From e6c312a1ecc3f0b09bb7d757f695f5a4464d0b78 Mon Sep 17 00:00:00 2001 From: Brendan McDevitt Date: Fri, 25 Feb 2022 01:56:24 -0500 Subject: [PATCH] big update --- Gemfile.lock | 3 + .../apple_advisories_cve_risk_scores.html | 14563 ++++++++++++++++ _includes/collapse.html | 17 + _layouts/default.html | 7 +- ...6-command-line-redhat-pkg-auditor.markdown | 521 + ...01-30-python-pandas-transform-csv.markdown | 26 + ...2-24-docker-wordpress-vulnscanner.markdown | 58 + ...02-25-cve-cna-security-advisories.markdown | 96 + _security/index.html | 2 +- assets/apache_cna_view_advisories.png | Bin 0 -> 44714 bytes css/screen.css | 63 + index.html | 2 +- 12 files changed, 15353 insertions(+), 5 deletions(-) create mode 100644 _includes/apple_advisories_cve_risk_scores.html create mode 100644 _includes/collapse.html create mode 100644 _programming/2021-01-06-command-line-redhat-pkg-auditor.markdown create mode 100644 _programming/2021-01-30-python-pandas-transform-csv.markdown create mode 100644 _security/2022-02-24-docker-wordpress-vulnscanner.markdown create mode 100644 _security/2022-02-25-cve-cna-security-advisories.markdown create mode 100755 assets/apache_cna_view_advisories.png diff --git a/Gemfile.lock b/Gemfile.lock index 2a68889..33299f9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,6 +29,8 @@ GEM safe_yaml (~> 1.0) jekyll-feed (0.11.0) jekyll (~> 3.3) + jekyll-jupyter-notebook (0.0.4) + jekyll jekyll-sass-converter (1.5.2) sass (~> 3.4) jekyll-seo-tag (2.5.0) @@ -67,6 +69,7 @@ PLATFORMS DEPENDENCIES jekyll (= 3.8.5) jekyll-feed (~> 0.6) + jekyll-jupyter-notebook minima (~> 2.5.0) tzinfo-data diff --git a/_includes/apple_advisories_cve_risk_scores.html b/_includes/apple_advisories_cve_risk_scores.html new file mode 100644 index 0000000..4909072 --- /dev/null +++ b/_includes/apple_advisories_cve_risk_scores.html @@ -0,0 +1,14563 @@ + + + + +apple_advisories_cve_risk_scores + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
+ + +
+ + +
+ + +
+ + + + +
+ + + + +
+ + + + + + + + + diff --git a/_includes/collapse.html b/_includes/collapse.html new file mode 100644 index 0000000..42d05c5 --- /dev/null +++ b/_includes/collapse.html @@ -0,0 +1,17 @@ + + + diff --git a/_layouts/default.html b/_layouts/default.html index 7cfdd84..854fb75 100644 --- a/_layouts/default.html +++ b/_layouts/default.html @@ -20,7 +20,7 @@
- Brendan McDevitt + Brendan McDevitt home about photos @@ -28,9 +28,10 @@ {{ content }} -Fork me on GitLab +src="/assets/github-fork-me.png" alt="Fork me on GitLab", class="forkme"> +--> diff --git a/_programming/2021-01-06-command-line-redhat-pkg-auditor.markdown b/_programming/2021-01-06-command-line-redhat-pkg-auditor.markdown new file mode 100644 index 0000000..ceb6c07 --- /dev/null +++ b/_programming/2021-01-06-command-line-redhat-pkg-auditor.markdown @@ -0,0 +1,521 @@ +--- +layout: programming +title: "command line: redhat package auditor" +date: 2021-01-06 +categories: programming +--- + +# Command Line Programming - [RedHat Package Auditor](https://git.mcdevitt.tech/bpmcdevitt/misc_rbtools/-/tree/master/security_tools/redhat_tools) +I am working on a project where I am looking into vulnerabilities for Redhat +and CentOS systems. Throughout my time as a sysadmin I have always been a huge fan of command-line +programs. This is one of the programs that I hacked together to make my job +easier. + +# Making my life easier + +For a project I am working on, I am having to compare operating system vendor data against NVD data and have +been working in a spreadsheet initially to record the results. I am looking to see if NVD has captured correct +CPE data from the operating system vendors source. To start I was manually +looking at CVE/Advisory postings from Redhat and comparing with what was on +NVDs page for the given CVE. This grew tediuous rather quickly after I got +through a handful of CVEs. I needed to write a tool that would query Redhat's +API and give me all the needed info on that CVE. My first step was to see +if there was anything available that could do this quickly. After +looking online and finding old, outdated programs, I thought it would be quicker if I hacked together something. + +I am a big linux nerd and have always loved using different command-line +programs. I have been using it for over 5 years now and I am always stumbling +upon new command-line driven programs. Writing command-line programs is fun and +this was an opportunity to write a new one. + +This program will query Redhats Security API and spit back CVE data. I +have taken some of the examples from the README document that is linked here +with the source code. + +
+{%highlight bash %} +./rpm_pkg_audit.rb --help +Usage: rpm_pkg_audit.rb [options] + -p, --pkg PKGNAME Takes a base pkg name and returns cves from redhats security API. + -l, --list List packages in the XML datafile. + -x, --xmlpkg PKGNAME The pkg name you want to audit from xml file rpm-to-cve.xml + -r, --refresh Refresh rpm-to-cve.xml file with latest pkgs and cves + -c, --cve CVE-2020-1234 Takes a cve id and returns cve json from redhats security API. + -f, --cves-from-file cves.txt Takes a file one cve id per line and sends a batch request to redhat security API + -a, --advisory RHSA-2019:0997 Takes a RHSA advisory and sends an API request to redhat RHSA-2015:2155 +{%endhighlight%} +
+# CVES +We can query for CVE's using two options: +{% highlight bash %} +--cve +--cves-from-file +{%endhighlight%} +Here are some examples: +### Single CVE +{% highlight bash %} +./rpm_pkg_audit.rb --cve CVE-2016-3627 +{% endhighlight %} + +
+{% highlight json %} +{ + "threat_severity": "Moderate", + "public_date": "2016-03-21T00:00:00Z", + "bugzilla": { + "description": "CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode", + "id": "1319829", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319829" + }, + "cvss": { + "cvss_base_score": "4.3", + "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "status": "verified" + }, + "cwe": "CWE-674", + "details": [ + "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.", + "Missing recursive loop detection checks were found in the xmlParserEntityCheck() and xmlStringGetNodeList() functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode could launch a Denial of Service on the application." + ], + "affected_release": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "release_date": "2016-06-23T00:00:00Z", + "advisory": "RHSA-2016:1292", + "cpe": "cpe:/o:redhat:enterprise_linux:6", + "package": "libxml2-0:2.7.6-21.el6_8.1" + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "release_date": "2016-06-23T00:00:00Z", + "advisory": "RHSA-2016:1292", + "cpe": "cpe:/o:redhat:enterprise_linux:7", + "package": "libxml2-0:2.9.1-6.el7_2.3" + }, + { + "product_name": "Red Hat JBoss Core Services 1", + "release_date": "2016-12-15T00:00:00Z", + "advisory": "RHSA-2016:2957", + "cpe": "cpe:/a:redhat:jboss_core_services:1" + } + ], + "package_state": [ + { + "product_name": "Red Hat Enterprise Linux 5", + "fix_state": "Will not fix", + "package_name": "libxml2", + "cpe": "cpe:/o:redhat:enterprise_linux:5" + }, + { + "product_name": "Red Hat JBoss Enterprise Web Server 3", + "fix_state": "Will not fix", + "package_name": "libxml2", + "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3" + } + ], + "name": "CVE-2016-3627" +} +{%endhighlight%} +
