From fb9baffd4365c540cb2f2d83120b8042c4529d35 Mon Sep 17 00:00:00 2001 From: Jean GOUDY Date: Wed, 3 Apr 2024 15:45:11 +0200 Subject: [PATCH] feat(aws): add template and update doc --- .../aws_create_s3_notification.md | 7 -- .../aws_create_s3_sqs_notification.md | 70 ++++++++++++++++++ .../integrations/aws_create_sqs_queue.md | 33 --------- .../cloud_and_saas/aws/aws_cloudformation.png | Bin 0 -> 66752 bytes .../ingestion_methods/cloud_saas/aws.md | 6 +- .../cloud_and_saas/aws/aws_cloudfront.md | 17 +++-- .../cloud_and_saas/aws/aws_cloudtrail.md | 10 +-- .../cloud_and_saas/aws/aws_flow_logs.md | 9 +-- .../cloud_and_saas/aws/aws_guardduty.md | 12 +-- .../cloud_and_saas/aws/aws_s3_logs.md | 4 +- .../cloud_and_saas/aws/aws_waf.md | 26 +++---- 11 files changed, 103 insertions(+), 91 deletions(-) delete mode 100644 _shared_content/operations_center/integrations/aws_create_s3_notification.md create mode 100644 _shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md delete mode 100644 _shared_content/operations_center/integrations/aws_create_sqs_queue.md create mode 100644 docs/assets/operation_center/integration_catalog/cloud_and_saas/aws/aws_cloudformation.png diff --git a/_shared_content/operations_center/integrations/aws_create_s3_notification.md b/_shared_content/operations_center/integrations/aws_create_s3_notification.md deleted file mode 100644 index 6306e42ec6..0000000000 --- a/_shared_content/operations_center/integrations/aws_create_s3_notification.md +++ /dev/null @@ -1,7 +0,0 @@ -### Create a S3 Event Notification - -Use the [following guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html) to create S3 Event Notification and then: - -1. Select the notification for object creation in the Event type section -2. As the destination, choose the SQS service -3. Select the queue you created in the previous section diff --git a/_shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md b/_shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md new file mode 100644 index 0000000000..824d647f12 --- /dev/null +++ b/_shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md @@ -0,0 +1,70 @@ +### Deploying the Data Collection Architecture + +This section will guide you through creating all the AWS resources needed to collect AWS logs. If you already have existing resources that you want to use, you may do so, but any potential issues or incompatibilities with this tutorial will be your responsibility. + +#### Prerequisites + +In order to set up the AWS architecture, you need an administator access to the [Amazon console]( https://console.aws.amazon.com) with the permissions to create and manage S3 buckets, SQS queues, S3 notifications and users. + +=== "Automatic" + + To get started, click on the button below and fill the form on AWS to set up the required environment for Sekoia [![Deploy to AWS](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=sekoia_stack&templateURL=https://sekoia-doc-bucket.s3.eu-west-3.amazonaws.com/resources.yml) + + You need to fill 4 inputs: + + - Stack name - Name of the stack in CloudFormation (Name of the template) + - BucketName - Name of the S3 Bucket + - IAMUserName - Name of the dedicated user to access the S3 and SQS queue + - SQSName - Name of the SQS queue + + Read the different pages and click on `Next`, then click on `Submit`. + + You can follow the creation in the `Events` tab (it can take few minutes). + + Once finished, it should be displayed on the left `CREATE_COMPLETE`. Click on the `Outputs` tab in order to retrieve the information needed for Sekoia playbook. + +
+ image +
+ +=== "Manual" + + **Create a S3 Bucket** + + Please refer to [this guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-bucket.html) to create a S3 Bucket. + + **Create a SQS queue** + + The collect will rely on S3 Event Notifications (SQS) to get new S3 objects. + + 1. Create a queue in the SQS service by following [this guide](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-create-queue.html) + 2. In the Access Policy step, choose the advanced configuration and adapt this configuration sample with your own SQS Amazon Resource Name (ARN) (the main change is the Service directive allowing S3 bucket access): + ```json + { + "Version": "2008-10-17", + "Id": "__default_policy_ID", + "Statement": [ + { + "Sid": "__owner_statement", + "Effect": "Allow", + "Principal": { + "Service": "s3.amazonaws.com" + }, + "Action": "SQS:SendMessage", + "Resource": "arn:aws:sqs:XXX:XXX" + } + ] + } + ``` + + !!! Important + Keep in mind that you have to create the SQS queue in the same region as the S3 bucket you want to watch. + + ** Create a S3 Event Notification ** + + Use the [following guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html) to create S3 Event Notification. + Once created: + + 1. Select the notification for object creation in the Event type section + 2. As the destination, choose the SQS service + 3. Select the queue you created in the previous section diff --git a/_shared_content/operations_center/integrations/aws_create_sqs_queue.md b/_shared_content/operations_center/integrations/aws_create_sqs_queue.md deleted file mode 100644 index fc99162a08..0000000000 --- a/_shared_content/operations_center/integrations/aws_create_sqs_queue.md +++ /dev/null @@ -1,33 +0,0 @@ -### Prerequisites - -- An administator access to the [Amazon console]( https://console.aws.amazon.com) with the permission to create SQS queue and S3 notifications. -- A **self managed** AWS S3 bucket where events will be published prior to be consumed by Sekoia.io. - -### Create a SQS queue - -This integration relies on S3 Event Notifications (SQS) to discover new S3 objects. - -To enable the S3 Event Notification: - -1. Create a queue in the SQS service by following [this guide](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-create-queue.html) -2. In the Access Policy step, choose the advanced configuration and adapt this configuration sample with your own SQS Amazon Resource Name (ARN) (the main change is the Service directive allowing S3 bucket access): - ```json - { - "Version": "2008-10-17", - "Id": "__default_policy_ID", - "Statement": [ - { - "Sid": "__owner_statement", - "Effect": "Allow", - "Principal": { - "Service": "s3.amazonaws.com" - }, - "Action": "SQS:*", - "Resource": "arn:aws:sqs:XXX:XXX" - } - ] - } - ``` - -!!! note - Keep in mind that you have to create the SQS queue in the same region as the S3 bucket you want to watch. diff --git a/docs/assets/operation_center/integration_catalog/cloud_and_saas/aws/aws_cloudformation.png b/docs/assets/operation_center/integration_catalog/cloud_and_saas/aws/aws_cloudformation.png new file mode 100644 index 0000000000000000000000000000000000000000..0e8f8c8301f71ea3a1527987b8501628b0d4d8ce GIT binary patch literal 66752 zcmeFZcT|&2*Ds7Hf*{3$h)A)4bfpSN69wraO==J+LMT#0kAQ-rfJ*NO(nGIFAQ6!w z5ITewg3<{+gcd@+ct7vc^nT_0@2s=dfd#oHv#0GnvuDrVzqwvN&{1Qgzd%n#Ma8Io z|L#L7Dq0UJsv{|M$0^@ToQEk;62=ZHDi73ERCpe^yV^N8*-}wmfA959?tYWi*_XP` zpC%c?AF?$oojO~1UnrvPk=(1EOErYoOb(`IA0v_Kchf9rYP)n?T<)X|d<=!