From 5e0fb4a63eb7a93f08b691a73ce3aa97a975fde6 Mon Sep 17 00:00:00 2001 From: Samirbous <64742097+Samirbous@users.noreply.github.com> Date: Thu, 19 Sep 2024 08:01:44 +0100 Subject: [PATCH] [Tuning] Add logs-panw.panos index to Network rules (#4089) * [Tuning] Add logs-panw.panos index to Network rules https://github.com/elastic/detection-rules/issues/3998 This PR adds to the PANOS traffic index `.ds-logs-panw.panos-default-*` to the network rules using fields that are compatible. * add tag and integration * Update command_and_control_fin7_c2_behavior.toml * Build Manifest and Schema for panw integration * Update definitions.py * Update definitions.py * Fix definitions declaration --------- Co-authored-by: Shashank K S --- .../etc/integration-manifests.json.gz | Bin 12503 -> 13094 bytes .../etc/integration-schemas.json.gz | Bin 4238363 -> 4250380 bytes detection_rules/schemas/definitions.py | 3 ++- ...cepted_default_telnet_port_connection.toml | 7 ++++--- ...download_rar_powershell_from_internet.toml | 8 ++++---- .../command_and_control_fin7_c2_behavior.toml | 8 ++++---- ...d_control_nat_traversal_port_activity.toml | 8 ++++---- .../command_and_control_port_26_activity.toml | 8 ++++---- ...te_desktop_protocol_from_the_internet.toml | 8 ++++---- ...l_network_computing_from_the_internet.toml | 8 ++++---- ...ual_network_computing_to_the_internet.toml | 8 ++++---- ...very_potential_network_sweep_detected.toml | 7 ++++--- ...iscovery_potential_port_scan_detected.toml | 7 ++++--- ...very_potential_syn_port_scan_detected.toml | 7 ++++--- ...mote_procedure_call_from_the_internet.toml | 8 ++++---- ...remote_procedure_call_to_the_internet.toml | 8 ++++---- ...file_sharing_activity_to_the_internet.toml | 8 ++++---- 17 files changed, 58 insertions(+), 53 deletions(-) diff --git a/detection_rules/etc/integration-manifests.json.gz b/detection_rules/etc/integration-manifests.json.gz index 9275a5256d933a6e2749232b09139a56ba07fad0..bdf6dea103bd5fab96538ea6c8ebbb0e722e5275 100644 GIT binary patch literal 13094 zcmZX)Rajh26E2EdkOT`(aCe6w!JXhi0)(KG!QF#faA$CL_uy`Wy9d|cGUyrde`oKD zebaAsRdu~pJ@Y(kt?nWZM?v|Gd}IdqVrlJYYHt6{(bC46#p;{2rJ1RNqXR3z!NwZq zBwf#eYM?&o@M4NO_W!k=gm^-uBHMy)kxv%in?d^H#@x%rNi=F3F;mDdG0 zCsk{w=4r%j@$s8Ji%j^?4uCV0$LH~zvjL0t(6Wmt&6a(=_rT*NP>^i^Jo2LYmGwEd zUE^|n=w5H_(ZPPP)rvbaf(~q&cyjBVmX=ss^K`CW|HYd1B?_GW^z88zIs$Rzyua|) z{Hm`!qB-mN_l5VixeWhWrXAw(lz3lyl$jcyrlLh&p$z(=F>T+R`fEvVp|!qE-@|fo zL_(ocV&pHG?(M}ySe|41dyhTXn=zNG2`Mi&A)nnFg$9r9Yp;{tP*ZXh=4H|99zox5nAhXJHWJGbUP4W zds*ycYkS*aV_s`(nN1^5Bwk-DycV*VlNM28QloF6Il{+gZ_l6Rnap+5HDq&2*CC-C zHX=vC&oi&*tur?dSZBd<#{#`SH5Mw@it>GE_OiL?0cxhR>2gM?eKEAZ91jJqCl&ox z8ShzGxl*8}HMDVTZcqJap+oNVEMs*!5q0iPj+A$9iJTd^lb+(1-_8=4DH%kkaaIL z5GM8UVSOlEcz(Wf#Ba4h#&z+=Nt3OY_a!49+?K(eo)ULYS$h~{FlN-&dK#lyruIMV>HzQ}t0sV@EQFvTzJa^zTXmn9$r`~e~(~aK;OMv46ANnldyG9wQUbN+O-v; zU*RTXe9uB&(o-fpY{RWzQ}}$~U`ftImFr~EHZl~-<{ zipq^x)Hl*_e2TSYWZ@tuW7axspm?#$;ukc(u(f;Uc0lU(#X~j_E^NUGkD37z4vM5ZT(pgmfLNE z!V1+%$t}9C8u?p#(!T@N=rL++Rd)pV91qb_qu`2o;j`~w`j1IjMT1a^Z<`(oj6FqG zu{vgxMh@}Yc8|oPIeVWxrGqpGqS4-|1;HeZ7wZqdy}A%cQAmI-#-=b0VY&A!+2E4& ze2hjfX8%A_qM#lmrYdM;Z#f)&M@9O%Ii7+n2`xc^(Ad#Z_7|(ssfLOyVYhQJl>{TY zY#<7Qge^A)YUE)Tlt*DY{xt+1W8UyjjnHUL$?NG~(9i){(`jf>KQ@-ZXf$}WZ1ECw z*_2eeptp`h*nZB)lCN>lia9@MGUi3X7Uzl|5=Og|<)MQnIrC~eIQ`Vpt@Mgq-i+eF zTvBv8duizQvvZ_jB;Q98_Vn8F8XXFmp$|x!z{j?KzjVr^tG)M4R7q2Ie*z%4cT}w3 zZyw}<6bxQ|$6d-*+6e8B%C>0(8jWmEst3SMO8b?fjg>sSpkF0_MLc9Hn&;Ege?#O$ zGEj0v`Fr21G+g|laX1xw!c_4;c~|rn7SA(_Ax1(SDY!rqQ%QiNL{bco+(KGon=6Pi z69*Pd_!D1J>4W|laD2Ek9pcb^}%40_yxXtyBON7{~AMQ!7Yt+ZF!@EJs$ z+w7(t-WhZW62&IL}z`KZC(qsN5C_IQZRPcpKZtXvh zV;x0MPV%?BI8?dk%5uXUzli0u)4S)qGa3{S^2mW|&;_i`ZJ-fyeyULu$poi;t>X(5 zmwY!HE;$(z?T~dN8ADI>&YoyyjUHN=FSIgTyu=);oP8q(cgirbL}PhL4#a#}+c7YXoW|;s*OZgLe1p?DJ^=Kms`6xhkFHGXpL&XjW@?>^j=v{Q zO4=z}+768M$W1}ESx&T7xMn-ij5VyRoFd$Ns`NPvj=M>eXwVYzzwVOg=ylPFsKAe# zO^Q2g)T~cVn5LUDMk8J>JH@aO68Gp(qY(q$woy5lTLfaUg#SpuDv!-_^0XjD)g2F> zQ_o_#ORe_HBP71aCRNLtMQ%3vGkFMtMb-Ty!NhEVYQ>bT=iUC2`mx1r;NtLV?0Z_` z$bG_-LZ^jIr~({Kyx3N3=R5h0&Dc&H`HijE4>a)~0^_r$?cR}U4xwlcMT+53Xh`K~ zOQC8`4r&ge{;2wRPgM3nBR|9-fg+o+hw8Hwie}8drmDE+o!$dDwoFEf0^N*3u1O!l zNRj^qDF^G~uX>gyc3mV^`IeXhzYo4Wy10-;_cR=~a&aIDidX^K_W{XV?Lga27V6pO z`$0=0O_aS&akbmHVsU=q_p!Yh3V7XUqcOi+NY`EGp@7QdO1`fq%B-~h&)Vp^UXI&IBqxidk`^wC4gusrzMR|ONGArSm3~S zOV)kDeB0qP-YIx*`1DsJ=cN|!TIAw-&3k z8lU1KAA3w`YE7*kd#prQ8^`5I$7jg%(!|J@f_lov_rvh;=UwIXLo9i_!M&;pxNqr2 zDCWe$zYK?0q^F>5w%rf^8?HBmU1!a8Z!R!ya>;ij?_Pr#u+`RKU2)G$=evswNCIIC z5Yr{?80(aGt)Nxc2f07|4IbM$$E@qZoc6sLQ4xcnqKYE!6jDEu(2L4+sfZnkQWU=+ z)IHVvx;3mprfLc3)%mydK2KG~_B;ZMNf54(+ zIMxYlC)1M|kKteuCJyZr4|Z8hoC9k3%>0HF{gQ_=l6{F-w#Dk4!V0a5u9K?dK7;A> zN$_xT|K_6KCikv3)Yy1Sm?VTtIPI;hVfKx(XE&{m@6{&ji6VC!vuV~3>*KxFRMFw_w*00ld=A!%lp$4p0Hpp7rsgt zn0spuLmsh?*Y}oShvzn4(Vjk@!8EyK`K;PNL|=8Fy_w3kgizxn_bYCel;nb9F< zd~$~w>_*p-{lLU!lK=BKximbQ<_QA(!NY727Khy5pB>+5-oTEG+Oi#zqO;}J%i33*46 zR``%b?c-)>~cF(7oeF>iS)HV0E_O{uaZ&m!wMK;HtPg8<;54$(oJ9%?gd5a|HIlWQj zQl*N+*TOe>T4Njxdy36^bmOfB6JKqj0eq4?R^tltPHS}6dG2msx{m5B(If}&*-juQ zm9ewcLx+lU%Qa&vNpx1owpt1g#qFyQU`;C9Vf#cJ@`tW)lB)YpQ5rhm)U^~BS%)zf zhmR+Qf!d~lN;*unU*o-O#oxEoP{_ED7S?nZlwFYqL~8%f*Ls){R09}xR@GVrd_VC3 zFdDqB;V}J8f3z@MR?E4p3H6&B2GW@d>!n<4nf+z})i8ikYgXgI3-MsZMeE^R;P9^3 z9#ZIk0a=G@z^%b)E}mt>XrLM`Ga<%O;BX1UvXo8(51wG%Qd8+`2DAO737Wj7<-C7$ z%D(HdY$18=>HpHyX_)0yR$Q!jT?q>j+@XKBdPpv!T4OHSnsfT zl^1!J^WmAYNfqez%J}i(8glD^U7Oq=zA)SW`o0j)qMIi8Pxq;B1_UL@Kf)}ewKBI1 zRMO?J6p|akXH%Bg?2~b0R~d$i4*y)wH|zMNEwv3WPchU$ECFdj0nu&6t0myM z59auq-pnOw)lvzyzIaP#;v@JLW4$xp5lh_#4arN{fLbuO3BdG$2k-{8q}5=U-B43p zUf^7`1jGr~8SFI%01Qi6fPnB~(h}a~QTyF;U~nmzcQGx$z`1G3kz;c7zfkqdm7nz% zXSCFXK3g@=pt?QA=`EKlxdKbVtvJNL$&-qu*E!DI)rYY{3aI+_t+abeRiH&I~=2Ke^_9v{;HK* z+GldTlXqXvds>#3@lh)P$%X_=S0-rgGV5By;*?DVR+>qu?9#=*;ibiyQ+G7!vUXN@ z&C4ES*@N^wewL(bCXWI($157fdvO^< z%A88aD;}bIdF@LJNuH?O+*8V&(}Vqoko`i(tLcz^bH}UNko`T!tIMMOH>6J%_YaPw z$~14Jr>+@D35{B;bA5!3I>UNvXE&d(Ke@;f#w#I3s38r|`iFl;YWZYEWV#$(Q;%U8 zZw3D~nj*Z0+XR?T5njhl4?