+ +### Multiple CVES +{% highlight bash %} +# create a file one cve per line +touch cves.txt +echo "CVE-2016-3627" >> cves.txt +echo "CVE-2016-1839" >> cves.txt + +./rpm_pkg_audit.rb --cves-from-file cves.txt +{% endhighlight %} + + +
+{% highlight json %} +[ + { + "CVE": "CVE-2016-1839", + "severity": "moderate", + "public_date": "2016-05-23T00:00:00Z", + "advisories": [ + "RHSA-2016:1292", + "RHSA-2016:2957" + ], + "bugzilla": "1338703", + "bugzilla_description": "CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString", + "cvss_score": 4.3, + "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "CWE": "CWE-122", + "affected_packages": [ + "libxml2-0:2.9.1-6.el7_2.3", + "libxml2-0:2.7.6-21.el6_8.1" + ], + "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1839.json" + }, + { + "CVE": "CVE-2016-3627", + "severity": "moderate", + "public_date": "2016-03-21T00:00:00Z", + "advisories": [ + "RHSA-2016:1292", + "RHSA-2016:2957" + ], + "bugzilla": "1319829", + "bugzilla_description": "CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode", + "cvss_score": 4.3, + "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "CWE": "CWE-674", + "affected_packages": [ + "libxml2-0:2.9.1-6.el7_2.3", + "libxml2-0:2.7.6-21.el6_8.1" + ], + "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3627.json" + } +] +{%endhighlight%} +
+This will give us json data back for multiple cves, in the order that we +created them in our file. +When we query with multiple cves in a file, we will split up the requests to +groups of 500 cve ids. +
+ +### Advisories +Redhat will post a security advisory when a vulnerability comes out. These are +in the schema RHSA-YEAR:ADVISORY_NUM. As an example: RHSA-2019:0997 + +{% highlight bash %} +./rpm_pkg_audit.rb --advisory RHSA-2019:0997 +{%endhighlight %} + + +
+{% highlight json %} +[ + { + "CVE": "CVE-2019-9636", + "severity": "important", + "public_date": "2019-03-06T00:00:00Z", + "advisories": [ + "RHBA-2019:0763", + "RHSA-2019:2980", + "RHSA-2019:0806", + "RHSA-2019:1467", + "RHSA-2019:0981", + "RHSA-2019:0710", + "RHSA-2019:0765", + "RHSA-2019:0997", + "RHSA-2019:3170", + "RHBA-2019:0764", + "RHSA-2019:0902" + ], + "bugzilla": "1688543", + "bugzilla_description": "CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization", + "cvss_score": null, + "cvss_scoring_vector": null, + "CWE": "CWE-172", + "affected_packages": [ + "python3-0:3.6.8-2.el8_0", + "python27-python-0:2.7.13-4.el6", + "rhvm-appliance-0:4.2-20190411.1.el7", + "python27-python-0:2.7.13-6.el7", + "python-0:2.7.5-59.el7_4", + "python-0:2.7.5-70.el7_5", + "rh-python36-python-0:3.6.3-4.el6", + "redhat-virtualization-host-0:4.2-20190411.1.el7_6", + "python27:2.7-8000020190410132513.c0efe978", + "rh-python35-python-0:3.5.1-12.el7", + "rh-python35-python-0:3.5.1-12.el6", + "python-0:2.7.5-77.el7_6", + "python-0:2.6.6-68.el6_10", + "rh-python36-python-0:3.6.3-7.el7" + ], + "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9636.json", + "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvss3_score": "9.8" + } +] +{%endhighlight%} +
+
+ +### rpm-to-cve.xml +Redhats Security API also posts a mapping of RPM packages to CVEs in a +parseable XML file. This file can be downloaded [here](https://www.redhat.com/security/data/metrics/rpm-to-cve.xml). This commandline program can also +download a fresh XML file locally using the --refresh option. + +{% highlight bash %} +./rpm_pkg_audit.rb --refresh +{% endhighlight %} + +I run this as a sanity check to make sure the cmd finished downloading the file succesfully +{% highlight bash %} +echo $? +0 +{% endhighlight %} + +We can search for packages listed in this xml file by passing the --list option +and piping to a standard unix search tool like grep + +{% highlight bash %} +./rpm_pkg_audit.rb --list | grep ^kernel +{%endhighlight%} + +We can query packages in this xml file by querying the exact package name +{% highlight bash %} +./rpm_pkg_audit.rb --xmlpkg kernel-0:2.6.9-55.EL +{%endhighlight%} + + +
+{% highlight json %} +{ + "rhel_package_name": "kernel-0:2.6.9-55.EL", + "cves": [ + "CVE-2005-2873", + "CVE-2005-3257", + "CVE-2006-0557", + "CVE-2006-1863", + "CVE-2007-1592", + "CVE-2007-3379" + ], + "cve_count": 6 +} + +{% endhighlight %} +
+
+### Query Redhat API For a package name + +We can query the Redhat security API for a specific pkg by querying the BASE +pkg name. In this example we query the API and send bash as a param. + +{% highlight bash %} +./rpm_pkg_audit.rb --pkg bash +{%endhighlight%} + + +
+{%highlight json %} +[ + { + "cve_id": "CVE-2019-18276", + "advisories": [ + + ], + "affected_packages": [ + + ] + }, + { + "cve_id": "CVE-2012-6711", + "advisories": [ + + ], + "affected_packages": [ + + ] + }, + { + "cve_id": "CVE-2019-9924", + "advisories": [ + "RHSA-2020:1113", + "RHSA-2020:3474", + "RHSA-2020:3592", + "RHSA-2020:3803", + "RHBA-2020:1540" + ], + "affected_packages": [ + "ansible-tower-36/ansible-tower:3.6.4-1", + "bash-0:4.2.46-34.el7", + "bash-0:4.2.46-32.el7_6", + "bash-0:4.2.46-34.el7_7", + "bash-0:4.2.46-30.el7_4" + ] + }, + { + "cve_id": "CVE-2017-5932", + "advisories": [ + + ], + "affected_packages": [ + + ] + }, + { + "cve_id": "CVE-2016-9401", + "advisories": [ + "RHSA-2017:1931", + "RHSA-2017:0725" + ], + "affected_packages": [ + "bash-0:4.2.46-28.el7", + "bash-0:4.1.2-48.el6" + ] + }, + { + "cve_id": "CVE-2016-7543", + "advisories": [ + "RHSA-2017:1931", + "RHSA-2017:0725" + ], + "affected_packages": [ + "bash-0:4.2.46-28.el7", + "bash-0:4.1.2-48.el6" + ] + }, + { + "cve_id": "CVE-2016-0634", + "advisories": [ + "RHSA-2017:1931", + "RHSA-2017:0725" + ], + "affected_packages": [ + "bash-0:4.2.46-28.el7", + "bash-0:4.1.2-48.el6" + ] + }, + { + "cve_id": "CVE-2014-6278", + "advisories": [ + + ], + "affected_packages": [ + + ] + }, + { + "cve_id": "CVE-2014-6277", + "advisories": [ + + ], + "affected_packages": [ + + ] + }, + { + "cve_id": "CVE-2014-7187", + "advisories": [ + "RHSA-2014:1312", + "RHSA-2014:1311", + "RHSA-2014:1354", + "RHSA-2014:1306", + "RHSA-2014:1865" + ], + "affected_packages": [ + "bash-0:3.2-32.el5_9.3", + "bash-0:3.2-33.el5_11.1.sjis.2", + "bash-0:4.2.45-5.el7_0.4", + "rhev-hypervisor6-0:6.5-20140930.1.el6ev", + "bash-0:4.1.2-15.el6_5.2", + "bash-0:3.2-32.el5_9.3.sjis.1", + "bash-0:3.2-33.el5_11.4", + "bash-0:4.1.2-15.el6_5.1.sjis.2" + ] + }, + { + "cve_id": "CVE-2014-7186", + "advisories": [ + "RHSA-2014:1312", + "RHSA-2014:1311", + "RHSA-2014:1354", + "RHSA-2014:1306", + "RHSA-2014:1865" + ], + "affected_packages": [ + "bash-0:3.2-32.el5_9.3", + "bash-0:3.2-33.el5_11.1.sjis.2", + "bash-0:4.2.45-5.el7_0.4", + "rhev-hypervisor6-0:6.5-20140930.1.el6ev", + "bash-0:4.1.2-15.el6_5.2", + "bash-0:3.2-32.el5_9.3.sjis.1", + "bash-0:3.2-33.el5_11.4", + "bash-0:4.1.2-15.el6_5.1.sjis.2" + ] + }, + { + "cve_id": "CVE-2014-6271", + "advisories": [ + "RHSA-2014:1354", + "RHSA-2014:1294", + "RHSA-2014:1293", + "RHSA-2014:1295" + ], + "affected_packages": [ + "bash-0:3.0-27.el4.2", + "bash-0:3.2-33.el5_11.1.sjis.1", + "bash-0:3.2-33.el5.1", + "bash-0:4.2.45-5.el7_0.2", + "rhev-hypervisor6-0:6.5-20140930.1.el6ev", + "bash-0:4.1.2-15.el6_5.1", + "bash-0:4.1.2-15.el6_5.1.sjis.1" + ] + }, + { + "cve_id": "CVE-2014-7169", + "advisories": [ + "RHSA-2014:1312", + "RHSA-2014:1311", + "RHSA-2014:1354", + "RHSA-2014:1306", + "RHSA-2014:1865" + ], + "affected_packages": [ + "bash-0:3.2-32.el5_9.3", + "bash-0:3.2-33.el5_11.1.sjis.2", + "bash-0:4.2.45-5.el7_0.4", + "rhev-hypervisor6-0:6.5-20140930.1.el6ev", + "bash-0:4.1.2-15.el6_5.2", + "bash-0:3.2-32.el5_9.3.sjis.1", + "bash-0:3.2-33.el5_11.4", + "bash-0:4.1.2-15.el6_5.1.sjis.2" + ] + }, + { + "cve_id": "CVE-2012-3410", + "advisories": [ + + ], + "affected_packages": [ + + ] + }, + { + "cve_id": "CVE-2008-5374", + "advisories": [ + "RHSA-2011:1073", + "RHSA-2011:0261" + ], + "affected_packages": [ + "bash-0:3.0-27.el4", + "bash-0:3.2-32.el5" + ] + } +] +{% endhighlight %} +
+
+### Get the program! +I hope somebody can make use of this program for easier system administration +and security auditing purposes. I encourage all rhel/centos security admins to +make use of it if you would like better insight into CVE data from the vendor +source. You should be able to make use of the program +by cloning my misc_rbtools directory from my Gitlab. I will be expanding this +into its own Ruby gem in the coming days so please check back on this post. I +will update the link to the Ruby Gem page once it has been ported to a Gem! + +{%highlight bash %} + +git clone https://git.mcdevitt.tech/bpmcdevitt/misc_rbtools.git +Cloning into 'misc_rbtools'... +remote: Enumerating objects: 56, done. +remote: Counting objects: 100% (56/56), done. +remote: Compressing objects: 100% (55/55), done. +remote: Total 815 (delta 28), reused 0 (delta 0), pack-reused 759 +Receiving objects: 100% (815/815), 118.60 MiB | 11.06 MiB/s, done. +Resolving deltas: 100% (362/362), done. + +cd misc_rbtools/security_tools/redhat_tools/ +{%endhighlight%} +You should now have access to the ./rpm_pkg_audit.rb script, have fun auditing! + +{% include collapse.html %} diff --git a/_programming/2021-01-30-python-pandas-transform-csv.markdown b/_programming/2021-01-30-python-pandas-transform-csv.markdown new file mode 100644 index 0000000..a7419cf --- /dev/null +++ b/_programming/2021-01-30-python-pandas-transform-csv.markdown @@ -0,0 +1,26 @@ +--- +layout: programming +title: "python pandas: transform csv - add a new column" +date: 2021-01-30 +categories: programming +--- + +# Problem: +I needed to group severity of CVEs for a project I am working on into low, +medium, and high ranges. We have a risk score value between 0-100 that we can use to +categorize each CVE into a range. + +
+ +# Solution: +We use the pandas library because it has some methods already written that allow +us to read a csv file and apply our severity function to the data on each row +in our csv file. + +We can use the apply() function to do this with a lambda. We can define a new +column this way and it will write out the newly computed data to its own column +at the end of our file. + +
+ +{% include apple_advisories_cve_risk_scores.html %} diff --git a/_security/2022-02-24-docker-wordpress-vulnscanner.markdown b/_security/2022-02-24-docker-wordpress-vulnscanner.markdown new file mode 100644 index 0000000..061731a --- /dev/null +++ b/_security/2022-02-24-docker-wordpress-vulnscanner.markdown @@ -0,0 +1,58 @@ +--- +layout: security +title: "A Docker container to find Wordpress vulnerabilities" +date: 2022-02-24 +categories: security +--- +# WPScan Wordpress Vulnerability Database +## The data: +The WPScan team is a CNA. A [CVE Numbering +Authority](https://www.cve.org/ProgramOrganization/CNAs). A CNA basically gives the +authority to submit vulnerabilities in a piece of software (or hardware) to a particular vendor. The WPScan team finds many vulnerabilities in wordpress installs +all across the internet. Any researcher can submit a vulnerability at the +following [url](https://wpscan.com/submit). + +For easier insight into the vulnerability data that they house, they have an [API](https://wpscan.com/docs/api/v3/) that can be +queried. I wrote a docker container that has shellscript wrapper that will query for +vulnerable plugins, themes, and wordpress core versions. I hope it can be +useful for somebody else that wants quick insight into the data this database +houses. + +You will need to create an API token on the [wpscan](https://wpscan.com) website. They will allow you +25 free API calls per day on the free plan. That is more than enough for my +hobbyist usage with this program. You can find the source code at my gitlab +[here](https://git.mcdevitt.tech/bpmcdevitt/docker_wordpress_scanner). + +Here is an example of the usage and querying for the navz-photo-gallery plugin: + +``` +docker run --env-file .env wp_checker --plugin 'navz-photo-gallery' +{ + "navz-photo-gallery": { + "friendly_name": "ACF Photo Gallery Field", + "latest_version": "1.7.8", + "last_updated": "2021-12-22T19:24:00.000Z", + "popular": true, + "vulnerabilities": [ + { + "id": "5855f1fe-28f6-4cd6-a83c-95c23d809b79", + "title": "ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting", + "created_at": "2021-12-20T09:35:11.000Z", + "updated_at": "2021-12-20T09:35:12.000Z", + "published_date": "2021-12-20T00:00:00.000Z", + "description": null, + "poc": null, + "vuln_type": "XSS", + "references": { + "cve": [ + "2021-24909" + ] + }, + "cvss": null, + "fixed_in": "1.7.5", + "introduced_in": null + } + ] + } +} +``` diff --git a/_security/2022-02-25-cve-cna-security-advisories.markdown b/_security/2022-02-25-cve-cna-security-advisories.markdown new file mode 100644 index 0000000..fa4395d --- /dev/null +++ b/_security/2022-02-25-cve-cna-security-advisories.markdown @@ -0,0 +1,96 @@ +--- +layout: security +title: "cve.org CNA Security Advisories" +date: 2022-02-25 +categories: security +--- +# cve.org CNA Security Advisories +## The data: +The website hosted at cve.org has recently been revamped. They host the source +code for the site at the following +[url](https://github.com/CVEProject/cve-website). + +I wanted to know the organization names of each CNA and if possible, where they post their +vendor security advisories. I was looking for a URL to each advisory for each +vendor. This is so I can look into what +the actual vendor is saying when they are being notified of security +vulnerabilities. To obtain this infromation, we can look through the source +code used in the CVE Project website. + +On the website itself if you search the 'List of +Partners' found [here](https://www.cve.org/PartnerInformation/ListofPartners) +you will find a hyperlink to a sub page for each organization name. As of writing this post, +there are 211 partners. + +An example of one of the organization names page looks looks like this. +[apache](https://www.cve.org/PartnerInformation/ListofPartners/partner/apache). +Notice the 'View Advisories' link here under the Security Advisories section. + +![This](/assets/apache_cna_view_advisories.png){:class="img-responsive"} This is what I was looking for. + + +It really is nice that they host the source code to their website in the open. +Because of this, I can quickly pull this information that I want by writing a +little bit of code. It's just your standard GET request and parse a JSON file. +I like Ruby and both Python but I have been using Ruby longer, so I use that +more for pulling data quickly like the JSON data we are working with today. You +can find a [JSON +file](https://github.com/CVEProject/cve-website/blob/dev/src/assets/data/CNAsList.json) that the website uses to load the CNA information. We can write code that downloads this json file and parses it...like this! + +``` +#!/usr/bin/env ruby +# outputs the list of CNA organizationNames and the securityAdvisory urls from the json file here: +# https://raw.githubusercontent.com/CVEProject/cve-website/dev/src/assets/data/CNAsList.json + +require 'json' +require 'rest-client' + +class CnaSecurityAdvisories + attr_accessor :url + def initialize + @url = 'https://raw.githubusercontent.com/CVEProject/cve-website/dev/src/assets/data/CNAsList.json' + end + + def send_request_rest + RestClient::Request.execute( + method: :get, + url: url + ) + end + + def parse_res(response) + JSON.parse(response.body) + end + + def get_json + res = send_request_rest + if res.code == 200 + parse_res(res) + else + "HTTP Status: #{res.code}" + end + end + + def perform + json = get_json + json.map do |d| + org_name = d.dig('organizationName') + security_advisories = d.dig('securityAdvisories') + security_advisory_urls = security_advisories.dig('advisories').map { |adv| adv.dig('url') } + { orgName: org_name, security_advisories_urls: security_advisory_urls } + end + end +end +``` + +I usually will pull out pry and load the class in the console and run it like this to export the data to a new json file. + +``` +[3] pry(main)> data = CnaSecurityAdvisories.new.perform +[4] pry(main)> File.write('/home/booboy/cna_security_advisory_urls.json', data.to_json) +=> 25298 +``` + +I have hosted this code at my gitlab. +[source code](https://git.mcdevitt.tech/bpmcdevitt/security_research/-/blob/master/tools/cve_cna_security_advisories/cna_security_advisories.rb) and +[json data](https://git.mcdevitt.tech/bpmcdevitt/security_research/-/blob/master/tools/cve_cna_security_advisories/cna_security_advisory_urls.json) diff --git a/_security/index.html b/_security/index.html index 961b8ad..a094730 100644 --- a/_security/index.html +++ b/_security/index.html @@ -4,7 +4,7 @@ title: security index ---
-

Security Thoughts

+

Security

    {% for post in site.security %} {%unless post.title == 'security index' %} diff --git a/assets/apache_cna_view_advisories.png b/assets/apache_cna_view_advisories.png new file mode 100755 index 0000000000000000000000000000000000000000..9825062cf568856d3602b1e8d9a9feaf643104a6 GIT binary patch literal 44714 zcmdpebx>T-x97wlxI+TLg9Z2C0S31aEI7g4-IJif-66QU%i!)l_yl(d&Y*kw{@(7s z+N!tv{@B{u-CIz1xb$?NK7IO}&-rxs4gM@Ifrdo`0PxG6*B@TK zWR4+xB^>NukQw>H-}K`&8KRP0rEcN4tCRu*)d}?XmawRNml;1=;1|(Cgh3AZVDSP) z#g-l{qj%4dO@qi(_35QX$l8Q1y^P1u5D@B)p)oXL70ec;kV_-MvRWu1!OxCQfLx&8 z4B4sLPai}?#O;*7{Kk*cg&4vz?~NJ2mjOKS0a&!!0q>^*QZZ^;=UFp0dBs} z$@^ab_s?Yi4}4kAboub1>SE}qd6WqOu^l(M@C> zafU~_*q2FM%83^nnat}V#(THe`OKGR+q4eswD50z($(Fnp{BbfL6R= zT}`DE*E_m9m8?D1<9=vS8P8g7o{-Pq{POvTGU0uTCU?|;Mcp)5^I*b`^#sOI#EQ8s z?E@#`Jm|Wovnoy@+?mQgHMOmb-m&r^O7U4Y0_fY-)K z>QJp74dG{IesOJ`q3E!(3q_WM0SZjP&d>zf=JuwxNDDH%+P)!CWkxhgIBe=^QCBU) zJ^ZKY8R!iY0((E-!$hBKDEC7Wf%mB_X7%5l6%4FRb-RYYk4)91eUB#dt3P7LPqKr9 zmISE%^I9%W2pCm}RILRnZ2Y0WLD_Td#5=vJxIIR~c#}4~>t*8xWRb7Y=&4%%u z@b-6#W^#ZgMQfIyXoVoV;uzjV3Nv9^ZCc+3#=wR?W`?cikvRxN#STT|)RUN%H?+46 zV?1JggBnL?Fvmd9>d@tQw)WNe@cNN~PMb%C>4#m$Nk|jPfP8(eKfOtqL)?6P(9VRL zW>}rcxt6C%Wm4Kwe%TV#`pbL5m@n=eG+M@_(BEkG>WO0=UcC!N&QruWg0g?Eh^r0j zXGW|9swVO66#cWS6)Y<|^jK1tS;90i&qL0l*>L-isa(zXjijFWhxqDFO`Y1whaSMG zDeS!{j56$A{iVvNTeVbJ4j?;u7E)IFEdAvPxyDY}q07DINaum{x1Q)uW5a|csAgw!B;|gH{P27Gtn_x1euC!sCEQ#9`Q@j2!$PuhFL#2D#qPrCZas zQE9o{JKmSudi>+*wRaKwZv8T<*+l1d4&*@7422Sups2-PVF=- zfM!YHY{(79p3t=%a@^CirT%uj!f;pQsCjR+BV+iNr<_+$K=11i_~bHun}Q zuHUIfl+M8yl*+(IN(Nl9({;`lZvZb;HkEbA+;%ma(W8s(a@EEFepR;K$sM~7_(+7V zLuT{`^OFXKJ3tAlN{TzX%xl*a2j?(8 zISZNduXb?B^Y@2|6xeg$ z0Hcurxj23efk41z>-fid=zlK>{42FeC!l*mB)B#n7Gn`m^XqwgKMQr5B6B6@)U?_3#$jMlTy<`6$AKzE}#%IwP3+SUVw_$;Yk9~=U4qcXlRml2i& z0$l}nn3CZ3p=Y5t6Sb|bJ%@_5u^v_8d2u%&lydLIPizlwK*M#tBx~~WkJcmP+&lcr z^s`5Lb`zaVFU}=#uw6_EUEo3XwsO~>zcTTPPsvjVdek8<{z#8sMzUY-%FYO#|J>P) zfi2R?CNcYf4r7zVfs$aAR|)m6J9wIq*Du(3rJYRX$1`8C>(J~4#9z+s7Z27_-`lQH zMq69&w!Asyjf~N2yqzfMy-|C7aahI)QS07}JkJhsap%bW;=Xa%oDj;Y8TpVw4A-%C zfW}?Nvk6)W1gfIYQ(<77^!znFIKtPo{sQv7?fFx)fpq9P72kbhFGK3V8k{DXd$r>o z1~-n~_CC41n~0`*c(mapRb0A0`24e?_kK4qkw$i96$#^(qz#?`_0zw%8F+P>z2C|G z0CjaNYHpraZ;rnk+qRJs=MA#oxj*9bJ}DKt-=&?xUAflJ z+Pw@u|7h77Yy;*T3SE{?a^Hi%7TuQ8F^!SO;Vy%R<%8A(U+(VOt0}Z2XCJpy=4Kt4 z2sE_6CqN`(>5O2~{-ZP0?6mRmQH-GVPU2Gb)2T1~I-)>*Od@T2jI#oE0ZFczuKXW?dr_}EJV`74sHJQfy^TvfUsFEMg?;^tZ7`scXE9nL13 zK{ti8GajQyWHQ~RQX1A-(tSYyA4GMhF47fZ|Moav*;k6f>n#bt!e?S@Tn0bp{k~D6 zIgrVB`*`QhyAdXf*~r)hnPma9C z@F{1~R3b2Vh=W{zQTwyD398dPA=~olY?q$o%!T_u}3Lwt6>!d`)yH!6>G zirvrPe<~y7QXz&t<;e8m9FC`L8?zYULP*BqP~_tzp4^90tYz9Y-ORrj$d$~*ed)yP zB`c}q!k!098ODv|#ZDmKZ-zjsp%`lN9io_Cl8#ee$gcw6X^(rRsQn!pN_Ows?LY9X za_cJ>@5s!xoAwvZN38DVckvNU+9Rap_<5+iy3mYu_p*4fL`6m-x@K9SqbzuO3XFA@ zG+M=1%V`p{V=Ko<0UzOPy|;30&Z=vyEgs$DvwLCq zC}kUjHRG_;Qf)Bc;zCSf2*l>7lrE(j#$L)jfxF7BqhF*8*XwavFzHj2)KSldi~Q*Z z;$dHL=;ZR+L3&;N#7Xm_+{Z16cN( z*(G^d`9XMDYuK7+4}4OnX;Yj@*W7YbP>|#1n?&5!yqLm7hXZ){^-PW(+_g`Ix&a%lG#wQ znRCK@PPvcjqqR&tZSb+MmT&$-q%Vt&HJr^dhp$m6TUXB-68cMqXP`D(`*@1S`FJmq zva-*T=V1(q0uD|7p1Zv#W3n{wu#zWChf`Vjn)ip#!n8ZIY;djIvwO$Po9*3i*uc=I=IQY6} zEn{7FH;{HcZPVJ^4(pft`Jn!Gm9iW(?ja@z*(6yb$LRyN#|HNPnl<)3-1#EMtGYQ! z!?G6SRaFxPLei^w@eS2iM)Qp}#~R1xO&(jdv_6mR1cpA5yGI#9g2P^0FQ^q;9lxo? zE4HS!4ZwXpOb#XpzO0v!B4SP8#9Z4fD@kAs*|76%sXJ#|s0o^wbPzobS6kxZwAzxe z(=8Wf`)m@PhU)a==oowKC}P;fuE4j6b4#b0!+DVIM<&y62=0>;6)oo)xBJRT9RJv~ z+vooXauCV3)`Nq|HI%6rVqyeUz& z?hFF82mSmBOf;HwelgiM`Z6vYq{OlFYo|8&a$%lw_hMJtS?Tngng+&3q?-%E)MYnD zyhOaecwI*iC1Gx5w@hbUnanT6TfC)Px#{jqguH%bsHs<*<0qh8EPZVBm^t`EH_^tz zo!J^jA_Hp;_fX%p7%5VZO3J0NVae2Z@`z~z9qCiLwfqhe+v!F!E;}9``+SHp2pn@E6Gfq z{Gw^WdvpJ;)KuOu>4F*undmXmYOHnBpr2RjUNb3o9*d?!W9FP*rtyYg1Zttx{#y*C zk&CrDhFmjMWWK<;L&b-8_z*l6jOl*E`SSS-eow$zmIPwef;WOS>4_|j9mo+KYb zj(Kyv6Mhqsw=SAL5*cEzl_5!295w8@-?r;grCWTYq!zDg^_opv7`#!duX|{{>M|DU za)Fj|aSie~UCQv@KRYw_DM;^MhAx(#Wf;3;-2Hr|{8VhA zbk+FODWj=Mxp~a>!6byl!)V(lDIF<0BO8x%7#k}Jc9jscpbi$YlL51_Z!