}d>(9W zc-I_{B}zM*HZvp;-ENKh*C~a6x@i#IrQR%%>}sT0ql48(o@SnoR%f<7+lS? zI$oLBBKDB%ldbJ~(ckJ;*lUYvz2}VVHy@slXgej^_&n;w-B+wy57nBZ!Q`%f2#3|m zTb-A;o#hzK!=Fzi=S3Rux1W2!D2^HkQdso33bfa7gTkpj<7G;Vj|AV$T<_dfdx>wM znFQ0Ur0O!VT3>fkyh@;O+S>M!x}CN*l>p_Lj*9xoX{w`?rz4bKs&EIYV}CtUQSnkf zsi=;A2&1B*Dd$)$`P&vWrwy z)Cvv;k31h~Yso%wbryMS<7#ay;^X}6XA!E~KC+ZYXIsz5JU-4&E*`Qz@|XXjkfl8T z{95!f&tD{-K>5p$v>))OxVqc&NQvAKxp7&6o`;9$w!4j;?8CdN|5KcjlE3`a)AO0E zs3-^o5&?;exVqbm-jtD%5xpTMDkdgOp%C`)b@6=cBkbaFRl=-B`Wp1$_741mM}D_tcDz|>)|Ua@0d;y zs*kc9qfs_cI(x6#rCFrxCcH5F5aoj6 z{a2@xRy)(=y2QI>px$unv&UGJsE+*cU+{wy(@ciW`6sFAc%D=J@!xYcp2UveLx?C< zym;{3%7qR@Z+PdBwvQa6n{_{VShG~rm(KDea(qd<6L;unj)Xuj9zAp*N^~@IvtiHj z9$fn)Yko5Bxs^!kpSkigm*ozn;Y;KE1}FZ^Y)USLg*X4tvGBu);iBBrXLh0=W@L_- zPtD!10xV+#Uy=_9-4WH5x|Me%@$ugdzTNJ)A@Z8U(b8}y?RS<3L(cFdrg+r|u^&3v zwlb>5@ss^Gul#Xd{p8>~FY03+m0j`It{lo7_H&fxAIsX^J#=NpYR#uZH2U0C@$SN%oxmD{CZ`ss*1a(C3o<;OrdmJ#snf;bczVjZa z(n~&1--f&@e(LD&^W(@dv3oq8r^4CA?Z@7I1dI)@pK-#+3oCp!Eiz*CUusN0uwWuMK>pFR z&b>dby@y%)&*ac{MwYf__%e##@jD6+>ZBm`OwG}6_-AyIgc6gQ+H`BR(YrdQJ0eZIpeg zop6eDq`7h0;P;yJoE)Zmy>{Nt?5YVk&j%ZI}ZBn%Y^rf(6 zMdw6NX$D~bQsjkUGLy5DX1qw{jG&Pz!I5@%>QXk&PT_CXM{pp`ox#qHh&aLJ8ZPGH zHGrx~Z`Qr#o)*Sp>t^~In{N+2PPihjH&wTiqD{%V$5-HzCby>(vzfNpp=@c`Yp7sz z%s4$Yv|C}ljIc@!V--r=n$$Vx+6T7WkBBRBY6^?2c|v3o1k@}|Al+@r_=^6D=W^zm z=B-U(j2wMpzUErlC!Zy`U@8U+ISmHUzLRr+QGztqHoNuU9NXBt7=hiDHt5iLv)3zq)$FcDAVmG1fAakHK?=BK?*Bbby4V#N-DF9+PdYHE8qR3t3R+rdD@)zs z1t98;vV7dgwZOTOHUwiBtEiEX$Rnmr((a~*sM#u;Wu*C-0SKv2Gwy{d90dNbCfgWY z+nyslwR2W+??^&gee{Cw%YubVaPKb+GFNP@B)g<@C^&ZBQq;_em?>^rSY8?!62=_8 z?nNp?Pxy6bv>xnuSi8TmJ^wfQ^D~&`zM10!_>r=o9cijtU7<+@Uq1{_VD&hHnLnLY ze#>$5R?1CaRGRnVH}B2&YQt|z5e}7eot467wWi7mn1LE?LHP6+{N+mEglJeGun2=v zwcQioF)O&U+vd|S^1VWnD`1n~tR~Y4_ zVrpJrx=`^sJz!b^fKF%L++gnk1QJ6z!Ap8IK(q+)v*f7*O!Sp;x4K5|P-*Baoa3T- zx31!6U()RjW3zgn0{AI2RM%q9L^5p2()MlO=DHGbmYCs$8uc>z7+@l|y`=Nrt_iz{ z4|ZkRAJEsS(6O(n1)mcx58pbLIN`Iv&Os(-D440C-r_#K_y`E(NCG6ibVY7|6n4iO zrh|W}x1$Jr%9MZiCd`>8EEEcuK%% zf0uKGPH;1``*o;+_X-h#3%x@NZ7(K?HJtFJ3Q)^f5AxjDGB?>)1tv`}DNksS zo6wb;-{Upn0dV|41`*Yf685UC(b67<`LI3>OQY=GYk#Ww4%$r!;LCRN~3E8 za_G&f`(8Rvz5r`=tooTt!tqtd|7QwEW_N6nGHnt&M&0nOv5l zTSXhLRntv2UrGohXR2@YF^ey+cZKiGW&%LLQ=(+kAC+Fw1%{){-5Jsb-Mc$}d0VWG}tV>Z1mr-#ky5JmKa1>zgD)5TES-E*mfjXJLAQDga` zZKYsj0s!2qo9$F5Sc)8Ugk$q5+-#&3e-a3?9<;#Fe8ugqe&uaVIWX|F?2*x#`+x?F zb4=?jjI$+PTt})n_2;4xFPYOkMqygcG#LsU`#BwA=2Mk)u648Sg2pv(7kqYor=J4- z_HT+jkesk*Gx9_quk}Ro+QnB@oPJ{AF@HPpJ!wH&mg#_9#t%Z8<|@?p-9f;Y)|!~q z2ac7Nl!t8WCSZp}kx}K6MQGKMHv@$l8bQg@J3-gB$FRfIUp`h?eZTC#F_JKjQ_Lj| z=06VHZb)&l7_T-diqX*`NcV}_bSv_cn3`d#yX}G9q30yBO4ZC@*cN7my@8guL=!TiqmJ zu_>iU0e9`wo!dpksB7|yh8}3I3ZdC9c=zqC%nXSg5gbfuWCyevaDBGACW=4q5t=8+ zM)siBtIrygR*Hvl<@ZDV8~m-x9=@bsNv?Q1)0MVH%*W}MT%Ao1&!UAB_M>> zPqY0pYIvOtnGV3}ys1-b6z2-w2^_FEe81Q~!P6i`{nW3=ph+q=I>Q^=&p=0|u46>t zT{N#{O~;0cAwKIboGxN+^hcgz#oX0v!94_326ol^9`Hu(eMGHNhol^k& z=J|Kf-I%NNE-(j6%+m~6=N5&=abt@~0w_T*b7r%CidQ>1|GJ7YZa~(+du4b*5jgBB z(#CqWfxH!dN(7#th)S0eJ%90=b?JgB*i8Tssr*x> zbQ&Yo(&st#-sMq$L0h_&GoPisa@JGNWQBS?T45IgF16$K5?=|=2zuRNRf474j&>0$ zF|Qs48*F`SPgxDJsxa);zDx7M54ls=u)9&Y)&J`K(00?2pwyFgoypE%t^F}t53C#N zvcS&Svls*8Fhd2j&CctRg|(Mtp{>@14>=vAt7KSUP9R4t!38|;;W?CDk;SK*<^sZQ z-@lQhSff^FRZ-y`>s-1=gXNIyAg$YnE-!Y7*34NPpV?%u+-KA#RNwMj@?l%UoRV%F zFZbB8gQmOr#IaYi>TaujA+31MWlNNV`W(*OcS0IjyOqY+gz;xILprW~1ymT>};OhiU1oIlJ}8*CF`IC=(Lb(;#`ztkqY0Q75~!>8p<4!{$sj z(lY8xA8{0W#H>269QO!&l;-j#i7o;GP$tKg&-Q}&pfFL(im%nCH-|+Rm1M{?B8@)RO#EL z?z@6?>$LLEb00z<(#ZV)hvz=hw+N@XRwp9cZGq02&I8s=663~Q!7NMundq2<#|**% zB)(Ar0Od5}erpPh-eidpz% zy;uX-jrq~j-Bzx^PyCvIRYJlzMGX|hmMCZ8-oOJQFvIuf?Xu36zsvT)i(%Bf;01lh5igP!na zF22b2?J3jj9P94~vHR*g294&n->O{4MzI(5%8ZU&p?O@|@Z&W1*~OVXlp%L9>~-!^ znwcwX$Q{msTddVG38nX3;PrXeywj0?Q-Nn3OTgv!eYKr1p9*$3!lr$~We+&s zeWi6L1?~qXYNKRyi=bsx zPz6QDSmkKMRb=`q+RD`*{17jJu3SFYp^InLEu~+>x9MJU!~Xiq0v7-lm&I z>@S@`oVaU?Ur^0UZZH}OkJu~k2dQFD&}evtiqTD{Pn1MAj$_I>b}X?OZ4RUpyfXK3OGMm!<{-V+rhEsBn|w>*3<3SDhf3$)xWesKK;glfs(wP9)7UjxfY;}Lq= z0%Y4!aFK2fX+_Ke4Em{3G=P<db(!PnTUmU-HOIB%pVaob#{@^X->L=ID&(Rw9 z5^@qv)mLEmu?eyJFxaZagAc@I^ey>m*4v*6qYS#cKqSx=CVu*^?((hPYP$!q&|<23 zjXvy0UB$i2vwvxYA~<#>VQ`R>){jT8!&u6{ zE^%?HgwgPWW#~@u!oK~Ol)MmZpnGsQ5Zx`8myH#nvGv+V7wLD%U)`xB!%@{@S(7XF zDu_+ARlA)CB>W7fy7Txp)%>l51_-bejFC)?mus@fD7JuiF}Y#d&R&0~m?rte{kH>f z+c)ZuaA2v@?1@&+<@8spxTEQ?6Im%)h62W$(uyIosEs-VKOXk{L&RRczDF4VOw4xn zJaSc1t|*Ixzx`N`m_aO~X*;3deC)hc$xvS3`de>=$%IvM6=JB=c#Ib12<3PPQ-?rk zXnH-f<*zFT4w{!mR3HX!S4JcY80bg0-+$ej#iQC3ic>30Z>4czINLTQ4vJmAJt3K$ zBJCRTa*t~WRnL=I%u#^Gy4S*c<5*rLDhPgWaV#s7t#<{jM9y}H^11+)xkgf=?45elb_Os186rw`y3EO3}>me~2+T)5%cuMhPy%@B?) zYpdV%8ya^lWQnrN(Apk^yhy2X)^TC? zWx0dxc+b$Xr+)T4bhqmTZ?>e8i5&e>p{N2Utu)rRw7YF6l;d8+S*CLwduaD&`W;!9 zQP`6Vn9E4b_VJ)^mv^1}Yfwb3Gx9vqKoJwLfTOGlSY6YkR)Nq_WCaO<0>}+tX>DV4 z5;i?HD?F zsb%~U?_Hy;({pHP?=^U?LkRYD>}+onyYlN2cvz7y@#yz`HYdO)ZX+LW;7(biqxHKR zd!JznIFQkbqktKbqY)9oGz*lirn*c_F5x$zd2v=~;Hc_18V`NgY>%v1h2qrArE@fG zhFPT<`_F9-ey+usoN2a(#OWZSWKf9zd6j$2iWdzeKi)eQxE=Cg)a^89=O9RKX!U^x z`ub>VV^9==YcP~&(S0fqeYdV;VZixCNZ|UzjT!ByzN!QaO!9lO7OKm21lCM;0oHMa zb;eC^^WSoHs5jkvbpUxRz;BUJ?N#iPZ}y>gDoEUG?BnwW1YC{NEfIJb9QcKL99bS! zKrzkVvtu~Y@Pn{7QPGpc($%!R{lQSMvYu)USCrhra5knXjt%Oe&aV$-q}RdS(%;%% z%K%qS zuZ1+;1Pp!!8YL9_hs4ulxhR|y{_yMyf1PjqpjX?{4DNXD-oCc!XdSOAYp0?2op(7O zpJ%iip^@bg6-FUSF0AOeN7={yL%#%tc$)e0A|KI6w!Tf7OfC(&#Ho3r z^%G%npvID!P*vnwhmx+`$0fRX=M$Nnyrd07PuCT=TCviUoLw_)+4c}cuDBu)TSnYq z{c=(|LQc}+{pFXNKg92E7N(>&qO=2bT=f8h0~Kn?+&9UO5cgr_YsJrj z-ZJ8vr?xX+M2I;MChx0iVg;kBX~VQ?YAwV&Ni9Naq{S#WnjpHEY!OxK4vrqPcy=wJ z`}{zYB22I3$sR0a^{vhN!uBQMd)fj;?3Qu!c2fOfuI~Mxw&dF&zD%F+fDK;$3}Wm^ z0{gXFIs?^r+^^*Tqo#AwWp6JYEsw8O49D#kV>h8C&2%J}yNYG;Lw>ejMWMEQpoZMF zM~=w%>Itkk(Dh;a1*j@?p!)K|VTr~$ErA%)^rV+iowe1szhVs|C4 z4QeqJrMPvyNWaL=MvP>ak9&2kBi;lTFFYP9)4adhwkQbFtInS#lwezCEa2)>k`iI zUS^*-J0K@7kU3*NijPhvvvBy31vC{rM`{ zx$(LIs9+QE1i9Iw3EwJ*9+5qDj^T_0t`WrEXqU@d*$7b^l ze|UHJRyMACWkXZsm6nw4;z{5H1cI}7N#@Sg`Z5X6IRZ2nf4;zP+Y!GdeQR*8I5~t# zBS*d!M!j2ln>?*BBHR9@fw;v%Qh+tIsvH<%`^CpHE(l#7D6MX1T~C707b?hlM#%e5 zd{=;be;Y+@jn|3?U??shzYOO`_*E&vSTOc^L2{(=$mCwVcEP>^IFj1}`S4~&0f!dc z{mGpN@;j;Hz#dRZ3qQm5f=Kv?bKX!b9>D#?bVaw{Xh#S$JdC5|kFI z5JVQgkFDKao$9aemr1K%-4_$6ev@uKAg#pf6)+g!{6^fd)YtJui&m?XUypB z@*!|$D*3}0VxTK9=~Sm-Wu3DAm)>IKdg zD!or(>KHT|EDv$Jg7r*GR;;Hucu9;EV*V}?+RsKVFESfzJ08E6L9#pUV^|5fJ^pf3>|P{8U}^%DNFVW`t}K8&y>_R$-&h4zT81|L^Lo^v>Svn z!-W-ZbraC$=Nx7YNDBorZjy@mxjo$OB>f2=GiEHg+$FixLz|^AKV!j%-|^gTLq~LV zrR4?NRkAELD5<<}u};CcwbOE@(he6Z>L@?TS9Se?Od&Hy6U()_my4Q8xfL~GL=yzy zRu~fnqH>pqwt6(YHL_pu21sHY8o)JvtZ(k^!Is@UB^CWK^v(M?c*(*HxOSzAJ5L0k zkxh0mLZ+^YZ>I-?$BavSXI-=%hZ~OaK|8;n&Q$=jmFUog-9?N09ry&4a;yrp^IY7R zK}$LN-FYsbRhtc0J0}OSG?KXv&Jnz)Iiqm=FG*3uOlKBAXW?<}eiCQ=u zm=>^$-^C@qB=1k*&gmi@3ZHEQMQY_%eA{a2+#E@! zzCHQj+2j42y=EYslstkfK2s{%W{D1aZEUNz8-+CF3Sp! z@Wd1$&sfylG=cIjA8EPtYp7jGDENhE=A$Q-zIA($entbD;#V-% zohL%`O)jIGNg_Z{WVg{kBsWd&1o4^DRlzGyrM99{NauUwtKTz5oeG{GFbi|+H(GEaHz#LeQxr@T{ zft|UZwmUDt60GFB@cuJ}gYOkFHjEl6F}m~1u_bS?*g`>IX@e9GUd7X=ZQ$ZVpLk0cxY9i;e}4 zpGmp6D*jqR%cNRNzqh^>s^p&aq4Q?xdi!~oKz9bkf(q0iV71FaE|6;XBV`*zbkir! z!;5(nLUZH2@LL{iPy4kEiWTS8Mn#2~4je`@>j}{P^Vrml`nZ%O;rJUK>y4lCzIvPWP6rD8$~8WQOz=KBfT<@_aX!-Yjj7m*}r~Zq`!v z`UJL^A*$2`qg#NR!#%sp%KdII{K(X~M`h-U?%j%P=?