From e9d8ae0fd203de16f3ae66d2a012699eefa64533 Mon Sep 17 00:00:00 2001 From: Kim Hammar Date: Wed, 10 Apr 2024 20:54:38 +0200 Subject: [PATCH] add level-14 --- docs/_docs/emulation_system.md | 32 +- .../docker_files/ovs_base/README.md | 10 + emulation-system/envs/050/level_10/README.MD | 2 +- emulation-system/envs/050/level_13/README.MD | 6 +- emulation-system/envs/050/level_14/.gitignore | 3 + emulation-system/envs/050/level_14/Makefile | 13 + emulation-system/envs/050/level_14/README.MD | 52 + emulation-system/envs/050/level_14/config.py | 3859 +++++++++++++++++ emulation-system/envs/050/level_14/env.png | Bin 0 -> 236355 bytes .../envs/050/level_14/test_config.py | 34 + emulation-system/envs/050/level_8/README.MD | 2 +- emulation-system/envs/Makefile | 12 + unit_tests.sh | 1 + 13 files changed, 4006 insertions(+), 20 deletions(-) create mode 100644 emulation-system/base_images/docker_files/ovs_base/README.md create mode 100644 emulation-system/envs/050/level_14/.gitignore create mode 100644 emulation-system/envs/050/level_14/Makefile create mode 100644 emulation-system/envs/050/level_14/README.MD create mode 100644 emulation-system/envs/050/level_14/config.py create mode 100644 emulation-system/envs/050/level_14/env.png create mode 100644 emulation-system/envs/050/level_14/test_config.py diff --git a/docs/_docs/emulation_system.md b/docs/_docs/emulation_system.md index 3f6b932f1..1d25f104d 100644 --- a/docs/_docs/emulation_system.md +++ b/docs/_docs/emulation_system.md @@ -55,20 +55,22 @@ pre-installed configurations in Fig. 6 and whose configuration is listed in Table 4. -| *Emulation configuration* | *Description* | -|---------------------------|-------------------------------------------------------------------------------| -| `csle-level1-020` | Emulation with 7 components, 3 flags, password vulnerabilities, no IDS. | -| `csle-level2-020` | Emulation with 13 components, 6 flags, password vulnerabilities, no IDS. | -| `csle-level3-020` | Emulation with 34 components, 6 flags, password vulnerabilities, no IDS. | -| `csle-level4-020` | Emulation with 7 components, 3 flags, password vulnerabilities, IDS. | -| `csle-level5-020` | Emulation with 13 components, 6 flags, password vulnerabilities, IDS. | -| `csle-level6-020` | Emulation with 34 components, 6 flags, password vulnerabilities, IDS. | -| `csle-level7-020` | Emulation with 7 components, 3 flags, password & RCE vulnerabilities, IDS. | -| `csle-level8-020` | Emulation with 13 components, 6 flags, password & RCE vulnerabilities, IDS. | -| `csle-level9-020` | Emulation with 34 components, 6 flags, password & RCE vulnerabilities, IDS. | -| `csle-level10-020` | Emulation with 16 components, 12 flags, password & RCE vulnerabilities, IDS. | -| `csle-level11-020` | Emulation with 36 components, 6 flags, password & RCE vulnerabilities, IDS. | -| `csle-level12-020` | Emulation with 7 components, 3 flags, password RCE vulnerabilities, IDS, SDN. | +| *Emulation configuration* | *Description* | +|---------------------------|---------------------------------------------------------------------------------| +| `csle-level1-050` | Emulation with 7 components, 3 flags, password vulnerabilities, no IDS. | +| `csle-level2-050` | Emulation with 13 components, 6 flags, password vulnerabilities, no IDS. | +| `csle-level3-050` | Emulation with 34 components, 6 flags, password vulnerabilities, no IDS. | +| `csle-level4-050` | Emulation with 7 components, 3 flags, password vulnerabilities, IDS. | +| `csle-level5-050` | Emulation with 13 components, 6 flags, password vulnerabilities, IDS. | +| `csle-level6-050` | Emulation with 34 components, 6 flags, password vulnerabilities, IDS. | +| `csle-level7-050` | Emulation with 7 components, 3 flags, password & RCE vulnerabilities, IDS. | +| `csle-level8-050` | Emulation with 13 components, 6 flags, password & RCE vulnerabilities, IDS. | +| `csle-level9-050` | Emulation with 34 components, 6 flags, password & RCE vulnerabilities, IDS. | +| `csle-level10-050` | Emulation with 16 components, 12 flags, password & RCE vulnerabilities, IDS. | +| `csle-level11-050` | Emulation with 36 components, 6 flags, password & RCE vulnerabilities, IDS. | +| `csle-level12-050` | Emulation with 7 components, 3 flags, password RCE vulnerabilities, IDS, SDN. | +| `csle-level13-050` | Emulation with 64 components, 6 flags, password RCE vulnerabilities, IDS, SDN. | +| `csle-level14-050` | Emulation with 17 components, 12 flags, password RCE vulnerabilities, IDS, SDN. |

@@ -101,7 +103,7 @@ Figure 6: Topology of the emulation configuration `csle-level9-020`

Table 4: Configuration of the emulation configuration -`csle-level9-020`, whose topology is shown in Fig. 6. +`csle-level9-050`, whose topology is shown in Fig. 6.

