From 7a9708db2915d2f5460e01b9a77eb5c7c36bc9bc Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Sun, 23 Jun 2024 02:27:15 -0400 Subject: [PATCH 01/13] Rename Zabbix admin SOP to Zabbix admin SOP From c45d56e6ec47fdd3be8eae64362b0e3d4930e9e0 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Sun, 23 Jun 2024 11:01:08 -0400 Subject: [PATCH 02/13] Update SOC Sop --- SOC Sop | 1 + 1 file changed, 1 insertion(+) diff --git a/SOC Sop b/SOC Sop index 170c709..1a4f46d 100644 --- a/SOC Sop +++ b/SOC Sop @@ -59,6 +59,7 @@ Daily Tasks Investigate and address any critical alerts. Confirm all monitoring agents are reporting correctly. + Weekly Tasks FTK and Autopsy (Forensics) From eab196c45daab3b6e2d381a5385bb1633ab8afe4 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Wed, 11 Sep 2024 18:24:42 -0400 Subject: [PATCH 03/13] Create Kape SOP --- Kape SOP | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 Kape SOP diff --git a/Kape SOP b/Kape SOP new file mode 100644 index 0000000..b4afc40 --- /dev/null +++ b/Kape SOP @@ -0,0 +1,78 @@ +KAPE (Kroll Artifact Parser and Extractor) is a forensic tool used to quickly collect and process forensic artifacts from a system, making it a powerful tool for incident response and digital forensics. Here's how you can use KAPE to collect and parse data: + +### Steps to Use KAPE: + +#### 1. **Download KAPE** + You can download KAPE from [its official GitHub page](https://github.com/EricZimmerman/KapeFiles). Extract the downloaded zip file to a directory on your system. + +#### 2. **Run KAPE from the Command Line** + Open a **Command Prompt** or **PowerShell** window with **administrator privileges**, and navigate to the directory where you extracted KAPE. + +#### 3. **Understanding KAPE Components** + - **Targets**: These specify what forensic data you want to collect (e.g., event logs, registry files, browser history). + - **Modules**: After collection, modules can be used to parse the collected data into readable formats (e.g., CSV). + + KAPE can be run in two modes: + - **Target Mode** (`kape.exe --t`) – For collecting data (artifacts). + - **Module Mode** (`kape.exe --m`) – For processing or parsing collected data. + +#### 4. **Running KAPE in Target Mode (Collecting Data)** + + Here's an example command to run KAPE to collect specific data: + + ```cmd + kape.exe --tsource C: --tdest D:\KAPE_Output --target WindowsEventLogs --vhd + ``` + + Explanation: + - `--tsource C:`: This specifies the source drive from which to collect data (in this case, the `C:` drive). + - `--tdest D:\KAPE_Output`: This is the directory where the collected data will be saved. + - `--target WindowsEventLogs`: Specifies the specific target to collect, such as Windows Event Logs. + - `--vhd`: Optional switch that tells KAPE to create a VHD (Virtual Hard Disk) file with the collected data. + + **Note:** Targets are pre-defined in the `Targets` folder of the KAPE directory. You can view available targets by listing the contents of this folder. + +#### 5. **Running KAPE in Module Mode (Processing Data)** + + After collecting the data, you can use KAPE modules to parse the collected data into a readable format: + + ```cmd + kape.exe --msource D:\KAPE_Output --mdest D:\KAPE_Parsed --module EventLogs --vhd + ``` + + Explanation: + - `--msource D:\KAPE_Output`: This specifies the location of the collected data from the previous step. + - `--mdest D:\KAPE_Parsed`: This is the directory where the parsed data will be saved. + - `--module EventLogs`: This specifies the module to process the event log data collected. + - `--vhd`: Optional switch to create a VHD file with the processed data. + + Modules are pre-defined in the `Modules` folder of the KAPE directory. You can view available modules by listing the contents of this folder. + +#### 6. **Combining Target and Module Mode in One Command** + You can run both modes (target and module) in a single command for efficiency: + + ```cmd + kape.exe --tsource C: --tdest D:\KAPE_Output --target WindowsEventLogs --msource D:\KAPE_Output --mdest D:\KAPE_Parsed --module EventLogs --vhd + ``` + +#### 7. **Reviewing the Output** + Once KAPE finishes its collection and processing, you can review the collected and parsed data from the destination folders (`--tdest` and `--mdest`). The data will typically be in formats like CSV or other readable formats for analysis. + +### Commonly Used Targets and Modules +- **Common Targets**: + - `WindowsEventLogs`: Collects Windows event logs. + - `Registry`: Collects Windows registry hives. + - `UserProfile`: Collects user profile information. + - `BrowserHistory`: Collects browser history. + +- **Common Modules**: + - `EventLogs`: Parses Windows Event Logs. + - `RegistryExplorer`: Parses registry hives. + - `BrowserHistory`: Parses browser history. + +### KAPE Best Practices: +- Always **test KAPE** on a non-production environment before using it on live systems. +- **Read KAPE documentation** to fully understand each target and module and how they can be customized for specific investigations. +- Keep KAPE up to date by regularly checking the GitHub repository for new targets and modules. + +By following these steps, you can quickly gather and process forensic data from a Windows system using KAPE. From e024d18624312051e5fb614640f206df052b5cd4 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Wed, 11 Sep 2024 18:27:58 -0400 Subject: [PATCH 04/13] Create Endgame SOP --- Endgame SOP | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 Endgame SOP diff --git a/Endgame SOP b/Endgame SOP new file mode 100644 index 0000000..993e1c8 --- /dev/null +++ b/Endgame SOP @@ -0,0 +1,76 @@ +**Endgame** is an endpoint detection and response (EDR) platform that provides advanced protection against various threats, including malware, ransomware, and advanced persistent threats (APTs). Endgame's platform is widely used in cybersecurity for threat hunting, detection, and incident response. + +Here’s a basic guide on how to use Endgame for endpoint detection and response: + +### 1. **Install and Configure Endgame** + - **Agent Deployment**: The first step is deploying the Endgame agent on the endpoints (desktops, laptops, servers) you want to monitor. This can be done manually or through automated software deployment tools, depending on your environment. + - **Policy Configuration**: After installing the agent, configure policies on the Endgame console to define what the agent should monitor and how it should respond to potential threats. You can set rules for malware detection, process monitoring, network traffic analysis, and more. + +### 2. **Access the Endgame Console** + Once you have the Endgame agent installed on endpoints, you’ll need to access the **Endgame Console**, which serves as the command center for managing endpoints, viewing alerts, and performing threat hunting and incident response. + + - **Dashboard**: The console's dashboard provides an overview of the health of your network, including metrics like active threats, agents status, and current alerts. + - **Real-Time Alerts**: View real-time alerts on detected threats. Each alert provides detailed information about the nature of the threat, affected systems, and severity levels. + +### 3. **Threat Detection** + - **Automated Detection**: Endgame uses machine learning and behavioral analysis to automatically detect threats in real time. This includes the detection of known malware, zero-day exploits, and suspicious behaviors. + - **MITRE ATT&CK**: Endgame maps detections to the MITRE ATT&CK framework, which allows you to see how detected threats fit into known adversary tactics and techniques. + +### 4. **Threat Hunting** + Endgame allows you to proactively hunt for threats using a query-based approach. Threat hunting can be done through **Endgame’s Artemis**, an agent command-line interface used to query endpoints for suspicious activity. + + - **Search for Indicators of Compromise (IOCs)**: You can hunt for specific IOCs, such as malicious file hashes, IP addresses, or domain names, across your endpoints. + - **Behavioral Hunting**: Endgame provides predefined queries based on common attack techniques, or you can create custom queries using YARA rules or other formats to look for specific behaviors across your endpoints. + + Example of hunting for a file hash: + ```bash + hunt file.hash == "malicious-hash-value" + ``` + + Example of querying a process: + ```bash + hunt process.name == "suspicious-process.exe" + ``` + +### 5. **Incident Response** + When a threat is detected, Endgame provides various incident response capabilities: + + - **Containment**: Isolate infected or compromised machines from the network to prevent further spread. + - **Remediation**: Automatically or manually remove malicious files or processes from affected endpoints. + - **Forensic Investigation**: Gather forensic data such as running processes, network connections, file system changes, and memory dumps to understand the scope of the attack and how it happened. + +### 6. **Machine Learning Models** + Endgame uses machine learning models for threat detection. These models are designed to detect anomalies, malicious patterns, and behaviors that are indicators of compromise. The models run directly on the endpoint, minimizing network traffic and latency. + + - **Pre-Execution Detection**: Identifies threats before they execute on the system. + - **In-Execution Detection**: Monitors and stops threats while they are executing by analyzing behavior in real-time. + - **Post-Execution Analysis**: Analyzes system changes and file modifications to detect if a threat has compromised the system. + +### 7. **Integrations and API** + Endgame integrates with other security tools and systems, including SIEMs (Security Information and Event Management), orchestration platforms, and external threat intelligence feeds. You can use the API for custom integrations and to automate responses. + + - **API Access**: Use the Endgame API to automate hunting, remediation, or reporting. You can script tasks like running queries across multiple endpoints or exporting data. + +### 8. **Response Actions** + Endgame offers a range of response actions you can perform directly from the console: + - **Quarantine**: Quarantine files or processes to stop their execution. + - **Terminate Process**: End malicious processes that are running on an endpoint. + - **Delete File**: Remove malware or suspicious files from the system. + - **Reboot Machine**: Trigger a system reboot if necessary to complete remediation actions. + +### 9. **Monitor and Analyze Data** + You can monitor your network’s security posture through the **Endgame Dashboard** and detailed **reports**: + - **Alerts**: View detailed information about each alert, including affected endpoints, threat level, and recommended actions. + - **Endpoint Status**: Check the status of all agents across your network. Ensure that they are up-to-date and properly configured. + +### 10. **Updates and Maintenance** + Keep the Endgame platform and its agents updated to ensure that the latest security patches, signatures, and machine learning models are in use. Endgame provides regular updates that help keep your environment secure. + +### Summary of Key Features in Endgame: +- **Threat Detection**: Real-time detection using machine learning, behavioral analysis, and traditional signatures. +- **Threat Hunting**: Proactive querying and searching for IOCs and suspicious behaviors. +- **Incident Response**: Contain, remediate, and investigate threats with powerful response tools. +- **Integration**: Connect with SIEMs, orchestration platforms, and custom APIs. +- **Reports and Dashboards**: Get comprehensive insights into your security posture. + +Endgame is designed for both automated threat detection and active threat hunting, making it a versatile tool for both incident response and long-term endpoint protection. From 1870d5b732a7b471d5c9d16a1c92817c22abfe0c Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:22:09 -0400 Subject: [PATCH 05/13] Create CRIBL INSTALL SOP --- CRIBL INSTALL SOP | 182 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 CRIBL INSTALL SOP diff --git a/CRIBL INSTALL SOP b/CRIBL INSTALL SOP new file mode 100644 index 0000000..d3c0f0b --- /dev/null +++ b/CRIBL INSTALL SOP @@ -0,0 +1,182 @@ +Standard Operating Procedure (SOP) for installing CRIBL, a leading data pipeline platform for managing and processing observability data: + +--- + +### **Standard Operating Procedure for Installing CRIBL** + +**Document Title:** Installation of CRIBL +**Date:** [Insert Date] +**Author:** [Your Name / Department] +**Version:** 1.0 +**Review Date:** [Insert Date] + +--- + +### **1. Purpose** +This SOP outlines the steps required to install CRIBL on a Linux server, ensuring the correct configuration of system requirements and software components for a successful installation. + +### **2. Scope** +This procedure applies to system administrators or engineers responsible for deploying CRIBL in a production or non-production environment. + +### **3. Prerequisites** + +- A Linux-based server (RHEL/CentOS/Ubuntu/Debian or similar) with root access. +- Minimum hardware requirements: + - CPU: 4 cores + - RAM: 16 GB + - Disk space: 100 GB available