^fm-->uY(vlHvoO1Bur@{3I z-x*3!baZxEZaH^|0C|a1leW}wpL;P66MWTI;d@7rArRx*lnTX@cE9Lm&lbeUq!UQ+ zw(7M^kD4xZ02Kdf&&*J72(WSOG5MNe*Ta3Tr(A^I!jyf1y&yqxgChlxu$+pI#k`D- zsn>%J@MG~`6#3JLAI37&+2Y1`4g2To^RV1BR)Y_fb+>!8*5JM0H@$(0;f*+5&JOn30 zvs#TLJTnPmgLKV|^{Uq!a_YL`wnL+6B^G@I89WH(0UN4lt12iIUbrWIbIHW;YxF#xzr0;oY%pU zv1n%0HpK-IoDuUdj8dGvzWR}>G~_!fC2cY~{Lx&dgwgwNzriYa!s(~ok8}@j=WQR2 zD6I4xaW}&y`x*iaSq0;ohZ$O+r#oV#?M+ojG;IRY9sL6YlPrphwvWn$BIr*yd;$ObZF*_#%uv)o1w! zdLILJJ;AzFqJz4r2tacLZ&#R68JGf4F>1lgpA5NbTI#Yd;;t<#K-4CnB0g9U9Z9px zHBKa>qJ?BY7o1Ni#na!&b=1zxVp1X}$N>$VIqMc|B&^bi_5(5E-y|J8GSgR*Mgrq& z9~^u&l8xy$DeokQI*0MI>L4Z{tj8T-Dm#d5ef9$oFiVy>Fntm!{>wrKs`&?EYm}G{*yQ zI_j)qA^-SyKs^}}ltCcvpIe6nU z5&EEeoHz4&wOl#s<`+lfwvs*$PeR$ z{2-N%gg1fm7YeM7V{Om}hG&|9<0>%})Q^UTYC#EhP~Z+^>eA4zI#I7tZ<)a>PA_{; zd0|L>;lfp628J4AWS%VZ{CFuD^Zf;V6I(^V*XlQ_}I8ri-l-zhR%=dHlqHRCtHFxaXg!pSN54Fecxg`dTDe zw3=}iFF4t2Xv^hJ zXRkgaI4&Sx7ZMx+EwZ_+209{T5Uo_6F@=2pdc--=*zV1Qhx`^-!5Z15y3^(H-?y|O zZZ5Hd-YD5TqYouWrHS!#68)*8_3N^hbK#%nUJcY-1DxYbC`Zs1>atwdGOdlBRhKPR z$lE08xa|2{jPHYrW{+iCX}JfR3+v7`&y!-}fl>1d*|^vV61%+X@I-=lQa(Gs!@8ye z)It<7>JAS#6)?=7tW=dOuJ8!WEf4kW_e=e>DHl5`snG|FByVtB7?2Yx-P1WHeCAWN zPA@a?nzXL_T;7=fZ7YvC;k96MFWUE`gaG%B!7@q^!y0u){x)=ZkSsU<_~m?7xGM8R z{}0{GXUoJ-V|flwVjW>A|;IMPnjdne4!$Z1D`BVNQzEpIPwH_h!L zW#!)ubC&y;Szw*xR|!);!FlhpX*8f(6W^lKld~CzeU4RVOj1rSNe9>0ul1k^z+y$o zH$_ew8UYL^FRXD9#SoxN)xR10!9wSF#HHT^o811_p;&2_fu#)<&`+wqyESw0!M@?Q zDaOJ~0p3kL7S&Vx%?0~Q$hOUmLg_IsVjucD&;C2E!^1_vm9{ilW<~wh+%Fc-yD19g zY@J2d@xx$;O1J4)IwQjy?s6X5dh3bl(PfROF-NKM|J|>@5ds~QDhYZCt8Bo07^!g|ZFAGN|%5gZNKD z1*h^W-H^6l0o7bMY(#fND3sH3uNHr^Lx1UnQWpjPn8m~8#9df#ZFYs zg^J66=*B+;#6wHp)9KDMzThNwsJHGT`fxn1SDEEo4 zE?oX)?7t?Jn0|`;C`dNtP>AjKpW;3Uyvum#qNM#P?qInz?L)=A#=z3aNLI)SJ5+fb zrJ%@XKc{u^9;!Tce&Wr++lz0wk&RU={6f@o=*ad!;z@UUyhs*m9Oe(G(#EnoNUObIDB2K_A zne!T^aU4@KMgfV%b9z1DJd7F7mGY0B6*TOWkkf#LLPzxYhk}1oH^0^~?fH|{BsweN zq2i0Bh))G-mVfq8@%_I#|1aQYaJ>xY^X1=cqF>e#1ymh$@!$<%dAq#W4EY%Q-tESx zyX)3N#W8BNZy3>qmb&Bge6J>x=7;@VgH_pzS zq?x+goB0xlOe+(?%(vq{jMEybUeRdC53BCeos3s~?)|#?{nGy<$L?IEXz{ypp@oOv z+6ktZAxa^}hcD2(KbJz4cs|9tJ)~9^iV?~;x|5uaU6uCe~I;1BkZm{ z;gGaTP3vFx1Y!!CCr;HLV*K#Dp*cvGXy(;Pw~pb}t$rPoyI0LQS{E$oGVmFxh}5(v z`%(Gy#D}7}Fv^4A>Zr8PjA1pNKr#~l@xMF)X?R)g=m;jzy#~F>AN1>sJ zop!|jtiK?j1VVt3U68NzbzQ!PLRBazZ(%bD%D6YKT1aFZHpM)HnP~$YDPXH{dnoF-eB3!>-GQ?Q5lD;N z=YRuTYcYNvruH3cp7>c*wNzfsHh!B}Rw@Y`z1q}4Z?|vL!*;ODzC3y?^mId)Sy>OQ z`x!=0ZUIAx6#+L?vp~5+vIYpMjG-6RWhQ#OY0u@dW?`-x%94ukt7i6WI^Lc z$b(pD{1uXW!zQYJwoRV6RJjy_@2ME z;l)`U3Wm^+L{!Z;+nsoR{g!mUjhn>XIlxkk?sl#V^M%`AbG6i8Eg{$U1f`z#un-q< zt`O^-h@q_ksjZEU($Rc?npv@_Y;0!rxDWOB8;ns$NPyb%5J_N$hDKJ^YgX>C@ z6OP8=3DJrN6|3eq407zd;UV7wpBtbgjolkf;<}GB)ikOoM85@0CSM-PXfLsVJ1tf@ zyq~EjAB4YOnC(mgb|cq52wT<<`zhjMxzmTdw%h~Bs?zKvG~f(rA2(FGUD_@cRnor- z-haFYoR;;CV(qkmIYBdw1HbbM>*sZE9vP>f=@?mXHsj;yG~{)8eY!dDvvJ4e#1w<~ z-G5eqNtb?tRgmXt+!q+6Nm(E1XLSj0rM@hMC2RRjoiH=0nHih;%qLiCyh3`?9SOF8wu9aHaKM-RHVyuzcIPCTOkd3J`0j^8>}@v6%6S z^I^XT^_QfQJGC;o*71%^&c@8=ApXd%@~Jy#Ix!9Ywfq#+Hf0quOz`>%FNeHSPErIb zM<{n&!6pqGO@yWCX1T!Q<=#zFe18AXmQ-sIhra zf%ACX&C{LB!{wnAh4fWaQ(K7Ec18nD>(ZMwRQ2sdV`gG0bp~amL8qW1FIjOUWn)p@`+p{QA7I`HHSJs z=7KpSZr!R_Blss@iaI%r=bhI#=B6MulRQ1+0~D5eR4#Xr<}&WR-zF2ZU!T4PG3<-f11`M+bYRHvX6K(fd~xe29zlUw|OF=xw(A%GQ9$D-kh;&7j||ooOWZ# z3B1chz0AqfV9>EoZh7 zAptRbs}sj&$D!g0OOa?mIY$Xn>LFxu@{28EJu`!0HtO~{Z(<$XxwFcF&Htd9RW%?CqRZdJJ* zMGhnRu5G5J#Csj8?< z44<1~ZSvExA?Me#>I*7;Gp)(q2m8D4^$0lhn|kJnPxfi>7$<$oSIbdjuGNZQZr56@ zw`SRW;$-OXa!7)x*^q8+fUc4^<@9pS26u3P#%|3>EAAjOg1Bb##$aAWyks~xYoRP45Lhnp=t%yDjco3u5K7ge2gc=qg$e$Rrb z{r3jkzV-Z#B7=etGaU)t8u3Dpr&>sMUbvz1P$t>7l7?AFjrc~g&L%x3cm1F50x-_9a%E{7yj?&O6l2kLMCyhCN~mM2Q(U*UTVcU9 zuT~KiagP7PE4WjV*bwf0_|g{!81ID%ioWu0|5kjO5&k2h1JaaqB6xKE)HRLRvf2qB z6qDRiPn#8?fr1_V!J9Jp*5iRebje&Aa2wNq<-E;;iG5|Rc7T36y%BAWcd@AvBET1j z*_#fm(I+5?C1auL+rIK!`AynK#woVvNOCo9i#=oXIk(zX3FJOfSuM{#OLSmXqg z^IW|z-Z`}6li_FMDSbiiO>$=#Jol4X^;5e!ua$SB)9=^iKr2-%pmE@$+IBEkt;t|} z+~p~s&|mhfUy@2ZJ?rCdmMIp0NHlp@5_V$d5ktq4(uzYGY&7#A(7ISerO6(Z=IZ4* zShincHV6^K%bL z!m86KhAN#x?gF7oUw5lYqui{Qp6%WCdoJp1`tNkq+6b ze;!1M6rUjm{o>N0q@RN*en>bLbcFRk`1#-6{8z>nD}}W5gvw#t!aDV}2)4?k%Gs~Q zp^GKXujW2Trwi(0{=B|elz4#0U|#aAlskGS%xZ&Fh9Ep|5(-dB_z!UY zaS~7k3!Q#Cl9jX&T|qwf)XtYYQfc=`ZT+)0o}ZzKM2WZm8sq;uwyg{bCCR=!`LJP7 z1t(IR0#EvGQ2)8Rl-yx3g>pMX9(b5%_sB78ia;aPo9GT5krkQpk_QZU3v#Geo8{Hd zcn2@zmH&0j|I7#`@hRN^{hws0?~|x+v!}9K-qz~UGFLNlNZa9)O*sGMJW)zK7Qrg) zm?l?M%iGGynd_*>_BV_Q_N0SY)^=$mTz?-WlPDn*+;hx>wXLC;C}~uwT0On^?Z&?f z1z)^;12jSHzxUGk#O&-l63XuH_QkK~=(NQ<+S{(ZVWUjYDQjsx^}||kbD;M17(ISyl{R6YKe3A!yEVX) z%JWGzZ)b{(Om@X=x5oDRVL$x2{l`7b4-8;TI^B6O=3s@rjs+l!_DPPX^7?yc|&Qm$PTq2Uzy_q3- zd!g>AWF`lwah&I!83h$F^fAy(?$h_ipghuYUm-0ssh!qW5)~@%s$1nDzVWzYs5oBE zSfnFE5v*!Q*2O~}LE8}|w-;#xOUH`L3x0r2&x!vzrbF>4dh$pMhGyvJ>QvWG__gxx zAB3~=n-7Nt?)uI;DSgO!$`RsBuc;(0`>u#;WtzXgSaXhP$Vb=wK}zOhf%aiWYB;U6 zl5`0LDQ;@Q4yB)-@MuNFD*_adF`M0|!a09{Ca>r!;PQH_*qz;dH|tJFO;$G6_@PXZ z`+YeYrrSlLwWg9qYC{QwuDm+Q*4O}YOd4g|G-(h(?l)`3@1Z+SUhGblN88>{C_ml& z#=b+U?DU_c%p*t>l9{)ch-z1IiB8`hC30`Rank6$eDCsVGE5F3l_m+DYl%|l6Nb0Uw>r@<#^t*qLv;JvRwb4ro0i-ZwDWobv4At+v-@LY zhi964gtd)TrP#E3Y0%iR%GlEH(wG5dUc56UQ31`Gj3#{M0&#xpg9o~+p{H%;k7qDf zq3hZ^DM#t%3B{+TGSIYBZy9p6U6NzN_%oCEKrV1XSdnl7(As3?6`Auwl5J~L+R$oD z@YdKWcr;$vtQhr;Z-jEgb+*-Yyy~06Jh^~$Fo&)2K#Op{lFyrB_uhFNiP;2?Bwzzv z+0w^Gj-R|}%_@b0D{oR$zcfS0S;jcgpF{>k+Hm@2st>euw z1joh3@6KUkoKtb|M>*Z$M+12F-}|ptQCd?<-R>D-b!9k6`{&-^DP$Z{um z>EyH{UKF`>y7a~(x_6}TRM<&O)STtTky%wn9C4d|B8afe{Qi3*QP5&Z6D6waH}8fW zsGx>3V?o9?u%q9#&24AxXniP`+;)|gDn*fxIi#Glsx)Yxa{K*Y=eX%!m9~_uSYljT z!??QvI3uI6Y}4yR=^Ps;hPw{Blm%@<&MKn|(1}?X=mWRqaL=P{-<3TF_XH zvx2`@1+atol+DN4qh0;yi#Nt*hAO|(*xI9#a7UqhQZikoPd?kfmh)v2sCC+<|LX+_ z5@!2iHO^x$r7)_J#ZOtX6wlC=#BpIzy0Asfc*Hs3A4An+6gT&eR{ou_%peOvGguW# z-nOvRwKOjsWYQi7Nle+2Lx;PTrN+i5$$>=1%G_eQg%qmXRIsJxlouFe6ViW%6GrL_ zX1tX>{uuCJu?t>enqF~zQ)V+?SUR35GxJ?BdP7K8-VeE;dyR5YFHy2MVy|1iM}xve zBZ@|s9wXL{om#vi4b5^BNS3-XGoWuen(E82)craJLR^+Fu4K5KJ~V5C%+Ii30Zr_` z-1>~E-97N|NA4td|1dnh$`^`Qn~LrAAHEdn)Lz9dwTW8|AS04}yXtp?*rl=0;y6e1 zKZ3~{DXV)yzT8W`@Ii7zp`Wg`?J(YRnryqP=jw;tgfXXX z`DKQ)3Owp@G>~hv^sS86&X5_irxm2LXfPdYyNG8K+FUI%D116tXjG2m)vlp<&Y^F| z@mKnf5gI7yVMuQyA&`o=j37CcRPyWRRx$gun$AM)y`BLw0mXKajtay_42GO%JzWMe z5#4rCkXO=&8SL*MO6EDLT%dvXL067bHisH#ETa3kLt;z8vHlftJ%OY2=dN4TnuFsk zK+V@gUYUN5Wh}~sw9hpm%10%Ek0$DUmweG$<;iCdZIYBgMNuC#+7oqC@LiD@=zyAR zO3Dn~$7MBZF1Ix?zd7d4I&R<%#OJp1(N8=6;CVMnTI?WINNS;OvI!a)xSojvlQBz` zKDu&*v)pZiZ4}?|uET)q@;(iDXS=u2nx;rILBPRxV|sn+Y^KhIeIxNfHSS$S3h7-q z1}s3iNvY$NlwuLKhD?#>`~S#$&#XXF~i)6^_fi6vIqK-W5^_qxn1s`tRb&V`z|>7h#$(hsAlq58~C7v_Vf_4SZ#{n$=a~p?lCNC*THpuwgV=WbfV0QZ@|9@KHj8Mp7i7Wjqh-1J+f9n4TG>RF^kh%_r?TmAURuw4uu<#P0WM*|m*3 z=zK_Dviyn;nmIQ{zP4G+#h~U{VQP5lw!`GN4}!*HHR))zSjxs4U-jlUVGG@bzO>88 zFXb6SQ|);}FC&3vdBj*4OibiIrY1u-4X!lz^-jL(`_%8e@VS$IHC;{~!$**P@@C_t zM`)H$-YG2Qn2q4LEAC*?g~G*UF_{mo%yzSy^wMd%`JeLRPjTXkYYm)79pmv9 zTg6<)!`5hCJA~xUkzz5Sf5dB#hQFn$x?7-~Pjcssd_K}1&BqV}0rwYpzJJy*!ugi< z;^#wSO@`OY-7AaIWzBs(*1Q9^A@4HpJZBVR$Vrck49%9$i#exmD_=g|a>zsU+o?tL zhHj~z@4K%p91an-Qx&G4rpoLG_>s#oyhcTil^#^oQEiUuMK>L@T|BI67G6Fi^WQ93|B9IMNk`Vlr4rCDV98h*95k5)&-sZ(6Qp{#AyP1Ju*WVAffwC)~J zW7_AG`^2Uyy2Ig1Um9e+V%&N-K-US&!~D!9`e8K~bZ@QIVYaKB4`uPA<&Ye)c<@Jf zTeWB75voh&31RByjSzQ|ft#M>XPS{_Z~lOHJPOUMxMQOgKR;-Z6ToZ`v~ckSTXif_;7j zP?UkJ)-35nI{Q!6&ut1s`)7(MVFK-~oyzjgDacwj3Nk-EN0U)Zz+F8KV7jM&tO_boZRLO$6nqM6J`pwP#e`DbF?C~qdtzzcI|v$hwy*oI?i*8UMQ z;!HSPB$_xf^L`pKxjUrW&hTB{=1fW8iiCuuW%eY0!