|vsO}pA? zozs5GtCrLBcucGGd}%V<)EBfLS8X20q>}`eOiGq@&!9E=vZ|=Q&|hAN-sHE(h*xhd zik2|jt3sLm#Tx22| z)j}Dw;MZ2yyxq{6B^}{i(%PlTcuUDOd%aUheV1BZ-!9&(-x;dfhaatC{naFg10H#n zChx`O>Dfsu8`_|2jHEsj%T7&(qUMG{1PRX@!@WHRQ*+R$^7+b0=Gk<&7+tUOxk(!r zJY6Nk4g1#*V%=ZxR?WBZ&s+m}EG=t!WPhVhv`bI7&9Fmt{_7{roo2Q{kuOxNRtI@v z68W_x6q2j$`&PG#CF+KKG!nJSNDPaH_3fX8rYe|1`u zOFWXk2FW~}#7E9`AmuX}9Tc%jsM9-PKXqCzuQnJmG6;ua2wi8%*gG_Zd-K0%`#Iu> z8R!kLiV-0lEd10+%Q(lq_p)M^mBNtD#@r{q@y$HKcD=>Zr}o1C90Q4#LZ=KA2esRc zNB_T0Q3BogkC;^s4&ihr=1FFVzGRg>leSJy25{*brptT({N;GI&p>7FaCkxU^Sk2c z0P#%|(aJjq3o-T7Xw z+D2XHFVRT?5!|$bC|Rdz>M52*LXF%!v~@PxN4VPh?~ zdM%1vih4FK+!hc@HHN*TTocZXU0mWJ$oyhnp0V^U>FeJu%F>kJpbwMxr$3AQBu!}d zxho4e?O5vTJGo7pUMR75s{MV<5iS42=Rc#n$8e{JgF= zd^1NXruFVrCeUyd6W#k9wRlM!ed$2-H9;m0>L#BX-fmu)#~oXYq-Fxa+a$G)S~T&k z-D@kclwS+zjo@6lF3+1zHpR{;H(u}CUyf~wopp7cZvZWxKaPfQjP_o`+^OmIPbr{k zN}At7GdO(6RjhZZP85?!e);>TNZ+V~XDFK$#CV%UBsI2R?Dq8ZllPPK!)b)`qR~8! zBI-u+KjK0SM~kIID+{`$1nshMW$hM4km6i*4QaibQ*kPExXXEcdH6%6`wG!aT*S?HJJFa-Vv)X-)QE&sijt z6l2+V6wj=i9`|(NVPi+9rQJ_RkU{`u)z;S9wB2(JaIExauxTDE!2?5U2V?nF8CL8> zsPCM}Vw}aADn8w*Yn9ehKsT}*i%uhVzAHDkjU+Sx@`G1NIo4o9#bsmI4+Jyri90pquA!Oud_?X zu4!XjMsBw&haM)^KFn#+>MF8kTt;M3A8l&0x`l#4z_l@&YWD1X{&(1?t)fT<5*`j@N}4lbG=meL`n@Z=ab-+mpdHJoo-1IDRQwL^-MW4^d=Wpl96 zY&8Q^X)zG8q7o|!#!bcCUd(F)gYovvt;t`}bWc1;ulsm`P1prmgHI+lQYxe7g=l?~ z&v_}bx+%&ezDg?p9vUj&a?biQa%^&~T1+2`&BgqYJRG@R4HIkk!t*z4I=vf+HlQ`ykXQaaSRp6PIT7J+Ps68KE7=3kp!Vdc__#w;YH+rnR2P+O~#_ngWSq9FHc za;$m&j+mx3h4G!6KEKB!&^1Iu6GU5@qU2^9OZ_Q>7@;sOEeAFX%wn~aVZ09sQE@|2 zMvJQP)$wl9iG{R_qd#&rxSBNOUfKwDYBx_d#ks{Izg0c5!GUHlw|#xkh?9C6Fls)^ zJibA}EjRSrRyIiet=m-iYxz_Wv3wi-8;QH8OCNdhCJuQ~(!%)4mux`W@?s<8Zv+B7 zzXSAz%SmdCi{=&%T&3kCpT2;>x6p3fQ`k$~7PzE^%IDT3W7BMx*CXDLD_wm>3yV6z zUQ3!EFEiRs-0;$;bBdQ>y||0v?lF)B#~bQ(9J64`Nz7_Tv?QLIKO^%KGc$5kx-VWp zG8tgfmJdjFt#acb1edG>flXX#AbF*!(5#^u66EL>#p*uA_+-$ls`{5LGVQbg4&V>SX!go~@Uw+l3j$^xj*P%COIqnWJ=lnGgr|GtvAdHPzv5D_ zUKZJ4c?sEkega;d0N0BjKY~BpI*iPF)=CW+8Xnr$n9$1%FRfO&RFs-zw&{{Tb>ZGl zrL?qT7*m2hC5eA9jO60ZnMwoNsvu zBl>4@hW*_uTvj1pO{rv!`oZ0n(Q(ebe>y4lxRyZjrxz8r=lKu@znE#YCw^09`ADNI z*3@u6z5y%t4B^XYyK^g@(|J=-9M^HBI;Ue(rKV{sl3Kn4-qM6$rFarPNpLN)^Wj4S zTmR!wYB9G3H1Z&G_w=+lyPDf3z6^(EevD{vu=IWW8`9-GwS78M-ZP09jgi_fiOe7< zocvuuT(L-vY#nvU;mY{<@2Oqm(Nwn|4u=bz-ldJ|>?NFebE>hzkQ7D|H=tdc7>#9I zOx)q~g54RedbJa?uMI463I=UuJbYzbQk5HQRkl38=IY`aOExpGjp+yDtH&dlX^yy{ zDo5Kl3}Gbdc@bZvx>b$t{_9=?2lm18bKWTRRi0U{k5w z(FmHy7cMCkaR61R*xfeHu5m6hOOY%KKYQQQY}vCE>pk>{iJN1hqyvjpq@pYO2)mHu zdX(vn7hO~SjJc?GKtS1|{{Ao8czM(ovyToAw=u^_+AFPD{QZ%JaW*wgpxWlFdBGsg z*fjFTy`W7F+RB1o%(k+vH__o90Wy6KZ=or17X2IJm)l~!6~}9=FgWWj-d0S_aX@sr zJsgD@kg};M7($nasOVH{8<xg+`@jq4cQODB#A2SXbJrE0iSQBJkO2mXN#DQmYa%I?skUA z)jmnA#|PveK$va?JS`aPD5cO^)AmIIoHNA@@1=T)qmpx5n*WrAl$HX<4E=kerI{(1 zuAVIHZz0>&vUh*(Z2?^SWjlKpBEOX(I>fMrg$0dRS}C4vGl;JHD@A=z4$fUT_BB@_ z{ajWp;C7>#nA>=hm#HMv@+m2_bqt3e8a`0dW7}gJ8Ty-LRhjJp7~f$LLOMM?d;H-k zyNukNJ6ibT_Yr39^a@L*AZ4v;J&{&HtuZ6P79~Cjtc!rQ}l>!F$7OQE(faU-^5Es%Ss-8 zo)E;eyZ9XN`#>Ns(iw9y?!`^EXj>zEG4kyvE#))e4r(H*UWxi$=BP4zp;vMWp%K=T z`;z%Kr)bIY;9#-R()pV=ilir0UYeTUP}SNmX6_3>F<_&qmK+;{L7-I-%g3d6sXG5b z+?ui`SK>Z%Lh(j9qOH+N^vg7YLe z1qy0|f;`!a!Y$)vR?wrt>zk7$dX)3ej9)(WF}zCxO8q47jJrPJ&{}rNw0YfT=nrm_ z5Z%J5-D?D%*1$R-s&by)q`!pP6b)%A&EXTIRhfLRIM0Ezo?XbBLG-IC4F)8KyMc6PfGF+H z-YrK<#J(YgczY@J_Uch&?F!elM$QQZVTWkYEss3~{-|;r@yn<`V2Z4rj~eUSP;q08 zNl*44(+Bcf8qcZdLb#CSgR&E!fGHT{(r&ttc|U?4bLqG7t0?{f>A2p&O_vfmpg<> zXcYqMmgdEPhi}|kRHQ~3K~4YAKmQRA@}F~J|Lg5(z7CxD?*pjtIe5vaUT;ydvw7R(hVL-OEOspiPxat!kDVeD$Tu-1=2VXFx7_F8 z2i4p-sDihPs%luw;EV9zJYR{huoN|wW)k1N`RI3xp4a=Mds;xre(!^RV;eTg^ABu{ z_?4A!%W}QRM|7qzSH;FW(^=O3e@@)_p}fHYLX4iA!@F+ZXo^u^2OoF zr($;7roh8eJo6}eZ=(`@72h-(APsh3eC-#9&hHjthpm#8 z2G1{%o2QRMv8kvQiaD$#(YIQ2dA{!B;NcMAY$|z-ugD9t-g3sQ{8UsHKoxfVtEPD7MgJq0md=Lp6VWd;wR&d{!lyVr($H zZ6iYN3lX*E0(6;1$u>qu)NaheKv@54y!f14a!RCz>Xb6+1oBCvp38)xzyIc}{Y6Y} z)R@|qA4{Ok*84%+`QZW9GG?>KD!abIyPj`(er$Yi^Nm{3;eJ#ha`+(7TnCS^j(S*Y zOi;g1>HAPhimYq7iv_33^gGzYkh8erU7ow$Rhh}x?~cqW$rT}L=e(C_LfH@zY|L#m zijfYDWNb`Hpey|=v}2vEhaO)rm zMehUAPjw?}8&gbE4lX$rEv0#4ElzWZQz|?2y%dU;>Kg&utM?x=7ei^b(K8ksKqfs^ z@1PedFqf9(isJ|yS<83b(Q&?zqV7-lRf6f2cbQ@Tux?`S}Ahj z)CPl#+{`?`q|F?=7dNPovr|2z`WU{Y$0)`SOqDf9h2<>nhJO{-zxw?9TpG{PLi;ds zE0lwUdN9yqQAepEUw|UeXP(}9TmAthTGz5hpmeU+3J1_)4IUdybyk_7KgJ>J{4XQe9`hbNvi0y>&CeJzMSFrapZw^tkp{lc3|13wnt)Zo40WbMF<1LYWt89oeF5JPO&V_CJ9Rd z6>Qm8HbYDOq{84H4nzyectZr)Zx7~{=BxXk9_C~@w9OL0wvDw_JoZ-dp3Uly$kyR@ z=F|61Iit(3@w9r4lQi*OVJggX6JKMd4f0zTXg-*hn?W{c1jC$mHjnEy z-<6R*2yn{QjA9$pGj_}I;7bg9)22!5v7M>8G^b~Pi{MlVOZq-NEyB^`8WNu;P7wkd z{LZQ<=uyU@XrL4_HVyif8?>~n62_`Lb%fK?i*VX!TvA!+@2MI)$A#K$D#ZTk7!f|* z5ciL_@luVQHbP+Y%D87vxz9vrH?6NEW94LENGPQ4blH#FC_pQ>W@k-J84ty_H zuBHyx%?W%cjJ9wB(rZt}-l&Y(D4d+LE4L603aYuSkHgxGpAGIcj3sDkJo>~{Kh9qA zNpqzmJlAxECduA^K3#pLl#Y>FurTta_3xvmAGoM3Z&0br0}*?{^Msq~%LzU-AxU20 zu-MxVRt%E3ydMnMRj;SFP9b*5&*|^&#TR454NmbPISvX+4S^|&R4fj)J2P(CoxzFc z&>p5>)AD)ksZnPc1lfziWk|Ewqzs*hWpCp19ONzsPQnxl!LwHhs8q9tNn;v*ZxbnU z>NJ~hTsD#!6xABw@?SOSXPSC{fLo0ln5I*u428La1J?Sp_D?)i{q#CT(t{;O_>8-=mQotY3SjV_RrOpZUZ`;v$NE3s z3@uu|B*56(sy@J`j9tD+)1inlsl9^`#TiP-t;!O$aP&j`QYQAk2-m01NS7ijh<2g7 z6-R7I6WD_XAHFqBG1VME_Ff1FLOAwiSYbs)#Zof8Y7=?xV&LJ*^82t;{koY=SuCC5 zK`Sh$(VipR+1#Tf{k*e?upaP~)l1n6GaH-ja9$Q_>AQS?19q(D>Ts_ChNsKvN|@+Y zYXm>_ElqpL$A%mxnofIOOE-GIG_DD*Z!~9xtWl8%929jbMJi!(&lJ07WUYsOMWc9X^z zO4YA!1$9Mp>kab+Y!lI~8mCT;w_m??Zkq$K6wD219(b=}g8~R_RK7fcKZf?diKuTu zps&fD-Y!ZnKtUfp92r5Nio~dyjq0qN=Oa)MiymcbGd@BJd-D?_6lZXRJ{_s>UH{*5 z=HRa6?N|GQ?88wepwf0pPNzL(nyqj$j1tqklKy|gqt7#>`fUEy=+FNxjsDM1N!UBc z*Uj_sPTo<;H0`lvEURv%PM(V@Phz1woOr_S15lneAg0M8tUw|CLH%n9ja=$Gu?>$;DZjI}u9OMzO>vaL3u`&K zaPUdW9t`zNzs{!MT%OMO3Xj>u$)c`AI$!R>Ccw>U#;8@ayzT9l7!ccwi?Rf1gD&;z zv2SFj=HAsiG8)9}&04C*k+fgXEsi&9IA0h)a|^;}F(Wj3|MReYlU-%;^FPN?W>F)K z7Ouw|)4^a}?M;~3neGsR)UqxYmeKJJri48?5^*3G6%JM|F-!R09H9GiXx4(X;eQiV za?P^j?xDz1Zr!cwOf8%{Z!eo_z2{QhWIxV11qZEh&zxbAsP6@j(lHX?4NzW=VEkHR z+5jCi%8>>PtBmZ}&j_aQZgpN%XOlo>iQ?>W+YK z&fHuW;}^&eaadwz`gA6E@>xCG_H%gMM>ADbG{tFLW(uZ1lph3p{er7S!<1hCJ*U8? zSmy9yBb9raWphTZs4btVkdEh)^i%c?XOz>9@$ctL=Q{%fdZS&u$H|YxocsVgYQzVB z88P7XnU9<<+89`WrvV^o5U8WVY@qtnlA}Z?isyn-57>;EeQLC_Bg_9giXv;ZfaC(w zJ{jlkEwIchf{)h|BQ>SH@LW-$?CU@9yFjzrKg^N6zQuxW?uovtn3sHg>PP!Q_~Dh{ zSjF?aJ|&=UjNI(%+Hx{9SXcPOXUJ(?8x|be;0>&lXmN03?t$jdR}1!KhmnVOjLq&b zjJ9Tkh4qIPWX_R@Q^9w}9}skaYJEjRgUBLieO_=UkYEMt{-J-+cB-GK)0sHU{9=vF zj_@O>iBt1>44vFB^MWs15@HoE9qX;8o%d@WY}_S$N!7N5YyJ9lwy^GI{};eLwcigt zk%BBd89YP8iOEj?Ok}Y(n%+_QKKW9_@bPQ)sOk`)U6#|Af-x)J&gD2Lz!nJ6BWB}+ zA8O}K=!d-D3Qv?7fD)jqG^|N&3vuM$H$Rq9s_8BqhIZ;m>b_kJ#TI_EVYLjzqVYo zA49JleEgX-#czKNi`$L_hU;A2KU{eg9#;8FVgiy_29jaCTb*i4%Najr=4x&YOV@sD zUdLJvAD`IIgz2_i-)2H1NJL@*ssFrwecJv^@P1J$`48XB8du0v!bGc9Bg;Q!aXj;} zDNBq(6<_ZYet!4JB55S3e0B z&DOu47ur`QKPIOd;Uq?6;2*BT`qro5-n0W@V}L9mkA{C2Tz{_qKB=ZKAplHGZv)Ab z8ghT2LxT@u{QvyW9-xN*hzZ)zXL<83F?B3;6I~W9^=M9FF-;qw4Sl1`_ofTwhlzzr zzD{H^x;SG2b%>MvSJ?4?h+YEPq>W6$ISqv=KN=?