From a1518ff339130831f7802969ffc699f51c55fc3d Mon Sep 17 00:00:00 2001 From: admingit Date: Thu, 24 Aug 2023 16:34:47 +0200 Subject: [PATCH] add_app_Forti --- .../local/inputs.conf | 2 +- .../03-Forward_to_syslogCTRL/local/props.conf | 2 +- deployment-apps/SplunkAppForFortinet/EULA.pdf | Bin 0 -> 80979 bytes .../SplunkAppForFortinet/default/app.conf | 20 + .../default/data/models/ftnt_fos.json | 872 ++++++++++++++++++ .../default/data/ui/nav/default.xml | 84 ++ .../data/ui/views/content_dashboard.xml | 5 + .../default/data/ui/views/event_dashboard.xml | 343 +++++++ .../default/data/ui/views/overall.xml | 156 ++++ .../data/ui/views/threat_dashboard.xml | 340 +++++++ .../data/ui/views/traffic_dashboard.xml | 418 +++++++++ .../default/data/ui/views/user_dashboard.xml | 219 +++++ .../default/data/ui/views/utm_summary.xml | 270 ++++++ .../default/data/ui/views/vpn_dashboard.xml | 212 +++++ .../data/ui/views/wireless_dashboard.xml | 133 +++ .../default/datamodels.conf | 3 + .../SplunkAppForFortinet/default/macros.conf | 11 + .../SplunkAppForFortinet/splunkbase.manifest | 139 +++ .../SplunkAppForFortinet/static/appIcon.png | Bin 0 -> 1230 bytes .../static/appIconAlt.png | Bin 0 -> 1230 bytes .../static/appIconAlt_2x.png | Bin 0 -> 1536 bytes .../static/appIcon_2x.png | Bin 0 -> 1536 bytes .../Splunk_TA_fortinet_fortigate/EULA.pdf | Bin 0 -> 80979 bytes .../Splunk_TA_fortinet_fortigate/VERSION | 1 + .../Splunk_TA_fortinet_fortigate/app.manifest | 69 ++ .../default/app.conf | 24 + .../default/data/ui/nav/default.xml | 7 + .../default/eventtypes.conf | 110 +++ .../default/macros.conf | 55 ++ .../default/props.conf | 231 +++++ .../default/tags.conf | 107 +++ .../default/transforms.conf | 45 + .../lookups/ftnt_action_info.csv | 21 + .../lookups/ftnt_event_action_info.csv | 53 ++ .../lookups/ftnt_protocol_info.csv | 138 +++ .../lookups/ftnt_severity_info.csv | 9 + .../metadata/default.meta | 5 + .../samples/sample.ftnt_fortigate_auth | 3 + .../sample.ftnt_fortigate_auth_priviledged | 6 + .../sample.ftnt_fortigate_config_change | 4 + .../samples/sample.ftnt_fortigate_ips | 3 + .../samples/sample.ftnt_fortigate_perf_stats | 6 + .../samples/sample.ftnt_fortigate_traffic | 5 + .../samples/sample.ftnt_fortigate_virus | 4 + .../samples/sample.ftnt_fortigate_vpn | 8 + .../samples/sample.ftnt_fortigate_vpn_end | 5 + .../samples/sample.ftnt_fortigate_vpn_start | 5 + .../samples/sample.ftnt_fortigate_webfilter | 5 + .../splunkbase.manifest | 187 ++++ .../static/appIcon.png | Bin 0 -> 1230 bytes .../static/appIconAlt.png | Bin 0 -> 1230 bytes .../static/appIconAlt_2x.png | Bin 0 -> 1536 bytes .../static/appIcon_2x.png | Bin 0 -> 1536 bytes 53 files changed, 4343 insertions(+), 2 deletions(-) create mode 100644 deployment-apps/SplunkAppForFortinet/EULA.pdf create mode 100644 deployment-apps/SplunkAppForFortinet/default/app.conf create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/models/ftnt_fos.json create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/nav/default.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/content_dashboard.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/event_dashboard.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/overall.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/threat_dashboard.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/traffic_dashboard.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/user_dashboard.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/utm_summary.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/vpn_dashboard.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/data/ui/views/wireless_dashboard.xml create mode 100644 deployment-apps/SplunkAppForFortinet/default/datamodels.conf create mode 100644 deployment-apps/SplunkAppForFortinet/default/macros.conf create mode 100644 deployment-apps/SplunkAppForFortinet/splunkbase.manifest create mode 100644 deployment-apps/SplunkAppForFortinet/static/appIcon.png create mode 100644 deployment-apps/SplunkAppForFortinet/static/appIconAlt.png create mode 100644 deployment-apps/SplunkAppForFortinet/static/appIconAlt_2x.png create mode 100644 deployment-apps/SplunkAppForFortinet/static/appIcon_2x.png create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/EULA.pdf create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/VERSION create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/app.manifest create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/default/app.conf create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/default/data/ui/nav/default.xml create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/default/eventtypes.conf create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/default/macros.conf create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/default/props.conf create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/default/tags.conf create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/default/transforms.conf create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_action_info.csv create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_event_action_info.csv create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_protocol_info.csv create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_severity_info.csv create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/metadata/default.meta create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth_priviledged create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_config_change create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_ips create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_perf_stats create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_traffic create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_virus create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_end create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_start create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_webfilter create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/splunkbase.manifest create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/static/appIcon.png create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/static/appIconAlt.png create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/static/appIconAlt_2x.png create mode 100644 deployment-apps/Splunk_TA_fortinet_fortigate/static/appIcon_2x.png diff --git a/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf index a94ccf2d..16e0b78f 100644 --- a/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf +++ b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf @@ -1,4 +1,4 @@ [monitor:///var/rsyslog/*/fortigate/*/*/*.log] disabled = false index = idx_m-tic_fortigate -sourcetype = fortigate \ No newline at end of file +sourcetype = fortigate_log \ No newline at end of file diff --git a/deployment-apps/03-Forward_to_syslogCTRL/local/props.conf b/deployment-apps/03-Forward_to_syslogCTRL/local/props.conf index c6edd4fa..0f88a1e5 100644 --- a/deployment-apps/03-Forward_to_syslogCTRL/local/props.conf +++ b/deployment-apps/03-Forward_to_syslogCTRL/local/props.conf @@ -1,5 +1,5 @@ [esxi] TRANSFORMS-export2rsyslog = send_to_vmware -[fortigate] +[fortigate_log] TRANSFORMS-fortigate = send_to_forti \ No newline at end of file diff --git a/deployment-apps/SplunkAppForFortinet/EULA.pdf b/deployment-apps/SplunkAppForFortinet/EULA.pdf new file mode 100644 index 0000000000000000000000000000000000000000..72dbe7c87526aca6edfb7e3a2c5b954997557efa GIT binary patch literal 80979 zcma&NW0WAxwk=w=ZM)01ZQHhO+qP|Y*|u%Fy6mdk-#+_{d)~YIA^+rv#KK%NGDpr> zNh&WaO2a_Q0!w;uIJ*c7#lTEJPhe+g3Cqn*Cv9PCV&G`uX<|&kKqpPWPS3%{K_^GR zz)B}Vz|6wLz)mMiz(}Y3_XH~|6P-AL76CIm69EG|vkosWtck7hKV}I2j|~=zk^O)B z5H>NgGd7VoaI|sy>ru$g+Qr7!iGZ0--qFO^!pPaqk${1bmzPe|!rIxykxtawz}e)# zZlRM9*5Vdn6s2dSXJZs%7hz)*6`&Vp7G)P=72)7uVG|G(VG-ix7G!1?VP|Dy6Jlj& zU}a@y7ZhM-VH9K)5n!R`pci0b<<+5+ur)Su*ZP|{Bg;PnQ#%3%roRCy(n*`xnmL>Q zP4Ay*T>q6OGo7NHoihOg%fBvA`il(#69=8LhrJ1%x}u3GothQ{0V4s!UjUq(9Zd{u zV4=)+3=NGD^z{w(FTjvs0QmzQe#Psvf*=u5@e7J0i$iPxKn8FV5PGAKI6#o30w5s+ zA#Ks{6A9!6L?jr{j-h~w8ixNwr}+YaU;s!>L1Dl`{YCcQ#{Z46le2-Nv%8~-DJ&E{ zEEFlJh@2=a)PLg+3&r$5;QmiI5->2(|1B>E^M5DI!9l0=x0L^v9Q5_|P4)E|P4x}* z%d^M&M*RW2VWRoR2KpHG6TyH70l~o#LO|T}(*q2C0n-5wdbfOB;mv&HazH+`it54V z&e{V|j}G*?UlPQdf*i;an40N(n}F^!IsTJYG#A3se@N?JApe_+GA7Oj#sL*yZ+k*^w$3KD&Q4kk z|A3=Nz`*gZ9pk@@5im0R*XUo?2pIpx1_H)^W`^QllKivNp%Zenvlp~;*ZSuU*1vw) zI2d*4Wd4%Y;Qu)Km)(DT{daJRCQf!Pjz)i@W&D@Zzl?JJ%W47+`v2n5KbicGpxOS~ z|98;;p?IPej!w=5e`nvnxyr`K_;*tNn~`#cmP*bx|Few6%A2;E^e|tjyteQ;w5=rA z6hI^vi=gV8`EV;h0(e`(QrxddYg8-WU&3#SY~3c9Fq$Y535o8p?hq*4P*Z7p4EhV; zalogpfBIg8{&>qTyn_Ts29O6p>IIbfQzG`AQ(~f9D2R5tmpCX&Oo{HB(i5DUNqE(4!fo9~$jA`>>F-{-E;L(k5KYiJC z4=^uA1KOd%fI&0j#)&zUtoD&&rLi7)g7qFWFQ~SIh!z?!#n1-$7G+Q6xxRaJ7OyRT z_xIJ}s{YEsh7c4Txx49EL+m0 zFR?uDN@ABe zJ5-V^C6i5Brr#~bqKJr|@fDoIfe~_OGHGNIk+{iZdL3{AADSG9XS>Kftuo9x!gkC$ z8tjtncq5_w#k4b0A~LD#I|ToHC$=R_Z)*3szq6-$avbF9b-`+?R5#tKX&+Gk_KMt` zddNq3RL0PA`@%d+^yngErSUwEs5mbaW+;GfZW5tw(ctoNhGXzxvxVm;m$I6H37NVV`(7A=2EALubE zUs&UTLwAHn$Ig|Ge#?4`pTW;X%TjaL^>(Y|?;0%-6=mZur`Mm$IoJEOVJPi4^j==H zgsO=JBCzJ6c~@Q23+3|Utqa}R3j_loZ6W;gpPm~3?@zmb&l47Uc9#D=F~lQ^)ixcm z#xZ+Vm7L!yxj+v&@M#db|lfCa6+NXMJn0=pAm0r4II)KVOXg!MG=W9 z#sJq%%@=}jcszmkex9A$7X7;XS?lQDl%aS(HD z71BnAK>XTdcpyYtM#rDKW;wap;$cToZqO$HyN}Su^hz0GYT@g+4beqQ=%VPwo~$*M z1#uNfFDRdEpb!yJeVBrZH30P$mVC9KH+C@hK=-v89AotC=RlFREamZf;3)rnA+OM` zlW7I+oj!*6+HFS-+21^EsgvcQv$8BDqOC<#IW5xFQ$Nc09L-^Guimexe;x#ZsP9S(QBJQum$k#l-r_!*1NzFtdqLrK_*|qfjDuh1_SU6zMCo5 z*f}5<3g1lU5$7TtZ7_qOxqpp8SW7|GCh{GOl#CG6m?YP97#`xP;{Y6U#io}30C$HB zh+-Ds^+CM^qa_#`Nue;14`?iSp0UGpkhEbIPIC-|T)T|Zq&7Y0mpfz#nVHC)W3RCL z0^>IRUVa(2@btR`N#&qV!_Ac0C@IgICzBI-J+hpTspb;wpV`*5AJvk#Zk$9Y6 zU~gp^teplF)c(kMoZ#?z8QBj(G1$$r_a1E?QG3n5HvktQiUzRsD*en8Q};GsEo4n> zykw0rKLA3fMnvA`yJpppKnqd~sopK|$8t7R$b1u3G?J?{ted@ccGjDDvs!oqD`d%V z|Akg92JXq}yaM_UdX?$#nqP>mJjkLBBiAJrm=JJs`q)q_X2w3=pP&zLp794;w1dyg zPU~@(ISICnv@JJkDa8@h?X`fN1i)F})m{jfzhxE!UGKd}dNQd9N(wJel25MTTDDoX zb*3r-S{MLJn@#;z@@8n}8$;+)n#mZiH%$Fdp2aGcyXKYe(*f{oWvUul2;}+OP+8G~ zmYj)LWK=J046)29DwU0>rLVbx`JW^gBjq?5HcPyh%dayW>>jtZfoYc~u=>IrrN)!0 zX#GzpxaOD%>5?0ri$OVoq%YR+6OSdN}En9m?dfy%clLU4E3BjiUpfB;*AMm9#yu|S+<=gJ>T ztS}qM?To+W{DUJYw`QbryG-2P1h|w6^A3zNqQv@b@bwx8WL-2=kjG<% z%6g$PRI`L>O*kA}{RSe{IpULM+%);7Ek$0owNnF&v7P2v@TDTBg2*aFPVk=Uk+|1@E&T!yG2Fvw z{}9?9YLUJ6TSGfUm9rRv7*RGR46fev?en{C9->Y?G#@Eu7_9iqyk_fncs)m=8-;Z{ z74Sd;Arqw8ZZV`}Oi4G1;0T2=ZDq^(A;%O#_lg{L51N%wk5C=BsRkw zkHKN@@NImMn|U1Zv9L6voQPw_+FMP|wf@R=gfZtiEsLJt=E}VSZwk1P&aX@0AXHB! z1=UWqjMa`hw3_0=-|{_!AN_q&J4(rW*-0PV1DTOh3?d2QX9m2O#n`X>7TSH+B7Fu- z9L9v_D=RDNN;_RtRjPe}Y@zyoe~>9>ixy11hG69SqAiUEAkQ|q-c6j7{=R=6kAPFD z#^BC!b}24ViXa(2Z(scpjj&bko1KRM#n>IWmJR>e^K}MvC7>ONm{OQ?XAk(qhIeLm ziZa)J^Q1o1wmU3lVJAHGX&Us%>ZBR97b3Ja@6y%dNsm%;gl|MKqHCxgKF)rjdxCic zZO*R^w3%l62{@P%DEA20l_7r%yN-W^;8*S=pirhCQA-YY-7!pyun~G;OMjVex=#TT z1h!Y~zm}^gKQcr>v9{r+o)1XMrSF-_eTxIfc;d;Jd%1&9mM|Pd3+{AS?_Qf_oPDA2 zOF)9T6W4%Z9-O!r*>;FLe0&RSC>MnRE6>E5$vFfxZrd$(s;?A9V>|gcdgcb#b~?lm zqKHnE&nBS>hF5{}2J&}P>nmVXBI+apBCa7TkI5}0CGwMqBzo&BHYafy`BP-M`EhR@ zax#PSQsAj2^M-b|*DO#jfg zRc!;J7Tp40_|ic#%?LO^?q<&->P5Q?1Ld9iYpS4fNYEs952O$NcpgJz?)8 zqw65H@RST4^{z|Wk(-0(T>TrtH^M`RUmUCq9mcloSTZCCV0a9>+v%Pc_E78d@JGx# zH&qo93(INgCRnu1pfRaD=WTk313u~0V|w-E&v}W=4Gi-bk%~xbuf)BwVA@Z_Q_&{i z{VQE83?|h#MgXMHUyB^OvyJHVI3Hbs`hY3^64Lwr5`|Ld<25vhp&jzMiW{%RIZ(&( zj9QGaSRiCIP^Ku|97!X*t9?1aL3UiX*nX!9m`tI!9Fff47_%a$!}4+2t-4?d0%0Z> z_o@Y7CnvtF0-N19mRiXlv$xt~e_~KBShE5ZV$idp4Ix5!t#F>vagpt;~a6}6fYROY)^XF;ER%sqa&%V$tV>1k} zcZDW&po7fZ5ALk3OJPl{b=jf!zF;n)*?o{+#}E*3B>AafK^EQt=U7;rQT6qgq=2%{ zI>u8pzZKBy4|gb^^EQLC_6J=%_F0nSU@yRR-PvpS86bDJ68b7|}lq6JpAovq; zlne0Y1qtkj`Fc6_%+*bjA!oFUm#y(<0VZqjK8D(a+SBAhmsenyFk7=c$W+^C8Ar;J zv?55KHU*FA6cA@hI{jhe9%-49S~mT~3%hEA()RdhiCm zvoN+rl!3D-$2=DG7Xc?j`uTY2s!W_%_}W%Zo9vaq0y?AuCJ26hIAohK3-sGG2GMYu zkWOywbS~oK*{8PH?gJGr?32Ko10Y@9#_hBRFvdI5`JOMW4HF=Aa))g+nOkW;rGjm@ zlFoxiqNC!7WuG~t@CUgn;uF@aYMfm}W;C;iFjMmIpQ4DvR1h`%zp_KX(qs%$MEsrP zK+5@RW_dX5`XdPjRSp>mBB#ML9$1SmsD!mJZG^%M-|S#AK28$-@r6d{g+aRggqgv> zw_aGofoVDghDH8SK0fUW&r6%zHbrbB?;C#mm(f$H+q>vA);TdYnfLOr6Bpnk>L^TZjjY65s zZvuUZ@$14$uA74Lun9B0}()ktR_b-?A)3TEu6OwUZWE_)Y1 z38wyTo%9>IHElmg%r8eK^hvwpiVcT$4(GMsK`n|!mn^KFS$QjH4MCXVio7>;`zh+Z zV88DAC0W!<5|br!yR)nHiQ}E(kqh-z>Q?|bA_AvJEV!2WMF5u?aUa!GK|vVy?M90^qz0w5`A7O`bTIw<}qz?n+StTg6| z>h0r@w(~+x6%@FMbsQOys5!GXrL9DDTHgYqRWJvpHZL!(Wh9A^Zft#M3%>J@kk@cG z9(+p!)tRFCvm}$X%z$!N$PBt)B{W)YPDIM4Bx&nO1{Y*vt!4glZ={M}PAcOcORA5| ziEgCCYXO+sNgI&{vp&gw2&@V~pQjqR1l;(Nc4`AASDtsB1@TJGQ8i4)iV>TcGq4oN zeX4D@;b5yxq6W?@)sqxWG+RXFPj%8>BX7>q|}Lw0LzRa82ll+AC-z@PtvE z?`m$zViT2Y_umFualg+ogda9wf~`{Z3_0QB=ja6!L=<$+&S=fd7KR(r?RWdk=A#P? zH}+Tpah__3nhC!5NvOwC@FZh7W3=<~U(@_@`k;93P?o&<4M<^J{JFMQfntywpXum( zwp_U@hf*;^3v5uXiVHPBS;txkPje9tX`XSd!Cf-CLYG*VppZau^6D_`*9?48q@p)k zFCu?kIl-nU@=r(~YHx<`jiK&jX|3dub_VkBbP%3>7RTIH@!S2e@o(vzq0d`5nc9rU zD8y|j-Mjqe^&B) zt&Z~q$`rPd?1Ggy0;HARGf*1)SOj_pikr`$imn^+Dk11{4E?|hPdH<56*hx?McpbD z=f2=4ipNbL3^K@w??i!l(@siM@Xr_anaICtZ$Dm@7mMYpaaOTUs>7ig6AZyUZ%5=R z)U;iHiRK8tL2H*3we2@|vGpNgY7y~L5j7=`J@QnoJ&9r6w(H)8XKh(O5c-|L56-D$ za;XWF;jG#U0>)s9St3dOd3;)Un7dz<`Kh7SI*p-_@CQ64XjZ%eIb~ixGKxuwZ&4vQ z5^WAEp76HQR7PEbL=&m(YL-1mLE5Awe{FAhg!PNZj-KzZnG4g#Ij=#VnAGZ&E)PMH z^z56|(Rf61i)WsC-O1>5hBti&Nm)<>SjKaA{8ox*1fs&WQg7}oN8@)wBCms08a6QAQrp=;18_Z~}uMZ4saXC!jH@q@~SYZuO z1a0NS*Gp`)JDr5&1>P$WsZ+$$@bl|s=V))2mwL^r#tmNH&N$I_+vsn%yhNvmX7{z4 z`=Q@->eP4()+!{nXWHsy=y+}W!A!TjW0pD2QQ&XyLMv~UNig?xes)nlis$|4>uWWw z#1it2W@ff|=;>*rDRX>XHOOr51sFtM-I9w<(^0r5g8f@_^dp~Nnp-x3D+Q~B~T+u?xIp^Q8 zCcK9{au3(yTZ7NiO#m>XED>R$mNK*J(k`?ReBxzQ#5kW`5^a($rb~{dPf(XWpBTO| z-=ZJU37}p{Et6JDVi;b$J0k1k-JHKqY2V6Zb920QJhvz%*$lf}4t?3&$wT$au2kxl zT06bjefPMpfz1T5jaRAiRPU@sj??kvb9ppD1pXHDvahtazTFXq0;Fc^u7dd)=vZCW z&=cyY^kHPhyDF6OLO9dC&TpVkhAxA1`;wODqZ%bwYfe)r8|(%CkU4NLg0QaGflNIM zO#&Bq0Cc)?nFD0_hO4$mp-x5gWw-1|r5E)K0ugaklw?r!W8K0jbJ+I*vF7sDT{~Hz z=*0M}1(N%8Q9^3L@j{^1gP=Odl&#Zv3NDM zRV!b%*^8W0V}N6)vmKD08WxO5$65|X*cDAEUF?SDh?h{tfW8zrlPYM8vvhy3`Y}+> zh{afg--Eu8B_S?^QyNEVpCL^Q>sB=%+@DDu>-a*yFRu}adH9z0f^Rl*ReSi9l)rW1 z=vb~>yBMG$#$>#NA2#OD;gJkYU%-`JU?TG*9Qx~|g#m{u=}VMNy+81Jh}z|y7EZdO ze;%4GzG_bgLNgBQd^gNoVauc`I zI6;Vdy0H}pFzBD)5FQqnVk_&4$4#PURr2kkEpk)PpO_h@*F_wzhpPKvIg!(bQuRNO zzc-9Z#L+%1Bc(*RE$UE1HAn7;8VE+12|4Mi2W(O4jF6aikg`!N5~7YE)}cZUzK9-4 z@$W<&qKkx5A>`muTuA2k%T-cSvaIIt9K1!VWro}K`NmNvR7vYZOWoU{TwyQ?x2a_1 zm3x+9O)<9>GWnL`QrVQ4jSh77Q&WUDcHTh+iVU_-T5%-GmUszVcY<_yx-qs34ze_N z*S1`mCkS@Azo;niUK06Y9tpL@!PssHfIYD70dIIyijk z%Y`@L9Ux0~%<;VtNx9uq%`Icxmfx&Z6Iio6&iL1-4w_>}l?DR}2xNFgEBZWgna?M; zyvLEq;8DrBu>C?O8QlN7^464XXp6A89fxp&|L3RiHUB@ZK`;{~D{6_*&aV)8ueP0k1>NV*mXtHF! zc#ze+lIDo{BhO~P1Us?QN`e8m?wQ~=Wxwu+sBh zNdIIW1ss)N!w3{_hG)VOosql9QRo*D6&nIxfp{pN`iKMi1jGbi`Cv^`6PWDvwxQ;n za$~3ErQ0L9WyZ5XrZXV>9*GEFE+ak^e}VRuNyl1C&Z0+(UhRO!dl704-2kEaxP)c42*S6?1H^nRTUY$$nUy-sWkgu z;&w#U-OZUJuj~Yy?_|Eqk5d-?7(h)v~t7Tovtrd+eYCms`+w zRb#=xi=)ta@*df-I*!%n)sG&n&#_Wl&h}#vm$lLw8jZkFjdVf1CIanPME)48(%vq{ zEEyis-y75+RJ5*O4k<=563CyyQUiskUDIyF&kDbom);Br*2sx2W_PypRO|-#l31l) za!u26ZW83OL|qV#!>_IAQ|TuTIPzPI$pZsvyuU_;ALAsMcA;T?kCZ9vNoT z>wD59)xy;#mugx?P0`XuE(daWiV)Mkk_tPtnUTfMFU*=e$C6(+G@MjEbs}Ln&(O8CWEl@%HZQBg~_0h_r+r2w6A5 zkvdz$0@g;?7?`S|cmxgvI;C;8i_;@2JD%!`uG-uZX)%Sml6`>q1sp}u+?g%Gp{b}s z5za{5#CBZVDI0Vf)$y3e$ZT`Ib9XaFmU|newI1)t^=XO*z*;-5bJi#zo;Op0$}mRs z;~96TQK)5Ux*&ur>8tlfp8yD8?7pL%D^8Fq3r|c^ABR*us=3SPRC=lMw5o~sogeqP zW^TkYbERaXz&I9c0YSRiuLGtld3b7~1b12~bRlBxF>;~=rx8b=#p@5A#Xt(456iC9 z`Jx3P@9x@JGO@OlJdvI7Rd8uDrwWqXGXPmv>um`=wKDZfHFpysWd=F9^ex7VJ{)}- zo=Qo}jb$j}(NM|2;@Uk?FL6&EVW=`)cQYFbp?9o0Cj!Hi?3XP~C5sY~H9*!o-?q;$ zql>JOmwdiSW-!#H08`WeD{Z&NycI5C63LCZeBH^ zmT^bwQ?yi-o6e-tGe;~lFcu&I>miTNv5&5{0#X z=VmG^Z65>xZ*G;MdUQTZ$Fmt_N_;^TgJ*W zL2v>NpvUJw(owGggXp`AnA=!n~iN?p17*=@l6kswmvQTnkT~+j%qE^ng z&VLF~x2I?A$bCWo#v=VFP1BLo&;gg%F-#cp8xg4G6KB$XgyNg#I9 zEKY~ktAAxPOVkqj(IrzPDU;Is+WFVF_^2`XI2}y4Aod^Qi1U*gN5^(P{hFplJ0#{R?mn^so>kZKLV!D7zm>aVLd0J{C`qm zAIKOkY^wleZ3axZ&esoMVn|SjsshD7Z{v|Jfgj~t)S*V{RT606;2V}HYM9Y~&iwNJ zEWT6U{6+}|8|DstMEG82f#P6z<3~u@E2iG)J7nvycEP@k>(Eh zvTZVWNUpO`u5Wn=zuWT|Bbq-plN^g$kgYyfVSNnbwyc(BtDt>wGL`e1 z=DitZl3K`iKxUamv6(IL2`9aDURn1JWlC(Mh}&+WL)i=-ae+mPld*e!>-WzspuQN* zeEuRf5n4?c?Ibh~zXg|E6XCGrs`8wWjDw4eNI@Akq>|^$6wPT@TqaR~VIH=ap&~Bi zuHp?jIoCMTt+FhSvi?=dD@OA=EUEzwC9qUNDcL0;Liqg|ku_M?yr;}sTtWnGqK5YK zC}b=^d^s5#k1hC2vb`Nj+j~P%TMQjb_*7za8D8c%uaPG?Jt_DL+RuX-{0I^i-IJ7s z{Dn*`f~rh+8*^GPxwTZdrlMwmEThw$Qwq>MzxrJ9trvr6&@Z9bQaazo<`&qbz&X90 zL>ZK9axg&C4v9vj=4@t6bX92_GiHhEe#ze}-wZ<`ChQpe4fsv8ObGy{<*a z>7E-Xz>a~*aiy%BJ?MjnDww__Gv?ET3^~x%9zbQ%9J~25fGPQl<7hH<@V7(TfSKvM zGif5OQY?4kJu6U8kjMK;gWD;Yw*nS-s;9w7G}LXxHtgoIhTM@IF8ox2AO=RC(k4b< z8W{8PM>X!)59qX7%G@V@1AgCIJp%Y}E8gvbV1DIUa7Jam`RKZW24&63^|X6|kMOQb zdBb%$Zs|eB>n9L8mKoY0{d5d`ICb*+{B%ee54_7R{<$Bj~y9A=^Y5IiY0px91P^OU)iL%5cEW2++` zslW%HgAOZMQ*Ts4Z~Ln;{fLKIypA@ed!U=}^DkTP_?UBRY1L>s5LScl)3$wGtq|Xy zfEdBUlkd35fQ}97{Osd;FoYFsH^27nk>40>(eRG$?^`}zNzYl=Cmos?x`ijVn9=N2ahcU{XQ^$&^$haB-A6o&Lal0ou?H1UtQl#>8u{zbJ`)@mxY1 z8~cZGBD56YT62l72T?}eIH4zSM@C%-0${9jwmgiZ)?!j0TRK^^T)h(!ZPMIp;kiW( zVPXmKF*E`~Yb0a%w*CG#Q~hr9w)hW1$-nv`|9=Q2%nbiiD9KhEPu%>MP_l$*ACJ-y zbT6UnY|oB^Oei}ga0o1}nq*%O7>Xqycf#~JoHRKJ)R&6VNJrv7G2!FU{xdrGEeC%& z?V4q3>*t*xR_y$d78W4E)Nt4qL|>Frb#p?r|$ZsvTgPsDk+2Y1Ig%_f5I zhgTOpOGkK%?AtrWu7NiP$6b4LysiPMV;`uK@6i-aTo+486@y(#1hjo8`FY0Ojl6A+ z8wyPL5=-gFR4;ERmdcWI7uGr@n{5CWW`o_`5A>Y&`-NASX%_sy#Kxj2A?l3DSU?}E4>x%3joX{XsSE7FUwl1Ur$MI4HN)=mJ{ zO?VUu9`{hYaM?;$TzE6#t$@(Id6{J=;wlj4H;)5|Q%ilwFdn+L(SR3GHw}$a3gVw+ zp2dw8w^ITEWk^rg!3oex;HxXy`?~q8HmC5`SQwf6?29Wqtm=)x6!ZEGfi(pvcuU>D zY;j^P{W6@V_FGw+GN5C#$%Q1?GS+QC8ghv4c~qQSRZXhO)D=2p&mLzLRkcVz!~i=t z(OB{X)M2@~D!zbo2ph1~LvszD2r%}B3kl^d%LGjgW3cF(1K=EA&b{4c(Vw;=q}nCH z?7Yqa=d(9Zw*2}uNw$yA=)Ij&o6)yETFQan8p2VG!pze&g(;#a<4OvCO0_JfF+wlD z3PZ7xA})%{D=;~@qm`dToR`v~y7Ix!B&z)7xYz3B`&2+eYf|l5P>lrWcrc>RctgO# z%CEjWL!{D`ByC|Vqu>xOW4nEN$6u->zmUpQ;@=jq$j|ta3K+V!ucV-*Vvgt?WC%9C zq|HD-By~6Yv)CSAfxB&Kw#y^nc9NGnzGQZ7d9+#C$F4dBHq~izvWG5U#o1DH4>Gq9 z-Dk3FO%zu1onjghj!bcLMypKam9G{LK8?0G}BS~N~!U(g=_H^1)-Q!nF5!VxbNtfwL6SOJwc? zd7dEHAdBQYy#U&`XM$K}UVY}2i&sV_i3v0fWp*ItmwAZ!K%f>9*3Hb&Q#EBly|8q| zh+@ayhWyg{1m!qEFp0=981Q?!p>^;P6m%2)f`9&lLpj|05<1M4;gJ{^S+qW&R?bzd zIVR&**E@2}ZPN6z3vjEnbsPk!_Ez%kJ^Kn?@XM%zqerL)_+!5q)!suJhX&lxCdmlh zwd~v9zu7E%OKzUi6BbKFIZT;N7ch_$IOU7|GS8{r{8xen?#3FBp5QmTP@M1jP}V-) zxu#x=0e#PNT1@WT*>&WNu&?3(m?h8r)DwL*b{CQF2hOPy5cBRpV@OEb3IhJV^MJTX z@mP(rz6R|}*~T+DncFQ$nuF~TE*7=vBsn#k%z z*Le^Cge+-Kehjd8BrKjGrz}B<@hvb??0Hd=9`?Bb0^wPN?SHI@SoV1 zK|5d7SVo|VXY_H}nHoouFuTA$=?Lx$0o=K?2%WSDo5tL6m6Z&G zxny&D3-2WbnEiMPE+_9>qIj+1Ym%hV5YLHGl0qtzrf8b)mR52lw@ZeGvLJ13=F*wW z9t!wVPC4V={`i9*a^J42mXi*2Z->a%tfhkRT{1-+;iNz%fzY)fwc~ht-JN_Px&di) zX)jP6M=L=LW~$PzF!PQE$^!zXMy5jr8F#Elri*nJXmVEIV6g*KH%(6+R$lgXnuUPr zhec{m7U#u*s+|X1S)g}`@4}Eki|zaW>Sly~Di(=xE)_K5%uZ!7Cr!7Io@1&w&t*YI zs;QppurJh6e~+*Yf1Q#vrWhq@W2@%DObZ39pi;zJ^J=6wf3VOnrd3A^DNx`I)Um_Q zzKU2wG7%d>HA5l7h$<{+w~1WeE=@N;B#2a?2C<(}Hlk^k{w zG%2qLa&D4x`BC_U3M1_|phO$?L+sSHL`5_T9<%9!u+e7N94634Mli89NB|`Q(E0?1 z$C{POr%m?+6eVXrhhO0rrr^ik#+* z$4Ugz4eQZZ%crf5f-PI8^=~HDd`4_g2%O3X^dq^ zbTSD`Y#QbFM6*Bom_MjMt`F2n7w%b~nBH z%Rmne-J5Q#t#$`5&I8?<+EaB@ko?AMOIN8cl6^ywGFI~}fQ_CrXa20+0%6IJQ55)= zG(~>op2W{el6_>Mc~It$E&r2^+&>`LZiYrCf?IO#^w^R)$Oa7V5txPAeZ`=#HEwO> z;!FiUP3LUc9$u;i zcDr5uixkknb?JjAh{li9i&0K#PJnrFf9$E5ek2~>KE4TeZ6gYnr{{2a0#~416PS4HfGSM1V^eDP=O~xILEZJ{~so_Nh z7mzBbqKM1WIqT|6G*IwF1lm!vLKm40uyNMGh|}5Ea(|i@G{|68Ie1AoBqg z(4=Q)tvp@*38D-0MtMXjTjr1xilBkJq_k|(qX`fsyq2E$ z$XDsyG&7o~g>QxMfdI2)zXs6Uc*>DDFEE`K=Embwar(^IQ}Ij9@LZN>dwlU5@M6un z?1B7dw`2(Zwa3WjTvQarHdTsk!XIIv>=UpyO!4OBey1SVdj(euar+*N1R+cHY(l>_ z1>n--&RO2^sOKpmOPy%{p&;9wG&SLjH8l>oLymK(VYC8uczxkW0cX-PpomLdsQr9l zs#+iAChI}SktkSXxILQdLUJ9Ep!${A%&Hx*p>F<|Z<1yo^9 zwK4(L#DJunx^?a9tHZbzZ6f^Jimd@nMN0nbrgz5F9S~@bgi+0^HAtXZySSWGFi|^R^L~n=17|lmyNwx&}%np z0Y>hdevMag=QOz`?~(+y2g3mE*CDNXA_|nqwJGE`cdeb)HD)`^u-s}EgCm8WaidjB zA3PYpX?jq_SXNjniRRoJ1f$_4esi~k(xKOWOLWtG-bGNYaR$oMb+nZczV&4T&hHU= z8Cl-x?}gM-WQO-|=41A5UKy8--P)M3@uBiirgER(V}i32?GW>u(_MzE**nCz`ons~ zZgan8T}kaU)2cLRL}@)$j-@;)QtyB5d@WI7-W0w1>$X3zswgM(*F@hbbduI~$<>z# zfH9)OG_DfF!1|VICVH6A_?e_x61OKLnsfCq127!i!?S{AAB`~Owsr4ECKaJxdQw{l zFRwQ*(%nE8YqQB6bhky*yq4`>{J!x)ZZA_}SLF98)HBA}gu0Xio!9aRYnV@W<>L zDq$h0L)gHIBea@h^UOzg-6r>3y7`0Rs+MkjR73DUR3rTyzwlu1 z#hp(Iz%k3aX=MoT=|I*3C?^$|rhC_9sWc|ZRim+4`J=-xG-Oo|6 z|EtScQkm+(+k=O<^^>Ug%8<$~thr2V~p7hP9NC@{#>y-hXAH*iV;Zg7{! zygBg}GyfB*L+l-!?I&^7wWiuz{Cqy3v9Ls?L+gFtEuR^03{2@+xmUR5_|)K2NPuin zgB4SgUF{~ZyZ(#r+C7+prj=J8*jrfX(~lJ*_<6(_RL8czcR_`Da*Al;2{)?vr$eo5 zx0)^MYGs?x8w$U@(=UNNzO(bm#!;G0f@=*`p%}ZLR?d?{A+_C;9U+VcugYfF`@Du* zMXp(wcROf4j2=3yzr4oRPh}XYr^oeX^s!V^?P0aA{kqFzFx9rtp{{e*0+SofyIlqg z-nVvfun%S@Co1jQqJ+Dm6EU)!=HaMv$E7TEoG5{j=XKs$Q=oao_`>qux}l)AmYnOy z+Hi$D>4Uq|f334970YlOGZm*`??Q&5Ng^p^*X{9R>bldod~kb+%R72a4cPRuyBqXn0uv-u)%J918bBYA~QdGs86N`5xmNtbjrFKp#td(3nYZc@;0U}mQ6zy)02LJ5Rc?6o;C8^R+$9X*M?ZG7o1w z97-M#QCgt((uQLjFmjwtuItxXk@5brZ!nUW-ErgyoP*jO9yNo0W;ALDFec z;w^O=*lP#-^Fh@rH&5d%(BHHq)TK5$7`K31-Ve5wY?UgR7ex@Zf(xi;A%;L zYa23&aLsAT?G0}HP(*6Vf3_6xDEHY>LHk??c)~Sxtr`@xAf&8HczTQ>`j!{cD1`rJ(hLVHv~O@JI(c3C+F0Olh|pm%h`E_6tYsY_+VwT^`H zg@45TBi{1xNj+>=mm<1gKRWqJEQ-LerPJI*x&8onG|u`KRaLY$+D?)Cbh9=8x0NK7 zcRIbx#CpX`grgw;#{k-^P+8u(zELXI%MXs(pG=m?dQbFfr-_Jm}?9@dv~)%4qaU{xshWRkcJ+G|;86a0g#0#rWu zg<@b|KcDevKUAVSqD9n8!mHN$I5c;_eF8SJ3CwA1az#&@acYhQ**$&Sf@%-!8!ePU z&9e(S5(9*K)nv}9!x$&G!28f*Fhz?SFoFj?QS!IbZK%X3jkS+~a3rY7|03)hdqn}Z zExXUQZQHhO+qP}nwr$(y*|u%l?sL=q;iYqv_a7>iRb$OLYE=FK8RsfhvOhEa)Xt*a z32ng;?}9#^*+;HObGl6#swvLcYGw}Pcg3ea@t|H6H2F57$}_)_EL_jc8v#i)gPyt> z|9XB_#h=siwbsBkDQ}9H&fOfi=}@cx3a~<}4%BqL%CNuy(TGwuhYBTJx?&+&kr`^( z*j)={B2XUT_VsZ7u5p=m;CUN(QFzSSY|TDk5@x2{mjsx}m^<-Tp}?kP-8$SN&-CsC zGPN}_1wbN8IE**Y2Mux%x+G6pPC1xyu+gG%e`8cl%^yE%KBaNN>Xac)W z!N6s5i>^+OqUjyCg;!=u$9l6I6wtqHYPw8}C(ef%>2EiJS=*DV?GCS7=wj^4>5lA{XNME#x{yyZ4CI8YXqC)E`KD#} zfVBdC9Z*@qwFFPr)9Fn>VTcP7@RMulkePc@oRN=Z$G(nITrOv|;i=ZXHvucNqr63a zqyyzdLSWmV1^u}x=10`0*`%UWZ4OD=4$M9BB`)(jYxqZRch^u*M4^sMKGldm&lvsgmA=B;y~b4_#R6P^L}i8ytl48EL0P4IKwhA4|;kw&AkvXVuSmgpTbhAK|B*QB@_^><50!u z)iKBMI{+p7xx+8mkol9my6t?{SBjHE4`kQu1_%P^^lV<-8 z_aSEZFs{_@yh}(2tSwrJSc=Tf<)F&>fx6RQluN4v$&Erc6U9S;=D?_GP-E4*NOkS! z9dsZSF)4Mu@DE!N0?l|s96RY@Pd8T}z_q3UL`U&}%`v8wOde2ymMxSie<|5wzDr24 z99m|rWd{t04}e_M=Mqt$bfZ{i{HI~05z z6Rz3Wwz=_ykOPc@-RIc3Z+aPFujEOw#5kG?&ME;k5OM7B+0huLui{@~+|QOKGrxm$ z`|b(bawCGK#PMaosF4O?6BrUns4}y0xSd8$IJeyVY%X^(`6I4a0c`ViLUot`eR zAs#(z;;IuJpXORB-Uh@VQf;wz1AR3>hotm@e3IgA(q9>=AU#$^Yrg((3qTco;3>-p z3qpX35YQ~pzy1Z*41thmR)H~*J(%5+zz--o>cbY*8Y5A=@!LB|=_botp%+sACt%>p zO3uBERy-Zg004!aog-jNh%7ODHKk+Fqats=tFMl^6p@q+UKsmXw?+^RqC=rfy)0nE!6FCZ zI=P6Z{HO@T9~RUW-ohB{#9$R{dB^3*Vzm5fP4#aF;gKSHtA5xWOIKfrVJhJ39ST(E zK1zLg^+V8<@R8^X$ixUolgu1zLX=PLV%GNW#0JBFGfy}QQdrVRoqT$>TR6r9-R3jE z0!iJ9{Jy}W>iv`l#eZS3Vn3GoVU2f|5t7hhHPS2Zy%RtQADFP5bInNxQNQxw-q4GX z$hCwO9t?A7@Sc822QBihePKGjjP*ijP+`-`AGGwvKkq#5%wK5=0zBCIkzk`Df!4O< zqz@H=n2ZL9G$WkPt%eQBd8I&QfO8ICBDdzTg*K=QRDxlU4lrOQ;6F_fK2afVdzYfj zG$h>$l6%FX8K0aym28EUGld8bs+g1I14(HvFtA-uY5JuM+eiuXd}l0b?+-izsl3{b zF+y_Oehkldt>wVXngmD=^Ba>qgKQIKyF^Mu{}LDLw(lze^x2=LXEI9`4yc9fPa1(; zfRu|~Hws(r8XcJ?yKsU?p>~OZDj9Et(bdXp_iVV@yqYVTc`3LZUuQ1efPJN&8+-8 zBZpQQ)Hw@^DpA6SLiPw5P3xy`4e3L+MivZt*vVX)J2RTNMpfBkE7aq|5+jTm=~zSf8#Lv{Ub~f(AhOR=OeNqMHT_>Z~tOk;9hH#!bkTeadwe@EU|v0hAM;!oP|y zW!9;p%6$QmdM!pTu^)cXYLm8E^6=j%$uiayE!KfCJy&?bl5INiYcUn%`M`$Hw_I^f zpm#;rqyzS+9%eJy4&bNa_X>p85#0tbJNZa-Cy?w=yzP;wOa<;0&f$*2^~=V%-J{J| zp~LhSVF6R?OH1u;2{>?C#K^zrO4Ae@Bs9g4l+<8yJ{uHQc@5F2cv2hChe%`?X2%(W zbm;8blUQYClTF;KObf9}3=DUB0U$v}%qDB;0CqD`&t54!GI0j=$3Wz!nQmn1xpwHg;t&qb89QRvOo+I~Q2`;e_=_0(K6?1Bv;HIMyKN z%yYrRxG&9eYzEuBI8XA9lo8)I^H4w;PD;;WZR@Mb?(NcnEN^Q%Rn(<|s(Hm>_M1!Y zm>Or?XsM)IN=`~Yk38hYrmel4+C*|5Jp;eKCwdKH2vFWBi<75QM^7?>qL zf-o=PWV?6?S%1t31wm|77ya&>PE>a5ue3UEzU-_PMxgFb^8fUMxaeR2-T28KO>Pk-Uifn|#-d2g;e%^k$nlAKjK6 z)XeTa4!fU`^hacCB4jGVeN-SN~zWk?7|uw`_u!H+yUCJtg%r z2kq7gy+QkU%FFg$C+=UIJ?TZ!3WMRKb5sDxhY>875Z^`T!aT11=Il&JQPdyJC4RR2 znYk@Nyl%9JiRc4Lzg1qYDaFkCPNK0uiW(Tf=1&ErnvKPn(lrEmIfwNAYZ(JW#(Yvl z+u=y5Zv%hz62j!2WP%6B&}9%epqLe3qC0iCaM$^sS|u42RuWfu_eWgm4Si&Awwj~w z?6+~VXGXG?xiFHjmq+p0z%3^v*YcpQzq7S8B(25^z;=h~F%QgMUoMOGmb-rpjq8Hh z&&@PYDjh$hMC+?WuX^b?+Gm&af_H{-mUBaj?K=q`Nt4ucrSR`{8MkTFHtV~gp9i~^ zwGxlFOS|I@GD^NyyNLXnK_iCaB&tB`5yxSjzO#TV*^=cC&pS~+07fF=)_rhv#C=Hr7lGii>&+!y*t9JP>t4(f(8lcs?1v`_d3KXaHY4)#&jH@nX` z5ts=ZE~3rAQKD z!|4AJAjc;-#dJre9SXLu1m}9_9u?A16_SsosdM!j?1Ydqz&EJw%p8(zU95tuqDyh- zEOe_I`p7*oW(ru}Y8A>imw1ce^VXJyr?>T`z@2_{G9bxQ-dMS}h7cO*4r{XuA?di4 zi*hh66tuW>ArxMT>8NM;iTD zlpfpeyKp`F+-@w|6P zS`vx?llDduyA2tfp<`b^lxOFOd9 zymaf#(<%}%Y;rX9|Bw|NM_gXFtbgqQ^Q@0{PoqP35 zzrplv1D_x|7aF9(cr=@;@%CcA*<$phLYl{g2%b`sW>!iJ?BmdU!7*3Ab-aW+ek&dt z1MIfkUS)xXSW(#6)DQ7=Fm@Sc3nk131avf3N3Qa^xpgGqEjmQfT>h@WWmMIh7!umd zu3H_q1Ifi5Y(mEh9KZB&E2YuOMohuN@C4vXDnB|cN>4DHeum{I1b&WSYqOqXA5%## za&SqVXnl<}$A#R4q8zwGIWWQu>Cw727ezf{ja(#$zhh#gNpo3ABtN$0$<|@@8kxUx zJ5F;lLcP^3VH4fT#s~#C5dOhEm8mgD50gzr;u3&mZM3*82dP2da5J=k*MeN16Pho$ zHK0uK4){3d2P3H9Sxte4J=Fr%K2)5B8C~AQwBel7&!_fu&yGo|*63DZpc6>susfnJ zBgY1;%?c5h`pXtXa0IDnBn#-6m`v8dcw;Pet7aB7T6TDF;W!}L-w`|?c}KJs5cHfV zaR@b2i0cnjxOQZoXj6%tRUl6wguap+-TEcd9&i&!fFhc4X>kWWRCLR6Olsh~*M;)U zMZ{Ca2yoXV)utyh84bO@JU;$V9*$dHR%EpV=?XD}-BJ=oe*ws4yAhEwto4Gt0TI_oK#V~;qxB%ah}G*$JHk|(?*n=q+vvsGb!HBN zH$(2R;$~m=jDCUXThnwn;f5Tu9)`)6u&4n~=8Sc}K^8aH*hge$<Dv*! zgyC}f5Zn*re7^zp2K@}Us~TL)pSi)Gs=w9T22EBGClt4bf95`JsxU=mPt-4Y$eM6s z)jdcZp|R`RU&E)H4QI5v_G^xCKABv|?pO{htwd{q(_pEj(=Y(OWTB(Gb+ULF+!*5( zmRe1xG8+4f{#H_-ge0MD^_43Y6BP{gvNC3voR%fgKi`m`_x05C`69H-QVXXV)mZ;u1Lj4s6TsYbLUMisALavKk zqAv^W062L<&czsH649U|9%$^RJwuC)HXJ)7q%Sx{?bUrL5F>$bS15S{s_hJ zR^%wdJI#0PJ2`S0H~ zT8dN!k)+=`ZD_QY-pM;)aw0d`srJs0$7r+ME+3hmjs=fiXk3cmZ4-5iuEdMivz=uE zwEHnJfqt8AagE}RWlOtQHDXRxievtt^1rrOaYII4V;H{-51q!PP%Hnk>|Ty6$~tnU9JdBoqU zja}Qdw9z*_tIQK=msBVXyqn!y`MNbCA;dA2A`nLO>|5^@y)o>eJMLT=>J*=SPb*ogiwIg&?sFL@g@mmNtex}9P z0z)i@9)-k{FHKVh!`x2G2En%SMkrWthNA~x!9|RlN4@_A=I?I!( zxmee4bPq5cU$E@%qvtqLWcJoW&B}jEyXC#7f5^ zi#Q!K$j3T7plqSO9X#!tJxnC6m)ljJrrKfq^@mmHn=rze$UwX z8A%8%tJVTJe^bNaF>hMZJ}4N{jEaRP6i?)}U?M-Q-eTG4T!{ej6&K-H*C0!X&!g5* zn^a)?wmhrhHIyw?7fb!OV3XB_7H)hhiq0l-rP(E8_6*ctbbIcRbeAQOnwHDE{SSO! z6q^S-!Ij6=7jkO(ZkB6W4NTuAsDb3?}L)TyH&I&wJ8OQg-nol%hOW%1=RwJ*}sm!@FT4jJ+FrIURsBs-|Fo8BlHk~M)z3gkcohnMo@s559x}+T7}2#U2Jva46%z23Z%7OKN^NLshmBoKK&ibOAw1mZyUa z;->&BHsa+?7Xbs=?wI3W+T{V9J0Nrcw0u&1T;=Q#)ighbttR5RChP6}#I0U~?_C;0Ox_zz1}EjIs@Qk57z#)J6-tkIO@^ob2Av?x!;{)46P=PyA^F4S!3 zIZ!AELHX~J_jTPphqukc_`y`Ml+O9;Qg_aio$Cs)-qd;-kJ8dAnu!Q*T9ag0m9_z$ zi}gJ*dt@XsDx`y=#Ya;v?6j2{g${7qTTUd!AP5WTO^m{IXRBkgYVRf7OGM!LsF6iXsyA>44ona{jdA+0oFHR?l?De zhJ)}VbzTVhMr~L5D3zABWP*ak;K+*h09WcHZV&T~@>Ttahi%T_V_=E~4;zvAHs~}x z@Hxs?)){9;{;f9(00Nv%F|;KiOO@~K6z)z32!zG+q8vDl*V%<{>oe`ErE13=h>boS z(4s5{7b4grfOk8qDaTb-`KwzIX!5wL7E}fdDhd*R+4C38`P`f9A5;-RE7=ieI|B z@JJ&|mbK<`?5`I=ScHM=`Z;>{ej*uzCo*XpX{1Kf;m&hQ=!(J16Orpco`~C96Y?8_ zoBAuqqFHlfOgxh~D(4X-5h4A4plkr3?#a_pO!kMpF_){QbD3}eotQEfshMrj4i9?p zfYzl$rM+0ZC@*P>MlznY)iA)Rq~wQ4kieFS1&%kPPD0gBHC_d7a&p0|B)hxN=dGu&7&tl_@kyP-p~bMwO=u^&P;B0J2cH zXVVOxn7B9Hzzw}o7oHU|U>%EUc6UFeN)^NxnPLRr@eKsh4ep$lLb6l-gq%~`nSiDqhcsD3dYhflWQ&ouo z!_3>bEH?2k8B;dJFEt`VCTpkLBN$=R__7=|v#v2OToKt$IgQON?2Vv$8D6at>T&I5 zKzf+-8noF^wIczqq7&zjkf$o1n~Ne4d$NQP4k+8>TBcsd`qv4RwY6+-;r^+DOJo`1=yuHb~Dk2%M1cPf3pz4t<+SMH{ zlL6)2gAu;`kx3{XMF+g2E|L>-Js-FA1bAKfTLNCuUV;*S4qJ$}>F;C{ulT%i`Nwzm z$(gi&!RZc+VS{oR8_thT)Aq3@o=oYWgnm)brX1vvO1%>D=w_Ldh>@K7tn?fKXV)L{ zt;k6CZgbjqlRgKBv^21n-l({&LD%VV+OZGrTn!xNsCb?!*M2J~Vd?zlGO+6Sa;K^~ zdBx>>`EdUJO&SeU9e;czirJT`ep}a}IHC&iEP=0OUKRIFvE1y*6@IgTuK)@pdig2% zSiR+7kOji~67-XpuR1$>T}s%Shh4$*{+WJ|%h60s>e;IGQXML{KElV!Zn!M{&5GlT ztVu(nEL?aIvf_O>AHB(>ec8TGSPv?2v2RC)!5$*=iTO@_gq#_hM{S=0 zKKeENLDC1v1?kiJZxHK0ruF|FVsWsu{ZEKht)`W<@fXGSweC!e0wj{y`QKa}8_#|c!xh`JWURHt8p~qGzWwULQqrc^6P0?&L`#Kb{?&}VMCt%n* z3x6GnP8Rz$a6MCNyVer%h!&xFzz^xK42v23^G3CZwFLYG|I(S@^P){`eNyz-%Hmxk zn0r}=#Sr2d?PLi3$lSez5_?nBIHAwqW_3dJ5r;5wW4TavtV^t9Ln>M!(|WlWQ|ynU zCd_$o?ZqCf6Y4?K*W`YOO4Blp>X%>Z*ZOo$&|mpooc7!YD@7}VBHHDgs&>$d(UhT1 zD}@wfY6f#B0Evapc!r$!{>?B*I{Oz#^)6+>tJcSm8ETS$po^H%jFWvrV*1Fq%Bb9v z-H(Ru7$_-`D7*6|n&P~vfT}CVGCxy=wv4+0L1wZ$nNBdq0MwKv(HoF=BQCuWwUN%2 zSR$lSKoRG?%7*yXwWia|-qi$kS7z5`n)emPSP5Q4UeM|8S@cPWB-`wzihPDpe2d4Y zjjQ8^aK*K#0LpUN)Qt85FjWEKn~wxl=F_`UWo-vk>wEF)O;zVsC%~Lu(4s3SH}ORD zg-*P(fsBb&Jqdwq?o}EFy!SV&Ak>Pgo|6Eah#mY-gk3163St82CoI%v)x!`xOdui| zGBRa^wiMw}Ccd0y8KCLvs@%Vp_-nrn-W!%29kea&K?M(fvm5Q8BGv`r61vz zUa=nJs9*9oWH6o_T1QW43O%A{2%x0!iiAwACc(MOF)%BQ5RMb>lDOd6pYM_tDq;p^ zq0XRWhwZzXWDots6y<9bg%pFOexYTI9)M&NG#vHVr4TetKY*(MDk@nN0HA>JJ20LL z-TL}%9bhUh)pgf`CPi>j-+=TI_TZzrY1b3CPWloKe8*smDQe0?J;>=X*@TWB=L>3! z8Tb=)GT;pn__|Q_nwr3u=4Eniy{5oJ_b-2~=GWyxzQi@fmG6AAHPd<}u3@1CF{+0F zGQ_mXAS`ZEI1?;KCkB0!u?2}41G>0z;k!}}i7 z$U-M&*y~Cx0@F8Pf{DA7Z61dYq;o2ELI-fcbL0*jKErJ4P}0$*kRxeHry`D=5awxlUS_q5 zHG>zKM&g#m=e)Mf;r_E{gbn$N_X3Q?Iy*yqW6aYI2&A)(jCJ2aYqH=XQWk^oN$y}- z`+k|v5gGTjv_DKCn+=6$-RoF45m6H`_VPZY)h}EAQ)oJb%OnpEQ_<&W&Kc6(+`pn} zc6+WLh}X`-qm`)O9C}yQG!F0HFl9puU3i%Ye9c!^@xJx+u*=wQ>`5=^%B!4-Ml0&s z??Lr%C{EHPR_Dd)oL#>lkHUp75T4EbkBWcd@({fTdVKYDJY!^2>gxLpBcCK*Q#E znbc8KFt8+TVa$hXb>S>NkTS2E!38~c)oZLV`~w+Rh7|z=M6iQfq{<9Gp_uQ3(BwMO zoGzR5`kZsGtO$}d!^0k{XS5#7m-g?fV(pfW6&XeHx{)-VQxtUKCRK)Pj0>A;XDY8W zy|Fh6T=GFJ4aP*dC<*tIdfE?-E2inn)dY)*!}Uvo<4zZgq%*#BrT(2wuxVY4?Fu)} zF+;P&@ieorf%@1no$c8l=7TDf%5N2s`({T=1|SF;{3MPvz;s^Wme7~?