*#L3OC8~9&vsr+0t%{O2^%&J z9(7&zod?iE;n0`_7wwo$0?xLy*0$zz-<1WHi~tm8;>hZH+2HEBlU0JT8mE8S%MXN| zj$)IR)A|K=p}=nT9Z0KVENe(zLUS|`$7wQ3zlvb6dELXuvF+RS)_QZQlJSe#uDl=% zvFw@`jf#LK)T6$k%W$z;%ihbi7qMX5S|sgPfgvD{Uej%DS60{4(oZLiVwQ?x{F#PE z0!m1ifE~#n>{*#?tkGvi_!nkz^l+7-i#KAUPqabF=zk(EUOmSS-|hJh#pzAELKQ%D zB~L6X!J#@Mp^Rz*`FklowM9p72PS!~=;GZ25*N;_XJ>a0v9-oy^_p_Evwg76#{zT> zr^H1i#4c<^W}n1x_yjw8jh1DqC0N$nd}LZr3^$W2G)B zECU~ihU9Dr2t0%FMRJ0l-5m~$72i{!JhyQo&T*_iD)X(ABOu8U{b|wS_5xw+AIkun z!r$I>WIXwl^OlkSBKz!fN5>Fx$`81r%QyyGL;;1i2;-k zN%gj5SLo@PPScS;(V73Y4R}!n&vbi@KA)cE$$kSQ(|02s`f&%@IyyDoZib8Ncu;Fs zr%+!?ZZZAiT-`$wFET2-&E;J*JoLXPl{=cM4-{WkwS7ML-^TQ}-?h2|7=*5E2g^U* z#jj6zIRaIUY7!Ske^X!sj8#|UOw4ne!sG{#l^R;zy5^jJkAt%xz-0PMx&G^d?-eH; zA|ZHS4?fB;els9$J$fOEUz7e{Nv9W?Gf_S-?-bvEjYno2_kg6>OU@+=!M`c=I6$*1 z^tkH&r>(KKA^ozqIt6{3ykGtPzLEgxT~NUOK}6 z`_jNGd#bfRyfyyo-T!s;^4EZxbf1?JkB|M!bbov3e~D2z3xUfwvAh3XXZao%fKr~X z_EP!lmHvdX{{Fj9K&|T4%?XBo%Kd&JTxX60-k0>_)RW(1w910OBky$Y{p zo5XX!x6@1D@}Fe3-v9U8_{-+>pc4OTN|6k0( z%lVJ-h1eYQR7I(MKe_+^E9WN4Z=I#%*!SF{xxi(5R#^CdQ@L`0=8i7lbLwL|)>6M4 z(R&@>otDn07=PzPUU7S~h!^isw$I^sU7@K9x@e1EU$#h53|77A6a2?56v!Rk%W6p; z(mhTqquX#DInQtKO&vJB^}yl))#^^ie{85B2pX4SXDDBO?nY+D5KwQpypWMlkPjTF2{iM(bc-7Ifo zDG}iJ%iWsN>a_teT$DwZdf|#i2^a$W3!l0*BxBz>T70 z(V?4;`8$}-ag`yRG(X06H@MJB(j0L5Il~1Zvw}ApDYq?mHg+2WDm5nOs!K*(#I4$I zNoBgAZi)CF`!&Bd^W|%(QBnN5eJab_Y+2}l-Atb= zlNybpZ`cMGCv>AS)WWj!Yllzc`n7C>*?2|GJvn0~AW`oCsJYg|O?5Cwcji-2yinKA zqVdZ5nE%rNpmK zItcC<(3Ft8%nPf<37!}i(lyUFQ;9soHYsYq{zkWaQbU4OF~Y!6(>3#PS&8&;qI&BR zrFhzSL2ipjYO_7$AQKFL-U%p?I+XzxY^v5a-SUs}aiOS(+T+ZDFss=PoAtg%ElPtH z7s`}(Z=%}f?qlz~DrJ2OobTD)Mv{|gpJ4WF{|NGZR#uYI z-+E&jJI5$s*tqbz5}VFC({?&{Q~@VgWVL2|bD6ALwA*4l6Xq|%R64(VUtfY>Ja=i! zIiu#zESqkz4I)(|+Q@HQ_r9JOSTH;T#yNa2`(cV}(Yh}O)|UgM3}1;i8w!>i+1Omc z@G{S}+F*;K%F|ZrK(adonEk}WUDi7}3%Dhn{JQNjv6;n(n4Qxlp_PqBELY^nyV<)7 zi#;*rV1j{}m9P=XyGF_?#+qv38#zv2;X4wzh%R!tg|AwFH>-i092eHR?2B;@2qR*I zAo}8kYug|8e96v>zcCM)>5A0Os#G`8>oSBH8dc6N zO5cRe`Z`gZ{iEB4p{%JdD{nIKUWXaE7$8(=K}^)kbyW>Y%xQJXi-YdU{1E~|Ex{bo zliV#81XyHbgX@Z+GgB$fqCKLw-BU>J1apB@tus!>$SaR&Y>hy0GvMhwoP2ux&; zg`^l}r`w!CVVztS`@P^aBfwLZpE{PhUeq7192Hn;(t_YNrrPFVUk{hGg~`D@Md}Eo zkD-JwFlxW=f$F0?<-P#ch3xvCl^7-^9AvvxLS z{`+&-J?s5F^9=n#A&VLxgTTBI;;2LUr~}b(^|q8%%KZ6|FQOJjniW->x#F{wQnPFX zIxa%UurEEL&ng<){vh6bwI`{O(2%2%7QmXu@QP#x`H87owyi!3$EP9|8?7-J^kHK2 zjbqWiK_!q}Y23%Fkn6Shm8q~BCPzlPMfN6>*9nb@bk-7fVj5-(#WteronG5}#9)~% zm#Z?cz4Q?+x$1}5_rd(Nk0)Ix#RRC1P1#XNq{KJKK}cC{#x4QJ|7EqoI+o3(Nq^dO zV;E{$I>15O=~kcD^G9}ASFsmmoGgS1TyMzU9&7- zaUZ(LldD}Ktd`29;G>$Oj<8(S;7dp(D?+*1ya;!mQe&f#* zUu9&UM1ZksX2n2!z136V-~xISEqS*PgSnXc7<*`)P+qo`?vL(A9+iF!)Ti@^-zEv_1fO!{lBdp!$5hyuutToD22O2GwU1@i{6@!t~4!Js)5}dw`*#0<*(U6Tbp${q59uSp*hkXhEKJ0Db@4guA6p%HoNVW9N z>XK&^zLf=19fM1E)s?&xzdDE5e0A~8IxUqi#R#Tr{>WXwFFg^9Z^g$Yk`cflfV za4*GFP2*g~TN}K4RXG;iAQkKs!t*biV;5kJrRwNMzlMK%hlUR!7{AdrN7xl;T(+pd zIi^mIRr|H&+OWMjrQx(}f=v#3iO7DYIWk8+{SND2>w$sWm zk1FQck9xatndUS#|CX81#mL-8gWpX~@vKxL+m#I8aT>J3$WWa+4;N*ae=>TsVnIaz z-6VF7_w5`2LVyizP6mzSnNPjKuF4E>ye`cVU@!k%j zdscbDEYtT~wc;Gx9p8LOKd10m$^sT-6b_KB+e)((1i6k~t$W>V(7s|!O)YJbI8F@# zg11%&1*4Ekhq+2V5%n!4qE4>X(A3Wpzd~-W_ebX=+KpNg>(?BO?c;59-HzkFvaq?N zXiEs~%2tJz8GNBzVsZ?;%=REv<}FlDk!>jD1=Y)Y(^ayr%sNmQZc(kWF-m)a%}_3O;}ZMnmaGr2)c104BhLFFj|{cYgfQRS&B^IYbe2KJwFqz67{a=TS+ z26?t-w?LbM)$86Yi@7X$*`mh|rCLtj6DR0cWcMs^ip`U8-r!S`LJrTby%`bGs@vo) zQ;k+X$}H@B3NdW8?RAdmC+wBz(p&0*5VPN?am+glVhvLG01U4fBMB)|Kaq*#eiXYM zx_si2S}N{{Te0&@7c>onZqqJ?zE_F%_!R+u5(o)HYAs)PG}~M{l8j<^OERgB>dR7K z21g9oFMe_os!^bzA7kUx19QMb;EI93_XD>!T4Iw_SoPP8;oWdW)b|aZ5v(p5ubmOZ zj*gI2TP(n)FzZU$ThR#^Dz=``qgZ)D@2~9G_z18yyUqW6A?4nqmU-!dqZMs_0NTew zD5Kc;b!8;Ri1)_$LwNkXc*(~>djSsTDy^2i?xNKdaf4r|{ous&7WvQ>*#$vm>G%*Y7s zNY@#p8{E#T7O#B>Y*N6`CZw5q{EF4Hr3Ie5-o-?Ry>og@cqe;)GhKSnLvPcn$G43% zp~EUiCxb!_5>Qsmu&o8=-pt7HH_I;6L*vTaHbRAmcdO=;*C{_poOcRtpkbU%J|Itv z){usvSKOt{H2Ch37J*-}RV9ORrkPc)Z+5euD2P$CTK&G)M(>j_enA_%J9CkmUaBO^ zi|K4xH6||@RNo)cL$7Q(+JfT-6!i@ADUZBCSG6-_wI6ov)xUo`k=kF>U!7t)^f}fj zqwS5y=LnaA8nIR&-)Tf}@Pn{j%UFG%lk69YLd$|;U+Hqx6Bkh3Q-gU=QLxjjzkKCr z6Npn*n@`_+CF0Yn+Re79h2aXkT7qzR#sdvl4obm=-brqIR{-g&lf^oiy)eid!&xN) zUHlw5H{BA{(vBbV*vb9I=04$P9X+C_@Khi=oMj;UFvl#=uLqdqw89f=V650|dg?;t zMhZ$Ziy^(EK%=k+LTi0rEl(i7gedvV;)kmD%fOXhx(*HJS0Yjr3?G7YstnD8^ei|H zl1xj^3(r7_`LK$CKeeoZo+~&QNgxM4z4dLE)N9>2eJ0KzXbJReF8^s=J`;K6XG=^e z#WZ&S7z*1vXFt&9}o6P24D(z0rElkEu`W$b-#yKUBT$)w3$-$*% zS8K#4T*2e7T4t3S^nEnY^)i^B%gN1yA=xQG#+TLupu;R%yV)7Baq&v=q=2p4djR#v zXn7S8)o?SDy!JVJ+BJRKpb($H*w&U}xzNiGj;kV>I!8;8k!G8`aFq?;SIUg#@v*48hR1E%|e+qX7>nCskXln(_jS5|&8TcDR~YvL14o8^8=ZrP#tY-=}+uj0Qx zf9ScPGam5}Wwsi|aV5j;Kuxbu^v}lwDpP?+PX~01|1!@9-b6&A_V9XpnVuNq0Eo|4rjtswXHKE|J z{`s?dF&nWZq53ve4J@wEew%xZA2p|~nNC9j1`@TU+)kBCl2c}@ovB>**vKL5#psNQ z$4S;!7v)~~b;MJ1tsS*>Y(_5`*3Kc_a$~~?go*imA->x!G<>CkY@(F9(>;1}HQ8@8 z1x`e2ql3||vjh&9lU!XZ+k@lVk&TfKRquN&j6H>_6m5{3hBH4y=Y4dSIn!_}uA=5! z499<5dxH~74lG0(c$B-1d)X|HPHB~DZNI(n+SaugJbx4uEJyx^LDp1g_;DYBF5Z57 zdk%HV5@C74zM2y|#M_1+CN_CFr?JuKDL%()w<-0WTQqYJ_R`i42 z-rH?A=7;YMtNu8#x6h75_+~#X+VF5xlVLN9K*>xD*b(~mWLSvpmxdrEJ$w0AGqd59 z$aXo)*EP^Lr8GHQ(5(3)5Ne$T0?Ie!JyA>U8bqPKh#%db<8Np*oUM8FT-5pQvMOvS zu_{76MnV;gL-rD*A#^5JsaL;#iU!9?+%+zbw{gM{N!;}`lmLvdeJR#+wV{uwx+>-0 z9%z$0s?*6b^3ectbWpRZ$_GJPPJ!f{c{QG?{N<+k`Ft*r65qzc*bvOsTT(2y(1n;F zQx>%H(0Dz@opRJBPtR%$~vVA>LM+v_Yv&I9aDop(0g|KmnKHY6B@ok z!2v}OwR;6aXfKcm%vNbG(y4Xb=uEN=C@N|#J_+iwvdAnGihZV=wcu)28s+V({&5Pa zsR{IlV%cUi&Z)@1#>u5hUt$9A{PB}Vv;aTHS6UlYF3MNb?~9bgcr+4@u_ zG?P%h;;1ddUap9p*c!f_4W2hzl$2IFuH#wV`(XIuQlBb!OJKz5mS0$)R)V}epXwp( zlz!KOUTM|&d!+RRL$av;yLPR3H3cbfe49NT%$BO;C^Md;TXfi*8c>$04L{4lyN7x` z6fSUTRBXc^>A%waHmc;Ir}HPryKG+Ba$Yay3(&b|iF0sRD0o!w?m#wKLd^8JblE;w zS`k89!d#%z_ji6v%gs&Fy9`~_JYpqW$V)Vh;_8=R};Ct6`2Sq$Drg{-w- zvWU5#vzDpda`^?_ujP)<%k)ksVZl?9Rl?>xq!mHlymxcG6g2uVSyf$vuj@bIOU|KV zrq$Bf;CjRlv2R8ZO9VxqeGv7w_QCc_QN|hfU&-d0CTDX{$El4MH3Wh`;oF+R70B?d zq|?R!DTw2BUg#$wgu*9DHQle-@KUCUa0qq0{R@h?4E&0}?EX);D9?H9FmQPqQ{n#wt@Q-Br}utmIsWkre?jy#z~#dad{OAge=5-CDw^+xQ{E*!xePg4Uav9Rwk2#xQo*iu3?h zYTnY1Roi3(aO;|g%H-u{(?%aT1|FGn`#NwF?#$0tarp#%T_|$0(U-pES{=f^<|)o; zPKuuROEk>x^x-b^_*+{}?3uc}iWkwjZW_8J^HO(Q2&Q)ZhwH|RErQSUyZcIGO5NUd z2X-GD4%J1@q<89lZ?{G2K+Jk3xKbayF5;xY^ z+HFwjYEft*eanth*v5bNtn`}sWe}x67H;79eY9rExVmE+pf|2J48`?_0Y?LoWMXtk z;q-Ua%$r!#xvqE%cLaZ=KpRQ}8Z}z!5dT{5%KnU~|G@e4CwD1!dI+vqGf-lMdYG*v zv@6%_hk1eBW(1k~zhS4_UyyIJc@^vOp6cobINB?!gMvD8kly4km+si#FY$7&U>$Nv zpX^f=iDbuAtHckNcHPPhnd6YL?{A;hklQgxSA$>V4idlieLz>>`!S2vK=GW@o-5nM zZ$31sRe4m4_n|y&GFZDd$w%ZsE>3r-|p8+WB7d{oh$iGIGD`7EG{?tPJO7jOrD9 ze3C~BImsqDI`yXRRsWm&EMnH28qkF+-gKu6RAzx5UQ0iLEcJf3kSEbYE7kJ#!a#NY z)2|ze>KX&YF9*wv-8h5aOsgRqwz+j|H9cE{z`h(`+M!yt+xI%*UBo?nLrSDdUVq)J+0XWNr(! zGlS}0da>$th;Da>MxsP|z(FUM)aeAj{rX#bjVBqtp%hDQ%V1LC7*yn!D-Ad;91SCF zGxusrxsqQr8kIXb@*^H|8CI3_%@ls$)ZPN3m7VbJRF~qbgr&EhNy&fADK8Y0a+ajk z^CPxZ3yRrraWLugNsnblKBJt^9dD?IU=eoMYQ>)3kYF*04b)g@XWSiJ5}7Fpv0m)Y zG^-WpmarLK(ojX3iqsC?g~KL!?l>)dW*o}Rz97;WsLwgO8G7$DQpyEI4*P$hBG zL+07UzB2N3(RO~_Zp%A~^*gQYPqVGd=NRB~M?zOX3{r1?h6K1fM9eGebt>UyyFaGm zKWu$=eZ4W@me+?ELG@*WoQJ9)v4Vz7WCNb-MgTKZ{Zp0!AJ+?X511%U09pm>8g1Z} zsOIA=V#EHg^4DfXKCY4_-bgM~1kqjH9I>q%Ax_WS%#yxtYyIz%2ZM?