^d-iQhN2af?sD{`!_Rsz!}*L0;mW$_Mwses6*|9$pd+ zYvpZ!To>LDdxQqIRY43k&)X(61u4RT^8z53kdA4QZDOg^a=kd!>!uH$`JXoNB@YlL zn-J|B{Q|ZX96tKF3V!lD_CrbkfZg~(o-U-HB_tQ8w~r;H5T|#5MOL0pmZOW4;e+2?nVqMN;S; z5cKN`rrNNIve~FlNF* z9*)M>g-aB@aKJuRe(NWVGczVGp)=_D@w3tl=wp!{WV+3SP{byR= zNu~%GsyNiR`v3fjfhVTo`wq1rR&k(l^=JQzfxYG6JbHB@TOe5bWyk;Bq_cl;lpvT> z8gnIndoI3pn4mmzYbSVUu~dn&leXIEeTW?H0yVEcnlUyq5Zj!#i#-&XH#EXnOfeP? z)Z2aVmX_hC3?JgvzFFNzkxG;*?cP?n9X!OFuvG1zt(*wf{y}p{*Cz@0dr@&Z^=Zt8 zKZs!)B6wt~8dQyzzlT!_k3epS;9JgGqD5>_0zl_VNI=ji&>sLIS>SD6 zM4I9i?2K5p7=%dfCak(4x*j!!x#inbavRpmL8h9vHRn`~j*4`U7X>>()3Yf~RpnHj zbMI;~Yn*Tw1oh~4oy^jObq8Se22z}&%eQ>Xx4?o;bFgEBIk4v4$xb(xq_7Q<$xu^n z=UlZlXPpyCl~WlA-HH?oNP0vop+|?>w|NQC`3JK|v!Q_|lBmUwgxka^cjH)~;^Khm5Gy>6VCWxxkGBhw}+-OBp25XcR zU>m9HjEBx>paB_q)Hzbo`1yW0%sp18%Kua{1(O#S<1T2-J;tOC!-9rWiV2hu(`0+y zj@18W_hM92XQ(PJQ;`BNA_EzZ)S-UxpkYukzfuAm=)ZXCfo}#iCV`aP>ZEHLa6m>5 zC<`NeMKNb-@fRhU&VriMu>aWY{$t@++VNG|0c)fc$oncKq`pRj1u=4|+oduh^J-cb zY;tSD0!z9T`z%W+s)~cm7^T%=&8?l9rDk;g1q>1Vmo~mC9Zv#0Z-Uee12pZES-iPI zW1a*U(D1!RUV$34>`W*zCbYalN}dE{-h^_sEbiI0DNLV-oB7O+H`Q|!El0?;T2BgY z0?q9)^8^^KbdPhye|~u63$4{(x7IrY3zHl(Mzv-kIr+X zE7?=~;BwegyNSV@@TvshE@H4T5)^x&a}-qqmO#GLlb<2o7KE*nKy67}>5)GXW-VrEmm?QO?AsN4hQUY6WyoO@gz%A(hg=E3)%a@uw`Tv_9 zr7zEv3L6W!Fmq8`C(90gbz7j>aQ_g@Wl#0zOXbS#Gvdaw;kJ?9;?qSFC6KjZhcT|( zO<}{YyashXfcp_RAWDCp%q0AiA9pvN%%}pO2%WQMgk76fMR-EO34T?YnHkag^waiKSZ*(G=Q zeE(Ut8sXZ#naaGw2W`#Ng=kwF*j9)zivjB z3vNaQS2*%Lndpg_Wf-AF7`~z(m`N9snHf76pd=W|irx-q-nBgZ(DZs9z|N5V?MB=+ zn}%H`T4+H~gW>rd#`DK`4Q4Xzgmr{98+@$LAse()zVP7QZ9e3GxW#w(y?^TG_x>QE zj0WzGwr(4^Q$CIkDX4z>M9utKPs1C>wL|9#KW-fw8t|Gu=9kfQuU2lEe%=|NN z1+Y!^9ZS!uK=k66uZRmKx}6I=MyLxsX@S<_8q7VC=bo&G|6En?WED3D(6%wOnT56y zwPl%kpD<<_chw62;@5!H87Uv?ezRQd#6$zO?xmLCx?3ftvx556IYp20Iy4(y zVxJVt(`4SjQ?k4{VfN`YzVc4cTnn<$L7|=c^y)THTo9kAk)zx>z>4HU&J> zYrIxSqHjllAIzZ2C6cu|x1W~jDZFOW_-6$yaEeDB>{d_LxkV3_NsAxU|@&|XR2obcSHTcs|g?V;qC#|jE$1Nj3f1BB; zeyg*GJhjs0O*`U8yHKqWWnaV5hDeds|92KR2v4sj*e9zQMQu0BdEYkz4icvzFLs7c(reZ)^Xrs0n1Qp z$x@uPJOigDV>P{Ad3y8IBv@*;b>jyPs`=eED`a!9vGD`vx%f%ap4X7tr_3_`dYTQ; z`20uI$L-;(eRHx;>I}K!+^yyhK8OZQcC`dG2?^P? zjK9|u&HPvmrV2MO={&$JKEV9*YJ@E;opHoVtH>=liat;a zCXA<@c-Y87WF3P)-c>4w-cKPT94D~4kY;Z<7E8oXSQg*PCkf&b#&QY-SkDt~vvwBe z#-(z?y$5V`Bc%xj6%%Im6!)a2UcweeIs&?o(**B|C8RgRF-S@#J&mi2zMCC4NO@LG z#O7kMG{b7`oW~~>zX!Cy$^?EQ?ROCWV=@jjQBh}75B{WfoG>s0e}Dew`N$=s4mi$k_E<`#f2TyTWPOZwdiMS(c8D3m*`d3_ZnJjIKY8x~dRa(YAebrp z7YOqyCyn;~rHW=;27^F38wd0ik7b@W_fn@`c6btSQS2Q#Kr!z!@rb;x*H0O^VzWk9 z+(7Umm@-?HIJEwJ#ab*PoKAntD~2I2)sp#4`BCi3n;N!r@IDE*H}}v*?X9-;W@J>; z7VTe1h=dX%hg?wzQ=i$X^%i{ppkjZ__6z1VLYD(M8@c)+M1kGH5LAjcD5TiL z?Yl^E$<)Lo95`KNIWSoUHz)#y9c7VKqBl?pKT7$@%r5PU^^d@-y@x~=hr6RAf2hZn z>O99p{zNM_D63x}HW&{}sD@=SsLCF5Pbv}V7do?yvJX7Aw0`h*{JW z#OyL}Ew=MA)UthqzhM?_~Stb-T ztWT(z87nzgJ@X^&1TsVcQcSmXSAfJ zH*>)DlH+G}vzRcdIjZm4r90x)<53PezYV zWIy-syEln4b_%~sJ(`_z{if=i_)P7DK`Pay;E&+ ze9dNe(NshI8O01)#>egD#t-e!CPJ7Q%5*%VMD}kUldj+R=o@mny+(@s=N-s4p8?~9GeWL4F7`-Ht z%p~(F!*vYJ@9&eZuL~-pnxC!*CZ0w34(>km7-(D+WGj?!PV$B8tdCxSzt8bueTBz~ zXy=HEbT@2l-})>$N<}DBAT^qcsRA9p4#q2nC;#>!Ou^@H0o!x3goV`857rS#m-R)< zzlm^N5}=0{)5w+avVFGJKO8qPuYRP&ERC)%w*_ zagBvGlXm*BwZw@eqGX2?;^rX3_LrmiI=|5ebH(oB(K~G!s|l1(ZiJG5t0eS9)!Kn< z`XhkNW)srlcuaJgNb<0rF~v6!JS32@yI`lF^8SZ&d3B~Zar6L{p^Dlup4DwCcDR)+ zUaFJ+VH5nQc$iKTI}^k18Xb&t=UhyU69Q0}K~JTVm&O!?T?Lk1G(!M7s5L;I7j9An zt3UL8wcR9(-6X5o#8+GC4%L&hW1{_Q?$C%SG_W{fAtbUSPsDNf60+PjL5o2WNb*ed zv9J2~iWPO8#04e^tGtY$#b}XuHeq2L7bhJPoe7PfA`$XXamkyheVI>)Dcrjp)c(wA z(J4gj4?33c6iM3G{%bN{4QU~wJF|`n+``xQp&mM6fBqyHUvay%@fFBxvRH_Itrwm$ zJWd()F_7&6&xxya=m^ zg)EledY6$`rHWL{tp4t}{qd!JcyIhc$EPQ5GMcPt`}Q0k8Cimgbh!;} zbrY_Yl+5;2%I5Fy-H|od5^|%iCFn}sI0@$m>C6pdL2sycEO;O@$Ir>5v22&6Qkv=J?B3#wslX#S&Kaze|hS^KGjspd%N?Px8oE1YNpij(T2s9 zbr|TGn09t^_i{&+xLid8?JwmgtOq+r_x7e4AzO~#Jj!cU#%t-?LGy;okMnbV%aye% znI}@*QFXcXWx<7bv48nbn{3-fZNvImOrnh4VSr&lN~l!=+>HWgjm;iU#4tedpWxhY zm!AmXSJtW-hMb#zgr3~3g{uSl3?k@AWHX%@||h?r&(_=*zzlR>mg zmpKgj3ty-(i5pD@;!J%GQPbRw51ll|yAp&OPvuN_hd!p6tWkRy)Zi-D{FG!mh>@eU zjSZE%X*H>gx=pIJvsW$0k5hfQC?2{^^VGpg*#5gcQr7J$C*qqp&N%*lTipUucHybj zPSSD#Z7WG2P4R?d$xQYfA1R#p-x@^69i1;bkXBC#3rNu9@VtI=S8Y>j+j`ZJikfet zhT>E?mJ9M5U%(ZpXv1t5Q-Gt9ZX15PK^A!qKTwu&B34(gu09X$t9+mQ!A&ekG1TYDTij6r*{u|3tcwPSJL61!(ysX}ASEPEAzT;zTolmyynNA7 zSc$_Eh|j~L+9Qc)q1q?8YM`;7ubiqQhw%>29W`i|77$W2q28mLT=Xpmt*&UU04cO& zBBvyjh_b{Ve>SCvBFEiAwGBE2ps@e|Io529SHps&x~F`K8ov0m?j6hFXpIr;f6OQL z%@dbCRo>adms0)C9Dx8){SANytR1mF{bDi3@h1&MY!0A=4yl;X0yS{AMrw}el z9CL!zP)#qC*|HoI?879ixSa@?#tP7{IW$%qxw~S0#a-J0@qej$O02hQTOcp~IN|^gW^1iwl*bo0;hwHRi)YqFzSr zPCsqS*57npf*9mNKj^Cg^yd~$#rNb%>`S`p;)Of=)H7db&~>_b7YwK8a|2klP**2q z_rE7hkjDgImj>8#V*|>t0Sk5SK>^h_X57QyJj+Pmzt7jLzESmz2js_;B#4*Je)nV! z*XTU{f-p*j$1X|+OQQz6!;e5BtqT_{!zni-`KJf>Bl29OSIKvRNQJX9!3Ixz<_pXC zi-Yq)I@Mvi0gBA|v2A?md@(csuwt68=-f+}PA2ylNp+chd>(h}D+7t1kxEmEV#7?qP zdNgd~(6@F^q92I)TqH0d2isKOEe7l#5kyWw0fON~PLTnEQAAF@0WBefJQ^>o7N~CI zKeT%SiZbsmdK3;`T=<;itV za;2ZAO5~O^>oDbY&8KeY%7bI)Ky_YF^=gp>7)FYr+&^|MrOr#9>GSKdq&l*a8F!}o zHn~#SK&?OK-DLY$sj^v=5kh$0a|Px%n4xV#v^Sr<#E?5Wv$bzNvowqH-uU%C7cDK} z4&5?jo(f&dG$u$!Q@@ML%ZAZZ>>ZX1hb_(eB4^1#A5Ra+;U*x7ryrBFWOt=kZOAAZ z*;J(rRHGC&rs1TgsiD%M3|6BQHK557)R@ZzFo7Aw`+hmw|s}kiFqAkXtN>Yt2K~EDjP>P^IH)qDI zi}v{&mP_w9EM&YJTN#oY+yAD)v&JNL3-FAGf65Ok7{mfa)#CEZVDONK6k}82G{mU+ zgpV3$ zD-)+pc$$mIL_3PwLAxDQmv>i-cM6wTUL;$OX9&U?0dT*f`+_J^9+v%eZsAqGd_ZHC zOr2uxRMx-`Y4HdVCaZt=5W~i-JYkLjU4-72LvK3BIHq-7%*T)J# zWjJL}cJoQiud0${+hSg&?IV?A3?+t-99$z8r} zt53~+=S)CgDy6DACcsZaJTO0C_=u^Y@(5z^hQ(+#!iU#&osSV#oMxd27bSr*7ds1X z;lV!FTb1E0qm&GdSP=qo0$jG5i3Vm7jNma`GF-NNwW_ID5hqYX;B5&Bu_kOlNvAXq zf;dlrbiV8-BvVvQ7$@lj8WfZnCe6gR8&7yT$fmop$*_npPCvgw;GqB`T%?s%lxQqd zk4s;Y{}2keZhDaQ6~{hAIY50YOp&|i+q!qqii}G!9Un>dc|ws(&|S=q8;tsD&CV?p zyTXlJqm7tUKO=ejaR3pEp1MNH!n)0W5Uhpd^ni>$j?5BC5zFEWt>{8`c3nDEy!!9`M)5WjObNH1;0dFq%# zllMJ`&RC)LNk!v`{Z;ixXxGO_LhVwdO;>MKWivU9(xu~HOoe-w_Z1@g)a%a&Y&IPV z6*vfd51aowqRVu>GT20Dx9m0B<({>kZf8wYS>ia|v~iM0D_CQfQ^LrTvf6K<|H`sv zzVwB?jen;nDks}vi0Q{<>5>P6i)}}^wVfhwq$R?