@8m`>0Sfa( zQ`duJ6S76vY>|Z!Kv#sXCg5YDSuoDQSxSNh$Xsy{x%|NA=)zzkyi&|QIEPQ~6>NQ= zTxI0j73Z4Qq7zi10N75550ZtWX?72%S?YSFWA);<;7{k^AJEx>O0HJg0vJ3jT_0x! zn7w^XF-3XWeFjE?t5P>3KpwbEko~LIE?q>g`J>894_|mIu$9s_osK!rqny?rksQP_ z`ylLqml+sEvx%s_E{do)i*gsPWz>Sh= zy5RXl&xM;Xr5nSwWweMir^gSY(rL-m9B0lVPElc<>ICEgEidrVv)O?z*j0(~2m;x} zsw!M)?+fLoRV0!Cd@`%ahkte>Mea;nPMRDw?!qY8jM07QCeE!oVSG}K_xp(=>wEF9 z3ibCG;3he?6FEmRb!0{lMvD}5=q(pBd}F5?+clEe2nEN@M*fnIM+O*gH(6KbJDw<_ zUV>KW(CVY`OV^W~j}ys4Fre~v$kzy>i6*%0vuzh?OZurF3P;Rz?khC%D+f+d{iU2@ zXgWYDSSrEY737QchXIRi(TMkQCqXQucDPrRy=SV!13#djg>X>0d20E~_$@Q6{^S^b zi$F!#3L_^67C=bZ6rTih*+hV&LSeuP=cw7u?Op+le3ed>vLeWnwux)H;)R@sPRR)E zg!ERC_HI$`0D%-EHRGV+p!TN%e9Kg+x%WX3&t62V_!%aB;=rHyYm-l}=B8Nl?oo1dkC z6C)P?-&T25eIAQ9{xOdM3||3CN}cdwz-h8uOd!3y_tBr8T;}Z=sEC%|CD$aHVTV5o zKjnw;o$yUKFY2LoNo4=PoP}+3`R`O2dKog1#@*^D2|dVg5@`K~_1kdu4tZ%L@HL{fEeO@r@rpaGS!>Ctusv` z0?}PQe@e=U4q%SbVAqzUac^>vy zuaV7xI=mR>_NSmB>HY-JIxrd2uW!|b@_t>84n<_a`N!1-XW7dHIjkuT&qq`i*_j_} zN#zX#UPU`fP*d99Arvy) zYE|>cqy3S2^T2iCTtgxSwkj4%QX@mAynG9~+Eu~I_WqWJE$Q0RGjnZSXycW6*d@w9 znigpz-W@16eG*fu1&wowk5gxwv9aK>R&N$21=MS*l{YDR#h(LOm>;vG3SOU%xgnx3 z10_%Qn;W!_glNI27;;B+Vl!o?dPA(25!O74ilW9&k;nY{+UEv-I|}a%CYJVze@_vs_)G>BvL;PMsgNnlA1(!jnotrxuT4c&wnsBzpB9S1i2-E{IY0#=c^E1em+3HVgSQi-JRg!`^zi8AKd(3*MAQC*@p~r*$n!{ zU#qMFcD2W^mlNyq!Q+W;KyjC^0)G% zxFF`6ZCn$o1ObLa4Vvz}+*4$*ULN>w z^o^W}KBg`W&BM~yi-5?&HM9mJB$?S#_~0b=rQFK&rqZ{l30mn@A61nPJAjqG)L#aQ z?Na9cx0N$jxk@$?ws|@rnd8eme?6nusgP^}+(NEK{_0w;PsaB|n^6M`4`~`;(xR$WZ|b^kd8ukOfBV{r}<5fAf&&l*_W%$T~I5)rs6JZ5Ia0pE^7pCj?L9+BjKkK z3PziLbsG9Zsdy$>=`eWgAER)BSma$y#5@7`>{l*wW$fj@k&RJ4XS{n>jMh5KV4>K3 z29{)WWln$o6~10-rM?L%qP9!R`$aGh=T!ph+qb=U17K88-0bT^Zu&w1Ei!N}`nAye z;I-%S_K{_q^PNwZGg-yw#**r+cTBePT6w-Km)F?PmyAEf*y_4#cQbxo<#n6YMs zTP1)eZ9D+aFW;B?iwq3|QglR&P87uR<89+6Zuvg(MDj$bHt`uc^Nv&9nrhs;U$UX^ z_p0s63yQYNqtk5V0J!my#KB*FcPG!W-QxAe7hBEfV5X{> z=OzA1jhLdv_8{-J4B85{sqUJxp8btqB!mqKw#tzqiU`Mef(U4BiE?T0rCeGp?Ci41 zZZy5TC|lg-1BkynVJWmZ?G1s))_3tzcBmm0;SCZcY-s6@t_6%BBF~DY_T3-+Ug)w7 z>AQ)lN6OxI%!BbDqsO;{|Jb#;bn9OIV%SiYN1@n79j9)QCCif5>Nk9NCTEE6j8CJj z!^Uz&K!JcJ8NeWeGuTltTK3K~`&CT`5;-$fr6BXFpLZvYh)cK+B+JotY`OSTnE3Lo z(Yp%wAxTmsXB_zgr=MXPs6m@I)mn?MFf&E8%~SogdMG__si%mL2VJpaIJ__YY~Z)F z-85R6*VgXHKKr9A(TUn~9Mq$xi2`qB>=YJ>;SpmRHqoIHFiLGsvam3^uJmuVSYbUG zTB(Sqxx0@p=Dzx9aDJsK({T63W?T+`f2n4uUb=KGa^#9=3Ccj^!}|xWKB%oGQ$osW z%*iHG!=Tij2Yg2pZQI$|8y14uRFiX7?3(HrJD)xU^O4$e%FUiS)uZn3&$PBzOHoQx z%6_iSJh{z32ShZbyvDo#Fe3*wLCssf3=Ks|p?#m1Lv?FG4Ybt5DvndIr*S4D9N%MR?tJz^7BGDgjn_tl@wH;&C0euR18M~RQNc`TndYoEOh=X zuznQtFh5_=w7FI~v5ujAlOY*Ow$9-V4eZA)Uq z3HFd!)8^W@Gd8y_tB;$-Ot~HlZLbU~M4RF&(*E#>H!4+=YL=^@;eW!QLzcY3^nEBX z$_QA2&x2GrP{f9XNegQ_^1u8!H6n=XG|qa9l)oj{1F#4%!`k^4uOsNYXNjH;2!MPp zKZ#yHw_P-eRXYK9pdoaLx3YG#$u71#Ss6sRH*#7`H<-`Rdl7)?nB0z_DoLD0tqGE* z&YYHQb1T!}J`1Ck20Qsd)Cb70?eO|<1n)neB>wLNkBRO7BY6K;7<5TR=?sW%9lq9% z&Be_WY5$g=e#0v*&WoG{kHrdNzXU+?&Nhm7rLBt!X>4^ALEq$?+otyF=i!n> zlNQqD=Pk0^?fj~z+aq_AIre0l6n!p}N|v{nrJ_n|qq%S!zk}?eO0v7)En-I7GaglZ z=`i*lJ5yDip7%PWWW;8CIQJMfGYj*x*NzmM7c8E_yuBAUgLjpfn`l0g*vo_}_me^5 zTH~Edc7A=Wt12t&O?Cl8^KE)reEU?xw^y4MBvbeq&lQCw@amDT361 zy;vgYV#%3A9^Pt?Z^C7E_&|5Iai#MS_qkW+Z3H{HY(NRcunG0fy-8}*G}b5nqj+>W zt)Pn>Vbxp8W~KNN9K_4wc64=}U6EUl+EtzCG(kIhP@Z=($4ylr{r;F_b#Xi#dW~y=t6e@WOVPXp%un^IAc) zeA80IW(y{HNqy5EH4JFW~Nm*^q7ju=Gt#7%D8SU+i zw3JSz=KM%k^ny0Le1+YPku;SF?gB z*^ez`j<6gfTquvlfbA-!PC_l)C@7AqF^yg#q~WwE|DM0ap&?ew9W6F1FAp0WK&XmQ z;_ZYDZP)N&LOqH0d)cD!+Dm1S&k{$$YS=42Z0WqZQ-)M3`-8>e7?H?sPj6KP2F5L7 z8JJ4U2aPDLdtOmQ1$M%oQG68Xj{8|q(>=LtuY!+Z@8l>=iLNdkl742^HXwGp!UK=Q zy3avOD&Nx0ew9IDP0N&X!!bSC>IcK)WT_lP6#ta4CNBd`WWx4ak*lih%VQg|tKmiD z%@5{Mf`2pDIUAs;?o%$Mx=+~_JddI|kY*sPY7YpvQ8>hR^^L;l zZbsq>w-9=m$<#L=3R_N23MegWtkEo{3GPSQ%4ZY+d@aJtba|7m#P`F$ZlE&{gL8)^?U#H;rsXegrv9Z*7UlH9LZMV!^n0wh8PrNnpc-Mqr4>)HW@+x`)5 zQx#15&f*{1spQtp@@RB(pNALH=D3uF$}Ba_-YDOP;AgjFR@fbhP@6)O1lG&PPbLTN zwm{6+MoW4^$~4Xc{&TMo_4JR%_L-`lh899&@mNuwm{O!Jlg@E&-7X|#~2;Z!=t2L zGw*8MTZKpzWK$u$0=g1^QBDXsvnAYOE~&uF+o=Rsm>3u=Cf;?TIa9vF$b&T#NHObA z`fXcJQ;8!H_6yu)lf^g^{E7R)a+`XwEelXB=rgZ_Z32XFQoB`5(w2R&RRANoGz`n3 zAXO4ry(sZ#QM)1*o;aTze$GJhFAsTy+Hx88+$Wo;jc9p<1(USA-C&xgEX5-;uvCQ? zhhTj-ri2t!X+Ns6AU=hbqml1;2ji%_#fnir3}uklxMNM~c2A6~%`2d^%28v$h_@U4 zw=N@NipluevbWMg!%;NO9q5n|NLU;2cQg3pfj%`ZS)72cxA79ATgVNG&a@$utrd8b z{&?KJp4o+c1tWPA)-Rc*x#K(cRQ?tE5{CY1c)#GSy?qD(f=B4)-oz%b%X*Y@VJ4c_~fweB?eU|=)UNt(V74EutuRDSn=*! z2x_$Frh2$fbM?4gJT;=Edo5z3W&IEESGP>GywkEj`B50I4FZkT%B!<#gM>&{XK3}P z?qb1dQXAChhC2@!E(oNq?uzCeJzPP+N@iom6j$aQcpm2f_MlB5;n?~eMNp|)&&6=> zbpr?`J|G6GN+R3qE0q}kE0M`FXAz_~QJ<7rGRtp8l*=f{M-q59bFs3KWx>xOE;5{1 z_L_%dn(bAcm(*cG3#;VxjZ&ogUNgql>`_nH>B*xLs&R#MD&?l_R?Jr-HA+D}ltS&? zJI{FwsgeBI7RWI5N~J$~&;Ag&tsD{s3nl-&|DzGNZ>Ff)=vzHsNXkJ5ZrrH5W=}S1 zkAQPXC}7s0Pb_neOWnZz`rMD&)Pw{tt|$pO`@Jf-vQ@WSv$J*BtR&N z8^R{Gc{O}}I*R&9h)Ng0pZQ)xe{*@;GV!Ky=${?eyFqBzSWp|Z8G6e;I~XP=>EPtZ zJ_Z7Yt7H~pMrPl^JaAR4l3uNJVx}u!=DjO23F#{Tw)f8QC8s6TKMGaa+eYr)b^`x^ zhaNeu{x`4SkUKCZbg-9oOuLDp7}3bo0NP*nejzHCKWg|2lKm0j2e`+YG8H!yJ zQ{+s9m)ZJP%{L!4%_7u9Qf!eZw{2wyFlv>=aqtg>RyQI7rnn{#762}_Y*#>uX4U38 zvn&RtUp)YCxo_&V#oC~x;r<-5B0-EOdihwP#lD=Bqte^xDl1_908iG6VLN6yd?m{Q z=^O;YLA*70x_HsEu{KyDWd^0<7UBSHh3v|eE0soV0NE}W5ViUMAEfvjtor}0=oHyF z{~mxIju&&ajtw_ur76nNFJF|N8^+v{x|59lZRCt3?qpD0fN3U zC6UlZ5G{f&N={cjd_bQSqKip5T1bK;P_#CEw{yTUNm;#74t7V(^_{Wy-~hge7u!GS zleGw7PyBbY&gj}924a_bej0j!+vQ^~PkLAg=flDi7Mf0}SmWF`AGM_(>X>5w;+M7t zL#U?x)T|Ap!Xc`dgzCPej?yn7<<%B%ku!Rmshmh}9*Fk-QoGgT!~MeV+EL)05a?P< zV@BQQS-AgAs*97E$ayF36QWFtP6N>h3*&gLHuH?TN`CxWF2yFnQ?b$!4~oL=^P6nYrz0UlTp_tI9Hv=0~ZD1Xd@qqu4<+J*U>t0V*Z(~13Xk6FscHhtWYXRz&C2LE%1++)hnbFCe4wMN?On(OhYq7ii_I{E{2{DCP`4IqKf~{MKd`QXlE}$13QWNZ% z8dvupA{EUb^m{b1taZL95H5wu8W#TM2(RMtJm}{3k z7u@ZSsw{TZxVD2kOqmLJnlhQ`ESICH<(pWXU{NUEi_Lv{^Ye&$qWuJJ!<{&o6g^eI zNx^0BKekcrmhC;8CYDzf&G(jte)x>6DUG3!1YyL371GcVr^6+__?Vx4^2kdm#+~{8i?|de2Q!<{(}OwE_X5~gE$_LKd~4qxBK@eqydfFesI}++zdw5+Pg{bZBi0vAU1cxIhRZO{=M+ zbhD*ek&kd~q330n!$#<$3H=jrV&hhJBdq@?YU4Xt&aRoF*Y-x2 zK6xp0k6T~po2H%g;>8iDO?orXOtY6;61oTP-@;~lrExdhJJXcA_tl#-b3QKR78M!o zsKh1C<8+=0L<(1LvYK`XeVkyLCGwG77uyQ0LSl%l^gY|89Hz$e4b>u@B}l;xs%I9o8!@_%hC(9q25~6k71#vu0=6-lCFhP zDLl%0$%~wTG<2AJ>tiNIu(v+5Tz$uz@cW|UKw!0LuN`%27I`ZD9CEWpapeE-_SQj> zJx{)9)`J0&@c?{Fu1$BI|GBe`@jH$ySux)ySuyf?eFg0-QV7~@5TM=RYXU3 zpL41zD>ExABTr?0Kn3=1W%U+rdD?1PCpw6Wn%S-kl#Ut}jJpnG7fFUm@;SaP1@%Ur ztH9+*{R`x3zRLOEThW zg`|RMIL;B|eY0Vx4E_&dr44tlCWr9V_|l40A3!G4vZTZgXg@dQuQNj1HKjn6w1$Y+ z+v9?hrrYrmO{{FFWVQ3hzIjNN&XT!2xhqHC)Ty&6{-MxrDA!u+H1^tpR|KgW&aQ5z z_!Ldx*Fc8i*fHqLV8JQ8sj0+isbqq5Sc0haw5|wCs}c3nrSF4gXcArNRK*gzz*6k0 z-j393yaOUs-m8hREd~-UF`+QzC$9w74W;S{PDn7g?y*8nAbjf)VP6N?N?$+Q$>v-< z00s=Q*8JX;LqnY&KbwCMYVe09Z9Ws~sPSBUfrG^>yfu?Y^cnT2kxHI5LSS;E!YR&n z&XW{o13R1SB>8asn|6=hc-6RPaQTP+EF@c2UfpcwU)OLG;$m9+98Lmw=}pa&2W!M~ z7@bUU{_4-A@kP(;DSuso9h=K90=hof1VR{4>+CSUPM42Y5(d(g-cE>QK$#3A8Rx&MW#DyZu z1VQs798};FDyb2JKfj?`!I!9B^I@Gc^yZd%Ajx7#)4F}p?iSc;Tv!&0xxnGQw=p$9 zx)L*fyPKAy1?Kk-X}$FN{dsB7DtW}%_`chAazE+t=M=LHV^NwHeEfEaWzUCR%fAQ8d+Yl;K16n5 z6oXmT>TxuqnB*pVC&U&e@ke#`PR}NiR#+?&@h?MT)6G&ZUi{)xvHLrr{EjYpl4D_biE{0JMOYm3QY&&cS#WweiCFQe3gFUzfo<2}!|h(IZZP%Z zSy-QMcwg#%PVe_~+=Hsj2t+7A z1Ydbqd3``H9LXpsD8md3mUEu~T?P@OfG!P0TcRmrZ_(5x#6F`4H6nlyPYw77=_pT@m}{^*g<%d^~+Z)Kgp1x`E^?BeWA^_b@veUFnbuNWjTV{pHwVi_tsC@Wtcy6>(+q7-m#9G&$ zeOG1ICN12sUa+HD@E-FaEMMe8f^^>LnUB1uYB`RUvgzlHO;{t_I}FddOV#e|2ot5^ z(sAb2)$}J%YPy4zg=I^9( z4onwW?%&PB^y5khWI1Vjab1qN0+LG9Ly@LOhI0<3>Dnm{P5aPazIUA&hbw0&s%MqN zKoqIvdSIQ~7h@ZgTuGsEM8F!{NczkM&dTtR;F}w0p2(hk(_K%u%yCWUpqZqPA=itu zi42xC=HcYSal^>!jDFuGmQnd&Whrc6b9Nzc&1%+P%;*n{ujnZuL=chr@e?bf{hF(H zWWf95W;O47@J8moBaUQw{+zUmF$!E3g)ffiW?X#6Q6QEh^$=b85tYXBas*6sXh$t) zY>`MMj6-Ff0i@2r8)a*i=8c}SvQk6w7sH{~iz=`)FQ=HjG4V^4&3d?;$ zD{0C2wB)Gjn!b};jEN3iT44(h^%kilD3{U2v+;~^j(Dp$7FN+l6<&l<9&w}&nR=`5%xeCDY-Lp&w+a{*y(y5`prESMq`bkaSFp4*dSL4J zt=({R$4xWL6p-Fy{)71--{4O)bL5*-kDnAEo~)Jz!zkobjhWUmC$nx}KpG*b5jM%r zySpT0kGY|BtKc6$HEEE-MvbRifJTcvyAV(pi4o$th$q7alR_J$ymgM!MXnmA5>DC+7gd#arQv2O2D_H~#a?Q1C$(oOe-S z0_9&O)fbV@ajHgWm@ql02KL(X7FSKz&~xIn+fW3#n;&_YUy8C8A>LePt5v{>)lqSR z8`R4e%O|8IG^)Hq^;-MT8AohLC@tT@O9oeVWu`>JAqIG-2g7fRr4hUZ8rHAVvPTGI~qT=hy(f1OO+@)yARdt6{sjz~_sc0MLx z6Lunvgrzi@k|^au2#dBB0Ic@X{~914csHP~n6~(`V7)ViLKB&td!c}^EH-E@i!!`GUaL~8Pl%iCk;_7Gl#NMVl;SN zL<}Vqg{W^lrZe^&!(El*2;bgW&$$0g)+`$u1gY(vc-PS0G1`a`N?D(e3-ersqtbfT zPjAfMeVLJ}y|C@YF*owB9cWPsFw4dWfdBn{9-W`#ukT&a7C_z>-;*2Sr!z!gq%J~w z?oNohRDtcA_I$d2BWtSh)$tKgUgU5F0wXI?xF=J<>(xY}E5(qqUf7TP;KOXd%4az^ z4Eiqbt$ArQ8^~XBnQTwvYuc@+QdSV@=#)e5ndY(+flHsfu)Lh6c)k>`*7y^TNL@c& zfT00WpFh1rG5Zvdsj%Aoy;Vr{<8WtmG15aSoK5BLdWN8te%jMecEfY8vD?dK3ZEKd znCqXY-b&~#<6jA_Vs$TSh1&W%UJy9=trffeuto8Vq!*UK1wRONo-51BCci00?ShHD z@~T;V>yr@MbyhUP=}T07<4utoqgQ6?q80THqcx_vO`F{2ch;NlW?%K~R!8QNFSDaQ z5HiKzolL`}&9sjFp}EGyhpRJNSI6E%Pi1kwKu4NQ5_i<{(lltzKN0y#G#OjdYH7^f$M*esxzAlqoRD{?nJ92}^RRkOH=!N{T3 zIJtIpH(;ED!;fc5nAMQ{+V%>x^m}1daY$%soD;iIFE-x@$#_>VIii*$l%#azb#;so z{Zn0(fgg1m$FKH1oMQ29O$oCZjoA<5dj(nW9%5lo4oo+c0L=1%X$(?H3Qd}O<5s{Q zr_Z`-_%^rguLQ>yG-|-Xm;H^|C<5kn!h{)_BP*;>SLIwT6&Q^(p>LB`U)h_H@mdUi zF$*XR+$1)`Ix4e>`|(1HDq6_em7MW^M_T!zZ1cg1;))QIu0$j$dwVaTrFw{K@*c`m zpC_%5W;;-xVpUZJ6$63!yH4EtZXmp>S4~IZcMW+><}|XnMDJkEiF16a*-XR}s~ELO zlv)sH$;H6jIz>X}q-8Y^WH~1kA-j&s8BQo9I2`Oz!srvmV#<0%pqKsKfgr7evYFhC(TGVs) z&gq9hFQy9~V%)*B;Q=h6tqyylLkU*gI@;QMTus)r@W~83c^%eEnzd;fRrjye1kPos z1Hb!E%GJkt?1d%9jC%H=!vtk7yBzk&w&TAgn@;VNvT9pJ1yevb!|6Js?wZ*8zfJEI zcAuG5DJf`;_M-n7Fs-i|`L$Jtq$EJ7`kRYP;WSY`;SCa+*ndoN5Ws*>@`m96D09u9)ZnDmj!6&2eZn;vi}qQJaRq1Era3%|UN z*2@ZHYjYdZ2-<$eD)z^j4W)MX-t)|2k3f{LAftNx%&m&TMrAuv%5+hw?#siDyiSMx zvg~1+OaUiis>?E1rb<66rt6N3XF^T6<8UF;*oBxcDke{GJd}_M9a)-4<*V(~g@+ND z);Zac%Zn{@%aq}h71wuvJrSlx`6!g@ctITueX&ZQ$Rkb4Wk5W>i*-yS!;)LaU6&J^ zWBrosHC2(Oi%Y|2$p1SoOFEaMd@KWE+3qvHbL^;B8p-@)5TLrz&6Y!Hw(K1VnD=|dzg0ZX zlo5Mul3z+ABk;KC6k~FVFzXW&qsHUyaX^aGx(-uv3zx$d65p+91#v3_PfBQrVJBrjwXLTEoYz&7%C3@uio zX%Lkv6<6=r(&M_AO0Gw2a7&e?Df1!)_3&!a|Fg>y?Ms%C!FD;rdWj3vTSvrL6z{%R zoXtA^V5_V6*0|3%+G+T2f3ex+P@Lz>5rZ(Gh+d4c-eJ}~jfZ|AlubvP6@OK*%=(%{ zEt_tugvr1;A+c|Gp-JEm(}E>bu`dtC4jUe6<56GawZBo}&mg#!9P)pqPN*2f+x**X zOx92Y)JI}x>1vCX)qU$3p3u>Jt9z`Vf1wx5QH?pHHGClni4UYv$IpKEclgfJUlyb& zDAtXKcoK`IC+fn<8(e#Symw+!@3t~}@KDofXFHnekog3Q$gvmLlA2I<@QaJpme*Us zQ^5kRc?G0)gzIqDht5krUypj4carwxqB?!tf%QZP=*_A6{B_#qw(M`qQHCyGzZKKd z*7&E7H!26tr0owxs&og}&KYF>4)`3ZaLv`>fTx#~)9!V>bTrB&ar8<+l&k$0yx#)mL24ZFe`b=-TszXW1)gUA183i1zwu@LEde6rL%N zi|f-!i&`H`2H%;w0J*UZ%l}hEfb+j10>akLCXTiS&L&LXOGZhlm0iyWAeSd%WP(YCBu=B+g7f5_RSOcIs(uH+y8A;E0GKt7i#vob zx`oJ@xUfB2hCaPTY#>5Nymgoy9m^L6g5+n)esll;LwbD&)^fbkeb1zFBN+MN=WL_} z1LWbjVqs}aQVM;JhS6Gkf3tnCmKDd&j0v^+b~2Thhpky2L*2cCW62Er#QR`ywdD#z z?IP6KBvZ#QueBVkSwqs00pa8g2;61vs2QQDeJIGzsMn4F`}`&*?gIoY`x@vSk>>n- z)7xf;YseNx=@?r}oADekN7e*x$e(|J2}whHwa1J!!^JYXoPY?k4|-e&o8w$kt#nN- zO}up6G+)IcP|Fh+#l<;k`{$=Mw$O#gkn_qnr4xYuSh!{FDT>yZFMziJlGqJ|l5s!+ zAQ$zq>b&mvFyHYA!-iL~iHu@nV~c7cNRDgD={)u0eM9oO79hKJ?Mw-|7zr~0ChQju*c=#2+7nzSVwQ(!9dRSNZXY}Mbd4P(; zK+I?InweH{)c4r{juCi?^&H5(LqY%CFA!)R3TyY9uLprBFgqF81-#YVkJ&KquNC%T zPjM4bV0aod92v7u&$tm*J64~j`~l<;m_tyQIS|f2NtmHjyRf(+xvC(ae(HZgUVy|3 zg&X!qVHIXvLi{X*x&-qOAf*6xB1~ouK_vvojl}3by2ab{>B1jQA38GdP#?Ap;`R%) z0SW8(pL--K5(upRW5lq=D9yrx3d9)5q9P7oP|&_LPhl0o(+1K0(JVrJ!QzF{@vry> zH6>tuO0EgAA~2@={0ioY*Bg%T zXLfHbyih1SlA;JAD(p_c6A7vWeUCUNagYR$Qb-*!I56*sfGb=O=SGbf9*~=dsMtU) z{{uceNJ_*;2s4jXQC#u7h;WW!j@lCT{*$a2-5;bWPIIO^T4w@YbRB<2aju-zsgx27rcewOW2=rLXymIFWmrV}BXKW^`sVYRwP8N>qeX^4p-%o608?-|P( z&l#~R!7G+{U-8bE{Y4Wz0ZK{;-5|&I#15OA7B`2N%{UO1&P|$J)4I>MM?{l@afb&rr|bo~18jNCB`SWU6^Gd0Iwd$||#JY-+U{w;foz5q~f%>*Y(;tmL%B z`DDB@Ttgo6qcfvZA+2y1T#IZqlpi}e`;k@!Ce2Ehik+eN73Lxa?lMZHHs)ddc}u5EX9cjYOuC?zTH zDN$rhWYkg*(p=L%EDP)gSW8)3ZR9xJxHio+Y`0!J@273jSg8Z?}>yzA;} z_Ou$*`MSc!L)%FMCKIM)wY+#| zkpkuw`xHAfR~1(%8V2SZ#vSDnPZRl*aHwr4b3We>R(94p7H7sWjxu&@WrVwhGR0&cwAj-% zGokaNTcRDHy`#mDGm-~U)Kl)p=OxHr8@q?K{l-X2EKB_PBXBNYE{;8;uHAyo+s;>n zH?f1VU0De8UFQCiOORGj9_|CK3a%ZS2%EgAq}g@NOU-?)o3Z>})1h}ea(#4t1)my& zo72USXW@N4ehv}~ehZhS_1Gpi7{Fq7di>XTSccya+c4d@S38BZv|5MbN5NZlIiXet z0{Q1BnBGKv15g0xoXLVqJW#fkN#E8Zg(=?etK^DV@OlT#e(Nt!=lAv643y`1ovB=U|q+f z)xcsD(q|-5B%+wB=tu%2{*_tt`K6`&xgRr#TnHJ3(V~Q{&rzpbSq#Ap_2qR7xw~6U zS5LKed7WQ*w|#P7$#;!M-845<8WmSQul{*Bdq|6ZijJGOn)s{{<*clRDQ zYgt%2G4z{;N18js&vjdSqIvnY_^^TYQ?|FJ- zQ@Of$S=PqJjKS*c#_j07$M|}&*PidibZNGh?N@b7@?x+}RxG|BlSH`qUi1h?kKG?i zQ(TsR6X z=XIx5kHGIZLxY3uBOc_qy||-xQyJZ+`_SUG;P-HyvB!1m6lAx*N$4}^zW6G5_TJ}x z0CyG=9^*;WD(K|*HbVQ<1D zX=7k!!t~>xpX&04mL^8dOllU!&gR6d+}!{5o(r@Dx&R;x8`~M00F3iG3XiuIqC-#iWj>%2!uijag-CHrL z#QdPTq`tYmyTA4Q^ZWOzrmn%s1q}lW2M=80YG!UBDTR%Li-(V>07ytMwb1`Y6C5lI z$G?$4!h!}3roe#|9ftL19L7HsbSq6?v5^~YI|jsyC}SEqv0qcb{zCv9B}dN;n20=V zV^I}OXOo@(B;o&^0;>Na0ki@@g!;EWQ2{`}y-L=cZ`GY#ij(;XZoQG_!=)9yGukq# z?^T^z90(9~`KGYrw=E0;WYbH^=YRl{dL@3(Rxux*dbf)w*&mv_Ai(c7)-rbBlfFJ;Ayq*L2xy~OTz|A7j+r3-CeMiE)Y+#|uVxmQi z@+@1UbKjeRJIYx{F$iFP13WJT0ru3uy@jXO*wdY2?<<-x7}2`l;~Yqs*QKsON)=@`q% zY8lPc-91o~oC*a2(glnTK>($BC4#ZPq|_>Cg3%j(frkCzXl!X|$=uSmM2dNu0>HQP zmsSwKN$bN3Ogin*sSowm?_5^6WvGS>gK0KYRQ^h;xSf`8aC@m(Ai#FaJI)-**o3w! zY#i$=wi6JpJ7Q(~x5$M_Fq^RrQ{McpkMWU*8fQ4`(y2A`KXzVVJwROR10s;v5f|MwXRFiHV-geZGCrQw9N=Jcu4gSqHmG-n?K z80c3!xcf*jrBKyf6u5lH*M34alE})bWN9TL``X<&_oDqhcxk3bJdzta@wM^o{spWM z$xR@@VWHh3u%yD?%CmsSDHLG0m$a>-f3PvB6lrB+hQF+pN$ydHX@p z0SJh0Hc&n=fzQ{Y1t0)s=Tj{3`q2+M_Us>y`VXGV_yChr{)MVaI0nY5`kWN(FMzpt zd1Jq2ALWm2W4~1}KZo*D*8C1D=YenagJ9X1Z`})K%~^478PCUekCxawdm9DaUj8>> zD0%`_$B%TR+RoH?TP@s)nBh+OOlEl6JA=$P8h6`?!10TJuOLct5Bjm{)bG4-s_Slqr@c!kD=80F>Hk!X zf1SsC4|?D!`X3^u@f|(MencVrSn>N1CGU6*TxW`w3br?`9h2E={iHk{90wX6}>8#VBDKVlL4|1@xNm2*TDL~5Sm^CMR+!TNb54NJQkM(cT5WU6&R(;&cZ#62Gf zK(7V1YRe!%tS(E;jAw<)w=-?J%c6Lgq`Aiiao)Nw5g-89%j1VCSkG6n{PvWj&wx+6 zKC(oQxtp)HlWzeVjifQvKT9tatAi+-PZ_*k3M>*ukz1aOfh%hI%+NL6?XHB z99{L}y~K4#!kG3ym!2sh55IWE5->e4-z$G?5xtsrUTO)T1OK{cYei#mSHzwtFC1|E z8K6395Z2X&`1$8G#qEPh_!Sl`p#q|Nk{{ja%Bf+H^+%W9(y_fE$;lG9*WU-43MAH# zI!&E7U&G|z8#XUgUb5D?{@yLF`tr%qX>_IE;h5F~o4K`! zE=qliBX(N%70~gr#q5Ll90cfT2EMSU?caPzZ&f&kG>bC++`cJGa5AHwcIm|9NDvh*$u9Z+=o zj1GbTWR=b5&c)7~My8LYTJRcF-c(ujpCW|&_ez%w1Y_P8^>b_vg;PTvqqK3*^@AdW z79hX@2%rlBjI4FO8cx226G`V`O_WE(%xRksxSW|vhq5kQgh2ASlNWBjeE%5f`RzLi zW^(HM0dP0)L#GEks?Had(FMGP`ak7gridZ7uoJ-4qCC4HfB>ICfTKb35U`EL)O(6I z`@m_vsptl;jyt6w0Gc%j(2MP>vP51u+&KvM)))u^1j&DRJ05rT+kKFuy!mW)JN?s# zRyVj0uuT-?ao*f%1XqOn5WL)q&!#!nyICOmzyr4>$l-(5;rcKCVeX`)l&&tXBedvV zcITh~=57T$a1o^jR0r+-?jcV@AV7b#TTkWNU0>qEqrfBxfYF+1{QfiVf|wERgh{#k zSWm;@*6IAtA$3&q6rK_xRcJcrx0*W$00NNvy#RpJx{5JT2}$OKc!ir*`QfJ)UXhkQ z^HXy(t_KDkvdgI3`SP;Y&ciH9HYA+L#{m0FQuPeO<`c|vw(2zdkgmitt|IYX` zV85I6iF>wsc_S0@o96`G3XzSi5g6bi1rVRDs{Q!X1p@TBDT4qJb|2n`M`{8e%)slf zb6{?+f;|?T_-sxvn?Zo5s=N=%%a^2c>3+X{zYlt95Fo7eq=9fb?mmB&x2`#;9?2L-E%`Mk!Qwv?3HKj{3f$>iT$Ht($} zvG*Tsry9}aH-ws zV`~#^+*)5##P#GSiInL3xgUITHk*{|E~B<4Hk1ZaSav$%$SvmG*oJPHADZaqlTlMn zKiy@$fY-@ED1?u#e;>|br$D>-Nr9>r9ecx>){sHKcaHP(D{Vrq`HR{(FB+WW#kOvr zNCqqMFbYpXRk%O*t{>TvGdF9}H060Ie6tKhtjfr;a<1^_F^?0eXCsPBYiV`>Q)nsPOHmf4^qs-68 zZ>$V}2SNMU|2m=Pz?&-#X9nS&tjviYh+z)>c7Zwf6@?2djK@p=Xo*dXkD-w3BMy)} z@!T)G@=X$~?T9+hYWmH7*G{vyEpGD#MrKoQR{aZ2i~1qLyqI(UAM@PUFA6zup(R_b zx3$nfD@n(F|KD1_(Ju!N-fgz_#ce(?B1`1D^1j^duYQO~F3LECpvcUaOC}o#;93G+ zLVx<8wXqexE4)nW{TQf!XCkSuC2ef(&xI1{rpku7u%MCd0}hCP&^vWt`W+T9+3AYj z-=0h^Ac6qpJZb7af@hIlFkTEsCIxinES2F>o?IZnGZ_dl1@ZiCt0UjVnla`+I`Zu? z{rc1-$|+DfvN~!SL?XDx&uRr^&I~oLN^odk^Fn_$v&LgB716x(Ih0eEr4+R z=LFI$K6>J__t3VhCoeW;D-XTG3{#HnWMJ`#;CH5P z2*|?+)_6CbCnm1tkwyl4CaRBWurx;_qhG^EAmq%)$(huzxoP4c_3=ztqiR%W-{`P) zW)CB{P|#4^lt|LN6#xJBCHl(AHy0J_X1l{TR+%&-DL<#~XK?4Ic-M{#9J5&!_y~?K zV@gtzln4D!FVX%5s#C?Fo1MGXKXD6A7FJ>|9#$PDSrcOm zga5}>1p~)_;vL|J{;8;B;$-LIXk_9<%=7R6?VQ1H;D~vc|2>YO0FGz~3L=@^%P!?l9j-^jdXY9f*JM`JJm~3!5p*0y(+X9B;BR9ZBXP?PyxF)9gP) z8TJbr2XIH&IRt9+%W8#Ck{iIr3KbzLE$t|IISF}`FJ4{PZ1?!M2su2gmR`R-Xtm-Z zq(8U_|LAm0cs68qKDK8jXg!4DU-xz6XzCzrIh=R9;`-Wr=;!mObyMNSfh&_x0#$B-MqjdU+&Lik) zVlvHHNcMc~N>f*2upQ*_fs#2Idl)|fyL;M?QE>hC(7J8REG>>e@Wg@4>rnCd_Ubm< zug{(y^_+FA&yq1q*V%3K_E^oOBXbz&5#QZ!oou~5Nw7e9{kFQD{ppQxr~eD%nOw0O z=hHYwa^XE|{f_7EFb)?#Fi+gz`Z&cna zszw0Qe7O|g_2EU!uo-aA6?XeG7+H?_3>5UCy>?hQEote|* z&5(ale(lv$N6RF&!5H@(NO^S<#9-ZK82iS=lsT4igP-(~D z+Vtw!|2-mmTdB(%a$0tCq2odOG|X$|d5n`jKKhO7Cl%c5*DG|~Cw<-m#Tfm&8d}aX z9uzM~^lr)n;u^K7_wA<3zs2v)M31-+yxqI(0VJ=24*;}h=MnslJ6rZ0w~E&bS(FAV zF>#;YbF#xIpDoKSeJ_wguI>uBdeF}*LM+mC|GrJYt12bGE2H#Z9E%mO;6@tznJu<; zVh26rs_Mtn3&SRe^WG-xndx>?xj}IaOdY;!xxLzhRAG{UsGoeA{2X(Ng&6XOp(5>5 z`Flo*_DA(Rt}ib(AJ7@6lUsv@eOM@SWskgsS9q+TQx(snaQBkHn%;1ls@7Li-T%nKhV-obI)9sE=@BGQ9 zF&-s?a&(uaS>}a73auQ*dv`x$S9hQ_cl!1|9nY1Ccf_=?vhoR;P`qX9cBuSPD(xCC zc&zb6W@A*+HlloO@;)Q5V@tOQZc=BqL)%RyCaZ>hUqIu~MTCyKhfwM1V}I^S@VTCE z+dgNJnJ_g}_xVJKs@0XEv*9NgmNTPjTzT!_u^l%{({@A+R~Bvl_BhDy;uiCq0O9)x zpyhBsoTdfP3YBNh?YyB>I~PJpdNubzIWxzVgIGHlByH;e$u9US~+`p9z$_| zvNJ_R@^hstsVNy+t*SV+?Tlcf;`?-?=@U3f2E}&pwsV$J#s+<$?bBugcR)1ku=lXU zl6YMVu>}1n4NVEjXEe|qazV#mVcCSUD}j=MplHxmZGc{B)?q~E9l_ae?_9L7RfX&P zt3ikYGA3h(PCXA9Wayu!tiPh*_Qy>L57`@dkUZp`QwS|m%ckijPwR4A@OEkP_jUSq z>f@b$>LZrZA(*89Vyl_VPx8A{(v2;1Am{Q{bx5o$R6ZV@XZ`X*QU3V6duAvKe9fp90YYu{0Aka1bl$H1E=J!ujaXJ$(&gx@$yyV{sc*Q73-Csvs zI=YMP8$TUal9W?M`YRv|!)H>Xzuu#~L5x+B49{>qtqL?GaQH^aYfo4WIf<)88&lfQ}yDkEaW&6;VJY?-828~&XCzQERVtivUF!t*vFQun3$+R>{S+-?;ds#tcs>x zbPVRY5g;Md?wL616mQ0%f)aAErBQ}kr+^DdJQI>hBs^Pry%?*#*L3zz(c+NNc~Iqg z_L_#@KYoRXA+6ztfQnqEYSu`@iiKJqio0JSwrRpmlVOL--clI`s&MV~H%yAJl|P5o zeQuChfuW;RD@#IHv{X8DqFzO^-pf-l&Bo@vAGs|>7VhaK8kMvB=@Sm>bBRAz`c%bQ z+4lPGR~IsJUg6+ey{UqVxON9z0Ik>yL2tW#Ew8I&f_S(<2kmx%A1AVSzZ|1LUQ&VtwWP zp+yx0bUSdbyB&Q?%0Hoh{}3Jxp4szN*v#N$-ydaYB%@C9CHRP1gLtoCl)rJ`FL%ME zjrsP|d|YfYZQCI!wIV5H`snDZAqB^loVTd@FQ`0nou9M9EZx<#`>WmzQ5DTjY!c&i zg!5@FvA4*(TE)oze`f#0-FEU`pWpnrZS~?^Euq#go!cXb$#oqe^HbXQ&ye{$G>%T~ zpCZthwa7P(V%p?Q8E$HZ7oy#l=Ymrg6VX~`+=g31u_=6ney9E1`&H15Rc%fzN^TBL z;%MP5^FCF^yC0!81$7UODU0k3^FFv;&3_s1_(6Q;_skVhF48;8#_!`(-B0ch-k#lc z!}GpO!BF3OhnG$La#*xp-g2zN|PYEHv) z>7OE$QYigS*EF2RS7lWB6^B{!)L8CNpCdCzNXC{%3)HE{cu}m@HsFSy@1_W1a1TU| z)m$^M4Bh3LJ7_PhHb|iJX?6miZjusd#6>zMLI^<^q+bNw+i89JMu3XUQ4LfgRmGh? zfjJDx+8Yv;L(cUGsaY;`#es$5pR=Nz7{z+A-vN45s+HB#S%I1oDoymyEUvfQBYzzQ z+mA_EklvVD+GJ~$OWej?M3Jg_+J;C1c@rI_%iyD6lJ>OU__AhAW|Q#%+C!A=7j!=3 z!VAj#BY8r<+x8*?qJd)p1N=%UNkPdreKJ87XY#vhNPY>m8AhKOxnv(Z;lEBD z4u_Z1b83A%Bb~+HKzZ63TN3MdkLC2FZPBNsbQRVQBK>n#66i$l_8il;7H&rW%@~${ zCkYxVy4n4fBjiV5A(8&ll>QR^&4Gw}7=RvUl830koyqxG3V~9lI3iO=nmM-Yu3%Ua zWvC!Ol#uag0TR82r6$y`3A_GN{(t~T36Up?#n>`1`(_JUl8-fb^ONOYp0^|uq=Jw@ z=wG#qhE^C8GN=>OVio-}>FD0nTBhdcvG=qQ`VF|YVHXVFBbCB54XA#4 zM&+sxL{cGziQyzvXTla9pt)ECHp()R;4(qbb~i^xt@`{(%I(X`RfA|xg^wns3~*Mm z_*IHCLI#iG@u6W2It^3}gA3kf}mP71jsH=HBW^%CPnzk^&fr?;?=aVX7K zu7-wx!Du-3P_jU;-iySXrGEYm=hyrd2PDmCjm^LMwdlbjfq@$p*RnNI*h zHSznjgk!u|BwXMH9G!j-+)BZBAiG|OYu_hj9Plbm@iS8`5P#~r{Ox@tEnikV= z{gario5^xDXGh3D4UW~H^_Pf4V^|8RgO{~kQ@1Q36S@_yutflafr_yy+yL~lZ>3iM zYrLWp8n4pYK<$itxJw%)s{rz}zY7|(q~5Kny*`$yxz2UNGb9#j+%^6!C_O!j+ztevN}0 zh4i#(>y%*V@Ub!fzL#2cqX)^XycF082UI~6;iNq3;{`KDgzC_539vz$h+$F~vU~!> zF^|TJa_NxpLuCqC$b?=Vi9hw-b1;E24A2-<=@B&+g=pT;V@p?c%E>zALr6K0+8(pA zX-8-qTq9l1fq(7KL^Dj;nZCWejjJuhW-Ic&_%P7ME#tn?<*7ak%$I7NDrKUWxMzM> zLH~u8$)7Qp{(%^&FQl_j*Z$faMo5wEC4(AvZo2?ooe)*D>Pr&d+KJ<#%!Bm2WR$ry zAKWijDKKdwn7aDi-HqE&PqNL|G0xq2V8~xCNOK$N(SV^YQtU=b|GQC&;?E1+Wn5=( z5kZ7Wkfc`mS_MW0%&U5O#)vwTxsF>JS+v4Tozres);xCY5;A$!Y`y`qBc8Y+wdM53Ry!Qs`*l3anYyV`W-4ZG2Z(>)yBay4 zI6WqksKD`H4`y1{6iAWyoe z4Os@V(iW=A%vn76IF3*0e&gR#Kcmu6_NJLPvV7-@W4p=tRck_(p^AcQGosty`e5@z zVc;oxP1F%fJnSj^^WF-6`Op}jfz)^^+cz#Gi!$8xl^x0a2{-}-wkjdpOjeDePsqU~ z`~8?>0X1vF`>V@PB?wh_rCjdJKk~{Ak$1oQ6m?7G{7V)7$q=hl2B?i$O94{eKS{c%P2co&GQ7GM! zA}MuKC)%#2xv#llb9i!d_;(IeiRu=2$BcM^hT90ev6MDnz~_w`5zsSY_6QNw(nhpo zMNZcXp+u=ZWV|!&Izu7XWhP{O&N`T_QKy&H!hblfnGUZd-e(VcGNK2* z-^PBg(C~&Rxx1zKVjdjKm3s%lkuyszt0wA@i!CZ^p#QL)_9Od{7Bo>^{lW10uh+Gf zurMWC}h(7klOu0#>?|7+3tNtV2)eY>5%%lt)l~SqgRBV_& z4PT$$86OsT4~ETbsP$iZN_<7M2hs-R&vmd(fy$NQTpw& zR7KY-@KdG-R{w%?U&^h&XfM2x9Z~sxX29b;n!fgT1M*HXf2<(7Z!VEJ3BRG92O3!P zw;XCVXHlo7`V__@Ei^<=nVeT3dn=+Mc;>0iM46}fahv!88?BI;kJ(?uASyJsU!4f0 z8rFN#Odi6ZiH0-bKQNdI&?H$Puem3nwOkK6~rmM#d`iO}K`_orhw0qiL3(XPCVQ9d-%Et|*mC_ot znBK)5dr4MTjI3jkg0M^eD@LJ$YcHe7o=2cjLGLL>@yWw-VDj z-y{e(Vrp+w*7994Wn$(~fue3@39_B^MP^Mu`>ye?BkvGbk-rX#NYyR~ud^`>gvd;U zjaO+&(vnA;m_w5{ZcP>=8^mzFi(_Yv&|v?N8D9I!ZJZ7<%+0ss=ZrUY+8H0#f>G#) z`m?X;sbufhc3f^Hbu5PcqM;kr&Yx8lXa=0PZ6#2@*n4y4rqS3n^N?3-uArGnlAvn% zjed`Esgg=X4$w-I6_|0fq=Y7hDjk=UAWSsDE2)K(=*kHQ?bNXDv_*};OxMgCVub`Y(J+PbQk1h{tWRGNZw1*pO2dN}?d(T~IF5I;m@+TQ9KE7ij507l`x=38 zriYHgE%h-E)HIB6OHm;dLBD`<;pZ=V-)YZCJm!ZZJYR+IPNd*;U^@0olk_c%h_Cm9 zOZM`&VVT8pEI47bXi-z?Hwz&bO7=1E!;e7`8Ej)GQ=@LFu`<96c1S=Wl?i$%Gqe|| z%Q|Tbg|ta4nSw^nAF5wxc~ND^7~HI5Pm>iA#(+pASs+ESg%NG!M}ci+)&IW$xK%Ke zX`f5?ni+!q9_)x1OD0`))JldBLnPqu=RVc|t zUa<;HCE!jMQSs&^=r0O%NW~Am)6rY!1TF?m3jwvE@+A#nbuXfV=6@Z_vx<%Y#!6fBm|@;1)1`@9`yUu!h}TM1dC6_hW(Ye-0gHf?p3 zMgV=P09}(0!+^bneYr@wRfc*rIZBG4>!L#ICPTAAS+{CcgptloV>1tI9*L2PI z>99pbrtXQURUwBeAM!7u_Rf^r`=Sk_CZlwxWZ8z7$TLr+%K0oYYV2CLyJHP9C={6m z9%@|a%wt>V@jS|Wkf2{l+iO*IQCTcMfu5{BZI;CSP;>*ZgJj%kv0pEEt|*Z=6As)T zp>pZ(R~l-Cky)?28OW7;hnPxT!VDf7=HVU1Eo@pffLA)dIH)={f_EyU zVz#<7Dq`q}`BaIfa7fs~nJ2c;C>*)i%uAheG;>O^Ei&RO{-*4qBx;j{B>8&3Z*zFD z1@c|^N6n5^02%-me%~Yy2 zPn?MtK9g={!59dI2vvB?C55FwG6{92re#L(#3F#S5IxS5YJ@A3FZR5etkD9W9{F5DCF5L->6vt=JeAvR9*ab#MUWi{vNfu&- z1)41eJB3i!s#{YERz%~d4ot5!CpC_a^ObOu$SRBztpP>Cx|b`dUg7Ap(*>G@1%ku- zqF-f}G}?4XjsOKaMK?Sv9^&s&mW18zBfIimxgIr)O+)X8BQ3z*2VdFhJY=EIT(3U> zFZq}`-;XQe*0%pH@{(Z8t#S>S?@{UhErx#Bk6JxE4d)z`Um+=Q*UEZhgoP96dNRNn z5l0Enhx%n)b{(aSReVpyzD?=ZEOWPpAozM(#m7?(HNAPGN$dT_neRu9My{L2tg=EJ zwy1K>pOxrof@d!0eUDLK7~S2bQ!RKgdekn}!2O6@!#A?ve1a6ooL*puCBd8?(|D=V>iAvzQEDcNT6;)&D)79We%^o!y7HUJec}YhqlhQGR=(Hv&0~l z?a#FNz7}&t<>aqK%!mp28@n(<_k&S;X5sxw6FlX@*30Opu>FES@Z`{U60#qn!$dNX zT3s>L`Hf@GNma${OqULoxWfb?MQfv&Tqtd12MrXbx)u{%i(z7v!c!qcLS{}$Nq{Q6 zi7C8^x)uwv+4417`H3wlX*p@OlKII1w7a$OY`iR=FO14qp0+ZJ3m6{5>lnupXpmKn zjEj3Pyi$2rXvxi0%io{{IeJ-&y&l_fU{b9C)l^JB zWN~8`UZC|!*zd0Ej`za2m%2g zBRk2A!`u#8ocv#PkW=H^aE2rJ$iuhF33-7i8&T^zu(OgY0Ozep~f(con5hfW?W? zRTQOdnIC6V11Z$1FOU1E$KjwVq3#5ajA8ZH+5AJfmb^MCXTr#OM^RB~@$0z-$>2(L zEz@<(bmmRFsu3E^B+bshe3v{_EAuZ^a*xslgvy?NyJW`-b~N~E1eq8wSuyoaqsVzk z?HK3HDz~UX3BtO36V>S|+nIvOnS`<>dXP%7?Osuf@^Y8D4noX3H zxj@@tv+}vu52uOo9MkxtErn%FWC@1)TL7zOVVwNh(X1mf<1mmJ zhnnXQs>9+uFYzK-mf8{=-Rhsqd4}S`qg0gqZrJT17jWo#BwmANEm3<~O zvw^$Y^t%OLnNcS!-1Fy2mrDJKu(MfkXN7{%xZeePueTiG2?0=qHxgCa`)xodmJ(lt zsse?eF^*|eVNd6;mo!HK_+q1WrPzwnKX}Q0V|6hqo^IMaWag)d7?M)$kFU5qGRo|i z(j1tfLf>z*R_&MDdtu)mtai6 z?qSl7KNK3f>uf;m3&UP`pg0;}_h;O2!jC8`63#9W2iH(ZLx^?yeyKOm_ zJA}Qsj$NCX&0NZ5yypOSEN`Vn!RfeE8j`L3=blB#v&N#)MN?%G1?I5rNJfgf{vADp0MUpGdZhMji8IJx$;vI z10i*GkwR#U=)i3}tNt5BYA6Px0t&in2(wb%`cEZi79oIek!5+E7^B(MWmijqNso#| z6@k|Zh+Qpr4g#k4O(rAsg0Z&8CJ z=S0T_tD=s3i-~EFhYGl0?nh~%3Cp>ccO-#eL_PnXQ*LOXKA{G*kN_i#as!bsAd_9KjDGY|T5>RNB6_B>d^$DPrf_YIybdRlx)-nWq3OAJX*SA^qOH1aog`u9 zS6NeugYPWC=(E~o#gA{85pukpYu^Dv>iG<*a#mVlmHAQ8Nt{#IhQ(f z1kBz#ETeL#_NW5anZ0pj>gM!!#a*8G6V$g9HO3+8R93zo@SRtR=*}SjUE^%1!Po@l zbv#uD+cnG6uIdXBSb^sX?^kgEA=g-#CQPmLa(%MUZb(VCiT+COWq-Re`o4D;YZ$;$ z@){ASot9#{vT4T#kZR61jvh;x_~R&ds*Z*vkuvpW>JS&T)S9`zO7)f1YTTDN+P#-H z)*|{KSiv718ZGf!Xo)bYp_G8BDy1*JO&ks^+gd2EtDQ1__cV-5*s}*=zW!)rSQCa? z__Hg4c~g*mc_-^}u%XMJEqif!BT5dxK=-vhoXRm~BbSZ##Jt=_nY~+0S6mOzEKQ8r zqEuO4NCwPrHKo=N68ox!v!U*MQ^{9S{#r|6>PDInFvdX!@MS3q8S->mcU#14L*^O| zH3=}|8qT>u_6f&l6DcYH*fWf0cA+xl+QCTN75)d8^XtKQ=um#(7#}V>viU*TS?1A- z@2SZ*I0?rS-x6NPgaV$DlbfjXDxVcXI17orY}ImI^+n7s{>v zE`14%uAwE&vb8$OTQ455uga79#>#UN-tq}{?7OQG4&=)iETkY4P zM_MR~1Frl9{~;=3I~$0WPOJM4bJ%hRyEt+X^Hj&mQw=OUGX<5`jml(#mzcmk17w&S?Z<&#XQZ-}8R_^=cHUc;QcFh*(c@T0t$N1SKbsAHhQ1tMW~GGbo! zgM>-SqLlT+ch_;WMFwX(6?s<^#h{~B_N8Om5{EWSz=I?)z7>lFWnNowqr*wn^6~vX zWY$8qP;nn)!*(E|P5B#Xt>1`b3S0}33-FF2v{?#ns{V?|te9*arE)aHYXKnhl=SV0 z;ND>%YYfI>HYTI1U8!jCJWzbC2jV&40SZ~Y3WPiBtBFloF`ZKk-r7~Le}n;+l?G+D zJFD4U#qk-RRe|Syox~J%K<6>#d4ahy4EPf-HNaMc~V@iEAJxYTWM&%p|eF% z{LbV%;V^ApE?$qyp9PoZ7?tlP=l)ip#>ei%lmv4C@AvA zQ6q1lBx~}w_aO8Erxw z?o@=Q6|9?RMrI)+Lr^RU*wHNB-^C<=xWW>#qgkig@7(@a5PpAJ2UZ4Xtgddhz&q6q zh_+P8ABB3ix|BAu=KoUQ(N&Mf4y`3`)C#RbjgHkUOfA3w;H9+4gM6!w|JEjPD%ykb z8bc}A2%4fl)h=Ek9Rgs^JA9AWnDQ+e-j#gjG-*)#{$=%hIaPb6Ts5)XFBZw?06v;>u6v|mtzy z?cxbj?3cRb8oKzY7H?WU#cvOpDcZf@0;uKXS zCrN3f^iI)tM(=TaN*GV5NU!tFMhtc|qP3TUmgW0S&<~EoTIehowkYCsm#)yUDy4ia zRjN%LGQq~>X;Vx2L>3wlpTz<3abyRO>LY3R+4z;*ZEOmb8SLSgn5rQ;J4eB=S{cq(?2O z%r}9yl6AYi#!kg$C^T7(13tW{Il3Hr|6pE9C#@X&0O}*{E+%cyG+lN)swN^SBHynS zU2>Udh_(A(^$%;Yy;8EhkVH)POj-PKGr#ZiI~4y^zM~XP#3d6}_!=or4O;OyHl^k( zQ+TRmy6#-^`K-6&M5Xh&>B*{{=*PFRrmbORmJzYSC_r65 z9+!QdMhNO_*MK+r*UH3#C2&UL!lZ^V$X7nKqR&LPDA0Y zT^+&7o*oo3XFNlH6~n(!yG>um!0+bD>{Kf|o<>%7Xuk0EgoA## z-ePO%&5q9KGX790X2LCRc9v{q=s;Y(Kjan?@{fGaGhO^Z3F^FN>Th1gtUNg7fhba! z!W2Z}pis**HUVC#=1fq}!SG9il2Mu=4;p`CxS=un`HS!id8cO)`kqDTd&cM+linoV zGSBu<`#OZGM|;vxC4})7p0m+KBbbBBBBYG zt$Got@M~o7i-LX_@?-aJLPa6kCNrI=m{nlLMp@-EWl6Q_Qej^ndUKLsz@J?9%Kb@6 zE!V)>m_w=ROL*07scbbTFEm;6yMoi&NFk zpH1WZS>*X46@>#~Bg|S|w@RR6>A|d^RPL5i%PeIqyq0p3sG>Kk^obS}SN;^QWp}uB zESi++0q3Y{mlh9LXn3@f`CvGA>2Qq6R>38y;`HHA_(=B;?!S6hV^mK!xPX)7@$u&V zxwlAuRc6z8FcdAs)`O_IsJH~Oq$x<`o8|4zr>7tcYvC{Nezk2K5NMpZB&idx#M_BipHy@Vn!woLUf|i5|3y^>Wn8Pjqn_s@wk$lu1 zZ4D<=S``}by?f9Zz<`ExS!HbU4rJj;9^P=HVQ6>vo%V1y5KhV~clYmIXK8L_zOcyf z;zyesZspzkpKO>NXNXpPE~_q!{?o&Ux68*TcXR*t2iWh2-qk`zhttsg|9JCAx9%{a zyL>`P{^joNG8PXKj-@^pq=gkv{qFlGcamwvStv!6AA9Cv9t%ITHyMNnvOOys&)@Pc}SQ{qX56>{Q>q`J~H#-`XX;`=Qf<2`hG^B@Hno3WH0dbF!dj(b&gFbU`9A!oyC@ zj=7gPk26~AAxR=UX9Y)}-oeJg0!n-G;gVjWnWV|>PdE2+Dc{_@x%+U(8pFteI)UyY zcNG?hoO^dC`r@8d%hMC7of`)dCpt!6plwWUKYh4)bRR!GetdXZa`khpn3nfvAK^?N zm#Ra@t=tV44GU3+vQdwBPygvaK%XDD=?OKxNKDlK`RPU{3&?}`!lc`?bg0PT~3|X&poO=2A%iS#kUZ-J_ZsUYgmNq0!R^-#xHl z2aQH<_p8U<-Mj~2AUmhWzGXG&G(Xb8zv~6l2-CZ#E)Y#jV!78YMl!MYE$NzLD~OLg)9h}5;W)E(pUAB6# zZFf&{hx>lK13ivnO9R0Hn<>=ui7!j1s4*CY;9P!Yi!+m^`2VGR@%A+n)Kx_{ZyxZZ zy#cwoBk_^b!AB;Xby72*NNc*c9ldeWy9QYJWcG=*AXuA71$IrJTCMkFwO9ZMGD*|# zm-oxZn-6{W^l^E6hZoQ|V1awZHy?0gMZsZLor$J8(UDB__5slEKR+#56ehG@pk|<* zx4g_FUgmM4Ki@Cq0$>X$Yy?OM6c*8rg9_mrKlMoAe0q{kmU`}5fVz9qVNPt>_>Aje zj`h@>b^>}tpx=J*lK}XOi2rkG@3 zj|6>hZf`$5w!dClvowymjzeDh|Ezo4vfIeDupO4$ z6DL|PAP91!MFKPc_8HCBPt{tPtEvD}l4qtLTHLr)73#7sxiUYxDCOf%AJNnMzgTd; zGba$d)7)PF$##Z6F&oKt77s$?VW5%(8Snr8!`5cl zqmV;3i83f5Y7BBNNu=<&voY^*`Nza$+X#}5czEa50B=W;{ohA9+{aH(Q}J-w`#-v= z{?9+(L5L~xC}`HbvG_swazBc*l@1a0&efD-(zX)~pJw)@e|F~c4?nv8-u>{;_a7|| zcFQ(PqP0Qlf_atWCWq~>A3whT!~3xNkxGnn1o@~R2I&d^bO!SoDFbOcCbrd_|E}Hq z(_endd?4Vy6eiMzsj#Jga3KKmd};E>fBa_lGJke6xLD2nKhN`>`!CzNkb9oB@{XuKzY&!1JxHJfICga~Zk-trcj zubE!j37KZMgGx+iW&ONb4|*F5fd2DID&Rh2xT^j~U{7ZS{hd!w*u}HmZl(y`RMbAR zo&M#f#G{pdSC-WO7#O;UfJuKx!G49lJn@CRnfG-eJx5w0XJJM&WkUxuZME~;YXLlL zHxVB8%>K;&cFqIW+9S47^mAwJ<4rMck6SGk`pk>- zm)Oz^Yn10abSCkWTSjkA=Mx`I{|#^cmsa~F=w=+XKm$IGO8q)o6rSA7MH_x9eHs-a zm#xG#z84p@x!5^r&_;w-F%dgsWCe!HsGRr$hRfWFV@mL_x&_J}pxXMn#=Dc%n=WN6 zP3c(yx$+-XgII;niZ`GE&n7JOY26T;SRu?aD>1Dqx*tos02ea%E#Jm9r^dZgs13PO*=QgHYMIS3YGASKMm7l6Y=I>A$ZU|Js}n0G?a_ z(LkLQ^bTL1-&l@r+UkD`luZtym%b?!t~L5jN|waH>(ijNKc*(_QNS{$4;XcZqk~7t zs{g?xdg8w1L+Xd>Ua+s|K($ZQG?!Z(6fuTqknAo~*<9?b@ z=}Z`3xd2+GI-g6j9V5d1Hh7eSF&*baw@>lz8+^{jePYm}f~nNu#~a;VpPrtxA9FI# zQ)>HqVglAOkp*l_^_xRGOV*E@tdert99Ob8CbxZ~+x=M;uXovRBg*Z&?9Ew;{&PEo zZum-GRoV=t8l92z3(#fHXAo+st(s3Fd3A?NiTvbvqwvGWDd9EgsSCXA|A6GBCC?Rf z)g09o=Xc!pry@wDBV8;V$?}BjJ7T~WP5rAfZ_B!(Mn{>qXVP`anXNxZ9nB}H`lf%) zA}vZJL&}F@o(B}ok!1+RZtF|gpQzw^h3ZNf0BKb$=ri>Ap_UcVCL5fP;|(Mjko^J& z2MtCvngdxsdVE~m((_c2q0?Sa&~!Glxb^uS$4?nX&oBXF@ac8b06={_g^hkN!W7mu0!F_$a{TyrF)>6}k z-Z}4JKVit~f76a)4#kdw+iBWAThO~4r{~P&S+Fr2ts5w2U8k-q53y=}AolY5Rnr-M z7|y~QjUuzKi&U$nJEKg#Qgyu;J=KWOI)-`Wx*TG|-&T*xw4-(4mJMzPS^)Z9>Jt0x zoa5!+={6AoSa7V_z!jxzRd`VBFuWL#X6;8)@Tj0bjV5a;=E@uQCYZdBklX?6G!=!P zux-FU`0Teb8$Z9w=ulnKX43W{(=iKB^-K)PN|$Rr5tbRL3hpfL^}Gw&V8&2u7mfzv zCT~t;hp4gLdKIudf2;~=E?3KFqfm`PY~6{-Z4-1Bp97QC=Cx8t&Uqk=;AqWZl63hu zlh^*(w8j-VoIxv5veIS(7KkpP+m4OVLfG3muhG;k$B)t-wofk2UP)vE@(5eh?vEzz zUEN>RNnf^8+L>XBFe$6K8Y-2mz|KilhX4(33r_?y`XLHc!s-wJK=)n0+^_%BUPx|`Z zcx9B!y!qJN+9D>|8ENZ)`23Azm&@LkzBhY1yP&hrOiE7V1vMm_9V>iFKH#O1%xJk))q7r+=5**QQcms@UL6yw zspTzDR?jgDk+$;|v)hXDK36}i2@r##Q5lQdj~D#Nb<7)*be#Jptr`k-{{t)Om&0#> z0+$c^k6t`deBbC@zT@Z{+~XtvAz_Fcs-F$eV8g(>b`F`!$=cIzifwETEGjJ$c0 zC{=z}x?TE`1N03kW#7+VdqhixqLG|XPRp^XIW%p_NW{nLOqb}L($uoi8@@>!gd)L< zQ!qO8)K*sv;%OF{*jq<$^D>W0>Wf{lOXb1%h4RdUY{!LGI+-rH>0A6d+cnkQI_Dz% z@D&7#>yZR=$>~z%wSO=_kKVzPAjC^_=p)uMEQmbCNX2s#zmn*T49B}dLk#M0W_G^H z?hfF9uz|*5l=C}ZKgGFEIiQ|is_nX}rIWnqZJ*AU!&=Z5&^R-vM$j?umfy~Nil9}(n_P8ntj6sMpd0@_x#iJETpXpB z+9%jnxqPy#(qR7Nu3dy_;-mOZeyyTr?G=A?Wh~A&d>Hh;A2zBl;Lk6fKdbF}*8E$9 zG4XemPl^@DLwXB$Dz6+&Zn%^{dz)$#>`lhXds%bCFMa8XhtjJwU2%t;_>1y0GLGu@ zq_#@_c;%E(G?C1?eR*@bKQWh#GbdJYCWlgQ{aU84@XrIg;P~Wo&uHcgnqjlpHI;s* z%|1>X{Ql2636pdr=QNuN`HHJ`$ST zzQH&?l-H68W)~(jO8%woIL94g2S{u+MlYjG=PRvTktauB4~K06B)})PE(Hg^J{BM| zW%meuxhvM2J$rJ+M#RiizpN%frTqfm=ZV)f^mq_etj+7KslxWsw?qcFhhtltkj@f$ zTrazH2MVO*H(1d1`Hxi99ES2+moR(WuxKu)NhFbF?mf|Xt-b-b%H{D3_z&WQ9cu;Kc z5Xsl<15rawAzgaj%R&3SqC}s|@*1Q|ILSp%^vESG)EENlL^REMPeplk7Yh%mNjQ4@ z))=gGzmPK0X~%j?zvNL11f~eoc4Z0&mjfjxp}Vh7LQbhAWLki{y}oDTGgUZ!&RzwnlO>y}*%t%HKmeT>_DU*h*~t*U*lGPt0EO3us>#A>`0 zE=wh1x@QEIa|a(tQ(52#ASlavD*h<{m%QWV7|5HO<6{ixdFTTd%JNx%++nre-6`{D zTh(|$A>5HKK0ui|pN!@ufue&;a|>SRlvS}ZDlW#9R=(V0=h$uwczI~?+K?i@4O!As zX-I9*D5hXY4y=~G)zHI#%8vNJ4cLKrdK5`-J|B7oyl??_;TATA9}3iI zQIlMXfA0W&E7a|4{h#9+xOPlrYiVF8kaHiIG|ZM}A@lj@c0EeHZYpP-oxMf?YY``t z_JB*O(etBzqA*zA!N+DS0{go+m^+soHWrqYG$#2OH-|V2=Bm73rd%$gN`*^ZWDUH^ zveM#a;|WZ4_q!)ibv!tKqo^nU^rWzWC^Rqd=?4Xi{mwe*>??a@P5^fY;bX_>sKO7e zzq?T7nC*ip?&4qq<>*;d1zd(5yHIPt4XNADlf4^cWF=Ig*Jp{*zL~3$rSWxESW2yg z-mxmU?>-UkLGPsPwq_RGUeE@rx}+;`_Bay<&?LsWuu!_|#clM$`V2C}=wfWtyh}ju zdazZNcna|-{Mfy()1)94Iih;JAy9ADDVVoHb&&O`Ok|7jDkHW+!IfCrN=UVpRwchh zMSoOKm6qd4O(@&HHs>ruNKH{>? z#awI-LfL9g0fRTk>&P5?~o9@+!HN@G8oK6o`BWk1!SjO%oLbxd|;4t}v2`mV&r>m@O%nmRoe zO^h;>2Xb2~|Y2{l8Y!E1G)OjcY$(5Q1%%b{1&P!Rx zr_}Vf?