storage +- Internet access to download installation files. +- Python 3.x installed on the server. +- Ports 9000 and 10080 open for CRIBL communication. +- SSH access to the server. + +### **4. Tools & Materials** + +- Access to the CRIBL download URL or package. +- A terminal or SSH client (e.g., PuTTY). +- Text editor (e.g., nano, vim, or vi) for configuration files. + +### **5. Installation Procedure** + +#### **5.1 Prepare the Server Environment** +1. **Update the System Packages** + ```bash + sudo apt-get update # For Ubuntu/Debian systems + sudo yum update # For CentOS/RHEL systems + ``` + +2. **Install Required Dependencies** + Ensure the following packages are installed: + ```bash + sudo apt-get install -y curl tar sudo vim wget # Ubuntu/Debian + sudo yum install -y curl tar sudo vim wget # CentOS/RHEL + ``` + +3. **Set up Python 3.x (if not installed)** + ```bash + sudo apt-get install python3 # Ubuntu/Debian + sudo yum install python3 # CentOS/RHEL + ``` + +#### **5.2 Download and Install CRIBL** +1. **Download the Latest CRIBL Package** + Visit the official CRIBL website and download the latest version: + ```bash + wget https://cdn.cribl.io/dl/latest/cribl-linux-x64.tgz + ``` + +2. **Extract the Package** + ```bash + tar -xvzf cribl-linux-x64.tgz + ``` + +3. **Move CRIBL to the Appropriate Directory** + Move the extracted files to `/opt`: + ```bash + sudo mv cribl /opt/cribl + ``` + +4. **Set Up Directory Permissions** + Ensure correct ownership and permissions: + ```bash + sudo chown -R $(whoami):$(whoami) /opt/cribl + ``` + +5. **Create a Symbolic Link (Optional)** + For easier access to the CRIBL binary: + ```bash + sudo ln -s /opt/cribl/bin/cribl /usr/local/bin/cribl + ``` + +#### **5.3 Configure CRIBL** +1. **Initialize CRIBL** + Navigate to the CRIBL directory and run the initial setup: + ```bash + cd /opt/cribl/bin + ./cribl start + ``` + +2. **Access CRIBL Web UI** + After CRIBL starts, access the web interface by opening a browser and navigating to: + ``` + http://:9000 + ``` + +3. **Configure the System Settings** + Follow the guided instructions in the CRIBL Web UI to configure your instance, including: + - Admin credentials + - License information + - Data pipeline settings + +#### **5.4 Set Up CRIBL as a System Service** +1. **Create a CRIBL Service File** + Create a service file to run CRIBL as a background service: + ```bash + sudo nano /etc/systemd/system/cribl.service + ``` + + Add the following content: + ```ini + [Unit] + Description=CRIBL Log Data Pipeline + After=network.target + + [Service] + ExecStart=/opt/cribl/bin/cribl start + ExecStop=/opt/cribl/bin/cribl stop + Restart=on-failure + User=root + WorkingDirectory=/opt/cribl + LimitNOFILE=65536 + + [Install] + WantedBy=multi-user.target + ``` + +2. **Reload the Systemd Daemon** + ```bash + sudo systemctl daemon-reload + ``` + +3. **Enable and Start the CRIBL Service** + Enable CRIBL to start at boot and start the service: + ```bash + sudo systemctl enable cribl + sudo systemctl start cribl + ``` + +4. **Check CRIBL Service Status** + Verify that the service is running: + ```bash + sudo systemctl status cribl + ``` + +### **6. Verification** +- Open the CRIBL Web UI by visiting `http://:9000`. +- Confirm that the CRIBL service is running correctly. +- Review CRIBL logs for any potential errors: + ```bash + tail -f /opt/cribl/log/cribl.log + ``` + +### **7. Troubleshooting** +- If CRIBL fails to start, check the system logs for errors: + ```bash + sudo journalctl -xe | grep cribl + ``` +- Ensure all dependencies are installed and correct permissions are applied. + +### **8. Maintenance** +- To stop or restart CRIBL, use: + ```bash + sudo systemctl stop cribl + sudo systemctl restart cribl + ``` + +--- + +**End of SOP** + +--- + +This SOP ensures a structured and secure installation of CRIBL on a Linux server. From fdef0537ef91615289ad68153375f8af937ee1dd Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:29:09 -0400 Subject: [PATCH 06/13] Create Cribl SOP --- Cribl SOP | 182 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 Cribl SOP diff --git a/Cribl SOP b/Cribl SOP new file mode 100644 index 0000000..33c274f --- /dev/null +++ b/Cribl SOP @@ -0,0 +1,182 @@ +Here's a Standard Operating Procedure (SOP) for installing CRIBL, a leading data pipeline platform for managing and processing observability data: + +--- + +### **Standard Operating Procedure for Installing CRIBL** + +**Document Title:** Installation of CRIBL +**Date:** [Insert Date] +**Author:** [Your Name / Department] +**Version:** 1.0 +**Review Date:** [Insert Date] + +--- + +### **1. Purpose** +This SOP outlines the steps required to install CRIBL on a Linux server, ensuring the correct configuration of system requirements and software components for a successful installation. + +### **2. Scope** +This procedure applies to system administrators or engineers responsible for deploying CRIBL in a production or non-production environment. + +### **3. Prerequisites** + +- A Linux-based server (RHEL/CentOS/Ubuntu/Debian or similar) with root access. +- Minimum hardware requirements: + - CPU: 4 cores + - RAM: 16 GB + - Disk space: 100 GB available storage +- Internet access to download installation files. +- Python 3.x installed on the server. +- Ports 9000 and 10080 open for CRIBL communication. +- SSH access to the server. + +### **4. Tools & Materials** + +- Access to the CRIBL download URL or package. +- A terminal or SSH client (e.g., PuTTY). +- Text editor (e.g., nano, vim, or vi) for configuration files. + +### **5. Installation Procedure** + +#### **5.1 Prepare the Server Environment** +1. **Update the System Packages** + ```bash + sudo apt-get update # For Ubuntu/Debian systems + sudo yum update # For CentOS/RHEL systems + ``` + +2. **Install Required Dependencies** + Ensure the following packages are installed: + ```bash + sudo apt-get install -y curl tar sudo vim wget # Ubuntu/Debian + sudo yum install -y curl tar sudo vim wget # CentOS/RHEL + ``` + +3. **Set up Python 3.x (if not installed)** + ```bash + sudo apt-get install python3 # Ubuntu/Debian + sudo yum install python3 # CentOS/RHEL + ``` + +#### **5.2 Download and Install CRIBL** +1. **Download the Latest CRIBL Package** + Visit the official CRIBL website and download the latest version: + ```bash + wget https://cdn.cribl.io/dl/latest/cribl-linux-x64.tgz + ``` + +2. **Extract the Package** + ```bash + tar -xvzf cribl-linux-x64.tgz + ``` + +3. **Move CRIBL to the Appropriate Directory** + Move the extracted files to `/opt`: + ```bash + sudo mv cribl /opt/cribl + ``` + +4. **Set Up Directory Permissions** + Ensure correct ownership and permissions: + ```bash + sudo chown -R $(whoami):$(whoami) /opt/cribl + ``` + +5. **Create a Symbolic Link (Optional)** + For easier access to the CRIBL binary: + ```bash + sudo ln -s /opt/cribl/bin/cribl /usr/local/bin/cribl + ``` + +#### **5.3 Configure CRIBL** +1. **Initialize CRIBL** + Navigate to the CRIBL directory and run the initial setup: + ```bash + cd /opt/cribl/bin + ./cribl start + ``` + +2. **Access CRIBL Web UI** + After CRIBL starts, access the web interface by opening a browser and navigating to: + ``` + http://:9000 + ``` + +3. **Configure the System Settings** + Follow the guided instructions in the CRIBL Web UI to configure your instance, including: + - Admin credentials + - License information + - Data pipeline settings + +#### **5.4 Set Up CRIBL as a System Service** +1. **Create a CRIBL Service File** + Create a service file to run CRIBL as a background service: + ```bash + sudo nano /etc/systemd/system/cribl.service + ``` + + Add the following content: + ```ini + [Unit] + Description=CRIBL Log Data Pipeline + After=network.target + + [Service] + ExecStart=/opt/cribl/bin/cribl start + ExecStop=/opt/cribl/bin/cribl stop + Restart=on-failure + User=root + WorkingDirectory=/opt/cribl + LimitNOFILE=65536 + + [Install] + WantedBy=multi-user.target + ``` + +2. **Reload the Systemd Daemon** + ```bash + sudo systemctl daemon-reload + ``` + +3. **Enable and Start the CRIBL Service** + Enable CRIBL to start at boot and start the service: + ```bash + sudo systemctl enable cribl + sudo systemctl start cribl + ``` + +4. **Check CRIBL Service Status** + Verify that the service is running: + ```bash + sudo systemctl status cribl + ``` + +### **6. Verification** +- Open the CRIBL Web UI by visiting `http://:9000`. +- Confirm that the CRIBL service is running correctly. +- Review CRIBL logs for any potential errors: + ```bash + tail -f /opt/cribl/log/cribl.log + ``` + +### **7. Troubleshooting** +- If CRIBL fails to start, check the system logs for errors: + ```bash + sudo journalctl -xe | grep cribl + ``` +- Ensure all dependencies are installed and correct permissions are applied. + +### **8. Maintenance** +- To stop or restart CRIBL, use: + ```bash + sudo systemctl stop cribl + sudo systemctl restart cribl + ``` + +--- + +**End of SOP** + +--- + +This SOP ensures a structured and secure installation of CRIBL on a Linux server. From 8193bbfe2bd8101097df91658b46029be630bdc8 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Thu, 3 Oct 2024 13:10:33 -0400 Subject: [PATCH 07/13] Create Records Management SOP --- Records Management SOP | 137 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 Records Management SOP diff --git a/Records Management SOP b/Records Management SOP new file mode 100644 index 0000000..8fef4df --- /dev/null +++ b/Records Management SOP @@ -0,0 +1,137 @@ +IT/OT Infrastructure Records Management Plan + +Purpose: The purpose of this Records Management Plan (RMP) is to establish the framework for managing records related to the Information Technology (IT) and Operational Technology (OT) infrastructure of the organization. This plan ensures that records are created, maintained, used, and disposed of in compliance with legal, regulatory, and business requirements. The plan also facilitates operational efficiency, improves accountability, and ensures data integrity within the IT/OT ecosystem. + +1. Scope and Objectives + +This RMP applies to all records generated, received, or maintained by the IT/OT department. It covers both electronic and physical records, focusing on critical operational, compliance, and legal documents related to the IT/OT infrastructure. The main objectives of the plan are to: + +Ensure the proper creation, classification, storage, and retrieval of IT/OT records. +Comply with industry regulations and standards (e.g., ISO 27001, NIST, GDPR, SOX, HIPAA). +Protect sensitive records from unauthorized access, loss, or destruction. +Support the organization’s ability to audit, monitor, and ensure accountability. +Facilitate disaster recovery and business continuity through proper records management. +2. Record Types + +Records within the IT/OT infrastructure are categorized based on function, system, and criticality. The following are the primary categories of records to be managed: + +A. Administrative Records + +IT/OT Policies, Procedures, and Guidelines +Change Management Logs +Service Level Agreements (SLAs) with third-party vendors +Disaster Recovery and Business Continuity Plans +IT/OT Incident Response Plans +B. System and Network Configuration Records + +Network Diagrams and Topology Maps +Server, Router, and Switch Configuration Files +Firewall Rules and Configuration Logs +VPN Setup Records +Access Control Lists (ACLs) for Network Devices +Firmware, Patch, and Update Logs for IT/OT Devices +C. Security and Compliance Records + +Security Policies and Risk Assessments +Audit Logs (User Activity, Firewall, System Access) +Vulnerability Scanning and Penetration Testing Reports +Incident Response Logs and Security Event Summaries +Encryption and Key Management Logs +Regulatory Compliance Records (GDPR, HIPAA, SOX) +D. Operations and Maintenance Records + +OT System Maintenance Logs (PLC, SCADA, DCS) +IT Infrastructure Maintenance Logs (Servers, Network Devices) +System Uptime/Downtime Logs and Performance Reports +IT/OT Integration and Synchronization Reports +Monitoring System Alerts and Reports +Equipment Calibration and Certification Logs +E. Software and Application Records + +Software Licenses and Renewal Documentation +Application Configuration Files +Backup and Recovery Logs +Software Patch and Update Logs +API Documentation and Integration Records +Custom Application Source Code Management +F. User and Access Records + +User Access Requests and Approval Forms +Role-Based Access Control (RBAC) Logs +Privileged Access Management (PAM) Logs +Remote Access Logs for IT/OT Systems +User Creation, Modification, and Deletion Records +G. Incident Management and Troubleshooting Records + +Incident and Event Tickets (Help Desk, Security, System Failures) +Root Cause Analysis Reports +Problem Resolution Logs +Troubleshooting and Repair Documentation +Communication Records During Major IT/OT Incidents +3. Record Classification + +Records are classified based on their importance and sensitivity. The classification tiers are: + +Critical: These records are crucial for regulatory compliance, legal discovery, or system recovery (e.g., security logs, network configurations). +Operational: Required for the day-to-day functioning of IT/OT systems (e.g., performance reports, maintenance