(sw65dMj~YOaB#)_;G{mIqB7!s zl98SG^zJGE;prPHF9X4{13vU{xX*E#uvLFlrEs=yzsE$-J4f4fkEOEU@w<|(bH?cS zSnO;tBcwVl0@`<+R_R@KUZHipoW$o?x>z`5Eb`l;W!3lO^2DR#awPjc^t}6{*f@t) zat)UGa16it&6c7tc5=&$s&X3pq_ng>^^EDj4Cp8^X$RU1W$2F6{yTES>+;qk)iL#R zJ6#+}sA4xu99gL1FiV^eb_z+O;45hj}?R0K+=8LvLT3aP~dG>?k@!pu8 zApKn%n=-KdED%RyF+%ZF~?FsDSjT*kvTBUVy!y;0>ds?Gkmf8_m0Z~V5 z8b;Hm-;h5&(zu1wX4qh))0csrx9h&fwG}2^xd|Ux+$-Gum6{~D;iav-H?(ZII`mL^ zt+8YuXYu3od}Wk?wIpy zqABsPRxLf$CT%&I;&sEmbMJDT&@H&STX>iMB+jf&h;W)>Mrj$=H(1PnOsMdit%7$m z75zw>E$SbcxJo=ee_c-I&s*AYo+s@fA%F||Y3$I|m7V_Gfg+C7qnEa6A$ql-X#p1> zw1KY%%bMq>CyUq=jb=@Ow=Isg5|3uD$2d4k?D$mBxq(ZV29GrFVZ1BSA-re?LXi7`@vW$UVT4C-ADf*Mot& z1$Ib$0g}0#w)t=wg?hTLl;4S%Fg^dFXJnPy$=>*5UbY@hCzI95U-4qU zCann9E(}Q$Q|C{$%?n;tdNk*L9ZmIFxa0INtX`q2IJMFPyP9;bXY%XWtxa^;&C`%4^hO?bj-fleaeIdiTI z-Uh8_GTcaMmlo-VY%4X^vE89a6CT#w;&Qg3`;o{rW^}r}y(m9N=cR{%c7%hRkd6@=kg`3f<4QY|;1uF6b*yXZ3Tg=)A|nMYtPWLvD|~`1RTjWECF~vnI#` zq}Z##wZbO8~rZh{71hcn#!|1YY>70-Hq^zT_k)RWQ$7R9Fl)hO7#~J~E?lx7b+L zWDVewnNhf3Y|MDl6iJm(+>ZPIdN*E%29a6C_Og49WqXf7>4x{%hjC8GB{RJ6_^R`; z>S-_J%HaPGOLIO08TWw_t(wTsHripdfwQ0Z!z@Fsveyn^TRr}sxM$egt)so)_B<#+sL;oP{rt+5YZPA zhg@>Lx1jP%GUbWMr}?g-cb-**r4Jm4H|8BDoPb+ZFnU;H=7<_<#Y>!rLrV|oWVv_$ zJ9;;=ph;g*chheP0ztj~mERWbm`&_G^8W;pcXL=+I^D5L$)$Ji^uOD3IrqOU6JZ!f}n^<_Vn+V$$f!k zQ2R{8i4d`g8UN8VtcU#k+h9K6yipsXKlm;;($B<|%%>1hV(?vkB+LJX49=}mahxUr zFi5s?#SFxuz^i9V*bu}Kz0U)vJ@I8T-U2B1`SPJY%aNQMd0l}TkT@d5JjD@gNhE=5 zWbq~V_qd385?`i2P;hI=vB0Z;{4&i>;U*+U$dgMWXBj|)kT0-MuX>92lL}_nH}Lo# zQX6V)!biw{MT#93zG2og?V(5z6D}u1?bm;OBm%724LYP#rfc)Bd%Lza>)?0pIypj9 z@v<^-mp9jN>}HYIq-E1!k06 zw2%_xM9kvH98ZIXyo1F>%nC!I_h)i=^tz|rx;q}yy3Ddd%&hTJ+V76?w2{l~PFV3* zMZ@grBa-L~I3Jx{ zL)54vWVGk4LTQL(_2!*w{~vg(sP>IM_}Z0uf^V@aCYNP`&->Q&2r*ZVD~9a(v9gmM zD?0b9=v&(l5mHng8yM6?5jj*uu=i;-HFQvkSmu`dwG1=@3cYlWQ|;J-v`;Ry2emdi zoai(Dw>By`;W?Nhh2qE2Iq%ePv?Id4`E&ouYP_l#{$t1tI&1NaW?7c6aeIJL=zEDjmoRBWYkt0I5BJfNVxuN1%Ea z5i{B^#33Z$K(H1Kod%64957TB7uf(;5`q$7+phED3PK;+$t;P*%IljLm#vLxLbkn9 zC}t}+t}9ZT1kbYZm@>wWv;sg@L6zgn-*usYNnwm4#l~)B48?X3DY~AMRi1)K@Zs;p zH)ks1b{+6%QeW#Aztc2IGHbQH>uZ6+N9|5Ql{u60I*QVvtqz2DBCymHut>>u)Z&RS zT{?GMkSq64>@yuzxOby% zN5I!bIjqH5uqLFh1rX|@qp7}b0xH2_*PjHa#X*^#d5{_ zj3obsN8=(gW3HZhl~78;MX5E5A#byGu)`uAz2!w>~zcnLpnjZavNva6+;j$-ct zhRlYEe|JLW&TXoBErJIWTYnB@{0t%**%PaEizu{%pe0wztB%m=lc3Sc)WmWK8DY6Z zhEM!3cKt~}O4vt$ZK@c?-r4gr&RCJ1y}*^=4R&spv2S^Mym2b~g%YM8K?FZ-Z(7kQ z3&yC1SUBdr-SC1+0;+59h%>0K>LQq)X?n{`}#K8lo&EN+vloU(Iz&b9$>ySM}GItkml>Py9imJPbq9u1|o8JgdCM z;={w*RGxOxn3sDC2Y+_A(Fk7!@2D2PcZGf|(*)gcGqoNfW0WWvA~#k&|L zOYN7T{pM_}U^ru4a%NKc(IUCZA@E{yV7I{GS(mxkUDiFf1_})nKKpgboL6basKQ<_SgpUwO2~)5Gcth&BN&%t7t+dxcXcfuUU{38rbLV$b1&+ zTvA%eP-0%6Tpd$3EWlFpln}j;5Di@LAEX5h(iVe6%|G#&Pi4D=guWUw6@$pl7c5r& zMg>JQ&A%w=u+#`Aa)Snmfc3G}AX`So@;WEOS9w{q52NjT!pvf0Y;}@dT@)!=x(mC8 z`GV$Ex4P=Gq^iC`9uejLuXA!W=qRfc8YQzDRAOHG=|5K+!KIHn z^=_&>vm8q*{}#}g3`6zkg9WbzLzB!aCjQr$FvMW6x~!yAJ-jedwHjZ}z| z*NIHT;}(cLG1vb5_sKA)J)vY1%<_c<&97JoLX%+k<_k8k9-6kMY7|oalwb~CaMJuQ z=zp8A`zNhGEuF-CQm>zJ@_?>j?pJpt; zAY~KalA&GmPpcf8|6G@jwIFu$(>%rXg^Qq%Sd(XT4fT59vw02tC6iD^>0_$mxNt_s z!;d-DEYt&ac_K_U503ae;cF^`HO@Q>zNP7lZF-)kzby5N1ib=mSTX(Do1`wUS1{Uo z+b(uI0t652-7K-z{Qe}*&+gnh>y(LPCbaYJrsGb<_eYHHNAHN+4vY(s)yAM4KkYDd zSebuyd$u1(H=NVl+G)+mEISb=L#d2|j|sVYE8{B zW7R8WD#zYnfzvNLmrZ;EU*I0=ou8!a8iM57_>2&3R%-v`L<8)EhwJ5Mu}f2ddnd6= zY=L`uvCB^a_tvVHUt;_}Joz=F7gD0iOkOdt5E?bx=lTd6bwu=3&1{}riF?Qq0>A)T zIYMSIfJcmQAF<9U&Q5Z8mZwL&9?exejQaOvTxDVy_4uUGyctqep%lK)$B@#5{a{Dy zxJ30nO`>W?xCwsZ2O*s6U9<)7hLf;vV>Zwq8l3B{T_5EB8wst0TjuJ|d!SXyXM=}0 z2OR4Ld*IezC-GZ_kWiLy+1Nc$nvdN>XPCN!*)xH>DS!K^t}Xu4ZF|LCJzJz4jKT3E5a&^FddZ=s}iG`_pKMB z${fweKB)>hZ-erwFq&QeL7i*un!azbgSy5V3+*wJ@bvAKBv7`2l_YxZ@3e{;O@NQu zV~f|E!;bak(0%>k{!v5w)8CQYK`!2j=Q*0&75}x~i+<(|%_(aiEE%8P>!_%iYDfWZ zyC0+G7RHLOpZ&LCy28(sXHzlq{5&h7Qzx-go13na*(tas7rTEmBUnlAoG06w>Q`RI zX4@Z29t!V@bw027UzmSROFqWXiacL%eYSqu8fGeLHDY2YHglknz3Iym&i8#b3hWO( z(gUvkaN4e-WI0J;Fq@0W01oZ;A6#ZPU;DMCvJoS%sSHI=W(4!T_%e<*JNz^(ADq9} z>8Rm4?S&JO)?ulvdvlT*7;Of-RfT!l$l~bt5{*)mm`Ta(m~K?3JYPgb0O^rTJEf4|AE)M`a3?^L{hPggDP6(+0PlNYaQl zScgWm$TTuWUZSI;b!BTu)lomOi!{rFIM1`l(Ye?Mx71f`r)swqXty=Z1E~)WvcoQc z^6@ZBv}#LPi?na*m5S?wYNH7^`s|{{?xYSASG?YM9yMZK4UQXFx7)=3&379pDK!l& zGo2RrJqx>6))kU0N%X7qEc9W419fzdwg~oHoP94CNvryY`t>M zY-gP^K!`8a%`wJ~6t+GFeKflanm#wg#p*T1{yNFLKu6PcR6k|0a#>BZTdHA+PMcLi z8k^w}73}qQNUW8wS)iZUv@DlMb%#jxAr%%mtmP3$%605FU+NB#$!E;iSU_cLZ9vZ! z73v?VWAdt7B)<5xfre9Zn!{YlJGnqV>O(4Ya-DSmvU}bYW^`;|4V|_c`SFzO2-{wA zuQNxJzMp@3QQ!rmc5Z;!-i4j6YO4Cl_pqJ^AmDqQSBWScOooL zB2PeGL3Kw#^*=owR+aLDMri?-(I@N7h-nSPd5y)w_uPqZcoMIR zl_iz_uPh=px_@QKOfx{sIG(XsEc~zE2aSLIPKw|b6){8GRDl-o7R2~DU(C9=EuZxH z{@9`2cgwU)zvbv{jpoJ2DoDA*Hn$A?Dsuak%x#~+d5njhutOQ?(g96+$wIM^A)c-B z+*TPW5*@u&DZ85bz>NxYMZ+=wm^qzL|? z3+KSKf{PhCq3)S`pd3ySmDEYB1{qSGNbYr9e2lm!AlPf(jsK-+QCxG&f<;xBD)t~{e>LAel?#G(5 zXZry_lF$F+h9!YI)MfCsIw$t*ys?b#A(6A!+Yz>_>EH!*=vj(75a; zpAcOVP#cSEb}`V1@*&gy<3aY5@hKEKT!i#e*-66LNUmcbMal}$q7FJBt~xX$(owhT zK$8)r#Xasqt7-9-{Hq5z<^6nt`(q6Ysz|MHd_)W&Q(z{-K>k-n^w7OnR^!ccI4KzT7T4m*PJr1)ibxQmA-B! zzh^uD>rO;&JmHnBNu28ix42MDq{B;|ko{^9Wh244tT~ zWd}Jngg3KLHy}4JaqSbvEdijoO&GJZE@;0w;S%qjyOz1OO0mDH{yLDFFp6}pSO^DMME3XoDxpQa<< zy(&&in+HDE6t2H;RmnF%8!Lf31*%mPYYEa3 zcvcWy6?@k?1%Ek(*FJ_<^{#7Eb-J#a54V1^TDwT7IDMoNZ>`&;gLNqn5d2Gi+%6TO6uVk* z2KIMBlPgjpmVdKSKolon1Ag}MYdEFb(cuTX;)8e-R*uV7y*^^RH3XkMoM2BZ_!9cf zjnk(V8uHjb4F$a1UxTfx(hPwkZ*#BwxEFz1=C!S9WyO)zer_{oR%i=;{=QFlhig03 zjFwu!?wg!*&!@%#hqb@yhRV(TOS9JtH7*d3+g2{hd8GCvlcyfK84xgoE%Hjqb!}qR z7^@xzxfRBG9xiVkZh6gv_$Le**!_k%5LpjKk|HparQ=$UwpT02z%NfTp}^4l?m^yX zV%Ll9mz;4|QrE5gc^6++i%}JQ>a)MgNVLM-(`v=D69J9gyu#v^+T@qAyru9TBP$6* zz177Z<&?H6xuathrmmMPb`Ga}@6MlWbkfr8PF{>ppPyUqr3NB;51n<~VXMPdE-%`L ztXxu{AGeOuZ;PbaZMmj5_B+p~B7QfuLv6%Q=dzb$?)jT8em_SVt`5Z9Q!}6s6N|jD zFSisnt`!&qyqIbDh(;wu)u0Rf- z@^AGp=Ds$0z8+Z!_z8aqG-69B^$@?Ee#h0X?oygv|G_!?ENb_80;(v5XMmYV90+6ZCcW=9%As}bOb#ls`L3EdJetQ_i7i;0p|;yA^&0hs*o8v1DZPJS6_FyFBmoe{sKoi7as z5V+z&8t<7sc$co%!