&uApdF`!3ad>8Sdq$A13*er!0zgPhT%G#I!<#8GsmQTrcRMh2XJqKkZ1xN; zv=o97)Y`@{z02qxA?Sxjw}D5)kRLFj}1jujtdS3H$_uP@-teA#1S=R2l&8EgNTI*{9pX zYJ?Sm5QAp7RR98@6H`$dSUL^8x`3%u6ft zt9=8eE%kw@4doPja*e>(Lj*O>fGbQovP@g>sk#*Z{_8DnJ9S;9JZ0S8fKh3j;Mrf6 zfuPZ^Dut>s?c|;~Oc>-lW z@c|eGlWv`(FwZMfg0msw*N1?T)!j9!m6h>2;A4vrR{HyP0-CHq07uEqB^!!jx}m(s zIUDp=c7U9z5xS8yr%y`3M<0#yzM(J1-^yL9diPxxjHi)mTUuO;=zxEwgZO>sEaR)t zHwOp3s(VHqeP%QpSv;2qEF$sdY&Hi&Wr2{;*J9q95qrxQzOEHAhJ9O9T^Ut>6Z-So zFL1(VE>O!+>K18ud^s-Fpc-@o8Jq7Rnx~S-MFk0ITQ8&h6cf0^DwBS%;u{plK=vN; zyuqr^S(%F24WWj%BHp~63~S%dT8(;Nv-)-bzL1WT{OxH%b8kz&b&|hNtihd_9*EfR zj%?^>pKzhlTytUZ_~49=mexC|dZhgt65v@g>|>@sv{Te(MQgU6j3#VE6F?Wn<rEss!=E9EU_k8Q_;8nDpVBp9wM7lr$`x@h3c?7a`;1PZ_o_F6IkFVJNO>aog9 zY>P7h;P0v0g~T^6U0qH7@)LfPB44Ek3Bkcji0TYe`i@AzZCxtYif@oW@B?Bd^Ultn zbSC-B<}k+kK|B$h0cSUR zg?;D%3b>TJ%wdqq!_-WMB-Qf;kjweRh+b;7YF06ohk+8*$&B`A2rPq6Sy z^iV%CXpFn6qtVVVB)~UnfxFk|PfvI>`$6n3%3VgzLbX;u;d49|avZ!FGxMdR;-{4|g39nqW&PqGeL#9ehsN%vbk$iF(zv5?|_5x@)E@x?1ZiP|C!yLZ8@Lm4Q7 zp~UAt^i)NR$e}%VW=aJtzO(@Vq-xtTCQ&ND0z5=z+r9)VV%&u!+x=_a-)WcvA7D@- zt7y>Np#tWV`!0xA{Yj?bFHdWCX4d>uAtO04+1~&T>51|3SThRbTGj@2VFpk%a}Tpr z^=)FLvpYF($}`WvP1beKGxo0=PhIrwajXzCa1LT!+Ix;D6|`4 zm$prf#2I||v(X+jROl>(!m~Q?K!*y_o-&S)ZfA~;N2315nT?~3`NW8p7F2kUV^}ht z(cU~TgdDGLrGqFRyl^gr3rCbt+b`Hk5))Y6ge`#mevVC__HhQZxA8_J=0{B*^uV)`i{S-IE ziK#xbxoI=2I>Xhybny$+pG68N$tqV$L+(P?yw&==mc^h+D$%7Mf=>ZhON9=L5FZBJeq526w2PEMhw_IGboa zFN*lG4p2GK!An+sdXoFsINJ!rD4O{FGe**v&iJ$pI~YndG>1WSaY6i0u$)qtZ>@k7 ze^tIe-!Tf0t0P@=gTpDpP!9nAr=h$c$*RGz7Zfx++Fjle9l!@liK3(`;YNLeIL)X6 zfy&O78ia@&^HJTIe2t3beLQC)EVXf>>w zlj%US26ulcwblh`z#?ccqDYDxBinOAgi;(=n1szH2{R_Nz&l;1VNR21Jv0DeYtC0+ zY^B&)SD{Ib+o1P#1N03sbjjJxRAxTxF8`rNYF}CgRVV+h6xsd6FaY!mbw)dN&w&)W z*pXBPn~xPReAe5+p&PP%ezw?e88KlXhM7|gvm_yN*=uKnwV#}pzfF9fF|DCtlolpXB0IfB7{ME5gM zJ2yH%qEPubd3{rGYkZ}^KDYtwc6uGaXbCMZ1_;XtO?z+x$7JTVM6TqEGec2zNv5ud z!&Swxpcr{!)cz!v;OF{^cLqlDIgwYN$Y)mCa{~M}`(MzbX%7k#i@jFrYl`b3#=ejZ(5Atmm-2@prJ7|r&ip?%@g-Qso{&7jf@{g=Tm(X=8V9&%(-Rn-bMb9HXG9J%`eq)JAP)lz36RqT@9lte zsfNdcvb2MEQ>+`p+j(Ml=tLeAAm;y11&9$0`sXG=5@Q^3>i6(x;+ZE+wwOx2VX4aR z$=5tCyT$o+DzyzIt3eG-HsI!dDQ)zQlGt1}wRUUx@>mgJRgI!8O%K_{G_M8e5o;z_ z{?1;-W93*nTG`tqr@7>tJ2!0Fuj!N4(YQcU!XD_N6EZn&Qj zPMcj>J}+Ldh7pa`zI{F;DLFy>7exFQ1S19UcNvsFkN#wftY{Ts_3Ny|H3Zf6VutJT zV*4bDG?6YjN2@xuCBQn3`{ye7+CURN2j$HRX&VeFY~&92TsrBecZuo6NRYs81t6BX zz&+bDls5j)C%^Z7ri$21!4kDIvG4QJ$FOTQwre)JPgZ;tf6-`cU^EOE+v%op-*xL0 z*9mD-0x7i>aF(-bDakd36l5FrJbTJLPIAb$n!J`H!U0SYKH*!XeiW=l)nO}kD3j{{uW1hRYmzVx zOZ2g;g9?X+b2BlQ9H$vn;xxCD{&;0!W1Orpdl}_vgSBvB%D+{__ZxY|F)+MHtkdssO3H2Xlw#|CJz zfVBJlONj@1-W6@dQcNGpEgN-L{>zdE>L(v_eNmZ4R^KjVt3pw&fw_44%r~z3M(*Ee z1x8V?=gHc534KiY${~8C&oekak9hd4-rw+N$>+~GM$$Z~Q+cdY2zcW~H~d+&O$UXih&0~@=Fv_)_ErwIn+)F6W9M3_>PNJc5n=Us8>{!A z&&WPa`ZCcNrJA9d`lfI~p-r6`YZO$?^nIlb*Qfqfs~t;f)=jO1=L2{4mS{#wBzB3w z2}sHuL7CfI6sC+LyIb9I@LDVKG!A~OG8m^BAMvzf8@ayJ4OAD3mT6Y&pKP{btS=mddmJPEEgk{l7sZJ4D{sHDncFp+s)ei zMXUmLuHb}I_wUA}*>AOl!ATyvmFgIUvy6oqt=Y!6sB1o90n=)ip=`Cq;_sLk==t z#Fp$DM&|$aUJc5D^_0D6uO+kfg#=n?s3EtV>4lyn51t!aOFu^Me@0S%NHjN|_+Rwr zhva8VT}Di4vd6pfjPw1BV}38r9)bMp=j>gik=FI`Uihk$vH`z+CDZd_Nx)Jn(+a=) zL%f;r@h2ge4Qh~UuiW`UwBARxmL;-GkkkXZVKw2RFv{Ky!I@FX3Ab@IesstK)mqj; zXLB*BKi^M-LqPc*xv-tdN4YRsMxVBVo5}bUiC8s5+F9R(Q! znm6Udnk%hN&ct14eBTFl!FNJ!rcq4oeRWiuTh=};TBI#j++8CiSaEl!#Y+f5gF7u0 zcP&nFFH+p4g%+ncv}lV{pt$Qt@0~lhcYgEDe808k&&f)%PWF4w-p_gVKJR+>N#1O? zeek%RdG>iHvAzrkZ)vX-(F}}iG04yFOKHGGF%tz@H4E#j^O+p0gK5$@H*y}jyho0t zMB)-RT@6&nllW0HTr{#2+(MZTawB7}0UE_ev5X#|7)D7H*^Q@!umCt0H3@YXFq7?$ zx7PZovLeHSN$N87tK={xmf%vTye@59IhGIkeVt4q(uv@{N10iYf_M`yex0hvehf+~ zO+O4&xcvBvDUaaX`v^?NscqYN*=m$~G$B{V0?B;u8@&{iGgavwzA0j(Hw)W?FhW=M zo+$XTpHP1q#8%E%SLYl?_2qr|EqJP)vJY1K{kfVANjz?thAH-wuJ+Aflg*GXaLBxt z+g4eOYiHD@<$b*+@yryEe{}#s{HXg9T1w5cyO2Ef-ZOW5&%}j8DOY=`ZQ9o!FhQ!72vgr1#_8yV)-`cT%*$}C zcWG2|eAu(hF0K0aBJc9rpgn@SH(<2oeGE5wPlGRS666cTAAx<^@|5<*N*LXbIa}7p zECx)o4%WYi;?IL>vic2iQGZCZY~x|rEKp@nrB4H*mG#^CTJN5Kn_LH88?m0hMJ$wO zreAhUe`hncNMZ{wSgu=4-e7i}Ql;KUiKnlZqMNDW#!`GYu;e#|^@+*Yv&biYqkv6r zkhG-C)?unLav4uXQU2a||400oA$p-`wSKAW+G;_w<0$EI3K`l?iHm6ZX_NBm9k|bQJ+OcQUP)UKoU?zoL5&Q9(n`(iup#aaj0kgKK z1}}psXOHFP!co`~cQV^OiT=t4lHBZKb=L4p<=ee*kFMLVGUyUitNfOr3`=yLG z%iB1VNcZdGBsa@a2B)Q7^lVZHi>O&tQ|ynOGqjmtx31-gZonfT5kG0kLVJVHXZ2z7 ziMo}ws#9*pJC6syb@7$z)eaE(k^b0@x}Xe~M_S`Ua1XA;U!nxp4y9QZ*YO_7XYdXi zFA~4NxhO?RwnRzOU%T-sZv9k|h{qo>OF?#BSliRNEB)PE#*i zLVFGv0oH)rdu%n&{9P+mud*^%WBU=SpboTla90TUyprARW93UoF zu7ub%@jLwMV6=}Tg~0-2#%>CzwmUSlRg{FXhOrT)&r+>~GiooZGiHofB9|wRRQ05%4)KrDe0gt)gXsx`mUneyd^qsi6Y1;=u&m z1G>#T??t(7b^^i}obnjJ>DlLb3K2~X8I0$>b78T8|8Swj>SCtwETXevic$Fjz)w;? zpN3z6O0`fnkI>hx3dPDRXOOo~XTLVJJWHXIr?!#xjw3er=a02FbL>l&M}OO8SeJ87 zm0+&Y=)-;N-tc03zTVGt$5vE%m2(+OEGqSnp8Jz6{P7UDv#DRj{xjqstwTo7PNOcyCp! zCF1xYpsog${pH%x`uj)9sf`rwD@s{M&*}K>M>TPcIY=W9huwtd;i;IK<4+;nLrQ}? z$n6n)k%qY+wf+u%5!^lR1B_Dl*$*-#4aFU)QO}~V4B1)JG}Rg+&;qwAF-UlF<0FfV z%wN@-WhKYW1QB4UFQnyk2uKIo#`&HP;0nVXGplL7-Ni$`rl5}ZcVfrvl@lhk+nRcY zkD<8mjHe5P$>a9&1FBQR$1*`9pYX7)B%gJ46}_cw$t>nVt51~QJPS)rCq94!qlSdj zVrDi`E~V}7P+qipo_ufG9D*~wcG zgwmfAM~B=ORlQzMm+*SloJEyj{5J5r?UijtZrXaCN(_6*nM+--ev`}a{n&c#`J|o0 z2hhh|L^miUyrWyjIM_Y%t0Yr!bhc-~uS!YKSzMkx*kk^Fz{#?})ErAHGbdYa*C2K< zo|7Mbm^?x1=n=vU%O_qbmwOIpm`==igL0uJ_2uA&BYB3iVYV_>``Tih868h&C7Q6j z*5fCArw3zw5j3S`)F%-8)bm&OA4p)j*!RY^J5H$y-NAU&_NFj*cD)0r@|?gyQjOvP z*S^S;Lo-aLJ8z7WxjWN83wpOZIt=MBGovz;U(KtAd2esO>l@yd@C_a*Jc8v%jv_WZk<20_qq{-fH70skzP`KPrv0RZ>yO_1 zFeG%dLP97aT2>=ApOW%BXdQ>ARQg%Pb9j#fRTZ;OtS$n*-PsKqv2BBftZsjbn8a03 zD5Of3JsGme8a$YK+C*_oWwbDNP?t8fxJ7%%X-|_|ife*e8d{`s91sorh*O?G*!r4v zx$;Ry0|vW@J)z&Jbx@sArVf#wYL;fI^r3L$?7Y<#lZ()U;;%W0XF8uFYXt+NO816( z2m1BF2OPqy=aN%4j%?kJ(KB4xw8wQj2a%U6#^ath1|o{t*ShF0n?ngO68p@%0|aDU zTQ?36>A3Udy`tCMUi~b7HAS*e}lNe1DPdOB>jhS3zNq4(JCJ838U7Ai$m? z)ehk#l5Lby9S5P(VP+wrY3`Fo(1IkLk67y&=xZo*6jRIh$&o$!vQj00+V`AQwhSn- zFG-4t;sa>p^wcmiVz<_1`eu#UokwORV3=i4c~-je9eM3A;8-}m&wWtLd6B{_yrQs* z2CKN(IYtJDN*fWRRR919xnGcT0Zo|LSzylr5i>r!Ox1S_*8Q?i2(nKW@9cY+uCywM zty4!Q8Y;zL4-~v$OzOxwpe0Y#>PQ3+K&8uO%89slh!?TCsru@l8$7>YY`%M{KRh-; z7eIHkZ38AP9Q{Vgm*(rubK@mTyGMY$Axj1 z16z~*&Iw&g{21q*7U{Ik6(3$1;8E3DQ-l>O$CDP|q9wC|)|nwy-m#0Ewaq=@itu;W zsVvIVq%>Y1Vg$%tszX9w*-lM@-dNLiSkN|G%)R44REJYCaGrbeO&&##e)XEqpCYbh zcWW>Ze@(D4;eZ`K-vSVeaWcHqHmn*ZJMmT2W1sCR7O~+wYEqE5lQ1Ex*91=O z7^-;_Z#pY<&WXi1%<4v&-+p2yc(*|W@4LnaPRbp>xFcV^SuI>tnKB}qJ*SVu%U)D* zQAcr_o;88POn2iMP=Y=U9Y%ej6;$@}ZqHMImPPq;#y1+(c!!|mNEufQF`Tx0Ub%l_JX5oMr> zg5Imor?$|>jDzC320u_&SO~nVmY_F{Z7t^QkG_;PDM0x^C;vgng8CBE{v4!I8$6|W5z`*sy zScBzVzcuK=p7mC9NtQQ(ThWVC!G@NDl;hPd)4f-P1Z2xPa^J257^|0ZMzDk}2iF}R zhv)V)X0Nvvxe<51+TW_TAbw`@+RK_pU3C3=v5pGlP1y9Jh}|2g3ZoeA3no}*mmfwQ zw00(~OiOx`WM$~SqvQc)lzPWo6iv!SXRTYo#WBwx5T@+-MKh;F$N%u~fvC5F+qi-)r-LMGV#K>dTSatS@01^e6EVNzWjtq{SkSyqpP=pQ)B z{KS|09iInxnsDAoG#VYNhXRaE4dc=&T2~FH^+&x(w1$xp*K8e-o$6^!#1l1=qB{MwvkOtt;rx( z-d=0Z2w6)U&8QaRQ4=!XEme4}`ek)FcyZQ~UX?d8RDBrM90c(%Q!6MF$*8R5I;yhliOavUT1|g==T;}D zd<6xu<@l(os&06;ecbE%#8?s(nS0hoDb{UM)rM2jWy|7`-sc!R%?CdYT1GUJ(`ocK z3M3)eS?0u4Hge&lc5X#;lLr!wUp!88(z|CcNYX!*pR0VxihSaU_L{8ic@MTQH3f-J z=!<%d=@#;-Kycsc-Q^ahkx!qBdxW9ahcYT)cEDPyqx3VgXNKza?JU!20>e6HIh=T;dDnHxNlgrjN?!1M>N`Km9V@WOmz$kr=q1UjP4P3JTkJ7 zB&;dp@~vNBQ;N|Y7RDmMsFLs^X(fn}d3j!HpOb_UH0iJ1j+?t#`i6nKFNAbab=;>+ zLhK+Fm(kv8|Gk+*;yd+tf|`d7Nq){5)oqtPqT`iZ{vr?WVffwO{_5tPtIVoZ(~gmo zS}!R5!bUX?g5<*3M@4^UNrSMuSHpkR*99m zO;SwoK9UA^ept2S@FWs@{%O!vEKWORmMmd@tUyg|0x z!Fpq&@ry{8*)O-^9|@k_q1al6(yv+wx;k z`%G`|#(Xs0s}(+&d32NfRtZrbPX{Z%!IG|CyczxWaaPTp%!jQ?({1cz$8-^6!;1X; zUrAmsbi?1fle#vxzG@YH#hSrUI88#j96Ws{xMF#8dm{$8?Vh(PnLB@W7m1$ZYrcz4 z)tevocL{qMBy_WKGv%d4S0D|_%3VWyy;fwOTOO1@J&G0DJ12_X_3PRYsovdAZXiE1 zqjNHK7yJ6rxuH#T@9~^`)TVJ*{M!gF;xH{`SM+qFIXPqdGl36vGhJqI>WAs_6(lDn zYq6Ve(KG|P*&h@4S>$8Xm~k`lFqQRd7mZFBI&bX;m?B^I5=ZMyjm!|>+%+hWO=yg^ z{?uRBG!xf$waB9vyu;fP+%ZD5KtnR8VoJe!qdw9jhT&K;jmuAVC+YH#=-`n_mpnnS zI<7QTubTii^5O?0!qpw<CU26Z>{+(KN+8NJi3h%E{>PHs zLbn_c~wKZS&ochJArU z7l2Dv$MO%I`)GQ;>wuswKqTQuW*Q|H>y%X8BVEd-+46j&4};I#-8%G;{4}BS)q;Bv zt=VsLkda#JXO9HPs#0yeiFq16$z-*$VxE-*DpNwqhuP4+Mq=6%A!U4L=|vJx;H%le z3|Zw-k@Jf;KwD;ETLyWewxM#`b4FBc*HAqL^vv$aJ3`4ATl$%-Y)k~ovE;A7z#DHc z!+iKao|fw~Y;?9xrX-zrh4eX-nC{QMJ;k8RbyPQeTb8ScRGAcPd7|mewEsN$N;2og z#<=;wxPJX{GWZ=`LF1@wwj3i}m!jF?jR9@CAD3;xU7EvK{oqo?*hBNotu#LkoTb?h zeP0F&3#@{gxqJK)DN`a;$9Pb3KSxBo(VH7vT!=I)IkbVN&M^0yeDn%$%Kdo(-JN7(QB?d9$sve8 zC}sg^N&#WG!ftUY9miM`D8#igcbaz=&B-(|vyVvGEz5l;x+i`=3Po-co4;i6Mz8@- zP}O1k7&}`xC|<=7*qWhGgF9}A(Qrv|kJu?3^Mt6DX+dZQZZf+67BflRl)@fzzxee? zFHC8*0=BbnlY}h!VU6o7%R$f|qg%NbHSvHP_VA#4m_T94=Ka=ZwTb3Bl#xs#bye{b z_}zx3*>(TmkS@DAc82}XTHA!R9eo0nNT{=^j^zG)AZ(+k{yhPoNo9WN)YvX45oQW9H0ykOQ4Lp z`$WZZYxZKoquZOrR{AzWt4B5pYR+DepDrCp9z7XA=Zh5&AYsgF_K&9S5x114vxv@K z&xsTI+*e%D_7ucMKE<1A@4NV((yGt5=S{`+h?)4?{Sd;1Zt3wxNW%%befi7ODy>hf zk!6?k;fg!Ugv>CBky2d5tkSlYuR(*D_|cRUW*wP~1;KqRZ2y6f4m2)77SFI)zbPfh zN5}Wka9i};V-4uUN06+Pv_46^JRQvhEbQ!^gUh>G$HXgby$5Nm%VN>+j~r?COd+$h z@9g!aAT0pbui&$x)cwq&><=zJ_|#S+pjL}BO?{HK8*Tb82CQ)|Qhq^%QLTigl-@@t7WbheOR)^itMa!eNR5U1yFmanF6tkWr}U4oyQUGxg_h&ubP z7$rV;)nsN#G|n6%Y|h$;+1C=}m~~b%n9L1-6Kq~@W+Qs6Ov;_ERTO<~pricU)x0mA z@PwCE!63!dlz49+Uz5ktA=&J;GELgsPn-1T(>bbF?rFHCsyxg?CcXNBZ{FQq{=!*I z8rUQEMncXPpIRTDN-vUUaJ;W8lkdzpiSC9qcdEl&}A7!o>0s@2`cIV zc}U{D*I?nzmDIdrdF=N{I&6&1`TfA?^N>CcG%iU6$qNhCbV4a7I^r${1by4%77RMQ zWs)({$gYKQTxL4Y(ang&hx~Ri<9h)Cwyz;01_%jCDw5?|)3?Xmm=cC)A5bjW?rUyo z&Z%h30{woxdoMmmIno{zS7n2b%_IO(ahp3rOJFcNNXET5ZNtj0@w)Nz+IdOVhdlVk zwY9;gE4KYzzf?#%zm9)DTJP9TvK_;Xxuh ztjIv}G;MBN7H5y_;pp+{OXg%bTy6C#_jWV-6P9;^&DTOGcrBAH=pq((LVuJJ)m6vX z6;A1z%OuM!$J51LuV*R8);}lYuC9J)SKZ%#MYh}N>Gk}vAJ&MVWG2bz7`8Am%j~sx zJSaf;t=I|>p4&~QGWM02)93q-M%lN78Y19t+F5l~j<0lbfA3s?9NE59U_JiZ) z6FwlLz^|{AV+p7~d3Wq!p_a;{)PXKx_s!?)BP2^iwsA9vZK(vRK%*GEZFT;P!AwMh zVkWu6QVh{bQ{1}}nOPdM<47qnqX|@GtXn+P=gSqqPaqYsAn9rzrq348Xv_YRtMgK+ z=Gm%s7nv#~SY&FS0`N2cMMmvlzUuf;FebT9~9?4OJVM zfsRBo2BJFp==$3@Oj!~#0Z}535CY4YUcgJOqAyC4Y z62#4xHmZ|BK~b*y9d#lllH~P#y4}{u#wq#Kpp`n~)ERIP+!b{-X>NH|!aaxAz7I}H zQxtcL_Y3kooj};lljh=wJqW7S>U;p*bx1iAq{_IcGLQYn?Hbi}$x%Y-^lc^G2_9I> zgl)~m%Se`!G#lH!pzusVFn5i z-hs7mR`cstoD3ynLNT>actl5lH_RlMi6`@Y97wroDRw@4JCE2!f2PRroeU4>j;lzmw(iL=ajo-VSln`pRFx!+c_)PPP88)Nj1?-`@2TOFbjbc|< z6Ic7cJWBE7v-X*#wy!J!e_-AmXV@#|-B!lu1Ghgj4NQbJC%eor<6k8PDa)Ty;mGG% z(Ak7Cnmk}WHl$Q#xB);_*p$iKikpt z)tti<^&fW5tG)=oZZdT*{E_pE5LW&H`7M_EsJFp{k##PWA9CX&`cW&=W_Ku#HuzKq;XWFPV%zS0{ zhCw0REv|=$Io7*Lw^)E(*s}k)Ijv1pYU>Ev5q}bxz87mZ`Lgyd96{YGt=^0)WZP64 zu|KqPbNUVi6(!?9GXf9$wz9C3vm*j#^GA(gp4&3SKWhyO2?1m*kLzKZ8a(u5GCCGk>AoIGruVeVYE zP7J>*`9qHs!U^tZY42=lXG{B2FU-Ww#aWo1{->e8KmIl|8~eW-vUTGAZI;|{I~#yI z%pL&Z1_J)B`F5btEh~bOxAA-%v9~V~Fc1Xg0)n|fU@Z_-5DF3m0l9!b=OzUBhn|00 z{!@pYqn4c=QbbMjH>^-@QzVl13Bu9oCu-;|i{M|h{H^als8O~vwKVhizd-q==ihV) z0e&*`3sb+j;pZg(LH_R;wEx9be_`Xi&k1&Nt{*&VRE~; zKu}s&&~3c@bRE+2uX=x%{?*)XaQ_jR&@Ec{&)~Lm{09v`)oLOf{wnSAV3pSE)yuf36}s6!N(5*!b}h_liwDovhuHEe{ufrdgX1MoME z?*4z=^?UUFhu{C4@PAnGuj>A5P^7ygO?JfZ$5AN83MnKk<@exW#RZkY!6ZCS!n za9__0)$Nzd@0WuHt62pL>g3geL;^{LKNw_76iE|PN6mY2A-u8KJS!hC%#1GzaS3Utq==9N z1R~AP%f~0l%Maq^h44#=L!e*@UTJYCPyi^-!z*G4khe9nqXqrk!O{358hAkf4Ldt$ z+S~l&r&QC@6G01t{Jt5Xqk%93Jk + + + + Search + Traffic Logs + IPS Logs + Virus Logs + Application Logs + WEB Filter Logs + SPAM Filter Logs + DLP Logs + NetScan Logs + System Logs + VPN Logs + Authentication Logs + Wireless Logs + + + + + + + + + + Search Traffic Data + + + + + + + + + + + + + + + + + Search Wireless Data + + + + + + + + + + + Search System Event Data + + + + + + + + + + + Search Authentication Data + + + + + + + + + + + Search VPN Data + + + + + diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/content_dashboard.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/content_dashboard.xml new file mode 100644 index 00000000..dc80ced9 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/content_dashboard.xml @@ -0,0 +1,5 @@ + + + + + diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/event_dashboard.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/event_dashboard.xml new file mode 100644 index 00000000..92e5988d --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/event_dashboard.xml @@ -0,0 +1,343 @@ +
+ + +
+ + + + -60m@m + now + + + + + ANY + * + log.devname=" + " + + |`_ftnt_dropdown(log.system_event.system, log.devname)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + + + + log.vd=" + " + ANY + + | `_ftnt_dropdown(log.system_event.system, log.vd)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + * + + + + (log.subtype=" + " ) + * + ANY + SYSTEM + ROUTER + WAD + HA + + + + log.system_event.system.level=" + " + ANY + CRITICAL + ERROR + INFORMATION + NOTICE + WARNING + EMERGENCY + * + + + + ANY + * + log.vendor_action=" + " + + | `_ftnt_dropdown(log.system_event.system, log.vendor_action)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + +
+ + + Events + + + |tstats summariesonly=true count FROM datamodel=ftnt_fos WHERE nodename="log.system_event.system" $subtype$ $level$ $vdom$ $devname$ $action$ groupby _time | timechart values(count) + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + Notable Events + + + |tstats summariesonly=true count AS Count FROM datamodel=ftnt_fos WHERE nodename="log.system_event.system" $subtype$ $vdom$ $devname$ (log.system_event.system.level=warning OR log.system_event.system.level=emergency OR log.system_event.system.level=critical) groupby log.vendor_action | sort -Count + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Latest Events + + + | tstats summariesonly=true max(_time) AS NTime, values(log.devname) as Device, values(log.vd) as Virtual_Domain, values(log.subtype) as Subtype, values(log.system_event.system.level) as Level, values(log.vendor_action) as Action, values(log.msg) as Message from datamodel="ftnt_fos" where nodename="log.system_event.system" $subtype$ $level$ $vdom$ $devname$ $action$ groupby _time, log.devname, log.vd, log.subtype, log.system_event.system.level, log.vendor_action, log.msg | sort -_time | convert ctime(NTime) as Time | table Time, Device, Virtual_Domain, Subtype, Level, Action, Message | sort -_time + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + CPU + + |tstats summariesonly=true last(log.system_event.system.cpu) AS cpus FROM datamodel=ftnt_fos WHERE nodename="log.system_event.system" $devname$ log.vendor_action=perf-stats groupby _time log.devname | timechart values(cpus) by log.devname + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Memory + + |tstats summariesonly=true last(log.system_event.system.mem) AS mems FROM datamodel=ftnt_fos WHERE nodename="log.system_event.system" $devname$ log.vendor_action=perf-stats groupby _time log.devname | timechart values(mems) by log.devname + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Session Setup Rate + + |tstats summariesonly=true last(log.system_event.system.setuprate) AS setuprate FROM datamodel=ftnt_fos WHERE nodename="log.system_event.system" $devname$ log.vendor_action=perf-stats groupby _time log.devname | timechart values(setuprate) by log.devname + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Concurrent Sessions + + |tstats summariesonly=true last(log.system_event.system.totalsession) AS totalsession FROM datamodel=ftnt_fos WHERE nodename="log.system_event.system" $devname$ log.vendor_action=perf-stats groupby _time log.devname | timechart values(totalsession) by log.devname + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + +
diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/overall.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/overall.xml new file mode 100644 index 00000000..0a0e7d79 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/overall.xml @@ -0,0 +1,156 @@ + + + + + + Device + + + `fortigate_logs` | stats dc(devid) + rt-10m + rtnow + + + + + Virtual Domain + + + `fortigate_logs` | eval dev-vd= devid."-".vd | stats dc(dev-vd) + rt-10m + rtnow + + + + + Session + + + `fortigate_logs` | eval dev-sess= devid."-".session_id | stats dc(dev-sess) + rt-10m + rtnow + + + + + + + Sessions Transferred Over Time + + + `fortigate_traffic` | eval dev-sess= devid."-".session_id |timechart dc("dev-sess") by devname + rt-10m + rt + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Top 20 Applications + + + `fortigate_traffic` | TOP limit=20 app + rt-10m + rt + + + + + + + + + + + + + + + + + + + + + + + + + + Threat + + + `fortigate_utm` AND (severity=critical OR severity=high OR severity=medium OR severity=low) | timechart count by severity + rt-1h + rt + + + + + + + + + + + + + + + + + + + + + + + + + + + + Application By Destination Countries + + + `fortigate_traffic` | iplocation "dstip" | geostats count by app + rt-1h + rt + + + + + + + + + + + + + + + diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/threat_dashboard.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/threat_dashboard.xml new file mode 100644 index 00000000..6c84dffc --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/threat_dashboard.xml @@ -0,0 +1,340 @@ +
+ +
+ + + + -60m@m + now + + + + + ANY + + | `_ftnt_dropdown(log.utm, log.devname)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + log.devname=" + " + * + + + + ANY + + | `_ftnt_dropdown(log.utm, log.vd)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + log.vd=" + " + * + + + + ANY + + | `_ftnt_dropdown(log.utm, log.subtype)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + * + log.subtype=" + " + + + + log.srcip=" + " + * + + + + log.dstip=" + " + * + + + + log.dstport=" + " + * + +
+ + + Threat By Severity + + + | tstats summariesonly=true count FROM datamodel=ftnt_fos where nodename="log.utm" log.utm.gseverity!="" $devname$ $vdom$ $subtype$ $srcip$ $dstip$ $dstport$ GROUPBY _time log.utm.gseverity | timechart values(count) by log.utm.gseverity + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + IPS Attack By Device + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm.ips" $devname$ $vdom$ $subtype$ $srcip$ $dstip$ $dstport$ GROUPBY log.devname | sort -count | head 30 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Threat By SubType + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm" log.utm.gseverity!="" $devname$ $vdom$ $subtype$ $srcip$ $dstip$ $dstport$ GROUPBY log.subtype | sort -count | head 20 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Threat By Source IP + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm" log.utm.gseverity!="" $devname$ $vdom$ $subtype$ $srcip$ $dstip$ $dstport$ GROUPBY log.srcip | sort -count | head 30 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Threat By Destination IP + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm" $devname$ $vdom$ $subtype$ $srcip$ $dstip$ $dstport$ log.utm.gseverity!="" GROUPBY log.dstip| sort-count | head 30 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Threat By User + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm" log.utm.gseverity!="" log.user!="" $devname$ $vdom$ $subtype$ $srcip$ $dstip$ $dstport$ GROUPBY log.user | sort -count | head 20 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Threat By Service + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm" log.utm.gseverity!="" $devname$ $vdom$ $subtype$ $srcip$ $dstip$ $dstport$ GROUPBY log.utm.service | sort -count | head 20 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/traffic_dashboard.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/traffic_dashboard.xml new file mode 100644 index 00000000..cf390151 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/traffic_dashboard.xml @@ -0,0 +1,418 @@ +
+ +
+ + + + -60m@m + now + + + + + * + log.devname=" + " + ANY + + | `_ftnt_dropdown(log.traffic, log.devname)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + + + + log.vd=" + " + ANY + + | `_ftnt_dropdown(log.traffic, log.vd)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + * + + + + log.srcip=" + " + * + + + + log.dstip=" + " + * + + + + * + (log.suser=" + " OR log.user="") + + + + (log.traffic.app=" + " OR log.traffic.app="") + + | `_ftnt_dropdown(log.traffic, log.traffic.app)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + ANY + * + + + + ANY + * + log.traffic.srcintf=" + " + + | `_ftnt_dropdown(log.traffic, log.traffic.srcintf)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + + + + ANY + * + log.traffic.dstintf=" + " + + | `_ftnt_dropdown(log.traffic, log.traffic.dstintf)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + +
+ + + Sessions Over Time + + + | tstats summariesonly=true count latest(log.traffic.sessionid) as sessionid FROM datamodel=ftnt_fos where nodename="log.traffic" log.srcip="*" log.dstip="*" log.vd="*" log.vendor_action="*" log.devname="*" (log.suser="*" OR log.user="") (log.traffic.app="*" OR log.traffic.app="") log.traffic.srcintf="*" log.traffic.dstintf="*" GROUPBY _time , log.traffic.action, log.traffic.sessionid | timechart dc("sessionid") by log.traffic.action + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + Traffic Over Time + + + | tstats summariesonly=true sum(log.sentbyte) AS sumSent sum(log.rcvdbyte) AS sumReceived from datamodel="ftnt_fos" where nodename="log.traffic" $srcip$ $dstip$ $vdom$ $device$ $user$ $app$ $srcintf$ $dstintf$ groupby _time | eval msumSent = (sumSent/(1024*1024)) | eval msumReceived = (sumReceived/(1024*1024)) | timechart values("msumReceived") AS "MBytes Received" values("msumSent") AS "MBytes Sent" + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Top Source IP + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" where nodename="log.traffic" $srcip$ $dstip$ $user$ $app$ $vdom$ $device$ $srcintf$ $dstintf$ groupby log.srcip | sort -count | head 20 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Top Destination IP + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" where nodename="log.traffic" $srcip$ $dstip$ $user$ $app$ $vdom$ $device$ $srcintf$ $dstintf$ groupby log.dstip | sort -count | head 20 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Traffic by Device + + + | tstats summariesonly=true sum(log.bytes) as MBytes_transferred from datamodel="ftnt_fos" where nodename="log.traffic" $srcip$ $dstip$ $user$ $app$ $vdom$ $device$ $srcintf$ $dstintf$ groupby log.devname | eval MBytes_transferred = (MBytes_transferred/(1024*1024)) | sort -MBytes_transferred | head 10 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Traffic by User + + + |tstats summariesonly=true sum(log.bytes) as MBytes_transferred from datamodel="ftnt_fos" where nodename="log.traffic" $srcip$ $dstip$ $user$ $app$ $vdom$ $device$ $srcintf$ $dstintf$ groupby log.user | eval MBytes_transferred = (MBytes_transferred/(1024*1024)) | sort -MBytes_transferred | head 10 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Traffic by Application + + + | tstats summariesonly=true sum(log.bytes) as MBytes_transferred from datamodel="ftnt_fos" where nodename="log.traffic" $srcip$ $dstip$ $user$ $app$ $vdom$ $device$ $srcintf$ $dstintf$ groupby log.traffic.app | eval MBytes_transferred = (MBytes_transferred/(1024*1024)) | sort -MBytes_transferred | head 10 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Traffic by Interface + + + | tstats summariesonly=true sum(log.bytes) as MBytes_transferred from datamodel="ftnt_fos" where nodename="log.traffic" $srcip$ $dstip$ $user$ $app$ $vdom$ $device$ $srcintf$ $dstintf$ groupby log.traffic.srcintf | eval MBytes_transferred = (MBytes_transferred/(1024*1024)) | sort -MBytes_transferred | head 10 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/user_dashboard.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/user_dashboard.xml new file mode 100644 index 00000000..0ab8a359 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/user_dashboard.xml @@ -0,0 +1,219 @@ +
+ + +
+ + + + -60m@m + now + + + + + ANY + * + log.devname=" + " + + |`_ftnt_dropdown(log.system_event.user, log.devname)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + + + + log.vd=" + " + ANY + + | `_ftnt_dropdown(log.system_event.user, log.vd)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + * + + + + ANY + * + log.user=" + " + + |`_ftnt_dropdown(log.system_event.user, log.user)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + + + + ANY + + | `_ftnt_dropdown(log.system_event.user, log.system_event.user.vendor_status)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + log.system_event.user.vendor_status=" + " + * + +
+ + + Authentication Request Overview + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.system_event.user" $devname$ $vdom$ $user$ $status$ GROUPBY log.user | sort -count | head 20 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + [] + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Authentication Request Over Time + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.system_event.user" $devname$ $vdom$ $user$ $status$ GROUPBY _time log.system_event.user.vendor_status | timechart values(count) by log.system_event.user.vendor_status + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Latest Events + + + | tstats summariesonly=true max(_time) as NTime count FROM datamodel=ftnt_fos where nodename="log.system_event.user" $devname$ $vdom$ $user$ $status$ GROUPBY _time log.system_event.user.time log.devname log.vd log.user log.vendor_action log.system_event.user.vendor_status log.msg | rename log.devname AS Devname, log.vd AS Virtual_Domain, log.user AS User, log.vendor_action AS Action, log.system_event.user.vendor_status AS Status, log.msg AS Message | convert ctime(NTime) as Time | sort -_time | table Time Devname Virtual_Domain User Action Status Message + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/utm_summary.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/utm_summary.xml new file mode 100644 index 00000000..69c8416c --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/utm_summary.xml @@ -0,0 +1,270 @@ +
+ +
+ + + + -60m@m + now + + + + + ANY + + | `_ftnt_dropdown(log.utm, log.devname)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + log.devname=" + " + * + + + + ANY + + | `_ftnt_dropdown(log.utm, log.vd)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + log.vd=" + " + * + + + + log.srcip=" + " + * + + + + log.dstip=" + " + * + + + + log.dstport=" + " + * + +
+ + + Applications + + + | tstats summariesonly=true count(log.traffic.gapp) AS Sessions, sum(log.sentbyte) AS Sent sum(log.rcvdbyte) AS Received from datamodel="ftnt_fos" where nodename="log.traffic" $devname$ $vdom$ $srcip$ $dstip$ $dstport$ groupby log.traffic.gapp, log.traffic.sappcat | sort -Sessions| rename log.traffic.gapp AS Application, log.traffic.sappcat AS Category + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + Cloud Application + + + | tstats summariesonly=true count(log.traffic.gapp) AS Sessions, sum(log.sentbyte) AS Sent sum(log.rcvdbyte) AS Received from datamodel="ftnt_fos" where nodename="log.traffic" $devname$ $vdom$ $srcip$ $dstip$ $dstport$ (log.traffic.sappcat="Video/Audio" OR log.traffic.sappcat="Storage.Backup" OR log.traffic.sappcat="Cloud.IT" OR log.traffic.sappcat="Collabroation") groupby log.traffic.gapp, log.traffic.sappcat | sort -Sent| rename log.traffic.gapp AS Application, log.traffic.sappcat AS Category + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + Web Server Access + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm.webfilter" $devname$ $vdom$ $srcip$ GROUPBY log.utm.webfilter.hostname | sort -count | head 30 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Web Server Access By User + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm.webfilter" log.user!="" $devname$ $vdom$ $srcip$ $dstip$ $dstport$ GROUPBY log.suser | sort -count | head 30 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Attacks + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.utm.ips" GROUPBY log.utm.ips.attack | sort -count | head 30 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/vpn_dashboard.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/vpn_dashboard.xml new file mode 100644 index 00000000..a65496e7 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/vpn_dashboard.xml @@ -0,0 +1,212 @@ +
+ + +
+ + + + -60m@m + now + + + + + ANY + * + log.devname=" + " + + |`_ftnt_dropdown(log.system_event.vpn, log.devname)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + + + + log.vd=" + " + ANY + + | `_ftnt_dropdown(log.system_event.vpn, log.vd)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + * + + + + ANY + * + log.system_event.vpn.tunneltype=" + " + + |`_ftnt_dropdown(log.system_event.vpn, log.system_event.vpn.tunneltype)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + + + + ANY + * + log.user=" + " + + |`_ftnt_dropdown(log.system_event.vpn, log.user)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + +
+ + + Throughput by VPN Tunnel + + + | tstats summariesonly=true last(log.system_event.vpn.tunnelname), last(log.sentbyte) AS Sent, last(log.rcvdbyte) AS Received FROM datamodel="ftnt_fos" WHERE nodename="log.system_event.vpn" log.sentbyte!=0 log.rcvdbyte!=0 $devname$ $vdom$ $tunneltype$ $user$ groupby log.system_event.vpn.tunnelname | rename log.system_event.vpn.tunnelname AS Tunnel_Name, | dedup Tunnel_Name |eval Received_MB = (Received/(1024*1024)) | eval Sent_MB = (Sent/(1024*1024))| eval Transferred = Received_MB + Sent_MB | sort -Transferred| Fields Tunnel_Name, Received_MB, Sent_MB | head 20 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + [] + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Connections By Time + + + | tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="log.system_event.vpn" $devname$ $vdom$ $tunneltype$ $user$ (log.vendor_action="tunnel-up" OR log.vendor_action="phase2-up") GROUPBY _time | timechart values(count) + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + [] + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Latest Events + + + | tstats summariesonly=true max(_time) AS NTime, last(log.system_event.vpn.tunnelname) AS Tunnel_Name, last(log.sentbyte) AS Sent, last(log.rcvdbyte) AS Received, last(log.system_event.vpn.tunneltype) AS Tunnel_Type, last(log.user) AS User, last(log.system_event.vpn.group) AS User_Group, last(log.system_event.vpn.duration) AS Duration_Sec FROM datamodel="ftnt_fos" WHERE nodename="log.system_event.vpn" log.sentbyte!=0 log.rcvdbyte!=0 $devname$ $vdom$ $tunneltype$ $user$ groupby _time log.system_event.vpn.tunnelname | sort -_time | eval Received_MB = (Received/(1024*1024))| eval Sent_MB = (Sent/(1024*1024)) |sort -_time| convert ctime(NTime) as Time | table Time, Tunnel_Name, Tunnel_Type, User, User_Group, Sent_MB, Received_MB, Duration_Sec + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
diff --git a/deployment-apps/SplunkAppForFortinet/default/data/ui/views/wireless_dashboard.xml b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/wireless_dashboard.xml new file mode 100644 index 00000000..c32de15e --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/data/ui/views/wireless_dashboard.xml @@ -0,0 +1,133 @@ +
+ +
+ + + + -60m@m + now + + + + + ANY + + | `_ftnt_dropdown(log.wireless, log.devname)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + log.devname=" + " + * + + $label$ + $value$ + + + + + ANY + + | `_ftnt_dropdown(log.wireless, log.vd)` + $time_token.earliest$ + $time_token.latest$ + + field_with_count + field + log.vd=" + " + * + + $label$ + $value$ + + +
+ + + Top Client Per-AP + + + | tstats summariesonly=true dc(log.wireless.stamac) FROM datamodel="ftnt_fos" WHERE nodename="log.wireless" log.vendor_action="client-ip-detected" $devname$ $vdom$ GROUPBY log.wireless.ap | sort -dc(log.wireless.stamac) | head 30 + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Rogue AP + + + | tstats summariesonly=true max(_time) AS NTime count FROM datamodel="ftnt_fos" WHERE nodename="log.wireless" $devname$ $vdom$ log.vendor_action="rogue-ap-detected" groupby log.wireless.apstatus, log.wireless.manuf, log.wireless.bssid, log.wireless.security, log.wireless.radioband, log.wireless.channel, log.wireless.sndetected, log.wireless.signal, log.wireless.onwire | rename log.wireless.apstatus AS Status, log.wireless.manuf AS Vendor, log.wireless.bssid AS BSSID, log.wireless.security AS Security, log.wireless.radioband AS RadioBand, log.wireless.channel AS Channel, log.wireless.sndetected AS Detected-By, log.wireless.signal AS Signal, log.wireless.onwire AS OnWire | sort -_time | convert ctime(NTime) as Time | table Time, Status, Vendor, BSSID, Security, RadioBand, Channel, Detected-By, Signal, OnWire + $time_token.earliest$ + $time_token.latest$ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
diff --git a/deployment-apps/SplunkAppForFortinet/default/datamodels.conf b/deployment-apps/SplunkAppForFortinet/default/datamodels.conf new file mode 100644 index 00000000..8f43e861 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/datamodels.conf @@ -0,0 +1,3 @@ +[ftnt_fos] +acceleration = 0 +acceleration.earliest_time = -1mon diff --git a/deployment-apps/SplunkAppForFortinet/default/macros.conf b/deployment-apps/SplunkAppForFortinet/default/macros.conf new file mode 100644 index 00000000..cdff77b6 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/default/macros.conf @@ -0,0 +1,11 @@ +######################## +# +# Base Macros +# +######################## + +[_ftnt_dropdown(2)] +args = node, field +definition = tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="$node$" groupby $field$ | rename $field$ as field | eval field_with_count = field . " (" . count . ")" + + diff --git a/deployment-apps/SplunkAppForFortinet/splunkbase.manifest b/deployment-apps/SplunkAppForFortinet/splunkbase.manifest new file mode 100644 index 00000000..39a96832 --- /dev/null +++ b/deployment-apps/SplunkAppForFortinet/splunkbase.manifest @@ -0,0 +1,139 @@ +{ + "version": "1.0", + "date": "2022-11-12T08:25:13.054927457Z", + "hashAlgorithm": "SHA-256", + "app": { + "id": 2800, + "version": "1.6.3", + "files": [ + { + "path": "static/appIconAlt.png", + "hash": "afd0661f827ccaf16d7e486d0286304e2ce887706e82c29051fb861bf15adfcf" + }, + { + "path": "static/appIcon.png", + "hash": "afd0661f827ccaf16d7e486d0286304e2ce887706e82c29051fb861bf15adfcf" + }, + { + "path": "static/appIconAlt_2x.png", + "hash": "133e9a0aa2c545c102072ba8d6879509783688b213160c464aa4f0a72456e278" + }, + { + "path": "static/appIcon_2x.png", + "hash": "133e9a0aa2c545c102072ba8d6879509783688b213160c464aa4f0a72456e278" + }, + { + "path": "README.txt", + "hash": "894fbd7cb2aadf1f3632ea2b37ffcf3663aa18d06588bbb9294605aee976f17a" + }, + { + "path": "default/app.conf", + "hash": "6515afdacbca57c8519e7324b03a9144b22877370b8a412c2505c37ce449a820" + }, + { + "path": "default/datamodels.conf", + "hash": "1a39f248ce8df4353ab694c06788637a98cb9ba982db3b82d237c55bef7a3fbe" + }, + { + "path": "default/data/ui/nav/default.xml", + "hash": "cc707ca52e88549a7072fc2f59ff1f2c531b7b8fa486e2a506e1dfbd4ae9ea5b" + }, + { + "path": "default/data/ui/views/threat_dashboard.xml", + "hash": "575b2b82a003a6a51839750e25be8e1f645105d0ea43591af521902d6bea1a71" + }, + { + "path": "default/data/ui/views/wireless_dashboard.xml", + "hash": "7a00e7e3d82dc30c012444d79c24c3861b676251a4f7f06bb919b92d9bb39a91" + }, + { + "path": "default/data/ui/views/overall.xml", + "hash": "64d4031a91ec2c1dbcba31dab2e6f1c1207e360735df679a81c735e6f86e001f" + }, + { + "path": "default/data/ui/views/user_dashboard.xml", + "hash": "53dc8d26e2eba3c3b33ffb834b440c9742c2851f332908cfc78e82a98146f579" + }, + { + "path": "default/data/ui/views/vpn_dashboard.xml", + "hash": "32aa174ed6417b19803d031fed0461194f91d2ed40213112a213e39fbf0b7d62" + }, + { + "path": "default/data/ui/views/content_dashboard.xml", + "hash": "9fa36ed479e778a1844dcd720e0da707f468bdcd9a7e318eb5de3a45a78e4603" + }, + { + "path": "default/data/ui/views/traffic_dashboard.xml", + "hash": "e3ef94125002d864e5e4b450d9a4f790af19199c899dae2eb427b088e7e01d89" + }, + { + "path": "default/data/ui/views/utm_summary.xml", + "hash": "296b6c199ddd5d1b0715e6024a4c34425478a13d9cc12ca75644ac0d4a34dbe9" + }, + { + "path": "default/data/ui/views/event_dashboard.xml", + "hash": "4624c1401aff34289e05409a0d165bd97a7afd3326871a34752979fd86468f43" + }, + { + "path": "default/data/models/ftnt_fos.json", + "hash": "c9d972eb3b2a2b8eee073024a5ad79900023f504593cfbb735a86c6132a36c6b" + }, + { + "path": "default/macros.conf", + "hash": "0a3108d582be9c58f17eb209166eea3ebf58b04d854998007239f0408da6bc7b" + }, + { + "path": "EULA.pdf", + "hash": "4b74b5ff9abd03f8e464aea123a0c9584740a2854d1fde93da80dd0a0c81a605" + } + ] + }, + "products": [ + { + "platform": "splunk", + "product": "enterprise", + "versions": [ + "7.2", + "7.3", + "8.0", + "8.1", + "8.2", + "9.0" + ], + "architectures": [ + "x86_64" + ], + "operatingSystems": [ + "windows", + "linux", + "macos", + "freebsd", + "solaris", + "aix" + ] + }, + { + "platform": "splunk", + "product": "cloud", + "versions": [ + "7.2", + "7.3", + "8.0", + "8.1", + "8.2", + "9.0" + ], + "architectures": [ + "x86_64" + ], + "operatingSystems": [ + "windows", + "linux", + "macos", + "freebsd", + "solaris", + "aix" + ] + } + ] +} \ No newline at end of file diff --git a/deployment-apps/SplunkAppForFortinet/static/appIcon.png b/deployment-apps/SplunkAppForFortinet/static/appIcon.png new file mode 100644 index 0000000000000000000000000000000000000000..33ebf44efdcbf54da33c3512b7110b613a292434 GIT binary patch literal 1230 zcmeAS@N?(olHy`uVBq!ia0vp^Dj>|k1|%Oc%$NbBBuiW)N`mv#O3D+9QW+dm@{>{( zJaZG%Q-e|yQz{EjrrIztFlS_jM3hAM`dB6B=jtVb)aX^@765fKFxc2v6eK2Rr0UTq__OB&@Hb09I0xZL0)vRD^GUf^&XRs)DJWv2L<~p`n7AnVzAE zshOFfj)IYap^?4;5Si&3npl~dSs9rtK!Fm_wxX0Ys~{IQs9ivwtx`rwNr9EVetCJh zUb(Seeo?xx^|#0uTKVr7^KE~&-IMVSR9nfZANAQKal@=Hr> zm4GgVcpk{1iHq`zbF$JDTz5Q`N^fZsd*)yF1AWQ8NHOu6f0LF6Gu}w zV^c!|BLg!FLqiK^LlZYQR|`WkR}%{}XG@qFSoK=C7`Zx{JGvP;0(H8YSeh6aJG#2K zxtJPQxS5zb!t{FP6_+IDC8xsd%>>yC(QAoUua$FAYGO%#QAmD%4lD%(WaO9R7iZ)b zC^!e3DQNg6CTHe>1T;Yr1o5v+YEfocYKmJ?ey##Igsn2MxqzV0A$n8D2{nD7WAs7E z11Y({gn(%f#Dph)AP1g(QuBa$rU;lhzTaJU8JMyDc)B=-RNQ(q&5-MmgMjPg3EUo1 zYeo4JG`Y4}HuqZ2>`hRj|La$|u8O{Dmi1tmIw3w}@~Rm}p2&!_wmo1uG;Q^>nRDD9Pf(3-I*_!S z>G1@~K2{m|GLA?Mp^|0FVzW4eW^D@apAc~U__xz3IXZ6lH=WwPCS}pT&AvxH*Xjl< ziV79Jz5VO(t0mj4R!Vn2OSSke zv*&WQe6!?^hzXXn?-W+Oojd1>$Nwuw58hA|QdL>!6wk=U(C~TDjg1xZ{GbxX)78&q Iol`;+0RG0Af&c&j literal 0 HcmV?d00001 diff --git a/deployment-apps/SplunkAppForFortinet/static/appIconAlt.png b/deployment-apps/SplunkAppForFortinet/static/appIconAlt.png new file mode 100644 index 0000000000000000000000000000000000000000..33ebf44efdcbf54da33c3512b7110b613a292434 GIT binary patch literal 1230 zcmeAS@N?(olHy`uVBq!ia0vp^Dj>|k1|%Oc%$NbBBuiW)N`mv#O3D+9QW+dm@{>{( zJaZG%Q-e|yQz{EjrrIztFlS_jM3hAM`dB6B=jtVb)aX^@765fKFxc2v6eK2Rr0UTq__OB&@Hb09I0xZL0)vRD^GUf^&XRs)DJWv2L<~p`n7AnVzAE zshOFfj)IYap^?4;5Si&3npl~dSs9rtK!Fm_wxX0Ys~{IQs9ivwtx`rwNr9EVetCJh zUb(Seeo?xx^|#0uTKVr7^KE~&-IMVSR9nfZANAQKal@=Hr> zm4GgVcpk{1iHq`zbF$JDTz5Q`N^fZsd*)yF1AWQ8NHOu6f0LF6Gu}w zV^c!|BLg!FLqiK^LlZYQR|`WkR}%{}XG@qFSoK=C7`Zx{JGvP;0(H8YSeh6aJG#2K zxtJPQxS5zb!t{FP6_+IDC8xsd%>>yC(QAoUua$FAYGO%#QAmD%4lD%(WaO9R7iZ)b zC^!e3DQNg6CTHe>1T;Yr1o5v+YEfocYKmJ?ey##Igsn2MxqzV0A$n8D2{nD7WAs7E z11Y({gn(%f#Dph)AP1g(QuBa$rU;lhzTaJU8JMyDc)B=-RNQ(q&5-MmgMjPg3EUo1 zYeo4JG`Y4}HuqZ2>`hRj|La$|u8O{Dmi1tmIw3w}@~Rm}p2&!_wmo1uG;Q^>nRDD9Pf(3-I*_!S z>G1@~K2{m|GLA?Mp^|0FVzW4eW^D@apAc~U__xz3IXZ6lH=WwPCS}pT&AvxH*Xjl< ziV79Jz5VO(t0mj4R!Vn2OSSke zv*&WQe6!?^hzXXn?-W+Oojd1>$Nwuw58hA|QdL>!6wk=U(C~TDjg1xZ{GbxX)78&q Iol`;+0RG0Af&c&j literal 0 HcmV?d00001 diff --git a/deployment-apps/SplunkAppForFortinet/static/appIconAlt_2x.png b/deployment-apps/SplunkAppForFortinet/static/appIconAlt_2x.png new file mode 100644 index 0000000000000000000000000000000000000000..5953e47f1fda8c1f2c074344e88798cf3dd9e26b GIT binary patch literal 1536 zcmeAS@N?(olHy`uVBq!ia0vp^9w5xY1|&n@ZgvM!k|nMYCBgY=CFO}lsSJ)O`AMk? zp1FzXsX?iUDV2pMQ*9U+m@_g%B1$5BeXNr6bM+EIYV;~{3xK*A7;Nk-3KEmEQ%e+* zQqwc@Y?a>c-mj#PnPRIHZt82`Ti~3Uk?B!Ylp0*+7m{3+ootz+WN)WnQ(*-(AUCxn zQK2F?C$HG5!d3}vt`(3C64qBz04piUwpD^SD#ABF!8yMuRl!uxSU1_g&``n5OwZ87 z)XdCKN5ROz&`93^h|F{iO{`4Ktc=VRpg;*|TTx1yRgjAt)Gi>;Rw<*Tq`*pFzr4I$ zuiRKKzbIYb(9+TpWQLKEE>MMTab;dfVufyAu`kBtHuNWFoz#!AFNG#Ad)HBe}%?0@jth%@)C>7xhtg4GcDhpEegHnt0 zON)|$@sXws(+mtd{1$-}0$pR}Uz7=ql*AmD{N&Qy)VvZ;7h5Huj9yA+ij}L8iKD5T zv8kbfk%5_op`nGdp^2NDtA(MNtBHk~vn9+7Y=ajEo&! zUEEwu4J_PDOdVl*J@bl767!N%VfJPM?S<+!!mHQHxhOTUB)=#mKR*YS0s=DfOY(~| z@(UE4gUu8)d=ry1^FRWcpa_Ea*Cn+mvn(~mttdZN0UW|snOIyv*yj+vDddEjKF~4x zpyYv+Twp@LGzenC6F-mx&pxSnz&uj~%p5OXnp-e1FzI=^IEGZ*dNXIQ7qg>CYx*Ov z5Eo{%MG2~QE?p~n%eWT#FGzY?{Dg503wN%rj;P`_%^cDC4I4XreL^P8Sg_&V>vLXa zCtWt(j5VHJ{9wX_B=yf{=UUs(?A($Y?NFuKz|g?J0Y)0@HpMMrVRZ?xXfS$`Tr@SO z{DoWZ?+Ul&sT}g>SFEy1D-lT9`E#@5C%MYy+#fcvF1X$x9iGMT^Qv9t^glQGE^z#8 z*(38|y8o(cuTmY>6n~Q1x#)FLJL7@OrLz<@+h5l$Iqf+63Gb5Bjq4&Rc13jkahUhw z;fMZBJwlb!J};AYjAlI4**xRuHfcxZFTXtInJp<@to69l=CI%v34=L1GP>rZId~^5 zyvoJw)!ZDGdCoEaOWK(Ye*{7$-**Z;IO4f@+A`Hc6HGSp&-8Qb+7UTQpQRMc`vgqJk4Y3oEEN9nm>gs%M#O*Jo?=pL}W37;5<)=LX+v{FUmx@2Mb9sTR zQ@09lr_4OzbzQr(1ADVKDpfYl;ok8;k@>-skh|UWx?%HMi+9Y)-*e}ic-mj#PnPRIHZt82`Ti~3Uk?B!Ylp0*+7m{3+ootz+WN)WnQ(*-(AUCxn zQK2F?C$HG5!d3}vt`(3C64qBz04piUwpD^SD#ABF!8yMuRl!uxSU1_g&``n5OwZ87 z)XdCKN5ROz&`93^h|F{iO{`4Ktc=VRpg;*|TTx1yRgjAt)Gi>;Rw<*Tq`*pFzr4I$ zuiRKKzbIYb(9+TpWQLKEE>MMTab;dfVufyAu`kBtHuNWFoz#!AFNG#Ad)HBe}%?0@jth%@)C>7xhtg4GcDhpEegHnt0 zON)|$@sXws(+mtd{1$-}0$pR}Uz7=ql*AmD{N&Qy)VvZ;7h5Huj9yA+ij}L8iKD5T zv8kbfk%5_op`nGdp^2NDtA(MNtBHk~vn9+7Y=ajEo&! zUEEwu4J_PDOdVl*J@bl767!N%VfJPM?S<+!!mHQHxhOTUB)=#mKR*YS0s=DfOY(~| z@(UE4gUu8)d=ry1^FRWcpa_Ea*Cn+mvn(~mttdZN0UW|snOIyv*yj+vDddEjKF~4x zpyYv+Twp@LGzenC6F-mx&pxSnz&uj~%p5OXnp-e1FzI=^IEGZ*dNXIQ7qg>CYx*Ov z5Eo{%MG2~QE?p~n%eWT#FGzY?{Dg503wN%rj;P`_%^cDC4I4XreL^P8Sg_&V>vLXa zCtWt(j5VHJ{9wX_B=yf{=UUs(?A($Y?NFuKz|g?J0Y)0@HpMMrVRZ?xXfS$`Tr@SO z{DoWZ?+Ul&sT}g>SFEy1D-lT9`E#@5C%MYy+#fcvF1X$x9iGMT^Qv9t^glQGE^z#8 z*(38|y8o(cuTmY>6n~Q1x#)FLJL7@OrLz<@+h5l$Iqf+63Gb5Bjq4&Rc13jkahUhw z;fMZBJwlb!J};AYjAlI4**xRuHfcxZFTXtInJp<@to69l=CI%v34=L1GP>rZId~^5 zyvoJw)!ZDGdCoEaOWK(Ye*{7$-**Z;IO4f@+A`Hc6HGSp&-8Qb+7UTQpQRMc`vgqJk4Y3oEEN9nm>gs%M#O*Jo?=pL}W37;5<)=LX+v{FUmx@2Mb9sTR zQ@09lr_4OzbzQr(1ADVKDpfYl;ok8;k@>-skh|UWx?%HMi+9Y)-*e}i zNh&WaO2a_Q0!w;uIJ*c7#lTEJPhe+g3Cqn*Cv9PCV&G`uX<|&kKqpPWPS3%{K_^GR zz)B}Vz|6wLz)mMiz(}Y3_XH~|6P-AL76CIm69EG|vkosWtck7hKV}I2j|~=zk^O)B z5H>NgGd7VoaI|sy>ru$g+Qr7!iGZ0--qFO^!pPaqk${1bmzPe|!rIxykxtawz}e)# zZlRM9*5Vdn6s2dSXJZs%7hz)*6`&Vp7G)P=72)7uVG|G(VG-ix7G!1?VP|Dy6Jlj& zU}a@y7ZhM-VH9K)5n!R`pci0b<<+5+ur)Su*ZP|{Bg;PnQ#%3%roRCy(n*`xnmL>Q zP4Ay*T>q6OGo7NHoihOg%fBvA`il(#69=8LhrJ1%x}u3GothQ{0V4s!UjUq(9Zd{u zV4=)+3=NGD^z{w(FTjvs0QmzQe#Psvf*=u5@e7J0i$iPxKn8FV5PGAKI6#o30w5s+ zA#Ks{6A9!6L?jr{j-h~w8ixNwr}+YaU;s!>L1Dl`{YCcQ#{Z46le2-Nv%8~-DJ&E{ zEEFlJh@2=a)PLg+3&r$5;QmiI5->2(|1B>E^M5DI!9l0=x0L^v9Q5_|P4)E|P4x}* z%d^M&M*RW2VWRoR2KpHG6TyH70l~o#LO|T}(*q2C0n-5wdbfOB;mv&HazH+`it54V z&e{V|j}G*?UlPQdf*i;an40N(n}F^!IsTJYG#A3se@N?JApe_+GA7Oj#sL*yZ+k*^w$3KD&Q4kk z|A3=Nz`*gZ9pk@@5im0R*XUo?2pIpx1_H)^W`^QllKivNp%Zenvlp~;*ZSuU*1vw) zI2d*4Wd4%Y;Qu)Km)(DT{daJRCQf!Pjz)i@W&D@Zzl?JJ%W47+`v2n5KbicGpxOS~ z|98;;p?IPej!w=5e`nvnxyr`K_;*tNn~`#cmP*bx|Few6%A2;E^e|tjyteQ;w5=rA z6hI^vi=gV8`EV;h0(e`(QrxddYg8-WU&3#SY~3c9Fq$Y535o8p?hq*4P*Z7p4EhV; zalogpfBIg8{&>qTyn_Ts29O6p>IIbfQzG`AQ(~f9D2R5tmpCX&Oo{HB(i5DUNqE(4!fo9~$jA`>>F-{-E;L(k5KYiJC z4=^uA1KOd%fI&0j#)&zUtoD&&rLi7)g7qFWFQ~SIh!z?!#n1-$7G+Q6xxRaJ7OyRT z_xIJ}s{YEsh7c4Txx49EL+m0 zFR?uDN@ABe zJ5-V^C6i5Brr#~bqKJr|@fDoIfe~_OGHGNIk+{iZdL3{AADSG9XS>Kftuo9x!gkC$ z8tjtncq5_w#k4b0A~LD#I|ToHC$=R_Z)*3szq6-$avbF9b-`+?R5#tKX&+Gk_KMt` zddNq3RL0PA`@%d+^yngErSUwEs5mbaW+;GfZW5tw(ctoNhGXzxvxVm;m$I6H37NVV`(7A=2EALubE zUs&UTLwAHn$Ig|Ge#?4`pTW;X%TjaL^>(Y|?;0%-6=mZur`Mm$IoJEOVJPi4^j==H zgsO=JBCzJ6c~@Q23+3|Utqa}R3j_loZ6W;gpPm~3?@zmb&l47Uc9#D=F~lQ^)ixcm z#xZ+Vm7L!yxj+v&@M#db|lfCa6+NXMJn0=pAm0r4II)KVOXg!MG=W9 z#sJq%%@=}jcszmkex9A$7X7;XS?lQDl%aS(HD z71BnAK>XTdcpyYtM#rDKW;wap;$cToZqO$HyN}Su^hz0GYT@g+4beqQ=%VPwo~$*M z1#uNfFDRdEpb!yJeVBrZH30P$mVC9KH+C@hK=-v89AotC=RlFREamZf;3)rnA+OM` zlW7I+oj!*6+HFS-+21^EsgvcQv$8BDqOC<#IW5xFQ$Nc09L-^Guimexe;x#ZsP9S(QBJQum$k#l-r_!*1NzFtdqLrK_*|qfjDuh1_SU6zMCo5 z*f}5<3g1lU5$7TtZ7_qOxqpp8SW7|GCh{GOl#CG6m?YP97#`xP;{Y6U#io}30C$HB zh+-Ds^+CM^qa_#`Nue;14`?iSp0UGpkhEbIPIC-|T)T|Zq&7Y0mpfz#nVHC)W3RCL z0^>IRUVa(2@btR`N#&qV!_Ac0C@IgICzBI-J+hpTspb;wpV`*5AJvk#Zk$9Y6 zU~gp^teplF)c(kMoZ#?z8QBj(G1$$r_a1E?QG3n5HvktQiUzRsD*en8Q};GsEo4n> zykw0rKLA3fMnvA`yJpppKnqd~sopK|$8t7R$b1u3G?J?{ted@ccGjDDvs!oqD`d%V z|Akg92JXq}yaM_UdX?$#nqP>mJjkLBBiAJrm=JJs`q)q_X2w3=pP&zLp794;w1dyg zPU~@(ISICnv@JJkDa8@h?X`fN1i)F})m{jfzhxE!UGKd}dNQd9N(wJel25MTTDDoX zb*3r-S{MLJn@#;z@@8n}8$;+)n#mZiH%$Fdp2aGcyXKYe(*f{oWvUul2;}+OP+8G~ zmYj)LWK=J046)29DwU0>rLVbx`JW^gBjq?5HcPyh%dayW>>jtZfoYc~u=>IrrN)!0 zX#GzpxaOD%>5?0ri$OVoq%YR+6OSdN}En9m?dfy%clLU4E3BjiUpfB;*AMm9#yu|S+<=gJ>T ztS}qM?To+W{DUJYw`QbryG-2P1h|w6^A3zNqQv@b@bwx8WL-2=kjG<% z%6g$PRI`L>O*kA}{RSe{IpULM+%);7Ek$0owNnF&v7P2v@TDTBg2*aFPVk=Uk+|1@E&T!yG2Fvw z{}9?9YLUJ6TSGfUm9rRv7*RGR46fev?en{C9->Y?G#@Eu7_9iqyk_fncs)m=8-;Z{ z74Sd;Arqw8ZZV`}Oi4G1;0T2=ZDq^(A;%O#_lg{L51N%wk5C=BsRkw zkHKN@@NImMn|U1Zv9L6voQPw_+FMP|wf@R=gfZtiEsLJt=E}VSZwk1P&aX@0AXHB! z1=UWqjMa`hw3_0=-|{_!AN_q&J4(rW*-0PV1DTOh3?d2QX9m2O#n`X>7TSH+B7Fu- z9L9v_D=RDNN;_RtRjPe}Y@zyoe~>9>ixy11hG69SqAiUEAkQ|q-c6j7{=R=6kAPFD z#^BC!b}24ViXa(2Z(scpjj&bko1KRM#n>IWmJR>e^K}MvC7>ONm{OQ?XAk(qhIeLm ziZa)J^Q1o1wmU3lVJAHGX&Us%>ZBR97b3Ja@6y%dNsm%;gl|MKqHCxgKF)rjdxCic zZO*R^w3%l62{@P%DEA20l_7r%yN-W^;8*S=pirhCQA-YY-7!pyun~G;OMjVex=#TT z1h!Y~zm}^gKQcr>v9{r+o)1XMrSF-_eTxIfc;d;Jd%1&9mM|Pd3+{AS?_Qf_oPDA2 zOF)9T6W4%Z9-O!r*>;FLe0&RSC>MnRE6>E5$vFfxZrd$(s;?A9V>|gcdgcb#b~?lm zqKHnE&nBS>hF5{}2J&}P>nmVXBI+apBCa7TkI5}0CGwMqBzo&BHYafy`BP-M`EhR@ zax#PSQsAj2^M-b|*DO#jfg zRc!;J7Tp40_|ic#%?LO^?q<&->P5Q?1Ld9iYpS4fNYEs952O$NcpgJz?)8 zqw65H@RST4^{z|Wk(-0(T>TrtH^M`RUmUCq9mcloSTZCCV0a9>+v%Pc_E78d@JGx# zH&qo93(INgCRnu1pfRaD=WTk313u~0V|w-E&v}W=4Gi-bk%~xbuf)BwVA@Z_Q_&{i z{VQE83?|h#MgXMHUyB^OvyJHVI3Hbs`hY3^64Lwr5`|Ld<25vhp&jzMiW{%RIZ(&( zj9QGaSRiCIP^Ku|97!X*t9?1aL3UiX*nX!9m`tI!9Fff47_%a$!}4+2t-4?d0%0Z> z_o@Y7CnvtF0-N19mRiXlv$xt~e_~KBShE5ZV$idp4Ix5!t#F>vagpt;~a6}6fYROY)^XF;ER%sqa&%V$tV>1k} zcZDW&po7fZ5ALk3OJPl{b=jf!zF;n)*?o{+#}E*3B>AafK^EQt=U7;rQT6qgq=2%{ zI>u8pzZKBy4|gb^^EQLC_6J=%_F0nSU@yRR-PvpS86bDJ68b7|}lq6JpAovq; zlne0Y1qtkj`Fc6_%+*bjA!oFUm#y(<0VZqjK8D(a+SBAhmsenyFk7=c$W+^C8Ar;J zv?55KHU*FA6cA@hI{jhe9%-49S~mT~3%hEA()RdhiCm zvoN+rl!3D-$2=DG7Xc?j`uTY2s!W_%_}W%Zo9vaq0y?AuCJ26hIAohK3-sGG2GMYu zkWOywbS~oK*{8PH?gJGr?32Ko10Y@9#_hBRFvdI5`JOMW4HF=Aa))g+nOkW;rGjm@ zlFoxiqNC!7WuG~t@CUgn;uF@aYMfm}W;C;iFjMmIpQ4DvR1h`%zp_KX(qs%$MEsrP zK+5@RW_dX5`XdPjRSp>mBB#ML9$1SmsD!mJZG^%M-|S#AK28$-@r6d{g+aRggqgv> zw_aGofoVDghDH8SK0fUW&r6%zHbrbB?;C#mm(f$H+q>vA);TdYnfLOr6Bpnk>L^TZjjY65s zZvuUZ@$14$uA74Lun9B0}()ktR_b-?A)3TEu6OwUZWE_)Y1 z38wyTo%9>IHElmg%r8eK^hvwpiVcT$4(GMsK`n|!mn^KFS$QjH4MCXVio7>;`zh+Z zV88DAC0W!<5|br!yR)nHiQ}E(kqh-z>Q?|bA_AvJEV!2WMF5u?aUa!GK|vVy?M90^qz0w5`A7O`bTIw<}qz?n+StTg6| z>h0r@w(~+x6%@FMbsQOys5!GXrL9DDTHgYqRWJvpHZL!(Wh9A^Zft#M3%>J@kk@cG z9(+p!)tRFCvm}$X%z$!N$PBt)B{W)YPDIM4Bx&nO1{Y*vt!4glZ={M}PAcOcORA5| ziEgCCYXO+sNgI&{vp&gw2&@V~pQjqR1l;(Nc4`AASDtsB1@TJGQ8i4)iV>TcGq4oN zeX4D@;b5yxq6W?@)sqxWG+RXFPj%8>BX7>q|}Lw0LzRa82ll+AC-z@PtvE z?`m$zViT2Y_umFualg+ogda9wf~`{Z3_0QB=ja6!L=<$+&S=fd7KR(r?RWdk=A#P? zH}+Tpah__3nhC!5NvOwC@FZh7W3=<~U(@_@`k;93P?o&<4M<^J{JFMQfntywpXum( zwp_U@hf*;^3v5uXiVHPBS;txkPje9tX`XSd!Cf-CLYG*VppZau^6D_`*9?48q@p)k zFCu?kIl-nU@=r(~YHx<`jiK&jX|3dub_VkBbP%3>7RTIH@!S2e@o(vzq0d`5nc9rU zD8y|j-Mjqe^&B) zt&Z~q$`rPd?1Ggy0;HARGf*1)SOj_pikr`$imn^+Dk11{4E?|hPdH<56*hx?McpbD z=f2=4ipNbL3^K@w??i!l(@siM@Xr_anaICtZ$Dm@7mMYpaaOTUs>7ig6AZyUZ%5=R z)U;iHiRK8tL2H*3we2@|vGpNgY7y~L5j7=`J@QnoJ&9r6w(H)8XKh(O5c-|L56-D$ za;XWF;jG#U0>)s9St3dOd3;)Un7dz<`Kh7SI*p-_@CQ64XjZ%eIb~ixGKxuwZ&4vQ z5^WAEp76HQR7PEbL=&m(YL-1mLE5Awe{FAhg!PNZj-KzZnG4g#Ij=#VnAGZ&E)PMH z^z56|(Rf61i)WsC-O1>5hBti&Nm)<>SjKaA{8ox*1fs&WQg7}oN8@)wBCms08a6QAQrp=;18_Z~}uMZ4saXC!jH@q@~SYZuO z1a0NS*Gp`)JDr5&1>P$WsZ+$$@bl|s=V))2mwL^r#tmNH&N$I_+vsn%yhNvmX7{z4 z`=Q@->eP4()+!{nXWHsy=y+}W!A!TjW0pD2QQ&XyLMv~UNig?xes)nlis$|4>uWWw z#1it2W@ff|=;>*rDRX>XHOOr51sFtM-I9w<(^0r5g8f@_^dp~Nnp-x3D+Q~B~T+u?xIp^Q8 zCcK9{au3(yTZ7NiO#m>XED>R$mNK*J(k`?ReBxzQ#5kW`5^a($rb~{dPf(XWpBTO| z-=ZJU37}p{Et6JDVi;b$J0k1k-JHKqY2V6Zb920QJhvz%*$lf}4t?3&$wT$au2kxl zT06bjefPMpfz1T5jaRAiRPU@sj??kvb9ppD1pXHDvahtazTFXq0;Fc^u7dd)=vZCW z&=cyY^kHPhyDF6OLO9dC&TpVkhAxA1`;wODqZ%bwYfe)r8|(%CkU4NLg0QaGflNIM zO#&Bq0Cc)?nFD0_hO4$mp-x5gWw-1|r5E)K0ugaklw?r!W8K0jbJ+I*vF7sDT{~Hz z=*0M}1(N%8Q9^3L@j{^1gP=Odl&#Zv3NDM zRV!b%*^8W0V}N6)vmKD08WxO5$65|X*cDAEUF?SDh?h{tfW8zrlPYM8vvhy3`Y}+> zh{afg--Eu8B_S?^QyNEVpCL^Q>sB=%+@DDu>-a*yFRu}adH9z0f^Rl*ReSi9l)rW1 z=vb~>yBMG$#$>#NA2#OD;gJkYU%-`JU?TG*9Qx~|g#m{u=}VMNy+81Jh}z|y7EZdO ze;%4GzG_bgLNgBQd^gNoVauc`I zI6;Vdy0H}pFzBD)5FQqnVk_&4$4#PURr2kkEpk)PpO_h@*F_wzhpPKvIg!(bQuRNO zzc-9Z#L+%1Bc(*RE$UE1HAn7;8VE+12|4Mi2W(O4jF6aikg`!N5~7YE)}cZUzK9-4 z@$W<&qKkx5A>`muTuA2k%T-cSvaIIt9K1!VWro}K`NmNvR7vYZOWoU{TwyQ?x2a_1 zm3x+9O)<9>GWnL`QrVQ4jSh77Q&WUDcHTh+iVU_-T5%-GmUszVcY<_yx-qs34ze_N z*S1`mCkS@Azo;niUK06Y9tpL@!PssHfIYD70dIIyijk z%Y`@L9Ux0~%<;VtNx9uq%`Icxmfx&Z6Iio6&iL1-4w_>}l?DR}2xNFgEBZWgna?M; zyvLEq;8DrBu>C?O8QlN7^464XXp6A89fxp&|L3RiHUB@ZK`;{~D{6_*&aV)8ueP0k1>NV*mXtHF! zc#ze+lIDo{BhO~P1Us?QN`e8m?wQ~=Wxwu+sBh zNdIIW1ss)N!w3{_hG)VOosql9QRo*D6&nIxfp{pN`iKMi1jGbi`Cv^`6PWDvwxQ;n za$~3ErQ0L9WyZ5XrZXV>9*GEFE+ak^e}VRuNyl1C&Z0+(UhRO!dl704-2kEaxP)c42*S6?1H^nRTUY$$nUy-sWkgu z;&w#U-OZUJuj~Yy?_|Eqk5d-?7(h)v~t7Tovtrd+eYCms`+w zRb#=xi=)ta@*df-I*!%n)sG&n&#_Wl&h}#vm$lLw8jZkFjdVf1CIanPME)48(%vq{ zEEyis-y75+RJ5*O4k<=563CyyQUiskUDIyF&kDbom);Br*2sx2W_PypRO|-#l31l) za!u26ZW83OL|qV#!>_IAQ|TuTIPzPI$pZsvyuU_;ALAsMcA;T?kCZ9vNoT z>wD59)xy;#mugx?P0`XuE(daWiV)Mkk_tPtnUTfMFU*=e$C6(+G@MjEbs}Ln&(O8CWEl@%HZQBg~_0h_r+r2w6A5 zkvdz$0@g;?7?`S|cmxgvI;C;8i_;@2JD%!`uG-uZX)%Sml6`>q1sp}u+?g%Gp{b}s z5za{5#CBZVDI0Vf)$y3e$ZT`Ib9XaFmU|newI1)t^=XO*z*;-5bJi#zo;Op0$}mRs z;~96TQK)5Ux*&ur>8tlfp8yD8?7pL%D^8Fq3r|c^ABR*us=3SPRC=lMw5o~sogeqP zW^TkYbERaXz&I9c0YSRiuLGtld3b7~1b12~bRlBxF>;~=rx8b=#p@5A#Xt(456iC9 z`Jx3P@9x@JGO@OlJdvI7Rd8uDrwWqXGXPmv>um`=wKDZfHFpysWd=F9^ex7VJ{)}- zo=Qo}jb$j}(NM|2;@Uk?FL6&EVW=`)cQYFbp?9o0Cj!Hi?3XP~C5sY~H9*!o-?q;$ zql>JOmwdiSW-!#H08`WeD{Z&NycI5C63LCZeBH^ zmT^bwQ?yi-o6e-tGe;~lFcu&I>miTNv5&5{0#X z=VmG^Z65>xZ*G;MdUQTZ$Fmt_N_;^TgJ*W zL2v>NpvUJw(owGggXp`AnA=!n~iN?p17*=@l6kswmvQTnkT~+j%qE^ng z&VLF~x2I?A$bCWo#v=VFP1BLo&;gg%F-#cp8xg4G6KB$XgyNg#I9 zEKY~ktAAxPOVkqj(IrzPDU;Is+WFVF_^2`XI2}y4Aod^Qi1U*gN5^(P{hFplJ0#{R?mn^so>kZKLV!D7zm>aVLd0J{C`qm zAIKOkY^wleZ3axZ&esoMVn|SjsshD7Z{v|Jfgj~t)S*V{RT606;2V}HYM9Y~&iwNJ zEWT6U{6+}|8|DstMEG82f#P6z<3~u@E2iG)J7nvycEP@k>(Eh zvTZVWNUpO`u5Wn=zuWT|Bbq-plN^g$kgYyfVSNnbwyc(BtDt>wGL`e1 z=DitZl3K`iKxUamv6(IL2`9aDURn1JWlC(Mh}&+WL)i=-ae+mPld*e!>-WzspuQN* zeEuRf5n4?c?Ibh~zXg|E6XCGrs`8wWjDw4eNI@Akq>|^$6wPT@TqaR~VIH=ap&~Bi zuHp?jIoCMTt+FhSvi?=dD@OA=EUEzwC9qUNDcL0;Liqg|ku_M?yr;}sTtWnGqK5YK zC}b=^d^s5#k1hC2vb`Nj+j~P%TMQjb_*7za8D8c%uaPG?Jt_DL+RuX-{0I^i-IJ7s z{Dn*`f~rh+8*^GPxwTZdrlMwmEThw$Qwq>MzxrJ9trvr6&@Z9bQaazo<`&qbz&X90 zL>ZK9axg&C4v9vj=4@t6bX92_GiHhEe#ze}-wZ<`ChQpe4fsv8ObGy{<*a z>7E-Xz>a~*aiy%BJ?MjnDww__Gv?ET3^~x%9zbQ%9J~25fGPQl<7hH<@V7(TfSKvM zGif5OQY?4kJu6U8kjMK;gWD;Yw*nS-s;9w7G}LXxHtgoIhTM@IF8ox2AO=RC(k4b< z8W{8PM>X!)59qX7%G@V@1AgCIJp%Y}E8gvbV1DIUa7Jam`RKZW24&63^|X6|kMOQb zdBb%$Zs|eB>n9L8mKoY0{d5d`ICb*+{B%ee54_7R{<$Bj~y9A=^Y5IiY0px91P^OU)iL%5cEW2++` zslW%HgAOZMQ*Ts4Z~Ln;{fLKIypA@ed!U=}^DkTP_?UBRY1L>s5LScl)3$wGtq|Xy zfEdBUlkd35fQ}97{Osd;FoYFsH^27nk>40>(eRG$?^`}zNzYl=Cmos?x`ijVn9=N2ahcU{XQ^$&^$haB-A6o&Lal0ou?H1UtQl#>8u{zbJ`)@mxY1 z8~cZGBD56YT62l72T?}eIH4zSM@C%-0${9jwmgiZ)?!j0TRK^^T)h(!ZPMIp;kiW( zVPXmKF*E`~Yb0a%w*CG#Q~hr9w)hW1$-nv`|9=Q2%nbiiD9KhEPu%>MP_l$*ACJ-y zbT6UnY|oB^Oei}ga0o1}nq*%O7>Xqycf#~JoHRKJ)R&6VNJrv7G2!FU{xdrGEeC%& z?V4q3>*t*xR_y$d78W4E)Nt4qL|>Frb#p?r|$ZsvTgPsDk+2Y1Ig%_f5I zhgTOpOGkK%?AtrWu7NiP$6b4LysiPMV;`uK@6i-aTo+486@y(#1hjo8`FY0Ojl6A+ z8wyPL5=-gFR4;ERmdcWI7uGr@n{5CWW`o_`5A>Y&`-NASX%_sy#Kxj2A?l3DSU?}E4>x%3joX{XsSE7FUwl1Ur$MI4HN)=mJ{ zO?VUu9`{hYaM?;$TzE6#t$@(Id6{J=;wlj4H;)5|Q%ilwFdn+L(SR3GHw}$a3gVw+ zp2dw8w^ITEWk^rg!3oex;HxXy`?~q8HmC5`SQwf6?29Wqtm=)x6!ZEGfi(pvcuU>D zY;j^P{W6@V_FGw+GN5C#$%Q1?GS+QC8ghv4c~qQSRZXhO)D=2p&mLzLRkcVz!~i=t z(OB{X)M2@~D!zbo2ph1~LvszD2r%}B3kl^d%LGjgW3cF(1K=EA&b{4c(Vw;=q}nCH z?7Yqa=d(9Zw*2}uNw$yA=)Ij&o6)yETFQan8p2VG!pze&g(;#a<4OvCO0_JfF+wlD z3PZ7xA})%{D=;~@qm`dToR`v~y7Ix!B&z)7xYz3B`&2+eYf|l5P>lrWcrc>RctgO# z%CEjWL!{D`ByC|Vqu>xOW4nEN$6u->zmUpQ;@=jq$j|ta3K+V!ucV-*Vvgt?WC%9C zq|HD-By~6Yv)CSAfxB&Kw#y^nc9NGnzGQZ7d9+#C$F4dBHq~izvWG5U#o1DH4>Gq9 z-Dk3FO%zu1onjghj!bcLMypKam9G{LK8?0G}BS~N~!U(g=_H^1)-Q!nF5!VxbNtfwL6SOJwc? zd7dEHAdBQYy#U&`XM$K}UVY}2i&sV_i3v0fWp*ItmwAZ!K%f>9*3Hb&Q#EBly|8q| zh+@ayhWyg{1m!qEFp0=981Q?!p>^;P6m%2)f`9&lLpj|05<1M4;gJ{^S+qW&R?bzd zIVR&**E@2}ZPN6z3vjEnbsPk!_Ez%kJ^Kn?@XM%zqerL)_+!5q)!suJhX&lxCdmlh zwd~v9zu7E%OKzUi6BbKFIZT;N7ch_$IOU7|GS8{r{8xen?#3FBp5QmTP@M1jP}V-) zxu#x=0e#PNT1@WT*>&WNu&?3(m?h8r)DwL*b{CQF2hOPy5cBRpV@OEb3IhJV^MJTX z@mP(rz6R|}*~T+DncFQ$nuF~TE*7=vBsn#k%z z*Le^Cge+-Kehjd8BrKjGrz}B<@hvb??0Hd=9`?Bb0^wPN?SHI@SoV1 zK|5d7SVo|VXY_H}nHoouFuTA$=?Lx$0o=K?2%WSDo5tL6m6Z&G zxny&D3-2WbnEiMPE+_9>qIj+1Ym%hV5YLHGl0qtzrf8b)mR52lw@ZeGvLJ13=F*wW z9t!wVPC4V={`i9*a^J42mXi*2Z->a%tfhkRT{1-+;iNz%fzY)fwc~ht-JN_Px&di) zX)jP6M=L=LW~$PzF!PQE$^!zXMy5jr8F#Elri*nJXmVEIV6g*KH%(6+R$lgXnuUPr zhec{m7U#u*s+|X1S)g}`@4}Eki|zaW>Sly~Di(=xE)_K5%uZ!7Cr!7Io@1&w&t*YI zs;QppurJh6e~+*Yf1Q#vrWhq@W2@%DObZ39pi;zJ^J=6wf3VOnrd3A^DNx`I)Um_Q zzKU2wG7%d>HA5l7h$<{+w~1WeE=@N;B#2a?2C<(}Hlk^k{w zG%2qLa&D4x`BC_U3M1_|phO$?L+sSHL`5_T9<%9!u+e7N94634Mli89NB|`Q(E0?1 z$C{POr%m?+6eVXrhhO0rrr^ik#+* z$4Ugz4eQZZ%crf5f-PI8^=~HDd`4_g2%O3X^dq^ zbTSD`Y#QbFM6*Bom_MjMt`F2n7w%b~nBH z%Rmne-J5Q#t#$`5&I8?<+EaB@ko?AMOIN8cl6^ywGFI~}fQ_CrXa20+0%6IJQ55)= zG(~>op2W{el6_>Mc~It$E&r2^+&>`LZiYrCf?IO#^w^R)$Oa7V5txPAeZ`=#HEwO> z;!FiUP3LUc9$u;i zcDr5uixkknb?JjAh{li9i&0K#PJnrFf9$E5ek2~>KE4TeZ6gYnr{{2a0#~416PS4HfGSM1V^eDP=O~xILEZJ{~so_Nh z7mzBbqKM1WIqT|6G*IwF1lm!vLKm40uyNMGh|}5Ea(|i@G{|68Ie1AoBqg z(4=Q)tvp@*38D-0MtMXjTjr1xilBkJq_k|(qX`fsyq2E$ z$XDsyG&7o~g>QxMfdI2)zXs6Uc*>DDFEE`K=Embwar(^IQ}Ij9@LZN>dwlU5@M6un z?1B7dw`2(Zwa3WjTvQarHdTsk!XIIv>=UpyO!4OBey1SVdj(euar+*N1R+cHY(l>_ z1>n--&RO2^sOKpmOPy%{p&;9wG&SLjH8l>oLymK(VYC8uczxkW0cX-PpomLdsQr9l zs#+iAChI}SktkSXxILQdLUJ9Ep!${A%&Hx*p>F<|Z<1yo^9 zwK4(L#DJunx^?a9tHZbzZ6f^Jimd@nMN0nbrgz5F9S~@bgi+0^HAtXZySSWGFi|^R^L~n=17|lmyNwx&}%np z0Y>hdevMag=QOz`?~(+y2g3mE*CDNXA_|nqwJGE`cdeb)HD)`^u-s}EgCm8WaidjB zA3PYpX?jq_SXNjniRRoJ1f$_4esi~k(xKOWOLWtG-bGNYaR$oMb+nZczV&4T&hHU= z8Cl-x?}gM-WQO-|=41A5UKy8--P)M3@uBiirgER(V}i32?GW>u(_MzE**nCz`ons~ zZgan8T}kaU)2cLRL}@)$j-@;)QtyB5d@WI7-W0w1>$X3zswgM(*F@hbbduI~$<>z# zfH9)OG_DfF!1|VICVH6A_?e_x61OKLnsfCq127!i!?S{AAB`~Owsr4ECKaJxdQw{l zFRwQ*(%nE8YqQB6bhky*yq4`>{J!x)ZZA_}SLF98)HBA}gu0Xio!9aRYnV@W<>L zDq$h0L)gHIBea@h^UOzg-6r>3y7`0Rs+MkjR73DUR3rTyzwlu1 z#hp(Iz%k3aX=MoT=|I*3C?^$|rhC_9sWc|ZRim+4`J=-xG-Oo|6 z|EtScQkm+(+k=O<^^>Ug%8<$~thr2V~p7hP9NC@{#>y-hXAH*iV;Zg7{! zygBg}GyfB*L+l-!?I&^7wWiuz{Cqy3v9Ls?L+gFtEuR^03{2@+xmUR5_|)K2NPuin zgB4SgUF{~ZyZ(#r+C7+prj=J8*jrfX(~lJ*_<6(_RL8czcR_`Da*Al;2{)?vr$eo5 zx0)^MYGs?x8w$U@(=UNNzO(bm#!;G0f@=*`p%}ZLR?d?{A+_C;9U+VcugYfF`@Du* zMXp(wcROf4j2=3yzr4oRPh}XYr^oeX^s!V^?P0aA{kqFzFx9rtp{{e*0+SofyIlqg z-nVvfun%S@Co1jQqJ+Dm6EU)!=HaMv$E7TEoG5{j=XKs$Q=oao_`>qux}l)AmYnOy z+Hi$D>4Uq|f334970YlOGZm*`??Q&5Ng^p^*X{9R>bldod~kb+%R72a4cPRuyBqXn0uv-u)%J918bBYA~QdGs86N`5xmNtbjrFKp#td(3nYZc@;0U}mQ6zy)02LJ5Rc?6o;C8^R+$9X*M?ZG7o1w z97-M#QCgt((uQLjFmjwtuItxXk@5brZ!nUW-ErgyoP*jO9yNo0W;ALDFec z;w^O=*lP#-^Fh@rH&5d%(BHHq)TK5$7`K31-Ve5wY?UgR7ex@Zf(xi;A%;L zYa23&aLsAT?G0}HP(*6Vf3_6xDEHY>LHk??c)~Sxtr`@xAf&8HczTQ>`j!{cD1`rJ(hLVHv~O@JI(c3C+F0Olh|pm%h`E_6tYsY_+VwT^`H zg@45TBi{1xNj+>=mm<1gKRWqJEQ-LerPJI*x&8onG|u`KRaLY$+D?)Cbh9=8x0NK7 zcRIbx#CpX`grgw;#{k-^P+8u(zELXI%MXs(pG=m?dQbFfr-_Jm}?9@dv~)%4qaU{xshWRkcJ+G|;86a0g#0#rWu zg<@b|KcDevKUAVSqD9n8!mHN$I5c;_eF8SJ3CwA1az#&@acYhQ**$&Sf@%-!8!ePU z&9e(S5(9*K)nv}9!x$&G!28f*Fhz?SFoFj?QS!IbZK%X3jkS+~a3rY7|03)hdqn}Z zExXUQZQHhO+qP}nwr$(y*|u%l?sL=q;iYqv_a7>iRb$OLYE=FK8RsfhvOhEa)Xt*a z32ng;?}9#^*+;HObGl6#swvLcYGw}Pcg3ea@t|H6H2F57$}_)_EL_jc8v#i)gPyt> z|9XB_#h=siwbsBkDQ}9H&fOfi=}@cx3a~<}4%BqL%CNuy(TGwuhYBTJx?&+&kr`^( z*j)={B2XUT_VsZ7u5p=m;CUN(QFzSSY|TDk5@x2{mjsx}m^<-Tp}?kP-8$SN&-CsC zGPN}_1wbN8IE**Y2Mux%x+G6pPC1xyu+gG%e`8cl%^yE%KBaNN>Xac)W z!N6s5i>^+OqUjyCg;!=u$9l6I6wtqHYPw8}C(ef%>2EiJS=*DV?GCS7=wj^4>5lA{XNME#x{yyZ4CI8YXqC)E`KD#} zfVBdC9Z*@qwFFPr)9Fn>VTcP7@RMulkePc@oRN=Z$G(nITrOv|;i=ZXHvucNqr63a zqyyzdLSWmV1^u}x=10`0*`%UWZ4OD=4$M9BB`)(jYxqZRch^u*M4^sMKGldm&lvsgmA=B;y~b4_#R6P^L}i8ytl48EL0P4IKwhA4|;kw&AkvXVuSmgpTbhAK|B*QB@_^><50!u z)iKBMI{+p7xx+8mkol9my6t?{SBjHE4`kQu1_%P^^lV<-8 z_aSEZFs{_@yh}(2tSwrJSc=Tf<)F&>fx6RQluN4v$&Erc6U9S;=D?_GP-E4*NOkS! z9dsZSF)4Mu@DE!N0?l|s96RY@Pd8T}z_q3UL`U&}%`v8wOde2ymMxSie<|5wzDr24 z99m|rWd{t04}e_M=Mqt$bfZ{i{HI~05z z6Rz3Wwz=_ykOPc@-RIc3Z+aPFujEOw#5kG?&ME;k5OM7B+0huLui{@~+|QOKGrxm$ z`|b(bawCGK#PMaosF4O?6BrUns4}y0xSd8$IJeyVY%X^(`6I4a0c`ViLUot`eR zAs#(z;;IuJpXORB-Uh@VQf;wz1AR3>hotm@e3IgA(q9>=AU#$^Yrg((3qTco;3>-p z3qpX35YQ~pzy1Z*41thmR)H~*J(%5+zz--o>cbY*8Y5A=@!LB|=_botp%+sACt%>p zO3uBERy-Zg004!aog-jNh%7ODHKk+Fqats=tFMl^6p@q+UKsmXw?+^RqC=rfy)0nE!6FCZ zI=P6Z{HO@T9~RUW-ohB{#9$R{dB^3*Vzm5fP4#aF;gKSHtA5xWOIKfrVJhJ39ST(E zK1zLg^+V8<@R8^X$ixUolgu1zLX=PLV%GNW#0JBFGfy}QQdrVRoqT$>TR6r9-R3jE z0!iJ9{Jy}W>iv`l#eZS3Vn3GoVU2f|5t7hhHPS2Zy%RtQADFP5bInNxQNQxw-q4GX z$hCwO9t?A7@Sc822QBihePKGjjP*ijP+`-`AGGwvKkq#5%wK5=0zBCIkzk`Df!4O< zqz@H=n2ZL9G$WkPt%eQBd8I&QfO8ICBDdzTg*K=QRDxlU4lrOQ;6F_fK2afVdzYfj zG$h>$l6%FX8K0aym28EUGld8bs+g1I14(HvFtA-uY5JuM+eiuXd}l0b?+-izsl3{b zF+y_Oehkldt>wVXngmD=^Ba>qgKQIKyF^Mu{}LDLw(lze^x2=LXEI9`4yc9fPa1(; zfRu|~Hws(r8XcJ?yKsU?p>~OZDj9Et(bdXp_iVV@yqYVTc`3LZUuQ1efPJN&8+-8 zBZpQQ)Hw@^DpA6SLiPw5P3xy`4e3L+MivZt*vVX)J2RTNMpfBkE7aq|5+jTm=~zSf8#Lv{Ub~f(AhOR=OeNqMHT_>Z~tOk;9hH#!bkTeadwe@EU|v0hAM;!oP|y zW!9;p%6$QmdM!pTu^)cXYLm8E^6=j%$uiayE!KfCJy&?bl5INiYcUn%`M`$Hw_I^f zpm#;rqyzS+9%eJy4&bNa_X>p85#0tbJNZa-Cy?w=yzP;wOa<;0&f$*2^~=V%-J{J| zp~LhSVF6R?OH1u;2{>?C#K^zrO4Ae@Bs9g4l+<8yJ{uHQc@5F2cv2hChe%`?X2%(W zbm;8blUQYClTF;KObf9}3=DUB0U$v}%qDB;0CqD`&t54!GI0j=$3Wz!nQmn1xpwHg;t&qb89QRvOo+I~Q2`;e_=_0(K6?1Bv;HIMyKN z%yYrRxG&9eYzEuBI8XA9lo8)I^H4w;PD;;WZR@Mb?(NcnEN^Q%Rn(<|s(Hm>_M1!Y zm>Or?XsM)IN=`~Yk38hYrmel4+C*|5Jp;eKCwdKH2vFWBi<75QM^7?>qL zf-o=PWV?6?S%1t31wm|77ya&>PE>a5ue3UEzU-_PMxgFb^8fUMxaeR2-T28KO>Pk-Uifn|#-d2g;e%^k$nlAKjK6 z)XeTa4!fU`^hacCB4jGVeN-SN~zWk?7|uw`_u!H+yUCJtg%r z2kq7gy+QkU%FFg$C+=UIJ?TZ!3WMRKb5sDxhY>875Z^`T!aT11=Il&JQPdyJC4RR2 znYk@Nyl%9JiRc4Lzg1qYDaFkCPNK0uiW(Tf=1&ErnvKPn(lrEmIfwNAYZ(JW#(Yvl z+u=y5Zv%hz62j!2WP%6B&}9%epqLe3qC0iCaM$^sS|u42RuWfu_eWgm4Si&Awwj~w z?6+~VXGXG?xiFHjmq+p0z%3^v*YcpQzq7S8B(25^z;=h~F%QgMUoMOGmb-rpjq8Hh z&&@PYDjh$hMC+?WuX^b?