{4F3XxD3Lv4y7y&xIEPPQE;Y?R zsgR;*u8VY~solQ?c}BisSX!LQ)MIL*0qdygHII9{kqaW0T!{KY>Y9~t<`KMR>Na>y zHQ$>b-tfqr!Zh@LL;Fk1IhD1<`X(5h!^r4Uv={Dpm>6dB-s+59szfCn96sY0H+2ZhD-&7*^IRmFdN~)Rv~YqA zYv2_8v$VMS!C|+aL_uHU)_CO5gEKLxCKpjK^y`PIg>B0VUBX&v1Rt$;2dP=WKv#XF z?5~zxN}_jE$|D}9E+~LQ7`2DyYVT3dk{r8(t7ZJWRm^OdaS9aM>=~Nft9|*qW#+tf z8mDE|kYq%#d25im+NPWru2~aomgdzKD@VpsG?lnSDRvG-F2<~@&ha>evtaZC4HC#Z&DX(pw z{JkqVmR%Hm8y`+*bi;8Xk~tq2#9i+ejUsDE1yQRgk!hg~C2awPG42w>CLw25X=!iz z@uOn2h5}dw46KHH>MCpI@{kC;c7jCug^Q*{`_DXB_}7wD+8p&)(w_kAl&4?cd!1x) z<-6u59G6TyXc)^rmJ!5T%-IO$$=%fQ>)W^%R%{`D%O<6$2Bo6N0+>zDH+?y(-ef6o z%WpH1_HLb&c3Kgob(h6M9MsmcZxC~adP1T}hKb}9a^o6uo_?+q2rp2o!-A&L)2XMX zq3%l=5lM57?}8C@@aD69v^JBn<`C!+cZwLM z$acXzwtURBf{e{dH~VlCtYRtN?`}sdMAL#mO9TNbkp%ySuyz49WaSG~3Y`9pIixGC ztVz}z56)acgFX1fA?=lTLjfdP>aI2=hRentSWqGk1B#|k1qV&y`(Y|x?Isicg4Hni z1tr6j08kd)5|R?kza_5j(=kf#t{qs{B0AJ-mA0)AkEQ5rSwe#anC^R^*op-i#g`r{ zX|A@tFUYq^rID-4p%P%ndzkUCzPlx#AiqOkuR^M@OUbd3s>BDJ-pbXeD<6g$yS_GE z4%h(=$0=U^CEi#VCB3gJ*dO>Acu#!M13ec$>B8>nKcGn ztsUhQ%PNSih`WQ>E76w6n)mTzF>X zhIpIdUk7<&l|)|lqW&c2rb<^B@e$@yyz>hNPv@3@!FlECj)es;H^NppqoF8AYIP=# zuKO75B^2S-94?had!@{d6=m{Swk21Eax`Mg182GMtA`s5E&1}iMm=2G#j~9!yRy=9 zDdqzKk$|8&&1=o+`PC)Ayp|3QC^ zgCZ+jhy?GjR^HX(a~!t3O^CrPA3?c>fF+SMAH8cz#wM_G;d?u6i+q|0vZ$!Q%1KQw zI$H+kBqzkb!`tYog%@61yv}Lgl8J{HFXmv0-27$^5uuh;G_1=iKFjlKymD&YYq&>L>%zWh>sr z>WIBm3I>w}<5mT^g^d+>g?nf#=;qed{MzIsPZCG2s}1f|xQh}EsA5vKdZz$(sXLyT zZ=I4kOB%1B3*O)ItOOQX|Mgyg`RVxh+XUxCj)2{VuL_1ohXNgGUbV!4i=R29p&(>8 zsIr?%tGlE}@ftkP$h)wsl|Ar)548<#F1AeqND&jQoJ`?$DB$BZ4_=3sHNiGRxW1|8 zvVMznjAJcJQ2`M2{cqZIdzpP+IBpG)^Ekbt(~@Ap(RB~#2?)xfzo_#<>qh;l=S=6y z9v3{vq!_|Qrcw~%}>$9Jt(gRFnY~Fwg$1uyY`1R*l z$5uk;)D%TfDdR>Qv=&<_dR7wK3R^QI91;~`JucUxz0u907h|Nk3Gs-sIL;=$9Io3M zDb9&ffyBlg=aD!5+oKc|3vJDQx}1#SRD7^1^HWNZB&sw1>acKS9}Vl5QbIEScu0nR z%0XB=S`isVR)F-eNqt=KtOZf>yaK>7PpZrUH1rphUpL21ocRk4_-u83@z-|PU~p_o zbgcR^hP}F4PPSe)Y!qUs&%6J_G0igll?zUy{_amRs~q2#&xn+V}Q|w-hGNFNJM1g{4sa}9`g@JcHu=KmT?{p(^Rq)yUaCbMXgCDTp3@8M&7=nHqJ_&#z?7~gV zC!XOYE)hPS#O`=ic4r(zGsQmk+3>ws(j)vG$k+R+o z6ZNj1$ToZMtZTG>@FWy)HGg*ofhZOJuQ}C^9mhI;1r;UW}#=fSm&V z{%y5e4`@jQNQR$)I&h21$5iqSvUs5j3yRS4A)CuTKLd`v%3V61i@LfV-@&~i_}QMc z@`eG>@h4$a1hvxH(z@B&y4k~Sqy)`+!}>jsji{CJ&rijFyb9oP*vSkGXaMRL1p%)L z3AF^2wC{ey!DqiVO_#vuV#vMkac9?c2OsVaUYV~RKvNI`eg4S51td3i@IE0eg;ZOh zmp}^_XJfm%kI~BqE8W4C$^=*wd|teb4XAcJ&p@e9tGuD8Ox)HDX&*aU4O~{AUtA7a zZP?rFDSK~p3*?V}eg*oY1qiHnP3Uw;h%?hjEF@S|spu_vP@o8z%4esfLB+!I!l6cW zV|@k+pakeSmX=V!0=ccRn-$f{2W`&VUqC+K@!3-_lpI&~1=NKCGYka05yiI7<4TKJ zOHW)LXnJ*Wo~~I1CW>(}nl{vGKtQ;_?S76)fCHrGPcvZD_Nr`uJENMCMn2WH(M!|0 zxV6&2qpK5W8W@HZ9*6#AuOMKwS?mFh(U*K}a%$au50^bSZGU%)3Fb-JtPZ&Z(f7taa)SyqxiMPo`!J0C`LqQO*0tgn?6}1A%sXlPJG4)>y-~0Lk^FlQ}QZi?V z0z;{jr?uqZ>AQ4uQKl#6P4X-s@UpRM!ed0ACd6xNSQOJ1Pu8=UbmKGjyJu=$dQpux z`~V}ixx4?WV@)Cwy%CQ%LPIk`P&gk= zfnJS^qW2SmKnEQBD+5Y4DY^KMjON=hm$}r(cfZLNe!_>(|5gc992g&juc-i>r@`5r z6QZ7*1`Ye51kr<=Nn)4OGwVC#eId>oHzQr)YTy$RK||Ip=0k` z?`IDW)c*@}?;X`-7wnDV>#L{;7*Tq83DO0mOBadKL3#)2J@j6pBE46oOYfb~LQ#<3 zJ0t|8_g(^o!1wT;b=JM>TkHIB@3+pm_gVQX$+OGM?AbHFnLXQm1!9oiFL48iNM>-b z@wKn}Q<20lTF)Ohfk1ACw4+jtmSzr2On4ytYTBlM`jO;w5UA6k7{)sge#84BD<`2@ zEi7_=kpZkRm%nmluX(JRm&ki)vVJPSp4Z0~DpbokHGXT4BZaX6GnJ}e)wbsJdhgZM~{PU5Lzt1=iAMev0 z7ghNTZ&c|g8XD_s2t=W9TI1WrP90BnTEZ)?tizYZ8zW6KG08%Z#@Q-`uaj@8`3jwI}C^Nt9`T23(edjU#U;o zzU2W`1-S370Cr`FG8;zy82JRIF_*2BJ!C_8X=4m=6meQwJl&Qy;1LlSxtr;`6qm8* ze$@bIf+IcAlNjS6YCtZntQHueA8YE|!TTulnz3j3{&0SxNA5#;_-(jP#Ts2L*wOqQ zR1tB1fya$|)t1i*&NvZ=%e(MyPKRD{^sh9i+&MV^vdpg3K`1#45?{uWg zdtjv6E)%ggxXi>sDBAl+cDt1^(AP;&AUB|MUDiedh>0{=fqr|0%=z>WRW(#C-0H1l z>n#YTiwoujXolv8>#4q+{aIXHs?mO?p!W|* zMRD>13eM*AOVo9j__UZ+vHv+*{IY)JLkTFutiWlxH9Q=9Hr;k@sW`YhH6=plcT$mg zGxvlx3P3X680$Z-Hr=@Fw;XcD&tH47qtEf3HhT0wkXoMi@H+9U<4lC#WzjAI82M@Q z@leZ;e^BcH-22I&;6EX_pR;$lf+$AK`oGf>2bJu%`W&=iXnnUi$au%6lb6RPSHCZ` z+@ex=k{R0S19nX9+f#P4pXkY6J#NepI(D?k-|h^@&3LH0)Bwx@_M+F#z;U)$kLi0z zN@QWAWgf2-8n2e=h+8i5v3uyF_>7q@z+Fe=zQ9jMe!gn0Xhz<>i+wI(5cp`SC|H>~L8#LSmi{o9QLH4~aEB$${WfJ^mp@SHs zn4u8QtT)rOigLi}8w8ii09ZBT!O_P*Gf9<6+eW;xQ@3r5Cd|fLJ~b$O-B7tk<)q9q z-6HSH#fJEb4%!v<+siwz{?NKTUfXu++!z(|o*9QFZz(TZy_zHlU2brHU5-uMX#6OC zv`l(`cxUMQ``-mu2g3rK4==(mpQl?rNA=3T*mZuMc(s^muOEl~`{8E9vDhU~%WtL) zm^C&~IYi`daO+KqOhWiY#C>JJ;vjSfyw_I>AOGBY{pM(VIV8l@C=ukeINkB^SV1Z& zRjAQ74FVA~>J`;|p8zmLEo5UYJsje?YqP2d&Q>1MXKGaz@XU6Sry6IV7UjMOt&)Ve z9(T>#`jXmxm4;+)G$`|NV(^#V9(mhLN`+T)C2=x zhGh7#wj%zyuK#86NLCP&aT6pj`DNSI;!)$DdM*wYg4KAxb4#i~Gl`4sMuH`=MuUi@ z(dxF!fLBcfO9%qeD?4f`t3FErCjRpefXCB+mFc%bQPEA!+39^RIs@vHm0kpec*QH% zV!w$&mNN(}DA%C^u5tP~|BP$PWL`<`#`X$S!qeKkC7%h|KV)1=C0BeTdvcnW3gP4I zeNmp0ym6EEp-281P?#bsrgX$t210zZV?G<(I6(hFevms_0WQrn-ZwMusQ52=qyhUd zircik12W-^v(4WftPPB4un-DI7@>WxsVD_4`T?G{HckwEHOZ&>puMn`{rlug#>&*x z+wGo0^zNXDPumVXZ!F8`>PmZmFNJUYj$mQ|l#(A^)$2^?L&`lEyfnu7x{nAM)4OqF zxj)}g%y!%s4fAr`xL8y$VPm0vA}OoL&8x`F&qDJTj66ZeLT1J)CohlphX93?@M_kC zW1MWJYskRMju-Up339v~ydIP+e?9X2i=+4A*M8ieqYKkA_%M|~gVXjAu4#?<%+MB% zX_=}HAD&}Qc?l#_GdDW9l^qgyhMgc7bXM4|HSMl@i*?3Sa<}FzzVUHv1L>(t?9O#x z+ML(;+!zvX#4h5OPk2wxEF~_sPBZ5<2i(@!^lv8i^kF#XNE1zK>gFIl1`gUh|!=AD@fGFF+O)3VOG z$v|eBNVlIO4A&8$w3}AC$Dr-`Tis$oq}cML+6V||a4vOaG}9W0gz2+z>pzJl63eM5 zE=`cF^3SUBj~_D_=aZ$QqTD8<6mbs>??bSx)zr_8-Yb}(!z^$H6{`Q@F#OC*gl$-`uI#s!m@WG@#*t&5;xIYJDmN^niY z!z(Z8Ac1$X(c9vo^2L1f8$j0yI&1ZW-}p&@STAe>d%_s*gEq;ZW<|^lMXF;D#!PW< zO{brIFP}|=mC8Yc-J8+sZ%;q_mJHQYW&pJVH4vKEz^+S=6RDh+ zq&9`$w4*PA>_Z*__!XCHsw6=Q3BuzEsId~}ZdGcuvBkexLNO1-$)_I*1~xZ(d<_fv zdyvme^OiOt=Z_x}kkqW4Og#d{COF6|Xqo%D{P_~{H_pFY#&w+&?7XNAP0|>>csR=l zUZN5&8H>>ol2uLM)`4rE`ogtMtDnUZV98K)cDtkSoDdl+UyHmdIE~0WXSLT588E-s zFDGMktV0r>3saW>Ll9)ad==$));Zdp%PHDEa)A|+#*QGCnS%n)!_;vHk?E_o>`xP~ z1wgU>%ZYv((ES}#pKP@RK5L^(Z8am)5rvLRLalmVK!5$zn0tCOF{oC1XGFX0qf|EqNJ@wxE7cx7DN;4j%_uN$rYH+;@>O z#gUe0(4>3^gP&&Bvl{BmAoAZtq{jlRg04sT9c2d-ZL)wT3&PEsfrJl-6F*8EkQ=}5lSm(U8k?3@s1r-W5yo%Eg?>3U zaor1$FgEc}vURbBjj$%6qPX4cIPGdhaajs0n`hj7sD3sHfO!CmPF5I|Dc9IFL1kAb z_dsrpkW205k0l}W=#!cda%sEHQEhwI3%#thZwaL;KIkKoJwc-`mGqjCP5T4Q7l3#e znQN|n_60o@Y3emG2(fN^4$Q{GWkKAlL9$Yr77vfZ@pvyD@FqS@N!?av9ie{RCld()nF2$%ds7>nTXfnhyQ8Jr=<)I`vaFzwf~vovaxbvlowfU}mf zdgb|=SRmWu~8wW>^iS(F71Kl75kw$Iw$g7;$ zm-YV3$7=%U=3=_mDn)v$8v0? zK}AEexu?f&)JZnp;*z``L#ZraaBnJ);$*1u3Yd8xQ2%o?fEH=@zC`*L4cgVH!)@V4 zR;3HMt`GM%*ui9H!$gs%1ZayVqn9OP-TC{&I^^4ym-7X-m0lFUwi6kgEAN5&kSH#| zH^l{fS|E^>_UlfUqfV77_NSBMx4Tto=5AADV{9xl4t!NL7Y!?J>05WKF`| zOcMf}tEi`-Lz>sF*&zch4C)Y0>VE$HB=#ALrtm0w&?tEHn0C|BuGqPUoCNSGGa4CJ zW(Qr);xbd}ArP}pP(X+)FuR^o^~;%vekRSAgM@lU)>rdvz0ZAPV;H+K-gYk?CmfDU z!w<*1!reZaV2Hr^=Xo!9`JJr=Pp2L^J+q<85&s+$VkO%uA~QiN%}}PLETkBkE60;` z%VasJe4ddV-%>!|3UXo|PZx*lVbQU6mr4|{gkqOfB2KxR;-6Qhy_9YOdcGOId?D3= zae|S=&x??WS&BNg##LJ~t|c-sTP=9Va7^Vnu#Ktu{nHkzs4?*y2vb7E_a1ts9!G10 z0vpoYvkKoFvzM`P98vB8YVTP7^ml6s4B_)L8q7U=CfBPqWv)r}NP+N- zcUO_bcJ%yOd9E z&zEwM6aviMu07QReS8NL@$6!qd!TUngr$i9?xJ^ViO6k5px(B>_9g-Eq_I=p@_T+o zR_!tkj!8)Zj`fvfbVWcH3%>K(W2&TTts%Pz-i)n3DtGXplwU;~-eiWny5YTOv`JuL z6Sp4l6mkj5ld0zUlnhFuvrG~^%YTgGeorw=?PRemy8A}OMq#ciV~bIq5mr$}8qRP# zKb^1NT3C*0J-Hmn5NLmP zuM_4RRdl3D3n0a*&#~>Pm*~h# z(;HxUoj;v2XZ0fE=Pw~&FZ9Y?