|pLL$y;b`C3 zCOoVz%fyo?;`qEKLeHg_udt@wZp4XgX1Q=0yLsXQY!oEue& zxsu7-=;QF&a_Gor(XKB?S`e#H+*Jt6LT|Bia(*zw=Iotc3y0mY7>k(A<%^=` zXO_=H2~7_d`gmNQw7e#U=pf^AM=1JeLv#=7roc}wBhK%E5@VKgdySc#sH-in1lGo4 zueXhdz8cIK(vby!Vawb-`BXSVB~nGWPC7d+o>*0*m8$##w5h~yl}-FgpT*jr&+APm zBVg5+daUE-9w7zf+i`{Um0!b;n3EE-tA%x|p7>SSYbvA?41?t`xxVf|+0 z@RyPscsLWYW(DVychr_Yfd`R(r~do<`< z`J%Hwd9Ggy^dsc%dO&Hq{fr%n*N37-sGYR{5nj$<@StZ*=>c0YG4JvmGE_8JV>;L1 zXv&k}KeYfV+snji!GfjJLV9JZk@?S>%TA2y`~aE(jyO%^XQI+aT=M2Jx;NxE#jMvq zBl4f5RXuQ^&ss)g2W)F(8 z;71Bgd?D4)DKejnSs3e6+&FVh5;n_C-n_chy5AmzEHs80E;xvq{BRS3PxH$)Mj~Ay zY9a-rr@9m-cFysr>buKiSXZjZ5(`9sUjNgJL*=#lA9{;^HA~gsY{}U8ChM`YvyO;z z$Pcq%gdP}Km z)^}&_*W{Mcm7JXt3d^O@Yvc3lv+h_2wnWHC=M%Huk~q&I?dS>ZC4|1n;8dP*U4yZR zCuH6ZHag}(YOa_aL+mUeJm-4Ov^Bw%>wP?7J#(~1AG7mTnokf}KEndFE0k|gi;vb%XWRW`?t5_o;VyPyd5%iJ=UE--9{ zE*48KIGjCo?8Zhyc7@LiIL;2gmVo)%2n1wg_(H)Xx8U-Gv6tsqF&if1Zrw;G#sco~ z0xvc$_G+LMLdKFitHoR(#<5Opg0|$Af^C<*hDAm) zf-Z)@J%KjZ8CmLB#}>8+Gk_jYv=XaCiB)*Q(pCjV4N+B!-8jo_21o)W<2oapt&aF; z$dL{D(lmG_g$UkeD##z@N<%N=?Nz+fD?Q0aMh5v3Hk2|P`!p*66t9F#5{TR}t|*x7 z-*#pcSqZkEi+=!dTdvy3^IeTE%SG5DLIf<-M;r$PY?=Qk(`izDUaFrUucWZfalLh_ z+Sh6m5Sh|r^*GBH`r!m~^XINrKkFfD$NV5duhp#MdR|oESk8IL?B<8#4+Y9g-GiQZ zE<&gIqYtfZc2(mmizv+0JhzovWZmF6P-dd%QuC%w>oxsqs_vQ&VOhcf!t#)M><{A9 zE{5hI5cYK>2mR>R{pxr>OIYq_Lx+_;9zlE-p^V)DPL2t7#XAE{E;iJ%`X_N;!K2PJ zr<@Nr)e#e_AE0Xns*0Iua9;rut_&l2@0M1NYw2J$+%+qdHrVAE^^78+f7(E+<$8T^d>@v|w^x zu&B3`IFEZe=|%oHgpVCQ=klhs17ML@UU?hwb8oRwC!am^p@?XbHw)Yap5B3YqoOb6?BSP z%n($Lx@59SnMIfYthW3vts`mE`=Iue#H+`0ieDJ05&z1py=dC9ZaBC1&qE0+QLfjo z2j7GYp9HFS_(IoJ$;l7KM@Sw(*UE^!5+U_?IFrP^*6}krytwr+w1GouuGPp^p}CDv zw6EFBN9tf_{6_DN{lvv7X{n4QZ?l{mpbXN^a4tk*F;^nz##2_OU^f3Ed)5mD*opPWrOnh^J{mL z2h=e04`a0k!5zR_h&y+brRGRw{VfHETc9-%d8~8P3L?$Q;x9n^4+111hBzj|tyGKE zFqUwPF)+*!bIvmWrkC?a)*?2GBqH&zFaxMQ+{f zuqMNU+Fy5^i~hu#jxi~V2UZTNYP%i6eT3I*mT-97QcZspFD$a+qF$1brUS@{#q-ux zwZml}*Deq0FRNC`b_|s2*wox0d6fccY)if0`@X(7@zEycr-zQceiqsfD)GOc*Zq!}%Ca86`P(RK5qI&N$Ar}6sQ%%{A^^DM%{K=Dgn zWJ-gSx$Qo~^j7}zQA^%*MgU$Fk2@mwc%*RJxcXht<}pUc!+Dg$zWO$mL+mv{?Bue@ za?$}Ej>FFGMgE9<>|hic-2BwjM<80%w4zD);uavSr8}=-(4e+vt*L%$_>+KS%YJ70 z@mk0esMhk6OTwd1Yd%XqLByPN0`~*NW253xMgDPwV=dLQFoMspeT@CYh2=#yqETsh z(UIko%Yj{nWrD6AAhy5?SE%E30kd3EKH4xEBq_7~{v+WT!g zIYpsvdsbgRwx5;f6&=G*0okh!Z7$=ij&&f8VB0-^aHvuoe)Q#LWvLG{opB$PGN^x| zA~d6zho7JSC3hP2{rw+DYsR;(I7_AjbynAmhzxBSYdQ!$MsNokwX1sYr`$}X*Nftu zcwC(W3}1dn`xKCdj7eT%mvR~%=Q0j9hKs-hH-m5$&Rp@iYUrRm!*Vb8%{D>SOA~C< z0JAV9a@~yZeoN`Fp=&cgV-VXjGy|V)x9{CNqJm7rB_DF}w zRG!TPl|SO0+ap1<1tJS5i;f6ijx3wkC4I?w7{%Um@s#jVRsI!cQC4&3O1B&HU z8!gtEZ*z2upKYgLGlN{?rOjdh&g*4dbdPV&K-SYzfVbt>$)FPilF!ISNv-mG9|%#3 zsRU82O7}0UcarGk>qv`W-P&C`-C}b{t26{tHIV*vFv!@|cK8!`R|?BI=hk-=@8K3-V~wLf_VIjiJa*KuD%maA=thy|ceT5@ zNsZGQF+17$r;0Uy+_=m$6+5vLsL^*!EHJ{n%5h=or^w2e0AUDYG@OE%A5RxvPJ*E% zajMUs0WylvGtXwseHKQsRy*u^GmC(B##@l{#nZof)ckRbL z$q;hnjg)am)DyO7@nuQn!s?aCSs}d<<>xZx(+q5>8u$eJLj4RZQO+~^^zw*an3aau zd0Z>E$o#En+h7-@D|@-kh>>H}oME*SQfm79NA(?tDntlk{ZGW?aiUGUWM3cj9gCQ2 zK!gzJp^DryBgJ5L++elL>L3m7fg>7bm zb6iAUj5@!Pku$6lG}ykFX)x#x#SJ&JTj~Hnkozs%biL|MIdo=)M#3+{syNEY7U4=P zEgd4QFHQzG{wfIoIJV0n{ZN2oOIP18meG>plOaE`Z~?^D%re1m1D@1^$!ocx+^Nv) zD4>efJXR*9%_LB0VM15ZaSn>cmTpO+B8Bhtm+EV@!KtpXQ@X))gBBYe?g|qwk{{M4 zybisL8&33;*;z>(zpD}<2!WagCSu*bx)w$!5Epr7n*&X!noqe8T&%xo-oZ&PW1xMc z>U(X)Udp)mD`jMRn1vLz;)Vq3LCr?SVJ((DdB*ucC03Ze+PSaQL45;3c9ZueJlu$v zgl)c(8;Gp@>OX7W$1HApbw8y+q43Tc(qm&QYk{G*-xo6G26MGX!Yt=0I`8nhxv~yy zB=$_r5px^V>1{yLv}9{I(^%@vqnKMjA~^#D?5ReW;gz~iOskUYmhlq!QbNNHD(6PU zi|MPBv@$_1&%dao+nuJ>s%+PO$CUZWURylZkeYG6V!_AZ^YWG<>8n1SGj0%)Y~1QC zaOibfqTon5)da=4;HWV9EwxP>6NAvG6xl_QwfX2;21-h9I*+RDq@eE5>M*^VCj3E- zi8A(Bg;0l!9^~1hc+6WvxD@THn1+nXWmlepu(ASJ&0lLuj`sAnJMVN{mIkWFcVGx} z^t7R;*M90MZ_o7c$tKUO@z8c+eTn0GM%R;4m+7hkY*trHq05@_VCEgS&Ce;8hfpd@ zka#QZYSx1bfuqu>^=WW2x)*Kj`g9IM%y@+Ze1q?vxR-4!Wnp-cr( zrS#@MR@Yys$LiT<8!aqtaFP5}IWbW+_pUpb+jCHpm4)Q{lK7Nh*(jkr8dsE>MAgRo z!Pc*uCRYqejz!PM&^nnP9fkLK+`kYi%8$H~6ns^g%H!Sz&6B$T7I$|;!n%J7*J!NT zfec}yv3MY#F*a6V70${trf_`BDYnzbNk{m8@?W@?D@F2J;$Gc|Bxo0*-q=)&+l zGTq4%H;4<2{IM!u67i8<%_g z+?))d+|AQ7ZNT%N7e%jHd1_SOkkIxynJjnsw`M-z z)x`Wf2HPaT^WeAdod^KPYZ;S!=l=do|1#13^@nrDz;pip`AdZ_9E5iR%1{Cl!2Zvi zet_C#_!%zc{GY94y$94R)mM?#;wnn>+hsB``= z=9(}#+Vj~>xWDp`XqC@EUMb6JTJgz~C&%j;iuUvn?=$tl=GMoh6z3J4rmp>K0{!`r z;@ALsygNuBbDs^iGdf|J;uEAJ1r*M>c)&;ZdO_`9{njj@{4e<8AD^GQ2UyY}sY~n+ zf{Old$!qV>%DD!*HX#6nynm4FtWHI6|Jw`x_0xZRQhAa_@?IxveC#*d4@-NX{aM-? z&B}m|z}BX_|Kri$Rt4zZ1fFMM`yBnmy)%igr|)e=R4N@7wmwLSuP%^-t^B9NhL?ko zyva%><#2`U|FFWpM)k+ybY}0i&RkpiJwxAB3UJhOB!-Im{5tn-`aLpr=0~9kbH(BE zzo}8qRoC~XD0LI{rSU8HMtX}jU{7rv0~tVvh4jmmU#g>P?Itg0EBJOkzRd9%h|fDd zZ&NO2#GKz&gR?F{?#dF_q#lVC^=ivtIE*gz8MA~`4&1e=qoB-YZ+AdWGZu(_q0 zvsF^PZUQ_j6=--C$uEN+^73B(5hDg(CIg&V5F=>%6q}^Rst2zb&ONiE^T#^h9p_bL3ln@LPBwLk8O5I zrKc0KRImXEaBPCxN>mv{Z>W|{ic)%e^XddBm2jJrC3fGdQ{Q+!HXG}d7&paEm!DuJ z;cWrd|0bbRlkn|?$Trc+(6I`N1=vO?#T-m)Ega?_$~iDEv2{P7y!H0SsS*0sO3$e%lUCHwp6V`4V9Ug_Bq zQ1{B9W%U%=*yI5+ULYDg&&KVQ5>UJKG6*=G`Q)Zq`*{IR1F2i_c^KFBTw4EU&3txE zd9s}OItU-j{KeyuS$Y6|mLX%t0hA}quL7XHY9%2Oz>Mpbv|Is!{fm7Y3&NX59C36$ zKs^Go{%-fsQU2vqBM2oCsT}%)CB$;0eC6J$zAUKJ&?a%*Nzg!cJu&F{V2veZ;~*KB zUoYm~kJ!>-@;!Do^%YjK#y!L7>v_7&`lv04V>jSNV^AY&yrYQmnXFhw!jCJ@{dr1!)U)wDhbnz0oMpOF?DlG+Wvh zhNz2J#}KdnNV0<>f%*Bdt3FB8+0w9V)ueNGd%(f5>%cHdh|gl>*`Bz(F-7_9EqQwML^l13j;yJ`~SksE72DeCJ(@0@O~-!o`Iydh*BTy?Bi3L^KpoD_ ziJ`lLYjl`?ro7!_q9KDZw5eLSiZl@h9g~_TaM;vEha%iI zRS-u4@3Y!lc-$6MRIsVQEquiQt246VEqgWTfI>z{6+mhtQpx#xUa+OYS;B$^T-BQd zHN?-nBrKQv@3!n0QQvkr7$0~~YPUaU^<#gwzP>DV7a5{@c3z=W2Qob5U0uOqF9vGB zu6EpiCbiswk2=2}zA3wVP2B8`eJKtZF3~Dg;SsPvToh&!A{j}__BPxsv>u}0Bq3t4 z$_kluDk@n|GE-eQvhv1?dsvJQv5pFAeKwvXB=(lBW*dCqACz|jd(jZyR(E-67i)aT z)?b`|k;^@y{v&)3!E8SqGq+Ig2FjYNSHN2VR0 zd&~UK^9hzS^IO&e?RUcabJ33h8Fx-0%-1<`UU-qXBiO{^Yk_&EWbayOV}+-&tJ~5W zr2qE;MaShc2rHC%Y~jq5zet%n)=2VLE^5)?fQNb_N&)-~IGliMmHGZ9T1a0JkP3X+ zB?+~+Q;xlw8~AyEOu7S35P5yX=uNVTMI{%^v)VV<++!)7l<>;8q@nm;b5?S(Dbzg~ zG3p9Fh`u(eU2_pxv(|`sb*R!wy<)kHhAZX$n!u8z)I6fg-evV$P30QI*h}AL)oEzl zkcSxeK+Y|`c6djs|0rYxTF^cHM-{`;&^-VNxi7`tG*|IJas$^KZ4`=D3W)H{0y)4` zw-3=5{v`~SZ)dPWFfyDsP)M=G;h7Ar93_$m{zY1Q}OYj2x@fB)o-{gJ7=pMlr!bPc*h^_S~yIhm)&ZG)s`pCRh=!} z)IqIxtp?$;vp)}S7&c>^M2w1>`W&>`w+*_@Mh4dm@Thu}d$73G>>ho+?7*nwPsHU5 zER$nOfw&1}=+<;wY1~rQ4+G7|Z>>(>2zt=&tDoK0hjKimP(fx<%1RVehK*iq+J{6cjM~b&pV}k-457T<#)kD$31Wt*Cbt8B@Rwh4FKbQAb1N9Bl2zn4ZAYa;2?y_bs!m`Iq*1PcS z1?bKL6Zn}qY^S|;t({o{h;D!s7L}xj?{|gUfDw;zg)*+2;&;&(EH`ckYfsDc7KYdD z4v;3Ja`h37g+|lujZF`=1#>4{A*oeqgW38e*3)%^U(v$Rg)9-axdTR2R}hAN3zlAqza7PDO3inN)fQlStJ{6HsSYb<*OJ?)jGR((3E z))U`5k*1lcvQclzRc@GJUF}SEzvZ~nH_&%H2UYF!(k(Bsg+VU^io@u+8duLTvSjJF zHG#-UEV78aBOc~SFonJDHwbzPR`TA+Dj;pOO>bo&(;~LGLtJo{RMYonO=FwB6qvD! z3DBc#d9jkD<=0YS8Vpw-6+r^=ipu)8)Ig{1eRwWMW<}NU;3?~Mv>sOz8<5Tub!h;x zz2O2!0YwRdZ~!q`H&&@@d}TD-Z9L(Rt4Nr^4v3u_aS=i6X2}VO|0S1Hwmt|E7!XIL z9&K|qT`@rWYr7Tc*rBv5kNS1?jBmVu7;%`g)?9PV zHSg=bN~unf!RM*IR9RWQV!stFrqShzb!q=DKn7W@*&yLz70oOpBk6TLE=q8C>`k?I!U|({C;I&e7;($ecK3>?Apnhp0Ql1Dnx+fXw$3|6gcP>k4i7cCxIAH zB(6X^cd`1ZN;Z}FdXyR59J*`Q{58OL_8xM}5a4&}mY4@8$YMOr3Hak*RcThDdl8?s@8dnIxL52fIo__Y zO*(b z&Q<^C!)HVG1X8j-(@uurC0Wr;5v#DTYeSk}&Dv9UjoyM-tX)x1Q`<7Ae4QT?+d@?6CN+_7BnM?zvZxGmoW=kH?>-C+Mfk=sSe(ZM)P>N$^t7v zj0g<~+@y}elb1v0{=y3Gd4^g|ew4Ic6@h*Ikjoi=SVj>X!EGXS6eqXuolm0IO`X;B zO5)h2B6wv@6@`A+@ ziFg|yT?}nhLF@(A4iy=G&FgHe`*u|9wO&2hY}Uvk{qBnNSiO5(Ddc>;3!s;^rxfWG z-r{Nmv)0gvg;2z^nd_g-G*ig6lH~&z`8Y{G??-iw=16pmu1iqE?