=&iM_CrzAVI?dZ$8{)NlaSNli;sNkjpw_wBZJ0!LHl72wEp(- zmPr*9^g;-|f}YNilNg4q4<;nm+xTV6Q^EH>;Q5E@*JsYP`R&;+x#x=(R~EAOQ_4PG zUQhMlnVW$Tz%1xj@gFzdV8wy92zBs|ks9-n^Kk)X5v=BH+8FV~39h%78{XRc4eTGckb8#& z9RAAi?POy(zsOCc+W_GDA!(r+Pi;OQ#$@%JeP;bDvD+;|h+#;z>o#6fG^%yHW>7`& zBtBW6b$RtU6*KM^kC|WD;gQ7bT+uJq?dv&G$%lvKysZ#`kN5!b18W_M>>9P1ANC9{ zn$Fs^2b$uC`!FE^BHxw!7)eaZSTp7nJjz%B5-9bcH05BCI60v)(+yqb{y0$k8*cVJ z)zo_o?Z`9*RP3|b8ZE@YEScEd&bt=lBBuTldmrpA=#g2qw!c2k6}GLMefw5u3L{RhE(x8{LfL=$I`how*4%u%Ne7>_8b?+f&V6O#I%>7WCR#VSa*MJ?HAr(DT06u5pNd!qJTtB0KQ@VNzlB zFqfbW@+%(C+f(l+HNsOL?)tJ2XF}!+XY>}t!l3uDWA=Ns8v@8wy`CL*DKx=OqJxLV z9DEXc99M+RslH4|canzVF&d#K=Y&dUFB!39wCT^|VY@0g8YZ*!cY-GmGj}7laRt?G zvg7;MM#btUl9r(r8Hpvj(~gZC*SwIvP)3|oM*)6Hm+FmB&^L{dU3-2mhgZPF^4#670)_|Pvd^cA zc*4PbyPKl@!mC1iwvgDQoyOAgL2s(T<4;7IBXj|!7Rl`uqU29*3(Gx)Ub$0;k}a6| zcZy&wSKN^?`?ed?i@=>rr~H%Er#8c%ty44vM^y*ZsvNTlg4RBA2rj;I#BGkG(bP=r*hVIBZ30bn;%y+A`|jHO*MCaHOmnavHa=dNIHKAk%tFaW&%Bss)U(9d^j-Hty%% zY#7%ine$u|w{_B&d?3(`+#>3wTi5-qW=+|lOQN;M^Mw`vKrJy6r&-@j7Rbu6@BE!S z5s$wZ?-)NVN!sPp%%8{bD_ui_)9k?(=r5Yrz7=UhqBVZqhe zh0Hh!U(%|xvq0Jm4dlY)Y&;|DPdJ0eOa?8KFFcu!FfWbZg31&eoEAXWBSxq;W92PUT2Tp+*~F7fUpRimMC6l)oFh2ImEJJjn-6>I{?jv202VxXvbQIAQ8>n0{>o3$iWJp=W4|mG%YEVTx1Y9To}_H2xo>U8l|@>iI+-pFC{Kn-%W?7}dmf}Hzs z#_=2*@F7ic5Z(*~B9fzPrB)VkNL3tyH&X;<`^Izn7!R*=Bq~Zdo38zzq;Rd&>TX)v zAdXA7EdGem#uh~^ml14&lLFN*O=)9EANI|S-1BC3#RMcP&}wpaygsDA(cPn>9}}FN z6FaiiSkpQ{ZCju6X1@LNcfF{i0Rhh{NcxR`ddGMPa@h>lqj%67T_cvxCxndu`%L?9 zSh!*dN2~3Tq46*48MpmXHf7_D6#honqzq!n!hX5wcvQuwU#j4%WwHL${lc{X{1@w{ zLoIdx1^u(V1@5hO_qn6b+8M36g@*iuZRejIua1)`B_3id@|^bWlp~wHpw~}^_o8@& z^o2&Q>ds&7GsZHH8*1%}4O0g+8VxiW5;R`m%N7=*o^8ZwElGMPtp>7RQf2h@+$9=) zHX2aEhYPD&mBv+;Iy;mxnXPn2CS~GKFc{ zcHC-XK>`P=kbWXE8hH!BDP+M7IwAdhs|$BQl|pTkd*+Xl0e>_nJi`v?@Ac6n)f3^z zyHkw&o3iy?B{)GPMpA^>?4U+g^?ngd|LoVq-11T6Pj9Iqu_x);(ov+yyW)rDtCt5? zkgtE zpYxa;3d$rHOx_pxY9}Aw?YK;3kx7vZaTB{>nRJS5Whi~0tsEkgPMJL_A%iy4exWNN z(z6H@rA(zW@b#2W*8_X3uIXDohHP1Mv_q|C>qx0cQ) zRn~>4DO0ol8b2!`Zwp-9$a7Pj6i9TZw?@<8Jyhis6IZa!&Z}cQj+;bDsLh!~rzs0z ztW*AYY&1!fCtpBvTpliejXL; zA=k#%lzOe-_t)tR`HCi%_zx+KA4zZ;?3gTcq===#IW+m*Mp;tqj0%yR65%Gm1iX+C zEc2uAW@-`|6MC9WD$Vyn>hJkYXw>OxCbxia#gh3?MKN&Gj^j}=jgDf`u+bz{SlU+! zP>U=XpFXlGELBM%mmWzWcKV#P_#LAiPNES0=$ROJ*mD>qEep%| z$2gYnk8ySv+4Z+>GQ9s`t8}BN(0#D*X>MW9ASzJ3(m`igozLlQKLoMG$w`xxEp$(_cZYy zGqvS0=eBE3aolIeS9$g97lL_iV(MRC4&s^2;65!E<>ht3j26YIxu~{Zoo&@s%muos ziTL}gx$qtb`0t&kSZ=W$hoCz}U36n#s$!yikia9pH#<2+w^+fDG7h4zd}pmt10y(5 zDaO_Em2X|G1q17@%ehWppA=QAzYnP0h=MW~Z_VBE__Xa!?-ZGDY-~NQ)5p9c+{bXL zQiFq+v~Ql4zhvep`y;F;noQR06eF8b+{zJC7b_GGmvTt8e{=Q=b1u=>C{?+4D6A5a z!Q<=iYpIcp!PrTdhEaO>wA4u0`k@TST{!s0GQl6ZrGLg#3{zr0dkI1==CLA1B89*C zHyGStxkbwJpc+1FmObx5Pt%H;evjy;H0+HW#ZKu4EbNkJx?$;obQXl>KhU;{>i8Mi zbV-a*sBw}^BNTB2^bO02rrRnoI4n#x-$*| zsK<3yA`k`&Ar)31H(nNFJ1>5VMF)_k_3g6 zC#gEbWk0h(39LS>No)#l37IiiudxX)40;I*69I2AanAVh3HXTIl!Ukpm49h!3ke@NZ?SH!AuOJ^L*bz97Dt&i~yZj*LzpglO(4Mp;3Eco@42k*;_O9`HKvp)DUs9sSto zf6rdLH#KBGx0FK=z&ttxog`^@iofus7~;$@+ZZK+)17)ReOH%fzDDjJoxWUOgZBl* z9b4E=pnsMSjttHe-u*S@V$kdb@1O3pvzD0a$Vy+9Q>u=zvgItLM35(EHQii`wwE^X zrqA!K8~htJ-JQP#E4#-k2fL>KS#?9K=@3EfyT$2ml`a3RS>bki%hp(()B%gPq<*0F4>!qBn^t^-+$x84_sRP*?Ymow>$;Q+8&5tJ~Uk< zk)b@dktELmyYH{-PoQt|Q+qf3k~?LXSz7bm!*BmRf@(|Su(pY9`;6D?Jo7x_F_M`b vXsf+}@ zmM+4Wln=JGXT_Jw!4~p4fmzi}?c=3`X|#;t&tFaDIvn)6owfdMhE=roZSnk(tVK== z%DYk16RTY^$S5DOw{cO)kTQViM5h}Yr-6*Eefa(>e3@b>gH7A>j5~pvJsn^p9tZK7 zx4Bw1W$&y>ucLEQma?T%_s1LE1X9ZL&6(z#g*(<&O$HsRlhufF!&(zp{X@ za63Yn9P-w%m^ZB>C3E;y#D(bOFu!0NI$L<#w}Uo%d}LcorzmMU4bG0taPzLr=--Jw z3u0n&s2#gORy^Ff=K{p-*mD!uwPD0fSzL8!{MqMof>xs?=tZ3#H?$s)Uu{wkCwb;P zYVIV~h-ejXek+LysAjjU$Fji*+36cZtoe@Omae6YGo!9DUg%DgaThPJ|tLv&t4cjr1GrvM1Q5wg6iV9QQSd9ot7 z_kFN5UwL_Dp<$ z>$aT){ptI)tpK$wB%lb#pm94h_)Ww$D$w8xDGak{l9QxtUsXh3(*0zjR6b{}x^-X3 zfQc72?C#B%Q)J1YY#qycyo^n@oP?L*aa!Z5V4*4Ch<_Nbsvv4<3fxk8y;xEHlzBSp zAVp=0{s5BiU3?ueOZ3i@=B(>`K{jL%qQH=ydqBOO(R3{Hu{7K$_b(ggw8 z!#pWko94QF`8s8FnmWThm>1bAibOUJu4>>|qB*l~*+ff15P=tk#+lEi#py-7~ z2F{@krV_iT^-TWiILurK4~bIyzKi}Q!UC!sa?g3XP2vS>V(k#AD0-wxmQ`3YFO#f6 zGelz;2h^16%FXZJwP!bLr7o$AyK5tbXmlKQcMDco8&d0q=^*Oxo_p(Aw@xnvAb1S8 zitxwF5+IH>DVB??ig^7nMkJkOF|n1V;t=uoLp#b4YkAT#23m=B*U3Q$TZVSRG0%*~2q!%a)FscMQJw zQqsyVNt_-4PTtU|PaO{yt*yhW25$)L09F*VrMMN5jq9ocKq{wJ?eqC%i`8)@Y~=3p zOX(8_=nb#zZ@02r(rC!wgW>vDBgz3_-a6#1_1VUkPH~D@oD3U;xv%R9WvuV^Udt}9 z{Hm@Dne!o5>?W<)WNMGTD%H04CZBjENsM0=<;C=L9*-(T4iinje9KFl$&6Kt#hZZm zsO2S0Ti0Cotl*wNulL_Lb%|u4H@N`zD$${Yu75Pm5M6xi)A9 z=F9nT?Hd^M8Zmt!)^*nBrRn}5pC}vPJ+q7jonECdD#iJ*zda@p-LNH7eLO9opH0>tE;M9|gMH%!y_8(#Y5NkQE^nJRV)~B|J9!@q*GmIvs*5J)F6(&M?AO zi>sB1qSJGb+Ap_{;0cb$9)UkJe^YF%^AdINP-Tx$*E z=(Bb3BhIgksM%JA8mI>9r&#WfqZde~FWkv_9)IS>ltYq`-MF3M-SS;@^DHW@6rNK0 zSek>4Jeo*c;fU`>CZ=pvO{UL&bM;B5+qL=No>Q5O3kdP&u8g~Vh?}8q+a|h}yc6?; ziX9qLS#X$`eP>K*7W_7XZgC1&eTd|yxV6ii%QEgz2JY-hEF;$BUQ{Yb=94nL*Zd)D z_nDNb?@r8k<}B($jbAYRHaB9kNsCL>mRy(KM|#_5^_7vU?o ztghxcM!%$`_>mH8br+YH*y?u4$15Fng91Vou&5Wgu>4p4XxUBU6U!NQmo{wXB5me| zsD^IZ-sLPQ;i}TqrX2{F?|olj&AK&L7Q6)Ce!SVtPcv52y_JyL)#AQye&5?y_{5&= zO6xle`S8A;ofYflhz~WJfP^vRP^7T_$UtH01pH>5H)~6fM_-MN2?g@9?C$tDu%$+IQ%+&}7e{^rnKek*xQ3Z5*LuBikegVMgYufQbj-gVem+b?LH} z5l)%v#5ra*F46rBs=9T3y&Etq}}*KE?qk042j%#TJA&u3?!k$Owt-=P1rrUB&U z$rI^FZFXo7q+1}&3%~BXFGX06;8?PIR#ymqXC&+0;i7vgT{f#>&l<|97uQxt8d@(y zQYR$wV$-swqNaU_2WT)ow~xv&Y}w1*9-!2(=kfI!soSJd;LK)y?VDmh8A$}29lJ<( zZEHpc&gyJNh?|`*%~RNkg7TT_JDz`LSH25LlR$-pig3|eZX|Q6sBe&4Y?>H1?;RUw zhp!sN9LMicaI{mT&HLs{p@p01c4Sf`V8fg2C3;%72q{?_0QBUZtJ}8x-aYLM9V=%* z`KV60SLZA5x9NuYtH(iHt?um!%>Dy#(V2WdCel$;VWcgH&J1`W;bRtf_)zEWedhGd zga=#Wen_8&(peM zJ&Q|6T+6y9fhJKV;FK-h6Gol~6q^Y53?t3Ucj$7#%~(mg#dJT4iBc+w(Y2Qn z>)Ifaw;I)k<#2=A0k^Os3L6-h+Wnc|QmMX!Ja z(Nl2_q)j77hTYnAET{as_yFP1`~ssT$4Osk2y)X4uxuadsi$6-uVNo44(ID}l3A;c zwyt}rtBY41<{j)M&F8WjdCENqN0@F;`;B*objG)V6(o{fPub@{h9Ty4F&&F?!LK%o z);L{#4#K7w6mWb|9B&+X>bSPl^51NzX6>e$T2JNI-z8LwKsh}NuW2@)c_jNJyqayF z&?sgLn7GzRmw6kZSRm6CLhY?&!WW8a;1Uijbh_D6%tEUi-?TEbn3%41M=hM~#`Ki} z>U|ssNQ2v<-3gV_JTH#OUUOOG2y)k)CJ$d0%$tvI+0vcMU>u`JzgpyMY_4M(!MZXV zzL-6388u?Pi%j>*;mi&2&08L2AGU!