An *emulation execution* consists of a set of running containers and virtual networks, diff --git a/emulation-system/base_images/docker_files/ovs_base/README.md b/emulation-system/base_images/docker_files/ovs_base/README.md new file mode 100644 index 000000000..d6abfe778 --- /dev/null +++ b/emulation-system/base_images/docker_files/ovs_base/README.md @@ -0,0 +1,10 @@ +# Useful commands + +```bash +ovs-vsctl list-br +ovs-vsctl list-ports +ovs-vsctl get-manager +ovs-vsctl get-controller +ovs-vsctl list +ovsdb-tool show-log +``` \ No newline at end of file diff --git a/emulation-system/envs/050/level_10/README.MD b/emulation-system/envs/050/level_10/README.MD index 1e8b28079..aeabc3223 100644 --- a/emulation-system/envs/050/level_10/README.MD +++ b/emulation-system/envs/050/level_10/README.MD @@ -47,4 +47,4 @@ Kim Hammar Creative Commons -(C) 2021, Kim Hammar \ No newline at end of file +(C) 2020-2024, Kim Hammar \ No newline at end of file diff --git a/emulation-system/envs/050/level_13/README.MD b/emulation-system/envs/050/level_13/README.MD index e8b1c6a40..7f60239e5 100644 --- a/emulation-system/envs/050/level_13/README.MD +++ b/emulation-system/envs/050/level_13/README.MD @@ -1,9 +1,9 @@ # Capture the Flag - Level 13 -TODO +The target infrastructure in https://link.springer.com/chapter/10.1007/978-3-031-50670-3_9. -- Number of nodes: 7 -- Number of OVS switches: 3 +- Number of nodes: 64 +- Number of OVS switches: 24 - Number of SDN controllers: 1 - IDS: Yes (Snort) - Traffic generation: Yes diff --git a/emulation-system/envs/050/level_14/.gitignore b/emulation-system/envs/050/level_14/.gitignore new file mode 100644 index 000000000..67c576f9e --- /dev/null +++ b/emulation-system/envs/050/level_14/.gitignore @@ -0,0 +1,3 @@ +*.zip +*.json +containers \ No newline at end of file diff --git a/emulation-system/envs/050/level_14/Makefile b/emulation-system/envs/050/level_14/Makefile new file mode 100644 index 000000000..74ec8e530 --- /dev/null +++ b/emulation-system/envs/050/level_14/Makefile @@ -0,0 +1,13 @@ + +# Installs the configuration in the metastore +install: + python config.py --install + +# Uninstalls the configuration from the metastore +uninstall: + python config.py --uninstall + +# Cleans all configuration files +clean_config: + rm -rf ./config.json + rm -rf ./containers \ No newline at end of file diff --git a/emulation-system/envs/050/level_14/README.MD b/emulation-system/envs/050/level_14/README.MD new file mode 100644 index 000000000..2c48f8696 --- /dev/null +++ b/emulation-system/envs/050/level_14/README.MD @@ -0,0 +1,52 @@ +# Level 14 + +An emulation environment with a set of nodes that run common networked services such as SSH, FTP, Telnet, IRC, Kafka, +etc. Some of the services are vulnerable to different network attacks +such as the SambaCry exploit, Shellshock, CVE-2015-1427, CVE-2015-3306, CVE-2016-100033_1,and SQL injection. +Moreover, some nodes are vulnerable to privilege escalation attacks (e.g. CVE-2010-0426 and CVE-2015-5602) +which can be used by the attacker to extend his privileges after compromising the host. +The task of an attacker agent is to identify the vulnerabilities and +exploit them and discover hidden flags +on the nodes. Conversely, the task of the defender is to harden the defense of the nodes and to detect the +attacker. + +- Number of nodes: 17 +- Number of OVS switches: 1 +- Number of SDN controllers: 1 +- IDS: Yes (Snort) +- Traffic generation: Yes +- Number of flags: 12 +- Vulnerabilities: SambaCry, Shellshock, CVE-2015-1427, CVE-2015-3306, CVE-2016-100033_1,and SQL injection., Pengine RCE vulnerability, as well as SSH, FTP, Telnet servers that can be compromised using dictionary attacks + +## Architecture + +

+ +

+ +## Useful commands + +```bash +make install # Install the emulation in the metastore +make uninstall # Uninstall the emulation from the metastore +make clean_config # Clean config files +docker container ls --all # list all running containers +docker image ls --all # list all images +docker system prune # remove unused images and containers +docker container prune # remove stopped containers +sudo useradd -rm -d /home/csle_admin -s /bin/bash -g root -G sudo -p "$(openssl passwd -1 'csle@admin-pw_191')" csle_admin +docker run --name=iperf3 -d --restart=unless-stopped -p 5201:5201/tcp -p 5201:5201/udp mlabbe/iperf3 # Start the iperf server on the host +iperf3 -R -c # network performance, where is the IP where the iperf server is running e.g. the host 172.31.212.92 +``` + +## Author & Maintainer + +Kim Hammar + +## Copyright and license + +[LICENSE](../../../../../LICENSE.md) + +Creative Commons + +(C) 2020-2024, Kim Hammar \ No newline at end of file diff --git a/emulation-system/envs/050/level_14/config.py b/emulation-system/envs/050/level_14/config.py new file mode 100644 index 000000000..d69638b11 --- /dev/null +++ b/emulation-system/envs/050/level_14/config.py @@ -0,0 +1,3859 @@ +from typing import Dict, List, Union +import argparse +import os +import multiprocessing +import csle_common.constants.constants as constants +import csle_ryu.constants.constants as ryu_constants +import csle_collector.constants.constants as collector_constants +from csle_collector.client_manager.dao.constant_arrival_config import ConstantArrivalConfig +from csle_collector.client_manager.dao.workflows_config import WorkflowsConfig +from csle_collector.client_manager.dao.workflow_service import WorkflowService +from csle_collector.client_manager.dao.workflow_markov_chain import WorkflowMarkovChain +from csle_collector.client_manager.dao.client import Client +from csle_common.dao.emulation_config.topology_config import TopologyConfig +from csle_common.dao.emulation_config.node_firewall_config import NodeFirewallConfig +from csle_common.dao.emulation_config.default_network_firewall_config import DefaultNetworkFirewallConfig +from csle_common.dao.emulation_config.containers_config import ContainersConfig +from csle_common.dao.emulation_config.node_container_config import NodeContainerConfig +from csle_common.dao.emulation_config.container_network import ContainerNetwork +from csle_common.dao.emulation_config.flags_config import FlagsConfig +from csle_common.dao.emulation_config.node_flags_config import NodeFlagsConfig +from csle_common.dao.emulation_config.resources_config import ResourcesConfig +from csle_common.dao.emulation_config.node_resources_config import NodeResourcesConfig +from csle_common.dao.emulation_config.node_network_config import NodeNetworkConfig +from csle_common.dao.emulation_config.packet_loss_type import PacketLossType +from csle_common.dao.emulation_config.packet_delay_distribution_type import PacketDelayDistributionType +from csle_common.dao.emulation_config.traffic_config import TrafficConfig +from csle_common.dao.emulation_config.node_traffic_config import NodeTrafficConfig +from csle_common.dao.emulation_config.users_config import UsersConfig +from csle_common.dao.emulation_config.node_users_config import NodeUsersConfig +from csle_common.dao.emulation_config.vulnerabilities_config import VulnerabilitiesConfig +from csle_common.dao.emulation_config.emulation_env_config import EmulationEnvConfig +from csle_common.controllers.emulation_env_controller import EmulationEnvController +from csle_common.dao.emulation_config.client_population_config import ClientPopulationConfig +from csle_common.dao.emulation_config.kafka_config import KafkaConfig +from csle_common.dao.emulation_config.kafka_topic import KafkaTopic +from csle_common.util.experiment_util import ExperimentUtil +from csle_common.dao.emulation_config.flag import Flag +from csle_common.dao.emulation_config.node_vulnerability_config import NodeVulnerabilityConfig +from csle_common.dao.emulation_config.credential import Credential +from csle_common.dao.emulation_config.vulnerability_type import VulnType +from csle_common.dao.emulation_config.transport_protocol import TransportProtocol +from csle_common.dao.emulation_config.node_services_config import NodeServicesConfig +from csle_common.dao.emulation_config.services_config import ServicesConfig +from csle_common.dao.emulation_config.ovs_config import OVSConfig +from csle_common.dao.emulation_config.network_service import NetworkService +from csle_common.dao.emulation_config.sdn_controller_config import SDNControllerConfig +from csle_common.dao.emulation_config.user import User +from csle_common.dao.emulation_action.attacker.emulation_attacker_action import EmulationAttackerAction +from