logs). +Administrative: Necessary for governance and decision-making processes (e.g., policies, procedures). +Historical: Records of significant past events or configurations that are maintained for reference or legal reasons (e.g., past audits, decommissioned systems). +4. Retention Schedule + +Retention periods for each type of record must align with organizational policy, legal requirements, and industry standards. Below is a sample retention schedule: + +Record Type Retention Period Reason +Policies, Procedures, SLAs Until Superseded + 5 Years Governance, Compliance +Security Logs (Audit, Firewall, Access) 1 Year (Critical Logs: 5 Years) Regulatory (e.g., SOX, NIST) +Network Diagrams and Configurations Until Decommissioned + 5 Years Operational Integrity +Incident Response and Event Logs 3–5 Years Compliance, Forensic Analysis +Maintenance and Performance Logs 3 Years Operational Tracking +Backup and Recovery Logs 6 Months – 1 Year Operational Requirements +Vendor Contracts, SLAs Contract Expiry + 6 Years Legal and Financial Protection +User Access Records 3–5 Years Security, Compliance +Software Licenses Life of Software + 3 Years Compliance, License Audits +5. Access and Security Controls + +To ensure the confidentiality, integrity, and availability of IT/OT records, the following access controls and security measures will be implemented: + +Role-Based Access Control (RBAC): Records access will be restricted based on the user’s role, ensuring that only authorized personnel can view or modify specific records. +Encryption: All sensitive records (e.g., security logs, user access logs) will be encrypted both at rest and in transit. +Multi-Factor Authentication (MFA): Access to systems storing critical IT/OT records will require MFA to mitigate unauthorized access risks. +Monitoring and Alerts: All access to critical records will be logged and monitored. Alerts will be generated for suspicious activity or unauthorized access attempts. +Audit Trails: Complete audit trails will be maintained to ensure the integrity of records and allow for forensic investigations. +6. Record Creation and Maintenance + +Metadata Standards: Each record will include metadata such as the creator, creation date, version, and record type for ease of identification and retrieval. +Version Control: A robust version control system will be in place to manage changes to critical records (e.g., network configurations, policies). +Backup Strategy: Regular backups of all records will be performed, stored securely, and tested periodically to ensure data recovery capabilities. +Documentation Standards: All records must be properly documented, accurate, and stored in approved systems to ensure consistency and reliability. +7. Record Storage and Archiving + +Storage Platforms: IT/OT records will be stored in secure and compliant platforms, such as document management systems, cloud-based solutions (for non-sensitive records), or secure on-premise servers. +Archiving: Records that are no longer needed for active operations but must be retained for legal or historical purposes will be archived according to the retention schedule. +Physical Records: Any physical records (e.g., printed network diagrams) will be digitized and securely stored. If physical records are necessary, they will be kept in a secure, access-controlled environment. +8. Destruction of Records + +Records that have reached the end of their retention period will be securely destroyed. Destruction methods include: + +Electronic Records: Use of secure deletion tools that ensure permanent removal of data from all storage media. +Physical Records: Shredding of paper records, with a destruction certificate to confirm completion. +Compliance with Regulations: Destruction must adhere to any legal or regulatory requirements (e.g., GDPR’s “right to be forgotten” or other industry-specific data protection laws). +9. Monitoring, Review, and Auditing + +The Records Management Plan will be regularly reviewed and updated to reflect changes in legal requirements, technology, and operational needs. Key actions include: + +Regular Audits: The IT/OT records system will be audited annually to ensure compliance with internal and external requirements. +Review Cycle: Policies, retention schedules, and processes will be reviewed bi-annually and updated as necessary. +Non-Compliance Reports: Instances of non-compliance with the RMP will be documented, and corrective action plans will be implemented promptly. +10. Training and Awareness + +All IT/OT personnel will receive training on the Records Management Plan, focusing on: + +Record creation, classification, and retention requirements. +Security and access control for sensitive records. +Procedures for proper disposal of records. +Updates on legal and regulatory changes impacting records management. +Conclusion + +This Records Management Plan provides a framework for the secure, compliant, and efficient management of IT/OT infrastructure records. It supports the organization's objectives of operational excellence, legal compliance, and data protection. Through proper implementation and continuous improvement, this plan ensures the longevity, integrity, and accessibility of critical records. From d0fe7da466e6947e3f8a005c6533318c2a414f71 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Thu, 10 Oct 2024 09:05:48 -0400 Subject: [PATCH 08/13] Create Wazuh SOP --- Wazuh SOP | 131 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 Wazuh SOP diff --git a/Wazuh SOP b/Wazuh SOP new file mode 100644 index 0000000..d0e716a --- /dev/null +++ b/Wazuh SOP @@ -0,0 +1,131 @@ +### Standard Operating Procedure (SOP) for Wazuh Maintenance and Monitoring + +#### Objective: +This SOP outlines the daily, weekly, monthly, and yearly tasks required for the maintenance and monitoring of the Wazuh security platform. These tasks ensure optimal performance, security, and compliance with organizational policies. + +--- + +## **1. Daily Tasks** + +### **1.1 Monitor Dashboard** +- **Action:** Log into the Wazuh dashboard and review the status of all agents. + - **Check:** Ensure all agents are running and connected. + - **Alert Resolution:** Review and address any critical alerts or issues. + - **Tools:** Wazuh Dashboard, Notifications + +### **1.2 Check Alerts** +- **Action:** Review alerts for any critical events (e.g., unauthorized access attempts, suspicious file changes). + - **Priority:** Focus on high-severity alerts. + - **Resolution:** Investigate and remediate any security incidents immediately. + - **Tools:** Wazuh Alert Section, SIEM Integration + +### **1.3 Agent Status** +- **Action:** Ensure that no agents are disconnected or down. + - **Resolution:** Reconnect or troubleshoot any disconnected agents. + - **Tools:** `/var/ossec/bin/manage_agents`, Wazuh Dashboard + +### **1.4 Log Collection** +- **Action:** Ensure all log sources are properly collected and no logs are missing. + - **Check:** Look for any gaps in logging from integrated systems. + - **Tools:** Log Monitoring, Wazuh Log Management + +### **1.5 System Performance** +- **Action:** Monitor Wazuh system resource usage (CPU, memory, disk). + - **Check:** Look for any anomalies in system performance. + - **Tools:** System Monitoring Tools (e.g., `top`, `htop`) + +--- + +## **2. Weekly Tasks** + +### **2.1 Agent Update Check** +- **Action:** Check if any agents need updates (Wazuh, OS, or any security patches). + - **Resolution:** Apply updates or patch the agents as needed. + - **Tools:** Wazuh Update Manager, SSH + +### **2.2 Rule Set Review** +- **Action:** Review the rules and policies applied to the Wazuh system. + - **Check:** Ensure rules are up-to-date and fine-tuned to reduce false positives. + - **Tools:** Wazuh Rules Editor, OpenSCAP, CIS Benchmarking + +### **2.3 Backup Verification** +- **Action:** Verify the integrity of daily backups. + - **Check:** Ensure backups are successful and accessible. + - **Tools:** Backup Management System + +### **2.4 Review Integration Logs** +- **Action:** Ensure all external integrations (e.g., SIEM, ticketing systems) are functioning properly. + - **Check:** No communication failures or log drops. + - **Tools:** Wazuh Integration Logs + +### **2.5 Disk Space Check** +- **Action:** Monitor disk usage on Wazuh servers, especially in `/var/ossec` and log directories. + - **Tools:** Disk Monitoring Tools (`df`, `du`) + +--- + +## **3. Monthly Tasks** + +### **3.1 System Update** +- **Action:** Apply security updates to Wazuh server and agents. + - **Check:** Perform patch management and version upgrades if necessary. + - **Tools:** Package Manager (e.g., `apt`, `yum`), Wazuh Update Scripts + +### **3.2 Log Retention Review** +- **Action:** Review log retention policies to ensure compliance with company regulations. + - **Check:** Ensure logs are archived or deleted as per the data retention policy. + - **Tools:** Wazuh Log Rotation Configuration + +### **3.3 Review User Accounts** +- **Action:** Review access control lists (ACLs) and user roles. + - **Check:** Remove any unnecessary users and ensure proper role assignments. + - **Tools:** Wazuh Dashboard, User Management + +### **3.4 Review Alerts and Trends** +- **Action:** Analyze recurring alerts and trends over the last month. + - **Resolution:** Fine-tune alerting mechanisms and adjust thresholds. + - **Tools:** Wazuh Reporting Tools, SIEM Dashboards + +### **3.5 Incident Response Drill** +- **Action:** Conduct a simulated incident response using Wazuh. + - **Check:** Test the alerting, notification, and remediation process. + - **Tools:** Incident Response Playbook, Wazuh Alerting System + +--- + +## **4. Yearly Tasks** + +### **4.1 Full System Audit** +- **Action:** Perform a complete audit of the Wazuh platform. + - **Check:** Review rules, policies, agent configurations, and performance metrics. + - **Resolution:** Adjust configurations to meet any new security policies or changes in infrastructure. + - **Tools:** Wazuh Audit Reports, Security Audits + +### **4.2 Disaster Recovery Testing** +- **Action:** Perform a full disaster recovery test to ensure backups and restore processes are functioning. + - **Check:** Test backup restoration, failover procedures, and system redundancy. + - **Tools:** Backup and Recovery Systems + +### **4.3 Policy and Compliance Review** +- **Action:** Review the system’s compliance with internal policies and industry standards (e.g., HIPAA, PCI-DSS, GDPR). + - **Check:** Ensure Wazuh's configurations meet regulatory requirements. + - **Tools:** OpenSCAP, CIS Benchmark Reports + +### **4.4 Performance Review** +- **Action:** Evaluate the overall performance of the Wazuh infrastructure. + - **Check:** Identify any scaling needs or bottlenecks. + - **Tools:** Performance Monitoring Tools + +--- + +### **Documentation and Reporting** +- **Daily:** Document critical incidents, remediation steps, and system status. +- **Weekly:** Summarize key issues, updates, and rule changes. +- **Monthly:** Submit a comprehensive report including logs, incident analysis, and security trends. +- **Yearly:** Prepare an annual review that includes audits, system health, compliance, and strategic improvements. + +--- + +**End of SOP** + +This SOP provides a structured and clear guide for maintaining Wazuh across various time intervals to ensure the security platform operates effectively. Adjustments to this procedure may be necessary based on specific organizational needs or regulatory requirements. From 559867d61a257f288552bf34f45d3ef76bf36487 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Wed, 20 Nov 2024 10:18:47 -0500 Subject: [PATCH 09/13] Add files via upload --- CONTOSO01LABS Connection policy.docx | Bin 0 -> 36905 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 CONTOSO01LABS Connection policy.docx diff --git a/CONTOSO01LABS Connection policy.docx b/CONTOSO01LABS Connection policy.docx new file mode 100644 index 0000000000000000000000000000000000000000..b46de362958cc35237eaaf039af7086a4e20d5ab GIT binary patch literal 36905 zcmeFXQ_}@4K&B>EiLySmbuc1G|^Q~*roq&>mP?P)xz|8<{rH$Sv;VmzaF1fl2z795m~zM|A!s*cAK8j5|W( z>;X2c-96Z{?7)nqEklXZDliJ!McKjVnr}d{)G2Z5WZWazh{AqR*ms}$w}CRZDDBB* z8^Q3942pk4rPePq{W!>w;To?xEUTNODTEodBSl?%T`m-)du0HU9oGXL2p$sf(S)+) zG^3zyors;8<>)5H$ctU|OT!xc)V1BZn#veuwg?U%l?y1^zSkIqX#tY%c5?IT)pK^U z{>ejhS7;!1c~IqM8Fwk5*`XQ#?Y{6FCtTfs@9~ zD>+DiSAbY|f7bDIvQ!e5xMKNhH( zu!Ix54gLp>=fXh00G5ek%m7Le)1& zj{9Wprte-doO^FKAd{rfi;2P{cVj?=4*xyQ?PB@Z=1*|@ViaxYU zF8F*84fpx!>#k!et4VmGn2O2!wXY>z9OU_b<^3M!-Rx3|ZP`fa%hZeN_w?-!3+UQh zc)k8?cTw-e+p6l>FSgTG{!ud+9e&Yk&@N%}bT>#I=TTEP`LNZ%V5*>g;}e*;Exahy zqyLGqZz+zx**DQu^vAR>Y^3Oew+1Na|MNKQZX%>F<~Js87g6(UPkuQnnR53~L&R9f zYeCXo4o-lx=F>8Om&2r$a4yPczp=&R(voUrwZ~Gwj*KfF5ry)+u@0FQj^Wy?)pD ze)l-PU4Oq8_{JtX{M35mI>mplnW^mLX*=?CyL!qurG2XCp^<`^Z5XSP>%8n3dg-Vd zn2~E6+crkrv&(WF-M&SWFVFd73+xR)6vUgh+uLP3Qu}p}j-GL7dw}wd&70=%mbIN? z6Brau=(kdY&8Hih^zH&%j)=i%JV-^`$#&%y<9;7tr%QPpqSl7sP17#V&8r!j1S!v8 z)-1TdYYDA(Squ6*uqa`zCY588+p7B-yR+Y+gl}6|2?<{-nd=rT-nZq)FKXfpG`^$z4u7~_sAs5#=-6tj z(#mab6Hs-t8!Vsh69j5H%A#s;%>izL&ZZUP4L8jUTD0lR!kzxJC-?U^`6}<2=i^-C z?zYSAvTHwIfb-$U_q*u#K5drJUSMKEq1HXh+p0A$_hSrvH#rH``^)`~ytmFx32xR$ zBQY}B{pdjA+|6Lwgyvl=Hwg$T!LYTy` zkRI3>mkPwX#pa-sN=i6kJbIN`%0C>wig^RYu*HCE&Z#&e2xE_-EEQyUaA=s*&(m1F!l7vwh9IFCK^C?N?tW57C~7Sgmtrzx3jO4-$PW zm(JSgj6gZ?ygb%+t^Ij6Kj`z-v&mGVWL<9spY-*UpKP0b*kZht@36fbfarJGN)J2t z_x#Us;n*e2OMH3dHg!xuMC)C8+q^%T>6)Fj|AFI-zX}FhJdp1@;X`J%O#K;Pd@HfN zz+bVD46*zb%+x2%`q$X%6O}Ln?ZlmmHX7u9t%O$QBbagq;SpvJR)Mv$1Te`B2U6ia zwuPchItN?