+I+ZsA2r3Vov89+6gnQE@bx`hJ#iNOi21C6Y zWx`D#^knV(8;Qb2)D*p>ZnztIO&j2jbcaObhZe>`V4!#nwRSwtbPCd0vhVKVYB(}m=5L z->oCHQ=inIck6!UbEFxEGUolpo;j_Sjtp@fZ;)YLGG~?sKf0#_iw~!JCTwayUSTJI zB(CLjhmW11jpwFzi!p-a&_r_j&`9%a0S(H471a0K(|kZ19X*R;Pm(#&RdP<0gM~9l z|3qi3NRfqCW?Ucf?G>F%Yi|(VZS``SqS}56wX4P=bqYb|D@Y*&YxEW!6Q-)G+A@o> zPsDcnjrlE|Fy5Ihxzn{7CbEVp;g3U24ENpqXioUpPDHRxVTsH?(3ACPwgV(k0Kt_) zEs9>_i%BtL;6z%NveoKtL=|#(y_=k}q)T!&u zgL+kP(BW{Y+KNU8RTBGsVI$hJd^zgX8Gkk#jc+I>&dmEoaYslc_J(vkUE_08ChkFd zK(WP?_Y%o{@3)zYbODV7xCpB%EfWA_MR!0x*Cq&dF+`ehPFd0Cvo)|}XB+Tzz<6Bg| z)MlEZ7r-0L0pqR zwEDOOOmC*K;Zv6Z;ZJaIhf9}_m!l*fF|sN(uXJ@adOyBqFLmv5Ni%aTY5FBwfgPM4>;?N4`|*pI2lDs|~& zgVAAK?>!rpu)GL>>;ya3rQ8U~lPIutS)tSBBBS=WPBkgsY4(ow%9v2+;KkL`lOJX( zR&nB+pcdX7_ND+A;Y|qHk!lh@YMm?L{f$a^t@`&~&{m_PXXJcun)Y7UZx9NBcNdGI zTw`UE3RO%tV-;zP6!5r`)5#Vv{WdIrL0muAs8Rk4G!EG4Q+2*?)+026YH-YszGx+f z^CD~to-unh8dhYV9Fg-T_(c$xaHz%N-?tY&?QN+x6!b}nCvu}z#ouhK+G2ccN~3%B z`^QvUpNLqw@bwSet9mq1ytHsKeezXymIt&70I+L#lwuT9A0f=3O4|@iVJpHragXAB zy9-~Ok9T4xf2xkq9U#bH+(pe+6!XwSFr;~TD3`5L-~7rXz}R{*~^76PJw zHWp0>Dp1j!Bo_;)uOTIjijlMf*$3Y@$j{N!i=o2O7lP=Wp4rT;ZLaW2DLxnLct|Ns z0%hMn-#Y&yVCUTFhGJ6Weg#r$b8wS7W}H7Xmr?f70P&s_jxtFEL9NmIP9F%oYIicDhuH0jM>Bt8{$rPT)OSBczbWy)zmi39ht% zG!>mDOHX+Xh}&JXvyshc&aOddi+~U1j7##yoA6!IRmH*w5PY1MEovkhXg@_<)ldBi z(rO4=(o#7l<1Kk!(vn3|=2kvR$E<8W8CYzm^uu4}oHVUmFoL#TVxlyR-MW=_mI9;KY;1h-BBk`0u@&_6IQ*_v>X|}j0RpYM%KuO@c*KR#K+!qFmU+UFq%=o># z;LJDxr45wQxj0{QR^i@%)98Go&jJ3@=p542thMigql#;H82rY{T}LU5@Y66@WeqkO zKy_%s5ecNVfxL8z)Aaq<21wVho(<=*#}5wU(<(4oG@^c0g$|l>SabSFq@xNU9IBU$ zSVzZNmP^7=!`xl=UhZER0{%J%KvBa@bkd@m#(dhLZ*++VOkSS#FQt6ZWXyfk=6^8+ zeAj-c+4bVRSZ%Y}NdbF&MD?0H`%XAnf$oLtQO|F6C-bWcvd5DthOm5O0XO!lx9|3c zFUhB80&LvAv3z*Tih_askKcT@uWTkX;Mom`?>KcH-!9epYXy)Nnuf#5L8PH1f@3G@zcvVr$MsK=H9EvKfu7`+Hai++* zc&&vTo>;?D)v|h&QrpP3Cat4Z{IeMI>*SS1tQNB*9T3Xm%!JwYmExwuhUEih9V@Gp zQ01wFdFLBmwKeX}uC>g2>A8J7vacu!b$te>fn!?Fc?Mc0z19xKO`I>04iPSO z4f`@&9u$~Mp3qrXT*pRUUezL0@z$QgfMrp_AtU?tda*Gfa|cf}QU3ajNuN7*Yav~0 z&sxd`zX5pR%E#0RRNV9y1O$C|)U&P%>IaIj*Ee`~r})LDazNde)+T8*M5K8{L^f!G zt$CT0%iCtn21NRK&ID;8m%Sq`63qO>`m5Q!A|ms93F`q?tQD#%K&qW%+}@Y8SOKA8 zk73E*+r=N1M7sN_X_OC+g*XV8n{_y}qc)hy0OzMUGalTtiYxw!^SMfm67Gd$z7AKf}(eFN#RJgNd8LPHBAk@~2G2QlZJK}q5Fm%Mgfdq%0Stp(z4cF*H zjk}zmcjj&3dr_L%ua5OPVz|YTV~uJQ-w-6`R{JevxVJ8%Km7v?C0>Py?Ea8oq+zdN%gBsjO9}lFslgU&S{< zv(7H`vY4jq2`7lhR^!?*DRif7!)r1=)Jv{sHC)_|RAlNtEuC8V(kuL=-N@Lcl($@; zdtk`Q0JH#x;*d@d5n8L5%38QCxmRF81Pt>C<}7qxuG|WxUiP%$$b8XqDlVc{_YV1z)p-GEnT<9QTVV#Kagx71vZZQ@AlJ zdJ`@c&B6mZGHWVjLu3rb#EXF1iZdaKZskgqnbKFMVC7XcGpVGo{)BiuvyV8?VTmde zJq3>6xq)*Auo|bl`R&(hLld_34I@Qj4x^j~)fFL+lu8XO+c!8>QYP^< zTB;fe{7WsHS!n~l_wAO-W6ijOs5k~jQ1%?RlpN}?w%%Baf?Jdx!|ObS)2#{TgfJe= zx2m_O;;s50Y9>Giq|Db6_#wbG-i123yyrGDM^zWHBn?<>M@^q)%sAyS<=H_rk5~Gz zYXW@}($>l<(%x-@t9GM_9QKMMq$P1;C1NB&_9LUhH*P59=l3N}Oo9eUMqmp4Zsg%E z@Z`men4Q@)38$UJOglXYx1QNdxOh$`3CPjc^OQmO**cPxvY9;7|A3#kT zE^a)bx8@7TLy0$r>@f&FldumD=FSXtK%iVDPh^`-+z8QD7$s%P?h(GhnGiLTa+4zX z3MPzxz{$!JhvAe(pw^bA*$qB^>|Wj)O*^+7Xt6CR*kHun)#XDiR^Cxvvp}3Xqa1{R zyqI|Ar|9@5WiUI>e-sGig|9P1dFFDVg`@nps&;pZ0yQMt$#lx(&cdmfAo}yDqd6i}t zbnfGtZJ^JkP9ag5v7VvLacX9;tH8}XAmz;8}4gxtI41Cj4Or=FI;*v5$O zkzet4H&Ud0QucF_QO4hl{*&giLr?enIS?@t{)K7)HOkyb{(T?YI<<8s+89%~R+|@M zaC4(B3%1KZ)~D;=3}g3sGwU$5sxK2Lm28kO#5$^yRFgGdfl-;{%+w3p?&G2^^=^7e9`;-HWKs0&Kf>T9+G*`hCOyK z!(|{vm>VLtaz(s!iJE7UKVhZE4#x?b^LvcB2Y zs}?GfL~6bfX&J59aTirqb4lZDqq;jL7gAMKU5xcy9tlT9XZb2)wvt7mUlQ=y(1ru0 z<({o!(PzV7(fr1Yja1Q%f^W#aV&!xHP*ImI(T&*zL}DPJZr8gwt&3wXMuhMRh+TUx_+S4No!$qwO-kyPA$%$UcMx5uD@3DkO+ zgNq2OngxpHlPMm5B6^C)$QF`Ut~gg9(pOCrEqMp$ow9zFSxZhgR3zF4Gt#w#Z$^sbdj^L-)mIB}IvWyy^d10pIb6P+Y3XK_k^1_8pp@JUhxox*>iMu** z?*0;`UoWGaUM)sMCxQtv<+)y=tr}))U3WEkR5*}gq!{Bq{DQuxg)XS~tf@40cHhZY z)B^F=L!!Y>x`|Z2rfK8p3>Q*Jr{k~VE zeUzNT&~@5AQ{sCm-8$Ff<$}Dfs_ob}0WU zAJ;4U_p(C1ORH(2hXIVt9J~Dboq#s{a$079X<|f2#`W%*F8(cOJ zu#~7m`h|X$MM`gJFVCHiUyx7dEvzO>z0d`wt1}fsA9q(9+P&${E_(Od{k9g~Kg{db^sU@r-;Kq?83Tkfr70@A+6e z`gQ{&cUXr7vM$r}X;pfXb_TFywt|+5xaugr!vV`ibxrBl4Re%m&_}h@5<+bevCcqZ zKBYHV)iN+5x4xPC7-v`XQt9c%PD8Y3qTw0$TEDzodb5hl60=5uWKA>$;fFY9q+L@Y zMUB@c$O;mrSjw*ol(?2!ghGaQENY32E@J$(se0WLcO>nGy+>HBW0xVlmK1^V$#$Brynv@TGR zSl6lZ8PL#I;x#uC zY8CT5*CabQWT&vyD4*hBPi^U$tH-#j+&s;J+H)8kmpLbby|tNz9K1MftY4fej&s5- z&O$aGx01w216zO^Zr&(=-`zo7bLjTQ(nQ+4qLDw1J^`t3Nq{q1@2j-ftr(^)=nFQH zWdJqji{FO>W6z9ziZ+hZT3#NA_FU=VTV+oga-ui zhrdC+cXkx3p!q8ce8&G`wj~qp)bdrwe>eiZf$P`d=+qA%O;G-8)PGtBzLu0f#lJ{8 zRgbDbeI@%e`oQ-V=U3vO;Ax@#N)-U#Tby6JHliM4(g+^{m-}L`X^crOg5nOnJvakw zn;M6Q3YLnH)lLmgO5Ejf?WI1t^#J$U_r0_ueFfV){u0*DZgLv-87zJbignn~Cf6S;Ek11Fp!e`&X#=p2!>mvQ>n{v++G8GF4zWyxvl{eqF5$jjb03P2KfB9Pa9o7{8u>Gd< zJv9#sxwTZ!+mipz&*h(Ifj^X|l(i&3-j4O2#*!E5C`rRW&4;EQtZkc8M*Ma;qNfJy zrGLL1NeDm>{9j*wf8Oz==rNkZBlJc5hSVq2=wS`wDMr>fX^kCf*}|6#Mt9^Jj~*j>*Y6^rtov@KdvYX!6Rf#IXxM ziX8amd;Ygg*oHgB>hUAT2=MCxPYOhz{28o@KzVI_m!I^^1g73OhwA%iTr$ zOA)Z89ArB{c7W)>k^2Of4yGQseE|53|6jAHsRPk^{{a9v@W1x>?@<4Agrz)yDoRlP zlnLO^RQxIbEi?anc3tH_JHY+_5x~b908)L(?mL5iFNXhp$bVGbpN@dvb4`CF)#vD^ zdi+!Jf3pa{zcvEff#?W=+j|5*2BMu5blc>zCFyapBOwIWA3VRLlFD|QjE(50S>PMW z(FE7AxS2CQZSOa8e&S>(uWoGY!R-5Lui4*|ITDE;NnGcA&5r37{`j>DTvV?$k-w_3 z&EZ21e8zu|m3gOCiTXqDd-HtAf0M35u^d7tj5~=e!O(i0i5HHVqMV83pRvGa{137U zPMXVKvG#-7|A7SfCbGY^g(`Q~+;iJ_^zGpO)&v;(U-E&UT|O>ikR3zdHuL$mA~p zvMwRPnc^UQNAn_Q9Qj)!izCp7I&WU!`Q8#;LJbnA-)Fl-cAn_ukzfMg+QH`sRPM8_ z5InCA((GZ2#9!`_l`+Z6=G+)9W{~0{)j!5_nBw8_H(>m-{xPD%M;;Pfevo?U_Ib7^ zM)wKs_*|5xqz@x)22J^|z1cSYah7jvn~gl8jt%%%Z}acBdqj%*T25tv;tI(E2;;wV zc{kPXwoDFvAL&9%QKny`<7QQOyVaS?^<}1NtN4{PU-#~hPoI<5j$Jr>>fy1=0q3ur zWcUdd_|ELnW-E%Y!2`_e`R_b?si4imbtabZa~Al%_?uGTiTV0g z2kVyxzp3#x?*Zn(_rU$Vt;&by&hYPq_qP^+|3>)_U9Fc2%U{p#-@4}qzP&Vmulygn zX2s^~Mj|Oc4FmYESMVE;i;Dc->>rz~|AxQP^qUp`SNp)vfc-J| zziqXsw%9fR>0|PDFo19D%fF)h#~?q!*#Fkv|K#IW)!+BTzXfB@cj5DR%ij~pY?}i&5-adCd2Vb^uOYu;g-xZm(ly}N=tU#XMdi9*o=t;Ys~h#0_6uH3|u2So4WP~SX~L7;jt_rCfij`QSCh`!ANpNnHSFL7YUvYVxc&On_* zKVF)~f4xJ0F$?