csle_common.dao.emulation_config.host_manager_config import HostManagerConfig +from csle_common.dao.emulation_config.snort_ids_manager_config import SnortIDSManagerConfig +from csle_common.dao.emulation_config.ossec_ids_manager_config import OSSECIDSManagerConfig +from csle_common.dao.emulation_config.docker_stats_manager_config import DockerStatsManagerConfig +from csle_common.dao.emulation_config.elk_config import ElkConfig +from csle_common.dao.emulation_config.beats_config import BeatsConfig +from csle_common.dao.emulation_config.node_beats_config import NodeBeatsConfig +from csle_common.dao.emulation_config.sdn_controller_type import SDNControllerType +from csle_common.dao.emulation_config.ovs_switch_config import OvsSwitchConfig + + +def default_config(name: str, network_id: int = 14, level: int = 14, version: str = "0.5.0", + time_step_len_seconds: int = 15) -> EmulationEnvConfig: + """ + Returns the default configuration of the emulation environment + + :param name: the name of the emulation + :param network_id: the network id of the emulation + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the emulation environment configuration + """ + containers_cfg = default_containers_config(network_id=network_id, level=level, version=version) + flags_cfg = default_flags_config(network_id=network_id) + resources_cfg = default_resource_constraints_config(network_id=network_id, level=level) + topology_cfg = default_topology_config(network_id=network_id) + traffic_cfg = default_traffic_config(network_id=network_id, time_step_len_seconds=time_step_len_seconds) + users_cfg = default_users_config(network_id=network_id) + vuln_cfg = default_vulns_config(network_id=network_id) + kafka_cfg = default_kafka_config(network_id=network_id, level=level, version=version, + time_step_len_seconds=time_step_len_seconds) + services_cfg = default_services_config(network_id=network_id) + descr = "An emulation environment with a set of nodes that run common " \ + "networked services such as SSH, FTP, Telnet, IRC, Kafka, " \ + "etc. Some of the services are vulnerable to different network attacks " \ + "such as the SambaCry exploit, Shellshock, CVE-2015-1427, CVE-2015-3306, CVE-2016-100033_1, " \ + "and SQL injection. " \ + "Moreover, some nodes are vulnerable to privilege escalation attacks " \ + "(e.g. CVE-2010-0426 and CVE-2015-5602) " \ + "which can be used by the attacker to extend his privileges after compromising the host. " \ + "The task of an attacker agent is to identify the vulnerabilities and " \ + "exploit them and discover hidden flags " \ + "on the nodes. Conversely, the task of the defender is " \ + "to harden the defense of the nodes and to detect the attacker." + static_attackers_cfg = default_static_attacker_sequences(topology_cfg.subnetwork_masks) + ovs_cfg = default_ovs_config(network_id=network_id, level=level, version=version) + sdn_controller_cfg = default_sdn_controller_config(network_id=network_id, level=level, version=version, + time_step_len_seconds=time_step_len_seconds) + host_manager_cfg = default_host_manager_config(network_id=network_id, level=level, version=version, + time_step_len_seconds=time_step_len_seconds) + snort_ids_manager_cfg = default_snort_ids_manager_config(network_id=network_id, level=level, version=version, + time_step_len_seconds=time_step_len_seconds) + ossec_ids_manager_cfg = default_ossec_ids_manager_config(network_id=network_id, level=level, version=version, + time_step_len_seconds=time_step_len_seconds) + docker_stats_manager_cfg = default_docker_stats_manager_config(network_id=network_id, level=level, version=version, + time_step_len_seconds=time_step_len_seconds) + elk_cfg = default_elk_config(network_id=network_id, level=level, version=version, + time_step_len_seconds=time_step_len_seconds) + beats_cfg = default_beats_config(network_id=network_id) + emulation_env_cfg = EmulationEnvConfig( + name=name, containers_config=containers_cfg, users_config=users_cfg, flags_config=flags_cfg, + vuln_config=vuln_cfg, topology_config=topology_cfg, traffic_config=traffic_cfg, resources_config=resources_cfg, + kafka_config=kafka_cfg, services_config=services_cfg, + descr=descr, static_attacker_sequences=static_attackers_cfg, ovs_config=ovs_cfg, + sdn_controller_config=sdn_controller_cfg, host_manager_config=host_manager_cfg, + snort_ids_manager_config=snort_ids_manager_cfg, ossec_ids_manager_config=ossec_ids_manager_cfg, + docker_stats_manager_config=docker_stats_manager_cfg, elk_config=elk_cfg, + level=level, execution_id=-1, version=version, beats_config=beats_cfg + ) + return emulation_env_cfg + + +def default_containers_config(network_id: int, level: int, version: str) -> ContainersConfig: + """ + Generates default containers config + + :param version: the version of the containers to use + :param level: the level parameter of the emulation + :param network_id: the network id + :return: the ContainersConfig of the emulation + """ + containers = [ + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.CLIENT_1}", + os=constants.CONTAINER_OS.CLIENT_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.254", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.254", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.FTP_1}", + os=constants.CONTAINER_OS.FTP_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.79", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.HACKER_KALI_1}", + os=constants.CONTAINER_OS.HACKER_KALI_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.191", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.191", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.HONEYPOT_1}", + os=constants.CONTAINER_OS.HONEYPOT_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.21", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.ROUTER_2}", + os=constants.CONTAINER_OS.ROUTER_2_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + ( + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.10", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.10", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH3, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}.10", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{ryu_constants.RYU.FULL_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}", + interface=constants.NETWORKING.ETH4, + bitmask=ryu_constants.RYU.FULL_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.SSH_1}", + os=constants.CONTAINER_OS.SSH_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.78", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.TELNET_1}", + os=constants.CONTAINER_OS.TELNET_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.3", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.SAMBA_1}", + os=constants.CONTAINER_OS.SAMBA_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.19", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.SHELLSHOCK_1}", + os=constants.CONTAINER_OS.SHELLSHOCK_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.31", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.SQL_INJECTION_1}", + os=constants.CONTAINER_OS.SQL_INJECTION_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.42", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.CVE_2015_3306_1}", + os=constants.CONTAINER_OS.CVE_2015_3306_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.37", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.CVE_2015_1427_1}", + os=constants.CONTAINER_OS.CVE_2015_1427_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.82", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.CVE_2016_10033_1}", + os=constants.CONTAINER_OS.CVE_2016_10033_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.75", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.CVE_2010_0426_1}", + os=constants.CONTAINER_OS.CVE_2010_0426_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.71", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.CVE_2015_5602_1}", + os=constants.CONTAINER_OS.CVE_2015_5602_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.11", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.PENGINE_EXPLOIT_1}", + os=constants.CONTAINER_OS.PENGINE_EXPLOIT_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.104", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.CVE_2014_0160_1}", + os=constants.CONTAINER_OS.CVE_2014_0160_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.204", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH2, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1"), + NodeContainerConfig(name=f"{constants.CONTAINER_IMAGES.OVS_1}", + os=constants.CONTAINER_OS.OVS_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + interface=constants.NETWORKING.ETH0, + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, + suffix="_1") + ] + containers_cfg = ContainersConfig( + containers=containers, + agent_ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.191", + router_ip=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}.2.10", + ids_enabled=True, vulnerable_nodes=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204" + ], + agent_reachable_nodes=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + ], + networks=[ + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ), + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ), + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ), + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{ryu_constants.RYU.FULL_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}", + bitmask=ryu_constants.RYU.FULL_BITMASK + ) + ]) + return containers_cfg + + +def default_flags_config(network_id: int) -> FlagsConfig: + """ + Generates default flags config + + :param network_id: the network id + :return: The flags confguration + """ + flags = [ + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}3", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}3" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=3, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}2", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}2" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=2, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}1", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}1" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=1, requires_root=True, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}4", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}4" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=4, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}5", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}5" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=5, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}6", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}6" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=6, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}7", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}7" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=7, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}8", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}8" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=8, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}9", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}9" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=9, requires_root=False, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}10", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}10" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=10, requires_root=True, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}11", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}11" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=11, requires_root=True, score=1 + )]), + NodeFlagsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + flags=[Flag( + name=f"{constants.COMMON.FLAG_FILENAME_PREFIX}12", + path=f"/{constants.COMMANDS.TMP_DIR}/{constants.COMMON.FLAG_FILENAME_PREFIX}12" + f"{constants.FILE_PATTERNS.TXT_FILE_SUFFIX}", + dir=f"/{constants.COMMANDS.TMP_DIR}/", + id=12, requires_root=True, score=1 + )]) + ] + flags_config = FlagsConfig(node_flag_configs=flags) + return flags_config + + +def default_resource_constraints_config(network_id: int, level: int) -> ResourcesConfig: + """ + Generates default resource constraints config + + :param level: the level parameter of the emulation + :param network_id: the network id + :return: generates the ResourcesConfig + """ + node_resources_configurations = [ + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.HACKER_KALI_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.191", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=2, + packet_delay_jitter_ms=0.5, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.02, loss_gemodel_r=0.97, + loss_gemodel_k=0.98, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.02, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=2, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=100, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.CLIENT_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=min(16, multiprocessing.cpu_count()), available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.254", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=2, + packet_delay_jitter_ms=0.5, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.02, loss_gemodel_r=0.97, + loss_gemodel_k=0.98, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.02, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=2, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=10000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.HONEYPOT_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.ROUTER_2}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + )), + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.10", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH2, + limit_packets_queue=30000, packet_delay_ms=2, + packet_delay_jitter_ms=0.5, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.02, loss_gemodel_r=0.97, + loss_gemodel_k=0.98, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.02, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=2, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=100, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.SSH_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.TELNET_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.FTP_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.SAMBA_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.SHELLSHOCK_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.SQL_INJECTION_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.CVE_2015_3306_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.CVE_2015_1427_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.CVE_2016_10033_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.CVE_2010_0426_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.CVE_2015_5602_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.PENGINE_EXPLOIT_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.CVE_2014_0160_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + ))]), + NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.OVS_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + NodeNetworkConfig( + interface=constants.NETWORKING.ETH0, + limit_packets_queue=30000, packet_delay_ms=0.1, + packet_delay_jitter_ms=0.025, packet_delay_correlation_percentage=25, + packet_delay_distribution=PacketDelayDistributionType.PARETO, + packet_loss_type=PacketLossType.GEMODEL, + loss_gemodel_p=0.0001, loss_gemodel_r=0.999, + loss_gemodel_k=0.9999, loss_gemodel_h=0.0001, packet_corrupt_percentage=0.00001, + packet_corrupt_correlation_percentage=25, packet_duplicate_percentage=0.00001, + packet_duplicate_correlation_percentage=25, packet_reorder_percentage=0.0025, + packet_reorder_correlation_percentage=25, packet_reorder_gap=5, + rate_limit_mbit=1000, packet_overhead_bytes=0, + cell_overhead_bytes=0 + )) + ]) + ] + resources_config = ResourcesConfig(node_resources_configurations=node_resources_configurations) + return resources_config + + +def default_topology_config(network_id: int) -> TopologyConfig: + """ + Generates default topology config + + :param network_id: the network id + :return: the Topology configuration + """ + node_1 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.ROUTER_2}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}.10", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{ryu_constants.RYU.FULL_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}", + bitmask=ryu_constants.RYU.FULL_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.10", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.10", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set([]), + output_drop=set(), input_drop=set(), forward_drop=set(), routes=set()) + node_2 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.SSH_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.78", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), routes=set(), forward_drop=set() + ) + node_3 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.TELNET_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.3", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_4 