion policy - * list devices - * get deployable devices - * deploy devices - * get deployment status