>aH@LY)0MVxHMdM2Jxc5)uD6u7;uF`Jg|3wG(IVHnDWTR*a1Gu9HvA3Y zctc;K7)kVN1=zR9Ewzbx$yPFB5A&*ZhbkW*3?#~3cB(s$n5 zQN*aFvM!&GalD;qH60K3@m_3~h_K&hlgxucLIiB$Lz+31fjzk}_X;^CA|XjRiWesK ziV_{esEYW!*R(2>$ZmWi#2d-qcyote%bxl8cTQzwcOT zOZ|kp=4}Xb)Z(?AyzzOm&T6z+!L6W86&!ynx^rL|Ir35qjCV%IqdlMrgwGR<+< zpF(+yg# zv{lrAYL3Gx@EyFO zX_oJPL1|)-aK9EdJ&4q)pKh9c`cl~H9XbfGxb&g3TPezg39$l=Q$oTUS-Dt!wnZAT zy2e2l+we|jne!-)96=Ze0{DQ3Qa2hc*q?4ltnLT^%F4;|xt{-W8F^Q!W0{v8*HCwg zFQ?IY1>s-`jF5L{QO=*{T;R( zcECQgID0{UznpAg=yvxi-~R7yL`?)ME}}VL!1UURBncbDjLm z-A{7hTm%Nu1SNZ`Uze;-3&cRac0TO^)Z4g1e?DHQ6b~?BK8WA9CBrf9AW)r{5^(Xd zc2TwLQUP5b2=bOhKj4-x6<{2Y-0cch33t1#Zf-wqUA`?@|99BA$$iowj?{vEiDi?o zsGG^C>}a*pBwgDlZvC6uk?5!Q*9ezbe)&j1m^cOLHnPfopvc)|q^W{%bmj5J4M1RT zHZ+)I@6K)S4jqV-K5NT|!Kih{H-!2gV#?tKUR04mO=u+%?jP(2K<5*pCm&AU(5q+x zCi59|+nY9~BCaoriIMFUJKzS}?nJu=F5I$(3vQden5M{yD;r=a{urivo&{4XzH0hFg6gE%un z*c=nUZJzV}NI{oWl~rzon&3z7336spFcJ*DsVpm(`__!M3Jo7jA}Wa%7}~T@p}mp! zF*NeQJ$)-HC}D5|DX@Saihu__SMD6NyTK`rJ?Ekq$5UG#;$26#6h9V0sN90ZL(MLnp$STAsGYf8BWAuSz7g%n#s2zey zMfwYC&)^t%^10|h_Z~yOX&{Y$c7p5|s3(GyCiDD)ukh-da6qJa{(c{-l+nJFS*LgW z$ohWC&@cZ;Be=vqT*;!1D(`v2EFAm_eLP=D2$o4bJE4j0)jl_rXWUtcR^T~CBaRIf z#Z+$R!B?6|h!t4_5uVS8(TPvZTuKScL?Y;@PK_xiYUau;LJw-O<1XeVu^3a*8U0`- zCLP_+gdXk3r8tmY$c`Z`tmMxU$xR1*>vL?|hW+sky%AN*gWPl^UiNG=x)lT`Pum91*5MsX(8=?CsEBVo2@_+?NlU_V@p5aX5;k*~)T%N^`1&I+0V+BEQF?|EqIdkQL)t0A= zL<6YPk$~WJ(K=#t_&)j<1N}q#)rVQTt=;APjkF$g$X!b>xdBbwjFGl9P~8^qQH!t) zX7>wTvkR;J=g6MnMq_SLv9YUKGx@b)3jd2k@g_ai7?1KG`aV+;!kq3KG-fNd1Dh}! zcUS*xw(Co)tv^rY8R44Mb87!{^TiPA2bV`H1hZK2EVOKPfvn~5ID}w4F`X(M1fy#$ zE(40?alw@=|Hu*>N9Ag;aWBYIz?i_jK`3m7X zxXl?6Vd493K`4En>L!SAhr@in^C8wR-bHq)_%kx8{CQ9>wNEPBP_ zew0S?InL%?nzDRd&F0J$6b|%ejM)|Z;ueL7{s#S1GGCiaGg~hn9+qatAJ2#4&n#@O zQrgWKV91|by)8952Q|7QrXTa|dcCfjk=>m?Uk?NMeTNJ}i{JgLbjbuoU1`BY&4YXO zhVmM+&VebehnHD4czlUNd`}6@S>kb`5d(GT!A0g?xw1db^Dv#GTGJjTk^+2`g!imF zsqc0AXt_LMyq2uMSsqEI!+h{)$yDh?JV>rnsI7Kq?W1J~=7K{Zs;sLHiX9$dNLU|( znrAT7zy4%0y^tKo?jc&&ESTcImw)~lAMaga%>>OTCGf*XlFQ@U_>OVNwj2qD9Cv1# zb)bF^LPaZT$Srl~10hRn8-gGUv+bjZ-gqF;z+hjLYqJE~z>eC^X}E>6e93Q^pcE0m zK~mZ1iE}-3Mwyk`hehV%6{_QFxNS=rC#5aZf)S$oB+vdUlAlg}elF^*H0zL~$@Yz; z&=tM_Ogn60{^dxQ$&`{p=7@-6uR(*9iUnD(S>T63`d3_iUfr-Gk{M6uQzQZ-@l(^6 zA4W({)k2_A-R4qt^eCw0j=#AKp9`l3ECxL6Db%ohTE+dRNRtW!Sn`goBxwNh4PLS9 z$}Hgz6t7hxT3fz0i#Xwz$;8Qwe&dPA|J3X7eB$M<7WmA=6>%LAj=3D?C&8egf})9l z9my^^Rb&ED96t*{<)q3q84?u|*Q_Q_%tMVJ!~$`DNd26Q!R}HFE~HH$aN|F|dJp+i z<5-g{)veQF6ChgX!Iu*1`a8=XvI*9J6{Em}tr zd*b=pH^b##u)>Al)jCQ~eLV z%Q@)!AtWzhcMo(2#z`v>QEvhRt+s=N473u<0)#?e7k-#9{o0Igoi@Z4FJ zA<1-g5JPA78ePs27qG3w_1lcpYy>?jt z1w=`AJdydHz?INyDTl##La-?|*K^vQcC)I(1vYZ@!m$`A$(` z--z|BUdeAnVoN_)MK8YpLa1(~nu|x zJ>YD5;DU~&;k-#2ObS2tPFIHhCFF4uqLNTPU%vtv;KuICWSzx2Z8Tpc|5R4Ek&U)P zhpy<|gZHxchq6!+)3D|`v*uHg#w8YuQrZuKat=ArazIg7^%X*3bjKF-?Z1L#3&zZ; z;-M2!S<(>2Sej^ zJK;6w@N|Q?I3Zv&Y*ylGZZxG_EcV34jlG#abMyOcXW9b_Y!!lRoebA=rMz$8R==P1 z3J5PKEMqVH#MK=lOBOg@-<~Uht1ld;tG>+is`Fm534ucT%9{P)S!1?UGYDfo(idyN zBEq3s=2-D|J?N2P#8d#82G~AaXY|_~u>?+58}~Em@hjGOX(;$ojl$-d3O}|HC6xYV zZfa_sc3Jg4#H`cJdAz=i9GL#T7Az~Kz4({#o^-xuR$$-9F9$+Kfc}R|nfEgvJwa^E z0NXImEu1E(juU0;R6K6j_mYP*2*cKh%LcLlSB(CR5=Xh$;D;_MX=&b0W2;iqA-?S% zhWU!@!4>~sxv<|a@5(Xicr~@#`L`lug`3IWd*P zlROB8vX_N592!EBnRf{gxsDs|egA)W%C$-^>}N}<9KV3R?VakoI@k*V`EL%>&S9&3=rIFm*b??8-aDs#`S*-@%~BTR$g8x1hnyng;dbnSQCG( z23^g@T?rIOc(4+^qh3!96-@w-htt>4psO;J|8$r4%85FR@^9tGB;PrF%|XFAGgUNW zG&5NI(xT<;&>ayriyRU8&_D%+%1RJ*gY6?O(KIs5CVs@47+ge}R}uG=9j>RnY&9~# zQ$Cd;G3qJ2>aM?|5)(BtoR^LD`t;6f_F$-xoL<&`&M@>YsH7VMgk1&D%b<-_cF83J$EEggg|b)(Cdg)0KkxMFqj@z|9@;)r0rb z#~%~|l32}^E=?1zEDPrV@aLLThvYN{|5U>G325IV>esj{tkfmf*{BF%urF1}6%6f5*LV`*!NNJx@e~R@7E3blq!R6^!&v8G zj#5qm@FkGS-Ng54aBqhZtI8ZRb8o%YOYU5`aGMmQF%%pxe-(6P)mP>C7|l#apeSh4 zY3nZiHVuan>zB}p$C)Gh=3MwnyUEDptNiNc%b8FGL#`|gmhREgU|iF#V^w(OZNywn zw16alPQL;komW?w3zxx7gUI>ImjqPB>%Hvyk!4DzEh+|t@Cj%*`u}NAx1Sl&41OH8 zfs6TIH{@P0fSCRmM}bv`=v+I-|BYUQJX@&=t=RndD*J(Ufi2)7cW7Ir5n2Ez8%@m> zqQv&J5LhzxW~$Rh6#5K$>9Fvh*VeH89UDme^WLB<6(qFh8OHB;3iE;aLeL!&nT*dnunli`@f zo0y;834HdAAfd*3b-|W{^e+pK>?-TF5^eF{bpX%kmL~N!AQ@lio3g^dBs@p7qrj`T zmNViMdE$7k>8L+fDJ)X3V~*mT8O2VMAW$_pOpEoB_;k;3LJODnf`Use#7F244tU%@ z(J~G}+QYx{hp_?fa;e5s!Lgk2m7IfP`>{u0r(-G?MCf7An?iCn{HRE?)OsA($k%5J z)(8~U9#;99i%flwk2KH}wCQ)C1P}k|*XUUv&kpfYTC`b}1ey*!JOur!Z1)hT-ckf< zpZI)!yox^#OJAvmtNqOvnLDNR9Ruay_3R zpAV9K1#~@L{?#M(qx5r!A2pIFSOAj*LAyqRH z(Th(w#`(pHp@G~^YF#-_)J{D;i>#c5(H-P?4eM_)$s-xQ@_sv_T}43m-x$%3kPp0J zA-dzAdg?}SDZrrZUSFk#oxn`~okMooW9g0|m8Bapy40;;i@ox2WBk;{6M7GNAXMbP z=KOHJ9QL!x3Co zlgRo;1OJaZ6!@DhH`M=(^1v9nVO=|l6a&_gR>*)_TZa78uoIXYM^@O$wK%j?F^_v? z^dxcS5MDL519pcx^#AYX{`_`ex=iMrkkC%|Rk`zCKo`8N&A;oUKf7g4WO@1YRsty< zH9hOkjRs?zgW)!3DK~b?b_x72r0)%b)-FN-3f-{{u5`+|9@?T*F|wwA(UpR3>E&0r zO7|$fOS@pHx1pwXld=K$7}yvmx;ndn_cqW9l96h)tFSb6stbN5dI(@6-iG6xNi2sX z{VpxlS07By7ck+PT-MiSyFCK%Qx@S6W71u23fTedx%%Bbz$)GeZao#LN&pO1)GV)o zr-^Wm(cwSHPP$7yK|c{#Cy_-f9B2e*w+PQ-dFK}R^p@pjb5NT@4v*o5tjGDq4(8k) z+t+HVGxxtx!@)X3_j~}H-dyV&fg;WX1RJX+>yF)N7jh&P26I2FoVeb{H@EZhP6J*W z8dM4gAy6zWF?d^8h=F+b@Sj+~ey<=btN=?2cf;a6O5ru zat45~9;AAddTt)g_id=T+Ver9AP^8c5eS#%a)SjTYU@vVi0+nPze*fHnGOZ`rELu5 z!`|2fhTR?{DxRfwd6#;Gu*{z1o<%7q_YT^vfjcX-f{TF9HG{TQQg+3Aj2!%a45l3X z1w?@sHGUFa1)Z-xmK8(3OMInplc}1CmZSgjRWYD+^v*$EMQbhW1nN=GVJ5Akiu@C8 z9I!iNlP0qIdIXNrRL}4qUq|(OV?KvB9C=Ta1JqvhWO7n$P?s3W^JcMQNeUksVru?7VcwH|#$I2B z5HYIVk3>m$!Yb*86RWSXGPUBPNqUgaYF?!gO*>9-&=Ow~>`0+t>&|qjars>W;lHe# zy(6twe|5BjR)oQjWbFkz`;KwPl#q#Cqr~{;N1&?6UC2e|>@|QqW>ghDr?@B$YVmfPV&xMx9$P3dh!- z5{y+g=tnac0_L#Hn;T9Dbl3}ke@=w*&A@AIHXd&QL`VQ6PB9{jd@%?p*#)cBr4V^o zVl_NhPebxR`;gM~mUkMFA!;v&O`3osK_;dY6W;WBwdn>ld-W94!BlUNbgf1Ol^54XAfX`!d}==0Yhri*ACHyW%Or99SNW9HcG>5SV?l z&^YGVBVLMtD3n5p4HR~r9*BYi*}Z%Zw=4nb@`Xl;E7ASzFblntc~Z`2ZUSDWN$m@Q zkICiNlUYjl6gpuH>Hq!QnkBxv$^S*}>p8W2AHHSZJV9D^n8obCF0<9?SNGKI$cIQvH-kE7Y>#)MadhMMYcn^0LrdeHPR zHSIm|@+W?E2Yu1CEq;pY=ZV4U;-}++?9D$=sK+C!t}%hMXwzYqv&J;OBu;+i86+gKN5-sBU_TCB!t&a48EmQBy_idbyAU9 zlxsjBLoQ&X$Qe(eSNGX$7x!y7fy<4Q#jy);pZ+SPBWS-SXubIfy`5z97^WB{qr?_| zSWbNm6AV?=?WaoHtoBBqnF7f7gDhmCPfdIxnKxNsH91!mWi*cuaM+Q@p@Ff*AB{*z zTAxoUCfCl;Hiy~?c8-Ngp-Mmq>UHg%r`-G-|7ohHUmf^f-c=+Z6c)dtek3Z1`fZsL zDGNqcxwoD-tkp(curjW5#IGRv{5UHZ`52XlA^i&8?jt!p#kMNTQ+p(*3;Ac8j-Add zlYQ$sd5jBj?X8$%o}7MPF+gI{&d`)mfq#=z!M4#@BPCR>q}29L0M_`hY8)a-RZEjC zwA-!}k%ib71-4kh)o&`MFxQ&ICXw+}vq2MdNt9isTj=Ofk;Yx4csb5;!y8hi)#w{n zrcn+LKYtT!+3Mj^jv=Q<%rL4I>xJo?{flE9InEK%@w=U6fd?%&M2HFG@rS9_b7BRf z45Yfp7qM6&j}nXe!<%W8yFdRd=Zu09X{o`lLYpt+2?I$2MZgLIR~#^J!=vxzn0};5 zM^1PofoM8pFqI~<4(59e2TkbN8C=??u`6Y4NqC5>Ra?Eph=0_7^Nd_+8WD200k!!! zpXY?u0#0N?8Ndd?26N-;6)c}k@kZq%+p#<86`|(+T+XS<*L(}?YBs!763fk$9x!xL zn&m!oV|3c3zFg_?6&689=YqI^CEFFj1KNQ^NdwY<=i@>ZEM&r3J*7GXLY7QVA#u#> z{}qb{G;|hTB+6BXA6smyP~?e=pi^(D0f#X;f9cF;K>$$fG6&z&J3fTI1BHobDd zuLt5yEjYk)DYj_A^Pytn*hgsnPu~`y6FGwmImV7pnQRJPp}mF$vTjZ>ytx&1r23R2 z(V7uxswvL+yTbwk3<9hI)_i~1Fx%$-^nlbyU^PPG(Xb8`^ag(KA4(odY!{6jdY-KSKX4lONCVGtgjg}&z3o_8I zUV`W;4eD531{McH#?wfhCuFWAQZ5+uLs;UkZ14Pi!+KFsJ+O$tLK6Bm=&c* zDoD393LThN%g+sN(`~J!|HOUs6=z=5XZPZF@N-C_kcov_MYfh%vdKD%m)KgPtS4Eo zADLj23Ac`Ze7trWBHn5_#k2Fep6Kh#9VgM>jL~b#-GsB|$eN@iiApS2n*F4qTw3)V zkFj8G>>A4yhBSpoQA|$knZ+6H>yN}wK7f{pKagzn#DtW&Jr;~V#3C%wKp_=f zdf)*&JJLG~!UMu%P9F6I|F@5k_qnimgy@KKKa%^BIzj3gLN&=PANfIQ;}4x>eU|p5 z8CCG{K@tU0@Xw#=+>l}Fw<8XSFdZX-Np(X1IkXh^kC`#OWaAC?#e;!%uI$m*i0Myi ze2+Fg_D`LbNBZ5B&r)bvsv1|1Z~HHaR1zDC01U+ci&Yi0{5wo&o5NJ?!nKx&~C z$Im9Tm@}@4?Nw+``8k=4H$Fj+an_V@fC+ajqWlauXsQjhk>v1K5euS~PG_e&o-U*S zDJ*-C(V!&9g+{%Ib4F+?Tw;)_^f25DkSrV+{5S;sSTpx^!d}SrP&MZX+r?ZmulQ8q zFffn?zn!gtlN}Ho0E&s%naSX>TP9o37nG8WiWh*A^4aG|EZiWwc&A?}vL?7vh_FXH z{ve4TP^eRRf{S&_qYug0wBFoU!ChI>n;iQjoUOM6oPEznqQgDJ=R{h9)%rjULcyjuxf`jk?xdU^=g#L`7BI)VluDw-zK(5n=~ zg7}a29n1jDOoqmnuvNCs3{dmPOvhqHYu$hMRJJZ@`BnG(`b$H#ed9nYlU1J4M9DI< z27w`RW0`_I$5Ef4RCc4MwInt*DS**i@i`IVj}>Xf-TEqw(X~ey5jAu051sUh{ zq|P<6YOI7pRf~vm#>6dJAeyo}mzFZpG+(JZ!OK;Gw z9dP^hO@~e|ah%{VA6FGp2Aov?=_TQP3Tq!(z5ly%D^T16pTz74P!1JIaS}#JgcC{q z&$u?47{MwsD-Ujkg<}my%Uv4Uz`_8mR_{7zP~{SJHdN32pU$nK(mj`xf+-0k0~7_T zNx0@AU~^TUhSDhPm{=s)QA}5=uRXk(a{JdB^RViRPxX$Co+Qj>gA?}(RS zyg1dKyxIQ*Dv{?el`EK}Xh%4j3K-`RY^?=vH4A+t6e5YIJ311fZ9AtJWwsk|J4Uw; z!@tPAn(iY|2oMY~gbB)9h@{Ypc@|wl)R9BxVZCz04ge)1AjE>3g+kK^5DM78>c9K@ zZ`f^;`ze2uSt^hJQ+M?^lr-zD*8l_v6g}#otEqU9bl6?pkS5IT46`iq_9+8?e_n0* zz9lUYnBm`;*!?#4E@`9dp>~??l^~ErKFpJ4JP>cB0@m2XV0H?+!_v4Z^sofbz7kQy zM^|sTI+KY3{5Ms(>pC0A6`TO3wRnK`Spq7EKyLceets?t%NjMe?mpVuy;OutbCZGu zk1Q8~=LV6%A&IK{tQByXSjYo(VJk7#J? zMhC{4kk;*PQfLBpRhR{lkr8336-%`=Z-O(d(mF16PV8LvA;$cG*nk-{?r`=8nEfCa z5SrHs=#Q{AK^SG-(!0jRh|v&b+tn3QSM>~K;Z!I=UW2So;EV(cNU;Q)O30jNND_meHN!AUSiH*1$RGN;fibnn%VCD161FaL@~h1{fJ1@n=6snIO;Bo|>XYJI{ej zFAo8?B3lmvk#x$s2jXnJG`&AzB3=??w5cc6t4w$bN-oyw0~*A7p)SXd6GkFU;eV1b z;u^7gAe~XpXhti!)^v!^_hyopzlu4hF!i!@%Ny_()u#7Kl$S#iC=?%kmO|9<>6)51 zB-v=E(PI4)nM&^$GhqJvHkDqXClB)F1(@As^MO>4W!h29YRc^o#@W&e&*q`~iB8Po z4$da}Ms~K^=e!n`7u1GC#z%v!pT^oCKibmCs6w8V_n>VyFsgkL!3D*XTT;Sk!_Nkh zXcFcv_Df<42w^mk2cYl|sdA`kEgM*&B^i1x z(g^Kn^u4Z1w?J(j9J0l>^?+-A(B*-tZHLcT@LQBvF1Tg#HP6KjjVjYlCoI3e>Nak6 zVMLZG@+x?G9Y#FgB-y1qzq-=o`lMLKVpp04aAvm|QQgrcFH!|EaBIN5!zZ1y=bPyp z4P`V?xoViWr(3zt;c<{6Lk;}bcHVVIn5O5)QFO@A*wl2<7BU+ZsAMyU=Wy71U5@=7 z;?U5CmK{bgJMKhAQI(uC->aDfHy1`@3e2&aIJz)^S|7m0cz7Cwva#LgdC8umKdOi? z(*^r+P6laj5UC5P#dcZzlGo9^j-)Q3J7vmGFkRRS{kJae`$v@LtQ^*}e(7(y&?Rb4 zM!j{CdOgB*f@UIm!S%IgNcn|UL2boNwjp^)Ia1*)(7K$`vW73~^C^jh3G}{{l3hq< z1sz2t^OkqMC59V3(x6Jd&wtu8@6@OR0&{bVWXXT^`$D3mPMEiFjBKX7B)kk#GCW=W zmHF-*b-GG7FkyB%rNF1A!>-z~_6Hn}GA>Y9%m4EY$N_ey5$-HQP_BQdMZVo{tuHV< zs6AH7Wjlj1_Tk^;ZaZm9D)pj4{ndB_r4{vQO27@WYG>O#3bV+E`w0ashC+;F2$a8+ zS@s_D-t(SVQw<^+PjQ{7Z3m+2<}ybj7HLAPu=7}K{ZAk_8=MVbHD|oH7l1T$;DOhWTLD~{l9SoL8(8jJ_5^WqMONf~+BfGTEwpCMpXI%Nyxc^#t&T<565cYAH%XdhEsU^zFmfc@tr6cXo`t4uDa>;_N`lkm@X*V zc9pL4LQ`|@|MPqsMm9*ed4fV{0be0>X1Vsb!QDCm>Teot{>*pz2$y^dp(615#n{~w zD z5s2T-!xnBHV}ro30IGo~sJiQN7v}7d#FSUZ7jCX!Wzu?`oy>?^i7e4jlncx9pciNN zs@6bw(MY@UibTTj*$!(5X(honB_d*>oqBn`gHY{HRUXIAMN*Eu#1PR2${)W9BYdmk z5k7<^#xr$k*wtzT!DoU-5rWOlKQ~> z5ms=_*Q2j%kU(phkC3p)jxb0=@AC%!v&1AsEGR z9_FgQ;^nMyL`4{!7v<|G1uPfsQ=DU_oSR}>WrkJ`X@YdB7Oz<>K6?QUGia@Ic9Uzn zQg00=Y8*H6u%Jf^U0>CJLc^VA`xJ(Bg{kOvf8mnRMjLNfM`V=S4{{ZC%SS3Cl+@`# zg6P?_zmyX^g_joqtj+W?fii+6y}_^k%x78Us-_xMW>*i~UE!(3H^B*Qg#{V==dzqb z(Oy>9K7{C%>1r0i(_rYBCJJ|eNrLnFn^yr>IR)fLHh=vxBQk%xPjEep)?$>gO>Q@_ z5Jii+BRL9_yR|CLDgllfRuzK*Xx3blY2UU2bN3&HNGX%wH0C4-#n@OUh!dY?`uv=W z$|>C=L8WV(8cZU5FnR?Qd3|D$PNhDXsT51&gpP-X*0xcY{(tVzzn!42qyJn-F*E69 zX8akLTlES~AHHLH?OoRBCw>elTwl_craCMtJ!$+dRH1{X-Qwb~I`u`wI%J)xOW0UR zUr09jS07ZCaLU>AWvuTqaExS01(84Z56~gi!(U#c$ME-OF*En_34Svptv?5Pp#>39^$qccOPVsH z(GrVk-Ki0Fv4safn^6!FZFf#8 zUUfrXb!V!)J9F-diT>W_98^{sgM~N8#Ts$T11-jrN)exZO_DawQ{RAnZ65KLg?H_D z9ZK#l)jd+Z5McX@E3pp8_{_-{-J2_37OZ&7gP!ZVd~sk9Abv=fqk+TQ zb)Q8D>|2T_wf_lu46U2Zs!PaXK7}7043JDm*pAkvW1nq_k>;+dbq>ezHJ_@?OZGpS z*-gzD>Q|9N*qsmfun>&S7gzMx+4>#u8Kbp4Hzb8SZ@Lr&3$^e!hsZVkH`DRrBEykF zw83=uCEed83whL>{~gIrXHRvWRn57ITO5|ey1gXz;UWfLwFz9hYO%q8vIOorhSv#uFObWD?;p&7W1kR>O z#Q2-84bI!LnZTMScLtboQhpB9n^#{=8&=)nl}(2-Y+Q+zc~Wh!5B z<9*eq|@AAIF znV&f&(_(Q=A4Ho}5Z0=fEMJ48vJ7+4ATwy_TbKaA%D~%*5DGvOP{Ydh`Q}iLHFhVx zmCD_mH&QcebNo?88LQ?zwHcwMB7q_Onm^58nEf24k>_5JpnDIWqEM9rA1dj z*PSx2pH;QNkAufTwCv!y$-Z2pF)PlqF2=eztIF)wlVahIVFE#VvcDwMyvd(c75$mx z!ohKxj2IIqBRA}qHSY|SN@o@=`K z(b3v+UEGPfT0>N*DlbeOH?^=CczNN6*T=&qa~o})svqOB$swCvBEZpl^N((3A)aR@)*;#QbPgZbl&-ylF`rACX+-Y>hrg@yd0tp{ple>64DaX#Vy&w zhhrG3`n4^{mV@3T)Zjg41o9r1BLR$uV#<10Xv(KEk6fnUsi9baREoPY-@;LDbyc=T z_VxD8vWuH{#~?s*%v|6ys0^|(e=q^p7_p={*v)>RCMH~<0o2@xyLhve#j zcA(Lvq!K;!S<4gj=xv%pFR_?-3asTl+%vJ&$NhHaao0b(Cyz7#qB5WGCef@-na1>V zfPnl~;8ULn93U5ir_(f>vNNhXq64{<)9xDsjr_kjvf3!)G)nGt4WGELhj*GJX{lbA zhtbztwWiyGd){S&o%cQ^VUuk5e-(hq_y;@(eRiI*`lZ7Z#+cfXnPV`*lQ@{9(2zid zAWHXqs#{x$5^D`$e05hS`UzYj1EghxCK@q9MtaNN+$FZv6vyb)2{q*#9Ur+!=n;_u zw~*{E4aN;$GxUEj%!C%|$JIn>y6m*k)~S6Q^Y&a34>JSN7AvQR;I*6ixh}VvhMbYBdy5rkqFPMg z5oVfMPU&!o57swptMs&Q)QI@7kh6R9ZAom z3!2-^%*@Qp+;*FpnVFfH%M5L1Y%|+!W~MeXGqb(!cjlWryYt<%=iI-$rBli%g&-w` zlu}ga$t@j|L=>`yU!^|3?K5XRIn-DwXU6%#Mcauv>g7c1(Zo85n|mh0?Adp%b-Fj! zJn_q@5PqAC7w)Wd6^H%7@_$Ol_if8H7z2ixaaCaeFn^j&J+@Rw@=lcLckL#B(zWWq zRp@M45GyRuqWn1`2F0F}_Ypx56h~x*%&>3;MfHl(;Jhs;y|^4s4!egdOB+*m9&p)Z z+6FPI<_M1Bad?Gh`dTuYUGXnDf|4ObcWk6bT8Un7JEAG6tpC0@NM^tm0(+GNe{;X6 z&C#bU2V;+M$PM~FlKOtWUp!Yx`rVWkrcHuATj625E>vsYa<1+*iaQ_{NJdkyVT+f8 z!{%GpCC*0a!_R^f(FH0DXMr=heCtIzuPAzF%9}1jl9wQ{dVW0*Y13{GfVI5z9{1?e zV>U52BA(uIuk9rjC(MWl0Am&UAj{aJkDsb4z#iL@)39P$2e4tc806|r1(PopP#*k; zKMs>?s<{oNxu$lcwAe~L1}=QL7C3&YBh+Deqfq;^!=gVFN!=)rJ41vuOc4a%weZR~ zI~5UI$MoaGh3vrIM{Ilt?c%o%ZdoXsnyUAJZo5GqnAfSR(bG; zWgaqCtSh30MT*sNQ-l;X*i?9r6YmnE*2AEp@-t7Hj&*d$9qycdb9<>80;j2oa-QXo zW~EjEG*o%#-@s5u+I*r~ig+K{kk7#scTQCvb$^10~N?KukbT|aVO&!U%EO|~uT#8j00sX`y1djV_^$L5rg~ z6UdgNAN?@kKF<{V4TsYXhm)}F0Y7}zVnhnY7Wl%GdqKBqqXWEvnE(2-TGIg2a`&=O z$l0jhgK~@Gb{l9kQt@Fqz@g@x5!8h7!D*AUf*&jS`Lkcg+sPJ04pR>mO1qt6ikab0p<{vdxodas}On1U!5#V`63f1v&Muts! z8H?t7qCsSJ0X;6rq!aQbXK2A`ABS&8vVG|p%?*m$>9gNP+k0sgaPd6xnTHk5hQo#3 zlx38{aYbWM9r-5?$3xVuZ=#o;xEwPqmFg+66%(L9W#(!@e=|ge{j6;z_DDU^TY|N4 z%nAv`OKW5HwKeO9F83`HF(p>NFJx9!fDm!*2p=g#LU7N3n zOIm)?l3@`?jTaU$izD3oHAROAQd!Ox{xR9v!A;Q)W}P6y2rKeDfXGnAT;2xmEH$u5 zKsz#8>5EmDsBk0P8iG-BP)U?s4ik=70qfd8$nv9<#U92}%tMQ{(V{g6%(Q77Sh<_@ z5?7JyB|(WAmo$Lmk~N9_=*nIm*!CS*Bg0}CVW$;|QL%Oup5WqZ@sqirV$8Tr*89l; z#x^oUW|P`*uv{wS#2~L)mDj02sr;p)lz~js4VD&|YrtXh0~Qh=$tFz=WJVpRuXI3T z7!V>3+yD#wTE5&ocXJ^jlX(&@&`7Z1|&(-XyqLQ z$Fh{0>IZ`eZ--P><3gU55$J+JD5+V?u?