&Mioqs8TDZMDAJpi`JW^-;uLxl$@RPSiC zGZ>S)hBJ9Hu2@k2LL+HX{(7xGPw3L6EP zIdY8p4A}O2MJ!HN)AVVa0vq*7s-+ACyE@+%TIl{ti~El7n*;4T4*DB5%qpdVq{`1o z{%Cp>?9YHRp)`Ro__{rXjQc*r>+IVw~7jtgzIRirTTy zeaN2}$tHGMTp-#mdJ<@!cZi})1o(qZ?H#elc5V*GF~Y#_9?)_y@gmUI~9Nl+9l4-w{uDt`G&sBab%+n1Gclihuz;xjo=`aiTH<`Q{R+p zSu}vTh6c#hyg5pd)uJ!F$mw-cmn^QqW*f~WK{X{u_9lI}4O&V~#!kSmTQ*Jk&PDD7 zzsBYkqkgSy*P+kFv0p#E#S@hR)7&`1*`(1!Hm{b!syrnCw6$sb=RMS zs~g9@6M{RGfwaU;>Ioyu1o=AGXz9D+GJf^MRjI^nCfS1vIgA&fF3IGGWy3fR^8{7m z&Iw^t^$LDjB~9XbGY zx;hIWCABV6f znFB3Wr|VE?bV*KGjkbJmn*MR_IiN4op*7x{z@HxycAH}(7%%NJ9&Gy6Kt4lCzeBen z2a^6u(&fyg5RT_b-eX?>SR%{eI0>;QoCC3gwOCzCPJffA$xe#~LG7>D)bRpZK#y z&&Cb!Q^>~;x0-NluoYb`VD5Fhuk>nlC=T?Yz_v_AE7#-3evev*$g^*c9A6FbMuMx? zPOKlP(Hrns=(g9Ew)eLm$crt~Rf6iYMH*)$C*5MyER^^O@PWUQW@EadfEd^~cw!D>aT7-s6F zxm}_`H#0&91{XUnET+18FqlZr0}ah&4Y)t}nM4aWQv#pvX;V%mY%UI6TkD@H=C)eh zHM5#%CcW32{cz#FK7KeC3|KGmGq4R+8A{!S6=v3KXk*{AiBLf>r2=xrU5@f=Lq6{w zxWtz(Is$}=54@H)`_FV@#hqd-p`WWw8Y;bOy+4hB8pD)0p)O@v!7E;0*s4G4vafn6 zR8OUfEqddo0ORKZAxOwZZqL13VISJ?62qMQXWot$<02>wOcA4tB;Q1TFU@-I7&ufd zDMk4tg|5%KWm;>(0z2MzuwPa;r)-)J-$`*?YvgKF$ALhE)#9?+-Pqs+pS=DMuD-^L zT}EgL|7di3YRs9wDN(Ou^~Pm-07CiN#Ixwy{d=;~O8M=a`-?n&u5$|PZ`X6@;NF3i zRfpB^EuZu=)fT3ZfMtwv)`Qn;u72GgD@NQ>uYA3+xmjE`R&^Yw6LUwt^-UXmo1iO+ z$9~Y34~Gj%c+AJJ^rRl=wD~7g8P7fK?|YMH`5B_I06%upC6d$pt75d_0AND8G3n{r zVUXlLczyq{mML?nQCc$y9j7CiSlX8OPBE(G2ZcvX8ADQEjG;>W_|2oz{0?MazdOIx zz}e2yrq(j&nPW(96Cu~NMb%kqYPJOeXb*vFP^2@lc;1uwB7{BJkrd9rHG>?#Rm+e=<$M8&N4nIjIw zNk%pHwo47+Om}+c7!KD2xi7~i9+M=fNlxz6d(FwC@`*q5WL0{;p6x zV-X$>(tm2&SIn=TCUWDlE~KyLxy3?>zEUye2?GWY6P&*mwR;oc_kF8oZD$~`a!Wf= zp}ujU);WaafGWjDmo52$T}w$VkBYTfA;u&WD}b};<8`qq?m=}1wN4GgbMS*z!o;5j zW@ixqPHbUsM;6ukPWrKmO$l?1-&yfF8+3Czx3o;dYi-^$JyrhZ0vn3#K5UHL7BH?M zwBbmPy(aYrd3E#B@H1>RI8qGjl`CK)@rWTPfk0hEuMjWgxWL2Aw04S6{kA7&UW^RG z0|xN{P|JEa(|dE|{kaQ%Ug>)WOUn(!KNq?r%xN=bF(b%@UeiV*=7j6Ak7~_`h{(5v zeD|g$b{9IQAjkV#r6>>K*1fH~TH;v1eQGd)RN#YTqo%qd2#n)fF^>QrZGx)-gx1~& z8af3z{@c&uXSr}a@p)~6L#n;jD;@vXS0eY7e#>KNT_P}E(x;RqdFR$A>ojT)YFgBW z1CvvCxNS>TlDvWv0MPR7&cQIj_vlM?U{jSSknjJ_=A@LD;&|g?$#GK*_ia0-3AhVg z8Gl*#nfmcOZ^oqP((&52I}wcP{1cQ5r^5ZttsrVx2>{LcN>>tKBzO0o1UYWdtkPfh zbM0q$zn@K<7%AF`qj%Y_WIL|<4esCQOZ&hN^rWV{k5PzNp?4}ESEjV4Xo{HC#(Yo<)HlWf+W?c;o+8O%Qcu&a3W_yh-)|Ma=PKM+c)LSG7ZRhvC2RGL2mnJi}L6GR_cgmu2YO=!-NKa_#J%J`SM{T|aX^|X6el%hEk0MPsq zU=rHCY805*Zdq!W9xVmCLTK_{PaQ#9k{o~64wN4*I9rYRj){=cUyjdo|<-fWK0G-Qb zk*b=8N>- z@=J)@ReibkTZxs9D8YTZkv7{vwclKu=?7=tXh>iU)9$%Hh~fZ@TNao@@6l2y0k9?_ z`u14)OkcS>uqV8N3EXmSpCj#Z#YhM2hDmvYBnf!^ttwvtMVFBNymYX?qzIb=G+yTd zU8YYd$KnB9jiK4mvcH(kKPT_Zu@AbI>y~P%s`-K%ZJpRXpQ*S2e1IGvX1p^}q2w?U zOXA|W29Rl8ODwyRs85%qCEdz7jH_%);gGFiRK=_V5$Ib**H9n(TmpHuudn>YF2Dk$ z`K{!e0Y*z@djwRBdWymIxxq$*tLfD^JhEpE;B4$`5A{_5Oov=RnCWqFk4gOCHlWY} zh;Tn}b@Vt)Hvmj01F%_l#qMXOZSS=`)K1^WeMF07;9hytVrTQ!hwqFHb+fc|lSTX- z4Eg{W9&3<+@BTuP>NK*?LSy>(`pNtFvJTm9_FIQuFw}^UN_7FulzGWSS$=>uyoDcR zn9L^(6%_C&+oeBY|Fk;fc)4L~K0yj)!fhlN%}Mrtza2N*Q(@VrfF0Vfe@?jX7!yW$_O`yM2I~VbC^)z(+_G#VD^}s>^g&3(WTfkI4^q=OGWF4!tx6I~+UhvDXrj zYU>Em-b4Z05x{ePpYe5_Tfa{t>Pg!_d4qE0a+MC!NW)I^^njY((X7ic}gAya4XOOK^NFB0Av@c^JJY65i4_bEvBAKT*rTKJ*U!p5xb2niTs+d)rD7)s&(-gSzAU-!jJ9!s4IZ2oQEKB_Fg6IyKlkgIw_JMZ!5 z{<*-iYabiEvAlIGx1J@Sn$N&MMfw3DtB;IvS4tCP7>LscS>cWmocO^yWIVsQA<)^q z_0Gh#3*aZj^`?VV5;_w;84k96!UzW)_ehd4>E^J@C|eSqm;K=Hbc0@xphQ#H0uyPR;RkWT>vp4Is!J6b4Duj{otI!tvK zrWvv7BUxGrs~_-bimY$IT8q=z&qpGNXJ zunL(yBh@x4-YnzHC+Me36b0^kWHZ3rhff`404rpTjI)iDardN(R)kFeoc>PBXt5n7 zdVT7~)mKIG4(U&@_lanLwNhv(*{H2oUu}b+hI(N+O_7dNUnR-iBxdSxag*ap@yP3Z z_0%h-ko9LU+aM{)ALSR93v5c29N~IpWx}`ZPbTP3BE2U;>;lDLk5ci~NA^O??@j%M z{2yZ*kW@-I$G}CEZTLE>amyC)AV@#EsViAyZyGS{itGsIdYlCK#oBCq8MX!MorSyn zSi8Z&8KRZ3vWt0Su6A9E!vrF}Tw*l^m&Su=j`=ig-7V>3_qtxuI=n=ymRcjij^6_W z(hG(8uyOZvxQc9e^C2(NZ$AN5LMbKee}>KoYkgl5;MafH_hXjavmD>uV_aS9XlKT9 zYwxDsS-@!En&Y(+8ORUCp(u{sDA`E2Day(F>`6Agw*a6y2GEjLGBPokoRBxAQJ^Ni zd`U@P!MvhO7DBw$_lO~$&d0n1WmL)ITAl=y?Um47Xsv4`8!jXnm1;R-P0C9%`yQLN7atwM$r0My5t%Edndx# zL^%_`ymn3c+$ZfC?iCbwq>r((zkGkooa>Tw@9saSA7_J_gPI9ZBbnFYy@@;vsP%24+>DAr|&r1Iog6e8Jj07sQHc6`^h{TXX|6Xxs zn{B)4Ce%U#;E*WU<>bvkX6`UxH|)|acoqq%W8t~XB=uxK+T_iS9g1@5B8ABA4PlZs zF^y{E{U)N&nBQ;Nif+73zz!!Q3Z$y8>J(1ubO1z(VAbzrql#y_x=k@UaejK?m&N!QZ}09hto(u_(i%UN4C|92T>mI__j2+TeHv7Zo26Q096XJ!@=p z*-?tGdy1nHOP^E}Eq9x8KcUQ&Eqka7VCX!*gR8rLds4}?Duf(2y zY=KQYV0ZP(!*?tI`^Hjy-S6T!%(iUE@q0VlAqi&?6I0yw6}Y#C)&cQ=wTYbkC$VWq zr8>tl_=qan?CbDn(J~+q@k5_1Rm)+-S7Fm6D4}U{^~s9t)2HvZ;NpOpT4nzi&@(;A z+gol7#g-=NX!`WYt&`3ZBgh(1jU!i4hws0<09wB;^TVE&3SeF2Y3+v?6N|<`O z(T8777Ijot$+S8j7n8E_T9+!S&E4?jcBJEypu{YQUBt=2yb+AM3iPI80flF>J#Z(M zZ2*4Kph|BXs1Q)>ffZ3wE8XrO)4C`GiZK@0=kYA?>#*QPv;N&MAvMbxNn#&fdH@L| zCUYTU-qy|jIvwCz_C7vg-sPEo{(FIa4{ipTQFmq~gEJ&MuFNg=nYXDB z0ueTjXKTiRR-dvQ@%A?}*)6U0mqz^o?FV=^Pz`GDp&4cKKF>5K;}|l*B}ftm2Yese z_QZ!sbwdGQrjciNN&xeMUi)pkL4!6#+ExNbs%%JTU#a1`CzDH%b(ijY=IFy+Q1kxv za)7Qv+Eu4cUQ46WxDQ9mq!20+UIX-$#*D;5BcUPx635KDmrFg*!?0$udM4lpA>Xvw zjZg#rCHiKtFc}Ee%28>qh-w$4(?<`LcNi-rnTDG~^dV9F0^;cYUc&|tT{jlXCKL!d zA}w0q`^~$z3<=$C>nE1_AESz&7c6tRS#SY09Dr(qovDyP6?WGS^W63&D2mhEbMt9; z?uoW7hS<8j(SZyTYcsHUpKAwOky}u>kGARw?m2qh6A-}Yp@q8HB|+I!OQ|gng5F0X zg(h0#(i=y&Xr!T3F?+KKCqv3I(Wj7P(k3;Y54Ip1)BWi`A=-X?ebW_-sbIyBQr&Yj z$!!5UtClNR;kVPLSA*fUtkC;oTx7uc$$%{d5%y?`5~uFGT*Vw&*2irkUrbGY>v+2E zf?38S8~k%VKqKO)Hw_>Y84!;kxk-4G8T+C}8#wGu0={yAZ$BD~X+k$9w>urWGpxbc zrJeBvi4TjDJz_Ta$u~}t6zb0U(e93C&U1V6=Z?`EJOR%`Xi8NXW}3oY&%7rmJh+wAlF?zgRDX({syIZ_Gls!_-s<5v@*Fb1$9Jb>o8$h1f>&- zb;fxGjQ3(QSDpPgmAMyBwuwtp?#Y6DMt{U2xIg(r^-Ah(qrjV_Ovfbk9sH?tJ-Sf` z%VxQ4TKf|{r8)63`cZJS>_~xbLd!c=;~S`#TDdNhWG9rV_r@+kb=MWXU<0AC+Z=*9 z?W}Q6Jeow|YW9VU?Zxr2P>q$8_!Pqhew3p&Z$q#*?~C}UM>!w(VGW713CorZoyF!0 z3`t>rZ?T_CDjkL$sB>J`_Y%4dP9sJkm8*rT>VU1t#_MzZ(wYO-CDVeZ(8FPKUyVH^W=ko>xQu#1-sP5C^I z_)Tc0Yv(+6ZJGg@+v>yBFxNN(0&BT6u{2|d-~j*BDnM2DW&Lb=v7%g&f(FB*DtQO$<%*&&028-Wqo-i_ojGVZd-^+6RizG-%+r4mQ44JaZMLAxes8YY!e5 zb;me*W27ZLbt{QZsU!LOE3Y$x)+Mk(6u;p3Tr~a8glF`q{I{UB7vF>TXTrHy{16-c zk%1{sYh*9^K3)G)s|X`Yn%L?st1lgSq%EHCp>tNv^P;%a?2mRtHs0=hx#C*~x<~=u zqO$O_=$r8Zw-V06qi^#~fa_|lrWU$vqZt9!9-5uFjay<}foF=nHiP#@ncZk3bA=rA zFE-fM14+jVijHMlefCyCW@XlPSYAZopa%WJv|{A&K@+u+!X_IXy;zPL$6rMr^vP1T>xvFmZ2`lCozGJs z@ao=zA9;W^N%$9KZki5kz1#;HWd9oDKzpK$?yALTM-=1D`Qo^n3jqCFi$ZkUKdQS%KW zPVcD(&l50@ZXWXvhR1x6^!hD?WJdq)+kXUSL18{!)rNz+LoFDZuWBTIWnZVC#=#1Kg5lJ(R*EH%SQy{y` zH`~ybE=1m8TPlo~wsJ)Cgj+(o$@u-IY_DNHm;zWVx^8O6B(Ym^s-e(wX22D(E&EQ^ ze0kg;TXIOrHD@R5C?jap#jP+;cHb%#@0+!M-E3e*Q7VuLtk)bGD-lHsE7j|vh-h3jI}12 z&9$w3&8q{ThKyQUqMUjCkc4MO`3bHRYw;4e7>d=h=bZ2irj97|eM50U56mo^kPpeg z2K0vo@s$^8RoSS87&rO4a~;Et<-jI=2YqG3dltTi84*^8Cz@pF4<@84;1OS0y^$}a zf;qgNcx#L^^XrXftiMC3Ebt{b4KZKyaL(Pg5OvK`-LSOoO6(y7ZodFVaz9)xRm2xQL2J5n=)(3@a<*Mx1SrGiA%re$es>u~?oO2;2jW=bN-upv~ z?{d2Cp9!Z9cI~~8SsDj6xQ=l*HQdW|8DwoWDzSQfdV~mlp?%$Ay;L^cSwb)qszm^( zQl9A0ikPR$nByA)A~-nWBJbby%<%0TT&9Zt8m!PSJTVYr>u618^om8)d=@IS?p zDn|f$)XY-5?vtR=?_DJ!NW=)XX-X{kz*$CKZ*6DB{cD)gXne=Hp4^t&cPC67;?~n* zs-vLJFt7FHqs>5;$8-F>OR1u_)?_CXQJ(>0m~~eE@(YSZuNxA-7NE-0UGnSK%vL{< zr@Pmhw;9BzoP5+%X7vlTVYNtbVS-vtfaSYY`0D7vqOog>OpO|slDTW;(S>~SWp6IY zdQkAml2#d3lJDj`>>wLu9?;^`_)(UsJ9w#??a#~)osKI5A4tyIYL2N7;Yl1Z;8lwJXh70>F&us&v$Zp zr(RL@lf9<^NDg@1{y{@)nhAuoLVWMS!ts7fgiZ4oM?WbR6;&8YKcAx&*mAJabAasN z#))R7E>KoU+>o|YtZI<(=Ug4V8%v+gY5ahPb3uT8INPppE>)ArkpOs$85HZ~6Q@@{ z^0y@`MkMl>eUULNZ`OrI`HWKstHjcZT_&Y?