$YV=s`6N~vREVDE4WT@{U`LNlC-b-SSlrNtYA)CT zL*ZH2zHlmeQhc3?0_K^JX>}XVc?sWpM4)&qyB0FJUCVbV;^grZ+YI1d`Qv?}LJ}U6 zaXI>JlYrLRxFzbX-06A;C6?*(Uz9G9SeiNXRT{JAli==BaTEaZW~C+Q^y2l1(NTCf z#O_Ewb5@>ty}OeT#ljF*_B2BU5MNeZ*j%WINZ{*97F$b!E<#k{^-cry_-`ig7;{5` zT`d%%awscQGp!EPlzUJ>MbgOQ)m@oj+@X5KY#DQa_h${#6JUE1`rvrM6QGk)+97fH z21E8*>{?(1FrE~bm52b}Da*4dTumMeKhu!XkjfD{WCe$v{5+l{*q5T_p{MSvYG-+x zUfWmF$viYO7%HSBz~r3gy~bxQ@SnK=K9Ru&c%Pu$`UGT~xAXRpRvL`9KVp7!laZOon^H%*+9$^nDBV$>5T?b_hByo_$L+$PJv}|;d^rRIYDFgnZA<3SkE0bEk_&x?UIh^0K|KK< z+mgutPuKld`ULvYPH>$pQn0R>MvIGAe zu1AcIl%a11eT^z^;gWE)Omlc{H8E(QPw`Mo1p<7}>rmdWn=8m@TM&_6U6)%`A?{;b z8ar8}TJ7F9Q)Oy&zJuf=y|omuZ|85{Jj}|!_4msApFO7$P=Nr(HfVE9OyPx{$#$R$ z?s6xvs=tp;wqNbV=?qVY=xE~39D`J_`}LZOD&SO=k98@YcCB~fhlczMN93ixGut~7 zm8C{xYp|uxv`F=H5k)ER56Efw6J=^xKVjXd5@JX5b0Bnl&n^Uc_^iESE)PF2$YldRtP$EL$NBcVpY1|W(qO55{PBJN#DE^lv}WCT1yfpxl)r=W)^)^iBx zp0hcfNJ+U!p4#9{6*CwtZV>S9#dYt2MVI8lP-OH4TiFrKYi}9p*e_g9t0~2(NC6Hc z9jVrMTBO;m%XnFb#vKMRtx_->yS~DHO@fWxHu&j!dgw0x%x{+rxFy8B#C-_A+Nk z^?df&kMf_dZov?+&iYW;EmV}hO6#NeL4-(zNZ#I8e&yB{h6rDthmp6MKeVs;TQQU8 zWG?BMy}`R)WCF)}kdlg^;>FIra4%0r+lA}*K}yNA>eVj8jYH8dzS|cZ{q)NPPz(Kb z`&4>|4BknHMgN*cFThJP#UJP;>s4-8XfO}GY^g)YUCy}fPTvILYB)F@vN_d0N1m-0 z;X+i8G`4qU3M>J3$Zr`_dhW(1)N3m`Fn)gMWgVTsHGVxG=zdT`s26d37?C$8s6J#r z`?I_U=#cUM0yPQb5od9NfG5DLS{XTb5E0fo_vb%QicMa&#erYMK*<&lTxa<9tyb!z zTYLqL23&Q=4(El1@|K}Oc2UUVO*I{7z*T^{o~#t9GIdtp0rbcSq4)nGICG`L%a=7= z__v23&^BMHw4YxK0tKiLJTlV;AUyQ{3f<9VSg}_mZ_GW|di3B`;)ez^vp2x=$;Dh( zf9sJR$zT6IPwNEMi`y9)$|@Ya`hotaU7UJQDNmlfa(?IJrTeu-J^vn40Yhqtok5Z& zZEJC9sU7C3)xwC3lVW!6&*XRDO+^l5%11k+#kl7P?|~i;c6O8_!q(O`Wman3roPo{ zTSf=ynK$DVKqdyV;O6gy=H@N|{qNefbn%Hn~Lhf>_n#k{jq_I4&a~*7_H)Iy$V($$17W15D1(v>Is;3nT(|RrE6o{&36xFY; zj|JG!;MM5eQ0Lg&vu>s_%jPvC+(9FzInQ9zOqqT;v|#^8p{tcGb*KOsc_xZ+)f!ai zXSJ4-i41|hdGj`DQb_ZjgW?0385`W`)YnfTwMR#_58yQeGu(Cj^x!gmcd>#rYmXY7z~z-uM#dEF6nU6&(uOpx4A zL<*bdw2RK@za%PY?;lUHe;x}^QI{iW^0!@2`lwX9)+_~kR8N$u4PV#nzw>%tuHGP! z+c2jj-#;G3s=;E z-MUW#9@U$NdqpCu>%yKv`#A+GDudGrA~i7S5`xX5K6+VWeEh{ln*-{DRZH(vM?J2Q z6rBPz`2gzz)`#{{V+DXw;<`lXkTvFU4b5XNITtcFJJGJ%@mA8)eiCa@aU*X`Ne8E% z;1Ja;9ZVr9sYqvUxQL=v>vq3;E6EwCJU?rPy^joi(KOE)iEUU%!OOA>F@KokHbh|1 zbI$%EFQBXbNo?vJ+KOdRsqaFLeW2`VI zuSG|3=_hk(t$X1-4;{Cw`I2Mx@&(EOf!vHV0=A`-t(4Q10Yzkql+dx8mOiL=yX<j6}n%GZT4FpwdWJi`LWwzRvuo!3)B}E~(L|~X=N4KxeO#|s!ia|A6mCI9% zgBw-bLYA2QZ4sCURK3ofYy2Ax$20T9phCg#&s*5$hTIlac+j3$3$f3@C|6enD3r@& zQaj0?Jc*^@_h?Suvv8amkoWaw|33`WEZgQ=$Q-Zy-v9qV z^8bD){?lmJhCuN~qC;K zq;^7@>qkL%@pP4`JOuH6^1B}n-q2p1kP(8b`AdFc=Y|T9g3d?NFdA{_pbjXuEOT3E1Ga!DbxOHC6mi=%)eCFz}WxmG$Gz}{nSG*4Z6kxm|byw?U(RsyR=2o4uc5&eOS9B+h+J3!~6w{ehMP++VRhJS#NHA?=xoA3r@bv7N z^8QG2g~WKpVSJ8ilGx0w{O^+E0Cq$Fo~s8HRCwhMWv}%0FleKFKeKUGEIyV0<<6{# zDNL);uWuhPZkHw~rt5zs&dJ!jMXMDIBM=WA-(yEB{5&@KnU(iWC%OwVsy#m4j#F?N zvtlq8Q`@9|QH4f_CI^z)Yy%HhIy#lxMctAs);)H6s^pn>U*0Ky#%e8 zFX%nNwnoikJ1;bzW4eo94=T1^I(^?|UtXvJf;l?`aOFKdSJkcZvFu&cah<~1^Vlz1 zd#5d@Ndn7)lPt{NIO*(Q#-`|^3QZ*%${z!}h*iyn&&#B%8P&S01&T>j)w%jx#l&U2 z8T)>zE#ryz0+#PzF07&7i}cU?N=A;`m*Jeozc?X9f9pX{?VGhxXA79Fcd<>TRQW`^ zYv_E%RDt=9Br?6{P&?;?k)mz8KImD1l~N6yRolSAmmaK<$w4`dnbJenTD$byKOAO0 z2O7_xCJ3HTb6JApPyD{>MA8Xzc)D6udTS9GRx~z6j`qDA7T8^?wvY1X&Ixy}#O_pZ z(1r{)bC1iZGBYJuGqY<?sW5-r#2JN!z**C_c*=y5pH#efwbv^FhX;5gHu`i&Nbeh?(}Jx`Se@|NBnNnj zlM4hYYE#b}oOUVQn+OU<;72O?V*gmL&IKVe37pls?wy8W3;TvH3fkn;kqfY%$IBOP z-yYrmfNuOFQnMi7w!qQAYo#v-m7HW;MK#IaYwTZsiy$_t9p2+oEFqbEpiKByP;b5$=h zajO_ZE%tzMVU~b=NGya@0DHBmra_g1eV@BRTVeksHpq}Z9X6JcH@>B`%1ORCEe^c7 z_A7p?6S)ny&ySt{T2y8K4wAc8vumVHb9LFV+lOcJ?YnGQ)q~o#xh#)@vpsU*jvcy{ z%>e88x6CcD(W3#2)>k6YeCoMp-EJg4*pu3nx#9$pmeF|_9@zOLli@CYDjT#=41IpV zao85w0<8$XzS3p}sMtH3X6mME+eVM~iDEjqnH!WNmY5lp``3UxIAS}2@9@joby48eISS34l&of znD8pfXosd4>vXY!FmkmKgRbTWcc;|v4*9&d3go&OHSG7lI13EUz_p)+s1av(4qjh7 zNENJo=iG9|91syf3qjBKn=6-WeYmu87iW%`za_nH7-Dxe$&EW2a=00(=G_P`)i=+x zDq#${T46oQ*ychRYFk|ArrfmK(ODB0^&9crNQuCK?1(ttV;vNf2NXNzuq!rc6jI^a%=8B|14Y~N6YQ+oq`mDV#@-qP(_`|m-%b}fpM(|jrWv>ZhS*$DG zmWx`3YC+Mq7t1cdlFqS8XD5=ac>!5Fln4F}Cws(866|q6nGkmxh8(sk>aEjk;r1y? z85}6)8c53*4+%1rw?y^k3fL&6U%qR;?6xdq^i3EsTvj83__^Rg-KK721S>j7T#T>T0+iV}1DqE;4#!tN>3f64 zQ1W5mMFzjwUxB$z_h;q%ng^R#5GYpZXtOH`>8hE8qoFm6MY1l^zJa2dM z@+t34PmAm`2o+JwVN=O{nN)9dM`pTz@R&@0f>uV&vTidVgW3FbA1KbpFg|3&`+ti3 z%0)a5c7JoXIGpaGfBUk#xY6b1v)>f7p>qeai3~rxrkEt_}}+35c(JzZ7Nu1SjsHzIV_~)CjD9FP(2#1<)VZ@MDaPU*S58? zCz*&-;^Exo@v5%#M5r%mo=>z!cYytYc)j%r=>`XQUR?Yv&MCh6eSxpnRr}#?g#snA zR}b0TIA99eO`}O(lh71}0t0OwkI&+I~69g~>(2uk=Cxo9Xl( zMGCSBoN<8#z8`SjvyUhE)7SOvmv6uB<8l%>;Y)PUGy3k>^dvv0j%DWJB1yThsIZWe z?M z2#hS;2<#h|^i2dvN56jDX-F(qF0kKIM_fB)aP=BP`6A@ghV0rfT-pP6T5w!2sTiPp z-o7KDS^@oxZq6;g^t@i{tN{n#$71I%5!SkIYcm62WOLowX=e|kONu`9h3(|EYmP1# zS5h2n$BTFI z^ovj5X7u%2j^t|9kr_5wjjX+p?Wl6Ip4tZMW!sBnuBFX$eAw1H^s~Yp5(Gsg=QI`1 z)?}S|Li-xTJ=!)LRo2~hr;@}UcoZYg9sm5Hpu64nhKcT)kQkwx>Q{Cc$A5QsQK-#N zXRb|z$`~ls@to}JMXWztH`GRZaLuDF=Z?6BCqq5&MWr2LB1QaJ5Fcz)9!=Yc{S~0+ zYwtpVKM7B$XV9YPWCE%h!N<1fm6y>lrKvE9!gN{S#IQhOev_L4CSEyDu3iHi)ZkeWI5PB~b#R2WG}U@rb^{#?*CxkwCnL_pp5EJbcnZeavFV?YzZ< zJ@nuTAusT{t#evggLGZf{@gODDZr^f1ycgcty!sgxx7|6pB|*-y*i!^i&PP(y>QPY zNz{hJaXpJR7_~uc|AM1Btb#jM>B^$sn9X;1`^M_MwCOl;Hh(J4)_{bAe=m=|Ez>F` zT+_qmhTig~SY{$K0X<_Qj=B!ymYgwbzJr5j{NjC{-xvs(Q{Stb6m;Lo8-0&Vvtz8+ z9lBeJ#wae6Y_k#jSzdE)x5^t-?CIon@>z^OcuBkg@8yzhacJd;6|v{8h+Gd@dwSId)bVBoclNRL+Q%PH!5w?Ao?lW=N6pEV*s zPjuFnFwonw4sUzyr5L^{PNT_OG1|N~hkNZb| z!OnEQWXJpT0u8hbXIA2SKGLS!b`;}m1I#9ix7I?y{)CQh>jl`^-*WFghvdw_2FBW> znsgPlzjPzMQk$azgZY8{^dq;T2S9bdat{2vavbU{*mw3uoZU?d zD4h}m$CnpG+Z`Fp3mQ@BFpuWtYG8*Gw;Dx zb4;IcCa11UAUkKY-S8115|wOS>$qITzb{$)W7b{p5uX;q{H@+L&)bZfUwa%5sb((4 zjQDQfQ9_Ec6b4PMPM)FZ-}2}55bid22k0({hl9T>aVtJ^^j$w&NE_!Wt&-Ml@{H-= zu`9N7=FI7YaYb$Uc{J?Ultfc+r7Q|N8CIYyU2%h>ORYe;Z+sNlE<|rk zV_Nf|9Y?5{$y6G?;hK)~)6@)`+=`s4IwIdq6xUNMD*bR}5@zAviZe(`=R3%AXp?b& zlF`xx$4R)qf1T?4BtOnz+O8s)RMa*d8bxzCzt^Y&gB?OstHnefEBgx%Y+ly3HrH4V zhrQlltUexth)U&~uQQ(2aa1h?U_7|}9Zl8>?{at=*Le>pCYxZ1C)pkQ7HEkpJz7m> z{ua6E^bAtyA96Aw>j7*uegi$H>_bke0z(h1G#x*CoIkLo=j$3PW$fPtESqMl9+?Q5 zxnlwQ?PnEwK15N91F!U7w_elt+c(qVDqjf-WiON&b{*fRfCYQGrN*eJd;MeI)#Gm? zn=xO18ZI;N`h!la2qtO)Ik79~)_qS3neeNxTIaT@j5v$JnG4qtR^@Z?gRrJxBW2U{ zRvb8vH#+0IGIVf((!K;ERzc25&hwO^G{vUjqm17l8^OfmR?Efd=iR*Vrh}AdmxF{= zktm~ASKGh#>d0On{-c{Sd)MglI@nFOY-!U^uPru9-2H|&_;1{5_`YI+HyX(W_VSVK z+zT`n5ghHb>^jHPK&Y8Q&Z40_cFNS|I>Q)i;yLrVrJ=b4EeSnLWz%A`)?}keL8?jK zEY|>0Md4|1P2|m-Xba+Y{0)x2xcGXJYZ$oYJx31<+ibbP>ZV_+d)rWR|CzFVpAvQ6 zj{TyGOc=KuAx8=t^ZhI(I+$U&2Z+0ey z3Ga>V4`$*|wuvxYnNE8=V00cEnG}-Zl?wsb*fdWnjT_4GS8dCNI~(o}!$Pqvh_QQ3Mp^^nA7h&3Ua6@ZLbs{Y=i zN0|S{w9@}FKK}vWz)#h~Hs+xL;S&Fb8mJH+bOkX!R8cwEA^u)S(3j zalo#Igv`YQ_wq$h!;XiQ{k6>jZ-{RC%GRQizyZKFe-4%x#AsdZhw|3^^^{jI8Uzx$ zUdzl(JKFzIpQ)Wx@U@Y|Hveihe4(xGqUcR{iTlp1;L4B>(GE)G3gQs{!-5nYb|dCw zVHan{>9b{IB%Y@ax0-PF5_d3$Y%c)8qn~gO8p3JXg~olm^$ly&iRhNh%js`x=`KVo zYp?~zKl2&sB}y5NzN!Z#52ehE{9D6yfn#ZoEr_VMhWmyFt8=Y1or6s*u<1JsqnO~x zixw^lAhP^(L->&w&)T7cd%3rR#ZKXRdX%lm*-m_U%a=TligM?V%H;+Jte}$wB87@= z4`HHhdD;g0ef@!3W6t?4^D#i@8(nT>N9v}e{*6pc^2=%`02P_59U74an4>#YA|_Pa z{JP@4-HS4ufMC%YRM0C=&ZNxFUG3+&oalKa8?oK!k)S)he``V#^56??J6EC-w-UH; zN^+!Bnry;N%;n*ibP>fSaO6P~MOuW1Ho@`wauYN&*#CAgHOS zclPRlmKrF;{s+^^|7$Jqf0*ZfyHI~v14##Ey8e0eH5&Z@l^V`AdT-O}v#5SBE00p* z?90%%mt*|l{NI$|hY5{Laii_M_j4znK-%Uv`W1A~fk>k(!0kg9e^m)F?a?3m0LdVW2{+_DFFXnzG;sd&~zR$uQg89i^;uLfnj7!hY3nZi) z5gdYC^M3)!2M@fo7}=J?wvIZp)49;oN)Z1Gi^Y>^xjA(8+F|5{$L1=#7I3_iYI+`R z-{^G+Xn}G_kIOC4u}C0+vrH%m;q$%ugd7%tJqVtQVre13EO`VZWIQV8>>TfBv+?