*#Ch%*vm!uMRga_@TN3Te+z$vY}rOHkw( z;Z+XbRwCk&f%V@35tUQ0i_($Mi|_h!`c4 z`F6!l5A~Y&l2QV`d$Plwp>!Y-2#^Q=Hl(#oD0`HI$ zm@^$pZP1@|Tvt#0NTP3IbBXe-XZh$!l@%S<2HDu9qsaWE@+kb@Ni-m9k}&q64+q6n7IlFz9Cu{Pdcy-d3wW;-1_VSJSE(?~j_s+yX_##WPObSV z$K0_2n8L8Kh$4vDCQ|hsLHzdcc}+iNy?Pe=L>MQTbx~hk^e^;BC(>6kDh78gA%!22 z)`u|k$x8iMJ(ZYb*3OEnW}>{!2D0r+^Ek+(3&2HTC{vA(*^L-+9{Xu=aw1nuzO0u- zJhK7x0lg9JxvKPa%y)SO=O-LqU)VHZ4K~%mUK(f%hM7Z^$A(IzHYx%M&gn@ot+7Z8 z3cNZ{@Ex+UP;eB#Trpo1)J1-GxctV=p?Iqs&x|EWHq~;TuG{uQXfv~FGj=oZkE|2u zJnpR}m93CnCU^6w)d?Qrod$FY$&MxQF`EVU`YxeC0;&D__H9dPkI`TFrmhI4wguRG zp&AbffAAeYmBC$R5dY@OT-yCTwW1X*Puse1J_el)a7M^wXjjUIiDTtB0*EDKi{XrKB@z8-jeM) zaI2GCWIJrCL%{xH`{9HoJLgJA1330d->EI#!_b`NrW%&z3d3`+5B>0H+}MqB{iJZ@aE8<6@%zp}L*g0=I`H${q@p9Z%lnE93am^X z!n=4&J=UZggPN0LT!@n8AVsh)$^)`z@n*|C~LWvsKWF@^p&6XMZ#k|ML>>2bATl$nB(g8WTHY@T-d$=5GP zBie$W(Too^vgAgNs%4J4#45C1T7l8dRo(exo4+6Q>tRX$X@J z&m+G^e{E;juWZ%7(SL?yP14<>^xOnN`WR%qct{kaMVeT|${ag-O7yv~ps`nMo(*3_ zaBU<39(yLDpBiLRD+;^p{ExwtIK4!QJB;^7Ba%>;OOXKeQ;ls4^CDXx;1xRG{>r_T(yx~lHTL{r9kD+w&6znRNgA>xPo zththo93}jI&>_L^#8-GFJ-h{-YbnK-N~4J4))*lif=n8QyPs+A@!OH)pF=06!Hh3g z&-x&BpiY@kuB^%#`~KWhvO{tFZaR@{oyH+GH=BW{sL40|60wFJk>tvx9R$9YO3P7i z((CovDJEN_gEnvl8YDFpVyWYV3F{B^4x*^ktAmwStE}Z@Q<@s5W$sQg?i6xxTg_o` zwE55)q1U@QrM9<}sWsL9pZkJD>4Q?+GwzG0gok_)obb8W?=f=QcOErzz%$ju6K5!2 zrt1ntfie>?BxBbMx5Ktp=yoM?({kU$qIB5grEOL-knkK^^`brNhD+Gch&bYJnV3fF zFS?>{n$Y@OL9FgvV3KcjdDU!v^_rih&227;MxtyyuQ=pJ>y8s_%Px+LDpT<$hrl!q zTZnckSXV2#QrGF6_l>8`h=S;qSYZ1Ix>uj_N!qBCbcX`9k28QHM_(e#?Z5-5#9Eld zM#@IBuzapih3tJR&|#jqBo{&STa%8CR4YB2P{&qL(duRS`y4~emZ=vMNq8P4^ad24 z*>}wfB2t47xh9@whKIusDvGODcIEUsjs*FcOKG`@QHs@!;rr`UR`0!^PB7dFL6|J0 zm*_aYZ{vGxc-5}A=zrYk2o-@u{AqM~fWRm-JhMW62bLf^J~?*X(n@fUw^isQgf`@F z{tSZO#ld)UuQ|BTx)x$F$I`uJMc1&&NLiaXcP5`Bawp!zxK;)ielHKSCb8uIZ$Pjq+8-qKa|XD;$U?M0cr!YkjTVSo=8q}%+Gcz= zn)rC06VF4UD_l!jaMlGv&tQ`!I(HML$Qp5WiImP5|E=687?XTm(x^vBOfh*>EE6T` zy3*=iU3v~V`Nt%T{Ol5OLQ;Ex-mk+-`#{5E6jo*Y<3j}_-uGPhlhkR1txpY>2is5a zgDmy!Fqb-Vue#hIC2`7}-NsQaRV4v9RTZ$PG8do8pth>2%M`>uyx+{K;gBQ%iH*dM z0Bxd9Rd4~(X7fEENIPS6ziMydMh-@R^TW_>RY5Jr!|3c67x;=&W7(tfrQbD^;Kp#* z)DnFWv=K#}3x6|rhjZj1CpHBtF10<|R?kscMSu5mbJyO?6e#(@!*9hajvWG5CQ$Sp z2}q8%k!7;iW#{ONmud_G6n6)$s_mD^lKHKu^NS4?8?7qW#{pwaKf96UpuoAI%gKt! zsT)@}jLfFp=tH}2=dz-(kV@CMAB;Q?dMCJhum_%Yx9mE?p}!bRqH2cyIx6ZYK1BSA zd_VlYFxUPkDqDS56dw2&URx6=5D+d9B=A3|Z2tjW_}{VF{sm(Q{Dm(175o3&pUT9E zzv!C5mmyt2f4t~;Y($_EoTvh{wH|?uz1~IcjS6KoyM4r@k;5S7f?`<=&ALJsJa4Pe zcyez$*+A+@!9$DdT^-`jawr3O<1b%&>f;SN{A114 z9WE;18}B0Urh`)lx#_4Rmu`eqbLzypB3w_NW@ei`Ck2`o2Ryg=*O zG%lGRiGx2%qO#u-DYcrOpDuz1Q|ZuirRxiJ-UkCgRj`LL5s& zL^Ztzu}|tYWgoi2P0Xteh1MvC8d}Z>a*u?%4%vUrNz6*4K=i#|y&?FwVw6;-7&;FD z1T;hl1cde#;~z0{HaD>`Vfe>q`Ul`oLn{i01J#$|P9WUFjhE%&33-REi(S?=F@C-9 zPQhx7C6cW`2;gQUoLea8Lxs9B8wT;R7^aAAo>#>1&IAM1`4%pnQEO&wm9bhJTxX>o zS9po*!+m&kr0%re`N{-L5$+(9n7ymxi02QW`ngSd#^n}E-WUto;y(h5oROPdFTCbq zce(CX{d>G+Dk4~tVd>PHx}B(7R4Hk=mdk_*wQi*MCAvqcjDy@|(?#nZ zbEh8|D!OPT^Oh@{*uGGi+skU-i1?E%up*YqAWWK#nUvMF>1rNB@0!S93k;A=a+p3d zN8+r<=`TpXCphJBpQE(duDA(_q(Gzv$UN%SrpHL5^QIf>-HplRdEk+?E6@WC|1%K7 zb5cK30&LHnOf%7vRI5Af$m1JJ7f>e=bz!?|mG%Vq7_9!Vwc6r<>wqwcn^+8)e(b^HVi;L+~I;yRo;uDrFUa z{|ZEfK}?N2C%jxeYMXDA969$V4EPU!^&)fl667U0@O}MY59zH@U@95P)b;9159X_k z>h5RrsJ=1Cl*0OIs?B3XZ=f9JtjKI9SxXn`_>%4q&xfPKdWr5VpPP~80)ifXcoKtz zcId=kw2w<}IiK%OMpuV&n;-WBsjj>XyE*Sy$Mu`OpB(qSx%Uf+WpFZX7C-k%}h z8)jE6umZhIJ6jOk;LR4a80P6fc=f4?oRNg|-|rIR`@pENU_5DwL4AzCp&GUzh8uQu z$mc@fo<44}g`OAGpJo(Fhcen@@JZ4D+gh1nP@-b?yEhOzO@Ogk)rs82-317e)XSuMox^` zIU-`zXtQvq%yHQ!<|ExOW;=~_UqRK{2xAZi>tP>B3oNeuCDx{eRK1_JcM2}N$W>djO!=Z%m>RYDZN1P1`702g`8xvbbjEsDeHSNTvA!!y49^7@9 z`urH`h6=|!)#8O1=txjrVO9?yk&Ob0^H>s(jCK+uPyj82xKEE`j@Ty>@hSO^?k#Qbxyh+v&1pB;Y3Qms@Da%2 zkVM^=F&{=t*RV9cl1A6wwECW^O zi{41BW9rSw!S)=(C}Ds&qkzKb2yf8oA>7YdZq~VTmGpCOrlCB?S*x73DGWu>qCyP^ z|5By7Y=Mn6B0WQuJ)a$*Um~SNNG5duRw;CbCxuLz_I!YLmDtuG?pYUNa)wY=85Zx8r& zQ&&=pS*w+FzAZKW@^!j=Ua-3WPD%0Dit8-id<<*c9=2M@_$XC5ZNPb7nYN30>yikH7{s1*a8GMBnc8R|ME8iC-}`$Z}E?f-S`; z)f{9$y;A4`*b->tNJY#KKVGYhp%Oz+gI#X|_upN+b!t@Gch+AiCOx%?(a;tOzm#L| z_+`)m7LDn5-Mq9AsqfjdrM=-1kuon{`7f6>exK*-^h%;u@=AQUrOJa*Qr+`ylc6Fi zNx>v8M3#!cE$9FexEe>6JxPA{`&`5h@r;8cg-!x-q4)>9n6x__4U<^I-xfq6$W}Ho z%(c36fh}Rp@io`08RKFz_KFs#4wO(qn4(3}nlw{`ekpLjXA`ac?vS)5J2vQHb+21_ zh^~8f*tW5PG$R8k!EyT25#m*U?mmIf^gMz;x#pOc{pN)|JK?<9;|)9l7t)L`x#gtC z8$zUw^PuF9qu{%mrmr=4aq7WE+B%?(G~e50L@@I0FZwmO@8Rql7dnV;p-k*jD%mGF z`TBcLu=!A@3(ZRwylI+mf(&r}?7BY`b!Mvs72yc6Er|7y3-Dy;zJ!9Ud(T7iMGFl2MPBEB3+ZEx+5nUVQmboG7{I5*W-!j)6o>@Y zb5<84imM4oRmYK8EH!um-lw6nytKmQ8qF6)M#~shiGkM7jFA4`(}9of2gMikK)!v) z1+#kAwoq=9rLRB)ui?H3n+k%0qCs+e+B}A-ere!%cH<=hg56n|#+!ClbC;a}4%VHo zHzFG%z%H$%-#~YbLHwiuRLGnyAk@iwW>rTh$q`@7;b`h+*kj&Vs0i($W>6Z#;UvCf zMce}%qNyePEKlXiK1BfeW!1kqY*#QWkPAEHatCDc%!#H6^I@Qu8h@&{Dy4PVw|f(! z1)}PEtpVvH4_93*#TvCD3AaL|@RfbNk|b{N@y-J(Ai7t>5kQ9(GuKLUb2$7dVUIE- z#mpZ=8g;#c$}Bs$y^uWS|7x3^j`i7mN8{w~+0mFrl>I%@^ScuaCU%TA{|}4(>nuSp z(xKt<5k5}L2LGM#T5#)vZ)fONuu3XZBP-R*$Rn~tr>uKYRL*sA-{|MCBHolDi*09q zin@4Fc1U9mO#)P3vK<-JWV>!u(OBQ8>~I4qF~$(%O^1oX6DZ*P1f!4%rjnmAzG?xwPo^1w zBT(KvF^n?K99S00<1Wi2VXp@rM9FsWBQvkl{EkH@2y6d^E2tHz#gy6G)cX5dyZSgP zEoIWK<LEsLxU^>g|&1l{Puk8u-zkan<>4tKhI@0HGw{# zGK)%ukgjPQvYK;ta}{Gpu1q-yfvX;z;X_i4E$KRw5VsDVY>@yB?BHF$b)tJeiRv#v z`hT;(n~4w~tAhgqqRR&cLjKpn+}6d$(8Td;PWoq6{&UQBcNi<=5%>l^)StFQg=29b zE!#hTSU*r7S)Y7ZGv%m>u`K{_enET7>=DeXs!JrMm`@i~9xkRyf@L;m88tgq-q)6O zsg`j6PS8DR#_^@A%cjT3@w!7fUN4Ngc4XG^eqMWhWf*a5bF1HoMo*lvZj}^x>?%6l zAn<#7zwGks(&3%FoE`VQ8XQ!ww98T3o$3smFm+kItQkT$_HOuK&55nw_w?v~X4Rd1 z9eaH}<~$c*sF%t?l8*eWs@vz(sj;duttk=9G%hfE-RI3ciX#wTCVziH z4q}H#zLV7>fH1@lu!h6pgB`#L1H5-Ae+vj!Bh)Gnk_^x*%ovsGmONtw+(h*wkXUp} zew(oH{qsAu!r1^}gQ5P}+~{+>>+Z1NY-wo0js429A$>#EY;J-BCvjLOZN~Y!LL%a< zxg64o-vU?Y{%}l+dpA)hY5#D;sHtV$_p|-v)nmqP?9xuJ+^(>G?uV6}*~{_Lgmve# z4+oD}`^{|}G z-Mjt~Lktl+qq`x7PM$axzFMvGog_7~I2IqIlx$9jF1qmwpu{0@BFxQX62Fn|59&qF zx^!MvnC5oz_qXV;Bb zeJ2C}5*n4a_3QjGXQ+ZL^NQj^H8}+70+Z}>-Gy?;XQ_4-&X4Ik>lz=n&t((dY^!)t z&f~-KkvGFV*@mQ_?w|WXb7H!mygxkVKdu=yy{WR8Q`_b2 z3d~khja&azIxQ^imf7SA_+@U=nGL9k&>U^xeC<_ur7k5@Tj~l={Vt?c(Tc-Y8BQKl zxjplp6Pvwl&F> z`Mhcv2)izvOy(!}-xJ=f&@;2gex` z(Y%fTn*UAl^ki097Ra?bWc{+^k(LLsuIN#K+T`n4VX=kltH*xNp70g;#N2}n}E)Xq735L$T z%>n*ad3R{t&UM+mH$ zVU}wGrkxnp{rT$SM`*=6+7@2DB?mhC%|PHEk75k|)q&Jfz(oFtf{=t@Up?9? z4#~tv0I47)h|EO!eb1rbR4}X-K)09+`cJp-*8S7{e`D`~{Y@7yttdGBOcZ=TX7__A z6iy7+Q^1zOK&sFfQ)Q{x5|rTW$Dc(wY;FHnt5r3O$EECb`K7{8f~p^yJdH3Ham@hc1jxmoTM#c7UVf;R6#R>(mJ-7226oxY&Si3e6h`iG zL-=;Du7>O4XqSTSM)=3&fMYZV*RBV;kD4Wrc-?&9@e5)MWg#* zLmC?eKB;HDLR}&@`a&Zbhq;XnKwJ&tenIR4t##?Kv1`3eaZgvTJZg=`vF6gM z(OV~eiM|Y&M1+JHEkOhYRtnnf^S{sAKy|Puet?@gYCcPtIJsX0FY07P*#_vJ+GP>aeBH956!gF3 z08xHeMKOE{zMdH>Oqr~h7BJ)sCT>{-_|?X)f&=uAtWXU9jjjBTy!>aK9g|Ua8ZqjL zX^B90Wr++ik&vkrbTZ4~ysva-G&#)efgd!j^mNV|U0p?V{$3Zm+WuIbpOM#UeLg5W zYVLYWA8bTM0>c^0FV?g+OZQSneiK!#Q(5}TS@ zhOczv3x}_W`@FbA+|QpXcL)^&)-E)svxIx)gMnFA7j9}+fhY^XLmE=x=X>Z)#(_=z znZLT}|1q+*HOOf5$v1Rk4w8f@$#`w+Gw@C&uTDW16P{EtP9=ZE?)gmEHuIyNO6rzJ zxsYNs#2PEOmx~=2MFv;l%26~Y4p}>Me2)rgld+&9QwzcLx~M=dk}uNh=YrIHs&5wJ zN{lqe2OA1v-iOSPqYfh@Q)I$tynr0V6^eSV-GFH1j|0zAGQqufLu+*3cwa4Dq5Kgu zv*SKZ4C+g2dd)fpDobTHq9@^XR^SI3Lo;LbTAbk7FI%EC%npW3Jpg(e^oi2j&? z55_hqEghTyFN-G>RkRx>OFf;0A~9^Z@RShWpw8@qn5dP*5aTR$()OdFNn%-%xr|H+ zUN+r6r0QI$DMHbf^Ds7LRC_6M@sV0O**HU5LT|r)rkLH@rhAq=R}u1n(z+J;Tzz`Q zR_wfmA}yt#4UBV4bG4pzM5_`H0vEak0$p>p5f-6=ScXRv*oD1%rHd?3P`)UwfS^U3 zMsu?nMC1%J_j^lK>H^od`3HJw)O}5wB0K|~82<&=8o^bjsD$4$7G)J~wJ#fFF#uO) z#_C_yNX2VlAB2_hz$R;4D2i&U)NU@kkl$l+1N3`mU|Vh@7akc3VzylO9LKdLdly|9 zOeF$8Sy1K8SW3@zS0ruBM3$V7tikVDFlM6dskKEa>yhSN8Hhjz(p~RCm-=<+ANjIc zL#6|!;WwLnel<3R`uRxLTXT;%>D93C)l4`%Pl9-4cS`NqoZKX*4ArQ0(#Q`=+9r)z zC@kISmKIeX_|A zI@cZpF$zYfCpmPi>+mh#@7*gNWAeignt`0$fV7mA$qn+Sy4cz46qoNx>GprW`uFc0 zdnvuQ4?qM0axVh{LipDX&&k=t+TKTb9a&d`227%pusQv*GgwU%X<7l~6Qx>{v!TPT|CQ!r9J#w|G}7vfgv40M%M^#&BycogY2ZfTP< zyX*GyIT$N$1eR#T_cN>(%BozTzF&^I@cLYPD4uJZEGVU-@SRHZ>kn-m^`}KH&^?RPa3D|2lK2L zBHqeo5;=!3N~qvfvm?8^^43kJzB#LECU7Y8lOXVeKKOzk+Ax>)W^`uJsM4|{f&UsMG9fC?vaPBNSS?&BAhe;dM3o;Yi)h_yLxSjsdf zd|9pouC(ATCoW#h?v)X1Y@aL=X9%Q@uDZiRUf*h_!($G~oBd-B@?Q`5%lqanu=akv zj^O6U`PjEk(E0uqWW`&ZZV7HzG(MYOKWZwBT1M%fOWyf&MxDCWc~&N<LO%)Ec#F&^F3HaB z99GVCbO}+3vo*JTG8DwIB@@}z1X(*t-;RYSuQwU7l)O4m!+6f2G$~Vn5`%hL#Dxw@ zG%bHe)a`{)kzinj3c#MY5`mSzxVG&O0=wADGS{HZ>@Q&`za4EEPK!Mwsll2LTyHMA zYx-)O0?m|3o50Wn~;}C;*^Z)T)t`pc3HAH1+7Lpl#N?sZGL;04VXQO8CN>&i2)SvQ&7evH8&OU zW^w8|PgBnceZ_jI=n5Z<)byBW@FT0i)5I>ojG3CwH&Z6V<7p-jiK2XRH_r zdBB|e=jcv&G%TF>Krlo>zEF^YLvD{G)RAx45Ae!Y8*a2;7mp{HjQLc8;L)Q~l5(G- zY97@3%D%-trEfAp3eV{f1vmBE75-DEj>s}@k!6C4&)VRC3(-V$?^;x>G5iQZJ&Lzj zB-Agh@Q}>-d>=J28;1jmU^%vnFy}J6y)voawo+X+744`mlCr1<08&UUI1sk??2x6_Wu`P88`*`fl1<6SH1++7PpAdrkXH`PnmlS0+Y}aaZ+&n!(_Z7u{H} z&zQAekc$z2Q{3=;M(3eIhh`F92!c{{*m+E&gdJ9D+&U|!ohho8pQsUpc@f1ctVa^l>yNW`d$vC6b@ENnFS36st4F_WSk zIL4@~21Cem&br%VM}gnWCoX1-8lAO9S>>`HYL5Je;)6}q%vEN3{=Dik8^}RVE?-M* za#O8${=Aup2?Q;fKTi<-1m zL34#*clbg{BZ{j`@NC`c|kpAD+EPZU{8dwD38j(ia&F zJ>D4%tuQSdf@q#64A~&R4F*f0Y#xU~-SCJ+EqeX+6@oz%{*NU8ioV8i8-m$4u{~#8)umiWoGIO~g#6@No!hVXs3{^8aLXH(ZxD z4_%k{RTfD%D0{#t#{vG%CVG{R{rgD?F0Z33^o!H?JG=;+SikH6VbT_ip&U3`U;%M7 z(-LxDf{i!X;Oq3LdN~nD%1JDRF~xslWv%@e%QAdRjLrYL1Y6kSE7P}92o2^8%W(gH zG7W{)RR+cMD^eD<}udF(Y^nhVgUiJ>ZI7$x$!6Am`)+-v1d%v#e<$8blVr0bSRr=bIpFy&5GL073R?(S+MX@ySm^ zN3hU?KGO#lGc(o3-j2rO^(EtVK+$B=%u@o_gG8Ui!TjKo>(7<0`=70JV-s!%^CuPe zZU@3eH!j__;w47sIG$#B!1SInr+)RC>q*1`)wZy`2ldYT0|zH&$K!3I-*&yT%(k5I zzoW<8!fJ9(iKm!$(<$)RdM#fboV(O8Gkcp|ur-LNxiHjM7kI(_yfCqQ%yp>QcH7b2 zkLOvl%0a>FRe^9lXu1!O>8viOh|a1uyu8eFNS6QMSHkP>gt)KA?YptcJ>=@)@prH+lz|{CTc)O9xfrQ_R542^`zRV}zcG*XOOn z%r4i*2~$~Kr^~YTGE-SivOa6kr$QfQn(zAOd{gz>xjEIN1ZGo+yl3cVd35)vYN{m> zfKKU;Q!N{@;n*T^4uV!#^&cV)rU5n#8Vb?MKb~8U1w@YcG67=)eQDv}v=U#nN`tzb z0}A_<)3uYbkQEGJjHZ;a{kWit=XZ&>qr<_x(BHIRt>W5O3ZOM<-PONpR_nCbR*Sd zD4)N<#*fb=$EyL#Vc{Tyczv28PF+{*rKXj>{Bf*^V)@ekv+SZwNubcL%sqdhBy7E& zwyP`frJs%p>krB5BVmXpv#rX^pJnw&alL7_@1CjEJ)aD8K_CK_&g<1BL39ac*MH1P zUI#H-JuphFfH=IIV*nyN@THVoY*i~WqbBlF)yn|Wv)`n39ow@sfQLpD;T z(Cs(q*-14t_L+)&@+~%aPan14e)rp#GU9*Q8$YXdP|kh*Q(Y+r1cdr8ZH1eOq0)ad zk~zy-wcTY$484T8!-HM7>%Z;!V;taID;AJX*|hpCo{SrvIwG*Ye}vyh0`PNKHlP~4 zF+Hla)_mnQ>@9T9-kj=EfOm1>q{qeQIP)}EH^F#6V-3T^$?fOc^Zp!9V&zLbo0#hJ zpbmvxwH*K2+f(1`yXPglUkl<^<~y`(64JE+>~oz2`-?tL;TM7xXO~ zx70E$|IUQL~7ghEtX5|j#^0AKF&dpGoqwzek0@O4m=9H5YF+qA1{TeXk z3;a}zv>cs`wE~AFUw>~lHP^gblq?iItMlG-hELB~Q1GedFGZM%8nIYDx z_wB9uT8l!@w2#UN9jD&!V>-L-)=B}$(Ya`_feVzp9Ux=d%;@X8>H^LNl!8OH`jKe+ zB7QB^52rmA04ZrIv)v&aJzgJN0ncITv`#7R`QEpe1)ILw6y7CY`b*bO#rJ_Pye2yz z$gU3wzON7GL*yb(xAFwQ{R*@I(Fc-N=ScbtWxbN5GZ#`8^sv6&?2~r=1 zP{;gMl2sf|P{mu6Q>?h?G{ZmZp30^(q~I9B1t5IMV;IGe1D;5>4p%J4l4m6a2DeHW zpNK*jTka%!?9vFq3~NN+6jFS}f|Im=jIiu<)B4f{D~BFYVF8!FM6N1n27{4j9eaX%^znnbn1rd-ry0}wbLHsfuxG#CFBToBhcg(l2XdJd z#rzb8gT_{ie4T^z+3Kc`CFIU`qNTf`OWL5->XMm&U@UK3hV2z!2g^Cu)^6q)j)uN z(x8C;mr;tTovpL7fuXg@U!#<@B-ywX#;++L`Gp{VE!F!f23__1g7|(`q+Mld&>?)` zPb@EdfZt{<3L)iLq;-+B4Prl*SN3>^@AZ41?%qbM#g;VvyE)#nLc_R|S+z7hdinFj`~;8Mk(F zpN(VTa&VvB>8MFVC#3Qs+S#s!_o_dpLnkF4dD)KjLj9v{C@D^8g`&|7F+{N@q}~ax z->BkXYF`CL3hcm7AUtMNr-M)tILh8q z;--io_8KK*(Rt23@X>+u9<)8)R1~y6+S5QgOo`atms7kES#%KvoP(8T&`s1y%aae> zI|_x&T6m8&RZoJLmxZ3h!EEA+Ss2gE6)Qs1>guNuouEWG20f;`p2oh9Q?i~?zwHGn zZay-}+aM>lj#_``@f4cJV8-s@{Y&LAiFk4S^zj>eBhd=3Mq;f8OxOwt!_l*6$OJuP4p_6hmAz*l_1B z0loebMWnB@FJA{<*v(?tUm#KQkt~M|*kv*|j5K#e~9n5tW(g z*|9t|=-zPlu)c$lgrLUfVZ&w|reaX3KqX^mHz?=QecRP1^pOzm$|w);iwEWz%-%h=INrrsM))`E1mkQ*Kgh=vDP){*mc8?NPwWXn3P{W>blUGw@*?o~n@596_Z>_UU{P}Y9 zdj_1z^;q@m>Ks5}5B)d#?) zlK^s3O)Mw?m6xL_6&P$lFemt6-faV(z5F-qC3cy2?bSKU4s<|Dc1XZctk zO7Wats{hP%7Z&t1H@9+O|S=e*q?CEjh?jIZ@H!D8P@#8YMWOk}V`cpvt&Zvn> zE{ReL*EaH6Ix3j|`D?xH^R>o)E~iEzwVV@*ZrhicoM8T77xt!0Et2O(Ud=NTlav^4?=Y*cF*U2@jGm=w3iOap7>}-23>&09#!5`nhEKe&@ zipX7jVe6~LaQTVzm9`1Xvcwr#F?~y^75>rwTIjUfnQiP3TYGNU#Z7&hbuQ!BhV$n# zRb7u<`;_lhC7mPP{rh14L=lOz-V*l``9IxUUGYd`YWthjMkmjFope!fk*&U!{vE{+ zN0+A*aovpL;*HK>$ZzF4@FKqHZllNHyPQ*X8%94%W9MId z^^D)UH#NuXS4H2pPTX*`#OcPv`410X{brVXV!mA5q?<41huFNCJHcW~*2XBE&#EVi za{6^lEUsp12_Jm-fiG^k@Q3)zj>YSK+E2Xps<39mo|tpbe(+Y8JSz}gHvLFFd~quy zlP<91z{bD&z54&X-C%P=2kC1fKcc=IE=#`e?C;?sQ@7^X~Q0WbAO=-m(82M6B&hP;6i zT|4T&ON3?yhR_hGb{xAf(M>|%dWSG;P8g1jc<4r;Z(BeZu{aiL1o9>ZbnWPCj1k&R zlc3sBRve@2N1wq)=oc@5Sr4DjM%Rqqp+smt+5pvz*1beG0lhVfFyT}S)C82aDY|~t wW&}bv14Cdt0|Q2*0$n?5(T=SBPbZRgXh9#~%?eCj3=BL#$OufKLcJg!0727=F8}}l literal 0 HcmV?d00001 From 1c67db14144b22ade2678b648dfb1b34d3405253 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:27:35 -0500 Subject: [PATCH 10/13] Add files via upload --- CONTOSO01LABS Connection policy.docx | Bin 36905 -> 36803 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/CONTOSO01LABS Connection policy.docx b/CONTOSO01LABS Connection policy.docx index b46de362958cc35237eaaf039af7086a4e20d5ab..43031f3b65a0ac87baa57611ab4566927c3fc3e2 100644 GIT binary patch delta 19351 zcmV(@K-RyhpaR360dB?n&$mP%sU`77sn?;Qej_e+U~%{#B1!Z0j~D;` zadBl|NL3x>Nt6{i`SD^;s*8X9>A(NCf4P5~6mhd9c`d;bdG+>w7yo#%sq5X_H*czV zL$*6A=lb15z;8i_XNPpHsa8(ah zGM=~6k()E0x03pBCF^-BX%APjpSRKja@sy5@M1@D*tsgoZB)ab<@(JwDnB*5D_D3J z)#)@^Gv@?3uV?zS1b^2b+HWRACqOY~>(T*BdRc2}|m3Lbv= zS&wG)a1~DGf730XK3Kqv38%2=*09?(-oyjCah;SCR^2-6t>8N8@L&~A9yq<2(E>^H zq$O0XyAJ#ZPamySC3UiS+H&1HdV}Xib+n199yGWjdD;yc{c`*5=y~tfp9iXcltr@} zR!cu`wRZ!1y+=jo32U|B95amS^DgFg6YYTOZsWJ_f7W?XM#~JY2%shbS|s`g@Dqp* z|Dj*WA9OpuYy6Tl5^}AJpFmGr7Res}-N6q1?Jg>#cR=QvX1cDbdKYvnNVyufnu=j5 zmTJJ(x1bXyAAY=m+jDitQ~FH-Sw&4&;~qn^%%DH`W^^$9!JCr)b6f8-xZt;U5r~hU zNrcL!e{%5#_x&^Ow#UGtNr_wE^k>qK`X~SWZy(>^zL%9>T<;cl*Yu#09s2Or&Mg!