+Gm&af_H{-mUBaj?K=q`Nt4ucrSR`{8MkTFHtV~gp9i~^ zwGxlFOS|I@GD^NyyNLXnK_iCaB&tB`5yxSjzO#TV*^=cC&pS~+07fF=)_rhv#C=Hr7lGii>&+!y*t9JP>t4(f(8lcs?1v`_d3KXaHY4)#&jH@nX` z5ts=ZE~3rAQKD z!|4AJAjc;-#dJre9SXLu1m}9_9u?A16_SsosdM!j?1Ydqz&EJw%p8(zU95tuqDyh- zEOe_I`p7*oW(ru}Y8A>imw1ce^VXJyr?>T`z@2_{G9bxQ-dMS}h7cO*4r{XuA?di4 zi*hh66tuW>ArxMT>8NM;iTD zlpfpeyKp`F+-@w|6P zS`vx?llDduyA2tfp<`b^lxOFOd9 zymaf#(<%}%Y;rX9|Bw|NM_gXFtbgqQ^Q@0{PoqP35 zzrplv1D_x|7aF9(cr=@;@%CcA*<$phLYl{g2%b`sW>!iJ?BmdU!7*3Ab-aW+ek&dt z1MIfkUS)xXSW(#6)DQ7=Fm@Sc3nk131avf3N3Qa^xpgGqEjmQfT>h@WWmMIh7!umd zu3H_q1Ifi5Y(mEh9KZB&E2YuOMohuN@C4vXDnB|cN>4DHeum{I1b&WSYqOqXA5%## za&SqVXnl<}$A#R4q8zwGIWWQu>Cw727ezf{ja(#$zhh#gNpo3ABtN$0$<|@@8kxUx zJ5F;lLcP^3VH4fT#s~#C5dOhEm8mgD50gzr;u3&mZM3*82dP2da5J=k*MeN16Pho$ zHK0uK4){3d2P3H9Sxte4J=Fr%K2)5B8C~AQwBel7&!_fu&yGo|*63DZpc6>susfnJ zBgY1;%?c5h`pXtXa0IDnBn#-6m`v8dcw;Pet7aB7T6TDF;W!}L-w`|?c}KJs5cHfV zaR@b2i0cnjxOQZoXj6%tRUl6wguap+-TEcd9&i&!fFhc4X>kWWRCLR6Olsh~*M;)U zMZ{Ca2yoXV)utyh84bO@JU;$V9*$dHR%EpV=?XD}-BJ=oe*ws4yAhEwto4Gt0TI_oK#V~;qxB%ah}G*$JHk|(?*n=q+vvsGb!HBN zH$(2R;$~m=jDCUXThnwn;f5Tu9)`)6u&4n~=8Sc}K^8aH*hge$<Dv*! zgyC}f5Zn*re7^zp2K@}Us~TL)pSi)Gs=w9T22EBGClt4bf95`JsxU=mPt-4Y$eM6s z)jdcZp|R`RU&E)H4QI5v_G^xCKABv|?pO{htwd{q(_pEj(=Y(OWTB(Gb+ULF+!*5( zmRe1xG8+4f{#H_-ge0MD^_43Y6BP{gvNC3voR%fgKi`m`_x05C`69H-QVXXV)mZ;u1Lj4s6TsYbLUMisALavKk zqAv^W062L<&czsH649U|9%$^RJwuC)HXJ)7q%Sx{?bUrL5F>$bS15S{s_hJ zR^%wdJI#0PJ2`S0H~ zT8dN!k)+=`ZD_QY-pM;)aw0d`srJs0$7r+ME+3hmjs=fiXk3cmZ4-5iuEdMivz=uE zwEHnJfqt8AagE}RWlOtQHDXRxievtt^1rrOaYII4V;H{-51q!PP%Hnk>|Ty6$~tnU9JdBoqU zja}Qdw9z*_tIQK=msBVXyqn!y`MNbCA;dA2A`nLO>|5^@y)o>eJMLT=>J*=SPb*ogiwIg&?sFL@g@mmNtex}9P z0z)i@9)-k{FHKVh!`x2G2En%SMkrWthNA~x!9|RlN4@_A=I?I!( zxmee4bPq5cU$E@%qvtqLWcJoW&B}jEyXC#7f5^ zi#Q!K$j3T7plqSO9X#!tJxnC6m)ljJrrKfq^@mmHn=rze$UwX z8A%8%tJVTJe^bNaF>hMZJ}4N{jEaRP6i?)}U?M-Q-eTG4T!{ej6&K-H*C0!X&!g5* zn^a)?wmhrhHIyw?7fb!OV3XB_7H)hhiq0l-rP(E8_6*ctbbIcRbeAQOnwHDE{SSO! z6q^S-!Ij6=7jkO(ZkB6W4NTuAsDb3?}L)TyH&I&wJ8OQg-nol%hOW%1=RwJ*}sm!@FT4jJ+FrIURsBs-|Fo8BlHk~M)z3gkcohnMo@s559x}+T7}2#U2Jva46%z23Z%7OKN^NLshmBoKK&ibOAw1mZyUa z;->&BHsa+?7Xbs=?wI3W+T{V9J0Nrcw0u&1T;=Q#)ighbttR5RChP6}#I0U~?_C;0Ox_zz1}EjIs@Qk57z#)J6-tkIO@^ob2Av?x!;{)46P=PyA^F4S!3 zIZ!AELHX~J_jTPphqukc_`y`Ml+O9;Qg_aio$Cs)-qd;-kJ8dAnu!Q*T9ag0m9_z$ zi}gJ*dt@XsDx`y=#Ya;v?6j2{g${7qTTUd!AP5WTO^m{IXRBkgYVRf7OGM!LsF6iXsyA>44ona{jdA+0oFHR?l?De zhJ)}VbzTVhMr~L5D3zABWP*ak;K+*h09WcHZV&T~@>Ttahi%T_V_=E~4;zvAHs~}x z@Hxs?)){9;{;f9(00Nv%F|;KiOO@~K6z)z32!zG+q8vDl*V%<{>oe`ErE13=h>boS z(4s5{7b4grfOk8qDaTb-`KwzIX!5wL7E}fdDhd*R+4C38`P`f9A5;-RE7=ieI|B z@JJ&|mbK<`?5`I=ScHM=`Z;>{ej*uzCo*XpX{1Kf;m&hQ=!(J16Orpco`~C96Y?8_ zoBAuqqFHlfOgxh~D(4X-5h4A4plkr3?#a_pO!kMpF_){QbD3}eotQEfshMrj4i9?p zfYzl$rM+0ZC@*P>MlznY)iA)Rq~wQ4kieFS1&%kPPD0gBHC_d7a&p0|B)hxN=dGu&7&tl_@kyP-p~bMwO=u^&P;B0J2cH zXVVOxn7B9Hzzw}o7oHU|U>%EUc6UFeN)^NxnPLRr@eKsh4ep$lLb6l-gq%~`nSiDqhcsD3dYhflWQ&ouo z!_3>bEH?2k8B;dJFEt`VCTpkLBN$=R__7=|v#v2OToKt$IgQON?2Vv$8D6at>T&I5 zKzf+-8noF^wIczqq7&zjkf$o1n~Ne4d$NQP4k+8>TBcsd`qv4RwY6+-;r^+DOJo`1=yuHb~Dk2%M1cPf3pz4t<+SMH{ zlL6)2gAu;`kx3{XMF+g2E|L>-Js-FA1bAKfTLNCuUV;*S4qJ$}>F;C{ulT%i`Nwzm z$(gi&!RZc+VS{oR8_thT)Aq3@o=oYWgnm)brX1vvO1%>D=w_Ldh>@K7tn?fKXV)L{ zt;k6CZgbjqlRgKBv^21n-l({&LD%VV+OZGrTn!xNsCb?!*M2J~Vd?zlGO+6Sa;K^~ zdBx>>`EdUJO&SeU9e;czirJT`ep}a}IHC&iEP=0OUKRIFvE1y*6@IgTuK)@pdig2% zSiR+7kOji~67-XpuR1$>T}s%Shh4$*{+WJ|%h60s>e;IGQXML{KElV!Zn!M{&5GlT ztVu(nEL?aIvf_O>AHB(>ec8TGSPv?2v2RC)!5$*=iTO@_gq#_hM{S=0 zKKeENLDC1v1?kiJZxHK0ruF|FVsWsu{ZEKht)`W<@fXGSweC!e0wj{y`QKa}8_#|c!xh`JWURHt8p~qGzWwULQqrc^6P0?&L`#Kb{?&}VMCt%n* z3x6GnP8Rz$a6MCNyVer%h!&xFzz^xK42v23^G3CZwFLYG|I(S@^P){`eNyz-%Hmxk zn0r}=#Sr2d?PLi3$lSez5_?nBIHAwqW_3dJ5r;5wW4TavtV^t9Ln>M!(|WlWQ|ynU zCd_$o?ZqCf6Y4?K*W`YOO4Blp>X%>Z*ZOo$&|mpooc7!YD@7}VBHHDgs&>$d(UhT1 zD}@wfY6f#B0Evapc!r$!{>?B*I{Oz#^)6+>tJcSm8ETS$po^H%jFWvrV*1Fq%Bb9v z-H(Ru7$_-`D7*6|n&P~vfT}CVGCxy=wv4+0L1wZ$nNBdq0MwKv(HoF=BQCuWwUN%2 zSR$lSKoRG?%7*yXwWia|-qi$kS7z5`n)emPSP5Q4UeM|8S@cPWB-`wzihPDpe2d4Y zjjQ8^aK*K#0LpUN)Qt85FjWEKn~wxl=F_`UWo-vk>wEF)O;zVsC%~Lu(4s3SH}ORD zg-*P(fsBb&Jqdwq?o}EFy!SV&Ak>Pgo|6Eah#mY-gk3163St82CoI%v)x!`xOdui| zGBRa^wiMw}Ccd0y8KCLvs@%Vp_-nrn-W!%29kea&K?M(fvm5Q8BGv`r61vz zUa=nJs9*9oWH6o_T1QW43O%A{2%x0!iiAwACc(MOF)%BQ5RMb>lDOd6pYM_tDq;p^ zq0XRWhwZzXWDots6y<9bg%pFOexYTI9)M&NG#vHVr4TetKY*(MDk@nN0HA>JJ20LL z-TL}%9bhUh)pgf`CPi>j-+=TI_TZzrY1b3CPWloKe8*smDQe0?J;>=X*@TWB=L>3! z8Tb=)GT;pn__|Q_nwr3u=4Eniy{5oJ_b-2~=GWyxzQi@fmG6AAHPd<}u3@1CF{+0F zGQ_mXAS`ZEI1?;KCkB0!u?2}41G>0z;k!}}i7 z$U-M&*y~Cx0@F8Pf{DA7Z61dYq;o2ELI-fcbL0*jKErJ4P}0$*kRxeHry`D=5awxlUS_q5 zHG>zKM&g#m=e)Mf;r_E{gbn$N_X3Q?Iy*yqW6aYI2&A)(jCJ2aYqH=XQWk^oN$y}- z`+k|v5gGTjv_DKCn+=6$-RoF45m6H`_VPZY)h}EAQ)oJb%OnpEQ_<&W&Kc6(+`pn} zc6+WLh}X`-qm`)O9C}yQG!F0HFl9puU3i%Ye9c!^@xJx+u*=wQ>`5=^%B!4-Ml0&s z??Lr%C{EHPR_Dd)oL#>lkHUp75T4EbkBWcd@({fTdVKYDJY!^2>gxLpBcCK*Q#E znbc8KFt8+TVa$hXb>S>NkTS2E!38~c)oZLV`~w+Rh7|z=M6iQfq{<9Gp_uQ3(BwMO zoGzR5`kZsGtO$}d!^0k{XS5#7m-g?fV(pfW6&XeHx{)-VQxtUKCRK)Pj0>A;XDY8W zy|Fh6T=GFJ4aP*dC<*tIdfE?-E2inn)dY)*!}Uvo<4zZgq%*#BrT(2wuxVY4?Fu)} zF+;P&@ieorf%@1no$c8l=7TDf%5N2s`({T=1|SF;{3MPvz;s^Wme7~?@8m`>0Sfa( zQ`duJ6S76vY>|Z!Kv#sXCg5YDSuoDQSxSNh$Xsy{x%|NA=)zzkyi&|QIEPQ~6>NQ= zTxI0j73Z4Qq7zi10N75550ZtWX?72%S?YSFWA);<;7{k^AJEx>O0HJg0vJ3jT_0x! zn7w^XF-3XWeFjE?t5P>3KpwbEko~LIE?q>g`J>894_|mIu$9s_osK!rqny?rksQP_ z`ylLqml+sEvx%s_E{do)i*gsPWz>Sh= zy5RXl&xM;Xr5nSwWweMir^gSY(rL-m9B0lVPElc<>ICEgEidrVv)O?z*j0(~2m;x} zsw!M)?+fLoRV0!Cd@`%ahkte>Mea;nPMRDw?!qY8jM07QCeE!oVSG}K_xp(=>wEF9 z3ibCG;3he?6FEmRb!0{lMvD}5=q(pBd}F5?+clEe2nEN@M*fnIM+O*gH(6KbJDw<_ zUV>KW(CVY`OV^W~j}ys4Fre~v$kzy>i6*%0vuzh?OZurF3P;Rz?khC%D+f+d{iU2@ zXgWYDSSrEY737QchXIRi(TMkQCqXQucDPrRy=SV!13#djg>X>0d20E~_$@Q6{^S^b zi$F!#3L_^67C=bZ6rTih*+hV&LSeuP=cw7u?Op+le3ed>vLeWnwux)H;)R@sPRR)E zg!ERC_HI$`0D%-EHRGV+p!TN%e9Kg+x%WX3&t62V_!%aB;=rHyYm-l}=B8Nl?oo1dkC z6C)P?-&T25eIAQ9{xOdM3||3CN}cdwz-h8uOd!3y_tBr8T;}Z=sEC%|CD$aHVTV5o zKjnw;o$yUKFY2LoNo4=PoP}+3`R`O2dKog1#@*^D2|dVg5@`K~_1kdu4tZ%L@HL{fEeO@r@rpaGS!>Ctusv` z0?}PQe@e=U4q%SbVAqzUac^>vy zuaV7xI=mR>_NSmB>HY-JIxrd2uW!|b@_t>84n<_a`N!1-XW7dHIjkuT&qq`i*_j_} zN#zX#UPU`fP*d99Arvy) zYE|>cqy3S2^T2iCTtgxSwkj4%QX@mAynG9~+Eu~I_WqWJE$Q0RGjnZSXycW6*d@w9 znigpz-W@16eG*fu1&wowk5gxwv9aK>R&N$21=MS*l{YDR#h(LOm>;vG3SOU%xgnx3 z10_%Qn;W!_glNI27;;B+Vl!o?dPA(25!O74ilW9&k;nY{+UEv-I|}a%CYJVze@_vs_)G>BvL;PMsgNnlA1(!jnotrxuT4c&wnsBzpB9S1i2-E{IY0#=c^E1em+3HVgSQi-JRg!`^zi8AKd(3*MAQC*@p~r*$n!{ zU#qMFcD2W^mlNyq!Q+W;KyjC^0)G% zxFF`6ZCn$o1ObLa4Vvz}+*4$*ULN>w z^o^W}KBg`W&BM~yi-5?&HM9mJB$?S#_~0b=rQFK&rqZ{l30mn@A61nPJAjqG)L#aQ z?Na9cx0N$jxk@$?ws|@rnd8eme?6nusgP^}+(NEK{_0w;PsaB|n^6M`4`~`;(xR$WZ|b^kd8ukOfBV{r}<5fAf&&l*_W%$T~I5)rs6JZ5Ia0pE^7pCj?L9+BjKkK z3PziLbsG9Zsdy$>=`eWgAER)BSma$y#5@7`>{l*wW$fj@k&RJ4XS{n>jMh5KV4>K3 z29{)WWln$o6~10-rM?L%qP9!R`$aGh=T!ph+qb=U17K88-0bT^Zu&w1Ei!N}`nAye z;I-%S_K{_q^PNwZGg-yw#**r+cTBePT6w-Km)F?PmyAEf*y_4#cQbxo<#n6YMs zTP1)eZ9D+aFW;B?iwq3|QglR&P87uR<89+6Zuvg(MDj$bHt`uc^Nv&9nrhs;U$UX^ z_p0s63yQYNqtk5V0J!my#KB*FcPG!W-QxAe7hBEfV5X{> z=OzA1jhLdv_8{-J4B85{sqUJxp8btqB!mqKw#tzqiU`Mef(U4BiE?T0rCeGp?Ci41 zZZy5TC|lg-1BkynVJWmZ?G1s))_3tzcBmm0;SCZcY-s6@t_6%BBF~DY_T3-+Ug)w7 z>AQ)lN6OxI%!BbDqsO;{|Jb#;bn9OIV%SiYN1@n79j9)QCCif5>Nk9NCTEE6j8CJj z!^Uz&K!JcJ8NeWeGuTltTK3K~`&CT`5;-$fr6BXFpLZvYh)cK+B+JotY`OSTnE3Lo z(Yp%wAxTmsXB_zgr=MXPs6m@I)mn?MFf&E8%~SogdMG__si%mL2VJpaIJ__YY~Z)F z-85R6*VgXHKKr9A(TUn~9Mq$xi2`qB>=YJ>;SpmRHqoIHFiLGsvam3^uJmuVSYbUG zTB(Sqxx0@p=Dzx9aDJsK({T63W?T+`f2n4uUb=KGa^#9=3Ccj^!}|xWKB%oGQ$osW z%*iHG!=Tij2Yg2pZQI$|8y14uRFiX7?3(HrJD)xU^O4$e%FUiS)uZn3&$PBzOHoQx z%6_iSJh{z32ShZbyvDo#Fe3*wLCssf3=Ks|p?#m1Lv?FG4Ybt5DvndIr*S4D9N%MR?tJz^7BGDgjn_tl@wH;&C0euR18M~RQNc`TndYoEOh=X zuznQtFh5_=w7FI~v5ujAlOY*Ow$9-V4eZA)Uq z3HFd!)8^W@Gd8y_tB;$-Ot~HlZLbU~M4RF&(*E#>H!4+=YL=^@;eW!QLzcY3^nEBX z$_QA2&x2GrP{f9XNegQ_^1u8!H6n=XG|qa9l)oj{1F#4%!`k^4uOsNYXNjH;2!MPp zKZ#yHw_P-eRXYK9pdoaLx3YG#$u71#Ss6sRH*#7`H<-`Rdl7)?nB0z_DoLD0tqGE* z&YYHQb1T!}J`1Ck20Qsd)Cb70?eO|<1n)neB>wLNkBRO7BY6K;7<5TR=?sW%9lq9% z&Be_WY5$g=e#0v*&WoG{kHrdNzXU+?&Nhm7rLBt!X>4^ALEq$?+otyF=i!n> zlNQqD=Pk0^?fj~z+aq_AIre0l6n!p}N|v{nrJ_n|qq%S!zk}?eO0v7)En-I7GaglZ z=`i*lJ5yDip7%PWWW;8CIQJMfGYj*x*NzmM7c8E_yuBAUgLjpfn`l0g*vo_}_me^5 zTH~Edc7A=Wt12t&O?Cl8^KE)reEU?xw^y4MBvbeq&lQCw@amDT361 zy;vgYV#%3A9^Pt?Z^C7E_&|5Iai#MS_qkW+Z3H{HY(NRcunG0fy-8}*G}b5nqj+>W zt)Pn>Vbxp8W~KNN9K_4wc64=}U6EUl+EtzCG(kIhP@Z=($4ylr{r;F_b#Xi#dW~y=t6e@WOVPXp%un^IAc) zeA80IW(y{HNqy5EH4JFW~Nm*^q7ju=Gt#7%D8SU+i zw3JSz=KM%k^ny0Le1+YPku;SF?gB z*^ez`j<6gfTquvlfbA-!PC_l)C@7AqF^yg#q~WwE|DM0ap&?ew9W6F1FAp0WK&XmQ z;_ZYDZP)N&LOqH0d)cD!+Dm1S&k{$$YS=42Z0WqZQ-)M3`-8>e7?H?sPj6KP2F5L7 z8JJ4U2aPDLdtOmQ1$M%oQG68Xj{8|q(>=LtuY!+Z@8l>=iLNdkl742^HXwGp!UK=Q zy3avOD&Nx0ew9IDP0N&X!!bSC>IcK)WT_lP6#ta4CNBd`WWx4ak*lih%VQg|tKmiD z%@5{Mf`2pDIUAs;?o%$Mx=+~_JddI|kY*sPY7YpvQ8>hR^^L;l zZbsq>w-9=m$<#L=3R_N23MegWtkEo{3GPSQ%4ZY+d@aJtba|7m#P`F$ZlE&{gL8)^?U#H;rsXegrv9Z*7UlH9LZMV!^n0wh8PrNnpc-Mqr4>)HW@+x`)5 zQx#15&f*{1spQtp@@RB(pNALH=D3uF$}Ba_-YDOP;AgjFR@fbhP@6)O1lG&PPbLTN zwm{6+MoW4^$~4Xc{&TMo_4JR%_L-`lh899&@mNuwm{O!Jlg@E&-7X|#~2;Z!=t2L zGw*8MTZKpzWK$u$0=g1^QBDXsvnAYOE~&uF+o=Rsm>3u=Cf;?TIa9vF$b&T#NHObA z`fXcJQ;8!H_6yu)lf^g^{E7R)a+`XwEelXB=rgZ_Z32XFQoB`5(w2R&RRANoGz`n3 zAXO4ry(sZ#QM)1*o;aTze$GJhFAsTy+Hx88+$Wo;jc9p<1(USA-C&xgEX5-;uvCQ? zhhTj-ri2t!X+Ns6AU=hbqml1;2ji%_#fnir3}uklxMNM~c2A6~%`2d^%28v$h_@U4 zw=N@NipluevbWMg!%;NO9q5n|NLU;2cQg3pfj%`ZS)72cxA79ATgVNG&a@$utrd8b z{&?KJp4o+c1tWPA)-Rc*x#K(cRQ?tE5{CY1c)#GSy?qD(f=B4)-oz%b%X*Y@VJ4c_~fweB?eU|=)UNt(V74EutuRDSn=*! z2x_$Frh2$fbM?4gJT;=Edo5z3W&IEESGP>GywkEj`B50I4FZkT%B!<#gM>&{XK3}P z?qb1dQXAChhC2@!E(oNq?uzCeJzPP+N@iom6j$aQcpm2f_MlB5;n?~eMNp|)&&6=> zbpr?`J|G6GN+R3qE0q}kE0M`FXAz_~QJ<7rGRtp8l*=f{M-q59bFs3KWx>xOE;5{1 z_L_%dn(bAcm(*cG3#;VxjZ&ogUNgql>`_nH>B*xLs&R#MD&?l_R?Jr-HA+D}ltS&? zJI{FwsgeBI7RWI5N~J$~&;Ag&tsD{s3nl-&|DzGNZ>Ff)=vzHsNXkJ5ZrrH5W=}S1 zkAQPXC}7s0Pb_neOWnZz`rMD&)Pw{tt|$pO`@Jf-vQ@WSv$J*BtR&N z8^R{Gc{O}}I*R&9h)Ng0pZQ)xe{*@;GV!Ky=${?eyFqBzSWp|Z8G6e;I~XP=>EPtZ zJ_Z7Yt7H~pMrPl^JaAR4l3uNJVx}u!=DjO23F#{Tw)f8QC8s6TKMGaa+eYr)b^`x^ zhaNeu{x`4SkUKCZbg-9oOuLDp7}3bo0NP*nejzHCKWg|2lKm0j2e`+YG8H!yJ zQ{+s9m)ZJP%{L!4%_7u9Qf!eZw{2wyFlv>=aqtg>RyQI7rnn{#762}_Y*#>uX4U38 zvn&RtUp)YCxo_&V#oC~x;r<-5B0-EOdihwP#lD=Bqte^xDl1_908iG6VLN6yd?m{Q z=^O;YLA*70x_HsEu{KyDWd^0<7UBSHh3v|eE0soV0NE}W5ViUMAEfvjtor}0=oHyF z{~mxIju&&ajtw_ur76nNFJF|N8^+v{x|59lZRCt3?qpD0fN3U zC6UlZ5G{f&N={cjd_bQSqKip5T1bK;P_#CEw{yTUNm;#74t7V(^_{Wy-~hge7u!GS zleGw7PyBbY&gj}924a_bej0j!+vQ^~PkLAg=flDi7Mf0}SmWF`AGM_(>X>5w;+M7t zL#U?x)T|Ap!Xc`dgzCPej?yn7<<%B%ku!Rmshmh}9*Fk-QoGgT!~MeV+EL)05a?P< zV@BQQS-AgAs*97E$ayF36QWFtP6N>h3*&gLHuH?TN`CxWF2yFnQ?b$!4~oL=^P6nYrz0UlTp_tI9Hv=0~ZD1Xd@qqu4<+J*U>t0V*Z(~13Xk6FscHhtWYXRz&C2LE%1++)hnbFCe4wMN?On(OhYq7ii_I{E{2{DCP`4IqKf~{MKd`QXlE}$13QWNZ% z8dvupA{EUb^m{b1taZL95H5wu8W#TM2(RMtJm}{3k z7u@ZSsw{TZxVD2kOqmLJnlhQ`ESICH<(pWXU{NUEi_Lv{^Ye&$qWuJJ!<{&o6g^eI zNx^0BKekcrmhC;8CYDzf&G(jte)x>6DUG3!1YyL371GcVr^6+__?Vx4^2kdm#+~{8i?|de2Q!<{(}OwE_X5~gE$_LKd~4qxBK@eqydfFesI}++zdw5+Pg{bZBi0vAU1cxIhRZO{=M+ zbhD*ek&kd~q330n!$#<$3H=jrV&hhJBdq@?YU4Xt&aRoF*Y-x2 zK6xp0k6T~po2H%g;>8iDO?orXOtY6;61oTP-@;~lrExdhJJXcA_tl#-b3QKR78M!o zsKh1C<8+=0L<(1LvYK`XeVkyLCGwG77uyQ0LSl%l^gY|89Hz$e4b>u@B}l;xs%I9o8!@_%hC(9q25~6k71#vu0=6-lCFhP zDLl%0$%~wTG<2AJ>tiNIu(v+5Tz$uz@cW|UKw!0LuN`%27I`ZD9CEWpapeE-_SQj> zJx{)9)`J0&@c?{Fu1$BI|GBe`@jH$ySux)ySuyf?eFg0-QV7~@5TM=RYXU3 zpL41zD>ExABTr?0Kn3=1W%U+rdD?1PCpw6Wn%S-kl#Ut}jJpnG7fFUm@;SaP1@%Ur ztH9+*{R`x3zRLOEThW zg`|RMIL;B|eY0Vx4E_&dr44tlCWr9V_|l40A3!G4vZTZgXg@dQuQNj1HKjn6w1$Y+ z+v9?hrrYrmO{{FFWVQ3hzIjNN&XT!2xhqHC)Ty&6{-MxrDA!u+H1^tpR|KgW&aQ5z z_!Ldx*Fc8i*fHqLV8JQ8sj0+isbqq5Sc0haw5|wCs}c3nrSF4gXcArNRK*gzz*6k0 z-j393yaOUs-m8hREd~-UF`+QzC$9w74W;S{PDn7g?y*8nAbjf)VP6N?N?$+Q$>v-< z00s=Q*8JX;LqnY&KbwCMYVe09Z9Ws~sPSBUfrG^>yfu?Y^cnT2kxHI5LSS;E!YR&n z&XW{o13R1SB>8asn|6=hc-6RPaQTP+EF@c2UfpcwU)OLG;$m9+98Lmw=}pa&2W!M~ z7@bUU{_4-A@kP(;DSuso9h=K90=hof1VR{4>+CSUPM42Y5(d(g-cE>QK$#3A8Rx&MW#DyZu z1VQs798};FDyb2JKfj?`!I!9B^I@Gc^yZd%Ajx7#)4F}p?iSc;Tv!&0xxnGQw=p$9 zx)L*fyPKAy1?Kk-X}$FN{dsB7DtW}%_`chAazE+t=M=LHV^NwHeEfEaWzUCR%fAQ8d+Yl;K16n5 z6oXmT>TxuqnB*pVC&U&e@ke#`PR}NiR#+?&@h?MT)6G&ZUi{)xvHLrr{EjYpl4D_biE{0JMOYm3QY&&cS#WweiCFQe3gFUzfo<2}!|h(IZZP%Z zSy-QMcwg#%PVe_~+=Hsj2t+7A z1Ydbqd3``H9LXpsD8md3mUEu~T?P@OfG!P0TcRmrZ_(5x#6F`4H6nlyPYw77=_pT@m}{^*g<%d^~+Z)Kgp1x`E^?BeWA^_b@veUFnbuNWjTV{pHwVi_tsC@Wtcy6>(+q7-m#9G&$ zeOG1ICN12sUa+HD@E-FaEMMe8f^^>LnUB1uYB`RUvgzlHO;{t_I}FddOV#e|2ot5^ z(sAb2)$}J%YPy4zg=I^9( z4onwW?%&PB^y5khWI1Vjab1qN0+LG9Ly@LOhI0<3>Dnm{P5aPazIUA&hbw0&s%MqN zKoqIvdSIQ~7h@ZgTuGsEM8F!{NczkM&dTtR;F}w0p2(hk(_K%u%yCWUpqZqPA=itu zi42xC=HcYSal^>!jDFuGmQnd&Whrc6b9Nzc&1%+P%;*n{ujnZuL=chr@e?bf{hF(H zWWf95W;O47@J8moBaUQw{+zUmF$!E3g)ffiW?X#6Q6QEh^$=b85tYXBas*6sXh$t) zY>`MMj6-Ff0i@2r8)a*i=8c}SvQk6w7sH{~iz=`)FQ=HjG4V^4&3d?;$ zD{0C2wB)Gjn!b};jEN3iT44(h^%kilD3{U2v+;~^j(Dp$7FN+l6<&l<9&w}&nR=`5%xeCDY-Lp&w+a{*y(y5`prESMq`bkaSFp4*dSL4J zt=({R$4xWL6p-Fy{)71--{4O)bL5*-kDnAEo~)Jz!zkobjhWUmC$nx}KpG*b5jM%r zySpT0kGY|BtKc6$HEEE-MvbRifJTcvyAV(pi4o$th$q7alR_J$ymgM!MXnmA5>DC+7gd#arQv2O2D_H~#a?Q1C$(oOe-S z0_9&O)fbV@ajHgWm@ql02KL(X7FSKz&~xIn+fW3#n;&_YUy8C8A>LePt5v{>)lqSR z8`R4e%O|8IG^)Hq^;-MT8AohLC@tT@O9oeVWu`>JAqIG-2g7fRr4hUZ8rHAVvPTGI~qT=hy(f1OO+@)yARdt6{sjz~_sc0MLx z6Lunvgrzi@k|^au2#dBB0Ic@X{~914csHP~n6~(`V7)ViLKB&td!c}^EH-E@i!!`GUaL~8Pl%iCk;_7Gl#NMVl;SN zL<}Vqg{W^lrZe^&!(El*2;bgW&$$0g)+`$u1gY(vc-PS0G1`a`N?D(e3-ersqtbfT zPjAfMeVLJ}y|C@YF*owB9cWPsFw4dWfdBn{9-W`#ukT&a7C_z>-;*2Sr!z!gq%J~w z?oNohRDtcA_I$d2BWtSh)$tKgUgU5F0wXI?xF=J<>(xY}E5(qqUf7TP;KOXd%4az^ z4Eiqbt$ArQ8^~XBnQTwvYuc@+QdSV@=#)e5ndY(+flHsfu)Lh6c)k>`*7y^TNL@c& zfT00WpFh1rG5Zvdsj%Aoy;Vr{<8WtmG15aSoK5BLdWN8te%jMecEfY8vD?dK3ZEKd znCqXY-b&~#<6jA_Vs$TSh1&W%UJy9=trffeuto8Vq!*UK1wRONo-51BCci00?ShHD z@~T;V>yr@MbyhUP=}T07<4utoqgQ6?q80THqcx_vO`F{2ch;NlW?%K~R!8QNFSDaQ z5HiKzolL`}&9sjFp}EGyhpRJNSI6E%Pi1kwKu4NQ5_i<{(lltzKN0y#G#OjdYH7^f$M*esxzAlqoRD{?nJ92}^RRkOH=!N{T3 zIJtIpH(;ED!;fc5nAMQ{+V%>x^m}1daY$%soD;iIFE-x@$#_>VIii*$l%#azb#;so z{Zn0(fgg1m$FKH1oMQ29O$oCZjoA<5dj(nW9%5lo4oo+c0L=1%X$(?H3Qd}O<5s{Q zr_Z`-_%^rguLQ>yG-|-Xm;H^|C<5kn!h{)_BP*;>SLIwT6&Q^(p>LB`U)h_H@mdUi zF$*XR+$1)`Ix4e>`|(1HDq6_em7MW^M_T!zZ1cg1;))QIu0$j$dwVaTrFw{K@*c`m zpC_%5W;;-xVpUZJ6$63!yH4EtZXmp>S4~IZcMW+><}|XnMDJkEiF16a*-XR}s~ELO zlv)sH$;H6jIz>X}q-8Y^WH~1kA-j&s8BQo9I2`Oz!srvmV#<0%pqKsKfgr7evYFhC(TGVs) z&gq9hFQy9~V%)*B;Q=h6tqyylLkU*gI@;QMTus)r@W~83c^%eEnzd;fRrjye1kPos z1Hb!E%GJkt?1d%9jC%H=!vtk7yBzk&w&TAgn@;VNvT9pJ1yevb!|6Js?wZ*8zfJEI zcAuG5DJf`;_M-n7Fs-i|`L$Jtq$EJ7`kRYP;WSY`;SCa+*ndoN5Ws*>@`m96D09u9)ZnDmj!6&2eZn;vi}qQJaRq1Era3%|UN z*2@ZHYjYdZ2-<$eD)z^j4W)MX-t)|2k3f{LAftNx%&m&TMrAuv%5+hw?#siDyiSMx zvg~1+OaUiis>?E1rb<66rt6N3XF^T6<8UF;*oBxcDke{GJd}_M9a)-4<*V(~g@+ND z);Zac%Zn{@%aq}h71wuvJrSlx`6!g@ctITueX&ZQ$Rkb4Wk5W>i*-yS!;)LaU6&J^ zWBrosHC2(Oi%Y|2$p1SoOFEaMd@KWE+3qvHbL^;B8p-@)5TLrz&6Y!Hw(K1VnD=|dzg0ZX zlo5Mul3z+ABk;KC6k~FVFzXW&qsHUyaX^aGx(-uv3zx$d65p+91#v3_PfBQrVJBrjwXLTEoYz&7%C3@uio zX%Lkv6<6=r(&M_AO0Gw2a7&e?Df1!)_3&!a|Fg>y?Ms%C!FD;rdWj3vTSvrL6z{%R zoXtA^V5_V6*0|3%+G+T2f3ex+P@Lz>5rZ(Gh+d4c-eJ}~jfZ|AlubvP6@OK*%=(%{ zEt_tugvr1;A+c|Gp-JEm(}E>bu`dtC4jUe6<56GawZBo}&mg#!9P)pqPN*2f+x**X zOx92Y)JI}x>1vCX)qU$3p3u>Jt9z`Vf1wx5QH?pHHGClni4UYv$IpKEclgfJUlyb& zDAtXKcoK`IC+fn<8(e#Symw+!@3t~}@KDofXFHnekog3Q$gvmLlA2I<@QaJpme*Us zQ^5kRc?G0)gzIqDht5krUypj4carwxqB?!tf%QZP=*_A6{B_#qw(M`qQHCyGzZKKd z*7&E7H!26tr0owxs&og}&KYF>4)`3ZaLv`>fTx#~)9!V>bTrB&ar8<+l&k$0yx#)mL24ZFe`b=-TszXW1)gUA183i1zwu@LEde6rL%N zi|f-!i&`H`2H%;w0J*UZ%l}hEfb+j10>akLCXTiS&L&LXOGZhlm0iyWAeSd%WP(YCBu=B+g7f5_RSOcIs(uH+y8A;E0GKt7i#vob zx`oJ@xUfB2hCaPTY#>5Nymgoy9m^L6g5+n)esll;LwbD&)^fbkeb1zFBN+MN=WL_} z1LWbjVqs}aQVM;JhS6Gkf3tnCmKDd&j0v^+b~2Thhpky2L*2cCW62Er#QR`ywdD#z z?IP6KBvZ#QueBVkSwqs00pa8g2;61vs2QQDeJIGzsMn4F`}`&*?gIoY`x@vSk>>n- z)7xf;YseNx=@?r}oADekN7e*x$e(|J2}whHwa1J!!^JYXoPY?k4|-e&o8w$kt#nN- zO}up6G+)IcP|Fh+#l<;k`{$=Mw$O#gkn_qnr4xYuSh!{FDT>yZFMziJlGqJ|l5s!+ zAQ$zq>b&mvFyHYA!-iL~iHu@nV~c7cNRDgD={)u0eM9oO79hKJ?Mw-|7zr~0ChQju*c=#2+7nzSVwQ(!9dRSNZXY}Mbd4P(; zK+I?InweH{)c4r{juCi?^&H5(LqY%CFA!)R3TyY9uLprBFgqF81-#YVkJ&KquNC%T zPjM4bV0aod92v7u&$tm*J64~j`~l<;m_tyQIS|f2NtmHjyRf(+xvC(ae(HZgUVy|3 zg&X!qVHIXvLi{X*x&-qOAf*6xB1~ouK_vvojl}3by2ab{>B1jQA38GdP#?Ap;`R%) z0SW8(pL--K5(upRW5lq=D9yrx3d9)5q9P7oP|&_LPhl0o(+1K0(JVrJ!QzF{@vry> zH6>tuO0EgAA~2@={0ioY*Bg%T zXLfHbyih1SlA;JAD(p_c6A7vWeUCUNagYR$Qb-*!I56*sfGb=O=SGbf9*~=dsMtU) z{{uceNJ_*;2s4jXQC#u7h;WW!j@lCT{*$a2-5;bWPIIO^T4w@YbRB<2aju-zsgx27rcewOW2=rLXymIFWmrV}BXKW^`sVYRwP8N>qeX^4p-%o608?-|P( z&l#~R!7G+{U-8bE{Y4Wz0ZK{;-5|&I#15OA7B`2N%{UO1&P|$J)4I>MM?{l@afb&rr|bo~18jNCB`SWU6^Gd0Iwd$||#JY-+U{w;foz5q~f%>*Y(;tmL%B z`DDB@Ttgo6qcfvZA+2y1T#IZqlpi}e`;k@!Ce2Ehik+eN73Lxa?lMZHHs)ddc}u5EX9cjYOuC?zTH zDN$rhWYkg*(p=L%EDP)gSW8)3ZR9xJxHio+Y`0!J@273jSg8Z?}>yzA;} z_Ou$*`MSc!L)%FMCKIM)wY+#| zkpkuw`xHAfR~1(%8V2SZ#vSDnPZRl*aHwr4b3We>R(94p7H7sWjxu&@WrVwhGR0&cwAj-% zGokaNTcRDHy`#mDGm-~U)Kl)p=OxHr8@q?K{l-X2EKB_PBXBNYE{;8;uHAyo+s;>n zH?f1VU0De8UFQCiOORGj9_|CK3a%ZS2%EgAq}g@NOU-?)o3Z>})1h}ea(#4t1)my& zo72USXW@N4ehv}~ehZhS_1Gpi7{Fq7di>XTSccya+c4d@S38BZv|5MbN5NZlIiXet z0{Q1BnBGKv15g0xoXLVqJW#fkN#E8Zg(=?etK^DV@OlT#e(Nt!=lAv643y`1ovB=U|q+f z)xcsD(q|-5B%+wB=tu%2{*_tt`K6`&xgRr#TnHJ3(V~Q{&rzpbSq#Ap_2qR7xw~6U zS5LKed7WQ*w|#P7$#;!M-845<8WmSQul{*Bdq|6ZijJGOn)s{{<*clRDQ zYgt%2G4z{;N18js&vjdSqIvnY_^^TYQ?|FJ- zQ@Of$S=PqJjKS*c#_j07$M|}&*PidibZNGh?N@b7@?x+}RxG|BlSH`qUi1h?kKG?i zQ(TsR6X z=XIx5kHGIZLxY3uBOc_qy||-xQyJZ+`_SUG;P-HyvB!1m6lAx*N$4}^zW6G5_TJ}x z0CyG=9^*;WD(K|*HbVQ<1D zX=7k!!t~>xpX&04mL^8dOllU!&gR6d+}!{5o(r@Dx&R;x8`~M00F3iG3XiuIqC-#iWj>%2!uijag-CHrL z#QdPTq`tYmyTA4Q^ZWOzrmn%s1q}lW2M=80YG!UBDTR%Li-(V>07ytMwb1`Y6C5lI z$G?$4!h!}3roe#|9ftL19L7HsbSq6?v5^~YI|jsyC}SEqv0qcb{zCv9B}dN;n20=V zV^I}OXOo@(B;o&^0;>Na0ki@@g!;EWQ2{`}y-L=cZ`GY#ij(;XZoQG_!=)9yGukq# z?^T^z90(9~`KGYrw=E0;WYbH^=YRl{dL@3(Rxux*dbf)w*&mv_Ai(c7)-rbBlfFJ;Ayq*L2xy~OTz|A7j+r3-CeMiE)Y+#|uVxmQi z@+@1UbKjeRJIYx{F$iFP13WJT0ru3uy@jXO*wdY2?<<-x7}2`l;~Yqs*QKsON)=@`q% zY8lPc-91o~oC*a2(glnTK>($BC4#ZPq|_>Cg3%j(frkCzXl!X|$=uSmM2dNu0>HQP zmsSwKN$bN3Ogin*sSowm?_5^6WvGS>gK0KYRQ^h;xSf`8aC@m(Ai#FaJI)-**o3w! zY#i$=wi6JpJ7Q(~x5$M_Fq^RrQ{McpkMWU*8fQ4`(y2A`KXzVVJwROR10s;v5f|MwXRFiHV-geZGCrQw9N=Jcu4gSqHmG-n?K z80c3!xcf*jrBKyf6u5lH*M34alE})bWN9TL``X<&_oDqhcxk3bJdzta@wM^o{spWM z$xR@@VWHh3u%yD?%CmsSDHLG0m$a>-f3PvB6lrB+hQF+pN$ydHX@p z0SJh0Hc&n=fzQ{Y1t0)s=Tj{3`q2+M_Us>y`VXGV_yChr{)MVaI0nY5`kWN(FMzpt zd1Jq2ALWm2W4~1}KZo*D*8C1D=YenagJ9X1Z`})K%~^478PCUekCxawdm9DaUj8>> zD0%`_$B%TR+RoH?TP@s)nBh+OOlEl6JA=$P8h6`?!10TJuOLct5Bjm{)bG4-s_Slqr@c!kD=80F>Hk!X zf1SsC4|?D!`X3^u@f|(MencVrSn>N1CGU6*TxW`w3br?`9h2E={iHk{90wX6}>8#VBDKVlL4|1@xNm2*TDL~5Sm^CMR+!TNb54NJQkM(cT5WU6&R(;&cZ#62Gf zK(7V1YRe!%tS(E;jAw<)w=-?J%c6Lgq`Aiiao)Nw5g-89%j1VCSkG6n{PvWj&wx+6 zKC(oQxtp)HlWzeVjifQvKT9tatAi+-PZ_*k3M>*ukz1aOfh%hI%+NL6?XHB z99{L}y~K4#!kG3ym!2sh55IWE5->e4-z$G?5xtsrUTO)T1OK{cYei#mSHzwtFC1|E z8K6395Z2X&`1$8G#qEPh_!Sl`p#q|Nk{{ja%Bf+H^+%W9(y_fE$;lG9*WU-43MAH# zI!&E7U&G|z8#XUgUb5D?{@yLF`tr%qX>_IE;h5F~o4K`! zE=qliBX(N%70~gr#q5Ll90cfT2EMSU?caPzZ&f&kG>bC++`cJGa5AHwcIm|9NDvh*$u9Z+=o zj1GbTWR=b5&c)7~My8LYTJRcF-c(ujpCW|&_ez%w1Y_P8^>b_vg;PTvqqK3*^@AdW z79hX@2%rlBjI4FO8cx226G`V`O_WE(%xRksxSW|vhq5kQgh2ASlNWBjeE%5f`RzLi zW^(HM0dP0)L#GEks?Had(FMGP`ak7gridZ7uoJ-4qCC4HfB>ICfTKb35U`EL)O(6I z`@m_vsptl;jyt6w0Gc%j(2MP>vP51u+&KvM)))u^1j&DRJ05rT+kKFuy!mW)JN?s# zRyVj0uuT-?ao*f%1XqOn5WL)q&!#!nyICOmzyr4>$l-(5;rcKCVeX`)l&&tXBedvV zcITh~=57T$a1o^jR0r+-?jcV@AV7b#TTkWNU0>qEqrfBxfYF+1{QfiVf|wERgh{#k zSWm;@*6IAtA$3&q6rK_xRcJcrx0*W$00NNvy#RpJx{5JT2}$OKc!ir*`QfJ)UXhkQ z^HXy(t_KDkvdgI3`SP;Y&ciH9HYA+L#{m0FQuPeO<`c|vw(2zdkgmitt|IYX` zV85I6iF>wsc_S0@o96`G3XzSi5g6bi1rVRDs{Q!X1p@TBDT4qJb|2n`M`{8e%)slf zb6{?+f;|?T_-sxvn?Zo5s=N=%%a^2c>3+X{zYlt95Fo7eq=9fb?mmB&x2`#;9?2L-E%`Mk!Qwv?3HKj{3f$>iT$Ht($} zvG*Tsry9}aH-ws zV`~#^+*)5##P#GSiInL3xgUITHk*{|E~B<4Hk1ZaSav$%$SvmG*oJPHADZaqlTlMn zKiy@$fY-@ED1?u#e;>|br$D>-Nr9>r9ecx>){sHKcaHP(D{Vrq`HR{(FB+WW#kOvr zNCqqMFbYpXRk%O*t{>TvGdF9}H060Ie6tKhtjfr;a<1^_F^?0eXCsPBYiV`>Q)nsPOHmf4^qs-68 zZ>$V}2SNMU|2m=Pz?&-#X9nS&tjviYh+z)>c7Zwf6@?2djK@p=Xo*dXkD-w3BMy)} z@!T)G@=X$~?T9+hYWmH7*G{vyEpGD#MrKoQR{aZ2i~1qLyqI(UAM@PUFA6zup(R_b zx3$nfD@n(F|KD1_(Ju!N-fgz_#ce(?B1`1D^1j^duYQO~F3LECpvcUaOC}o#;93G+ zLVx<8wXqexE4)nW{TQf!XCkSuC2ef(&xI1{rpku7u%MCd0}hCP&^vWt`W+T9+3AYj z-=0h^Ac6qpJZb7af@hIlFkTEsCIxinES2F>o?IZnGZ_dl1@ZiCt0UjVnla`+I`Zu? z{rc1-$|+DfvN~!SL?XDx&uRr^&I~oLN^odk^Fn_$v&LgB716x(Ih0eEr4+R z=LFI$K6>J__t3VhCoeW;D-XTG3{#HnWMJ`#;CH5P z2*|?+)_6CbCnm1tkwyl4CaRBWurx;_qhG^EAmq%)$(huzxoP4c_3=ztqiR%W-{`P) zW)CB{P|#4^lt|LN6#xJBCHl(AHy0J_X1l{TR+%&-DL<#~XK?4Ic-M{#9J5&!_y~?K zV@gtzln4D!FVX%5s#C?Fo1MGXKXD6A7FJ>|9#$PDSrcOm zga5}>1p~)_;vL|J{;8;B;$-LIXk_9<%=7R6?VQ1H;D~vc|2>YO0FGz~3L=@^%P!?l9j-^jdXY9f*JM`JJm~3!5p*0y(+X9B;BR9ZBXP?PyxF)9gP) z8TJbr2XIH&IRt9+%W8#Ck{iIr3KbzLE$t|IISF}`FJ4{PZ1?!M2su2gmR`R-Xtm-Z zq(8U_|LAm0cs68qKDK8jXg!4DU-xz6XzCzrIh=R9;`-Wr=;!mObyMNSfh&_x0#$B-MqjdU+&Lik) zVlvHHNcMc~N>f*2upQ*_fs#2Idl)|fyL;M?QE>hC(7J8REG>>e@Wg@4>rnCd_Ubm< zug{(y^_+FA&yq1q*V%3K_E^oOBXbz&5#QZ!oou~5Nw7e9{kFQD{ppQxr~eD%nOw0O z=hHYwa^XE|{f_7EFb)?#Fi+gz`Z&cna zszw0Qe7O|g_2EU!uo-aA6?XeG7+H?_3>5UCy>?hQEote|* z&5(ale(lv$N6RF&!5H@(NO^S<#9-ZK82iS=lsT4igP-(~D z+Vtw!|2-mmTdB(%a$0tCq2odOG|X$|d5n`jKKhO7Cl%c5*DG|~Cw<-m#Tfm&8d}aX z9uzM~^lr)n;u^K7_wA<3zs2v)M31-+yxqI(0VJ=24*;}h=MnslJ6rZ0w~E&bS(FAV zF>#;YbF#xIpDoKSeJ_wguI>uBdeF}*LM+mC|GrJYt12bGE2H#Z9E%mO;6@tznJu<; zVh26rs_Mtn3&SRe^WG-xndx>?xj}IaOdY;!xxLzhRAG{UsGoeA{2X(Ng&6XOp(5>5 z`Flo*_DA(Rt}ib(AJ7@6lUsv@eOM@SWskgsS9q+TQx(snaQBkHn%;1ls@7Li-T%nKhV-obI)9sE=@BGQ9 zF&-s?a&(uaS>}a73auQ*dv`x$S9hQ_cl!1|9nY1Ccf_=?vhoR;P`qX9cBuSPD(xCC zc&zb6W@A*+HlloO@;)Q5V@tOQZc=BqL)%RyCaZ>hUqIu~MTCyKhfwM1V}I^S@VTCE z+dgNJnJ_g}_xVJKs@0XEv*9NgmNTPjTzT!_u^l%{({@A+R~Bvl_BhDy;uiCq0O9)x zpyhBsoTdfP3YBNh?YyB>I~PJpdNubzIWxzVgIGHlByH;e$u9US~+`p9z$_| zvNJ_R@^hstsVNy+t*SV+?Tlcf;`?-?=@U3f2E}&pwsV$J#s+<$?bBugcR)1ku=lXU zl6YMVu>}1n4NVEjXEe|qazV#mVcCSUD}j=MplHxmZGc{B)?q~E9l_ae?_9L7RfX&P zt3ikYGA3h(PCXA9Wayu!tiPh*_Qy>L57`@dkUZp`QwS|m%ckijPwR4A@OEkP_jUSq z>f@b$>LZrZA(*89Vyl_VPx8A{(v2;1Am{Q{bx5o$R6ZV@XZ`X*QU3V6duAvKe9fp90YYu{0Aka1bl$H1E=J!ujaXJ$(&gx@$yyV{sc*Q73-Csvs zI=YMP8$TUal9W?M`YRv|!)H>Xzuu#~L5x+B49{>qtqL?GaQH^aYfo4WIf<)88&lfQ}yDkEaW&6;VJY?-828~&XCzQERVtivUF!t*vFQun3$+R>{S+-?;ds#tcs>x zbPVRY5g;Md?wL616mQ0%f)aAErBQ}kr+^DdJQI>hBs^Pry%?*#*L3zz(c+NNc~Iqg z_L_#@KYoRXA+6ztfQnqEYSu`@iiKJqio0JSwrRpmlVOL--clI`s&MV~H%yAJl|P5o zeQuChfuW;RD@#IHv{X8DqFzO^-pf-l&Bo@vAGs|>7VhaK8kMvB=@Sm>bBRAz`c%bQ z+4lPGR~IsJUg6+ey{UqVxON9z0Ik>yL2tW#Ew8I&f_S(<2kmx%A1AVSzZ|1LUQ&VtwWP zp+yx0bUSdbyB&Q?%0Hoh{}3Jxp4szN*v#N$-ydaYB%@C9CHRP1gLtoCl)rJ`FL%ME zjrsP|d|YfYZQCI!wIV5H`snDZAqB^loVTd@FQ`0nou9M9EZx<#`>WmzQ5DTjY!c&i zg!5@FvA4*(TE)oze`f#0-FEU`pWpnrZS~?^Euq#go!cXb$#oqe^HbXQ&ye{$G>%T~ zpCZthwa7P(V%p?Q8E$HZ7oy#l=Ymrg6VX~`+=g31u_=6ney9E1`&H15Rc%fzN^TBL z;%MP5^FCF^yC0!81$7UODU0k3^FFv;&3_s1_(6Q;_skVhF48;8#_!`(-B0ch-k#lc z!}GpO!BF3OhnG$La#*xp-g2zN|PYEHv) z>7OE$QYigS*EF2RS7lWB6^B{!)L8CNpCdCzNXC{%3)HE{cu}m@HsFSy@1_W1a1TU| z)m$^M4Bh3LJ7_PhHb|iJX?6miZjusd#6>zMLI^<^q+bNw+i89JMu3XUQ4LfgRmGh? zfjJDx+8Yv;L(cUGsaY;`#es$5pR=Nz7{z+A-vN45s+HB#S%I1oDoymyEUvfQBYzzQ z+mA_EklvVD+GJ~$OWej?M3Jg_+J;C1c@rI_%iyD6lJ>OU__AhAW|Q#%+C!A=7j!=3 z!VAj#BY8r<+x8*?qJd)p1N=%UNkPdreKJ87XY#vhNPY>m8AhKOxnv(Z;lEBD z4u_Z1b83A%Bb~+HKzZ63TN3MdkLC2FZPBNsbQRVQBK>n#66i$l_8il;7H&rW%@~${ zCkYxVy4n4fBjiV5A(8&ll>QR^&4Gw}7=RvUl830koyqxG3V~9lI3iO=nmM-Yu3%Ua zWvC!Ol#uag0TR82r6$y`3A_GN{(t~T36Up?#n>`1`(_JUl8-fb^ONOYp0^|uq=Jw@ z=wG#qhE^C8GN=>OVio-}>FD0nTBhdcvG=qQ`VF|YVHXVFBbCB54XA#4 zM&+sxL{cGziQyzvXTla9pt)ECHp()R;4(qbb~i^xt@`{(%I(X`RfA|xg^wns3~*Mm z_*IHCLI#iG@u6W2It^3}gA3kf}mP71jsH=HBW^%CPnzk^&fr?;?=aVX7K zu7-wx!Du-3P_jU;-iySXrGEYm=hyrd2PDmCjm^LMwdlbjfq@$p*RnNI*h zHSznjgk!u|BwXMH9G!j-+)BZBAiG|OYu_hj9Plbm@iS8`5P#~r{Ox@tEnikV= z{gario5^xDXGh3D4UW~H^_Pf4V^|8RgO{~kQ@1Q36S@_yutflafr_yy+yL~lZ>3iM zYrLWp8n4pYK<$itxJw%)s{rz}zY7|(q~5Kny*`$yxz2UNGb9#j+%^6!C_O!j+ztevN}0 zh4i#(>y%*V@Ub!fzL#2cqX)^XycF082UI~6;iNq3;{`KDgzC_539vz$h+$F~vU~!> zF^|TJa_NxpLuCqC$b?=Vi9hw-b1;E24A2-<=@B&+g=pT;V@p?c%E>zALr6K0+8(pA zX-8-qTq9l1fq(7KL^Dj;nZCWejjJuhW-Ic&_%P7ME#tn?<*7ak%$I7NDrKUWxMzM> zLH~u8$)7Qp{(%^&FQl_j*Z$faMo5wEC4(AvZo2?ooe)*D>Pr&d+KJ<#%!Bm2WR$ry zAKWijDKKdwn7aDi-HqE&PqNL|G0xq2V8~xCNOK$N(SV^YQtU=b|GQC&;?E1+Wn5=( z5kZ7Wkfc`mS_MW0%&U5O#)vwTxsF>JS+v4Tozres);xCY5;A$!Y`y`qBc8Y+wdM53Ry!Qs`*l3anYyV`W-4ZG2Z(>)yBay4 zI6WqksKD`H4`y1{6iAWyoe z4Os@V(iW=A%vn76IF3*0e&gR#Kcmu6_NJLPvV7-@W4p=tRck_(p^AcQGosty`e5@z zVc;oxP1F%fJnSj^^WF-6`Op}jfz)^^+cz#Gi!$8xl^x0a2{-}-wkjdpOjeDePsqU~ z`~8?>0X1vF`>V@PB?wh_rCjdJKk~{Ak$1oQ6m?7G{7V)7$q=hl2B?i$O94{eKS{c%P2co&GQ7GM! zA}MuKC)%#2xv#llb9i!d_;(IeiRu=2$BcM^hT90ev6MDnz~_w`5zsSY_6QNw(nhpo zMNZcXp+u=ZWV|!&Izu7XWhP{O&N`T_QKy&H!hblfnGUZd-e(VcGNK2* z-^PBg(C~&Rxx1zKVjdjKm3s%lkuyszt0wA@i!CZ^p#QL)_9Od{7Bo>^{lW10uh+Gf zurMWC}h(7klOu0#>?|7+3tNtV2)eY>5%%lt)l~SqgRBV_& z4PT$$86OsT4~ETbsP$iZN_<7M2hs-R&vmd(fy$NQTpw& zR7KY-@KdG-R{w%?U&^h&XfM2x9Z~sxX29b;n!fgT1M*HXf2<(7Z!VEJ3BRG92O3!P zw;XCVXHlo7`V__@Ei^<=nVeT3dn=+Mc;>0iM46}fahv!88?BI;kJ(?uASyJsU!4f0 z8rFN#Odi6ZiH0-bKQNdI&?H$Puem3nwOkK6~rmM#d`iO}K`_orhw0qiL3(XPCVQ9d-%Et|*mC_ot znBK)5dr4MTjI3jkg0M^eD@LJ$YcHe7o=2cjLGLL>@yWw-VDj z-y{e(Vrp+w*7994Wn$(~fue3@39_B^MP^Mu`>ye?BkvGbk-rX#NYyR~ud^`>gvd;U zjaO+&(vnA;m_w5{ZcP>=8^mzFi(_Yv&|v?N8D9I!ZJZ7<%+0ss=ZrUY+8H0#f>G#) z`m?X;sbufhc3f^Hbu5PcqM;kr&Yx8lXa=0PZ6#2@*n4y4rqS3n^N?3-uArGnlAvn% zjed`Esgg=X4$w-I6_|0fq=Y7hDjk=UAWSsDE2)K(=*kHQ?bNXDv_*};OxMgCVub`Y(J+PbQk1h{tWRGNZw1*pO2dN}?d(T~IF5I;m@+TQ9KE7ij507l`x=38 zriYHgE%h-E)HIB6OHm;dLBD`<;pZ=V-)YZCJm!ZZJYR+IPNd*;U^@0olk_c%h_Cm9 zOZM`&VVT8pEI47bXi-z?Hwz&bO7=1E!;e7`8Ej)GQ=@LFu`<96c1S=Wl?i$%Gqe|| z%Q|Tbg|ta4nSw^nAF5wxc~ND^7~HI5Pm>iA#(+pASs+ESg%NG!M}ci+)&IW$xK%Ke zX`f5?ni+!q9_)x1OD0`))JldBLnPqu=RVc|t zUa<;HCE!jMQSs&^=r0O%NW~Am)6rY!1TF?m3jwvE@+A#nbuXfV=6@Z_vx<%Y#!6fBm|@;1)1`@9`yUu!h}TM1dC6_hW(Ye-0gHf?p3 zMgV=P09}(0!+^bneYr@wRfc*rIZBG4>!L#ICPTAAS+{CcgptloV>1tI9*L2PI z>99pbrtXQURUwBeAM!7u_Rf^r`=Sk_CZlwxWZ8z7$TLr+%K0oYYV2CLyJHP9C={6m z9%@|a%wt>V@jS|Wkf2{l+iO*IQCTcMfu5{BZI;CSP;>*ZgJj%kv0pEEt|*Z=6As)T zp>pZ(R~l-Cky)?28OW7;hnPxT!VDf7=HVU1Eo@pffLA)dIH)={f_EyU zVz#<7Dq`q}`BaIfa7fs~nJ2c;C>*)i%uAheG;>O^Ei&RO{-*4qBx;j{B>8&3Z*zFD z1@c|^N6n5^02%-me%~Yy2 zPn?MtK9g={!59dI2vvB?C55FwG6{92re#L(#3F#S5IxS5YJ@A3FZR5etkD9W9{F5DCF5L->6vt=JeAvR9*ab#MUWi{vNfu&- z1)41eJB3i!s#{YERz%~d4ot5!CpC_a^ObOu$SRBztpP>Cx|b`dUg7Ap(*>G@1%ku- zqF-f}G}?4XjsOKaMK?Sv9^&s&mW18zBfIimxgIr)O+)X8BQ3z*2VdFhJY=EIT(3U> zFZq}`-;XQe*0%pH@{(Z8t#S>S?@{UhErx#Bk6JxE4d)z`Um+=Q*UEZhgoP96dNRNn z5l0Enhx%n)b{(aSReVpyzD?=ZEOWPpAozM(#m7?(HNAPGN$dT_neRu9My{L2tg=EJ zwy1K>pOxrof@d!0eUDLK7~S2bQ!RKgdekn}!2O6@!#A?ve1a6ooL*puCBd8?(|D=V>iAvzQEDcNT6;)&D)79We%^o!y7HUJec}YhqlhQGR=(Hv&0~l z?a#FNz7}&t<>aqK%!mp28@n(<_k&S;X5sxw6FlX@*30Opu>FES@Z`{U60#qn!$dNX zT3s>L`Hf@GNma${OqULoxWfb?MQfv&Tqtd12MrXbx)u{%i(z7v!c!qcLS{}$Nq{Q6 zi7C8^x)uwv+4417`H3wlX*p@OlKII1w7a$OY`iR=FO14qp0+ZJ3m6{5>lnupXpmKn zjEj3Pyi$2rXvxi0%io{{IeJ-&y&l_fU{b9C)l^JB zWN~8`UZC|!*zd0Ej`za2m%2g zBRk2A!`u#8ocv#PkW=H^aE2rJ$iuhF33-7i8&T^zu(OgY0Ozep~f(con5hfW?W? zRTQOdnIC6V11Z$1FOU1E$KjwVq3#5ajA8ZH+5AJfmb^MCXTr#OM^RB~@$0z-$>2(L zEz@<(bmmRFsu3E^B+bshe3v{_EAuZ^a*xslgvy?NyJW`-b~N~E1eq8wSuyoaqsVzk z?HK3HDz~UX3BtO36V>S|+nIvOnS`<>dXP%7?Osuf@^Y8D4noX3H zxj@@tv+}vu52uOo9MkxtErn%FWC@1)TL7zOVVwNh(X1mf<1mmJ zhnnXQs>9+uFYzK-mf8{=-Rhsqd4}S`qg0gqZrJT17jWo#BwmANEm3<~O zvw^$Y^t%OLnNcS!-1Fy2mrDJKu(MfkXN7{%xZeePueTiG2?0=qHxgCa`)xodmJ(lt zsse?eF^*|eVNd6;mo!HK_+q1WrPzwnKX}Q0V|6hqo^IMaWag)d7?M)$kFU5qGRo|i z(j1tfLf>z*R_&MDdtu)mtai6 z?qSl7KNK3f>uf;m3&UP`pg0;}_h;O2!jC8`63#9W2iH(ZLx^?yeyKOm_ zJA}Qsj$NCX&0NZ5yypOSEN`Vn!RfeE8j`L3=blB#v&N#)MN?%G1?I5rNJfgf{vADp0MUpGdZhMji8IJx$;vI z10i*GkwR#U=)i3}tNt5BYA6Px0t&in2(wb%`cEZi79oIek!5+E7^B(MWmijqNso#| z6@k|Zh+Qpr4g#k4O(rAsg0Z&8CJ z=S0T_tD=s3i-~EFhYGl0?nh~%3Cp>ccO-#eL_PnXQ*LOXKA{G*kN_i#as!bsAd_9KjDGY|T5>RNB6_B>d^$DPrf_YIybdRlx)-nWq3OAJX*SA^qOH1aog`u9 zS6NeugYPWC=(E~o#gA{85pukpYu^Dv>iG<*a#mVlmHAQ8Nt{#IhQ(f z1kBz#ETeL#_NW5anZ0pj>gM!!#a*8G6V$g9HO3+8R93zo@SRtR=*}SjUE^%1!Po@l zbv#uD+cnG6uIdXBSb^sX?^kgEA=g-#CQPmLa(%MUZb(VCiT+COWq-Re`o4D;YZ$;$ z@){ASot9#{vT4T#kZR61jvh;x_~R&ds*Z*vkuvpW>JS&T)S9`zO7)f1YTTDN+P#-H z)*|{KSiv718ZGf!Xo)bYp_G8BDy1*JO&ks^+gd2EtDQ1__cV-5*s}*=zW!)rSQCa? z__Hg4c~g*mc_-^}u%XMJEqif!BT5dxK=-vhoXRm~BbSZ##Jt=_nY~+0S6mOzEKQ8r zqEuO4NCwPrHKo=N68ox!v!U*MQ^{9S{#r|6>PDInFvdX!@MS3q8S->mcU#14L*^O| zH3=}|8qT>u_6f&l6DcYH*fWf0cA+xl+QCTN75)d8^XtKQ=um#(7#}V>viU*TS?1A- z@2SZ*I0?rS-x6NPgaV$DlbfjXDxVcXI17orY}ImI^+n7s{>v zE`14%uAwE&vb8$OTQ455uga79#>#UN-tq}{?7OQG4&=)iETkY4P zM_MR~1Frl9{~;=3I~$0WPOJM4bJ%hRyEt+X^Hj&mQw=OUGX<5`jml(#mzcmk17w&S?Z<&#XQZ-}8R_^=cHUc;QcFh*(c@T0t$N1SKbsAHhQ1tMW~GGbo! zgM>-SqLlT+ch_;WMFwX(6?s<^#h{~B_N8Om5{EWSz=I?)z7>lFWnNowqr*wn^6~vX zWY$8qP;nn)!*(E|P5B#Xt>1`b3S0}33-FF2v{?#ns{V?|te9*arE)aHYXKnhl=SV0 z;ND>%YYfI>HYTI1U8!jCJWzbC2jV&40SZ~Y3WPiBtBFloF`ZKk-r7~Le}n;+l?G+D zJFD4U#qk-RRe|Syox~J%K<6>#d4ahy4EPf-HNaMc~V@iEAJxYTWM&%p|eF% z{LbV%;V^ApE?$qyp9PoZ7?tlP=l)ip#>ei%lmv4C@AvA zQ6q1lBx~}w_aO8Erxw z?o@=Q6|9?RMrI)+Lr^RU*wHNB-^C<=xWW>#qgkig@7(@a5PpAJ2UZ4Xtgddhz&q6q zh_+P8ABB3ix|BAu=KoUQ(N&Mf4y`3`)C#RbjgHkUOfA3w;H9+4gM6!w|JEjPD%ykb z8bc}A2%4fl)h=Ek9Rgs^JA9AWnDQ+e-j#gjG-*)#{$=%hIaPb6Ts5)XFBZw?06v;>u6v|mtzy z?cxbj?3cRb8oKzY7H?WU#cvOpDcZf@0;uKXS zCrN3f^iI)tM(=TaN*GV5NU!tFMhtc|qP3TUmgW0S&<~EoTIehowkYCsm#)yUDy4ia zRjN%LGQq~>X;Vx2L>3wlpTz<3abyRO>LY3R+4z;*ZEOmb8SLSgn5rQ;J4eB=S{cq(?2O z%r}9yl6AYi#!kg$C^T7(13tW{Il3Hr|6pE9C#@X&0O}*{E+%cyG+lN)swN^SBHynS zU2>Udh_(A(^$%;Yy;8EhkVH)POj-PKGr#ZiI~4y^zM~XP#3d6}_!=or4O;OyHl^k( zQ+TRmy6#-^`K-6&M5Xh&>B*{{=*PFRrmbORmJzYSC_r65 z9+!QdMhNO_*MK+r*UH3#C2&UL!lZ^V$X7nKqR&LPDA0Y zT^+&7o*oo3XFNlH6~n(!yG>um!0+bD>{Kf|o<>%7Xuk0EgoA## z-ePO%&5q9KGX790X2LCRc9v{q=s;Y(Kjan?