_1_52mnbs|vbp#LQZ;0NOS2x9%*Zx4vCApAc5zmuvIPrv20` TP{97y{(qHUds7QH_~p6EpHHPNGQgsmLC_s&N2 zy7gY?ocGN8Vb+?NHD}hlX1@K_|6c35|Mzu&`Gr*aVJA)aVgn4pckb+&4f+5OfCT~A z5O50ua3BB|0&YXVAK@JcxC;Sz5P%N>1Q2i!0tg|12m**9fCK_aA>cj)kU;=B1W-T# zB?M4G05t^AKmaWSJb(Z?2%v`m1_*cv0gMpv2m+WOfEfZ<2zUwsVh{j>0C5PAfB-lINLB#P zG-AO%=W12myUi}qVu+J(O+VCMCO-9Q%`CMLF?|6WQD}s5mFpT=x8|neRAtg|3 z`%-^aXwH0F2jP@B&c>#OAaJ{PC?j8!uv%1fM=nlG*g>D|P<}_Sz4H;1;G&ObtH~2t zdV-E81Q;^u?!2J)wt}T(A6i%fuV{*NjT%T_EhqNNd31lCeIU8IAYsMCNpsWQ_ubJ< zb9)UlQ9UT1LC7E-v)W%M(A(Lb>yQdYEd?U^-GpDE_WdyFNkhxZt0C1Nwgt`y<6&=W z6EtC~qEia|c$<1GqDFmQ8lnv+wax5p_p3rsP7sg%H*k zu)%a%s#!lFoY&u24_|9OUQ#<%3!V=VoDQWXD(JG*z4%em>xjp^+HD``X?p%^-WPv; z#aKE;VO@&vn#_)$89W)NPZm#6RFPItwzh|=2I^=JN z&Fi-%lUe6*4$~vtL@%(s!)bQ7uK=EP4Y?&`&vw*F_9%_0<6xaI0!} zE#;{IDqSflxa<6NuKdv$rJhUNNV}u`P+O;O3?u68_VZzlOzY5lt$yHp+?d6-v3DC$ zu0ULE)eE9+K7;ks&WxMvPz_Nk6IZV>p$fa35`UNr!2pkke-lOwGe5`%e&xX_8lD+w zSao|sUI)`WPF&6A=_!fhJ^0vnv{1HHKC8MTVCNu?(-|y81W$MuRax^U|k!_mwu#Tr7B`y8K+|~u0 zGF0z=nisvBXo?AmLV>`x=rND|A{hVe7t!OF>nHe{UXvJiYXlmMn+cPeNwY6THS3{% z)`_WBj%$h}Hjf!rTFvb(TJVow3mt9Dhg#o9#PV5hzRXtgTm7-A?JsR}$sF?QIaz4> z<#mZ#`T_MNR7o^K$e`S=R+!A-YO+kGc)_|iV+IpGG!|t2)Ge`lB4Z}sl^+-PL`$x_ zJ3OvW#$-jExJ(@EiI-@|KznFOGBOIr%}HXa)zf0*V(LHMUiZOei4lv8+;zJ>m11R; zQ!L*Y7$*E-CJ&dtJ8gp`UQn=RT;Z(H;R1)OJ>bSn3WrSzD`4Wx>U{Z*Q)e-#@{}yL zfNj0wI{Zc;PNM+OqIO2t5QrFmn^WIj-ijwtM)5her|5xYObwqjHJUWx)H%*Y{1?fj z0q~=M>dWi>u&uGkaYH4I%IWo~wl!(JnXR7vo!S*?eed@&;*(iUEg!~uQXPAv=c3dW z1v%SmZxx$BDY6q#)keB_bn}U=K_hm!R*8**@u8SO+ci@{ z=>@+b$mE!c_+(q7NFG!!+5i+hRUx~1bI4&;of^zw-JtOmg>Ows-td(Q3=OsP?)lzVU z@^0r#Y@H@KBdekk{&LsvB^*gjc8_a04@_Q7_^!kuU!jbsgPLj4!uQQfd*iUoxRYAC zkAd6a8WEQji9)i!|4em4G;-s{z0${kW^A%NOjqmA!)%F0ye#9jX*9xK47Sc&nYo^$ zs>r?lC0hH@oF+S(-ud#c;E6` z58gIeEv&%%O`64+@?dcE7=hkZu{6#>GrVr8af;1zaYX4?cuDy@oVNM^M$7UVm+A0C znz{(JSKghuU?KYNZAj+bRi3?XG| zk0MV#%iAK=sPi8;Xf>+pcjjkrAhsee(ByEfC=7G4cny+aL}w4w-iz)X7ay2CQ`UyE zVQV>$mLwE3SS>d9D`@OdjXJz;L_%)zJ9u&Q_TBqx>mx1?LIma0?<2YxoZq^YkUuA3 znVwlbP7~c$+x(1<9(8ygl_3!%bk@ZYE`qd~%?UFzf69_c_jG!5XwHRwWC)>DjULhx zbss>Yr?M3556|_WwI?~_;o0P1NKapi z;7+CBlY{#^6aGD!wB^18J>4v{-c)(9oMSM09sIkboHw9jQZX_D^hSg;PLaBj+7@3gnT|o* z`uJ%%Sv`UA4oXfM?eDnU1@qS^53351d+ruTT;4O-d25{CR7MxvL2Fr4uV^rCNVD~g zf)3STO&usP*T`q74%a^~l&D-N&MbbQ{KnEOa(4e^rkar{r9bcJ!(wlkxrbuOf^BfG zh%Kv^cxR}#p+?AEc1aI+BP$_UGnBqW&4Hv>nxaU zMT%Xd@2BDTv}?6Gm#MVh)QTLGz_ss-eHe#T@$3A4bXEO^P_gPyy#mH!pKA*u$7i_( zoKtZ5l*FgJWH(OLF4RgCGL(Y!9hwSX{FWL&g)|Q+@gtM-mveQe>6j))g{!WLgXWq?=GF@O zp@TkIjm`s#>x4A_t$@4yep2g`XXP(uLhz@8U;U-v6FG0TYgILTYqYCbp1embg!8*t z9qBk(HW(

M$~Uz#`l2cjvoqh4AfxpP_Ix7=@%;mLf*9bWtlx8SpJ2J)> z6+c*De0mzW%h6kk;q1#f(WfIfRq9#4pDa=Jf%7Fk5#0(!a+KKEsVj%$wxM(p|z0TZi0!(FD+t=B=F(rltT?(E5``^VoR zf4GdGgwPL&GMO+{^q#NEIW9!%P*0Ur{BVW`2avfI(J9mUe7PMnLY;JUEUaL4Lw3T6 zHH>Xe`LV|AgvpyUnEfMnml4MYA|~@JcD~`2*8DPs_joTe+?oSTa6(b<`o^5(r%m-F zhKioNw44~WtOxTYMTJ!>mDfDg?$Ll9gFg|SNX$rH7?eB1g^FuB|>w?jz3@dD> zesZekS50pb&M5t9$`jM7Zz|wP4tg`pqat{kb7D*%F=;`llU!^y_fbu=r^39UF!k4j z$e!ul;Yxjz4Su|uA}5vjU#x~WM41*i%P0OZ*eSn$@glv_oljlGVzKSItzO>E{vdZ~ z^O&T+?C=?U2uR`=dS!?9ZV7a9_Xv4V^xjDd7Lkt_SpHA~}?Vz3#~m<2h} zWAHMr8mTSO+Ep@~)nR6J=+RY|OeeVTp7P6fPr1DF66J2!>(egQMR24~*ep#QdoYKd zKW+{&8!@9TkjLEEOdBfrDfBwgKIRR7 zaGoOzd5WDe&A0J0oU1t9(Jb51@X23`R-826Fs&DvpAJ+~OrvmHBK9sEXX@HFB&KyU ze^T|ISWFR-wMvrLCB8KRkyqN!w|S6yZ!V=GC979%@qpXYRp98{Sel`X+Td+4fN9DB zfeeUN))FaJIzLu%@nHT;F-%Ol@qO>blE~*7R}KdR^P{+Qb51{r=X~qsI8j9!+T(qz zPu?KJB{!L{RqwoDB!-@i zMIswAa&eX>8T$#{oIA>;Q|b1%zMA`s!~Pk8|4H^&1PZ!2Z%KF_%-(7-V7!gbuNBZJ zML=OxLhJ`oasA68@P9n)>yKw;*W88?M6Kq#^WdsKgY4i97CX%hsqEmxmwsfS8n@Mi z{=$2ILIaFljB0oK_Q23Hd5~TEylvom)LTPwh8{7TLV$425=6>=k05Y>?aMudWuRe{<45 z-gpcmo^{{mrbSu}ls*6d0MI83HmrS-v6ur f`u8Dhd3CMsj4VIf;WlHY*-dq0$p-WVf diff --git a/detection_rules/schemas/definitions.py b/detection_rules/schemas/definitions.py index 3e2f7f86d..c4740542b 100644 --- a/detection_rules/schemas/definitions.py +++ b/detection_rules/schemas/definitions.py @@ -78,7 +78,8 @@ NON_DATASET_PACKAGES = ['apm', 'windows', 'sentinel_one_cloud_funnel', 'ti_rapid7_threat_command', - 'm365_defender'] + 'm365_defender', + 'panw'] NON_PUBLIC_FIELDS = { "related_integrations": (Version.parse('8.3.0'), None), "required_fields": (Version.parse('8.3.0'), None), diff --git a/rules/network/command_and_control_accepted_default_telnet_port_connection.toml b/rules/network/command_and_control_accepted_default_telnet_port_connection.toml index dbfd44870..d30f431fd 100644 --- a/rules/network/command_and_control_accepted_default_telnet_port_connection.toml +++ b/rules/network/command_and_control_accepted_default_telnet_port_connection.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/08/02" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -22,7 +22,7 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "Accepted Default Telnet Port Connection" @@ -35,6 +35,7 @@ tags = [ "Tactic: Command and Control", "Tactic: Lateral Movement", "Tactic: Initial Access", + "Data Source: PAN-OS" ] timeline_id = "300afc76-072d-4261-864d-4149714bf3f1" timeline_title = "Comprehensive Network Timeline" diff --git a/rules/network/command_and_control_download_rar_powershell_from_internet.toml b/rules/network/command_and_control_download_rar_powershell_from_internet.toml index 22f2f919a..353a1460e 100644 --- a/rules/network/command_and_control_download_rar_powershell_from_internet.toml +++ b/rules/network/command_and_control_download_rar_powershell_from_internet.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/07/02" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -19,7 +19,7 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "Roshal Archive (RAR) or PowerShell File Downloaded from the Internet" @@ -34,7 +34,7 @@ references = [ risk_score = 47 rule_id = "ff013cb4-274d-434a-96bb-fe15ddd3ae92" severity = "medium" -tags = ["Use Case: Threat Detection", "Tactic: Command and Control", "Domain: Endpoint"] +tags = ["Use Case: Threat Detection", "Tactic: Command and Control", "Domain: Endpoint", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/command_and_control_fin7_c2_behavior.toml b/rules/network/command_and_control_fin7_c2_behavior.toml index 5766270a1..fcffd02c0 100644 --- a/rules/network/command_and_control_fin7_c2_behavior.toml +++ b/rules/network/command_and_control_fin7_c2_behavior.