>u`i$3R{NiWXX5I{!de`ACWm|IGZ|fY zcW3OMC4C4>zhbvdw|2LG;(*r5^Gp|i`LC{fa*2O+-A8Ef zS=ap-xjk|^5|wf--8AK{s0as;iw=fhrREF2}WFl)fodn)*sIp}LL6*nZ ze+Tm9x799+frai$QjzkGT>K;*+|J|2e%ugg#~y-ItfYFAR??0k628@iM8HB`0uVP+ z1jcgN#C21Wgu<2C&SjGR2^&^rv?ajlKS`iuNfAXdFbsNNv;+2khksQR{uMnY9(Vx! zP7N0_z3%ZtZP_tYO&%^Y3(r)%ls;d4qzm9BGm3U%?8hlzW( ztc9UFkx!25*oKW;zXdJbzs;L1J1WiYvhEnU-}f%*wkbwSeC-(%GHd}=9{kpAT^69j z)5Xd~k=GUMAyHMkRT=@+ZQ;diqkk4<*lufoqC@BL7kE<^HP8&DmUkd|)+Jb=f0V{< zN!-vsC>3+l(pS0mzoyS`_{gL%ze{0Z6syNBWm(c6JaKlISAchTqERhHS=NCTNWFvd zmXI1b1Hc;vch$a!O9{OMSsLXrxukChY_O7AyHVD&j_ML$R!Nq7sft!)-5@&wKJjh1 z0U4eQ@ULPEh_2y#3Kv*!N&=SRf2DNSWI0?n^>w7AVz<)dQB!YdhzE=VsZ|*n+$jM)os4f#{v-rsSe%ilq%RRj zxdH_fUw&(yP_dMDzXN2Lllz{|Vf(j|QaKYom(n)P({1`EUP_WyWwWEse7*qrN=W_?!90{J2f7n#+QjVmd=>kMRid! z!SuddM|t{Z$NBu8D?UcWKmAV1bhRJ&?g6(2eF`)W3XY7dqwG>D``=^?D$SDyc=G0JbhOcve4u6VyBWyi&(E%NEQ<9o&7 zy-)=Rm?94anWhukwmso}f`Sex=vR<2>j;@&T79B8pHL54$aVE7<-AK!gsm9yMM+X3 zV;clpNmmB_yol2Xxxjr|Z(8yispRm&(>%@^DvjAWa5a=%;Gk7Xe}5!G#)1d7iWno3 z=q^gLmg`(g;mCd%vsnU9tYKUhPuj9OAN|^9}~URB_uJU6sW zH{h{hUoYjs0wmgIX-=f~BRwrdUtUV`c>gHPEut7-H&QNX&!{_^D#=|6Vsx+rk#R6W zAj4}$!P+nz^uVl)e}S%m6-L09I*(Axi%>$Yvf{pKtuZS3aK&^>GDiJyElACG1Prt| z#W3*IHu{7#cE3sC;ejFB#FPRPl(fJwBYO0*DS^IuXvHv^zhG}1tirN@jUAP>{<2SGQ)CI~S6qTib6s^|P25D5<2jC}d?n{AMcLtH zC~D{%wl;~Td?!9&^;)`(0jC_VL)R_C)2Dibs%xIBf2;muh-4QvJGb!B%VUpa?BAr; z1`5_8ZUR!FNYCLreH&Q8Ez#J?DnTGn^O;rqY745&}v$cZP>N}%7OEqT*=djIz& zC)29V({-$8m{DJZ2>BHa^H9;ar*DC(UT>EKcsjfgMMk};{nKsgqCEum z;Pz+*PrN^h{`K%6)L0RO^cei(Lxb_;2o7vDmKGSD;u2MHn*Mn45wyfg`VAD*4+Url zcy_1K9NoEb^Xm9%arJOB{pC+UFNco^-dKiKe-71C@h`eBFLE+gnND)G(d&4*yBagn z=iehWR6BGrG%^|Kj+hD$9711KEPE1_Q!UqaN5T7V3x_sFF5vJQ;P4p$I4+yqd@o@t z&3%L_@doT*_6v(PGI|@(h8dO1KoQpjj2PsbEq>l_ZeZc zf3tev&r~A5BjOrIym%}S)ipF(HBhgZjkY1!t6;BOXz$dD)>5azvO{nB5Iei?+G!cc)E>LvNI{U{>S|(RFQQ2nQ z{7&)&(9uGT2Me~Pn3_ECX(_G~8U{s(e~>5w3umQMwX{F=hmG}hn*Er7j=tOvexy4J z9XJx8QRf7|wQ-Cxifh=z)b*V7DMn9BlN37oS<+J%hTzgH=O^7p(e0&lLqCB#zJo7PRb&l2in%h7jJnXm9R_NFO->YjxR#3(8SdJ-=^u@iD7Tr9MO`HYk)Ay)(h zURbXD2PjWf-Ra@mVu`6u2m?(#_Z3j;JoU0A01jPz=Oe>Z`*7sgvBWI7!TsNpV+01dQ^gMr{u`u*m&u_u+~ ze9>gNoMe1@nI43?XU{4aA@nk#mp#YHkrfTAq5XNkEK^j@`nVjAer7CWT~+1q5DJFj z*tSaZ1%%0O6*L3P9HG1dIQP;50g z1ckBC?NE_1Jz0nm0gAIyf4OKPGOLprav4DLzALgjnro*G^Jjo3>?FtSe^56+Y8=a>m78wp zc&anWHWtD|py3>J$$`|n)Plnd;&DHTp`}-xVfP)(T4+Ee-*$<`LzZz}NNDZ0{dx|& zR*W?LgkrmK=}PgMt1;^G6d2n}JF77$kLxoj8|Kl~&_6n>&gfkR$&DwU1^$ z!1rQx1^V?#t430jSz*-F7PvFoxSZ* z-wyKm8C$L161bjLeRx7Y2hY|(rik=8fr&GeDXlo!00=Uqg{s8>rp|RU6#yeNhv5fu zy}rJbRw?$Ve@=1e!j>f142Zc`Nmv}f9%G8cNN^;^2jXN$8u(OlB}nCmTDWp*T<&-nJ|)% zkDVKu;`WXECo`s4y1y`FUzZ_E8!uPQ5`7@F<@9(?f72tgB5 z){U=kf3k7(NDlYVN78N@JrW@XKUWNnp6Piq`Hw{_=pJV^Zn>XgKP`O zZO~VChePyE+GG-=A@~O=Y+Xh<^*D=WrmvG}7bF54K9i3ZH36ZM#TP6BW3ZF+7aaT~vhM<3u=*$Lu|LEq zS^i}y-8C8LdeIUq*7sx22#*qHs*6yU6`q`Z!HEPXnlmRFN$1zfjK+@6ai&a3vb1Fo zV{X&{C)$GM@{5aIm?BKI!Q^cs?Xn2dB9O}@X$AL7&}57Y>~|r>(T=T^^399V!!T4G zYm#EEFB3Fb*Nqpl69tPAEan+-`)hswyOXmSGg@=(=r$$%Z&g1XJfa#aM&3$-B5PUH zbw+X$f8uMjt$2>-b4_6r4#@MQrq?1^{2_owefGbQHTsy^GSs4Mv!CA|j_v%wq5`~A zam>K-ebt>6UW6j{itzF!lRz3S1orOsgiUA3e zb{r@a*8-eCjnGq`-21lET1InVMWdWold>E{0j-nw97%tC=QwCPcX$QpX0SNX-dSU>GKKL7}SPig%cXd1hzGCvyiF{fP#5DyV*p=mh2@mwMlil$IB zKQs7p&|QDJZyY`3)U@NBF(IwjJ})IYl4OO>u%7(e5KB+~%%k9O3!cc(a*O&6q`MQ8IumIZ(akw>R5pvC?)+{-6 z7V=Bw(G9?C5!Yi$0P8G(wM*lg?g!;}Q`44zKyrLi?uK17`J zuLOUZa@}>pe~&q&T%+i0(5WqN{!xCry;l#0<%7b(gLq$Tvn zV%(r_pgAdR8k(UD9dA3Uub&Qs>3OTHxR-yDG+LJtogagy;G`2ZkHw_~fd}}Ue+sLB zr-0`}u}cg1h9>Q!VXjiayc@fw+!a+DF^P*E>8kt&IFC`+7D7d3yh$;5(*;{-FCvV2 zQ}EHe^fv0jgED!6^XwM$@69eyCQvp-nagrG00#TR1P_|y4T1?#!LmpmR?j{t6zqSy zKV$P~mW=HW28K8{Kr8Cwfx^qc#$u-qCGenfF9w| zfaDLfGY^j{2P7Z5w60W8y`cK@qWU%w!5#Z>gEmsa!|_8SFwDiI(pu2Ip#6WdP;`2? zkblq)k%RE9AP5#R9f9x?gg;QP$i6&F>N}EssVknXhV-6}XJ6WL%f2+6(4RuUbUod3 zW#=10KxALiPmz83e4nv;Ev7`y*IoCOUw&7Y_mM+#!FVdh^GvFJXrD(VX<{m)vS=RYf?TGGS=C?>uO%56?Q|&xJnyU z+gEHqoFv-Hj;eZci1voSp1|Hrv3DXN2@Y>CIi5uErb{z9k|f_$3~7I&707pjIeNo3#Tq@LEwmVMkM6(suk!1lK0i5## z&aYit%ZOGNlnIvjpi+PTP#MAMxdBHkl{TZL1_yO`tlR(-U#Z}thph+_%bC(tc~=9IwQPOk(>7myrVdIp_j2YuTtR1Exq_CXX{O@5l+Wyi__)Xw zJmY&rwys@Ex7~~+&g?K<({x9%kS1oM>>P7rsdS@Ib_DgGq<)bdb`s@=>iN3jAf87k zmqX8z1A9gpDguAyLYw5vNVs8n1X2weX3?yNoP&cYXKk>ko8(jx@(GD)6g(0Won8U4 zj3+vcI|AM{S&lIeI^sa8;s_&$JCYNeBTuP=R2U{~2Q{(zOh7!VbltQ^w4+O}Ihe5G zsexim$NbLEuOyhTV8Rc0$nT^~S8VFn!$Brxv23b(V8MUw?05iE)x;Z2>?L_z?sxR~ z@j&^*QS)1ZT?5mqYkHf)<_4n{bo3bI*KYvSci3(ab7L4+=YgK;Eey}mP}3366VN*^ z=)GgTI9YCbm&-C5*Vn@in?$1kqpfq1X!?entWKP!zHGrJTC=43vG~KLpNyoQ)QeO0 z{cz#g6T^Q(080St9Foh5Jgor|tvNuF-cX=@7yI-~gw3=kXAinQiTSddh>TQ)4Rt|A zmTUZDG_D+UPug0SOKMr3qbsUDD{u+l+$#dtl6{I4v#;Tkvs^n={An9&Avy)R&w#-D zFw^ro(1lvC@Md4DEGS=4{zFH|fzR+Zjxeg+{7dXgYHDtqad?eGCApe1eMP}Jq(%`Wfz^WcT=Y7MO7f7?FjlmN&h0Z>@>;)RaYHt z_EUcp1j>az`Ov0mTZtX-D1g~vw8ssRqGUr@lK|M(4*y+dM9Rn-TicXm-DFW+l>07q zA!$H6++TGAeh=q*{XnkQ*O$^if}0PQ($DX1T=!DC@!wqqx3_=4=D?h_&_mVL=kG@l zm=l zIs2~D0_8%@JYv}+o)elIM6-YHNJZ-;2(1L~i^co$?@K9(>PT9a zIAD#ixj&;2(p_3)ZFCmaDzZDIuLou7*E}YarY{u3UI6M1lCc?&o2g9(l_E!15rM4=^cBycoS z935|p_wPHJgeSTme(#gSCq))t!)%vB*Z1TF60@)`1iH_QzXDQjVVD+mZC{yLfX@oa2wFU1*&%4{zsWR>RBKemCrQdwlJ zno~}qQI{-ddla&5+X%wp5j+s|3iZ`q*2Ay@xw?_4-!Oa%s z5uH?e#Ipb=iV}hElR+v+ApZ5Xn?~2$KKvzpdCb-Em)vi($|I-an=)`VOW(Wx1CyvK zBY#`5r;i)jFn2PZp%s;s#M_{glvW^BE6_2Sr@U>pTW_M8&Uonh@K%IikV%SSdX|uJ zuYicgGEUkOQuo2gOR3lq)SoaFj%h?ko0>}>X-2?^)KW|`z zZNut*R=S*!I!ZHa_uT4L_$$fCTTKHyb$>~sEwU&|k3)>~Fv5CYl%G~vanB>EHE&`2 znm^&_!Vw@i^0OTQn(mv1t(|P4rYrMu1Q?3tg@KNw`mzuZN!s*NBx!RAY~xyyZgGH3 zg-%}%RczI*g@2_w z=zngp>Ch1~S#aGE|lh zG8>y&utLEKxzPTe_CejGJ79M3&N1TyhbIqpS2$!6haz`60WCUjshRj zu1N9ji&b|X4}fGB0j>$Sj=K=TNzUNNwrU-) znDGUoDF(&7L;QNE8H?b>THy=g7sUS=s$3tN=;DO5uEe|GS+pt1K z7ULlVVLpp6k5wMontvL4%E=Za`pm{dsG%tvy7BT55S2&tQ&b*t2?XO>mEPqk4aBh) z0z4{^?8vHo28~1wp#ll|f0X`3^-&+)({;`FX&i3^YEAQeci~~oZ!UI?0JTsbCj@@F z`sfs}@vcRA(f4uZe?1EO`)2Pa?msT_q=_-HN`kFfx=nM;A%AJR=+uP->!tl%_^v1~ z$9^X?vQ1;&@xITN?CaBcJOZY*@GaAs)qIAdnT$f32x&6qq`#9gUG0aokUkr$bBr;B zV6I3dZK69OEeXln#9{3FgYYQ{rjYCirVOKxfza$m9_$#N5ju)BNn$h=$6I(dw)qv< z5!g8^S>$g>{C|nzsTU9MiU$77xbF;rO*jY~JtEfp^f)>mw!=(76oG#eI;W~7rm4!0+(5* zceLZ_v_%4sY&8vcp=$p8lN^O?6|(gRkJvU?_+GPiAR~;leW=ov6eUU8R>P02kQB!+ zw&p$vT&kXugarb>mu-KKAV*-M$u#gXvqEANty2 zR((~E`n^n{1_=~AZX?8^8lcUs2z6QYZKUB5sFlzT_BWv27wvke8y-#Ll4z{-8;))Kq_!U4ze2q$Zv{&BU0h znt!ELeJK$*wTbHP#jlDiEAH{Hs3e@zSHguYE3SSqBh~n5Cby8HLN(@;CbwM|#P3~8 z#tvB+Ig>~pmwVbd9{cG6E6D4%!LGCglR3)M3X?ELnOfbm!r=;Kk#R*6OwZH;EksNU zULknJIrEC&NR4yL8GzQ(G~u&;q+o>4p% z&oDJvRfLHu#KyUcjZtY3X18>uq~E>b`Fq#LBTB&fBzXUarGo1wi|V4>4-*WSv0ARd zcKvgh37DmE$~R}pR6$ZG=B#4AB0ThpxW?y`w=zrt?~?>GbpcvyPXS?* z?lU+6?vp1pJbzzMvFofGpOkgFqOEyfBRjm5)@78_RO~3m&RUqMCz7(idnx$Dq--m2 z^o429Dho`AJt6k^qT8eFt??KW)@0#eS_y5tc}EgFY^W5Zhm4JdlC0CJF84gpF-%`` ztZ*_sZH8e$0UZIIDRd5P^Fa6+J%-W_c^hZU5I`b$mT5sXAIk}t(bgh#7qBXIQ9qpT$Ajgrm^8OA&Eunj$2gtlqERB&LxzNi^G zOX59JGh`Zepjd`|ajIs>m{-k^Vpyi?Io^vy;Du|3S~v21CCJM z?tb5jCto3wV}`03AP(nkSPFa#<#bBmi_R58{=nR+4XBw{*k5F9O5GLN9cES?^g_)@ z1VXUdq&qw>VhIK4qe<@43OlJTi>ORk=zkQ)Nm1ubo6R_K;_!_TR{~S9gIT$5gaj25 z^ci^TQh%8cMND90lQOybH$ryshJ`%6Fald!_>Mg%vh8dRC}wsyioG2_Y(k=rcfeQ&ja;A5HzW$PrmWcv6%bp=N4}iK-0u9%!0{MdCtu z3Y5>3z>kOd7|ub4wic^VZaBs7+TaJm-IE%7q)|(NrUm_o^z|O!L<%Gm3nkiS?=o3&y zYoB2BnU*k9<~s2WvNEE6rqZ~j4YOy^{%N^+=L*D3aM9@D|Fd^(%WWe`_LD0(K!4;L z(A3W)da!KGG!)<5*QtM5*oyr(lMkDWO2%~ix?)7ZxkwR4)8k^CTYm4vtyE{n_K`tn z$J@!5yyi&&KK`%TkS579sWgLa_V^Cnq*m8473bnX0{w`1P9sWLLC z+LjWWZFSjbRJJ)Gm92IkcBrVj$A8|K%KpBBvZ2{vWPe}A4C}7v zgrN=<0W`y?+MX?($M#SufoTVJ@b1)1nKiPRvPchHJpfUC)4?0glugEbzV=L+d99M! zwhK_gY^X*Y#g2L|%*c1}x!qUA-k!^{Sl>g4yzJu|s~xBv)i4hYp=nvJr+YiF{-vNk z+OUV9Mo_;X-VXS1Su41RPk-SZ4r3Ip9j~Y1rq<~3gT(;G<_}W}aaFI-0=&~BGxj4J z6y9jux}%KAXaO)0aVX$D)BHA#nwPwLR*W~^v4D3#r##?gk{Yb{RM)klQB5p$d!rE; z=o&o-CNn`N{`X|{HW?owOa7Lepr1c+;&|rtv`N~Mo1Id;aEIqwLVvFtnjgEmdeA(k zTY(X|oah(zI_mXl!2EVoud4>Om1bm?R_iyZ-Ty{H+N5=UN6B)3ea2&66wK#iQV&{? z*HdxA2y#6rt|!G) zo2SiBQg+3&ebe;L)qmZFb_MMUzkLO};%^utU`p?QHcdwrfBC-S-$?Ywx&ZQ&$K})E zZq&RX>_>JaN&O^vP?)L7TQP~)934YkR7oMZJ;qh_$R3sAzzp0QQXH>tgJ*obp8(MW zw8rZxPVQ4QlzoCWe}MV^fy60jyU4K$Q6C)qbrkRvyW!tJ5 z1?mB@!Fd%V7OBy*dVzxQ+7`OIXPY(b%>dEZqh!2v7fS-{YOKVH&Se|DAq4vclwG_! zUFIzdB-krRm?w)mSzUbZ83_uS)Ws8d$eRtPp&Vr9_yi14WU*J4Fvd{Q_OYt(Nn5R} zqFOw4gAL$K&3}vPQN~G7!#HphTSvWtdSl{xBLumRVHb4B`x-7^S=V_%&ZF3z#4y>k5eCVEIEs(@mYX%zLQT-G(GcHh&D(eWsMadWmj9c#)JP&B!Wm z;az2QhZ%aYuBs;L4%8hJ*BxJIx-2=DyU5sfg`UgzH~PNOVY?{%f0@+TV^TBcqN(Ps z_^DGR3^v=HG-Bv_4He}w&8d{u(2UrNZ2Me`JW*?))_5(g!DniOF^vF4?1zh27<^K; zCFyo`I)A81zIqClV>F~$R*wLZBwJFx6GN9&y#B| zah%Zi4tYo|C$IwTTuqBu0zvihd@!A;7z=zsim;#0nhGEDD=JnT+S@B3cZ5G*Xo7=! z{A((%?FaiN06j=F0TU4LNGwPJ>iv$uDkJlp7Jr#Y#bo%IqVFU28)9o2FiOLaz-rw~Vo*m)D!c{Qi<=WxJ_i2ma{#Z^_u2o7l<9m8~- z0Dq<-N0LI&`IkpzqgC7q__xV@P7im(cgK;wsbA+)>^(C6jG}0Y8~LD}M&r+*)S2h9+)tKY~V$&PHx)!c)~Kyx(L zj4j~VMsqX}s*VPJ{0)H;wtr*l7WE7xgMr!0K=Ssluv{)OV+N^X+l*=37=6IKJVDHQqnhBajrK= z4JT>3sgv~Sico0S0;$<+**fUc0(QkA;d)JBA{TPX*|h|uY~8SIQwDs~VD=9qwl zo+x^vF9|Ohb{1mi@n8_-b3aKnNZF%P%A8W&_t<}<>TW;_iokz?xX(KBhBq=hCY50JX98#e)~F4kY#x%@lBiD(`8j;v~I+tB#>Eg&e@DvQb-tV zGjIi6043bI&L4Q1n>~9Ao_~h4kXDe&xao%FxvDv;)HP<@(9pgBNq?`}epg2~Z@{-l zUb^2c0dm_mZObsxKqAPeC*WRsUsjI=%@$DeO=-SvA+j8nfI9|d&V-ndmVE-asN95# zr}12S$FVHsQAWOMxF&|52$<;srY|?~a_lY{Qxjg#WwOy%ZyS;e9DfaJy*ccd?As}1 zprUD}9qHz%mcC&}FglPg01onO>?2$8ozPcD#h`OEG~|{Mk&Q-hAmD@k-v`kX%%@|Q zG`%nKMlP)w`A%%aaJfHRcz=RSp}<4QgqpAi*K&X`Jie~vnjY9(&c_`lA*d15-$|tP;|wRP+JD;wxZ%2%5rpF}5F@}b z;ye`apenNs3oG~McA7MS&cTWRlPd3|dZfucSywr)6pK+tkuJHGK!|23u`2l35g~|> zX(6QR*(YmS(pEIpl9o0im)_(nm}#Mdh0RIZCTX{gx$A1*rWVw0*4VdsxFV&lj7{u{%P3dwH5gCaGbCc3}GUs9Jf^bfW2$ZFu4< zBezM4|NQIU4JkXscf^0)@|e6#i%rHZv=lXw6@->GE=Cd#07M0%;(MsLxh0RVV+nd* z*(JOpbAN_{M^1&wt{Q{Fx~ltiO50dX$}3bNTT!)h^*tdf5EXyk4{YdS$71=NUBoQR zf}~%a6l7IBa7!YC6VugnGjI3nh z<+N{gwaOdu>r){WoDFUro4OqIzBTu=o3<|_GJid}-Z37@s7O8V49he}UwS7$wu`>YiGd=utLBo~< z7Js7cs$L{z{?DH8aa|R8np44i$1DF^a=RK#qN-UYu+c>ZG^U~Yh8}>7AZQRY z)9eN)_7<~n=0{Q8-;pa1>l;!rm#OHA>&9ck1;$)&2p4za_7!5TPXo^2eXivON*)+_ zy)zZph~mTLDyFKsf$PI6Uo?UU_K^zs@qgT7KfzE`32YkUKnItSFZ`39sJTD;-Zm!5OUn~nCmIKk)6+Ew4v^Yr5Mm6(HsA+q!D`7Dxdi0e_J&EhO9s zhP<3bxx-LcgupBs9>l)8koY;FaI6{{Vgs=;L2PXKVu4Rm%#|OI=mFmslSe5isJ;^z zo^>vE^qo9+g1Qw!l*dWP zkl}I1NC;{K^>;wsTejP}0;(ZI_d8v+!Z6gv-${e$#)$J!z;EWm0hAS`?6U*oUfXBP zuSnA+NkrGofJqW2)1M* z7tR@UqIZV(NF~4lu}V0p+&4EiU&}-afu-w??V*Z96*)DK{CvZiszDzw&70RmDuiITjWh!vsf$ZMjSvx2=&Q{+y=WqV2ojJPfj=2 z!0weak zO}XE^SX0ui{>^D7m3-7)B~*1xKBD+fPW+GijJJXT<*PhXpMRE`fX(|cHvcWm_@4+P zgu@ToB8Swp=<-gh8d?Wo5F$yX8@p}Ow_<->Y_zB_QDI7{gBb;yyd;C`BuJW}PT4C6 zG5yc^(VK=dHE(I9xH6>=ly`+!qBuJAJYii5IKk(Ddc>b&zTFc*yI_n z@pI%f)uv`qG=HQb69$;3V+Vj=6c0ONb4Btl)xWM8(&RV`4LdM(W&GUEh!spbea{6= zw!@{D?R?7Rn-s@4ePvX{5SVX5D=3L&&Wa-VaCVDypyQ1)^VgMGI!eZ*3p&9Cm=~)_L1~D@^%=A3x^QtJS$A1r-^^oiwBC7cl$zkWFSV${3 zU9KyRsmBNi1jO_J(RGJzX94-9MP?|Pmf4S_&O{kwMWr}MRMl}c(;ihi4g;k(goHbB z`wD?l)TBwV%f!VwEV&42nnNxQOZChRG_5eQ!vlIz!_p!v(8sig9kGs9??Awh7pCH> zCY!Pkg?}Kc2z|)_LMt5Gwph?4qjj^)*YL`OMOsb1C=-atPH77`N^Faq zd_A*^!~Kf6OEO-PZCHjHtJvg(nsa(^|CroUU^M3|zdCOSYLbsj+Ae9$vr&WQUZAX6 zLwlo8s8D+;m=G|%2$g=OX*Xj20)mW^JxMMFWq&A&XIbMaUW$W61ic9a-HBV|^L_P# zjHkp_tc}Vx9?c+Fh-|ct2LgU<=9u^O^n3(u*8?e)R<=UT2_0ut&A`e&B!)*}D^`bkCMUbWQFu+eX%3f6Lswhh_9-`O9V(XTS|(x#u`@aB^gI+p z4vMBHp=j7eEht%6dD+4|HBgl$d`O@se3nMEC@{cmcqXqQ*@m-0LbC(!ZfN8XWPf{# z<*DaNQJ{;7E+)Ty4SHpEjaEEC_oYJDk|*R9Rkuxl{0VskH=4&o0l#66B+rzP7T^r+ z%}ra=WCa&)=u5J{kc-8uJN8e)K0>nKFBfj*b}s`kF?7S`az!oEbsPgRgczD2h9Er4 zl4f}aec&8IZJng|f~|*#V4P*VD1Y|rz}&%Bl5^rm8% zxYRZN^|W?ul78J{7ggnjDUX^gJb90)-QIL9JY5 zW#~gk+tqLOVlQV7Y1>>0_p&Og#Ws&w)5WGp+Nypc=`tx7avdY8qj4V9(2#vbjj|*02O6_deentNt#xhvQ6&t zV!H^Bd7veGgPN8pdt}Z8h5fE85CE=V4-UYm$YB75Y zpmX*TTjK}ND~jWv*Hlzfjbj-W$3OphyN3p!w>$fx5B*&QH~1^xcsX1t>za7mTnh=7 zG`%nKM&>e_rtMl*B-8gY#bZ&)FSMj}QjnW+4m27s$!dQm;_;)<_efi)^5(rYE4ERjJu^h`( zFH~@Dn1fJe%q@Xr7xNH;tvfGqGKw3kRvey70sq*O36nM00?dQV4JJhWX_0>Gk6Jip*x8uE@vOlM*4*(cB4`v=^OJ zRHpUQnxE2aOI_C;k{8WBXr?7|M$CB)eKj~2%zo?{{bN&rD}N*cL^4a0vV=&GsU`Lq zrFx`o;N7qeT>c9=om=K7g5?Jh`oc8z^NvO_70c2bnbPI-j)v=IDr{E2*^%87bG#`f z?}M8e@oAYZS4n-}0MiR7arTBxdC9=eQsP**6`9GEDOxw3#qRB6Rp0L)p^SBNqbT%( z(OWn7Mc(8s`G4PK-cpEE1=^lv`BmQt4A&cdT=Jr`iP=FsLa`X~w=$<;I=*IGe4F&; zoyKidx1s~{_%y?bBT;S3Q>3;@PVY#1jWVN)?d+_?nHW(V`KErZGx^b))*w6(`?&2$ zlF=i9?Yl-idOf1{NzUg7rg2d{k}yveb+VE{ju9x48-MDfcZ2`Lk$k2tL{=~$Rk1kz z0d5PC^hx4WESsrVTR)eV@`F#sPtyC%nk(5bZ<3~^H9MrVdZ6_axh)bY?P9nF3&<~7 zZf47b_x^i}no7GWis1(alb#FJy5=w#00H_1q^5+sGD2giw&vPUFCVwi@J5*D3eD$T zZ^F>O?Q;{qgtvd6ugI@Ax1M)JZiAZ-;cOhI?L~(+5T_lN8lS@H^Io3< zqFs@j*(ajeilRydnVJ_ymg8UMk=@oT-cFyOpAL!^yK116+O{<#I^=S{81-b4Pirbd zZXoAlVw7jyeHrC#D~9a^*68aND(Ag;uH5{-Zu6DU+TMRdk{8?b;BTIkWz!?wQr*$V zST8%Aj|sHIa6`sVXtr5%F1uUk%E_S5LIz!?W*CM)ez);OM|4xByp9FA(lrAVmGu=> z-wFa#ig06!l2esAGy32ug5dmCEf(-|kgNs3aw*Z#tyuGHDVDb>DrTE}hUE&+vQ?_3 zMt1CvzKVaP@@>Y?MiVay&vTmbqmhvj%~wrbwa1^nc+r7;WKdajL?%qH$Q+1etG4U; z@YOHyKm=mal&)KDmcl*qy!T?eal!oMyMjsu60vLR>quc3Brb%{GAMDN@bka+= z@;<9A_WK|E*}GCy&D26K(l1gvo$LNQ;0g(rSSiGMdK8*}d8OxDT8THUcM`}K&-NXt z88LF85{i`k@{o1|$ zN#>GkhOZcQH2$RgOD_4(K~)sVT~)&@C!f)5+T@-tt0Ds~tt73hrXe?9uC}ebVg_xH z%WrA2;wXO*G$MQ+6w0ttM%@i`+m<2+xipo_TgjW{pB8>_{Kf9JqplkB#@JzV3bcQx zYE$p2-v8obfV`1?pRZj?6~<0v>wIo?cZ^S?BVg@Y4j}UHjle0_qv*{S!^<6JMCh+36TEq1fPpQEd+ugmZ+O}Hl?u*H^ z{@#*r2L-2(-4%(ZD7!ao7Is9RE?7!4G$QjJ_-sWw(gbZO{ z$`)Ud|9DqrPyC1eO8xx*lMrwfliQ6BvvE{F2?@$dtbtDi006p^x?LK7-;dfj5Pm=D z{s+YKu_Pf0OH{Vv$8z0jxt_{a_w2+5tc~r+c9x~p{qHw+Yyw@bT3YQ3aps%(W;`Cx zgm>?sS=o6aQc=Oj-S8^tb_g#7rhGH*etB5*uDczj5yz+$oQ%7BqPp*Ie*f*=E>lEn zP*WYC;3{LqxVzQ5%KCkORcr}E>Pl3E1GpBFAq}r`(`QIN)>W?%tU{XRw4{39kAfiW zIvO$V){K!A;Gu0|!}RBZIU>OIMHJD%$6+4E{D@0o zjklN4`7`PpTcptzsY68?MsnE(lLOtJwfR=%YbvmT?rAQOZ0@%!KUQRS8!jZuO9%(b zumhFUvC)}dI1uxHuuJl678zYSlDB zu;7Tnj!qieQefy(yR4S<^{F=o)_a&7yZqjffTk@eCJ!cmlPkS1$pV63(XV8}@yA+e z3XHbB{Xzsk3V?9q`4gP|!