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.HONEYPOT_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.21", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_5 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.FTP_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.79", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_6 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.HACKER_KALI_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.10", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.191", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.191", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_7 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.CLIENT_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.10", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.254", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.254", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + + node_8 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.SAMBA_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.19", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_9 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.SHELLSHOCK_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.31", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_10 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.SQL_INJECTION_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.42", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_11 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.CVE_2015_3306_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.37", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_12 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.CVE_2015_1427_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.82", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_13 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.CVE_2016_10033_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.75", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_14 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.CVE_2010_0426_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.71", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_15 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.CVE_2015_5602_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.11", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_16 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.PENGINE_EXPLOIT_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.104", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_17 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.CVE_2014_0160_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.204", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.DROP, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), forward_drop=set(), + routes=set()) + node_18 = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.OVS_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.41", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{ryu_constants.RYU.FULL_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}", + bitmask=ryu_constants.RYU.FULL_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set(), output_drop=set(), input_drop=set(), routes=set(), forward_drop=set() + ) + node_configs = [node_1, node_2, node_3, node_4, node_5, node_6, node_7, node_8, node_9, node_10, node_11, node_12, + node_13, node_14, node_15, node_16, node_17, node_18] + topology = TopologyConfig(node_configs=node_configs, + subnetwork_masks=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.1{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}" + ]) + return topology + + +def default_traffic_config(network_id: int, time_step_len_seconds: int) -> TrafficConfig: + """ + Generates default traffic config + + :param network_id: the network id + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the traffic configuration + """ + traffic_generators = [ + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.ROUTER_2] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.SSH_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.TELNET_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.HONEYPOT_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.FTP_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.SAMBA_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.SHELLSHOCK_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.SQL_INJECTION_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.CVE_2015_3306_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.CVE_2015_1427_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.CVE_2016_10033_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.CVE_2010_0426_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.CVE_2015_5602_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.PENGINE_EXPLOIT_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.CVE_2014_0160_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS), + NodeTrafficConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + commands=(constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[constants.CONTAINER_IMAGES.OVS_1] + + constants.TRAFFIC_COMMANDS.DEFAULT_COMMANDS[ + constants.TRAFFIC_COMMANDS.GENERIC_COMMANDS]), + traffic_manager_port=collector_constants.MANAGER_PORTS.TRAFFIC_MANAGER_DEFAULT_PORT, + traffic_manager_log_file=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_FILE, + traffic_manager_log_dir=collector_constants.LOG_FILES.TRAFFIC_MANAGER_LOG_DIR, + traffic_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS) + ] + all_ips_and_commands = [] + for i in range(len(traffic_generators)): + all_ips_and_commands.append((traffic_generators[i].ip, traffic_generators[i].commands)) + workflows_config = WorkflowsConfig( + workflow_services=[ + WorkflowService(id=0, ips_and_commands=all_ips_and_commands) + ], + workflow_markov_chains=[ + WorkflowMarkovChain( + transition_matrix=[ + [0.8, 0.2], + [0, 1] + ], + initial_state=0, + id=0 + ) + ] + ) + client_population_config = ClientPopulationConfig( + networks=[ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_2", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.2{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )], + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.254", + client_manager_port=collector_constants.MANAGER_PORTS.CLIENT_MANAGER_DEFAULT_PORT, + client_time_step_len_seconds=time_step_len_seconds, + client_manager_log_dir=collector_constants.LOG_FILES.CLIENT_MANAGER_LOG_DIR, + client_manager_log_file=collector_constants.LOG_FILES.CLIENT_MANAGER_LOG_FILE, + client_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS, + clients=[ + Client(id=0, workflow_distribution=[1], + arrival_config=ConstantArrivalConfig(lamb=20), mu=4, exponential_service_time=True) + ], + workflows_config=workflows_config) + traffic_conf = TrafficConfig(node_traffic_configs=traffic_generators, + client_population_config=client_population_config) + return traffic_conf + + +def default_kafka_config(network_id: int, level: int, version: str, time_step_len_seconds: int) -> KafkaConfig: + """ + Generates the default kafka configuration + + :param network_id: the id of the emulation network + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the kafka configuration + """ + container = NodeContainerConfig( + name=f"{constants.CONTAINER_IMAGES.KAFKA_1}", + os=constants.CONTAINER_OS.KAFKA_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, suffix=collector_constants.KAFKA_CONFIG.SUFFIX) + + resources = NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.KAFKA_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=1, available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + None)]) + + firewall_config = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.KAFKA_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set([]), + output_drop=set(), input_drop=set(), forward_drop=set(), routes={ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}." + f"{ryu_constants.RYU.