^l}s##zUx$h!aa3=eYOtVcxj40GF^W ziP`e6YYIMrk%7e7cP)rr!b*PKMw{nW2Ql_ZQ9FKCvAsy^v~m1mzDKT#nER~Nc;SRP z;#vK-T&F33?2!?;shr1|)7Z*t=G)KcjVl^)>qu5IU3wEBKjH#*7 zokhB(vqzi#OzUd#-?P%ynmjAjNH&dJ92_tW&O<%lL(}FS2^$wdVcFOBdBuyS{gOuR zoDT{ssNY`>vcw@s>*q3NS$;JcAKZw+fC^qX(k(g+VW#gNg@5jq#LsIN0Vep8!3xe^ zayQFB7Pm6opYG>WY^n&_3oO`nBTZ*&N zvqe1wp&sc8=9cNM+oC2OD^HOcDBsvz)U8VzWl8Th8*j3{>S-toeOWotq-FRv5vG!a zp&n)Geq$1@sz2Xn+Gbk*)IzTkI}$b{Rr52Wo~MLHur!kjS*hgRQ}yzUB>}X*jfYXH z-V85-8?Z5RNm#1?o;hbgG4nRntZQ-t980brdTS`CmPWedbkVSt187HQ-lkiIAt;y? zDrc@6{d`^UCs5()TcVRm#WU+;H-?z=`+RR#KKA)Ad@4uZn?v7oND2JsusMc0{k7e} zZ#d-a@Ri9o3LywrBw5``wlNNc*gl|T-H8rVax=`S=Fx&8c8Dg&XFBe`3@0uH1FoI7 zk`l$bXp63rV$%`E*FpNYueq#IB|=AQj?_!Ms@k5sIqK*~iZZP<`C|gFLC_Q!j9v|a zZh72Gzf^}dLou7`a1DDGxi0BK7{*QRtg0XpT{_GxE%34%CF3=Yh9DcC!AsS>~FD%Yizx za9fJBMK&gh!rjVWfnqO9SHMf8tKMrn@C~;#m3sO#5$$@G8J<71m`(25?-EK8A~)OuE%D}=D>jelsW#{9^^GCf?%t}XhJ<^rZb&%H2z=zQ0R zC4&AEsm*2jzQMP{C;TtAfZP$*CnY*}2EF2+fgbUN;s{XgAG0^i$3wxM`I0Kuvf}}h zV3*+Jg|0-HP7kbcDkWg)k!Oyl=Y3PsIt(8akrwlUJFSZJ4Da6}SO*9(xz$2SoJF`I z7H2hGoqMv*mX(;+2}<6GW^XB;D(rvg$xvzrZ|#Gyr%p-uOHZP@R@lxz_Jr~XcsXfC zKuSuGTj_~B{-i@ujNc2(08Z?Lt_W4tOW8|J&=)&!LkPUZq1)@u`8H7rFWgUVf*MoQ zqU~*zL_q^Xj%h#H6EP{x1^t#m5u_G~&?dwhZA7gSWmDYB2={tZh)bvel>MRIr@z0s z*ArKSZ|*?6vu$N|PaK!OEDQd!yyX#k*)xU29CFpmxK+ zf}#Yo0NwY9p;t>qjs}aXYeh^Re^f6g4O_b&otq7>WaaZ_YOF!!3!^`4X=QR#z=UZBlqM53PT&^2-Y2TEl zFaE`2xh#B4Bnkh{g%fCnpvRMKx7**xE#8`=`(e~-ZE@vaXDfGv`SM3&Ir9tZj$O3z zbgmmq^g$_D0ku=L3$|Z54=F6&%x~1FkOuuP$^Y_IP8GUsNhHe%h+rbcFy)y}9gc=i z%uebcHUH(sh9_0fW&0Y?kxBhiN|LNVAA;2kZooaFT`+)w# zD>=|%X0>*z<^O(4`-i8b!K3$I<52#cpLRGk2Y7)v=XCU?Um1M==^zh3*Pbue5eQ9k ztf7*3QptFfxu<~bk>3~Yd~hg|LhPa(Y-t$Rd6(*z8rA$TzpW2=_&n5mI-DX}J4No} z2VBq-cr>%yL2fhu?F?fC%C*NT?Q=)ho68Pi|I^(9mxOrr|FUlU>$~L?PsP|sH`}zNzND&dh z)ym#f@l5~g!~boP{Qi#^P2g$?uP)45{jxauALwlww$NwNGKgeqC2S*Qkl7m<_Y1{-YD|CF z%&WEd+A75qmylqMMV0k=a!5Bw5YV#J1L2im!>nn#32)M|R9WiqEAD#%JLkkK7v9(vG4z8IX-ctr8Bv`3&dCNn0v8{OY}OdX}2*Jg%nUXVKw~1 zsiY5q)UQl=o|5^feZaCJWNEZ#A5KCKqfC-4FEag_sqG4(#jU26D6?H5e(k*XrTZIg zkDHG59_Hf#YkWK{0_fplCu(52P@};jJxrTX+CXRC;|Bh=;PaU)A^kV>%064@l`0CD z%ci-trRV+O#zXgh;*R?Vjvbo&3=GUnM^H{qliR~6Hu^(*RkrhXK zbm*HmWU5=~ORSd|)u2!Kowt%8tqJ44(33_rWGVA9(U6L~HjygsMJXF4jFcy$brPXW_9Xc?s4{m1FU3ke4p?E_?F>j0#KupN2-*3ijC`{%xlfl z*T$FWC#{oAo%YJFjQn`>HHXy|MRI^il!A@NhtrKy#Yzt_g)d6!ez=q#W>)W+P6qVF zKaw1I(-l4jY#1ku!beNU)y}96#i$D|OZ8M?K896Po$3ijH>!EmLP(!thR2RCOG9zmT_j0QS8cJb>g&XS{^ebQW- zT1?-)p(n6Z%C0QZX|hk2bOye9Drnh4iP(?00v~QUDp-^1g1Avx>i^gw1mCpfVwLRA zU8Gd)FJCOa!|sY;_EY!Seyv~V5&ZbJkup49R7<~YL`K~i+z8(b5qh|D$7%0m2qU#| z=BDIg{kema^W)T@a5$wk6|q~Rc)fUOXI2RL-YJK)nq0axM87jdn%$j`bZS1V_x=dI zdhG{<+Pw?0c6g%KzkE6J7MrK_j%|Ko;e7*$j|0!h7Td#5{U?cOpt%w=nHDq<#bU#1 zGKvYw09<3{g2`AaILEwBJ|7wz9|x$+UW469(c(1nZND+|7<-zoq>v?9s=pW3VQB|6 zZd3>AA?{+aN2MECXib>goiT_~wUm3GK|ZT?rRtKyVJ2ej>nWfPlm?go-kFdwDwrcd zcZjzLKtV>}0s35Wg?gn$=A0x|@aJe5$|z^r{&R-fH}O5{j_B(bGFv(C6zTYQSXC+;-3){#T$CpbRz88H={_*I;f@r^7DJ0Y zpEx`n?$D*`k_|uCKH2n)auEM6L&fJNk)xwL_uudz2*!6B?8*m(Dq5`)BK1EE;}R-V zar8wf#}HI~_sxohx7?6TRH0-4c^1{J3t6SHar7*L+pv=|DqSU83^^8f#1djues5PX z8#~+yY->^v@vZcU10B~Q&BFebrY%dOd~aurVvcu;n6nYd^B!R+G1eN{h*sln&?*_^vB;! z@o)AAn36t9;>XGj=k?V2*lyo;TDC@zSH2*E);4G4uVL-Zdw8Wj@k((pg+R4)w)>>Z zqIY!y;t|os%SL(X@NuBym9|B0Gz#fW<9>{(k?+8QhQ&TPXDe-CCHI@}C++uql~6D) zmbdYRw5#LW06*RBfn=|J*%)u@d~Wq*kw)NNf7?tv zd7Ixso8H;YpMhYMAFv%T|LU-G`L!gTKNCuGu3MMsk?5aw-prF6-h25=Rc0q5TXmoA z)~MM>h`EeT2S|tPl9^(Yls(Ir>Fo;MZ@Zh{96mW&Xn6t)z=zbU)GzO-OQ;Zl9pMoe zN+IuJ$P~RY!#N0w)qz$GASXGlO6>2Nhm2?5m%rLJkbdMSk;FN!B7d>$png$_^i}t9 z!1l5Y0Bl#*$d=adLob{&1b=?4)Rfg{@ulCD%&VaQU_N`Vka1BTBsD;?_fa)5O8idJzIpp8@K1-{{fmw3iEUm1d!613f~L}@@x*shP`n{0*ZTlId6D_-A!iX^Y@`6s_{r{io+ zn^^6okco=me&FqMt{O5c3Lydhuqeuwgg1G#ZOc4p*elSwFhZ~;f_aPZ5bQz$Pz3>5 zum$bf*`QX(PZg^@{SUzdr{8pFnBMa@p2U1;te{b1>o2*y9}VpdOvDbspDn1EbLo@o zExvxmjasG>pKbxt#(nvGk0@Y&{bSs&x&|@020Y3r?&c_W92ADHdC4wPK9|a|q}^SM zAC*ulazbX45=vaknzL4S7JLL;mmuR^QvrCSg?0$(^9e3u)D))isSSqSpTv7>XeYLS zM*ttN9+0f^V`Z=oVm{K~sl=~Y`HBGW%7I^y!t%G~Ks!#TVQ)Z9NS z20^ryTZUX?rcr%@w+m2J54#2r5d1iJow+u?p$thuWAuNx|F9n8O%hrS$$}{9@#eD% z^{%%=8;XnpDIighUnqzv0Y9D!!f-pXYZ|``9NI@HY@Dr~i;`TtXN)sn@BRq;asB^ZboSk5@IGqT39kKF{d7hRewJNN>KEhGiNVFN!T{v+quSvQD*qvCyieA z{N`Cr$dL9cCrG;)Qz4LB1{YS!A#0#v#k{Q{LRj{04={pDTw$JXYDY*9L)RC3G&a+f zb|!7P*hT$IsFX754Hzzwy!*rxl0r$_8MXA`nizKfBKNvOu(YXG6PBikN9<0KMw(g* zgP*@?XG0Ct1Zx68UQ2S$eyT{HT;LiuTzCwsB+aoTycHjTEh~j zyHJtJLZ_JPlxJ-)nONVaBs9coB5GsqgBy+=y2BN8P=PU%&W}qd^uf#x+`wBgJ%*uF z5^vcPRymdftoUMz%yRjN9>F-#xj?=Wb*Pf}Tn_ufXz7d6!S$~7w}sp~g<7uWxP?O1#UzO)Xr0kK{UDr+q#@0MXDPZw4wTOSD2 z?Z-Y4pNf%2k-`|*O;p-pYef~7hmF9sUS;ja4E--pFl=MPk2^=6{eCh_+_W_!y)$9! zh$)f=`D^#fbBqSquWjFFr;Xmu>C=g98osniCswo;`*amzB>1F$zUxMCy0^2&?ltLz zEAly5opAP$K?X_{y6p6p<3gvd9&+mb9n~r>zR9Wx#bw^<)RK9^MTpaQ)9M!h;M17s zsr%$of*0arJ5zY3gU`{V%`Uevco&BXy1Z`7`Y2$nVr*wU0B`t?h1)o|ui^j-Lx1eo z-^0t2P^DPBBQ@ovLCzBbdQ~!7h3roV{No8nyL`}u>`d^D;&F|SxBHRMPM$mu%Kj2j z!hn2qSCs>+V-~zm3mMVhMf!y9-#)7q9mgER1#@!Su^T|wIPUjnay4YyZ8zL(oGQmF zDsk9XafN(4KeUAxPg;2#`uSW62gG%-yv(XjMH?#i4p7F6OT6wc7DC(>I%`KR*Yvi% zkJ~+p+BdUClXn%+hVj;F+RqE-^PLq!xP|jEc+ky7&QnN_1v(_;$J7?nvtYFh|0MHG z^g&Wd;Ql6s7;n`5~?+K+Rzs!kqaOzH>+VVL08cFL-3~d`9Jj@LH?l z*+Y`W;PTveRb6|x2eD(e5OQ2L_pPO$7)7QXU4gsu)~A&!9Z0CdC(SmlNUJ?btSg4M zV84TV|IBH+P0Ek2bg*Yb37lAd@o30^5Opn&cXTZ1cq@zO>7sKV6d4OQv^k;#k%0va zTrzjPb$_!3mtX{Phkaw&ZaTIEm#0USa19ECKq zUokBg2v=xzI+&**Y{Tep7jj-S7V*g+m~Q1qk`qn2bmb%r_W?G`!BS9m-=5X@k}j+I z`R-wvx_XzU!olhtW@GUw>!daO4K{E=Wy8|4xHl4k9#T9lt+aeb>Cz&^Z0*HH|B-=m zwd_VXnpebuxIJhbuIo7&T=_JVX%Q>Rc*E-~Q*_*=5hPXi_W)+X?%A z|7lLDx4gBgn&+inv7#;0#D%SisJ0_XVe< zO}wZ>;Cr>Sd%SJIB4-Ue`+0&kfzfrLHvw@l_gGX)+%VC8d$#4;aohAUVV8%Vo;!U2 z$rUJJlZD&{-g56fg=%f_TF=fa`|O4B(RvTR$x)Y6DXtp;-=(_|IAVY7WiT*mUmNqQ zomQ4gNbR|?+VXw&&`_d!QfKTh_(9I%?33xmA#Ecgdhi6t-R{0Kg+sYl?p1#SKX(8$ zG*PM}%bMT_I_xWMQMFLTbUta9xV*OUx#+&P?A@gcipG4*rGS$@uK6HWvbJ+7VTTc> z=387C{6Kj@SjH(%#q^%jIhR3Q@u?4f1SC-U|G}Z z&K25qLCsL~vNPD6*MAo+LL;%$@M6+C$oUoc~gpfT$8djjQ2|w7J zUB(}^A7?#&-Km$CzIeEtd2~IKk+nbh#J0G`Z=z$U04vY!&nAS^ zx<&s_d)FD&)Vj3odhmjJ6cI!~kOPPY(a;5vk^l-Q1VRf@QF;#nq=e#8vCu?Bz)(a$ ziU9>fi4gUuGzkjCKuCzx(4&STC30V`!1Y+}UEf;YTHl}VXJGcbXV0GfmS>)s5o&y_ z=r~?$Py|EW?Z5rDNuQ@Mjuh?AoRQpBgdo_}DR|QFJxmQI!k<_$o=A~jpa>VK1xRky z4ka`p2mwz5Tbn;-GEI{Yf4FhYn7cPmR=T9Vx31mgynWcHAgjl(dKi^IjnFZ*BAfA% zb+WXlJWM60GXpV{leC>i z)cp3N>W$Y#s%!379hE*T^p5Ibj}6WqvT&+UVHw>yW9gETD5q}@a}jIyyE!o2*z{4k z26|*Rx{Q)}S+tvNM>X(|wv6G2y6P2PZFZG6F0Q}C|F#HiL3YP3MZawwWmwfgQ(Xab!r8_n&NAH`EM__At{m*@mpV z-sIf=&+&15L+{#hO$h$?i#ctf2tZ274!)g)Y;xevavdk1piAn4EQkx37t zZ->~OHPS3>waA2e4+cUd{XtG(HJb}MTs=-gPseI<%+BSB7SDgt((KiMjNZG23i~S> zY`{D6sd---7C0ys8DlbEc5G@2+H*R^ac#0iUM%GF7r}|iIlwRRpDzugCXs? zi^8>hwhh^-`(#@~-OwbM6}#Abs>Wt^&IO-o`>;jL%B1b4C23wisT^8Wl-v)+4UY!+ z7M3W9zp(ehP2%%iaFfZ-cnDr&CRYT2v;>iWXz_<%K<#CiC2|FFR31!EU0*y2#S|2& zV|9y@UK&fpLki@jPR?q4?7f9cv*kT-X?@aPX9+h5HMJBz=w2Syj>Sk)JPe4Sc!xdnT5qffzf2-Q*$)f$l< zJVnro3!No%yu(yDpDXS?Hc3^!VtxhAxiGuvqhPh@fMqFn<9%}{Mg!te-lxOJ$I(`^ zQ^RgDqzvaKG3H!S3#jfo%`QC*YCtjCq44@%IdfiYnz`w~8#iPu;D+6jM^XsFD(`~O z-kE8i^sDsJv57kPbfY8+e$L~rSlr8f!34$tV7@E!nh#5tT_@K;gjH+PN!#T|$EjoG zi%0iJ?Q8uq?VzwaV~$ueqwm^!a)o8f4ya3rpH(9at=J5T3pq%^qdy)A(#hJ^8lHgM zeuW4)R{W@FmC@lhx&kpH2^wE5arRMoe^S^>?47Ffa}VMh-rOkzBp3y=`C&j(Eb8HnHHnilawO~V0c(`iFgP}_?w-e_LS6FtMg5X3Cyo|uhBo)iwO)K|?