@eR5f^-dOdLw7{Bo-yDmQ+e1?>L5Yeluruy(SVIP^8Hc z%7;p^vw8kN5QbU#Mt*BW{sCpUdV>cj%g3qETCflMY74pkwUe~<-ajs1nD|)v#b+V( zK{XgnlV}!yHIW*$MWP^0C$n=%9H!~w_8gK7!dY^bEg1~cxhwKhB%Q>gsms+V^8c|- z;y6i$=aFPFT%1Fu$uJy^Ty9)OSY{^q-_ozlwd%0OVun~QDe5fEtnV9*Ts}@I_jpdA z36f)ERp%b;^%_7iRF(@kU=P^CVHu{Xnv=C%mrEpnH!ZKzkY}aP<31j^O#dVDPbuoE zL3a{W&2{lAVH`V4%Jn^EUasnV<*hih?IWn>_|ucLd1}+M%QTdqZ9DhKma)|(y!U10 z%Dj{-Q=(*vs;a5Ze@v=C9N#=ved}7(A#85`6FC9zcli-C`+*;_(O}o5H(3qTU3#GGl!tO zL?dv6Np+qw@(dG;V5;FuyP}vO_$ms6C^hCzyF`0Y>l0mr8RhDf!OVTvX8I?_w#2`S z#mvWoLOHJXEN{o&RTFqg6||@dCZrb9V}DprEQ~WOiaRr_V^>tea2QR}=Kh6=ovhk+ zF*x_nWIaWSV263rq%r+A9bHGai}}14+|I*ZJWPV#WOhC4&4=k|5GAuT2#5c=OX~l0 z-24ZV5pWcfr;ZS_Q(_Dy1i=Z#eY0bSQUU?9leUR51o1kFr<3c69|^JCsMq2F007~$ z6N(`Le_e0eAQXL{wEtl7-Vi%knni?aN;UOiTO-A7pDDgh&@dpNQL|sai`{r++f)5? z?uQSDb1&@XwbR8Bd{EY`NjaI40*thcGW#`osJ~tnw%hz8~*VF+j{H3 zM+Kok3KQ1k5TjdB8sq^w5hhqRSZS^AM8weVf2nO-CE?b}mkvy%)pWX`@EXB1&|JBZ zkPM8gV|*`ZV`b789_y1sKF(_BoE8!IkMyTzbWE_?Mxkrf0WUvQSQtaL6?+K0WOM-R z$@(Vn*>yQ%biizL5MIcL{_(0T7fVL74Ey4oR#HUtmVZ~$+hE&R-1mZu#K36Y!tfG1 ze~>R;#S@=0nuqM0GD*z!g3$q@JTLZMxI^Ic&q?GMvYiwfHs}Cvg$}^zp9H%Dk*2#9 zDoH%X)e&U0z6k0U&bK1Pvj~uUTa%;kN|;E7wjt=Tb|HFRtEiECjC+{3zR3tbtDi z006oS000pH000000000000000Pm_a=J_5~QlTl(6lh=+a4zF(j0C#V4WG{1cd2D5q zQI8dqB##;bU4WC}fEJUNju4aBgb)h=00000000000AiDYk0mO>3B`SM0RRB;0ssIJ z0000000000000000O^JR0Az1tP;zf@b1!3Wa+8sd6&tbKsMq2F007|w000mG00000 W0000000000l#-Am2CR$#0002!dAZmgW1H%|F024^?F*DX=dwo!N$sRbic(Aqz!kKa7pFfq;`l2MDmSNXdMf-+BNnT5^L|(nW-^D*%Z0dUV{@uGO z-jHonU2oI4EUIEvU&qDvU9noFF?n}il*v0)R%H5ZR~9j;D)>D=%I~7;qFpZjjc>K2 zjPBuNTu^@(Z=$j$f4>cDC{JF*c;~#cA1q3Iy_i~lLt;OX0$-k zJZTA4>#hU;!P7@;RY{#}p0-@~j^5$9Q5|ifss|0ONS=0sM!(#CJ9^%`_1A&w?`6^K zhSk!qTkXTZUhh%SdBR#PIL8d5`nrp`-9$U!y4(2ue}{Eml+iMSD*~uVfEJ0q0sI7_ z!++>k@*CZb?;5`(jf7n5;z!WamPNA1e|NA$f4_^$=mU_syzm{xutB}Utsv!U+^TAJ z;M*vx?%#t>n0$f*WydpAU+p&qWEC}8je88uG6SRAb2B=a{@_iC|CH>Xc+xa9D50ed!GLij$fjzfBK4LX!w$!c!>v({ZGGcP1Zfnbn%z} z=(-;xmm}AGxaX^g{+Sf|qjD|XH07?S2nUgAMkxEXryV{C-Bk639wPpqNo4J&(M|7e z>wN~S>HS><+$&A-BNq>h8t1{XWV6|T)&~l`Rf)>~8Orv*tqr2po07Nd9!6lf2G-7)*U1F`#vPyHpOVkraj}hs3;G9>$WZn z(240{<)X;z3ignws@*D$fQYv6n77e?6lK_MYk%T#&VN%DHIM*(`5*F{tV^)yD9PNC zxS@Ygq9hNf_XK5pmuvrHYWou(nH1)CDJ+Zv@z|v-OZtN+&JObm;0sSQs--B)e>w~T zsdvcS5>g}30j(%rF|(^177nnk zbKu@k7Op94sL_pa@5;7i$%A}*f77@}h;QLFNS_E04=CFm2WD`m1oU(=zCm%45D-am zMxv6wL?Gn~R6~6Et+r34OxpbpkYP^ldpd{hOz3=ny3CoJxsW{~eEKby29$m@WKRZR@~87MAM9Rc;HcM&KuS#%G(;{B489T%6j z$fxU$?-hslLKPrjiaZo#f0|Bc+xCR_2?{!(pr1j;tRrN8Y4wHTd_p~F+t$^il=C4$ z5w>E)7bQuFjBOBXC0!ZR?IKPi^lO{4Xx1C4e=L?j$@ru2a5Ki_ zdR2js^4!oi-GImXe7lqf3y^4=r8$v4j`Xw;ePb!fI}g8Bm9kT_W+hn36ST3o23}$!d=J$ZjZsO+3kw5mOkd| z0$+Bk>)3+Sw&oZATclc5>I$wNL#7TD;yJS%&v88EJ9&~R$__6>QA6Lb zHIIYGou5Nny_Rlcz$wS;&~?l3^r>p4>YC^3s{a@wf7wON&c}W9^4Mb;yL_nuhH||a z8)uiDVb&_p2`D*nXFB08;$I9(E$jP!F74Ad@&rHkCFmps{d0I_aMy6b)UANb8&&w< z+VAb9kC__KP-}U@18SLGg;ez*Xh5wDcrMGPMpt@X)KZp$Il%2rw^Y}39qSpE06+h-}@y2o(?ZWkx_4I|8$$WXb*usxIJ3I6Yr0re?2@1m3RapJqG{y z)L_Uuf&*KPr3FT(xI|T)raxSK1|_wUegU=oQvn(Rp53W5M|W=AygGhbTs_=OfB6g0 z%i$w}HUvK4 ztgFuTBy{vwt)sVL2rkV+UMPk?FK?jWrh=PtA)Vf$~(7fqJSNyev_=|QM__N;;tLN60~ z*>jv6S<$d6;eYIxWs1sKAD83N&y0nvtEwCxLcuT`+g545ppX{=3Nw`#$Gu(@5m%d{ z8mDH1wAe6w3^qU2v}mrw3YHLw3vVxRf#&et}&>e-M{T_4XZ4 z_kEG#AXw@7@r6;DxYU}jUFGvM`RgyhPV*~3)HcPcGg=c)dG0bogZByL(W)N=nkvuA zSQUD>(8Hf&x}p@JdB`h983>CpsBU;YrkWoZime8RpfDD?9V#-WCkrtmKyg+o7fnQF zbuvRP18ClNMRrHijitJbfAVTYN{qlU6^wp4P{Ej@HWo@kQGYXvIxPY3eC2Jo8T$PR z+J<4ufvyFU3J;;53&wf|?7+SGfFYgGpXaCx+H(+wR@btc)yLU;%?f1HCZIgomnT5y;_ zJnknkbUBMN>^+283k|5`+b*$q$TF@A39a3>ThU?Hijk(DkSx6;<(^0CsH$Z+p7QKo z%>rivXD^1cu1;)h+P3KlD@+}#HW4#y<6^sQ@-|16f{I$e5yj{e!w!n>d%CIUb3%;J z(}bS(4E%g1+a1V{e{zqAxJk33enLH%Vd%c5`1smKI4~X83RKa+LEvD{lH<{OFwmc9 z{%9g$Gcc(hgQPC8Iq5R0(rVm!bVsoRa^yci?W5Tbw1?pp{4Xx@nC$vyxNUCh(e6rJ z354*qz9nBPkIrFQN&v6iJmj@POBcNM9JF*aZ~MmJVA`^tf0LwRbyc(_?O>HY_Hd-z zE*Qu=QoBc(w*I zMWoLOOq`)iX~oF~K#(CVR4oQDb*>vT0T`h<41Xop>+4Htm12+T6z5QENrKIQn0u9! z6)iPR^A(+Ae+ok7Z-)vxolX(asY37!+s;E$lVez8XgocP3LC1R{~p|Yx|II$;l_38 zkKOnmu7cZJ9+@TkSkCNDr!9JxY8%1#$EN_9Fp`g%F5~{f{oH`b*e#asFAUkYWysRT z%T=>P9|&zZJsw^4$RrIq7APtc+KRm$i&vEC8r$%fe^O4bt=rDb2pS37jb`i()7&OQ zUfM47ls&ggv^BmQ92i)cVtMkU`Zn?{dBh{3NF zgQI79f1XVKbI}UA$63vIWJo_fCm-=N-j?~VUKE}?MLcOV0h@S}WyL)W6qG5LAUhCs z%oDb5=(xwH4rf5agj6)wa8S8;h7cI~!dU1ED*t~ZOTGs;<#&Wx?K2lf|LbDJW98uM z7|w#uQIS3kiX~1RY<14FoPCp`7c~K(lh_w50+Yd$1{fg|4LwGvb!Z(j z#i@_Eh;g1b>E?rzIv6bjjT;A(Y8XKV&%0W(&##lQ7!(h0_At)QDF4o6Al>${sE?D> z7$^jw5@oK=W|VA6AsApq^7qbSo|S?Mt$}_kv005+A`Fl zY_p#~9**t&#G(ScQ*q3|@_p5v6<&lQ_J;8CEt69kE(G%7_Vcra8c_iU=iWr3Ao)a- z-5VbQ{fLwP8;Su1lZhNC6!!w0K#kB-p4|Jk(^^JzU`3;xHeIcBkI49E^*TO&-I{MGp>0osZE|4Qo=JP|4A=ejU7;W9 zCTWi9enwVsilx#w_xSay0j%n9&8z%oU96w>oF4#$zo)c*4K$72RGA-*`k2$M1c-+S zwa_#i-*_$&3Pn>WnqL`wIp{8b-8YUNa%$S~&X|zaYoC`A9Z9l6XIM}EZHT2Oe`a=7 zRl07QuzVpj&9t99eK0o{e|=~()@8mO>kWA=eP(I|{pI%JL18Gs^6N|a=zLv38CZaA zhB(|Bvk1B7QfrnRIt%%w^5_O&wutMoB!G1mz}ls8P4|QHyD3UaJi23lYNjK@J>9)8 z(W#um)_?y^hX4F~s>mvkRaNitjozn8y?HPH?+r=UoBF+SZS3j`sd&FBX-dKm7cs$n z1h%QFVVQO}{jvg;IxeyT{`y~$jQ_=jOZ1NXaIxwnHeBH25YWwq?Z^fa+Z&QiMN{ME zp9W8-_R`oID<2}x`9}hOO}Xwm;eW&&Qm#>SHt5urH~%QV-QKM5uM6rwPW?A!y2V-1 zkJ=)yP1x2y^30ylebx1>VE$1wfpVcuP6_-2?LOOfX+E%%=p>e*Z~mUOjjm|`Ai|cG zIHh7V)J2N20%-~Tu^2b#8)!~Sn}%j6L&w|B>g%V&V0zvvEAFL#B#qW(MCZq#DLCmw z&0}#XLEr&C=byqV;3?qwQ0&qIzM)C`Xqc;1Fz?2$DR)KHMoi*jN4hG%0nTI8wS`bo z8E;Yy-gLnh+KUKd-V}T^FTIU=@Ssdy;5@s<{Cl$tlnIngQRcE74uHY_Fu{Z7c!OX< zRIn_Pht;zW3I+Rr?$6jfnk8d(e#}9FHoJrlat0`4bLosViSAsITyjnI4b7eQV$lLs zGaUo{ivn>1aWh5S@kndPT<%9|aj8;y%GAUMBEsxvA7(#Hdp*eI0QIK68W|_Ral1sn zkw(K;$;Xgd;D(9`RbJ8kVqO1iH_U!2LlyVv{;j)zYFUw>*Y~sV;15 zA^g{Z?9Y$vKcPo>G$8pC?aafY$^prTF0CsSR4=Ihyr{lSL~zGG+@Ot=@NoRl2n=&E zsk9cfFKGXNEEJvIE#x1xL*yWQD+q#xOh+KR1mO?VE3z-olKPHhU+Riyt0BFo8HrPe7?_Ey%tj<=j*Qf&M&{K%lk|s9xsQi`o5vK z{vqFcS)KQ&>)vVaUg*4n7m8fm(QWg%@GZ?WK*864=7jR2maRa!uq~zpev5()TMW?T zJ+KA9E|B7)D3dg2QR`)q>}jIVC=KaYDdQz8U&K>}J{~Ojh_Ki?scKe8*)=I23K{Ec z-*q*w(h9pFWL%|f@{c+;hs97&RI zDuy(F(F)|1=O_)O2U5Ht@s|wv=>weo{#SgI56(PwoioeiwJ*K=QBu=Y-u+gY76F`LQXkXOv6qgEhm+g*I zJJD=Kb!1rpM*!#ifb(;@ z(gh^PmYzW;8F^?w)Ma}yuUZd5`-1klXn)aKS8e~u!IEP6v0O=lLEw3YK5^#?`WN(n ze-@sG-Y)9Jz>qD-)k0N~eM56}Oo@64`X7i`Lxi= zgnU6_8U>HUM5i}EEaQnzP;f~}4=g3p)AQgrQ+d)liJ`)hn zDqT125$)*GYYrx?cxs?n(=osE^D7A^EST^E9`Y+G(-oWg^>C0$SuC5X9$0XHJ3Ai0 zR5kGi6MIP>m-`((emqeAaMb*kVAsI3>YCoBu(`pg1sy#``Sm*h^&Pew#M~Ih)p?+& zdJDsIG}Lqi^aS+I3wj?|FHV-5-sQ54#`X2E!zR%vz-a4SB$~bwiy7>z3j-IKP~<&s*K=je*6&k9_^H}{6XwPc?n#q4|dg8Xa^N$(jU!Ag!(r=xT&XpV?09xC z`&t}9`GWEvP(JNA`g7|(pc$11-USZwR}I;493RQ_CCGoEVUbyOmNa;52C%A!n&Vm* zCo;=4d0v@irW(4~7UIPrATrD7r^qbh;{E!yG-^M}n_K4Fs;B9*in<*2Ur`lEXgh-b zPtw20Ejx|!K-E=8oBb4Q1%Yy*Pd>D1+E!x6I|^WS80~RGq$t@C)+7M7wZngx8Idxw z#@03^SvOf!7v;W7T}T?x4)<5xfZxNpUVkOm>+4JD@4?NdOX(jUZd~_Ly750;1-G|< zyXL^0wa`P=)#vX=5SSB~n_}))ldmOk0>8JDAtp}=4MA(kK1JftcawQ0CARIy+eT-3ZXG>B3=x0s?MB26WY^ zU(z5dYx_GZK~AUP{O+&8dHE1AC>i$XYe0oJ6B8 zSzHqi>QRH6Ey^Q0sq~0v z0ZtSp0rb9ov#>^EV7Er!S>qM^K^0 z+(@P(AMJ84eWocQE$@M^Ns3v2C)fZ2!*m2A5t;Ob?D3p6>haj_fz`4nq>j=I`+rlW z#uWc#6uzL5zPcpQ7G)Nt$02Bb7;?Wa$}g*|xaU#bG;d-1nm-Zo!ZRd9^s_xfn(mv1 zt)1+trz`XF3>k{$g@KNw`mzuZS^M-;WbJbaY~xyyZgHYfg;4+wR{B%pgtPb7N8cYS)4>`7JO<|u0&3spCNLzAo2%e5@sbta0U8S0^J7=x_%Q)LS6SRrJJkSWiC$}N*8 zyQbU~6^n{vyT=@zb4|tCNv5n7+U#YEaPt0%k!>}w43*^v&BkUHtWdB*F0_B7jd3^W z4wxOhb4&rkY1%^}9!?#_DcPNlK#N~VyvfrTGza98qriu>D^k3F`(o9d#{(c)RSnk( zXVn}+07w9c3qS#>;xgS072us^`j<+I%6O9kSa6v!rjj(mpnAoE%3W?>>ur}dQJLIF zct%yMYW9sr`mp^w#_U*OA3C=Hw|sNyorSI_=1YYy1i}Quo{z9kY4v3s$4-j48M-b| z2+@9Y=_)1IeW7lDt=f81lBi};@)lc_v`zb-ja#@${BFy(T{~sXiJ8+c}clHgw$o{2O4Lv#H2)kvAUw_l1;3KRNUR_8P*L4ZquYXYw0E`)HBGdQxXS_dqDW_*EYiUBfF4GLbfyQ+&T zEL&w@qPZ<_5Ka6#z|iOs;sX@^rnC1q4cUPl%+hcTIZ(A(4LuVX8gGbMF4^Zdh+B%z z8wbcX9Ve7!1*uxt7y{X6CdJ#_i{w=FokzBrfn``mF#p~&0s#U6Qv|f}$fn9m~2W0gm?riPw! zvL}r`vw0zEXv&6eygUR%&i@co_4Wi(Ml?E!4+<34x!kJ~{<#ylYWj^g8bRk7uL5 zZuWlS{^KG~nivzSB-omz+cd`xrmOvs7Sd;9b&fHH5X=>+q)l{3q$MGFn>dVp ze-J)@CBYPu9l?}g^f3^c-N=I-!!trhu_j53rs8-D&&Iyb0y_dbXC;gL4T--nJoTca z#vtT4;fgxzDv?R`22_)Fpb_#(+F~tfu$x-TW+{W^;*%y2gZ^U8o`l6J_~bVRhFf7j z%T^zM&=i$6`p(E*lw;a9)8fInIh@D$h|T+dDjj&YT{in$wev3D*88RjOew8(c>Qnu zN0ww>0IEw&KmI~CMV62fAis<%v?v&}=qnj>y6B};5xC4cy`vpZr!5kAWUFbo3sv*y zpX4ZHtB|cnc*M5B!uOiB0~ukY?L(EWq$o+!wi*c!Iur)oL3s0fP;Vo7aY2pFL>Xl zOrgJmm6Q`4fD)Dazi}Z#u}stOUaCWX*g)2z4&W@w@<<(kqFbuw8yN39UI#F<*|f5$ zI;y32u#M((P-(IGDbr`Jt~ZX4O~qsNc&JYLGy|<2FJp zssY;EicptT-$oi9fm#XeP!1NuxZFP#)JJU_0cxQ{P6+(z)c_(h;x)eUQS6+54T_C0 z<&b60kP_P_(gb-a8cpmRir^2L1WQfzN7*&_97Ss4+0#snsj698)t3^1Q=6#nUi_-a zvf>{9ib}#ceI;Djvf}C&Gg6I@W^xNDDpX@mX>!|jL4566GIq$q$eBd)xZKmu@z_rn zSV3O54R)n1n9Nb0R+xl2%GBzAo)r#PD2t3MnqYdS7HA=2TJQ?NE6$l${6cD+Th0Kq z#?HCZskX0?T`;HFNNN19|M&kZDc$aHEK8fHnX@M|&e#SPL+)vn8PGSdkx{4aU0Kvc z%*#I(zN!1lgnt-{YC5*}LKeH=AA)~814}ogq)|vr@_r-g#&K)pz0`L`DDN%NI6}39 z)CcpNmY}0-wo&<|q6x1>Qv<7k-%amGwr_cmFks&T$vk-~o?&XTst6NRh>dd>8>7-7 z%x>vQNngF<`D>GFG8`Fwm>cf%3(vZhhmf#kFpuP2XhkWE61ui*jpj# z;LeoQ{G>R{7hRiNsIeT=Rn6d~Qq_c!CQ$Qy)Pz+XEwi-RNHr|Y6pnt9F{bg;nF=Mj z8cNnKC4zlCC}!}SJp!!AnrEwsJ#^1u`pHpAPj z!&Em_S=C=^6q8^if{}bHMj~9CJsW|euO4M3QE!xVR>&~#lZS2S;Uct6^QEFi1NKD` z*;x|rks>nFumi<1?2CU>MP$ajipUhhGF8v@Kx-dDf(*Gjbr+~VUk zj<>x9S^6!X1XbOK&S*YprD@W3nmx48kHg1OEX|SC`S)D1+q)Kur%*gkd3xiB_3o2y zm~;1aE1rCnX^t7HW`H=Hw_z#pEtJzKfiF5&4EYU{={BHdUSWU3nXxH#S7djXYIo2a zHzN@U!D^H4@Vtm+n4pg)xl1c-t-CCuGGU=poG(V5H*I?B$ce)@S6&HB#SUiWx)Bmo zNYH2Ct;+>xLKHE9oo>qH>R$-i!5bFx^uh>iZQ(oioX{@hsgS2!1pafB0=Th5uY|4{ zbkqD!TUhOiDy4rd=P{s>Wzyh<#MwrDVnjRWs0(?p)QPA;>l2-suxpc6unz5!SdtZ? z?d^GlsOnjvuBq;vU?qg85Tefj*-cT^SA8_~=ORaB3E@dmZiJetEhefm+MdOqxze4NFH5lnpJQ>}TK5DwtEe0Uw;G zCqMgGaNkwsTKWtcQX2qhX0aRy`xWTXhQ%2$w4Tv4 zhcM;CD!FG;(ZwfFedaUmT)7_P1_iOvcFER|<4D9a5dU=AyiWx}Cpa>Hya7%9Oy&>E z)=We3&3&EvmxZm^e>3^8$*5#Zx34Qk6r77CV>Ev~F2=d#_fFhOb#`nY8FY5MoqWk_ zo&@0I|EdjXl01`2GuVb7xW@Tg!cZ$;l5@aZOcrz{>5?>Ek3VO3Iq;Ld8qROlv?wl^ zq+s6p?o#K_u@s!Zt!i6JaJKz_qcL;lgv^}Ueb}LL?;d+&X6{d)1dqU$N&Cy~7im*x zIDvl}81cFG!K100y!!4WPDa)OFLYJ?T&)k7Kt#9fm|ONMt?7UM_3wrx!XMk_5+7&{ zsX^#z*z?*tw#oy4WsGO_J?rxflArhlvxzPYXAjk?-P z0gDWBHlR6>F~hp+Ibo`lrS5r5l6A3o(nVbU5{?}Rk0uHvMkp35F#)8xC?FvYDYE9 zLqlj4y=DEsE;-|BB&A6FNn7TK9JW6Lhn;}hr<{}JIw28xT!VA{9rKvs)2vQ zltNt9E3^Rb^vI0;$OeTs8n^B!%QRX5OhgJD{K*a9K%_ z5qPTWTG6Pcyt?J<2n=+Mo&%GapkV)dvU-~=nMbyBT=oV3#L4!V)6*ttOKx^b@xmRR zYYDw>XnySK>OsSuZUsi!^R%rvdZZO}(xfSoxcgSz4{%q;~%s32Bqo`5h(8 z{goq+c~LN*k4ZgfL0(VAshEp5_JgSy4vf5o8OE0KGWv$0wyKS|jY&-P8zJ6Crb+7+}b{Pq>>ioaoqfXT-H*))G0z5eC< zj(;Q3AL{}LXC9YNhYN=DhOi&mktFq#;ErLYCU3>`W^;6Ob5SLQxx(%N39hm||6VMv3r#QJ!(NOjY+WY}H5eoW1i#O?pbzatbb64akAA_HZeSS#+ zO^ke`on}&=m2InL6sQMe5a)kYkXWQf&*}vV!fRXT?w)PduxkWFV~@u2(p@YGu&c2W zD>|2L^o9`Z7f^Qb>U5d6ERbNYAYq=s0_=!>$SZ%kZogdl(SG3?I{d0)fj zD~lV!F-JJ{{X9<_Qk4S!OrY88nTnv@zd+fWENI6tw@u%Yq7qpuxs;0+I<~8iYLN^o z3se>_0MBPwG2v~g7vIDdL#8o)%@@l8CdkOT0&+cAn9RSJ>~gB7VM zC9smCTdH0pWl1x#%3FVUS6SU*hF+|zs)@P-b;rbY#}}F|OU{2UGPYfz=kooHzHfBc zF3SF2CUy3h)XcePs(CAZ>Qo7X&32EE7`k3VMY&9KDy20vBlaTOKG*V7)EcNYUQ286 znHphCBR~=R;o=nrpOkG$x?ML9YLc((f`uXtX_nO^fF#M5l<$8L5$n1N`oNbd_mtXw zRb=)lAleoA_2$;|7uAj7I*UoP%|Sn z@|1HW;CFvotW!^0#e-UC5@L9SH{a4(^sOoCyHmXR_PBWSEh`Kh-*?Xrfxpy{BX9nM z^M$X^o3D|ZGUpA)!hlGa4&97gEjG`!jY>MJu5*VPeP_(7pOk;(&fk`q!@yHb4&Tv$ z`e;Cmphi%CTipM_e8?0l!a>9gxV1chjSX9j6@%L*BhjUlQiAbN&0j}C^T$=)aWpd0OXUmoCI*trM1}Pu$q&BYfCx02Oj~PE0Pw8m|6uqwcC+A zQN@3eBgj$}JBR~wOh7_U6g|LvK=*Ymu)WcbJfI>#Metq6dJBTL zqY7xf9V;i*yywTQfNZ>Y{rcLhYvMMrK zH)2u}$gDW$Y{o1pBn-A0xPmT#5^i1R4?NAyp1lQ6Lt02HNM+n~!}46!998NXGj4xq zXkUP&zgKO)tD~DY;M*fF-S3tFxow-aWteCn5#-Yoa4)?ttH*+73#j>~G+(z6Sq@9U z9fLAwLQF`@J^@@*ZbHS=c&@$USeEiABVRRK6T?pg%=7@$mz#Jwc9)E)39sie+32gc z4ao(L2DRQCc1-r|6f#iJG}DfBb5wsz->@SX9mp2|2YEL3k*)Yn=&Pe*&^a0!a?6Ow zMk6>7@In9YgXjt7)3HmM-WPczmsX5?CpKcZ+$jGj{}YRvc>9s?@`en~T`a^Cgxx0j zT!c$V6!*J2gx1jBA!&jda^LOq``ZH@5D?EzZ)PVU}JeyB$Qk zC1w%^#PpQNG3`;Yp&!kk>F7~m{_NW^M~V~m{aQ{<4{R>y;|`M$)ClVDB+~kEh7(rp zZ35hIUCRi<@fU~@;23cp3V44|mDz@cmHTr$O`1UGU`2pQm3LA-(&V13tDIMg#VDgl zmt0FAM6;Aw6@2W75Jbqd5YqMRlQk`AE1GIaOB<0(Z}Jt)w9vuA=A>`(g_0yVzW?ffpl~%>JZ{3S#A2ff{;=OsC=sSU$ zRM*4z<+mA8ueJYHul3y%!1C10H07;SL%XRvk*CJv?{!50A%G46^bZ)Hd?M`PEWxsL zrK%N$^;vlXZ+h0?viG=QY&TW!5$^= zKl@%F1t?9899y%`mEM2HT*g}m)Sb9}jR_IjK34TTtYMkwi%sX)9U;HHJk27L)UZN3 zFnxPet-NSD(R9i-Jn@y0+a$$*{`K#MlpW$b;=gWrOkSqNCSw;`ikip@LdzN#BMAop zq5@IzJyhJ>l1JFF1U;|p5?+xxL%}1b!em#CL1A6h{W_&>tR{cu6)KUfsM@*uo)8s? zia+lMHgvILvHZ?1VismW(yvYmvZ@}qC6U32>1w(exCezIH3$^Tiq5pG6n!ehi40DT zbGbx7s7!~=vyVBmCuP-g+PAt|<&F6DsgMfJ2Dgq)T@HHRn)}&J+m{iUo?P!3k7QJ& z9(aajnxk?hFu{NHhE(L8xP4v9Kk%r3VU9vw!rjYO5Rz-#gE&?LEX*LxrzhZDWs?&n zw6Lgsz;K(=dN)@zDACM51w^|dH?vPfvlT_XBDcZKhj2FIY+b+J+D5?ZDjd7rZ zOUal0?d5-_)1)LzW-JT3M=qXG_TjRIThwaPviplVfsO!7T3@u_JU2IO2fptc-l+DS zqv}M}DHn7<>`$U>)-8LBE_5jJzG5T#gGIAGUwKMqzj=~uP)g)F%J}!5B03NqU)jQL z?6rDXoEU8frLVtJz(W-fw@_gLZr=3!+7Vs)X1+j~F@6x4ILz zud&IfrfXP@4T#yX0g%tUhH=^6q+I{JX~c#RSYv`ZnnN^)QUV@!r0`^(mkwedooXAz)!aGAvRK`wfp%NL6b`WW4 zmTQ0Mwuwn91kZ@Ub3E5DTlU6MRQWr)U2KfJ^c>S*x4WoU4>)FJRH16eTC7{63K_)7 zpelS5s_;(S;!2HIuf#>R5*W@wC2oYt00WVYPR^lWhv^Qwr0h)}puGMy-EEf&kaG8J zUA24*qyUkCNSGE9ZUjSK&Z695C@ex?77c$7V&7dz{G3oYRt*iYf!LTJHnx1Rz$Yo@ z$`45NfbWaRqZAZW-w6!QIu|?oPM$kK-HIT}<0Rzq$a)PmbYsuAt#_x^Yq;ZDuVE`n z9C~MCS~!zR$MqT$&JVo)dJThkYiLhl;YL-nFk?ltoLdwbcgoil%L+ynbRSKpndpB` zVLI)bK)?+fyA2zW;du_o@VH|n1T}*CJD~0@+ihI|)exflovvD87;5A1q(O9J#Ca&- zH}l~D%8F9<*@1Dd?K9?Ar0J3*qHAWrB`}=hlq)C&t{;qx?ffVW9|8q|asZU$-4i!W zvw<0flT9+0?E?f`GLZ}C3_8&}!+U?E65xPXC7e|5n;V<2Wg>;Z(sjr7P(`AOoEk`e zzTr&Opbwv5bwif(_#Z}8l1^jn_=c)-QGvLusxogYU`Xl6`0^^tQ<7}htL2!6OxttA z_<(6han#rhZ7xHI7(~pJ%!-#~L)+0=l2Zm2&H>wSC+|vZ_pdGTrmb15m34n34xk}~ z`s74zgIypn#;~_1r<-eF_ez>_FC?RFlFMoS^V44ygr9YLX+;3j2Dd|@K<}{N^KI*O#syZegQT!