@{fGaGhO^Z3F^FN>Th1gtUNg7fhba! z!W2Z}pis**HUVC#=1fq}!SG9il2Mu=4;p`CxS=un`HS!id8cO)`kqDTd&cM+linoV zGSBu<`#OZGM|;vxC4})7p0m+KBbbBBBBYG zt$Got@M~o7i-LX_@?-aJLPa6kCNrI=m{nlLMp@-EWl6Q_Qej^ndUKLsz@J?9%Kb@6 zE!V)>m_w=ROL*07scbbTFEm;6yMoi&NFk zpH1WZS>*X46@>#~Bg|S|w@RR6>A|d^RPL5i%PeIqyq0p3sG>Kk^obS}SN;^QWp}uB zESi++0q3Y{mlh9LXn3@f`CvGA>2Qq6R>38y;`HHA_(=B;?!S6hV^mK!xPX)7@$u&V zxwlAuRc6z8FcdAs)`O_IsJH~Oq$x<`o8|4zr>7tcYvC{Nezk2K5NMpZB&idx#M_BipHy@Vn!woLUf|i5|3y^>Wn8Pjqn_s@wk$lu1 zZ4D<=S``}by?f9Zz<`ExS!HbU4rJj;9^P=HVQ6>vo%V1y5KhV~clYmIXK8L_zOcyf z;zyesZspzkpKO>NXNXpPE~_q!{?o&Ux68*TcXR*t2iWh2-qk`zhttsg|9JCAx9%{a zyL>`P{^joNG8PXKj-@^pq=gkv{qFlGcamwvStv!6AA9Cv9t%ITHyMNnvOOys&)@Pc}SQ{qX56>{Q>q`J~H#-`XX;`=Qf<2`hG^B@Hno3WH0dbF!dj(b&gFbU`9A!oyC@ zj=7gPk26~AAxR=UX9Y)}-oeJg0!n-G;gVjWnWV|>PdE2+Dc{_@x%+U(8pFteI)UyY zcNG?hoO^dC`r@8d%hMC7of`)dCpt!6plwWUKYh4)bRR!GetdXZa`khpn3nfvAK^?N zm#Ra@t=tV44GU3+vQdwBPygvaK%XDD=?OKxNKDlK`RPU{3&?}`!lc`?bg0PT~3|X&poO=2A%iS#kUZ-J_ZsUYgmNq0!R^-#xHl z2aQH<_p8U<-Mj~2AUmhWzGXG&G(Xb8zv~6l2-CZ#E)Y#jV!78YMl!MYE$NzLD~OLg)9h}5;W)E(pUAB6# zZFf&{hx>lK13ivnO9R0Hn<>=ui7!j1s4*CY;9P!Yi!+m^`2VGR@%A+n)Kx_{ZyxZZ zy#cwoBk_^b!AB;Xby72*NNc*c9ldeWy9QYJWcG=*AXuA71$IrJTCMkFwO9ZMGD*|# zm-oxZn-6{W^l^E6hZoQ|V1awZHy?0gMZsZLor$J8(UDB__5slEKR+#56ehG@pk|<* zx4g_FUgmM4Ki@Cq0$>X$Yy?OM6c*8rg9_mrKlMoAe0q{kmU`}5fVz9qVNPt>_>Aje zj`h@>b^>}tpx=J*lK}XOi2rkG@3 zj|6>hZf`$5w!dClvowymjzeDh|Ezo4vfIeDupO4$ z6DL|PAP91!MFKPc_8HCBPt{tPtEvD}l4qtLTHLr)73#7sxiUYxDCOf%AJNnMzgTd; zGba$d)7)PF$##Z6F&oKt77s$?VW5%(8Snr8!`5cl zqmV;3i83f5Y7BBNNu=<&voY^*`Nza$+X#}5czEa50B=W;{ohA9+{aH(Q}J-w`#-v= z{?9+(L5L~xC}`HbvG_swazBc*l@1a0&efD-(zX)~pJw)@e|F~c4?nv8-u>{;_a7|| zcFQ(PqP0Qlf_atWCWq~>A3whT!~3xNkxGnn1o@~R2I&d^bO!SoDFbOcCbrd_|E}Hq z(_endd?4Vy6eiMzsj#Jga3KKmd};E>fBa_lGJke6xLD2nKhN`>`!CzNkb9oB@{XuKzY&!1JxHJfICga~Zk-trcj zubE!j37KZMgGx+iW&ONb4|*F5fd2DID&Rh2xT^j~U{7ZS{hd!w*u}HmZl(y`RMbAR zo&M#f#G{pdSC-WO7#O;UfJuKx!G49lJn@CRnfG-eJx5w0XJJM&WkUxuZME~;YXLlL zHxVB8%>K;&cFqIW+9S47^mAwJ<4rMck6SGk`pk>- zm)Oz^Yn10abSCkWTSjkA=Mx`I{|#^cmsa~F=w=+XKm$IGO8q)o6rSA7MH_x9eHs-a zm#xG#z84p@x!5^r&_;w-F%dgsWCe!HsGRr$hRfWFV@mL_x&_J}pxXMn#=Dc%n=WN6 zP3c(yx$+-XgII;niZ`GE&n7JOY26T;SRu?aD>1Dqx*tos02ea%E#Jm9r^dZgs13PO*=QgHYMIS3YGASKMm7l6Y=I>A$ZU|Js}n0G?a_ z(LkLQ^bTL1-&l@r+UkD`luZtym%b?!t~L5jN|waH>(ijNKc*(_QNS{$4;XcZqk~7t zs{g?xdg8w1L+Xd>Ua+s|K($ZQG?!Z(6fuTqknAo~*<9?b@ z=}Z`3xd2+GI-g6j9V5d1Hh7eSF&*baw@>lz8+^{jePYm}f~nNu#~a;VpPrtxA9FI# zQ)>HqVglAOkp*l_^_xRGOV*E@tdert99Ob8CbxZ~+x=M;uXovRBg*Z&?9Ew;{&PEo zZum-GRoV=t8l92z3(#fHXAo+st(s3Fd3A?NiTvbvqwvGWDd9EgsSCXA|A6GBCC?Rf z)g09o=Xc!pry@wDBV8;V$?}BjJ7T~WP5rAfZ_B!(Mn{>qXVP`anXNxZ9nB}H`lf%) zA}vZJL&}F@o(B}ok!1+RZtF|gpQzw^h3ZNf0BKb$=ri>Ap_UcVCL5fP;|(Mjko^J& z2MtCvngdxsdVE~m((_c2q0?Sa&~!Glxb^uS$4?nX&oBXF@ac8b06={_g^hkN!W7mu0!F_$a{TyrF)>6}k z-Z}4JKVit~f76a)4#kdw+iBWAThO~4r{~P&S+Fr2ts5w2U8k-q53y=}AolY5Rnr-M z7|y~QjUuzKi&U$nJEKg#Qgyu;J=KWOI)-`Wx*TG|-&T*xw4-(4mJMzPS^)Z9>Jt0x zoa5!+={6AoSa7V_z!jxzRd`VBFuWL#X6;8)@Tj0bjV5a;=E@uQCYZdBklX?6G!=!P zux-FU`0Teb8$Z9w=ulnKX43W{(=iKB^-K)PN|$Rr5tbRL3hpfL^}Gw&V8&2u7mfzv zCT~t;hp4gLdKIudf2;~=E?3KFqfm`PY~6{-Z4-1Bp97QC=Cx8t&Uqk=;AqWZl63hu zlh^*(w8j-VoIxv5veIS(7KkpP+m4OVLfG3muhG;k$B)t-wofk2UP)vE@(5eh?vEzz zUEN>RNnf^8+L>XBFe$6K8Y-2mz|KilhX4(33r_?y`XLHc!s-wJK=)n0+^_%BUPx|`Z zcx9B!y!qJN+9D>|8ENZ)`23Azm&@LkzBhY1yP&hrOiE7V1vMm_9V>iFKH#O1%xJk))q7r+=5**QQcms@UL6yw zspTzDR?jgDk+$;|v)hXDK36}i2@r##Q5lQdj~D#Nb<7)*be#Jptr`k-{{t)Om&0#> z0+$c^k6t`deBbC@zT@Z{+~XtvAz_Fcs-F$eV8g(>b`F`!$=cIzifwETEGjJ$c0 zC{=z}x?TE`1N03kW#7+VdqhixqLG|XPRp^XIW%p_NW{nLOqb}L($uoi8@@>!gd)L< zQ!qO8)K*sv;%OF{*jq<$^D>W0>Wf{lOXb1%h4RdUY{!LGI+-rH>0A6d+cnkQI_Dz% z@D&7#>yZR=$>~z%wSO=_kKVzPAjC^_=p)uMEQmbCNX2s#zmn*T49B}dLk#M0W_G^H z?hfF9uz|*5l=C}ZKgGFEIiQ|is_nX}rIWnqZJ*AU!&=Z5&^R-vM$j?umfy~Nil9}(n_P8ntj6sMpd0@_x#iJETpXpB z+9%jnxqPy#(qR7Nu3dy_;-mOZeyyTr?G=A?Wh~A&d>Hh;A2zBl;Lk6fKdbF}*8E$9 zG4XemPl^@DLwXB$Dz6+&Zn%^{dz)$#>`lhXds%bCFMa8XhtjJwU2%t;_>1y0GLGu@ zq_#@_c;%E(G?C1?eR*@bKQWh#GbdJYCWlgQ{aU84@XrIg;P~Wo&uHcgnqjlpHI;s* z%|1>X{Ql2636pdr=QNuN`HHJ`$ST zzQH&?l-H68W)~(jO8%woIL94g2S{u+MlYjG=PRvTktauB4~K06B)})PE(Hg^J{BM| zW%meuxhvM2J$rJ+M#RiizpN%frTqfm=ZV)f^mq_etj+7KslxWsw?qcFhhtltkj@f$ zTrazH2MVO*H(1d1`Hxi99ES2+moR(WuxKu)NhFbF?mf|Xt-b-b%H{D3_z&WQ9cu;Kc z5Xsl<15rawAzgaj%R&3SqC}s|@*1Q|ILSp%^vESG)EENlL^REMPeplk7Yh%mNjQ4@ z))=gGzmPK0X~%j?zvNL11f~eoc4Z0&mjfjxp}Vh7LQbhAWLki{y}oDTGgUZ!&RzwnlO>y}*%t%HKmeT>_DU*h*~t*U*lGPt0EO3us>#A>`0 zE=wh1x@QEIa|a(tQ(52#ASlavD*h<{m%QWV7|5HO<6{ixdFTTd%JNx%++nre-6`{D zTh(|$A>5HKK0ui|pN!@ufue&;a|>SRlvS}ZDlW#9R=(V0=h$uwczI~?+K?i@4O!As zX-I9*D5hXY4y=~G)zHI#%8vNJ4cLKrdK5`-J|B7oyl??_;TATA9}3iI zQIlMXfA0W&E7a|4{h#9+xOPlrYiVF8kaHiIG|ZM}A@lj@c0EeHZYpP-oxMf?YY``t z_JB*O(etBzqA*zA!N+DS0{go+m^+soHWrqYG$#2OH-|V2=Bm73rd%$gN`*^ZWDUH^ zveM#a;|WZ4_q!)ibv!tKqo^nU^rWzWC^Rqd=?4Xi{mwe*>??a@P5^fY;bX_>sKO7e zzq?T7nC*ip?&4qq<>*;d1zd(5yHIPt4XNADlf4^cWF=Ig*Jp{*zL~3$rSWxESW2yg z-mxmU?>-UkLGPsPwq_RGUeE@rx}+;`_Bay<&?LsWuu!_|#clM$`V2C}=wfWtyh}ju zdazZNcna|-{Mfy()1)94Iih;JAy9ADDVVoHb&&O`Ok|7jDkHW+!IfCrN=UVpRwchh zMSoOKm6qd4O(@&HHs>ruNKH{>? z#awI-LfL9g0fRTk>&P5?~o9@+!HN@G8oK6o`BWk1!SjO%oLbxd|;4t}v2`mV&r>m@O%nmRoe zO^h;>2Xb2~|Y2{l8Y!E1G)OjcY$(5Q1%%b{1&P!Rx zr_}Vf?&uApdF`!3ad>8Sdq$A13*er!0zgPhT%G#I!<#8GsmQTrcRMh2XJqKkZ1xN; zv=o97)Y`@{z02qxA?Sxjw}D5)kRLFj}1jujtdS3H$_uP@-teA#1S=R2l&8EgNTI*{9pX zYJ?Sm5QAp7RR98@6H`$dSUL^8x`3%u6ft zt9=8eE%kw@4doPja*e>(Lj*O>fGbQovP@g>sk#*Z{_8DnJ9S;9JZ0S8fKh3j;Mrf6 zfuPZ^Dut>s?c|;~Oc>-lW z@c|eGlWv`(FwZMfg0msw*N1?T)!j9!m6h>2;A4vrR{HyP0-CHq07uEqB^!!jx}m(s zIUDp=c7U9z5xS8yr%y`3M<0#yzM(J1-^yL9diPxxjHi)mTUuO;=zxEwgZO>sEaR)t zHwOp3s(VHqeP%QpSv;2qEF$sdY&Hi&Wr2{;*J9q95qrxQzOEHAhJ9O9T^Ut>6Z-So zFL1(VE>O!+>K18ud^s-Fpc-@o8Jq7Rnx~S-MFk0ITQ8&h6cf0^DwBS%;u{plK=vN; zyuqr^S(%F24WWj%BHp~63~S%dT8(;Nv-)-bzL1WT{OxH%b8kz&b&|hNtihd_9*EfR zj%?^>pKzhlTytUZ_~49=mexC|dZhgt65v@g>|>@sv{Te(MQgU6j3#VE6F?Wn<rEss!=E9EU_k8Q_;8nDpVBp9wM7lr$`x@h3c?7a`;1PZ_o_F6IkFVJNO>aog9 zY>P7h;P0v0g~T^6U0qH7@)LfPB44Ek3Bkcji0TYe`i@AzZCxtYif@oW@B?Bd^Ultn zbSC-B<}k+kK|B$h0cSUR zg?;D%3b>TJ%wdqq!_-WMB-Qf;kjweRh+b;7YF06ohk+8*$&B`A2rPq6Sy z^iV%CXpFn6qtVVVB)~UnfxFk|PfvI>`$6n3%3VgzLbX;u;d49|avZ!FGxMdR;-{4|g39nqW&PqGeL#9ehsN%vbk$iF(zv5?|_5x@)E@x?1ZiP|C!yLZ8@Lm4Q7 zp~UAt^i)NR$e}%VW=aJtzO(@Vq-xtTCQ&ND0z5=z+r9)VV%&u!+x=_a-)WcvA7D@- zt7y>Np#tWV`!0xA{Yj?bFHdWCX4d>uAtO04+1~&T>51|3SThRbTGj@2VFpk%a}Tpr z^=)FLvpYF($}`WvP1beKGxo0=PhIrwajXzCa1LT!+Ix;D6|`4 zm$prf#2I||v(X+jROl>(!m~Q?K!*y_o-&S)ZfA~;N2315nT?~3`NW8p7F2kUV^}ht z(cU~TgdDGLrGqFRyl^gr3rCbt+b`Hk5))Y6ge`#mevVC__HhQZxA8_J=0{B*^uV)`i{S-IE ziK#xbxoI=2I>Xhybny$+pG68N$tqV$L+(P?yw&==mc^h+D$%7Mf=>ZhON9=L5FZBJeq526w2PEMhw_IGboa zFN*lG4p2GK!An+sdXoFsINJ!rD4O{FGe**v&iJ$pI~YndG>1WSaY6i0u$)qtZ>@k7 ze^tIe-!Tf0t0P@=gTpDpP!9nAr=h$c$*RGz7Zfx++Fjle9l!@liK3(`;YNLeIL)X6 zfy&O78ia@&^HJTIe2t3beLQC)EVXf>>w zlj%US26ulcwblh`z#?ccqDYDxBinOAgi;(=n1szH2{R_Nz&l;1VNR21Jv0DeYtC0+ zY^B&)SD{Ib+o1P#1N03sbjjJxRAxTxF8`rNYF}CgRVV+h6xsd6FaY!mbw)dN&w&)W z*pXBPn~xPReAe5+p&PP%ezw?e88KlXhM7|gvm_yN*=uKnwV#}pzfF9fF|DCtlolpXB0IfB7{ME5gM zJ2yH%qEPubd3{rGYkZ}^KDYtwc6uGaXbCMZ1_;XtO?z+x$7JTVM6TqEGec2zNv5ud z!&Swxpcr{!)cz!v;OF{^cLqlDIgwYN$Y)mCa{~M}`(MzbX%7k#i@jFrYl`b3#=ejZ(5Atmm-2@prJ7|r&ip?%@g-Qso{&7jf@{g=Tm(X=8V9&%(-Rn-bMb9HXG9J%`eq)JAP)lz36RqT@9lte zsfNdcvb2MEQ>+`p+j(Ml=tLeAAm;y11&9$0`sXG=5@Q^3>i6(x;+ZE+wwOx2VX4aR z$=5tCyT$o+DzyzIt3eG-HsI!dDQ)zQlGt1}wRUUx@>mgJRgI!8O%K_{G_M8e5o;z_ z{?1;-W93*nTG`tqr@7>tJ2!0Fuj!N4(YQcU!XD_N6EZn&Qj zPMcj>J}+Ldh7pa`zI{F;DLFy>7exFQ1S19UcNvsFkN#wftY{Ts_3Ny|H3Zf6VutJT zV*4bDG?6YjN2@xuCBQn3`{ye7+CURN2j$HRX&VeFY~&92TsrBecZuo6NRYs81t6BX zz&+bDls5j)C%^Z7ri$21!4kDIvG4QJ$FOTQwre)JPgZ;tf6-`cU^EOE+v%op-*xL0 z*9mD-0x7i>aF(-bDakd36l5FrJbTJLPIAb$n!J`H!U0SYKH*!XeiW=l)nO}kD3j{{uW1hRYmzVx zOZ2g;g9?X+b2BlQ9H$vn;xxCD{&;0!W1Orpdl}_vgSBvB%D+{__ZxY|F)+MHtkdssO3H2Xlw#|CJz zfVBJlONj@1-W6@dQcNGpEgN-L{>zdE>L(v_eNmZ4R^KjVt3pw&fw_44%r~z3M(*Ee z1x8V?=gHc534KiY${~8C&oekak9hd4-rw+N$>+~GM$$Z~Q+cdY2zcW~H~d+&O$UXih&0~@=Fv_)_ErwIn+)F6W9M3_>PNJc5n=Us8>{!A z&&WPa`ZCcNrJA9d`lfI~p-r6`YZO$?^nIlb*Qfqfs~t;f)=jO1=L2{4mS{#wBzB3w z2}sHuL7CfI6sC+LyIb9I@LDVKG!A~OG8m^BAMvzf8@ayJ4OAD3mT6Y&pKP{btS=mddmJPEEgk{l7sZJ4D{sHDncFp+s)ei zMXUmLuHb}I_wUA}*>AOl!ATyvmFgIUvy6oqt=Y!6sB1o90n=)ip=`Cq;_sLk==t z#Fp$DM&|$aUJc5D^_0D6uO+kfg#=n?s3EtV>4lyn51t!aOFu^Me@0S%NHjN|_+Rwr zhva8VT}Di4vd6pfjPw1BV}38r9)bMp=j>gik=FI`Uihk$vH`z+CDZd_Nx)Jn(+a=) zL%f;r@h2ge4Qh~UuiW`UwBARxmL;-GkkkXZVKw2RFv{Ky!I@FX3Ab@IesstK)mqj; zXLB*BKi^M-LqPc*xv-tdN4YRsMxVBVo5}bUiC8s5+F9R(Q! znm6Udnk%hN&ct14eBTFl!FNJ!rcq4oeRWiuTh=};TBI#j++8CiSaEl!#Y+f5gF7u0 zcP&nFFH+p4g%+ncv}lV{pt$Qt@0~lhcYgEDe808k&&f)%PWF4w-p_gVKJR+>N#1O? zeek%RdG>iHvAzrkZ)vX-(F}}iG04yFOKHGGF%tz@H4E#j^O+p0gK5$@H*y}jyho0t zMB)-RT@6&nllW0HTr{#2+(MZTawB7}0UE_ev5X#|7)D7H*^Q@!umCt0H3@YXFq7?$ zx7PZovLeHSN$N87tK={xmf%vTye@59IhGIkeVt4q(uv@{N10iYf_M`yex0hvehf+~ zO+O4&xcvBvDUaaX`v^?NscqYN*=m$~G$B{V0?B;u8@&{iGgavwzA0j(Hw)W?FhW=M zo+$XTpHP1q#8%E%SLYl?_2qr|EqJP)vJY1K{kfVANjz?thAH-wuJ+Aflg*GXaLBxt z+g4eOYiHD@<$b*+@yryEe{}#s{HXg9T1w5cyO2Ef-ZOW5&%}j8DOY=`ZQ9o!FhQ!72vgr1#_8yV)-`cT%*$}C zcWG2|eAu(hF0K0aBJc9rpgn@SH(<2oeGE5wPlGRS666cTAAx<^@|5<*N*LXbIa}7p zECx)o4%WYi;?IL>vic2iQGZCZY~x|rEKp@nrB4H*mG#^CTJN5Kn_LH88?m0hMJ$wO zreAhUe`hncNMZ{wSgu=4-e7i}Ql;KUiKnlZqMNDW#!`GYu;e#|^@+*Yv&biYqkv6r zkhG-C)?unLav4uXQU2a||400oA$p-`wSKAW+G;_w<0$EI3K`l?iHm6ZX_NBm9k|bQJ+OcQUP)UKoU?zoL5&Q9(n`(iup#aaj0kgKK z1}}psXOHFP!co`~cQV^OiT=t4lHBZKb=L4p<=ee*kFMLVGUyUitNfOr3`=yLG z%iB1VNcZdGBsa@a2B)Q7^lVZHi>O&tQ|ynOGqjmtx31-gZonfT5kG0kLVJVHXZ2z7 ziMo}ws#9*pJC6syb@7$z)eaE(k^b0@x}Xe~M_S`Ua1XA;U!nxp4y9QZ*YO_7XYdXi zFA~4NxhO?RwnRzOU%T-sZv9k|h{qo>OF?#BSliRNEB)PE#*i zLVFGv0oH)rdu%n&{9P+mud*^%WBU=SpboTla90TUyprARW93UoF zu7ub%@jLwMV6=}Tg~0-2#%>CzwmUSlRg{FXhOrT)&r+>~GiooZGiHofB9|wRRQ05%4)KrDe0gt)gXsx`mUneyd^qsi6Y1;=u&m z1G>#T??t(7b^^i}obnjJ>DlLb3K2~X8I0$>b78T8|8Swj>SCtwETXevic$Fjz)w;? zpN3z6O0`fnkI>hx3dPDRXOOo~XTLVJJWHXIr?!#xjw3er=a02FbL>l&M}OO8SeJ87 zm0+&Y=)-;N-tc03zTVGt$5vE%m2(+OEGqSnp8Jz6{P7UDv#DRj{xjqstwTo7PNOcyCp! zCF1xYpsog${pH%x`uj)9sf`rwD@s{M&*}K>M>TPcIY=W9huwtd;i;IK<4+;nLrQ}? z$n6n)k%qY+wf+u%5!^lR1B_Dl*$*-#4aFU)QO}~V4B1)JG}Rg+&;qwAF-UlF<0FfV z%wN@-WhKYW1QB4UFQnyk2uKIo#`&HP;0nVXGplL7-Ni$`rl5}ZcVfrvl@lhk+nRcY zkD<8mjHe5P$>a9&1FBQR$1*`9pYX7)B%gJ46}_cw$t>nVt51~QJPS)rCq94!qlSdj zVrDi`E~V}7P+qipo_ufG9D*~wcG zgwmfAM~B=ORlQzMm+*SloJEyj{5J5r?UijtZrXaCN(_6*nM+--ev`}a{n&c#`J|o0 z2hhh|L^miUyrWyjIM_Y%t0Yr!bhc-~uS!YKSzMkx*kk^Fz{#?})ErAHGbdYa*C2K< zo|7Mbm^?x1=n=vU%O_qbmwOIpm`==igL0uJ_2uA&BYB3iVYV_>``Tih868h&C7Q6j z*5fCArw3zw5j3S`)F%-8)bm&OA4p)j*!RY^J5H$y-NAU&_NFj*cD)0r@|?gyQjOvP z*S^S;Lo-aLJ8z7WxjWN83wpOZIt=MBGovz;U(KtAd2esO>l@yd@C_a*Jc8v%jv_WZk<20_qq{-fH70skzP`KPrv0RZ>yO_1 zFeG%dLP97aT2>=ApOW%BXdQ>ARQg%Pb9j#fRTZ;OtS$n*-PsKqv2BBftZsjbn8a03 zD5Of3JsGme8a$YK+C*_oWwbDNP?t8fxJ7%%X-|_|ife*e8d{`s91sorh*O?G*!r4v zx$;Ry0|vW@J)z&Jbx@sArVf#wYL;fI^r3L$?7Y<#lZ()U;;%W0XF8uFYXt+NO816( z2m1BF2OPqy=aN%4j%?kJ(KB4xw8wQj2a%U6#^ath1|o{t*ShF0n?ngO68p@%0|aDU zTQ?36>A3Udy`tCMUi~b7HAS*e}lNe1DPdOB>jhS3zNq4(JCJ838U7Ai$m? z)ehk#l5Lby9S5P(VP+wrY3`Fo(1IkLk67y&=xZo*6jRIh$&o$!vQj00+V`AQwhSn- zFG-4t;sa>p^wcmiVz<_1`eu#UokwORV3=i4c~-je9eM3A;8-}m&wWtLd6B{_yrQs* z2CKN(IYtJDN*fWRRR919xnGcT0Zo|LSzylr5i>r!Ox1S_*8Q?i2(nKW@9cY+uCywM zty4!Q8Y;zL4-~v$OzOxwpe0Y#>PQ3+K&8uO%89slh!?TCsru@l8$7>YY`%M{KRh-; z7eIHkZ38AP9Q{Vgm*(rubK@mTyGMY$Axj1 z16z~*&Iw&g{21q*7U{Ik6(3$1;8E3DQ-l>O$CDP|q9wC|)|nwy-m#0Ewaq=@itu;W zsVvIVq%>Y1Vg$%tszX9w*-lM@-dNLiSkN|G%)R44REJYCaGrbeO&&##e)XEqpCYbh zcWW>Ze@(D4;eZ`K-vSVeaWcHqHmn*ZJMmT2W1sCR7O~+wYEqE5lQ1Ex*91=O z7^-;_Z#pY<&WXi1%<4v&-+p2yc(*|W@4LnaPRbp>xFcV^SuI>tnKB}qJ*SVu%U)D* zQAcr_o;88POn2iMP=Y=U9Y%ej6;$@}ZqHMImPPq;#y1+(c!!|mNEufQF`Tx0Ub%l_JX5oMr> zg5Imor?$|>jDzC320u_&SO~nVmY_F{Z7t^QkG_;PDM0x^C;vgng8CBE{v4!I8$6|W5z`*sy zScBzVzcuK=p7mC9NtQQ(ThWVC!G@NDl;hPd)4f-P1Z2xPa^J257^|0ZMzDk}2iF}R zhv)V)X0Nvvxe<51+TW_TAbw`@+RK_pU3C3=v5pGlP1y9Jh}|2g3ZoeA3no}*mmfwQ zw00(~OiOx`WM$~SqvQc)lzPWo6iv!SXRTYo#WBwx5T@+-MKh;F$N%u~fvC5F+qi-)r-LMGV#K>dTSatS@01^e6EVNzWjtq{SkSyqpP=pQ)B z{KS|09iInxnsDAoG#VYNhXRaE4dc=&T2~FH^+&x(w1$xp*K8e-o$6^!#1l1=qB{MwvkOtt;rx( z-d=0Z2w6)U&8QaRQ4=!XEme4}`ek)FcyZQ~UX?d8RDBrM90c(%Q!6MF$*8R5I;yhliOavUT1|g==T;}D zd<6xu<@l(os&06;ecbE%#8?s(nS0hoDb{UM)rM2jWy|7`-sc!R%?CdYT1GUJ(`ocK z3M3)eS?0u4Hge&lc5X#;lLr!wUp!88(z|CcNYX!*pR0VxihSaU_L{8ic@MTQH3f-J z=!<%d=@#;-Kycsc-Q^ahkx!qBdxW9ahcYT)cEDPyqx3VgXNKza?JU!20>e6HIh=T;dDnHxNlgrjN?!1M>N`Km9V@WOmz$kr=q1UjP4P3JTkJ7 zB&;dp@~vNBQ;N|Y7RDmMsFLs^X(fn}d3j!HpOb_UH0iJ1j+?t#`i6nKFNAbab=;>+ zLhK+Fm(kv8|Gk+*;yd+tf|`d7Nq){5)oqtPqT`iZ{vr?WVffwO{_5tPtIVoZ(~gmo zS}!R5!bUX?g5<*3M@4^UNrSMuSHpkR*99m zO;SwoK9UA^ept2S@FWs@{%O!vEKWORmMmd@tUyg|0x z!Fpq&@ry{8*)O-^9|@k_q1al6(yv+wx;k z`%G`|#(Xs0s}(+&d32NfRtZrbPX{Z%!IG|CyczxWaaPTp%!jQ?({1cz$8-^6!;1X; zUrAmsbi?1fle#vxzG@YH#hSrUI88#j96Ws{xMF#8dm{$8?Vh(PnLB@W7m1$ZYrcz4 z)tevocL{qMBy_WKGv%d4S0D|_%3VWyy;fwOTOO1@J&G0DJ12_X_3PRYsovdAZXiE1 zqjNHK7yJ6rxuH#T@9~^`)TVJ*{M!gF;xH{`SM+qFIXPqdGl36vGhJqI>WAs_6(lDn zYq6Ve(KG|P*&h@4S>$8Xm~k`lFqQRd7mZFBI&bX;m?B^I5=ZMyjm!|>+%+hWO=yg^ z{?uRBG!xf$waB9vyu;fP+%ZD5KtnR8VoJe!qdw9jhT&K;jmuAVC+YH#=-`n_mpnnS zI<7QTubTii^5O?0!qpw<CU26Z>{+(KN+8NJi3h%E{>PHs zLbn_c~wKZS&ochJArU z7l2Dv$MO%I`)GQ;>wuswKqTQuW*Q|H>y%X8BVEd-+46j&4};I#-8%G;{4}BS)q;Bv zt=VsLkda#JXO9HPs#0yeiFq16$z-*$VxE-*DpNwqhuP4+Mq=6%A!U4L=|vJx;H%le z3|Zw-k@Jf;KwD;ETLyWewxM#`b4FBc*HAqL^vv$aJ3`4ATl$%-Y)k~ovE;A7z#DHc z!+iKao|fw~Y;?9xrX-zrh4eX-nC{QMJ;k8RbyPQeTb8ScRGAcPd7|mewEsN$N;2og z#<=;wxPJX{GWZ=`LF1@wwj3i}m!jF?jR9@CAD3;xU7EvK{oqo?*hBNotu#LkoTb?h zeP0F&3#@{gxqJK)DN`a;$9Pb3KSxBo(VH7vT!=I)IkbVN&M^0yeDn%$%Kdo(-JN7(QB?d9$sve8 zC}sg^N&#WG!ftUY9miM`D8#igcbaz=&B-(|vyVvGEz5l;x+i`=3Po-co4;i6Mz8@- zP}O1k7&}`xC|<=7*qWhGgF9}A(Qrv|kJu?3^Mt6DX+dZQZZf+67BflRl)@fzzxee? zFHC8*0=BbnlY}h!VU6o7%R$f|qg%NbHSvHP_VA#4m_T94=Ka=ZwTb3Bl#xs#bye{b z_}zx3*>(TmkS@DAc82}XTHA!R9eo0nNT{=^j^zG)AZ(+k{yhPoNo9WN)YvX45oQW9H0ykOQ4Lp z`$WZZYxZKoquZOrR{AzWt4B5pYR+DepDrCp9z7XA=Zh5&AYsgF_K&9S5x114vxv@K z&xsTI+*e%D_7ucMKE<1A@4NV((yGt5=S{`+h?)4?{Sd;1Zt3wxNW%%befi7ODy>hf zk!6?k;fg!Ugv>CBky2d5tkSlYuR(*D_|cRUW*wP~1;KqRZ2y6f4m2)77SFI)zbPfh zN5}Wka9i};V-4uUN06+Pv_46^JRQvhEbQ!^gUh>G$HXgby$5Nm%VN>+j~r?COd+$h z@9g!aAT0pbui&$x)cwq&><=zJ_|#S+pjL}BO?{HK8*Tb82CQ)|Qhq^%QLTigl-@@t7WbheOR)^itMa!eNR5U1yFmanF6tkWr}U4oyQUGxg_h&ubP z7$rV;)nsN#G|n6%Y|h$;+1C=}m~~b%n9L1-6Kq~@W+Qs6Ov;_ERTO<~pricU)x0mA z@PwCE!63!dlz49+Uz5ktA=&J;GELgsPn-1T(>bbF?rFHCsyxg?CcXNBZ{FQq{=!*I z8rUQEMncXPpIRTDN-vUUaJ;W8lkdzpiSC9qcdEl&}A7!o>0s@2`cIV zc}U{D*I?nzmDIdrdF=N{I&6&1`TfA?^N>CcG%iU6$qNhCbV4a7I^r${1by4%77RMQ zWs)({$gYKQTxL4Y(ang&hx~Ri<9h)Cwyz;01_%jCDw5?|)3?Xmm=cC)A5bjW?rUyo z&Z%h30{woxdoMmmIno{zS7n2b%_IO(ahp3rOJFcNNXET5ZNtj0@w)Nz+IdOVhdlVk zwY9;gE4KYzzf?#%zm9)DTJP9TvK_;Xxuh ztjIv}G;MBN7H5y_;pp+{OXg%bTy6C#_jWV-6P9;^&DTOGcrBAH=pq((LVuJJ)m6vX z6;A1z%OuM!$J51LuV*R8);}lYuC9J)SKZ%#MYh}N>Gk}vAJ&MVWG2bz7`8Am%j~sx zJSaf;t=I|>p4&~QGWM02)93q-M%lN78Y19t+F5l~j<0lbfA3s?9NE59U_JiZ) z6FwlLz^|{AV+p7~d3Wq!p_a;{)PXKx_s!?)BP2^iwsA9vZK(vRK%*GEZFT;P!AwMh zVkWu6QVh{bQ{1}}nOPdM<47qnqX|@GtXn+P=gSqqPaqYsAn9rzrq348Xv_YRtMgK+ z=Gm%s7nv#~SY&FS0`N2cMMmvlzUuf;FebT9~9?4OJVM zfsRBo2BJFp==$3@Oj!~#0Z}535CY4YUcgJOqAyC4Y z62#4xHmZ|BK~b*y9d#lllH~P#y4}{u#wq#Kpp`n~)ERIP+!b{-X>NH|!aaxAz7I}H zQxtcL_Y3kooj};lljh=wJqW7S>U;p*bx1iAq{_IcGLQYn?Hbi}$x%Y-^lc^G2_9I> zgl)~m%Se`!G#lH!pzusVFn5i z-hs7mR`cstoD3ynLNT>actl5lH_RlMi6`@Y97wroDRw@4JCE2!f2PRroeU4>j;lzmw(iL=ajo-VSln`pRFx!+c_)PPP88)Nj1?-`@2TOFbjbc|< z6Ic7cJWBE7v-X*#wy!J!e_-AmXV@#|-B!lu1Ghgj4NQbJC%eor<6k8PDa)Ty;mGG% z(Ak7Cnmk}WHl$Q#xB);_*p$iKikpt z)tti<^&fW5tG)=oZZdT*{E_pE5LW&H`7M_EsJFp{k##PWA9CX&`cW&=W_Ku#HuzKq;XWFPV%zS0{ zhCw0REv|=$Io7*Lw^)E(*s}k)Ijv1pYU>Ev5q}bxz87mZ`Lgyd96{YGt=^0)WZP64 zu|KqPbNUVi6(!?9GXf9$wz9C3vm*j#^GA(gp4&3SKWhyO2?1m*kLzKZ8a(u5GCCGk>AoIGruVeVYE zP7J>*`9qHs!U^tZY42=lXG{B2FU-Ww#aWo1{->e8KmIl|8~eW-vUTGAZI;|{I~#yI z%pL&Z1_J)B`F5btEh~bOxAA-%v9~V~Fc1Xg0)n|fU@Z_-5DF3m0l9!b=OzUBhn|00 z{!@pYqn4c=QbbMjH>^-@QzVl13Bu9oCu-;|i{M|h{H^als8O~vwKVhizd-q==ihV) z0e&*`3sb+j;pZg(LH_R;wEx9be_`Xi&k1&Nt{*&VRE~; zKu}s&&~3c@bRE+2uX=x%{?*)XaQ_jR&@Ec{&)~Lm{09v`)oLOf{wnSAV3pSE)yuf36}s6!N(5*!b}h_liwDovhuHEe{ufrdgX1MoME z?*4z=^?UUFhu{C4@PAnGuj>A5P^7ygO?JfZ$5AN83MnKk<@exW#RZkY!6ZCS!n za9__0)$Nzd@0WuHt62pL>g3geL;^{LKNw_76iE|PN6mY2A-u8KJS!hC%#1GzaS3Utq==9N z1R~AP%f~0l%Maq^h44#=L!e*@UTJYCPyi^-!z*G4khe9nqXqrk!O{358hAkf4Ldt$ z+S~l&r&QC@6G01t{Jt5Xqk%93Jk + + + + + + diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/default/eventtypes.conf b/deployment-apps/Splunk_TA_fortinet_fortigate/default/eventtypes.conf new file mode 100644 index 00000000..3a423591 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/default/eventtypes.conf @@ -0,0 +1,110 @@ +[ftnt_fortigate] +search = sourcetype=fgt_traffic OR sourcetype=fgt_utm OR sourcetype=fgt_event OR sourcetype=fgt_anomaly OR sourcetype=fortigate_traffic OR sourcetype=fortigate_utm OR sourcetype=fortigate_event OR sourcetype=fortigate_anomaly + +[ftnt_fortigate_traffic] +search = sourcetype=fgt_traffic OR sourcetype=fortigate_traffic + +#[ftnt_fgt_traffic_start] +#search = sourcetype=fgt_traffic + +#[ftnt_fgt_traffic_end] +#search = sourcetype=fgt_traffic + +[ftnt_fortigate_utm] +search = sourcetype=fortigate_utm OR sourcetype=fortigate_anomaly OR sourcetype = fgt_utm OR sourcetype=fgt_anomaly + +[ftnt_fortigate_ips] +search = (sourcetype=fortigate_utm OR sourcetype=fgt_utm) subtype=ips + +[ftnt_fortigate_anomaly] +search = (sourcetype=fortigate_anomaly OR sourcetype=fortigate_utm OR sourcetype=fgt_anomaly OR sourcetype=fgt_utm) subtype=anomaly + +[ftnt_fortigate_virus] +search = (sourcetype=fortigate_utm OR sourcetype=fgt_utm) subtype=virus vendor_action!=analytics + +[ftnt_fortigate_netscan] +search = (sourcetype=fortigate_utm OR sourcetype=fgt_utm) subtype=netscan + +[ftnt_fortigate_spam] +search = (sourcetype=fortigate_utm OR sourcetype=fgt_utm) subtype=spam + +[ftnt_fortigate_webfilter] +search = (sourcetype=fortigate_utm OR sourcetype=fgt_utm) subtype=webfilter + +[ftnt_fortigate_appctrl] +search = (sourcetype=fortigate_utm OR sourcetype=fgt_utm) subtype=app-ctrl + +[ftnt_fortigate_event] +search = sourcetype=fgt_event OR sourcetype=fortigate_event + +[ftnt_fortigate_vpn] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=vpn + +[ftnt_fortigate_vpn_cert_change] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=vpn logid IN("0101041984", "0101041987") + +[ftnt_fortigate_vpn_auth] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=vpn (vendor_action=negotiate OR vendor_action=ssl-login-fail) + +[ftnt_fortigate_vpn_start] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=vpn vendor_action IN("tunnel-up", "install_sa", "ssl-new-con", "ssl-web-pass") + +[ftnt_fortigate_vpn_end] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) ((subtype=vpn AND vendor_action IN("tunnel-down", "delete_ipsec_sa", "ssl-web-close")) OR (logid=0107045061 AND connection_type="sslvpn")) + +[ftnt_fortigate_wireless] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=wireless + +[ftnt_fortigate_wireless_config_change] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=wireless vendor_action IN("oper-channel", "oper-txpower", "config-txpower", "country-config-success", "controller-cfg-loaded", "controller-up", "ap-join", "ap-add") + +[ftnt_fortigate_wireless_client_auth] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=wireless (vendor_action=client-ip-detected OR vendor_action=client-deauthentication) + +[ftnt_fortigate_wireless_client_authentication] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=wireless vendor_action IN("client-authentication", "user-sign-on-success", "user-sign-on", "user-sign-on-failure") + +[ftnt_fortigate_wireless_client_deauthentication] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=wireless vendor_action=client-deauthentication + +[ftnt_fortigate_system] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system + +[ftnt_fortigate_dhcp_ack] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system logid=0100026001 + +[ftnt_fortigate_auth] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=user vendor_action=authentication (vendor_status=success OR vendor_status=failure) + +[ftnt_fortigate_auth_privileged] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system (vendor_action=login OR vendor_action=logout) + +[ftnt_fortigate_auth_privileged_login] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system vendor_action=login NOT (logid=0100022952 OR logid=0100022949) + +[ftnt_fortigate_auth_privileged_logout] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system vendor_action=logout + +[ftnt_fortigate_perf_stats] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system vendor_action=perf-stats + +[ftnt_fortigate_cpu_stats] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system vendor_action=cpu-usage + +[ftnt_fortigate_config_change] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system (vendor_action IN("Add", "Edit", "delete", "add-vdom", "pba-create", "pba-close") OR logid IN("0100032141", "0100041000", "0100032130", "0100032102")) + +[ftnt_fortigate_restart] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) subtype=system (vendor_action=reboot OR vendor_action=shutdown) + +[ftnt_fortigate_scanunit_db] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) logid IN("0100022815","0100022813") + +[ftnt_fortigate_user_config_change] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) logid IN("0100032132","0102043039") + +[ftnt_fortigate_alerts] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) logid IN("0101041990", "0101041992", "0101039946", "0100046600", "0101053103", "0100032006", "0100022918", "0100022952", "0100022949", "0100036883", "0101039944") + +[ftnt_fortigate_detected_ip_using_dhcp] +search = (sourcetype=fortigate_event OR sourcetype=fgt_event) logid=0104043579 \ No newline at end of file diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/default/macros.conf b/deployment-apps/Splunk_TA_fortinet_fortigate/default/macros.conf new file mode 100644 index 00000000..f86f6d53 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/default/macros.conf @@ -0,0 +1,55 @@ +######################## +# +# Base Macros +# +######################## + + +[fortigate_traffic] +definition = eventtype=ftnt_fortigate_traffic + +[fortigate_utm] +definition = eventtype=ftnt_fortigate_utm + +[fortigate_event] +definition = eventtype=ftnt_fortigate_event + +[fortigate_logs] +definition = `fortigate_traffic` OR `fortigate_utm` OR `fortigate_event` + +[fortigate_virus] +definition = `fortigate_utm` subtype=virus + +[fortigate_ips] +definition = `fortigate_utm` (subtype=ips OR subtype=anomaly) + +[fortigate_anomaly] +definition = `fortigate_utm` subtype=anomaly + +[fortigate_appctrl] +definition = `fortigate_utm` subtype=app-ctrl + +[fortigate_webfilter] +definition = `fortigate_utm` subtype=webfilter + +[fortigate_spam] +definition = `fortigate_utm` subtype=spam + +[fortigate_netscan] +definition = `fortigate_utm` subtype=netscan + +[fortigate_dlp] +definition = `fortigate_utm` subtype=dlp + +[fortigate_vpn] +definition = `fortigate_event` subtype=vpn + +[fortigate_wireless] +definition = `fortigate_event` subtype=wireless + +[fortigate_auth] +definition = `fortigate_event` subtype=user + +[fortigate_system] +definition = `fortigate_event` subtype=system + diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/default/props.conf b/deployment-apps/Splunk_TA_fortinet_fortigate/default/props.conf new file mode 100644 index 00000000..0f29a7e1 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/default/props.conf @@ -0,0 +1,231 @@ +[fortigate_log] +TRANSFORMS-force_sourcetype_fortigate = force_sourcetype_fortigate +SHOULD_LINEMERGE = false +EVENT_BREAKER_ENABLE = true + +[fgt_log] +TRANSFORMS-force_sourcetype_fgt = force_sourcetype_fortigate +SHOULD_LINEMERGE = false +EVENT_BREAKER_ENABLE = true + +[fortigate_traffic] +TIME_PREFIX = ^ +SHOULD_LINEMERGE = false +EVENT_BREAKER_ENABLE = true +KV_MODE = none +REPORT-field_extract = field_extract +ANNOTATE_PUNCT = false +EVAL-vendor = "Fortinet" +EVAL-product = "Firewall" +EVAL-vendor_product = "Fortinet Firewall" +EVAL-product_version = coalesce(logver, "50") +EVAL-devname = coalesce(devname, devid) +FIELDALIAS-fortigate_traffic_dvc = devname as dvc +FIELDALIAS-fortigate_traffic_vendor_eventtype = eventtype as vendor_eventtype +FIELDALIAS-fortigate_traffic_vendor_transport = transport as vendor_transport +FIELDALIAS-vendor_action = action as vendor_action +FIELDALIAS-vendor_status = status as vendor_status +EVAL-ftnt_action = coalesce(utmaction, vendor_action, vendor_status) +LOOKUP-fortigate_traffic_action = ftnt_action_lookup ftnt_action OUTPUT action +EVAL-sentbyte = coalesce(sentdelta, sentbyte) +EVAL-rcvdbyte = coalesce(rcvddelta, rcvdbyte) +EVAL-bytes = coalesce(rcvddelta + sentdelta, rcvdbyte + sentbyte) +EVAL-bytes_in = coalesce(rcvddelta, rcvdbyte) +EVAL-bytes_out = coalesce(sentdelta, sentbyte) +FIELDALIAS-fortigate_traffic_dest_ip = dstip as dest_ip +FIELDALIAS-fortigate_traffic_dest = dstip as dest +FIELDALIAS-fortigate_traffic_dest_interface = dstintf as dest_interface +FIELDALIAS-fortigate_traffic_dst_mac = dstmac as dest_mac +FIELDALIAS-fortigate_traffic_dest_port = dstport as dest_port +FIELDALIAS-fortigate_traffic_dest_translated_ip = tranip as dest_translated_ip +FIELDALIAS-fortigate_traffic_dest_translated_port = tranport as dest_translated_port +EVAL-packets = (rcvdpkt + sentpkt) +EVAL-protocol_version = case(isnotnull(srcip), if(match(srcip,":"), "ipv6", "ipv4"), isnotnull(dstip), if(match(dstip,":"), "ipv6", "ipv4")) +EVAL-wifi = if(isnotnull(radioband), replace(radioband,",.