>R4)_Zz-)?VPY*C&=O zqQ`R-QBbLjO3XmygdBdGD)fSK$7pRp4C&YqmA^N^%q3>RRxWk(ko_#Jm}C|k(H0Cm z-44tS_04~d3w*_HIeEX;HNcG(aBhp{^OO=2jhy%wK6AI;HBA#f{h$gU%A1LRtCN7f}y5T!-F#bBRVdf4eyQC#WTjRj>@J1M)NuRa@{{41 zO|L|)v@%`x*`;!O2T3f`7CeH*H2scCt44Chh8%|{JWWAf9DVAb=?XX%>fCvfc>6w%eX`sS;vn`^cxra=c z)W6*9^|4F~?*3t(w^!VHc6ANs_F&v40W6KyyO%)r2YS7x-NNrWTn3RPOP4sM-{{;3 zw)74u;G_0YOs&Tt4ts0xz467r*E$(#3<89)k&{TFU1A+`w3|JdjtFRV%N!27?v51( zS$izl;&U0cI$tdP5~SM#6Gqk-Z)HY{9*!y#f-~sHCD_Uuo%8Zfa&oiU?5&n~K#dLJ zhj3Hiw*Vv2Qa;;t+vpS8gpX!Vk;K zBPlLGAJcob%)lt@73MD4m`kAfbGgjUumX71$HOP9jiL=_+5tK!;x>095n%acCfBr# z($=S_F&86P$gCs31)26UaZU)lb=sp%*YNl_U-)o8!{!y1%=Pe3YP9HieW_sgwdM<} zsgqd1ftuYnPff9(IqL;tWwFsp7En68xdHuD3iM3;H{-g04uLrDtohc=h0w0JGAPzP z+RtukH2bXP`{|iMtDVZ#YJC?QW2B$F*pKHg4D#1g)3LkM=B_g;${ABR%Ro++T03VO{W5v}ReNf|ivu(&LCWeW%yuV1Cfb^84v(VvBD<$Ow?!viDv&qhGWY zC#SZ#t$Xk&;^t3(o>VhXA-fKWYnFrvE2aqy+2y+Z77KU>kt6miaBubW@(P{En1MqL zuQsmz{dfH_xlM|?hgEM^gPWB-1cCF*m;17q%Xbh_hJ0lVyama*>m(y{!XRle7#d2m%nEjP z$0prXQb+q@Iu+qoIaB8#wHv#ssI!jX`ynzNu>lf%nlt;t7bz{D&lYpu0!KV{i1E3? zjxih5rq(S>7W0;3niT>cw|0V2VKRfk4lNZ|E^G_uzcApFtk zKg4}_+q-w)rj9lR1V@F2$P~1C@ZC(~=%)P7>P4C%l>V3WI4%sP32sk!e2+moybl6- z@#6*$yVyYl%=BOv_mXICUV1a;CA;tzWKv7n_G(Y3KDmw5tLZeVBbZ4w?@yfYhQnzrq}xQ1wSrT`qaws}9zza* z2vGO0qTdcEF=KOgz+(qEi44DP@^_a(EG?q;bl91BZQQrvS~Av~>9J^kK*_}9`dL1{ zF(emz`6IsG?NC?Jc}FHkDpWI~MOxx|q#gQdUxZdKMNQqM=vFc8LUI??FKgrO&EZQq_ek+0&|mzZ9@$$Z1!CVsj5uqKb&KblD=5ryj*v}`Q|i~R)l+<; z6*or>(BOgtM^g`Rlc7v}KycRSET>ofj=Taw)_X!pdOd-J5QddTnUSjmX+TgE-N&wm z;f?OZ5fodjV1AUQh`xqb)g>7S^pN~!=865En&K_y{`lrS%G?3|m)Muxr3IDcTURhj z+wq^jJXl=LS}!N;cJu5H&ot6`qGG)9ql}t-0;~0NPP#k5&I_<;Yj%Kv2=}r8y_)1# zgj~=t^>SX$5;zUwi@k zRKBQHQ;ujFo^H`%0xt<25u3hCafwzOD0l`4@+dKzEsGrQl<&NZe1OGZ^RQYjlTUw~ zfzf2lA#khMbosL5!j`TGLt2zzw5?{Z`^>_K0;+bvZgg$+YI6%b0VQrJvWo@uvdu#3 zVU9(~wmm#ACWGFk^+WwCx#?WUVC|7=>ZxTTnH+)%dV16yT~zShp?Peu&J#sdtS>e; zUeghh8y&_8=>1hW#m&?$Ll<4lx1x7l_ApbcuYk;W}txD_b=~Z>w$hIu;YM98>ux3W` z-OD6p5szqhy66`4BSnXihCsPdX<3H*V)l(lO+Ct;O;&IQCaLx5W0L7w6pL zi}eT=^FDo4;p5%<(tvcQcW>vN+7Ais~ZFty#r9(T=w?MXYI5|&nk zJpVCBAS1hBe({p>p;wfElmL7_=!|%v;SL-Zyfh&u>?!I_W#>R*2O4jq6X}dS#QW3q zrpHz{JV$#wap#pdIkEPRt)`2o=~w^`dVKZ_ba>KQwh$moMQq4N+va;xCVh$CVgzT* z8|;U{jvXU4qgMT4-`Jg1Y1NgURSbD_ws|$YN9C7QiR!tW51u2MynVt#3Ox4l)tuQl z*Om9pbedbJs{dDc-x=0ax2=o1mAysev!K!iQ9eMLfJjFKA%LJ#qF@Mu)IjJpfuK^P z_o|@MO8|k;Lr_twfP@lSg7g|fOK1t46~E^^_qq4E=j~nwI^>?nh)+}R=Io>hH zc&9^+A90NGB`+o%cC*_o^M${Cfv1@43__er+VHK`di=X;fY{Cy(-p(4dQ;>Z_NB zxk9Zdl}x0T@7Bdy-i9A7JnLxknCqI0Bvx?o2wB$Au;Pa`S^4rlee&Z3xMA#uydTl2 zaKn(4o7Fz^>C1e6F+0)4_?`QLCMyr)7)!ZKUAPJp=O`2ZCSm#;>6|_Kb+>yrv@KE> zh~cmKUhCBPGt0M4)M9d5PsyYTqsTM*O#Hq298WC`>v!LF5RRHy3UmSdEA#)3j9A#D zSon$#kOS=t+Ii$wBQ-rBr0C5bo54Kh5J;9TIijYLqfAwNnrm}nO9nUw3kELAaQ8jI zf_Xwbs3f_McD=s`=&Ba%)-?4_;u#hx6Wgq-4gB=htZMDw@;!2*VI~PDxf@=>Pdh3)@zn~P?GZe zWYK~N(1|b|?63rw<{dwp5zDaJL0Ck1GB|U7Cndo!w72JrINgt z-%p);e-2Yz<>Y1g*}EM=^xX#ew!Tq; zK#8QF_k$pV)}OXRp+Z7IqDjsaW)dNnV1@U@xT>DkEb43;SL;t#))C3qBQ_5SN_p)N zP@M9`ezTZ|$J7F2(!lgW6UDt}HD5+VN2s@(hU_Yg5r0d|x|~o8y0Bkjste5Oba`I8 z?U_H$bslyM#yPwXNYQ!_)s)EZdtG&{tF-lA&DpQ>-yQ%EnLh+;hTn-hp_OOXP3pS; zHC_o!L2i85Jrn0wvw;4TgP-1vJUX`##eLP|aJ9)cCA=@EFaUNStV_O=*?SFGQ)` zJlh(Nmmn<8!%ITHU_KH$8<&)aqFza87#ki-|OM<6FPejg~1>@>; z93v(LC^aY{V97}ZY??<6FPWwz4YkH-6!-#f4fFy17Jlea|2?S~iHuqMM*764#Dccc zL5R;0L@MEHAZI8Zd+u>*d6O^AG%{U@mf2Xc>$<$%r1yI6<7(V#HthiIkXvSKET5?n z@dT&i0jhYAmXlte@>$cJFfo0uX^b}dwWVAU44mTVzW~!qvHZ;P9w(F^F0RjK)KP6z z_FMelWZj~uWMpnX!19^E%g1;5b^B+mW%WmPBltKj1rWwoLZU>lL$ArtE0T$&1X>~J31WO`Lq{~GPZQ;VI(nENOT z*v>iTM#A<_9eCK%$B0>?e*%LsMx34kp8f)t@WX^HlIr7?H9J6H-tr4pd@u1)k^R63 z?(9|*Eow9YvQU_jZ^$a=&0v}@?%7ZCn$(tCBdx$=Goh?txdcrAnBZ)U0r91OEHyk3 zQE zw@y>#Y;NkWF&p-_C@D^4!+h~E9)&W}(UPoSDwx0<%gb-gN#u05zy>{uKcV@Rc zC+ECqzL$q_W@zxnaOkjX^5Xs5`>)B%p|VbnU8kOJ%+-oPzSk5Izq}(-PdN=5>Rr6; zNG_>#u<$fwBi2U?RdweNbeW&_%7J;{ByEKyzs!V3m@U3c;6Ax`xEn+sxpBks^33eO z!ae$P6bgx>PzWje_yqWbnZQo+l?PSD}QuT^zsnSn>csQp!RXz8my3t!e7 zaUM&$Tdm`+|#nZob0Vx=1$~$2g%p0NLj==?%WZ$HHQ8FDyi*qR!FP z`a>u1QFa(4aq#k5Pv4hAq_uA1Y-5jXZz?Ny%g)$!kT#UDhdS!U^VsQCUm~?Mdq(Lb z3aQg+eZ6+%U;7J$N#y)tXm#FGHUSd0R}>Ure_W)>Vc=tR0#w0e_nl`dP(nc|?Oq4r zEe?WgbULfm4`{X5(u8{uemk%SJ5uki_h6qdwYJcyNuzxB05Kec>-;93iu)uk)Oi$= zvUhrMy}Y?l*s-m7h$C;VNE=3JGEI~u9}HDg&2M&5blIMHx~5BjxRo{*Hsa(x=M9#o zn_664ikc2;r>7OG1(s{gwgr}wl80aToV*=7{sPeT16hJQv-yrFtfElEE2Fux{@u>= zg>u5|hf91*dUrRo)YtyJC`&p+C`m(BfEV0iR0fru+7FMik0+=%EK zmdAN5j%4_CKo?7Z!<}Op7dKZ!7EaS@BY=Hn>Kran!bURjDM#lU(ITSpp9N8Ov30{D}O_KH& z*<7=DQst0qi~8))C)j0J=~`9pWZK*JSkJJ$T`An*9Hqq@{-kktZ425|D036E#Xq(m z(;z_WAStI^1|`xMc}plMy~}-BJi`+_^SX(rpiT(t#HX;nW@_N%^skR-h)(X3(eT9R zI=<<05~oz49M^suFH??n06BIY(3tk{UmYWvjBm6J>;zedZ68ul+cnDbmMd;|%CioZ zgi9sdq*?{$m1-uR0s zvU0Xic&@`*BW-FgP7Yluw7{{JjVPNLYw&dr*hB7-%h3?~^20q>{+7UkydBgew#_sd zUB93cCwC~bvnaq20ydPdGQzW*pMO{gkk$NGYg~9J=ExZ|*Kp2?t2tI|7rE;^+rXNL zYNi#iW((Y*t%#UiSIG2dyt4HkZxxx`CB*IeC{dCs4#Ded=V2JGYB;?mNk`t780AX$ zB2TZ_>t)K6zIaNct&h4LjIAaYW^fvX^@Y_DBrM#T84ErY&`)UiIILx~YWH+5ptBu2 zWNzKM7163~^zNB-i`RM9WRumh)QcJ&l4irg*w%W-nA zr#1iqjd#oW901Plt01krCVaBYW42SjiJY$d=615W`a6^5JeQwA6=JZx-JfoG;~5sdvyvX=#6HTP~;qT>%Jm(_dy_m)eaV3xj$` zvo*nhfl+YNZgaDQ`F7Uo-Ddfrh|Es@i@=Ma@xC=rd(2SHlv*OO=U(D$$tL?Cwytr_ ztuQaT4F>i2m^@4-6Zilznv#^lU_o9gorN-w<&K9k}>j1N*ck+8i@RQd0_}uc` z=j+$ve%2{5ya3_S`@8?%1;kWOJwt}~I;-wx@74E!|$MY?j&K(@G)e~u;s8h;!Tc~jkodB`QSuh7>2~h zr{6g3(Ri=h@MPn3;;h#W#v~vKfvF2Q{@hl;+64XF(|7BqEl=K%v^i~Le5b5jc|vq= zyW?f!J*WX#`f9)Am9={d8gM!M6zbft>L|{)A3vxfABo zg!*X~t4O7P*P|aGZ>7lL)`|4)?&f>~C=$!nS?>uiLUlT5y*Y_KSgtw}5O5_~Pf~_R z=k?+)CX|zCn2*Pczex{5n_I_j4u4Wq)&72bv@SMZCm+KNC@{R!8!vCEs#Clw^+l34 z2W86mYlf1Q!CB3ba2^qQA3Wd(8Sela&tBL{wim|AbYD@a|1)J>n4K!ssWPey-bs{^ zd{i5~Y8zuSDRl)l!m9@zYCvf2+`Zq}sDpa7{(MDmUQKUuc{L<0c}3?K%T)zU%j|9P z8GSL!7ESX<%V~06%b{o$7lwIdVn}^Nf&c6pd>PHq?fT2UiUWTa9<-wBEG2N z?=>a?oUjo-9>|Et)d$Zxcv^bKEQE zW1eal_aI7FG#!&(Ewm=0qZ~Olp9}jILo9j!-j43aD#lJrc$Rt76gcva6g;yE4H{4v z{ZF!J82*@@`<@kCr?)jB0?IP^WPw*B|XSZSYPjfCkcaJ-G2;*7}gDQ+W$MMgS(D!c2v9jAi!? zpkv~lBdaZLtjqD_R+||F{lK<-a38=7ScHqK-SZ6LAc|Dx3K+us=PqjKtC7 zWHyFA@x68pC#^J^(R{l!dRDXPwWEBO@dd<8)x2KH{t()eBfoj>J1+emBhG@c_T`CP z>9*z_Lf`Y9#UyZ>;&{@*pN}VJhK)sOMybwj3-m{Ti{boOjlcAjQTe=R9ro31XXk~W zp&OThg~JEwWJkBNhskt>-<*Q*HqSkeHqh7@fnaTP_dsa%>nYRv>)OywG zSH79B(&U36eNgHPq%I>kYj96b-D7Xx3$yu&T6uJ z_A*}Ine8tJC`)L|I5c4<@XV7q!ize0^{>|emV4bCNR;R|T-qa#M#Sy3xavxGto)E_ z2H70YUosmJ8Z0cg`kCB7>By6=gj>HY-Tw)T^`HHtT-57WlHC_NUNa3alB7-lvcdmZ zt^d%-E}*}cUqQi%ZK{R%vGNMp&Ex?%`~1OPya-643`J|_A=;EF(xrs6) zqZczNQ1s7Y0?JozQX8mmaBM(n7G(bP=!4H~HHCylvl@?LLmk#l%kw}RrXEDa``RtE zEjJ;DTXd@C$!gRd?`|WCV_<_uKC?1tfc}MzS^HNMM`*Tk0EGzVpL3WEF}XEb!z|Yx zu)g8S`+nc9H6TVkLqXc_zCxO0qu6zz>|*La1dYt=Wj<{`T=du=#GC z2KbNG-L39-B(0S}DpZv@7R(uXKXL zNOn_g5<3j|Om?(w;f~5|b=nVv+jyxkVE3+9PF>;R%J?>wBVs6-4poXc0bmdVo%UEA zeSNs7)v*E$^MdjCFeW|jzZgO-W`YDZMm84n;sC~qV2