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/07/06" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -17,7 +17,7 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "lucene" license = "Elastic License v2" name = "Possible FIN7 DGA Command and Control Behavior" @@ -30,7 +30,7 @@ references = [ risk_score = 73 rule_id = "4a4e23cf-78a2-449c-bac3-701924c269d3" severity = "high" -tags = ["Use Case: Threat Detection", "Tactic: Command and Control", "Domain: Endpoint"] +tags = ["Use Case: Threat Detection", "Tactic: Command and Control", "Domain: Endpoint", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/command_and_control_nat_traversal_port_activity.toml b/rules/network/command_and_control_nat_traversal_port_activity.toml index 94a0c4750..f61786952 100644 --- a/rules/network/command_and_control_nat_traversal_port_activity.toml +++ b/rules/network/command_and_control_nat_traversal_port_activity.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -21,14 +21,14 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.*"] language = "kuery" license = "Elastic License v2" name = "IPSEC NAT Traversal Port Activity" risk_score = 21 rule_id = "a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7" severity = "low" -tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/command_and_control_port_26_activity.toml b/rules/network/command_and_control_port_26_activity.toml index d25a8aeb1..2a0140127 100644 --- a/rules/network/command_and_control_port_26_activity.toml +++ b/rules/network/command_and_control_port_26_activity.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -18,7 +18,7 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "SMTP on Port 26/TCP" @@ -29,7 +29,7 @@ references = [ risk_score = 21 rule_id = "d7e62693-aab9-4f66-a21a-3d79ecdd603d" severity = "low" -tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml b/rules/network/command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml index 6cfbbf069..e9e59ab3a 100644 --- a/rules/network/command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml +++ b/rules/network/command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -23,7 +23,7 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "RDP (Remote Desktop Protocol) from the Internet" @@ -31,7 +31,7 @@ references = ["https://www.iana.org/assignments/iana-ipv4-special-registry/iana- risk_score = 47 rule_id = "8c1bdde8-4204-45c0-9e0c-c85ca3902488" severity = "medium" -tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timeline_id = "300afc76-072d-4261-864d-4149714bf3f1" timeline_title = "Comprehensive Network Timeline" timestamp_override = "event.ingested" diff --git a/rules/network/command_and_control_vnc_virtual_network_computing_from_the_internet.toml b/rules/network/command_and_control_vnc_virtual_network_computing_from_the_internet.toml index d410f7aaa..db915e0a0 100644 --- a/rules/network/command_and_control_vnc_virtual_network_computing_from_the_internet.toml +++ b/rules/network/command_and_control_vnc_virtual_network_computing_from_the_internet.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -21,7 +21,7 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "VNC (Virtual Network Computing) from the Internet" @@ -29,7 +29,7 @@ references = ["https://www.iana.org/assignments/iana-ipv4-special-registry/iana- risk_score = 73 rule_id = "5700cb81-df44-46aa-a5d7-337798f53eb8" severity = "high" -tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/command_and_control_vnc_virtual_network_computing_to_the_internet.toml b/rules/network/command_and_control_vnc_virtual_network_computing_to_the_internet.toml index 09da32e8e..f7f629214 100644 --- a/rules/network/command_and_control_vnc_virtual_network_computing_to_the_internet.toml +++ b/rules/network/command_and_control_vnc_virtual_network_computing_to_the_internet.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -21,7 +21,7 @@ false_positives = [ """, ] from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "VNC (Virtual Network Computing) to the Internet" @@ -29,7 +29,7 @@ references = ["https://www.iana.org/assignments/iana-ipv4-special-registry/iana- risk_score = 47 rule_id = "3ad49c61-7adc-42c1-b788-732eda2f5abf" severity = "medium" -tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Command and Control", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/discovery_potential_network_sweep_detected.toml b/rules/network/discovery_potential_network_sweep_detected.toml index e7c98678d..1f4a3572f 100644 --- a/rules/network/discovery_potential_network_sweep_detected.toml +++ b/rules/network/discovery_potential_network_sweep_detected.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2023/05/17" -integration = ["endpoint", "network_traffic"] +integration = ["endpoint", "network_traffic", "panw"] maturity = "production" -updated_date = "2024/08/07" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -14,7 +14,7 @@ theft, or other malicious activities. This rule proposes threshold logic to chec source host to 10 or more destination hosts on commonly used network services. """ from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-endpoint.events.network-*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-endpoint.events.network-*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" max_signals = 5 @@ -28,6 +28,7 @@ tags = [ "Tactic: Reconnaissance", "Use Case: Network Security Monitoring", "Data Source: Elastic Defend", + "Data Source: PAN-OS" ] timestamp_override = "event.ingested" type = "threshold" diff --git a/rules/network/discovery_potential_port_scan_detected.toml b/rules/network/discovery_potential_port_scan_detected.toml index 949a0ac48..718b4ef6d 100644 --- a/rules/network/discovery_potential_port_scan_detected.toml +++ b/rules/network/discovery_potential_port_scan_detected.