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.10") + }) + + topics = [ + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.CLIENT_POPULATION_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.CLIENT_POPULATION_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.SNORT_IDS_LOG_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.SNORT_IDS_LOG_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.OSSEC_IDS_LOG_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.OSSEC_IDS_LOG_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.HOST_METRICS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.HOST_METRICS_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.DOCKER_STATS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.DOCKER_STATS_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.ATTACKER_ACTIONS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.ATTACKER_ACTIONS_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.DEFENDER_ACTIONS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.DEFENDER_ACTIONS_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.DOCKER_HOST_STATS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.DOCKER_STATS_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.OPENFLOW_FLOW_STATS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.OPENFLOW_FLOW_STATS_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.OPENFLOW_PORT_STATS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.OPENFLOW_PORT_STATS_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.AVERAGE_OPENFLOW_FLOW_STATS_PER_SWITCH_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.AVERAGE_OPENFLOW_FLOW_STATS_PER_SWITCH_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.AVERAGE_OPENFLOW_PORT_STATS_PER_SWITCH_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.AVERAGE_OPENFLOW_PORT_STATS_PER_SWITCH_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.OPENFLOW_AGG_FLOW_STATS_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.OPENFLOW_AGG_FLOW_STATS_TOPIC_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.SNORT_IDS_RULE_LOG_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.SNORT_IDS_RULE_LOG_ATTRIBUTES + ), + KafkaTopic( + name=collector_constants.KAFKA_CONFIG.SNORT_IDS_IP_LOG_TOPIC_NAME, + num_replicas=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_REPLICAS, + num_partitions=collector_constants.KAFKA_CONFIG.DEFAULT_NUM_PARTITIONS, + retention_time_hours=collector_constants.KAFKA_CONFIG.DEFAULT_RETENTION_TIME_HOURS, + attributes=collector_constants.KAFKA_CONFIG.SNORT_IDS_IP_LOG_ATTRIBUTES + ) + ] + + config = KafkaConfig(container=container, resources=resources, topics=topics, + version=version, + kafka_port=collector_constants.KAFKA.PORT, + kafka_port_external=collector_constants.KAFKA.EXTERNAL_PORT, + kafka_manager_port=collector_constants.MANAGER_PORTS.KAFKA_MANAGER_DEFAULT_PORT, + time_step_len_seconds=time_step_len_seconds, + firewall_config=firewall_config, + kafka_manager_log_file=collector_constants.LOG_FILES.KAFKA_MANAGER_LOG_FILE, + kafka_manager_log_dir=collector_constants.LOG_FILES.KAFKA_MANAGER_LOG_DIR, + kafka_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS) + return config + + +def default_users_config(network_id: int) -> UsersConfig: + """ + Generates default users config + + :param network_id: the network id + :return: generates the UsersConfig + """ + users = [ + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.191", + users=[User(username="agent", pw="agent", root=True)]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", users=[ + User(username="admin", pw="admin31151x", root=True), + User(username="test", pw="qwerty", root=True), + User(username="oracle", pw="abc123", root=False) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", users=[ + User(username="admin", pw="admin1235912", root=True), + User(username="jessica", pw="water", root=False) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", users=[ + User(username="admin", pw="test32121", root=True), + User(username="user1", pw="123123", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", users=[ + User(username="john", pw="doe", root=True), + User(username="vagrant", pw="test_pw1", root=False) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", users=[ + User(username="karl", pw="gustaf", root=True), + User(username="steven", pw="carragher", root=False) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", users=[ + User(username="stefan", pw="zweig", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", users=[ + User(username="roy", pw="neruda", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", users=[ + User(username="john", pw="conway", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", users=[ + User(username="john", pw="nash", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", users=[ + User(username="larry", pw="samuelson", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", users=[ + User(username="robbins", pw="monro", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", users=[ + User(username="rich", pw="sutton", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", users=[ + User(username="abraham", pw="wald", root=True) + ]), + NodeUsersConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", users=[ + User(username="tamer", pw="basar", root=True) + ]) + ] + users_conf = UsersConfig(users_configs=users) + return users_conf + + +def default_vulns_config(network_id: int) -> VulnerabilitiesConfig: + """ + Generates default vulnerabilities config + + :param network_id: the network id + :return: the vulnerability config + """ + vulns = [ + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.FTP_DICT_SAME_USER_PASS, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + vuln_type=VulnType.WEAK_PW, + credentials=[Credential(username="l_hopital", pw="l_hopital", root=True, + service=constants.FTP.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.FTP.DEFAULT_PORT), + Credential(username="euler", pw="euler", root=False, + service=constants.FTP.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.FTP.DEFAULT_PORT), + Credential(username="pi", pw="pi", root=True, + service=constants.FTP.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.FTP.DEFAULT_PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.WEAK_PASSWORD_CVSS, + cve=None, + root=True, port=constants.FTP.DEFAULT_PORT, + protocol=TransportProtocol.TCP, service=constants.FTP.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.SSH_DICT_SAME_USER_PASS, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + vuln_type=VulnType.WEAK_PW, + credentials=[Credential(username="puppet", pw="puppet", root=True, + service=constants.SSH.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.SSH.DEFAULT_PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.WEAK_PASSWORD_CVSS, + cve=None, + root=True, port=constants.SSH.DEFAULT_PORT, protocol=TransportProtocol.TCP, + service=constants.SSH.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.TELNET_DICTS_SAME_USER_PASS, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + vuln_type=VulnType.WEAK_PW, + credentials=[Credential(username="admin", pw="admin", root=True, + service=constants.TELNET.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.TELNET.DEFAULT_PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.WEAK_PASSWORD_CVSS, + cve=None, + root=True, port=constants.TELNET.DEFAULT_PORT, protocol=TransportProtocol.TCP, + service=constants.TELNET.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.SAMBACRY_EXPLOIT, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + vuln_type=VulnType.RCE, + credentials=[Credential(username=constants.SAMBA.BACKDOOR_USER, + pw=constants.SAMBA.BACKDOOR_PW, root=True, + service=constants.SAMBA.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.SAMBA.PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.SAMBACRY_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.SAMBACRY_EXPLOIT, + root=True, port=constants.SAMBA.PORT, protocol=TransportProtocol.TCP, + service=constants.SAMBA.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.SHELLSHOCK_EXPLOIT, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + vuln_type=VulnType.RCE, + credentials=[Credential(username=constants.SHELLSHOCK.BACKDOOR_USER, + pw=constants.SHELLSHOCK.BACKDOOR_PW, root=True, + service=constants.SHELLSHOCK.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.SHELLSHOCK.PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.SHELLSHOCK_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.SHELLSHOCK_EXPLOIT, + root=True, port=constants.SHELLSHOCK.PORT, protocol=TransportProtocol.TCP, + service=constants.SHELLSHOCK.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.DVWA_SQL_INJECTION, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + vuln_type=VulnType.RCE, + credentials=[Credential(username=constants.DVWA_SQL_INJECTION.EXPLOIT_USER, + pw=constants.DVWA_SQL_INJECTION.EXPLOIT_PW, root=True, + service=constants.DVWA_SQL_INJECTION.