(-{>OdBTfu*Fs0PN zi~>zwlEHNnB+XE#>=lHV{^$JYO~aX*x3p4RnbHT!yTU6`936TdGRRTv$cRFBR7_Kd z97K*3az4%H%!OEN@{HH`IdYn6Q?n=&h%0C1cX^mbtwI)iPnx)*YoVQwvs-W-`{$40XlyEDbS(n3)`AdYUqV*~^OVtRn+x_<{(qKvVkQXC|z z>bRO|k18F9fzlg7!kxH%g+M84(xljB;^G{ZT!b{uAs2_Gdgcb2Rv6jg0llbUX^|D^ zW7@-xSVyaOAmGOfQ*l+3P1%P+kW~b}-VdCAC`}s39a5ncj%|NiENGI^x>@FHcxA#O zttMZT2}ES4v;`a`wna|9p4r9We#P7+8868;EJKY|Y;r=)IX$?4OztT#n)8)koi_wE z$;Tyam$c^Ds6lftP*$y>y-_GssJ#?S2$)`kN+YK}N}*B$t9R6veZwaTPDc zK_Y_Q1cL6wE%JZ)zIs8%Q(`ODMr9k1W)LhyHrmDm0Y5f#%=>zJK7zLEfs{%sTcPHJ zjx(xeV1xof;f1ZP90=^GA6^6oQ&((HGsmAns8*{D5M%c25^cq-3#OOBNi@7z3CEvP zLy)6?dMJP3zc+N-mYM&P#YQb%tszPh!=tbjt3y4LlilDbyr$hWhfAiRtF3SQl$*5< z70Yxj6S0HXnH+X{9*Q9cMbnc|H0+`ll&q_~Y+;@nsLB#PBv2DROCwqo7+^L$lh=@J z!`UFA*@1UAG;#>CJ;n0WbEPQI#Y7jA-@XRDGP{39E1sbHQlV?f6Y`3x+onJMggk;9 z&Euhf-!Mm#XG%y5aEA8grmbnRf(tkFCD~ud#p2Z+`zK)^AzAR33%7E+mjRdNk6_mota7ZLWlSSrye{o5!r_VpAk-RX>q*nUo8; zjuF*SJY5M6yiH9B4JWX682V9IL%_Usz#M;{C;YO^n~o!uW?OX7vf+OZx@T*;WOreJ zin2ew>B6xjO{-1WCU<$UU4+Lx(2~7DP0N%$GG~Iqe%BQU09UXF2jElWFn~hxvZV{L zxB-0Ct{o8`#{C|bFL+GG9`d>>zjDP+s82156g>p3GfT~}$C)8(Nf-_RkIeUq%@dM};#qrN;Dypf*u?&mjpZ~nwLxa!To&C^<{;q-> z{FQIK9IljgO}uTcg#=5Q-WPcza~Vz3b}cKC>3f;tv8d!1TGBcx$W1wi9eA=k?n5i^ zW2tr6KjK)VgY5%9T;|N$pJ$>9_V<5ewZ9Yb_)+L_>>Iv$!1QrhNAU>?g8%JhtGtB1 zeDEa+1gTI4e5T-7j%BJBDmXXHK`1lkmO!$Lc?iMQotHQn#f?=f4$q~4f9%PGNt=)v zxMgkr0O88}+s$2(r&k2dtS(`%;Aa-@)Op&{>zO=Ddc!8k`GeKlY6Nu_?e6 z5&@`DI{VVe4RN28dEWoeE~>2i8U z!*w$iHml$4$nJ?b-jtH}!Oe{Lv`m+)q`q%}=>?QHdqbwYWMF40aje^l%;d@xt((qb z_x7=>@Ar>T#=5yt6neqvt(*HIZ}OJ>?=o*GM5+R9&$9fgZv=+xjXr-adC}R#>>wVY zSPc1FnbR;GU$ZT~P5Saq(SdnJPd%J$W5y-y@IuyvwIJ@x}=)Ak&0 z+IWS*8;=YS$Zc?M0y20<$+WL_E!nGdYt{J;kj^*MLk@Ln0xyWlPrp$~pOHi@xr{sn zM@m`Tpz9Q9pFYeJY7w_^=!vjf%LK*u9mkh>Q-q7_Hp%MtmiA?HJ>Fr}_6aLzr#)2B zpCG;8oVvPd{U)e^wSStGtahEG*ggu9sQc6&fdv#`8#q1s;w+fmO>}uwCsN z2rh>`d3IZ5=JW5Po2aW}!fIuV=oJQ4V66}qlrzqLa+-8Xuoo|T;QpFpjYIt9PyoR1 zbJ1GfusW%$(+sw^e%_O;=*pT)_>@ZKr(!6ba8=ZO z{x_EMAv19KNv5dau3M+O*&|G7NEVlu0&4S-=r<7se>*}-v{w}9_JZ!MQI;DJpiv7X zwB(%8QluMdfIx`d({hgCN0bYMa1u45cS8jh)buE>l{3xBoH`Gl9gW?2%_LdyJ#`%A zK*FA>U<}@Tq$8T$iwcN0$Q<}!S+9jj+byn#Ul9}?S}ih4Fh)-`2UeDBQVo4`jk!wL zzC5UJ*DVFKde|-72KCWd4V;|;Rvg%{O^0(~|6YYo8#*;^!2C=k{m)A7wfM!#GRNn* zVT2;m&otdC8I*3FGGR4_&62j6wsw$>RKzbe%G>&;YEp4CX)w~b-V@K?y3~R+Opdh6 z>|3f>93-03YAT;OJ(@PN!2~%Is#PeaEb2>tTW$lpvRXgz?}xui7199CqO}1UjjFAv z_!VVtQC8k-J_@rPtEJ^#?MIF87e|N5t}Y*ZFyB#{7eLFBvCr#KDYf)YikwWM61R>k zIRsb&ePI=I$MMBqW)n8Iepn%473kmHE>OU`w=ptetY>?uJbsvne#DX0u#mXoO}S~T zLq}z?%X=oHb^u@JUF4x#4))$tw7(TyE$y06g$G*8Yemm)1BGE{08ZPQt&Y*sgc>ls zZ6WMTPD1j9j^rOo5r0<{%FXMc|6fXxw>D<}Q_7da+FzV7(hciXW01_I5K*nBB9=-e zk(VLQCBqexC6a`1BUa8%DqN^>(Hl?E#E7L+bh~|(^}G3*6Vahym>?V5c)`V5cgkN% z6Yf_3V!!>S#HIApSD%5BkFjy_M#mv}$J?uO@Rem=X^)(cK$>J%D4uMd9$p3{H$jPnG5eJ0pY>klb9huvm1 z@NUPv!W>s5G(JL%f~V^RBi8!m!Xd?I$8U;5bPl5Q!%aHEx-xO`X2dFmHWXXDr!2+S zb6FxONK7M1RDEYes>boyzk`=)c3C1GvA7_^=p5EnSp8`!2o;tT{fXVpQZS%Izf*tc zm; zL*k0s*O7pRR6_8M*5#gOi>I%d!q_4rtFP8R*`s>w$@-Qgo3zHktsq?8LcwuBu_1zq zyn|4S(cy)rq~GH)nkaER1}$Bebl>*iRq4yqVP?z3TVVj2`&n@Yh8?Z^>;ScTDI=_lShAFr89*AuW$;(Daa2Bkf7gr{RS;L{M;cIN^y z3Px%jwrflE_%3~A5kx*=N}qlTY<5w<&O)EJXl?$0H6`(*tzU{H7iO&aI&lSmuIIzj z1Ci6f2q)~$v&tENnj25+e{$mW>IK(%+_NFS2oXosCQ(X_amD?yh%fRQ zeW?==BGzia*)x=4ef-K#+Q#@j(V9(uU#O&Xr?}#6(E8`PetFgxNU7g=_VRI&@!9@9 zfb9nEx<#x@+{6l$4OGoJbqsr34#F`<&2ENT&&s6$$_EOM*7%zsM7y7`{@Xxz@ z1FRBasSEDIdtOcUZ^LhtREn&M zczkX&VNpPZ&QLOjj(Lxj_phR5a~LD0gOp=?ATmua?1wJx`35V*r`U2oT>xe%!M^~# z%5$>19!D7wa$YvN*t(Nwb5hV4&LmEj!S}h&SLber+&aV`$e#D#rbS(H=dJK8h=gRe zt~?G50y?~=W$4-%ziD!|D8;u)43g@0W1UtVVPsv%;Y=g7k1i1Gm)yy(NwplNlfh-C zNlE)-ERdS4bO#Q-9c|k>@RFwqjm&4oJ`@k}F3=237SwU%eq9kxucCcL>CdTJ!`?)A z63wk}=Bu7~@SVmYc|6&^;D8KLW(@i>A@=n)P=bVs%uV#I@EaA3hrTb^VeXJ0v1^84 z6XQ3WL(37)u0#(04cu+@A@|jn>`aHh_lqB(1n(j9N9xzZZ3L2Y1RGfR$Q|TVNe^5e zvmC~3F!$dXXrP>nO8lnbkhbJLg!oiFJme;#+ciP-HVEeNXeJ$K=wY5D-cbx6R^bsd;rg93)M*m@ z3&&J)P&oN7+8$W)d<+$KssXGwmnM^(=;|zUfAiLUtF>AF0V|`7bbk%Bz~tF%tq;{D z##reYdeNsR?Az>cS=jOeO2+*00h28lA@q}G8Ejh3vAP>|>)Tw;T*vr>Rtnt*b~9~c_vB7E04QfW9iu1VQ?sB*@2H~`&S-mCQq#UhE})Q4J{wi zhoF{y*oxA-05V)rB9`VK#w(l_#uQ|Q!(t$yY}^z^jOYI+*99Neeklq7N$3(Y=CAW#UX)8` From 4cf7f451a9acbc3fc358944b356567583385b277 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Wed, 11 Dec 2024 09:42:31 -0500 Subject: [PATCH 11/13] Create Busybox initramfs fsck To run fsck manually on Ubuntu, follow this guide --- Busybox initramfs fsck | 62 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 Busybox initramfs fsck diff --git a/Busybox initramfs fsck b/Busybox initramfs fsck new file mode 100644 index 0000000..32400ca --- /dev/null +++ b/Busybox initramfs fsck @@ -0,0 +1,62 @@ +If you're in BusyBox, it's likely because the system dropped into an initramfs shell due to a problem with the root filesystem. You can run `fsck` from BusyBox to attempt repairs. Here's what to do: + +--- + +### **Steps to Run `fsck` in BusyBox**: + +1. **Identify the Filesystem**: + - First, determine the root partition device: + ```bash + ls /dev + ``` + - Common root partition names are `/dev/sda1`, `/dev/nvme0n1p1`, or similar. + +2. **Run `fsck`**: + - Use the following command to check and repair the filesystem: + ```bash + fsck /dev/sdX + ``` + Replace `/dev/sdX` with your actual root partition name. + + - If you want `fsck` to automatically fix errors, add the `-y` flag: + ```bash + fsck -y /dev/sdX + ``` + +3. **Reboot**: + - Once `fsck` completes, reboot the system: + ```bash + reboot + ``` + +--- + +### **If You're Unsure of the Root Partition**: +1. **Check for Available Partitions**: + - Run: + ```bash + blkid + ``` + This lists available partitions and their types. + +2. **Mount Partitions to Confirm**: + - If unsure which partition is the root filesystem, you can try mounting them: + ```bash + mount /dev/sdX /mnt + ls /mnt + ``` + - Check for familiar directories like `etc`, `usr`, `var`, etc. + + - Unmount after verification: + ```bash + umount /mnt + ``` + +3. **Retry `fsck`**: + - Once you've identified the correct partition, run `fsck` as above. + +--- + +### **If the Problem Persists**: +1. Boot from a live USB and run `fsck` from there. This method ensures the root filesystem is unmounted and avoids further issues. +2. To access the BusyBox shell, check for logs or use tools like `dmesg` to investigate what caused the system to drop into initramfs. From 6318eb2c5e290b953655f034509c3157a0123d3f Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Fri, 30 Jan 2026 10:04:39 -0500 Subject: [PATCH 12/13] Create ASA Syslog to wazuh SOP --- ASA Syslog to wazuh SOP | 223 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 223 insertions(+) create mode 100644 ASA Syslog to wazuh SOP diff --git a/ASA Syslog to wazuh SOP b/ASA Syslog to wazuh SOP new file mode 100644 index 0000000..e97a66b --- /dev/null +++ b/ASA Syslog to wazuh SOP @@ -0,0 +1,223 @@ +SOP + +Title: Forwarding Cisco ASA Syslog Events to Wazuh SIEM +Document Type: Standard Operating Procedure +Audience: SOC Analysts, Network Engineers, Security Engineers +Purpose: +To document the configuration and validation steps required to send Cisco ASA syslog messages to a Wazuh Manager for centralized logging, analysis, and alerting. + +1. Scope + +This SOP covers: + +Cisco ASA syslog configuration + +Transport of syslog messages over TCP + +Linux rsyslog handling on the Wazuh server + +Wazuh log ingestion via logcollector + +Verification of log visibility and alerts in Wazuh + +This procedure assumes the Wazuh Manager is deployed on Linux and reachable from the ASA. + +2. Architecture Overview + +Cisco ASA generates syslog messages + +Syslog Transport: TCP port 1516 + +Receiver: rsyslog on the Wazuh Manager + +Log File: /var/log/asa/asa.log + +Wazuh Component: wazuh-logcollector + +Analysis Engine: wazuh-analysisd + +Visualization: Wazuh Dashboard (OpenSearch) + +3. Prerequisites +3.1 Network Requirements + +ASA must be able to reach the Wazuh Manager IP + +TCP port 1516 allowed between ASA and Wazuh + +No intermediate firewall blocking syslog traffic + +3.2 System Requirements + +Wazuh Manager installed and running + +rsyslog installed and enabled on Wazuh server + +Root or sudo access on Wazuh server + +CLI access to Cisco ASA + +4. Cisco ASA Configuration +4.1 Enable Syslog Logging + +On the Cisco ASA CLI: + +logging enable +logging timestamp +logging trap informational + + +This enables logging and sets the severity level. + +4.2 Configure Remote Syslog Server +logging host inside 10.192.30.95 tcp/1516 + + +inside is the ASA interface used to reach the Wazuh server + +10.192.30.95 is the Wazuh Manager IP + +TCP is used for reliable delivery + +4.3 Verify ASA Syslog Status +show logging | include 10.192.30.95 + + +Expected output example: + +Logging to Servers 10.192.30.95 tcp/1516 Connected TX:102759 + + +This confirms the ASA is actively sending logs. + +5. Wazuh Server Configuration +5.1 rsyslog Listener Configuration + +Ensure rsyslog is listening on TCP port 1516. + +Example rsyslog configuration snippet: + +module(load="imtcp") +input(type="imtcp" port="1516") + +$template ASAFormat,"/var/log/asa/asa.log" +if $fromhost-ip == '10.192.30.1' then ?ASAFormat +& stop + + +Restart rsyslog: + +sudo systemctl restart rsyslog + +5.2 Verify rsyslog Is Listening +sudo ss -lntp | grep 1516 + + +Expected output: + +LISTEN 0 25 0.0.0.0:1516 users:(("rsyslogd",pid=XXXX)) + +5.3 Verify ASA Log File Population +sudo tail -f /var/log/asa/asa.log + + +You should see live ASA messages such as: + +%ASA-6-305011: Built dynamic TCP translation... + +6. Wazuh Configuration +6.1 Configure Log Collection + +Edit the Wazuh configuration file: + +sudo nano /var/ossec/etc/ossec.conf + + +Add or verify the following localfile block exists once: + + + syslog + /var/log/asa/asa.log + + +6.2 Restart Wazuh Manager +sudo systemctl restart wazuh-manager + + +Verify status: + +sudo systemctl status wazuh-manager + + +Expected state: + +Active: active (running) + +6.3 Confirm Logcollector Activity +sudo grep "Analyzing file: '/var/log/asa/asa.log'" /var/ossec/logs/ossec.log + + +Expected output: + +wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/asa/asa.log' + +7. Validation and Verification +7.1 Confirm Alerts Are Generated +sudo tail -n 20 /var/ossec/logs/alerts/alerts.json | grep asa.log + + +Expected fields: + +"decoder":"cisco-ios" + +"groups":["syslog","cisco_ios"] + +"location":"/var/log/asa/asa.log" + +7.2 Verify in Wazuh Dashboard + +In the Wazuh Web UI: + +Navigate to Security Events + +Use index pattern: + +wazuh-alerts-* + + +Apply filter: + +data.cisco.facility : "ASA" + + +Confirm ASA events are visible and updating + +8. Troubleshooting Notes +Symptom Action +ASA connected but no logs Check rsyslog listener and file permissions +Log file exists but no alerts Verify Wazuh localfile entry +Duplicate alerts Check for duplicate localfile blocks +TCP connection drops Verify ASA interface and routing +9. Security and Best Practices + +Prefer TCP syslog over UDP for reliability + +Restrict syslog port exposure using firewall rules + +Monitor log volume to avoid disk exhaustion + +Periodically review ASA rule mappings in Wazuh + +10. Outcome + +At completion of this SOP: + +Cisco ASA syslogs are reliably sent to Wazuh + +Logs are parsed using Cisco IOS decoders + +Security alerts are generated and visible in dashboards + +Centralized monitoring of firewall activity is achieved + +If you want, next we can: From 93973f47c26cdd348daaf406ee3ebf003d992720 Mon Sep 17 00:00:00 2001 From: Kevin Flowers <110041895+flowcompro@users.noreply.github.com> Date: Sun, 1 Feb 2026 03:10:34 -0500 Subject: [PATCH 13/13] Create add vlanv14 script runnbook --- add vlanv14 script runnbook | 50 +++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 add vlanv14 script runnbook diff --git a/add vlanv14 script runnbook b/add vlanv14 script runnbook new file mode 100644 index 0000000..7a7469b --- /dev/null +++ b/add vlanv14 script runnbook @@ -0,0 +1,50 @@ +Cisco IOS / IOS XE VLAN Trunk Manager +Version: v14 +Author: Kevin Flowers + +PURPOSE +Safely add or remove VLANs across multiple Cisco switches by: +- Discovering trunk ports automatically +- Adding only missing VLANs +- Removing VLANs cleanly from trunks and VLAN database +- Preventing accidental deletion when blockers exist + +FILES REQUIRED +- switches.txt or switches.csv +- vlans.txt or vlans.csv + +CREDENTIALS +You will be prompted for: +- Username +- Password +- Enable secret (asked once, reused) + +ADD VLANs (standard operation) +Creates VLANs if missing and adds them to trunk ports. + +Command: +python addvlansv14.py --switches switches.txt --vlans vlans.csv --verbose + +REMOVE VLANs (full cleanup) +Removes VLANs from trunks, deletes SVI if present, then deletes VLAN globally. + +Command: +python addvlansv14.py --switches switches.txt --vlans vlans.csv --remove --delete-svi --delete-vlans-global --verbose --verify + +SAFE PREVIEW (no changes) +Shows exactly what would be done. + +Command: +python addvlansv14.py --switches switches.txt --vlans vlans.csv --dry-run --verbose + +IMPORTANT NOTES +- Removing a VLAN from trunks does NOT remove it from show vlan +- To fully remove a VLAN, --delete-vlans-global must be used +- VLAN deletion is blocked if: + - An SVI exists + - The VLAN is still referenced +- v14 uses strict SVI detection to avoid false blockers + +OUTPUT +- Backups: output_vlan_push\backups\\\ +- Logs: output_vlan_push\session__.log