*",""), null) +EVAL-tcp_flag = if(vendor_action IN("server-rst","client-rst"), "RST", tcp_flag) +FIELDALIAS-fortigate_traffic_packets_in = rcvdpkt as packets_in +FIELDALIAS-fortigate_traffic_packets_out = sentpkt as packets_out +FIELDALIAS-fortigate_traffic_rule = poluuid as rule +FIELDALIAS-fortigate_traffic_rule_id = policyid as rule_id +FIELDALIAS-fortigate_traffic_session_id = sessionid as session_id +FIELDALIAS-fortigate_traffic_src = srcip as src +FIELDALIAS-fortigate_traffic_src_interface = srcintf as src_interface +FIELDALIAS-fortigate_traffic_src_ip = srcip as src_ip +FIELDALIAS-fortigate_traffic_src_mac = srcmac as src_mac +FIELDALIAS-fortigate_traffic_src_port = srcport as src_port +FIELDALIAS-fortigate_traffic_src_translated_ip = transip as src_translated_ip +FIELDALIAS-fortigate_traffic_src_translated_port = srcport as src_translated_port +FIELDALIAS-fortigate_traffic_src_zone = srcintfrole as src_zone +FIELDALIAS-fortigate_traffic_dest_zone = dstintfrole as dest_zone +EVAL-ssid = coalesce(srcssid, dstssid) +LOOKUP-fortigate_traffic_ftnt_protocol_lookup = ftnt_protocol_lookup proto OUTPUT transport,protocol +EVAL-app = coalesce(app, service, transport) +EVAL-user = coalesce(user, unauthuser) + +[fgt_traffic] +rename = fortigate_traffic + +[fortigate_utm] +#subtype app-ctrl webfilter virus voip ips +TIME_PREFIX = ^ +SHOULD_LINEMERGE = false +EVENT_BREAKER_ENABLE = true +KV_MODE = none +REPORT-field_extract = field_extract, extract_file_and_file_path, extract_url_domain +ANNOTATE_PUNCT = false +FIELDALIAS-fortigate_utm_dest_ip = dstip as dest_ip +FIELDALIAS-fortigate_utm_vendor_eventtype = eventtype as vendor_eventtype +FIELDALIAS-fortigate_utm_vendor_url = url as vendor_url +FIELDALIAS-vendor_action = action as vendor_action +FIELDALIAS-vendor_status = status as vendor_status +EVAL-severity = coalesce(severity, crlevel, apprisk, "informational") +EVAL-vendor = "Fortinet" +EVAL-product = "Firewall" +EVAL-vendor_product = "Fortinet Firewall" +EVAL-ids_type = "network" +EVAL-product_version = coalesce(logver, "50") +EVAL-devname = coalesce(devname, devid) +FIELDALIAS-fortigate_utm_dvc = devname as dvc +EVAL-ftnt_action = coalesce(vendor_action, vendor_status) +EVAL-protocol_version = case(isnotnull(srcip), if(match(srcip,":"), "ipv6", "ipv4"), isnotnull(dstip), if(match(dstip,":"), "ipv6", "ipv4")) +LOOKUP-fortigate_utm_action = ftnt_action_lookup ftnt_action OUTPUT action +FIELDALIAS-fortigate_utm_rule_id = policyid as rule_id +FIELDALIAS-fortigate_utm_src_zone = srcintfrole as src_zone +FIELDALIAS-fortigate_utm_dest_zone = dstintfrole as dest_zone +FIELDALIAS-fortigate_utm_dest_interface = dstintf as dest_interface +FIELDALIAS-fortigate_utm_dest = dstip as dest +FIELDALIAS-fortigate_utm_dest_port = dstport as dest_port +FIELDALIAS-fortigate_utm_dst_mac = dstmac as dst_mac +FIELDALIAS-fortigate_utm_session_id = sessionid as session_id +FIELDALIAS-fortigate_utm_src_interface = srcintf as src_interface +FIELDALIAS-fortigate_utm_src_ip = srcip as src_ip +FIELDALIAS-fortigate_utm_src = srcip as src +FIELDALIAS-fortigate_utm_src_port = srcport as src_port +FIELDALIAS-fortigate_utm_src_mac = srcmac as src_mac +EVAL-bytes = (rcvdbyte + sentbyte) +FIELDALIAS-fortigate_utm_bytes_in = rcvdbyte as bytes_in +FIELDALIAS-fortigate_utm_bytes_out = sentbyte as bytes_out +FIELDALIAS-fortigate_utm_http_referrer = referralurl as http_referrer +FIELDALIAS-http_user_agent = agent as http_user_agent +FIELDALIAS-fortigate_utm_site = hostname as site +FIELDALIAS-fortigate_utm_file_hash = analyticscksum as file_hash +EVAL-file_name = coalesce(filename,file_name) +EVAL-file_path = if(match(vendor_url,"^\/"),hostname+file_path,file_path) +EVAL-url = if(match(vendor_url,"^\/"),hostname+vendor_url,vendor_url) +EVAL-url_domain = coalesce(url_domain,if(match(hostname,"^(?:\d+\.){3}\d+"),null(),hostname)) +EVAL-signature = coalesce(attack, attackname, virus) +FIELDALIAS-signature_id = attackid as signature_id +EVAL-category = coalesce(attack, attackname, virus, catdesc, dtype,case(subtype=="app-ctrl", appcat, subtype=="webfilter", urlsource)) +EVAL-app = coalesce(app,service) +LOOKUP-fortigate_protocol_lookup = ftnt_protocol_lookup proto OUTPUT transport,protocol + +[fgt_utm] +rename = fortigate_utm + +[fortigate_anomaly] +TIME_PREFIX = ^ +SHOULD_LINEMERGE = false +EVENT_BREAKER_ENABLE = true +KV_MODE = none +REPORT-field_extract = field_extract +ANNOTATE_PUNCT = false +FIELDALIAS-fortigate_utm_vendor_eventtype = eventtype as vendor_eventtype +FIELDALIAS-fortigate_utm_vendor_url = url as vendor_url +FIELDALIAS-vendor_action = action as vendor_action +FIELDALIAS-vendor_status = status as vendor_status +EVAL-severity = coalesce(severity, crlevel, apprisk, "informational") +EVAL-vendor = "Fortinet" +EVAL-product = "Firewall" +EVAL-ids_type = "network" +EVAL-product_version = coalesce(logver, "50") +EVAL-devname = coalesce(devname, devid) +FIELDALIAS-fortigate_utm_dvc = devname as dvc +EVAL-ftnt_action = coalesce(vendor_action, vendor_status) +LOOKUP-fortigate_utm_action = ftnt_action_lookup ftnt_action OUTPUT action +FIELDALIAS-fortigate_utm_dest_interface = dstintf as dest_interface +FIELDALIAS-fortigate_utm_dest = dstip as dest +FIELDALIAS-fortigate_utm_dest_port = dstport as dest_port +FIELDALIAS-fortigate_utm_dst_mac = dstmac as dst_mac +FIELDALIAS-fortigate_utm_session_id = sessionid as session_id +FIELDALIAS-fortigate_utm_src_interface = srcintf as src_interface +FIELDALIAS-fortigate_utm_src_ip = srcip as src +FIELDALIAS-fortigate_utm_src_port = srcport as src_port +FIELDALIAS-fortigate_utm_src_mac = srcmac as src_mac +EVAL-bytes = (rcvdbyte + sentbyte) +FIELDALIAS-fortigate_utm_bytes_in = rcvdbyte as bytes_in +FIELDALIAS-fortigate_utm_bytes_out = sentbyte as bytes_out +FIELDALIAS-fortigate_utm_http_method = reqtype as http_method +FIELDALIAS-fortigate_utm_http_referrer = referralurl as http_referrer +FIELDALIAS-fortigate_utm_http_status = vendor_action as status +FIELDALIAS-http_user_agent = agent as http_user_agent +FIELDALIAS-fortigate_utm_site = hostname as site +FIELDALIAS-fortigate_utm_file_hash = analyticscksum as file_hash +FIELDALIAS-fortigate_utm_file_name = filename as file_name +FIELDALIAS-fortigate_utm_file_path = vendor_url as file_path +EVAL-url = coalesce(hostname + vendor_url, vendor_url) +EVAL-signature = coalesce(attack, attackname, virus) +EVAL-category = coalesce(attack, attackname, virus, catdesc, dtype) + +[fgt_anomaly] +rename = fortigate_anomaly + +[fortigate_event] +TIME_PREFIX = ^ +SHOULD_LINEMERGE = false +EVENT_BREAKER_ENABLE = true +KV_MODE = none +REPORT-field_extract = field_extract, extract_cim_fields_for_user +ANNOTATE_PUNCT = false +EVAL-vendor = "Fortinet" +EVAL-product = "Firewall" +EVAL-vendor_product = "Fortinet Firewall" +FIELDALIAS-vendor_action = action as vendor_action +FIELDALIAS-vendor_status = status as vendor_status +## Don't remove unknown from vendor_status eval because of lookup dependency. +EVAL-vendor_status = coalesce(vendor_status, "unknown") +EVAL-status = if(logid IN("0100041000","0102043039","0100032132"),"success",coalesce(status, case(logid IN("0100032141","0100044547","0104043575","0104043588","0104043594","0104043591","0104043593","0104043551","0104043597","0100032301","0104043612","0104043611","0100022016","0100022015","0100032130","0100032102","0100022813","0100022815"),"success"))) +FIELDALIAS-fortigate_event_vendor_url = url as vendor_url +FIELDALIAS-fortigate_event_vendor_eventtype = eventtype as vendor_eventtype +FIELDALIAS-mem_used = mem as mem_used +EVAL-mem_free = 100 - mem_used +EVAL-log_action = case(logid IN("0101041984","0100022815","0100022813"), "read", logid IN("0101041987","0100032141","0100041000","0100032102"), "modified", logid=="0100026001", "added", logid=="0100032132", "Local user added", logid=="0100032130", "User changed", true(), action) +LOOKUP-fortigate_event_action = ftnt_event_action_lookup subtype vendor_action as log_action vendor_status OUTPUT action, change_type +LOOKUP-fortigate_severity = ftnt_severity_lookup level OUTPUT severity,severity_id +EVAL-product_version = coalesce(logver, "50") +EVAL-devname = coalesce(devname, devid) +FIELDALIAS-fortigate_event_dvc = devname as dvc +EVAL-user = coalesce(user_name, if(xauthuser=="N/A",null(),xauthuser)) +EVAL-user_name = coalesce(user_name, if(xauthuser=="N/A",null(),xauthuser)) + +FIELDALIAS-fortigate_system_cpu = cpu as cpu_load_percent +EVAL-object = coalesce(cfgobj,case(logid IN("0100022016","0100022015"), poolname, logid IN("0101041984","0101041987","0100032130","0100032132"), name, logid=="0100032141", field, logid IN ("0104043551","0104043597"), replace(msg,"^AP\s*(.*?)\s(?:joined\.|added)","\1"), match(logdesc,"^Physical AP radio"), "radio", logid=="0104043575", "client-"+stamac, logid IN("0100032003","0102043039"), user, logid=="0100032301", replace(msg,"Virtual\sdomain\s(.*?)\sis\sadded","\1"), logid=="0104043612", "wireless controller cfg", logid=="0100041000", "FortiGate", logid=="0104043611", "wireless controller", logid=="0100032102", replace(msg,"Configuration\sis\schanged\sin\sthe\s(.*)","\1"), logid IN("0100022813","0100022815"), "Scanunit")) +EVAL-object_attrs = coalesce(cfgattr, case(vendor_action=="oper-channel", "channel", vendor_action=="oper-txpower", "txpower", vendor_action=="config-txpower", "cfgtxpower",vendor_action=="country-config-success", "country " + configcountry, logid IN("0100022813","0100022815"), "AV Database", logid IN("0101041984","0101041987"), "cert-type")) +EVAL-object_category = case(logid IN("0104043575","0100032003","0100032130","0102043039","0100032132"), "user", match(logdesc,"^Physical AP radio") OR logid IN("0100032141","0100044547","0104043551","0104043597","0100032301","0104043611","0100022016","0100022015","0100041000","0100032102","0100022813","0100022815"), "configuration",logid IN("0101041984","0101041987","0104043612"), "file") +EVAL-object_id = coalesce(cfortigateid, cfgtid, case(logid IN("0104043551","0104043597"), ap,logid=="0104043575", stamac, match(logdesc,"^Physical AP radio"), radioid)) +EVAL-object_path = coalesce(cfgpath,case(match(logdesc,"^Physical AP radio"),replace(msg,"\sradio.*",""))) +EVAL-result = coalesce(result, logdesc) +EVAL-user_type = case(match(logdesc,"^Admin log(?:out|in)"), "Admin", logid=="0104043575", "Wireless client") +EVAL-src_user_type = case(match(logdesc,"^Admin log(?:out|in)"), "Admin", logid=="0104043575", "Wireless client") +EVAL-tunnelname = coalesce(vpntunnel,tunnelid) +REPORT-src_ip_from_ui = src_ip_from_ui +EVAL-src = coalesce(srcip, remip, src_ip_from_ui, case(logid IN("0104043588","0104043594","0104043591","0104043593","0104043551"),ip)) +EVAL-src_ip = coalesce(srcip, remip, src_ip_from_ui, case(logid IN("0104043588","0104043594","0104043591","0104043593","0104043551"),ip)) +EVAL-dest = coalesce(if(dstip=="N/A",null(),dstip), locip, ssid, case(logid IN("0100032141","0100032301","0100044547","0101039426","0104043588","0104043594","0104043591","0104043593","0104043551","0104043597","0101041984","0101041987","0101041990","0100022952","0101041992","0104043612","0104043611","0100040705","0100022016","0100022015","0100041000","0100032130","0100022918","0100040704","0100022949","0100036883","0100032102","0101039944","0102043039","0100032132","0100022813","0100022815","0100032001","0100032003"),dvc, logid=="0100026001", ip)) +EVAL-dest_ip = coalesce(if(dstip=="N/A",null(),dstip), locip, case(logid=="0100026001", ip)) +EVAL-signature = case(logid IN("0104043579","0101041990","0100022952","0101041992","0101039946","0100046600","0101053103","0100032006","0100022918","0100040704","0100026001","0101039425","0100022949","0100036883","0101039944","0100040704","0101039940","0101037135","0101039948","0101037133"), logdesc, logid IN("0101039424","0101039938"), tunneltype, logid=="0101039943", tunneltype+" "+subtype, logid=="0107045061", connection_type) +EVAL-dest_mac = coalesce(dest_mac,case(logid=="0100026001", mac)) +EVAL-resource_type = coalesce(resource_type, case(logid IN("0100040704","0100040705"),"system")) +EVAL-src_port_range = case(logid IN("0100022015","0100022016"), portbegin+"-"+portend) +EVAL-src_ip_range = if(logid=="0100022015",saddr,null()) +EVAL-dest_ip_range = if(logid=="0100022015",saddr,null()) +FIELDALIAS-body = msg as body +FIELDALIAS-id = logid as id +FIELDALIAS-fortigate_wireless_src_mac = stamac as src_mac +FIELDALIAS-fortigate_wireless_src_interface = vap as src_interface +FIELDALIAS-lease_duration = lease as lease_duration +EVAL-wifi = if(isnotnull(radioband), replace(radioband,",.*",""), null) +EVAL-app = case(logid=="0101039944", tunneltype+" vpn", logid=="0101039946", "vpn", true(), coalesce(authproto,tunneltype,security,case(logid IN("0101041990","0101041992","0101053103","0101037127","0101037121"), "vpn", logid=="0100022918", "FortiGuard",logid IN("0100022952","0100022949"), "FortiCloud",logid IN("0100046600","0100032006","0100036883"), "system", logid IN("0100032002","0100032001"), "FortiOS"))) +FIELDALIAS-authentication_service = security as authentication_service + +[fgt_event] +rename = fortigate_event diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/default/tags.conf b/deployment-apps/Splunk_TA_fortinet_fortigate/default/tags.conf new file mode 100644 index 00000000..788c5a5c --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/default/tags.conf @@ -0,0 +1,107 @@ +[eventtype=ftnt_fortigate_traffic] +network = enabled +communicate = enabled + +[eventtype=ftnt_fortigate_appctrl] +network = enabled +communicate = enabled + +[eventtype=ftnt_fortigate_webfilter] +web = enabled + +[eventtype=ftnt_fortigate_virus] +malware = enabled +attack = enabled +operations = enabled + +[eventtype=ftnt_fortigate_spam] +email = enabled +filter = enabled + +[eventtype=ftnt_fortigate_ips] +ids = enabled +attack = enabled + +[eventtype=ftnt_fortigate_anomaly] +ids = enabled +attack = enabled + +[eventtype=ftnt_fortigate_auth] +authentication = enabled +default = enabled + +[eventtype=ftnt_fortigate_wireless_client_authentication] +authentication = enabled +default = enabled + +[eventtype=ftnt_fortigate_wireless_client_deauthentication] +change = enabled +network = enabled + +[eventtype=ftnt_fortigate_auth_privileged_login] +authentication = enabled +privileged = enabled + +[eventtype=ftnt_fortigate_auth_privileged_logout] +change = enabled +account = enabled + +[eventtype=ftnt_fortigate_vpn_auth] +authentication = enabled +default = enabled + +[eventtype=ftnt_fortigate_vpn_cert_change] +change = enabled +network = enabled + +[eventtype=ftnt_fortigate_dhcp_ack] +network = enabled +session = enabled +dhcp = enabled + +[eventtype=ftnt_fortigate_detected_ip_using_dhcp] +network = enabled +session = enabled +start = enabled + +[eventtype=ftnt_fortigate_vpn_start] +network = enabled +session = enabled +vpn = enabled +start = enabled + +[eventtype=ftnt_fortigate_vpn_end] +network = enabled +session = enabled +vpn = enabled +end = enabled + +[eventtype=ftnt_fortigate_perf_stats] +os = enabled +performance = enabled +cpu = enabled +memory = enabled + +[eventtype=ftnt_fortigate_cpu_stats] +performance = enabled +cpu = enabled + +[eventtype=ftnt_fortigate_restart] +change = enabled + +[eventtype=ftnt_fortigate_scanunit_db] +change = enabled + +[eventtype=ftnt_fortigate_user_config_change] +change = enabled + +[eventtype=ftnt_fortigate_config_change] +change = enabled +network = enabled + +[eventtype=ftnt_fortigate_wireless_config_change] +change = enabled +network = enabled + +[eventtype=ftnt_fortigate_alerts] +alert = enabled \ No newline at end of file diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/default/transforms.conf b/deployment-apps/Splunk_TA_fortinet_fortigate/default/transforms.conf new file mode 100644 index 00000000..58cbbe2e --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/default/transforms.conf @@ -0,0 +1,45 @@ +##sourcetype +[force_sourcetype_fortigate] +SOURCE_KEY = _raw +DEST_KEY = MetaData:Sourcetype +REGEX = ^.+?devid=\"?F(?:G|W|\dK).+?(?:\s|\,|\,\s)type=\"?(traffic|utm|event|anomaly) +FORMAT = sourcetype::fortigate_$1 + +## LOOKUP + +[ftnt_protocol_lookup] +filename = ftnt_protocol_info.csv + +[ftnt_action_lookup] +filename = ftnt_action_info.csv + +[ftnt_event_action_lookup] +filename = ftnt_event_action_info.csv + +[ftnt_severity_lookup] +filename = ftnt_severity_info.csv + +## REPORT + +[field_extract] +DELIMS = "\ ,", "=" + +[src_ip_from_ui] +SOURCE_KEY = ui +REGEX = ((?:\d+\.){3}\d+) +FORMAT = src_ip_from_ui::$1 + +[extract_cim_fields_for_user] +SOURCE_KEY = user +REGEX = ^(?:N\/A$|(((.*)))) +FORMAT = src_user::$1 src_user_name::$2 user_name::$3 + +[extract_file_and_file_path] +SOURCE_KEY = url +REGEX = ^((?:[^?]*[\/])([^?]*)) +FORMAT = file_path::$1 file_name::$2 + +[extract_url_domain] +SOURCE_KEY = url +REGEX = ^(?:[^:]+:\/\/)?(?!(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|\S+:\/\/))([^:\/]+) +FORMAT = url_domain::$1 diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_action_info.csv b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_action_info.csv new file mode 100644 index 00000000..31d63f03 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_action_info.csv @@ -0,0 +1,21 @@ +ftnt_action, action +pass, allowed +passthrough, allowed +log-only, allowed +blocked, blocked +block, blocked +monitored, deferred +analytics, deferred +detected, allowed +dropped, blocked +allowed, allowed +accept, allowed +close, allowed +deny, blocked +dns, allowed +timeout, teardown +ip-conn, allowed +allow, allowed +server-rst, allowed +client-rst, allowed +clear_session, blocked diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_event_action_info.csv b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_event_action_info.csv new file mode 100644 index 00000000..2a55db4c --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_event_action_info.csv @@ -0,0 +1,53 @@ +subtype, vendor_action, vendor_status, action, change_type +user, authentication, success, success, auth +user, authentication, failure, failure, auth +user, auth-logon, logon, modified, AAA +wireless, client-ip-detected, unknown, added, auth +wireless, client-deauthentication, unknown, logoff, AAA +wireless, client-authentication, unknown, success, AAA +wireless, user-sign-on-success, unknown, success, AAA +wireless, user-sign-on, unknown, success, AAA +wireless, user-sign-on-failure, unknown, failure, AAA +wireless, oper-channel, unknown, modified, network_config +wireless, oper-txpower, unknown, modified, network_config +wireless, country-config-success, unknown, modified, network_config +wireless, config-txpower, unknown, modified, network_config +wireless, ap-join, unknown, modified, network_config +wireless, ap-add, unknown, modified, network_config +wireless, controller-cfg-loaded, unknown, read, network_config +wireless, controller-up, unknown, started, network_config +vpn, negotiate, success, success, auth +vpn, ssl-login-fail, unknown, failure, AAA +vpn, negotiate, failure, failure, auth +vpn, negotiate, negotiate_error, failure, auth +vpn, negotiate, esp_error, failure, auth +vpn, read, success, read, filesystem +vpn, modified, success, modified, filesystem +vpn, ssl-new-con, unknown, added, network_config +vpn, ssl-web-pass, unknown, added, network_config +vpn, ssl-web-close, unknown, blocked, network_config +vpn, tunnel-up, unknown, added, network_config +vpn, tunnel-down, unknown, blocked, network_config +vpn, delete_ipsec_sa, unknown, blocked, network_config +vpn, install_sa, unknown, added, network_config +endpoint, close, success, blocked, network_config +system, login, success, success, auth +system, login, failed, failure, auth +system, logout, success, logoff, AAA +system, logout, failed, logoff, AAA +system, add, unknown, created, network_config +system, Add, unknown, created, network_config +system, added, unknown, added, network_config +system, modified, unknown, modified, network_config +system, "Local user added", enable, modified, AAA +system, "User changed", unknown, modified, AAA +system, modified, update, modified, filesystem +system, delete, unknown, deleted, network_config +system, Delete, unknown, deleted, network_config +system, Edit, unknown, modified, network_config +system, shutdown, unknown, modified, restart +system, reboot, unknown, modified, restart +system, add-vdom, unknown, modified, network_config +system, pba-close, unknown, deleted, network_config +system, pba-create, unknown, created, network_config +system, read, unknown, read, filesystem \ No newline at end of file diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_protocol_info.csv b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_protocol_info.csv new file mode 100644 index 00000000..3b7570a5 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_protocol_info.csv @@ -0,0 +1,138 @@ +proto,transport,protocol +0,ip,ip +1,icmp,icmp +2,igmp,ip +3,ggp,ip +4,ipencap,ip +5,st2,ip +6,tcp,ip +7,cbt,ip +8,egp,ip +9,igp,ip +10,bbn-rcc,ip +11,nvp,ip +12,pup,ip +13,argus,ip +14,emcon,ip +15,xnet,ip +16,chaos,ip +17,udp,ip +18,mux,ip +19,dcn,ip +20,hmp,ip +21,prm,ip +22,xns-idp,ip +23,trunk-1,ip +24,trunk-2,ip +25,leaf-1,ip +26,leaf-2,ip +27,rdp,ip +28,irtp,ip +29,iso-tp4,ip +30,netblt,ip +31,mfe-nsp,ip +32,merit-inp,ip +33,sep,ip +34,3pc,ip +35,idpr,ip +36,xtp,ip +37,ddp,ip +38,idpr-cmtp,ip +39,tp++,ip +40,il,ip +41,ipv6,ip +42,sdrp,ip +43,ipv6-route,ip +44,ipv6-frag,ip +45,idrp,ip +46,rsvp,ip +47,gre,ip +48,mhrp,ip +49,bna,ip +50,esp,ip +51,ah,ip +52,i-nlsp,ip +53,swipe,ip +54,narp,ip +55,mobile,ip +56,tlsp,ip +57,skip,ip +58,ipv6-icmp,icmp +59,ipv6-nonxt,ip +60,ipv6-opts,ip +62,cftp,ip +64,sat-expak,ip +65,kryptolan,ip +66,rvd,ip +67,ippc,ip +69,sat-mon,ip +70,visa,ip +71,ipcv,ip +72,cpnx,ip +73,cphb,ip +74,wsn,ip +75,pvp,ip +76,br-sat-mon,ip +77,sun-nd,ip +78,wb-mon,ip +79,wb-expak,ip +80,iso-ip,ip +81,vmtp,ip +82,secure-vmtp,ip +83,vines,ip +84,ttp,ip +85,nsfnet-igp,ip +86,dgp,ip +87,tcf,ip +88,eigrp,ip +89,ospf,ip +90,sprite-rpc,ip +91,larp,ip +92,mtp,ip +93,ax.25,ip +94,ipip,ip +95,micp,ip +96,scc-sp,ip +97,etherip,ip +98,encap,ip +100,gmtp,ip +101,ifmp,ip +102,pnni,ip +103,pim,ip +104,aris,ip +105,scps,ip +106,qnx,ip +107,a/n,ip +108,ipcomp,ip +109,snp,ip +110,compaq-peer,ip +111,ipx-in-ip,ip +112,vrrp,ip +113,pgm,ip +115,l2tp,ip +116,ddx,ip +117,iatp,ip +118,st,ip +119,srp,ip +120,uti,ip +121,smp,ip +122,sm,ip +123,ptp,ip +124,isis,ip +125,fire,ip +126,crtp,ip +127,crdup,ip +128,sscopmce,ip +129,iplt,ip +130,sps,ip +131,pipe,ip +132,sctp,ip +133,fc,ip +135,mobility-header,ip +136,udplite,ip +137,mpls-in-ip,ip +138,manet,ip +139,hip,ip +140,shim6,ip +141,wesp,ip +142,rohc,ip \ No newline at end of file diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_severity_info.csv b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_severity_info.csv new file mode 100644 index 00000000..66b9852b --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/lookups/ftnt_severity_info.csv @@ -0,0 +1,9 @@ +level,severity,severity_id +emergency,critical,0 +alert,critical,1 +critical,critical,2 +error,high,3 +warning,medium,4 +notice,low,5 +information,informational,6 +debug,informational,7 \ No newline at end of file diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/metadata/default.meta b/deployment-apps/Splunk_TA_fortinet_fortigate/metadata/default.meta new file mode 100644 index 00000000..21749ecf --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/metadata/default.meta @@ -0,0 +1,5 @@ +[] +access = read : [ * ], write : [ * ] +export = system +version = 6.2.4 +modtime = 1439517297.392860000 diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth new file mode 100644 index 00000000..abe6ddbd --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth @@ -0,0 +1,3 @@ +date=2015-08-11 time=19:25:33 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0102043040 type=event subtype=user level=notice vd=root logdesc="FortiGuard authentication status" srcip=x.x.x.x dstip=N/A policyid=0 user="leolee" group="N/A" authproto="leolee(x.x.x.x)" action=authentication status=logout reason="N/A" msg="User leolee succeeded in logout" +date=2015-08-11 time=19:25:32 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0102043040 type=event subtype=user level=notice vd=root logdesc="FortiGuard authentication status" srcip=x.x.x.x dstip=N/A policyid=0 user="leolee" group="UG_Dialup_VPN" authproto="leolee(x.x.x.x)" action=authentication status=logout reason="N/A" msg="User leolee succeeded in logout" +date=2015-08-11 time=19:21:27 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0102043040 type=event subtype=user level=notice vd=root logdesc="FortiGuard authentication status" srcip=x.x.x.x dstip=N/A policyid=0 user="chrisnavarrete" group="N/A" authproto="chrisnavarrete(x.x.x.x)" action=authentication status=logout reason="N/A" msg="User chrisnavarrete succeeded in logout" diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth_priviledged b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth_priviledged new file mode 100644 index 00000000..5ed9407d --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_auth_priviledged @@ -0,0 +1,6 @@ +date=2015-08-11 time=19:25:12 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0100032003 type=event subtype=system level=information vd=root logdesc="Admin logout successful" sn=1439346295 user="fortiguard-it" ui=ssh(x.x.x.x) action=logout status=success duration=17 reason=exit msg="Administrator fortiguard-it logged out from ssh(x.x.x.x)" +date=2015-08-11 time=19:25:12 devname=2M-Colo1 devid=FG200D4613800211 logid=0100032003 type=event subtype=system level=information vd=root user="fortiguard-it" ui=ssh(x.x.x.x) action=logout status=success duration=17 reason=exit msg="Administrator fortiguard-it logged out from ssh(x.x.x.x)" +date=2015-08-11 time=19:24:55 devname=2M-Colo1 devid=FG200D4613800211 logid=0100032001 type=event subtype=system level=information vd=root user="fortiguard-it" ui=ssh(x.x.x.x) action=login status=success reason=none profile="FortiGuard" msg="Administrator fortiguard-it logged in successfully from ssh(x.x.x.x)" +date=2015-08-11 time=19:24:55 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0100032001 type=event subtype=system level=information vd=root logdesc="Admin login successful" sn=1439346295 user="fortiguard-it" ui=ssh(x.x.x.x) action=login status=success reason=none profile="FortiGuard" msg="Administrator fortiguard-it logged in successfully from ssh(x.x.x.x)" +date=2015-08-11 time=19:21:56 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0100032003 type=event subtype=system level=information vd=root logdesc="Admin logout successful" sn=1439346099 user="fortiguard-it" ui=ssh(x.x.x.x) action=logout status=success duration=17 reason=exit msg="Administrator fortiguard-it logged out from ssh(x.x.x.x)" +date=2015-08-11 time=19:21:56 devname=2M-Colo1 devid=FG200D4613800211 logid=0100032003 type=event subtype=system level=information vd=root user="fortiguard-it" ui=ssh(x.x.x.x) action=logout status=success duration=17 reason=exit msg="Administrator fortiguard-it logged out from ssh(x.x.x.x)" diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_config_change b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_config_change new file mode 100644 index 00000000..edad71ee --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_config_change @@ -0,0 +1,4 @@ +date=2015-08-11 time=17:51:33 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0100044547 type=event subtype=system level=information vd=root logdesc="Object attribute configured" user="FGT_ha_admin" ui="ha_daemon" action=Edit cfgtid=2826195 cfgpath="user.fortitoken" cfgobj="FTKMOB47ED6DD69D" cfgattr="activation-expire[Tue Aug 18 17:49:32 2015->Tue Aug 18 17:49:32 2015]activation-code[DEIKXAXC4O4JO4I4->DEIKXAXC4O4JO4I4]license[EFTM200021556100->EFTM200021556100]" msg="Edit user.fortitoken FTKMOB47ED6DD69D" +date=2015-08-11 time=17:51:33 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0100044547 type=event subtype=system level=information vd=root logdesc="Object attribute configured" user="FGT_ha_admin" ui="ha_daemon" action=Edit cfgtid=2826194 cfgpath="user.fortitoken" cfgobj="FTKMOB47ED6DD69D" cfgattr="activation-expire[Tue Aug 18 17:49:32 2015->Tue Aug 18 17:49:32 2015]activation-code[DEIKXAXC4O4JO4I4->DEIKXAXC4O4JO4I4]license[EFTM200021556100->EFTM200021556100]" msg="Edit user.fortitoken FTKMOB47ED6DD69D" +date=2015-08-11 time=17:51:33 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0100044547 type=event subtype=system level=information vd=root logdesc="Object attribute configured" user="FGT_ha_admin" ui="ha_daemon" action=Edit cfgtid=2826193 cfgpath="user.fortitoken" cfgobj="FTKMOB5374362440" cfgattr="activation-expire[Mon Jul 6 08:36:02 2015->N/A]activation-code[DEIFUSXL6VJX42K5->]license[EFTM200036296700->EFTM200036296700]seed[yjfZOwDwMDCfTj2hnldZvFP8mDBqLQSzcVxobe9cgld9cKxT3WyX/QbOPYlrVrwsdQR2jrLZsWqPmCNo7P/XKJu0qWmAxMbnQUkK4CQTvJELIgCLzhZZ69znadXWK8RmzT49oq6Du9Krve9M8E3lonjZxx9HbOa7Mq+T+sMo2A4d+v8t->]" msg="Edit user.fortitoken FTKMOB5374362440" +date=2015-08-11 time=17:49:37 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0100044547 type=event subtype=system level=information vd=root logdesc="Object attribute configured" user="charlihchen" ui="GUI(x.x.x.x)" action=Edit cfgtid=2760243 cfgpath="user.local" cfgobj="gzhang" cfgattr="fortitoken[FTKMOB5374362440->FTKMOB47ED6DD69D]" msg="Edit user.local gzhang" diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_ips b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_ips new file mode 100644 index 00000000..b661916c --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_ips @@ -0,0 +1,3 @@ +date=2015-08-11 time=19:04:57 devname=2M-Colo1 devid=FG200D4613800211 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=root severity=medium srcip=x.x.x.x dstip=x.x.x.x srcintf="wan1" dstintf="dmz1" policyid=36 identidx=0 sessionid=815439641 status=detected proto=6 service=http count=1 attackname="FCKeditor.CurrentFolder.Arbitrary.File.Upload" srcport=58214 dstport=80 attackid=17570 sensor="all_default" ref="http://www.fortinet.com/ids/VID17570" incidentserialno=267824612 msg="applications3: FCKeditor.CurrentFolder.Arbitrary.File.Upload," +date=2015-08-11 time=19:03:55 devname=2M-Colo1 devid=FG200D4613800211 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=root severity=critical srcip=x.x.x.x dstip=x.x.x.x srcintf="wan1" dstintf="dmz1" policyid=36 identidx=0 sessionid=815436844 status=detected proto=6 service=https count=1 attackname="OpenSSL.TLS.Heartbeat.Information.Disclosure" srcport=33782 dstport=443 attackid=38307 sensor="all_default" ref="http://www.fortinet.com/ids/VID38307" incidentserialno=116664577 msg="applications: OpenSSL.TLS.Heartbeat.Information.Disclosure," +date=2015-08-11 time=19:01:09 devname=2M-Colo1 devid=FG200D4613800211 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=root severity=medium srcip=x.x.x.x dstip=x.x.x.x srcintf="wan1" dstintf="dmz1" policyid=36 identidx=0 sessionid=815428740 status=detected proto=6 service=http count=1 attackname="FCKeditor.CurrentFolder.Arbitrary.File.Upload" srcport=59990 dstport=80 attackid=17570 sensor="all_default" ref="http://www.fortinet.com/ids/VID17570" incidentserialno=625870517 msg="applications3: FCKeditor.CurrentFolder.Arbitrary.File.Upload," diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_perf_stats b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_perf_stats new file mode 100644 index 00000000..8288ce49 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_perf_stats @@ -0,0 +1,6 @@ +date=2015-08-11 time=19:29:36 devname=2M-Colo2 devid=FG200D3913801010 logid=0100040704 type=event subtype=system level=notice vd=root action="perf-stats" cpu=0 mem=36 totalsession=178 msg="Performance statistics" +date=2015-08-11 time=19:29:31 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0100040704 type=event subtype=system level=notice vd=root logdesc="System performance statistics" action="perf-stats" cpu=26 mem=52 totalsession=257 disk=72 bandwidth=794/734 setuprate=0 disklograte=20 fazlograte=20 msg="Performance statistics: average CPU: 26, memory: 52, concurrent sessions: 257, setup-rate: 0" +date=2015-08-11 time=19:29:22 devname=US-Wifi-AC2 devid=FG800C3913801927 logid=0100100040704 type=event subtype=system level=notice vd="root" logdesc="System performance statistics" action="perf-stats" cpu=1 mem=25 totalsession=526 disk=2 bandwidth=95/131 setuprate=0 disklograte=0 fazlograte=0 msg="Performance statistics: average CPU: 1, memory: 25, concurrent sessions: 526, setup-rate: 0" +date=2015-08-11 time=19:28:49 devname=US-Wifi-AC1 