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.DVWA_SQL_INJECTION.PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.DVWA_SQL_INJECTION_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.DVWA_SQL_INJECTION, + root=True, port=constants.DVWA_SQL_INJECTION.PORT, protocol=TransportProtocol.TCP, + service=constants.DVWA_SQL_INJECTION.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.CVE_2015_3306, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + vuln_type=VulnType.RCE, + credentials=[Credential(username=constants.CVE_2015_3306.BACKDOOR_USER, + pw=constants.CVE_2015_3306.BACKDOOR_PW, root=True, + service=constants.CVE_2015_3306.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.CVE_2015_3306.PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.CVE_2015_3306_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.CVE_2015_3306, + root=True, port=constants.CVE_2015_3306.PORT, protocol=TransportProtocol.TCP, + service=constants.CVE_2015_3306.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.CVE_2015_1427, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + vuln_type=VulnType.RCE, + credentials=[Credential(username=constants.CVE_2015_1427.BACKDOOR_USER, + pw=constants.CVE_2015_1427.BACKDOOR_PW, root=True, + service=constants.CVE_2015_1427.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.CVE_2015_1427.PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.CVE_2015_1427_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.CVE_2015_1427, + root=True, port=constants.CVE_2015_1427.PORT, protocol=TransportProtocol.TCP, + service=constants.CVE_2015_1427.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.CVE_2016_10033, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + vuln_type=VulnType.RCE, + credentials=[Credential(username=constants.CVE_2016_10033.BACKDOOR_USER, + pw=constants.CVE_2016_10033.BACKDOOR_PW, root=True, + service=constants.CVE_2016_10033.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.CVE_2016_10033.PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.CVE_2016_10033_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.CVE_2016_10033, + root=True, port=constants.CVE_2016_10033.PORT, protocol=TransportProtocol.TCP, + service=constants.CVE_2016_10033.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.SSH_DICT_SAME_USER_PASS, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + vuln_type=VulnType.WEAK_PW, + credentials=[Credential(username="alan", pw="alan", root=False, + service=constants.SSH.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.SSH.DEFAULT_PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.WEAK_PASSWORD_CVSS, + cve=None, + root=False, port=constants.SSH.DEFAULT_PORT, protocol=TransportProtocol.TCP, + service=constants.SSH.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.CVE_2010_0426, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + vuln_type=VulnType.WEAK_PW, + credentials=[Credential(username="alan", pw="alan", root=False, + service=None, + protocol=TransportProtocol.TCP, + port=None)], + cvss=constants.EXPLOIT_VULNERABILITES.CVE_2010_0426_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.CVE_2010_0426, + root=True, port=None, protocol=TransportProtocol.TCP, + service=None), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.SSH_DICT_SAME_USER_PASS, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + vuln_type=VulnType.WEAK_PW, + credentials=[Credential(username="donald", pw="donald", root=False, + service=constants.SSH.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.SSH.DEFAULT_PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.WEAK_PASSWORD_CVSS, + cve=None, + root=False, port=constants.SSH.DEFAULT_PORT, protocol=TransportProtocol.TCP, + service=constants.SSH.SERVICE_NAME), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.CVE_2015_5602, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + vuln_type=VulnType.WEAK_PW, + credentials=[Credential(username="donald", pw="donald", root=False, + service=None, + protocol=TransportProtocol.TCP, + port=None)], + cvss=constants.EXPLOIT_VULNERABILITES.CVE_2015_5602_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.CVE_2015_5602, + root=True, port=None, protocol=TransportProtocol.TCP, + service=None), + NodeVulnerabilityConfig( + name=constants.EXPLOIT_VULNERABILITES.PENGINE_EXPLOIT, + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + vuln_type=VulnType.RCE, + credentials=[Credential(username=constants.PENGINE_EXPLOIT.BACKDOOR_USER, + pw=constants.PENGINE_EXPLOIT.BACKDOOR_PW, root=True, + service=constants.PENGINE_EXPLOIT.SERVICE_NAME, + protocol=TransportProtocol.TCP, + port=constants.PENGINE_EXPLOIT.PORT)], + cvss=constants.EXPLOIT_VULNERABILITES.PENGINE_EXPLOIT_CVSS, + cve=constants.EXPLOIT_VULNERABILITES.PENGINE_EXPLOIT, + root=True, port=constants.PENGINE_EXPLOIT.PORT, protocol=TransportProtocol.TCP, + service=constants.PENGINE_EXPLOIT.SERVICE_NAME) + ] + vulns_config = VulnerabilitiesConfig(node_vulnerability_configs=vulns) + return vulns_config + + +def default_services_config(network_id: int) -> ServicesConfig: + """ + Generates default services config + + :param network_id: the network id + :return: The services configuration + """ + services_configs = [ + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.254", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.FTP.DEFAULT_PORT, + name=constants.FTP.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.MONGO.DEFAULT_PORT, + name=constants.MONGO.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.TOMCAT.DEFAULT_PORT, + name=constants.TOMCAT.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.TEAMSPEAK3.DEFAULT_PORT, + name=constants.TEAMSPEAK3.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.191", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SNMP.DEFAULT_PORT, + name=constants.SNMP.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.POSTGRES.DEFAULT_PORT, + name=constants.POSTGRES.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SMTP.DEFAULT_PORT, + name=constants.SMTP.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SNMP.DEFAULT_PORT, + name=constants.SNMP.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.NTP.DEFAULT_PORT, + name=constants.NTP.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.DNS.DEFAULT_PORT, + name=constants.DNS.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.HTTP.DEFAULT_PORT, + name=constants.HTTP.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.TELNET.DEFAULT_PORT, + name=constants.TELNET.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.HTTP.DEFAULT_PORT, + name=constants.HTTP.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SAMBA.PORT, + name=constants.SAMBA.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.NTP.DEFAULT_PORT, + name=constants.NTP.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SHELLSHOCK.PORT, + name=constants.SHELLSHOCK.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SNMP.DEFAULT_PORT, + name=constants.SNMP.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.DVWA_SQL_INJECTION.PORT, + name=constants.DVWA_SQL_INJECTION.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.IRC.DEFAULT_PORT, + name=constants.IRC.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.CVE_2015_3306.PORT, + name=constants.CVE_2015_3306.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SNMP.DEFAULT_PORT, + name=constants.SNMP.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.CVE_2015_3306.PORT, + name=constants.CVE_2015_3306.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.SNMP.DEFAULT_PORT, + name=constants.SNMP.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.CVE_2016_10033.PORT, + name=constants.CVE_2016_10033.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.TEAMSPEAK3.DEFAULT_PORT, + name=constants.TEAMSPEAK3.