{|gpSB{NJ z%oJW~M1gV1;Ud;t6OQFWde4m$cQNcT;9y5J11id43MZ z9#!(Nv>0wtNo47aOZ!1mwB!gpVg~d_Y$c1|ymB1Bx^<=I+o*{-xf3Mzm|XSNF3?KXjmcn9_Lp^v39l^R5H?Zn^s{mS7MiBy9#}5d z_lWL{Ai_Efz){7$^N=aMxB*U&iqDeF&8PK8Y5}@<0QT@&sIF5D0i|x8-q}8in69AI znrvkl`r~IgXj%#h!I@$nX`C1BuEq=pPpPmR*H`!8FQ_NTCQ!nUK_=k*M+e^sWY3H1 zqH5v*sF{GL5Bbd>F>EQ-ONxi+GV>D)+!<6FY&%-Xzf?(m$Y5Tz(??3)cl~l;^Hl0@ z+c4-Mvy>ND-X(rwU>(i>6qCWN@oX%yBl$lt4L%g~+JXpizI=|0G0)zVNa+^BMQ&sI({)HT?^AuhV^ zZLd;jJZTGfNTF=KwcWbyHXc$l!RWr`4f6Wu-ATqD?w3w={)VP`YuN^+4yY$8W}L12 zz2eccKJ4MpGTQuAJ&yk4%jYU6^5?U8mZ=O^np`$)VyMFIle%)#a!_2~@Kl!*+G;e^ zjV@p-_a!L_6~W(sDZzd)XicZ@u!kpvnH%E3y~;_tlv}=7*CJwckM@B8jb|7uP_%^v zV!@>ePK=dGLtId~Y@%he^B!jD>{#bsTE=@8m`{w&zsUY|2{tCy-Cvk15m&cr0XRA4 z!HX2nESydS^;)}HrmJVtlS1Gd*1q&A|L9nNLT}+c zTucuK$;f9xsd^%pGMeZ&KCZ0Z=kcfmXw|VM7QdY9y;cuU9#)>;t-9EScXN~i2v%2b zJhnwUT^SrtkiTac&y;Q9eWbm-?n^x&PG7!7)Qo&e|q^hLq_NTPD2^! zIA*tPIV!Y-Rxd~K7H9TK@UoAGtyK$KH1sdy`LZ{G**Eqz)ax%h+LC79jjjEEuBi0J zJ`10di|WN~k2v%4YWrnzoU_cYdA#Q zUocu+YIDC!g{;6**uKMFo7;0q96Q#n@rdwy_5*{D@~ z@5hRD4drbe;Q_XL_wOQ`3-oW-Q>835yduViuPWaiwbQe#DcKtV1~@g$Cwsf#c}RsV zEwSnckJWYs@6w!m#^Z-ueeeGg`&Yee@!htp`wv!Fii(4WxB6VLem`!rg3_-??I z{SP<(m(~)RK(eLh^~wJx2xt;(05$8y%liLdpRbkz;b|aQlbrS4O!SkVa$tHjzH%*b z5kC5fAr~zbF%GCk#<7Rs|4y^~#)f~p&g^$U4EtS3ewncMON9rw07)^Ym?f|MrQn8p zVDVIuhFHS>cBh}&tXT?3YEnd(iHyHebF+aVSayu;3ctb*-@U=V{k#VUl0kRW7LS#` zR`dTI^nb@evydMdD^{#HY^Zk>@o#JYPn>n`$i9Dk()8SX9R|i(VW@ASN6 CloudTrail > Trails`. From there, enable the events that you want to record: @@ -23,10 +27,6 @@ In the AWS console, navigate to: `Services > CloudTrail > Trails`. From there, e Activate the logging on the trail through the switch button (On/Off) located on the top right hand corner of the trail page. -{!_shared_content/operations_center/integrations/aws_create_sqs_queue.md!} - -{!_shared_content/operations_center/integrations/aws_create_s3_notification.md!} - ### Create the intake Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `AWS CloudTrail`. diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_flow_logs.md b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_flow_logs.md index 443a5ab4b2..18ac9685c4 100644 --- a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_flow_logs.md +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_flow_logs.md @@ -15,6 +15,8 @@ Amazon VPC Flow Logs is a feature that provides the ability to capture informati ## Configure +{!_shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md!} + ### VPC Flow Logs As a prerequisite, you need an existing VPC, subnet or network interface (Elastic Load Balancing, Amazon RDS, Amazon ElastiCache, Amazon Redshift, Amazon WorkSpaces, NAT gateways, Transit gateways) to create a flow log. If you create a flow log for a subnet or VPC, each network interface in that subnet or VPC is monitored. @@ -28,12 +30,7 @@ For VPC and subnet: - Click on `Create flow log` - Set up the flow log: we recommend to capture all traffic (accepted and rejected). - !!note - The AWS account must have a direct access to the resources because the integration do not work with managing account that make a call on the admin role - -{!_shared_content/operations_center/integrations/aws_create_sqs_queue.md!} - -{!_shared_content/operations_center/integrations/aws_create_s3_notification.md!} +Please follow [this guide](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-s3.html) to configure and set up all the permissions needed. ### Create the intake diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md index dfff372abe..b303a4dfe7 100644 --- a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md @@ -11,17 +11,7 @@ AWS GuardDuty is a service that detects potential security issues within your ne ## Configure -### Prerequisites - -#### Create a S3 bucket - -Your GuardDuty findings will be collected in an Amazon S3 bucket. - -To set up the bucket, please refer to [this guide](https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html). - -{!_shared_content/operations_center/integrations/aws_create_sqs_queue.md!} - -{!_shared_content/operations_center/integrations/aws_create_s3_notification.md!} +{!_shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md!} #### Forward findings to S3 diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_s3_logs.md b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_s3_logs.md index 2ae61a0a70..9f4bbe4ac9 100644 --- a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_s3_logs.md +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_s3_logs.md @@ -11,9 +11,7 @@ Several AWS services offers to store their logs on a S3 bucket. This integration ## Configure -{!_shared_content/operations_center/integrations/aws_create_sqs_queue.md!} - -{!_shared_content/operations_center/integrations/aws_create_s3_notification.md!} +{!_shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md!} ### Create the intake diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_waf.md b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_waf.md index 4c44780fb2..7ee55b2ce4 100644 --- a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_waf.md +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_waf.md @@ -11,28 +11,22 @@ AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests ## Configure -### Prerequisites +!!! important + In this guide, your S3 bucket for AWS WAF logging must start with `aws-waf-logs-` and can end with any suffix you want. For example, `aws-waf-logs-DOC-EXAMPLE-BUCKET-SUFFIX`. More information in [this guide](https://docs.aws.amazon.com/waf/latest/developerguide/logging-s3.html) -#### Create a S3 bucket - -Your web ACL traffic logs will be collected in an Amazon S3 bucket. - -To set up the bucket, please refer to [this guide](https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html). - -{!_shared_content/operations_center/integrations/aws_create_sqs_queue.md!} - -{!_shared_content/operations_center/integrations/aws_create_s3_notification.md!} +{!_shared_content/operations_center/integrations/aws_create_s3_sqs_notification.md!} #### Forward traffic logs to S3 To forward events produced by AWS WAF to S3, you have to: -1. In your AWS console, navigate to: `Services > WAF & Shield > Web ACLs` -2. Select the acl you want forwarding logs to your bucket -3. Select the tab `Logging and metrics` -4. In the first section, in front of the title `Logging`, click the button `Enable` -5. Check `S3 bucket` as `Logging destination` and select your bucket in the dropdown -6. Click the button `Save` +1. Configure the [Permissions required to publish logs to Amazon S3](https://docs.aws.amazon.com/waf/latest/developerguide/logging-s3.html#logging-s3-permissions) in order to authorize your bucket to receive AWS WAF logs +2. In your AWS console, navigate to: `Services > WAF & Shield > Web ACLs` +3. Select the acl you want forwarding logs to your bucket +4. Select the tab `Logging and metrics` +5. In the first section, in front of the title `Logging`, click the button `Enable` +6. Check `S3 bucket` as `Logging destination` and select your bucket in the dropdown +7. Click the button `Save` ### Create the intake