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2023/05/17" -integration = ["endpoint", "network_traffic"] +integration = ["endpoint", "network_traffic", "panw"] maturity = "production" -updated_date = "2024/08/07" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -15,7 +15,7 @@ exploitation of the targeted system or network. This rule proposes threshold log one source host to 20 or more destination ports. """ from = "now-9m" -index = ["logs-endpoint.events.network-*", "logs-network_traffic.*", "packetbeat-*", "filebeat-*", "auditbeat-*"] +index = ["logs-endpoint.events.network-*", "logs-network_traffic.*", "packetbeat-*", "filebeat-*", "auditbeat-*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" max_signals = 5 @@ -29,6 +29,7 @@ tags = [ "Tactic: Reconnaissance", "Use Case: Network Security Monitoring", "Data Source: Elastic Defend", + "Data Source: PAN-OS" ] timestamp_override = "event.ingested" type = "threshold" diff --git a/rules/network/discovery_potential_syn_port_scan_detected.toml b/rules/network/discovery_potential_syn_port_scan_detected.toml index 65d16a3d7..a73608000 100644 --- a/rules/network/discovery_potential_syn_port_scan_detected.toml +++ b/rules/network/discovery_potential_syn_port_scan_detected.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2023/05/17" -integration = ["endpoint", "network_traffic"] +integration = ["endpoint", "network_traffic", "panw"] maturity = "production" -updated_date = "2024/08/07" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -15,7 +15,7 @@ to data breaches or further malicious activities. This rule proposes threshold l from one source host to 10 or more destination ports using 2 or less packets per port. """ from = "now-9m" -index = ["logs-endpoint.events.network-*", "logs-network_traffic.*", "packetbeat-*", "auditbeat-*", "filebeat-*"] +index = ["logs-endpoint.events.network-*", "logs-network_traffic.*", "packetbeat-*", "auditbeat-*", "filebeat-*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" max_signals = 5 @@ -29,6 +29,7 @@ tags = [ "Tactic: Reconnaissance", "Use Case: Network Security Monitoring", "Data Source: Elastic Defend", + "Data Source: PAN-OS" ] timestamp_override = "event.ingested" type = "threshold" diff --git a/rules/network/initial_access_rpc_remote_procedure_call_from_the_internet.toml b/rules/network/initial_access_rpc_remote_procedure_call_from_the_internet.toml index 1d7743ba0..ddaf50fd5 100644 --- a/rules/network/initial_access_rpc_remote_procedure_call_from_the_internet.toml +++ b/rules/network/initial_access_rpc_remote_procedure_call_from_the_internet.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -13,7 +13,7 @@ directly exposed to the Internet, as it is frequently targeted and exploited by backdoor vector. """ from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "RPC (Remote Procedure Call) from the Internet" @@ -21,7 +21,7 @@ references = ["https://www.iana.org/assignments/iana-ipv4-special-registry/iana- risk_score = 73 rule_id = "143cb236-0956-4f42-a706-814bcaa0cf5a" severity = "high" -tags = ["Tactic: Initial Access", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Initial Access", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/initial_access_rpc_remote_procedure_call_to_the_internet.toml b/rules/network/initial_access_rpc_remote_procedure_call_to_the_internet.toml index 0f11c9084..765d3d433 100644 --- a/rules/network/initial_access_rpc_remote_procedure_call_to_the_internet.toml +++ b/rules/network/initial_access_rpc_remote_procedure_call_to_the_internet.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -13,7 +13,7 @@ directly exposed to the Internet, as it is frequently targeted and exploited by backdoor vector. """ from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "RPC (Remote Procedure Call) to the Internet" @@ -21,7 +21,7 @@ references = ["https://www.iana.org/assignments/iana-ipv4-special-registry/iana- risk_score = 73 rule_id = "32923416-763a-4531-bb35-f33b9232ecdb" severity = "high" -tags = ["Tactic: Initial Access", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Initial Access", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query" diff --git a/rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml b/rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml index cdb0744ec..ec784917b 100644 --- a/rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml +++ b/rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml @@ -1,8 +1,8 @@ [metadata] creation_date = "2020/02/18" -integration = ["network_traffic"] +integration = ["network_traffic", "panw"] maturity = "production" -updated_date = "2024/05/21" +updated_date = "2024/09/18" [rule] author = ["Elastic"] @@ -13,7 +13,7 @@ systems. It should almost never be directly exposed to the Internet, as it is fr threat actors as an initial access or backdoor vector or for data exfiltration. """ from = "now-9m" -index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*"] +index = ["packetbeat-*", "auditbeat-*", "filebeat-*", "logs-network_traffic.*", "logs-panw.panos*"] language = "kuery" license = "Elastic License v2" name = "SMB (Windows File Sharing) Activity to the Internet" @@ -21,7 +21,7 @@ references = ["https://www.iana.org/assignments/iana-ipv4-special-registry/iana- risk_score = 73 rule_id = "c82b2bd8-d701-420c-ba43-f11a155b681a" severity = "high" -tags = ["Tactic: Initial Access", "Domain: Endpoint", "Use Case: Threat Detection"] +tags = ["Tactic: Initial Access", "Domain: Endpoint", "Use Case: Threat Detection", "Data Source: PAN-OS"] timestamp_override = "event.ingested" type = "query"