devid=FG800C3913802024 logid=0100100040704 type=event subtype=system level=notice vd="root" logdesc="System performance statistics" action="perf-stats" cpu=1 mem=55 totalsession=2115 disk=9 bandwidth=3602/1082 setuprate=11 disklograte=31 fazlograte=31 msg="Performance statistics: average CPU: 1, memory: 55, concurrent sessions: 2115, setup-rate: 11" +date=2015-08-11 time=19:27:53 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0100040704 type=event subtype=system level=notice vd=root logdesc="System performance statistics" action="perf-stats" cpu=1 mem=57 totalsession=547 disk=8 bandwidth=467/439 setuprate=5 disklograte=5 fazlograte=5 msg="Performance statistics: average CPU: 1, memory: 57, concurrent sessions: 547, setup-rate: 5" +date=2015-08-11 time=19:27:50 logver=52 devname=US-IDF185_1 devid=FG3K2C3Z13800659 logid=0100040704 type=event subtype=system level=notice vd=root logdesc="System performance statistics" action="perf-stats" cpu=1 mem=54 totalsession=4871 disk=1 bandwidth=30260/29390 setuprate=15 disklograte=0 fazlograte=50 msg="Performance statistics: average CPU: 1, memory: 54, concurrent sessions: 4871, setup-rate: 15" diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_traffic b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_traffic new file mode 100644 index 00000000..41d2c228 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_traffic @@ -0,0 +1,5 @@ +date=2015-08-11 time=19:19:43 devname=Nosey devid=FG800C3912801080 logid=0004000017 type=traffic subtype=sniffer level=notice vd=root srcip=fe80::20c:29ff:fe77:20d4 srcintf="port3" dstip=ff02::1:ff77:20d4 dstintf="port3" sessionid=408903 proto=58 action=accept policyid=2 dstcountry="Reserved" srccountry="Reserved" trandisp=snat transip=:: transport=0 service="icmp6/131/0" duration=36 sentbyte=0 rcvdbyte=40 sentpkt=0 rcvdpkt=0 appid=16321 app="IPv6.ICMP" appcat="Network.Service" apprisk=elevated applist="sniffer-profile" appact=detected utmaction=allow countapp=1 +date=2015-08-11 time=19:19:43 devname=Nosey devid=FG800C3912801080 logid=0004000017 type=traffic subtype=sniffer level=notice vd=root srcip=x.x.x.x srcport=0 srcintf="port3" dstip=x.x.x.x dstport=0 dstintf="port3" sessionid=5026 proto=50 action=accept policyid=2 dstcountry="Reserved" srccountry="Reserved" trandisp=snat transip=x.x.x.x transport=0 service="esp" duration=33 sentbyte=0 rcvdbyte=204904 sentpkt=0 rcvdpkt=0 appid=16312 app="ESP.IP" appcat="Network.Service" apprisk=elevated applist="sniffer-profile" appact=detected utmaction=allow countapp=1 +date=2015-08-11 time=19:19:43 devname=Nosey devid=FG800C3912801080 logid=0004000017 type=traffic subtype=sniffer level=notice vd=root srcip=x.x.x.x srcport=9909 srcintf="port1" dstip=x.x.x.x dstport=20386 dstintf="port1" sessionid=305 proto=17 action=accept policyid=1 dstcountry="China" srccountry="United States" trandisp=snat transip=x.x.x.x transport=0 service="udp/20386" duration=58 sentbyte=7879 rcvdbyte=197537 sentpkt=0 rcvdpkt=0 appcat="unscanned" +date=2015-08-11 time=19:19:43 devname=Nosey devid=FG800C3912801080 logid=0004000017 type=traffic subtype=sniffer level=notice vd=root srcip=x.x.x.x srcport=62176 srcintf="port1" dstip=x.x.x.x dstport=1194 dstintf="port1" sessionid=3364 proto=17 action=accept policyid=1 dstcountry="Japan" srccountry="United States" trandisp=snat transip=x.x.x.x transport=0 service="udp/1194" duration=46 sentbyte=187792 rcvdbyte=17758 sentpkt=0 rcvdpkt=0 appcat="unscanned" devtype="Windows PC" osname="Windows" osversion="7" mastersrcmac=00:09:0f:97:ef:e4 srcmac=00:09:0f:97:ef:e4 +date=2015-08-11 time=19:19:43 devname=Nosey devid=FG800C3912801080 logid=0004000017 type=traffic subtype=sniffer level=notice vd=root srcip=x.x.x.x srcport=60832 srcintf="port1" dstip=x.x.x.x dstport=443 dstintf="port1" sessionid=12512 proto=17 action=accept policyid=1 dstcountry="United States" srccountry="United States" trandisp=snat transip=x.x.x.x transport=0 service="udp/443" duration=10 sentbyte=202281 rcvdbyte=3089 sentpkt=0 rcvdpkt=0 appcat="unscanned" devtype="Windows PC" osname="Windows" osversion="7" mastersrcmac=00:09:0f:97:ef:e4 srcmac=00:09:0f:97:ef:e4 diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_virus b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_virus new file mode 100644 index 00000000..e95f5ddb --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_virus @@ -0,0 +1,4 @@ +date=2015-08-11 time=19:21:02 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0201009233 type=utm subtype=virus level=notice vd=root msg="File submitted to Sandbox." action=analytics service=HTTP sessionid=1490839738 srcip=x.x.x.x dstip=x.x.x.x srcport=51211 dstport=80 srcintf="External-SDC" dstintf="DMZ" proto=6 direction=incoming filename="functions.js" quarskip=No-skip url="http://oa.fortinet.com/js/functions.js" profile="scan+sandbox" user="" agent="Mozilla/5.0" analyticscksum="0362a2dfabddf155aea6183c04ee7e00e5455d0560882d27b348b9ef1421ba53" analyticssubmit=true +date=2015-08-11 time=19:21:02 devname=Nosey devid=FG800C3912801080 logid=0201009233 type=utm subtype=virus eventtype=analytics level=notice vd="root" msg="File submitted to Sandbox." action=analytics service=HTTP sessionid=416045 srcip=x.x.x.x dstip=x.x.x.x srcport=63987 dstport=80 srcintf="port1" dstintf="port1" proto=6 direction=incoming quarskip=No-skip url="http://hq.sinajs.cn/?func=WidgetRecentZixuanInsert();&list=s_sh600030,s_sh601988,s_sh601766,s_sh600021,s_sh601989,s_sz002024,s_sz00016" profile="sniffer-profile" user="" agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" analyticscksum="a0eb116ee56af75852b7ce4e21da18fefe45586bf123fadde7298aaae4c356b1" analyticssubmit=true +date=2015-08-11 time=19:21:02 devname=Nosey devid=FG800C3912801080 logid=0201009233 type=utm subtype=virus eventtype=analytics level=notice vd="root" msg="File submitted to Sandbox." action=analytics service=HTTP sessionid=416043 srcip=x.x.x.x dstip=x.x.x.x srcport=63986 dstport=80 srcintf="port1" dstintf="port1" proto=6 direction=incoming filename="rn=1439346063419&list=s_sh000001,s_sz399001,s_sh000300,s_sz3994" quarskip=No-skip url="http://hq.sinajs.cn/rn=1439346063419&list=s_sh000001,s_sz399001,s_sh000300,s_sz399415,s_sz399006" profile="sniffer-profile" user="" agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" analyticscksum="ce441fbeb2b83ec1bccde14017c4012da52589fe61efcbfeeeecc0bea87089f0" analyticssubmit=true +date=2015-08-11 time=19:21:02 devname=Nosey devid=FG800C3912801080 logid=0201009233 type=utm subtype=virus eventtype=analytics level=notice vd="root" msg="File submitted to Sandbox." action=analytics service=HTTP sessionid=416042 srcip=x.x.x.x dstip=x.x.x.x srcport=63985 dstport=80 srcintf="port1" dstintf="port1" proto=6 direction=incoming filename="list=s_sh600146,s_sz000753" quarskip=No-skip url="http://hq.sinajs.cn/list=s_sh600146,s_sz000753" profile="sniffer-profile" user="" agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36" analyticscksum="301c8026a761ea7bc967db9f1f447b0f9ecc011d387866d0fc8eef83972e819e" analyticssubmit=true diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn new file mode 100644 index 00000000..7c14c176 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn @@ -0,0 +1,8 @@ +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037127 type=event subtype=vpn level=notice vd=root logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action=negotiate remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="dff154934f2418ec/e111711492ca17ca" user="richard_b" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="Richard_Basile_ph1" status=success init=local mode=xauth dir=outbound stage=1 role=initiator result=OK +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037127 type=event subtype=vpn level=notice vd=root logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action=negotiate remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="dff154934f2418ec/e111711492ca17ca" user="richard_b" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="Richard_Basile_ph1" status=success init=local mode=aggressive dir=inbound stage=2 role=initiator result=DONE +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037127 type=event subtype=vpn level=notice vd=root logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action=negotiate remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="dff154934f2418ec/e111711492ca17ca" user="richard_b" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="Richard_Basile_ph1" status=success init=remote mode=aggressive dir=inbound stage=2 role=responder result=DONE +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037127 type=event subtype=vpn level=notice vd=root logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action=negotiate remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="dff154934f2418ec/e111711492ca17ca" user="richard_b" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="Richard_Basile_ph1" status=success init=remote mode=aggressive dir=outbound stage=1 role=responder result=OK +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037134 type=event subtype=vpn level=notice vd=root logdesc="IPsec phase 1 SA deleted" msg="delete IPsec phase 1 SA" action=delete_phase1_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="ec919861a41622a3/e8c2a6a9eb4d7727" user="thor_e" group="N/A" xauthuser="tevenhouse" xauthgroup="N/A" assignip=N/A vpntunnel="Thor_Evenhouse_ph1" +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037121 type=event subtype=vpn level=error vd=root logdesc="Negotiate IPsec phase 1" msg="negotiate IPsec phase 1" action=negotiate remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="ec919861a41622a3/e8c2a6a9eb4d7727" user="thor_e" group="N/A" xauthuser="tevenhouse" xauthgroup="N/A" assignip=N/A vpntunnel="Thor_Evenhouse_ph1" status=failure result="XAUTH authentication failed" +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037134 type=event subtype=vpn level=notice vd=root logdesc="IPsec phase 1 SA deleted" msg="delete IPsec phase 1 SA" action=delete_phase1_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="ad4dba0c4669e0fd/572014b0c5fc7e70" user="andres_h" group="N/A" xauthuser="aherrera" xauthgroup="N/A" assignip=N/A vpntunnel="Andres_Herrera_ph1" +date=2015-08-11 time=19:22:15 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037121 type=event subtype=vpn level=error vd=root logdesc="Negotiate IPsec phase 1" msg="negotiate IPsec phase 1" action=negotiate remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="ad4dba0c4669e0fd/572014b0c5fc7e70" user="andres_h" group="N/A" xauthuser="aherrera" xauthgroup="N/A" assignip=N/A vpntunnel="Andres_Herrera_ph1" status=failure result="XAUTH authentication failed" diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_end b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_end new file mode 100644 index 00000000..58cdc1f8 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_end @@ -0,0 +1,5 @@ +date=2015-08-11 time=19:21:48 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037135 type=event subtype=vpn level=notice vd=root logdesc="IPsec phase 2 SA deleted" msg="delete IPsec phase 2 SA" action=delete_ipsec_sa remip=x.x.x.x locip=x.x.x.x remport=1024 locport=4500 outintf="port6" cookies="d3bb987a97b70dd9/bf23f465ba89f8a5" user="nathan_r" group="N/A" xauthuser="masohan" xauthgroup="UG_S2S_VPN" assignip=N/A vpntunnel="Nathan_Riehl-ph1_0" in_spi="17e66f2" out_spi="2e7d0e3d" +date=2015-08-11 time=19:21:27 clusterid=FGHA001500704701_CID logver=52 devname=FGT-FortiToken1 devid=FGHA001500704701_CID logid=0101039948 type=event subtype=vpn level=information vd=root logdesc="SSL VPN tunnel down" action="tunnel-down" tunneltype="ssl-tunnel" tunnelid=1709264498 remip=x.x.x.x tunnelip=x.x.x.x user="chrisnavarrete" group="UG_Dialup_VPN_2" dst_host="N/A" reason="N/A" duration=516 sentbyte=2666584 rcvdbyte=1375905 msg="SSL tunnel shutdown" +date=2015-08-11 time=19:21:20 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0101037135 type=event subtype=vpn level=notice vd=root logdesc="IPsec phase 2 SA deleted" msg="delete IPsec phase 2 SA" action=delete_ipsec_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="External-SDC" cookies="a89d6b3b8dd53bb8/a5c59764925b7d9d" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="Miami_ph1" in_spi="e2c9fd31" out_spi="e760bc42" +date=2015-08-11 time=19:20:30 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037135 type=event subtype=vpn level=notice vd=root logdesc="IPsec phase 2 SA deleted" msg="delete IPsec phase 2 SA" action=delete_ipsec_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="7967fecde2c3f0c5/c453c72aca6537ad" user="intruguard" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="Intruguard_ph1_0" in_spi="f35a6a5f" out_spi="2e7d0e3a" +date=2015-08-11 time=19:20:28 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0101037135 type=event subtype=vpn level=notice vd=root logdesc="IPsec phase 2 SA deleted" msg="delete IPsec phase 2 SA" action=delete_ipsec_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="External-SDC" cookies="42b66b99542b6bce/03b78c05252fc0a3" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="India_HTC_ph1" in_spi="c343b300" out_spi="e760bc41" diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_start b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_start new file mode 100644 index 00000000..e2840c19 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_vpn_start @@ -0,0 +1,5 @@ +date=2015-08-11 time=19:22:21 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037133 type=event subtype=vpn level=notice vd=root logdesc="IPsec SA installed" msg="install IPsec SA" action=install_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="e89a7cb47e1cebbf/2804eb970b646c7a" user="praveenl" group="N/A" xauthuser="plokesh" xauthgroup="UG_S2S_VPN" assignip=N/A vpntunnel="Praveen_Lokesh_ph1_0" role=responder in_spi="2e7d0e72" out_spi="091159af" +date=2015-08-11 time=19:22:18 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037133 type=event subtype=vpn level=notice vd=root logdesc="IPsec SA installed" msg="install IPsec SA" action=install_sa remip=x.x.x.x locip=x.x.x.x remport=4500 locport=4500 outintf="port6" cookies="c9b12b0b3f2afe2d/c26311f8fb3facf6" user="sai-raj" group="N/A" xauthuser="srajamahanthi" xauthgroup="UG_S2S_VPN" assignip=N/A vpntunnel="Sai_Rajamahanthi_ph1" role=responder in_spi="2e7d0e71" out_spi="c60b7fb2" +date=2015-08-11 time=19:22:14 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037133 type=event subtype=vpn level=notice vd=root logdesc="IPsec SA installed" msg="install IPsec SA" action=install_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="e89a7cb47e1cebbf/2804eb970b646c7a" user="praveenl" group="N/A" xauthuser="plokesh" xauthgroup="UG_S2S_VPN" assignip=N/A vpntunnel="Praveen_Lokesh_ph1_0" role=responder in_spi="2e7d0e70" out_spi="091159ae" +date=2015-08-11 time=19:21:40 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037133 type=event subtype=vpn level=notice vd=root logdesc="IPsec SA installed" msg="install IPsec SA" action=install_sa remip=x.x.x.x locip=x.x.x.x remport=500 locport=500 outintf="port6" cookies="e89a7cb47e1cebbf/2804eb970b646c7a" user="praveenl" group="N/A" xauthuser="plokesh" xauthgroup="UG_S2S_VPN" assignip=N/A vpntunnel="Praveen_Lokesh_ph1_0" role=responder in_spi="2e7d0e6f" out_spi="091159ad" +date=2015-08-11 time=19:21:27 clusterid=FGHA002020594551_CID logver=52 devname=US-Dialup1 devid=FGHA002020594551_CID logid=0101037133 type=event subtype=vpn level=notice vd=root logdesc="IPsec SA installed" msg="install IPsec SA" action=install_sa remip=x.x.x.x locip=x.x.x.x remport=1024 locport=4500 outintf="port6" cookies="d3bb987a97b70dd9/bf23f465ba89f8a5" user="nathan_r" group="N/A" xauthuser="masohan" xauthgroup="UG_S2S_VPN" assignip=N/A vpntunnel="Nathan_Riehl-ph1_0" role=responder in_spi="2e7d0e6e" out_spi="017e66f3 diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_webfilter b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_webfilter new file mode 100644 index 00000000..fadf974d --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/samples/sample.ftnt_fortigate_webfilter @@ -0,0 +1,5 @@ +date=2015-08-11 time=19:21:40 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd=root sessionid=1490844879 user="" srcip=x.x.x.x srcport=50367 srcintf="External-SDC" dstip=x.x.x.x dstport=443 dstintf="Internal" proto=6 service=HTTPS hostname="asset.myfortinet.com" profile="scan" action=passthrough reqtype=direct url="/" sentbyte=1418 rcvdbyte=507 direction=outgoing msg="URL belongs to an allowed category in policy" method=domain cat=52 catdesc="Information Technology" +date=2015-08-11 time=19:21:40 logver=52 devname=US-IDF175_1 devid=FG3K2C3Z13800741 logid=0315013317 type=utm subtype=webfilter eventtype=urlfilter level=notice vd=root sessionid=284520245 user="" srcip=x.x.x.x srcport=50175 srcintf="PC" dstip=x.x.x.x dstport=80 dstintf="External" proto=6 service=HTTP hostname="x.x.x.x" profile="scan" action=passthrough reqtype=direct url="/device/get/1.xml" sentbyte=169 rcvdbyte=809 direction=outgoing msg="URL has been visited" method=domain cat=0 +date=2015-08-11 time=19:21:40 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd=root sessionid=1490761283 user="" srcip=x.x.x.x srcport=53971 srcintf="Internal" dstip=192.168.10 dstport=80 dstintf="External-SDC" proto=6 service=HTTP hostname="ping.chartbeat.net" profile="scan" action=passthrough reqtype=referral url="/ping?h=fortune.com&p=%2F2014%2F10%2F27%2Fgoogle-rise-of-sundar-pichai%2F&u=C5sKcjDIa4ndN0LKa&d=fortune.com&g" sentbyte=603 rcvdbyte=213 direction=outgoing msg="URL belongs to an allowed category in policy" method=domain cat=52 catdesc="Information Technology" +date=2015-08-11 time=19:21:40 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd=root sessionid=1490842644 user="" srcip=x.x.x.x srcport=53988 srcintf="Internal" dstip=192.168.10 dstport=80 dstintf="External-SDC" proto=6 service=HTTP hostname="crl.microsoft.com" profile="scan" action=passthrough reqtype=direct url="/pki/crl/products/MicTimStaPCA_2010-07-01.crl" sentbyte=277 rcvdbyte=227 direction=outgoing msg="URL belongs to an allowed category in policy" method=domain cat=52 catdesc="Information Technology" +date=2015-08-11 time=19:21:40 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd=root sessionid=1490845588 user="" srcip=x.x.x.x srcport=53235 srcintf="Internal" dstip=x.x.x.x dstport=80 dstintf="External-SDC" proto=6 service=HTTP hostname="popo.wan.ijinshan.com" profile="scan" action=passthrough reqtype=direct url="/popo/launch?c=cHA9d29vZHMxOTgyQGhvdG1haWwuY29tJnV1aWQ9NDBiNDkyZDRmNzdhNjFmOTNlMjQwMjhiYjE3ZGRlYTYmY29tcGl" sentbyte=525 rcvdbyte=325 direction=outgoing msg="URL belongs to an allowed category in policy" method=domain cat=52 catdesc="Information Technology" diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/splunkbase.manifest b/deployment-apps/Splunk_TA_fortinet_fortigate/splunkbase.manifest new file mode 100644 index 00000000..5eea6518 --- /dev/null +++ b/deployment-apps/Splunk_TA_fortinet_fortigate/splunkbase.manifest @@ -0,0 +1,187 @@ +{ + "version": "1.0", + "date": "2023-03-27T17:52:08.507063439Z", + "hashAlgorithm": "SHA-256", + "app": { + "id": 2846, + "version": "1.6.7", + "files": [ + { + "path": "static/appIconAlt.png", + "hash": "afd0661f827ccaf16d7e486d0286304e2ce887706e82c29051fb861bf15adfcf" + }, + { + "path": "static/appIcon.png", + "hash": "afd0661f827ccaf16d7e486d0286304e2ce887706e82c29051fb861bf15adfcf" + }, + { + "path": "static/appIconAlt_2x.png", + "hash": "133e9a0aa2c545c102072ba8d6879509783688b213160c464aa4f0a72456e278" + }, + { + "path": "static/appIcon_2x.png", + "hash": "133e9a0aa2c545c102072ba8d6879509783688b213160c464aa4f0a72456e278" + }, + { + "path": "app.manifest", + "hash": "21e89063d76f943c3f8c40cab83fc37e769b48a59b1c8b2f7b21412d5b397b8f" + }, + { + "path": "README.txt", + "hash": "a5f41c5250ebd3fa4dc14347ed293785d150c9f87ecfa629642dfb7b8eedb07f" + }, + { + "path": "default/transforms.conf", + "hash": "881ddc1bdfb74597125ba7d4d5c72b524a2a5e2cfdb81c16403d8e61f5e2da72" + }, + { + "path": "default/tags.conf", + "hash": "12608b97b2ee5965405a5e07a4f71142353740e7d93a0d373d4f70795dc7ab78" + }, + { + "path": "default/app.conf", + "hash": "ddf6b4aabe0a21feaea9b71e7811b19f7b21a73db5d0bd349244878cc99b0c0b" + }, + { + "path": "default/props.conf", + "hash": "c9c0927ebc4e04828e491e502ff1bd9f479d9521fd7dbed144158e95d83449e0" + }, + { + "path": "default/data/ui/nav/default.xml", + "hash": "35a4889f9adb852e7c27447f3e0275bb42002038746cd7b2559e7d749e0c8540" + }, + { + "path": "default/macros.conf", + "hash": "3f7b94dc5c8331313d09596a1af93746e47df9fc480ab6d06f01983390795d20" + }, + { + "path": "default/eventtypes.conf", + "hash": "7923ecc31a479fee3e806ba044abd1410e915592a004f828f19c722ef18502d6" + }, + { + "path": "LICENSES/LicenseRef-Splunk-1-2020.txt", + "hash": "4890319bc6dddfcd1fb3e4dd6dc32205bce332924d5ac9e5032de1abc542acb7" + }, + { + "path": "VERSION", + "hash": "440031e799a6323ba88b40d71261399d1c65380c5b283810bdaf995b703fb499" + }, + { + "path": "lookups/ftnt_event_action_info.csv", + "hash": "99863b3b5c8ee2b486e25966b579387169a636f8d02ad489c3f53b48e529a480" + }, + { + "path": "lookups/ftnt_protocol_info.csv", + "hash": "316aa94b83e5dcd5c04ccf354784bf7ebff809a84806e3fd125714cff9f21b09" + }, + { + "path": "lookups/ftnt_action_info.csv", + "hash": "551b4866a00946b37bee18452679b57bca404cef1f181a09cd80f5c3aa67b0bd" + }, + { + "path": "lookups/ftnt_severity_info.csv", + "hash": "b04c5db17d2da9f2fa6fd38118594609f3dbbc769cc27722de0054df573cfa24" + }, + { + "path": "samples/sample.ftnt_fortigate_ips", + "hash": "b9ac036a0a3dd99a67be4b92166745887bb1b69b04338844c61b6c75c5f9c2d5" + }, + { + "path": "samples/sample.ftnt_fortigate_webfilter", + "hash": "7b3a897dada48fdf24285b5beff165d21d8ebd27156b2313d64ef9d918aec5c7" + }, + { + "path": "samples/sample.ftnt_fortigate_vpn", + "hash": "c571041509ca7e85ab5172549d1d23fb8b2651a006b067356be9733760117dc1" + }, + { + "path": "samples/sample.ftnt_fortigate_perf_stats", + "hash": "adedcf70d120d292dd367c7e93baa6be8cb45edbd27c1de82bf2237d8fc76566" + }, + { + "path": "samples/sample.ftnt_fortigate_virus", + "hash": "27d9385975cd881eeea0acae06858af00af0c008083e975907fcb5a453cc45df" + }, + { + "path": "samples/sample.ftnt_fortigate_config_change", + "hash": "bbf0fa5a49c1ab9f571140b8eba4dda8a5f9906d48d083fb40810203cb907b13" + }, + { + "path": "samples/sample.ftnt_fortigate_auth", + "hash": "4b5e4bb2e93ad9e2448e72a44b41d54c1f42dad8883858c06fa801e0d102a892" + }, + { + "path": "samples/sample.ftnt_fortigate_vpn_end", + "hash": "c31ef1db53c662ea02d96197749234239b058040990eee8fd22b87b9fe1f2370" + }, + { + "path": "samples/sample.ftnt_fortigate_traffic", + "hash": "45464bb1df5153a0b35af13431ff82071dcf496cb24d061701447d6f0d74829d" + }, + { + "path": "samples/sample.ftnt_fortigate_auth_priviledged", + "hash": "49a07c1d617e5339087129bdceee973cf3fd4072fc51b62fd317b6bc03f8e62b" + }, + { + "path": "samples/sample.ftnt_fortigate_vpn_start", + "hash": "2855172f693a9fecd6361f9181cd0c3883e38d2f96dbc20c1fba7b4ea83c2cfe" + }, + { + "path": "metadata/default.meta", + "hash": "66aa854b29dd6d888d93d9be91785866da8e7bf76f8ebae45d1852b884a8919c" + }, + { + "path": "EULA.pdf", + "hash": "4b74b5ff9abd03f8e464aea123a0c9584740a2854d1fde93da80dd0a0c81a605" + } + ] + }, + "products": [ + { + "platform": "splunk", + "product": "enterprise", + "versions": [ + "7.2", + "7.3", + "8.0", + "8.1", + "8.2", + "9.0" + ], + "architectures": [ + "x86_64" + ], + "operatingSystems": [ + "windows", + "linux", + "macos", + "freebsd", + "solaris", + "aix" + ] + }, + { + "platform": "splunk", + "product": "cloud", + "versions": [ + "7.2", + "7.3", + "8.0", + "8.1", + "8.2", + "9.0" + ], + "architectures": [ + "x86_64" + ], + "operatingSystems": [ + "windows", + "linux", + "macos", + "freebsd", + "solaris", + "aix" + ] + } + ] +} \ No newline at end of file diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/static/appIcon.png b/deployment-apps/Splunk_TA_fortinet_fortigate/static/appIcon.png new file mode 100644 index 0000000000000000000000000000000000000000..33ebf44efdcbf54da33c3512b7110b613a292434 GIT binary patch literal 1230 zcmeAS@N?(olHy`uVBq!ia0vp^Dj>|k1|%Oc%$NbBBuiW)N`mv#O3D+9QW+dm@{>{( zJaZG%Q-e|yQz{EjrrIztFlS_jM3hAM`dB6B=jtVb)aX^@765fKFxc2v6eK2Rr0UTq__OB&@Hb09I0xZL0)vRD^GUf^&XRs)DJWv2L<~p`n7AnVzAE zshOFfj)IYap^?4;5Si&3npl~dSs9rtK!Fm_wxX0Ys~{IQs9ivwtx`rwNr9EVetCJh zUb(Seeo?xx^|#0uTKVr7^KE~&-IMVSR9nfZANAQKal@=Hr> zm4GgVcpk{1iHq`zbF$JDTz5Q`N^fZsd*)yF1AWQ8NHOu6f0LF6Gu}w zV^c!|BLg!FLqiK^LlZYQR|`WkR}%{}XG@qFSoK=C7`Zx{JGvP;0(H8YSeh6aJG#2K zxtJPQxS5zb!t{FP6_+IDC8xsd%>>yC(QAoUua$FAYGO%#QAmD%4lD%(WaO9R7iZ)b zC^!e3DQNg6CTHe>1T;Yr1o5v+YEfocYKmJ?ey##Igsn2MxqzV0A$n8D2{nD7WAs7E z11Y({gn(%f#Dph)AP1g(QuBa$rU;lhzTaJU8JMyDc)B=-RNQ(q&5-MmgMjPg3EUo1 zYeo4JG`Y4}HuqZ2>`hRj|La$|u8O{Dmi1tmIw3w}@~Rm}p2&!_wmo1uG;Q^>nRDD9Pf(3-I*_!S z>G1@~K2{m|GLA?Mp^|0FVzW4eW^D@apAc~U__xz3IXZ6lH=WwPCS}pT&AvxH*Xjl< ziV79Jz5VO(t0mj4R!Vn2OSSke zv*&WQe6!?^hzXXn?-W+Oojd1>$Nwuw58hA|QdL>!6wk=U(C~TDjg1xZ{GbxX)78&q Iol`;+0RG0Af&c&j literal 0 HcmV?d00001 diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/static/appIconAlt.png b/deployment-apps/Splunk_TA_fortinet_fortigate/static/appIconAlt.png new file mode 100644 index 0000000000000000000000000000000000000000..33ebf44efdcbf54da33c3512b7110b613a292434 GIT binary patch literal 1230 zcmeAS@N?(olHy`uVBq!ia0vp^Dj>|k1|%Oc%$NbBBuiW)N`mv#O3D+9QW+dm@{>{( zJaZG%Q-e|yQz{EjrrIztFlS_jM3hAM`dB6B=jtVb)aX^@765fKFxc2v6eK2Rr0UTq__OB&@Hb09I0xZL0)vRD^GUf^&XRs)DJWv2L<~p`n7AnVzAE zshOFfj)IYap^?4;5Si&3npl~dSs9rtK!Fm_wxX0Ys~{IQs9ivwtx`rwNr9EVetCJh zUb(Seeo?xx^|#0uTKVr7^KE~&-IMVSR9nfZANAQKal@=Hr> zm4GgVcpk{1iHq`zbF$JDTz5Q`N^fZsd*)yF1AWQ8NHOu6f0LF6Gu}w zV^c!|BLg!FLqiK^LlZYQR|`WkR}%{}XG@qFSoK=C7`Zx{JGvP;0(H8YSeh6aJG#2K zxtJPQxS5zb!t{FP6_+IDC8xsd%>>yC(QAoUua$FAYGO%#QAmD%4lD%(WaO9R7iZ)b zC^!e3DQNg6CTHe>1T;Yr1o5v+YEfocYKmJ?ey##Igsn2MxqzV0A$n8D2{nD7WAs7E z11Y({gn(%f#Dph)AP1g(QuBa$rU;lhzTaJU8JMyDc)B=-RNQ(q&5-MmgMjPg3EUo1 zYeo4JG`Y4}HuqZ2>`hRj|La$|u8O{Dmi1tmIw3w}@~Rm}p2&!_wmo1uG;Q^>nRDD9Pf(3-I*_!S z>G1@~K2{m|GLA?Mp^|0FVzW4eW^D@apAc~U__xz3IXZ6lH=WwPCS}pT&AvxH*Xjl< ziV79Jz5VO(t0mj4R!Vn2OSSke zv*&WQe6!?^hzXXn?-W+Oojd1>$Nwuw58hA|QdL>!6wk=U(C~TDjg1xZ{GbxX)78&q Iol`;+0RG0Af&c&j literal 0 HcmV?d00001 diff --git a/deployment-apps/Splunk_TA_fortinet_fortigate/static/appIconAlt_2x.png b/deployment-apps/Splunk_TA_fortinet_fortigate/static/appIconAlt_2x.png new file mode 100644 index 0000000000000000000000000000000000000000..5953e47f1fda8c1f2c074344e88798cf3dd9e26b GIT binary patch literal 1536 zcmeAS@N?(olHy`uVBq!ia0vp^9w5xY1|&n@ZgvM!k|nMYCBgY=CFO}lsSJ)O`AMk? zp1FzXsX?iUDV2pMQ*9U+m@_g%B1$5BeXNr6bM+EIYV;~{3xK*A7;Nk-3KEmEQ%e+* zQqwc@Y?a>c-mj#PnPRIHZt82`Ti~3Uk?B!Ylp0*+7m{3+ootz+WN)WnQ(*-(AUCxn zQK2F?C$HG5!d3}vt`(3C64qBz04piUwpD^SD#ABF!8yMuRl!uxSU1_g&``n5OwZ87 z)XdCKN5ROz&`93^h|F{iO{`4Ktc=VRpg;*|TTx1yRgjAt)Gi>;Rw<*Tq`*pFzr4I$ zuiRKKzbIYb(9+TpWQLKEE>MMTab;dfVufyAu`kBtHuNWFoz#!AFNG#Ad)HBe}%?0@jth%@)C>7xhtg4GcDhpEegHnt0 zON)|$@sXws(+mtd{1$-}0$pR}Uz7=ql*AmD{N&Qy)VvZ;7h5Huj9yA+ij}L8iKD5T zv8kbfk%5_op`nGdp^2NDtA(MNtBHk~vn9+7Y=ajEo&! zUEEwu4J_PDOdVl*J@bl767!N%VfJPM?S<+!!mHQHxhOTUB)=#mKR*YS0s=DfOY(~| z@(UE4gUu8)d=ry1^FRWcpa_Ea*Cn+mvn(~mttdZN0UW|snOIyv*yj+vDddEjKF~4x zpyYv+Twp@LGzenC6F-mx&pxSnz&uj~%p5OXnp-e1FzI=^IEGZ*dNXIQ7qg>CYx*Ov z5Eo{%MG2~QE?p~n%eWT#FGzY?{Dg503wN%rj;P`_%^cDC4I4XreL^P8Sg_&V>vLXa zCtWt(j5VHJ{9wX_B=yf{=UUs(?A($Y?NFuKz|g?J0Y)0@HpMMrVRZ?xXfS$`Tr@SO z{DoWZ?+Ul&sT}g>SFEy1D-lT9`E#@5C%MYy+#fcvF1X$x9iGMT^Qv9t^glQGE^z#8 z*(38|y8o(cuTmY>6n~Q1x#)FLJL7@OrLz<@+h5l$Iqf+63Gb5Bjq4&Rc13jkahUhw z;fMZBJwlb!J};AYjAlI4**xRuHfcxZFTXtInJp<@to69l=CI%v34=L1GP>rZId~^5 zyvoJw)!ZDGdCoEaOWK(Ye*{7$-**Z;IO4f@+A`Hc6HGSp&-8Qb+7UTQpQRMc`vgqJk4Y3oEEN9nm>gs%M#O*Jo?=pL}W37;5<)=LX+v{FUmx@2Mb9sTR zQ@09lr_4OzbzQr(1ADVKDpfYl;ok8;k@>-skh|UWx?%HMi+9Y)-*e}ic-mj#PnPRIHZt82`Ti~3Uk?B!Ylp0*+7m{3+ootz+WN)WnQ(*-(AUCxn zQK2F?C$HG5!d3}vt`(3C64qBz04piUwpD^SD#ABF!8yMuRl!uxSU1_g&``n5OwZ87 z)XdCKN5ROz&`93^h|F{iO{`4Ktc=VRpg;*|TTx1yRgjAt)Gi>;Rw<*Tq`*pFzr4I$ zuiRKKzbIYb(9+TpWQLKEE>MMTab;dfVufyAu`kBtHuNWFoz#!AFNG#Ad)HBe}%?0@jth%@)C>7xhtg4GcDhpEegHnt0 zON)|$@sXws(+mtd{1$-}0$pR}Uz7=ql*AmD{N&Qy)VvZ;7h5Huj9yA+ij}L8iKD5T zv8kbfk%5_op`nGdp^2NDtA(MNtBHk~vn9+7Y=ajEo&! zUEEwu4J_PDOdVl*J@bl767!N%VfJPM?S<+!!mHQHxhOTUB)=#mKR*YS0s=DfOY(~| z@(UE4gUu8)d=ry1^FRWcpa_Ea*Cn+mvn(~mttdZN0UW|snOIyv*yj+vDddEjKF~4x zpyYv+Twp@LGzenC6F-mx&pxSnz&uj~%p5OXnp-e1FzI=^IEGZ*dNXIQ7qg>CYx*Ov z5Eo{%MG2~QE?p~n%eWT#FGzY?{Dg503wN%rj;P`_%^cDC4I4XreL^P8Sg_&V>vLXa zCtWt(j5VHJ{9wX_B=yf{=UUs(?A($Y?NFuKz|g?J0Y)0@HpMMrVRZ?xXfS$`Tr@SO z{DoWZ?+Ul&sT}g>SFEy1D-lT9`E#@5C%MYy+#fcvF1X$x9iGMT^Qv9t^glQGE^z#8 z*(38|y8o(cuTmY>6n~Q1x#)FLJL7@OrLz<@+h5l$Iqf+63Gb5Bjq4&Rc13jkahUhw z;fMZBJwlb!J};AYjAlI4**xRuHfcxZFTXtInJp<@to69l=CI%v34=L1GP>rZId~^5 zyvoJw)!ZDGdCoEaOWK(Ye*{7$-**Z;IO4f@+A`Hc6HGSp&-8Qb+7UTQpQRMc`vgqJk4Y3oEEN9nm>gs%M#O*Jo?=pL}W37;5<)=LX+v{FUmx@2Mb9sTR zQ@09lr_4OzbzQr(1ADVKDpfYl;ok8;k@>-skh|UWx?%HMi+9Y)-*e}i