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.PENGINE_EXPLOIT.PORT, + name=constants.PENGINE_EXPLOIT.SERVICE_NAME, credentials=[]) + ] + ), + NodeServicesConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", + services=[ + NetworkService(protocol=TransportProtocol.TCP, port=constants.SSH.DEFAULT_PORT, + name=constants.SSH.SERVICE_NAME, credentials=[]), + NetworkService(protocol=TransportProtocol.TCP, port=constants.HTTPS.DEFAULT_PORT, + name=constants.HTTPS.SERVICE_NAME, credentials=[]) + ] + ) + ] + service_cfg = ServicesConfig( + services_configs=services_configs + ) + return service_cfg + + +def default_static_attacker_sequences(subnet_masks: List[str]) -> Dict[str, List[EmulationAttackerAction]]: + """ + Generates default static attacker sequences config + + :param subnetmasks: list of subnet masks for the emulation + :return: the default static attacker sequences configuration + """ + return {} + + +def default_ovs_config(network_id: int, level: int, version: str) -> OVSConfig: + """ + Generates default OVS config + + :param network_id: the network id of the emulation + :param level: the level of the emulation + :param version: the version of the emulation + :return: the default OVS config + """ + ovs_config = OVSConfig(switch_configs=[ + OvsSwitchConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.OVS_1}_1-{constants.CSLE.LEVEL}{level}", + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.41", + controller_ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}.{ryu_constants.RYU.NETWORK_ID_FOURTH_OCTET}", + controller_port=ryu_constants.RYU.DEFAULT_PORT, + controller_transport_protocol=ryu_constants.RYU.DEFAULT_TRANSPORT_PROTOCOL, + openflow_protocols=[constants.OPENFLOW.OPENFLOW_V_1_3] + ) + ]) + return ovs_config + + +def default_sdn_controller_config(network_id: int, level: int, version: str, time_step_len_seconds: int) \ + -> Union[None, SDNControllerConfig]: + """ + Generates the default SDN controller config + + :param network_id: the network id of the emulation + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the default SDN Controller config + """ + container = NodeContainerConfig( + name=f"{constants.CONTAINER_IMAGES.RYU_1}", + os=constants.CONTAINER_OS.RYU_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}.{ryu_constants.RYU.NETWORK_ID_FOURTH_OCTET}", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{ryu_constants.RYU.FULL_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}", + bitmask=ryu_constants.RYU.FULL_BITMASK, + interface=constants.NETWORKING.ETH0 + )) + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, suffix=ryu_constants.RYU.SUFFIX) + + resources = NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.RYU_1}{ryu_constants.RYU.SUFFIX}-" + f"{constants.CSLE.LEVEL}{level}", + num_cpus=min(8, multiprocessing.cpu_count()), available_memory_gb=4, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}.{ryu_constants.RYU.NETWORK_ID_FOURTH_OCTET}", + None) + ]) + + firewall_config = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.RYU_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}.{ryu_constants.RYU.NETWORK_ID_FOURTH_OCTET}", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}_1", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}" + f"{ryu_constants.RYU.FULL_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}" + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}", + bitmask=ryu_constants.RYU.FULL_BITMASK + ) + ), + DefaultNetworkFirewallConfig( + ip=None, + default_gw=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}.10", + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name="", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}{constants.CSLE.CSLE_LEVEL_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set([]), + output_drop=set(), input_drop=set(), forward_drop=set(), routes=set()) + + sdn_controller_config = SDNControllerConfig( + container=container, resources=resources, version=version, controller_type=SDNControllerType.RYU, + controller_port=ryu_constants.RYU.DEFAULT_PORT, time_step_len_seconds=time_step_len_seconds, + controller_web_api_port=8080, controller_module_name=ryu_constants.CONTROLLERS.LEARNING_SWITCH_CONTROLLER, + firewall_config=firewall_config, + manager_port=collector_constants.MANAGER_PORTS.SDN_CONTROLLER_MANAGER_DEFAULT_PORT, + manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS, + manager_log_dir=collector_constants.LOG_FILES.RYU_MANAGER_LOG_DIR, + manager_log_file=collector_constants.LOG_FILES.RYU_MANAGER_LOG_FILE) + + return sdn_controller_config + + +def default_host_manager_config(network_id: int, level: int, version: str, time_step_len_seconds: int) \ + -> HostManagerConfig: + """ + Generates the default host manager configuration + + :param network_id: the id of the emulation network + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the host manager configuration + """ + config = HostManagerConfig(version=version, time_step_len_seconds=time_step_len_seconds, + host_manager_port=collector_constants.MANAGER_PORTS.HOST_MANAGER_DEFAULT_PORT, + host_manager_log_file=collector_constants.LOG_FILES.HOST_MANAGER_LOG_FILE, + host_manager_log_dir=collector_constants.LOG_FILES.HOST_MANAGER_LOG_DIR, + host_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS) + return config + + +def default_snort_ids_manager_config(network_id: int, level: int, version: str, time_step_len_seconds: int) \ + -> SnortIDSManagerConfig: + """ + Generates the default Snort IDS manager configuration + + :param network_id: the id of the emulation network + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the Snort IDS manager configuration + """ + config = SnortIDSManagerConfig( + version=version, time_step_len_seconds=time_step_len_seconds, + snort_ids_manager_port=collector_constants.MANAGER_PORTS.SNORT_IDS_MANAGER_DEFAULT_PORT, + snort_ids_manager_log_dir=collector_constants.LOG_FILES.SNORT_IDS_MANAGER_LOG_DIR, + snort_ids_manager_log_file=collector_constants.LOG_FILES.SNORT_IDS_MANAGER_LOG_FILE, + snort_ids_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS) + return config + + +def default_ossec_ids_manager_config(network_id: int, level: int, version: str, time_step_len_seconds: int) \ + -> OSSECIDSManagerConfig: + """ + Generates the default OSSEC IDS manager configuration + + :param network_id: the id of the emulation network + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the OSSEC IDS manager configuration + """ + config = OSSECIDSManagerConfig( + version=version, time_step_len_seconds=time_step_len_seconds, + ossec_ids_manager_port=collector_constants.MANAGER_PORTS.OSSEC_IDS_MANAGER_DEFAULT_PORT, + ossec_ids_manager_log_file=collector_constants.LOG_FILES.OSSEC_IDS_MANAGER_LOG_FILE, + ossec_ids_manager_log_dir=collector_constants.LOG_FILES.OSSEC_IDS_MANAGER_LOG_DIR, + ossec_ids_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS) + return config + + +def default_docker_stats_manager_config(network_id: int, level: int, version: str, time_step_len_seconds: int) \ + -> DockerStatsManagerConfig: + """ + Generates the default docker stats manager configuration + + :param network_id: the id of the emulation network + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the docker stats manager configuration + """ + config = DockerStatsManagerConfig( + version=version, time_step_len_seconds=time_step_len_seconds, + docker_stats_manager_port=collector_constants.MANAGER_PORTS.DOCKER_STATS_MANAGER_DEFAULT_PORT, + docker_stats_manager_log_file=collector_constants.LOG_FILES.DOCKER_STATS_MANAGER_LOG_FILE, + docker_stats_manager_log_dir=collector_constants.LOG_FILES.DOCKER_STATS_MANAGER_LOG_DIR, + docker_stats_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS) + return config + + +def default_elk_config(network_id: int, level: int, version: str, time_step_len_seconds: int) -> ElkConfig: + """ + Generates the default ELK configuration + + :param network_id: the id of the emulation network + :param level: the level of the emulation + :param version: the version of the emulation + :param time_step_len_seconds: default length of a time-step in the emulation + :return: the ELK configuration + """ + container = NodeContainerConfig( + name=f"{constants.CONTAINER_IMAGES.ELK_1}", + os=constants.CONTAINER_OS.ELK_1_OS, + ips_and_networks=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}", + ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + )), + ], + version=version, level=str(level), + restart_policy=constants.DOCKER.ON_FAILURE_3, suffix=collector_constants.ELK_CONFIG.SUFFIX) + + resources = NodeResourcesConfig( + container_name=f"{constants.CSLE.NAME}-" + f"{constants.CONTAINER_IMAGES.ELK_1}_1-{constants.CSLE.LEVEL}{level}", + num_cpus=2, available_memory_gb=16, + ips_and_network_configs=[ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}", + None)]) + + firewall_config = NodeFirewallConfig( + hostname=f"{constants.CONTAINER_IMAGES.ELK_1}_1", + ips_gw_default_policy_networks=[ + DefaultNetworkFirewallConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}", + default_gw=None, + default_input=constants.FIREWALL.ACCEPT, + default_output=constants.FIREWALL.ACCEPT, + default_forward=constants.FIREWALL.ACCEPT, + network=ContainerNetwork( + name=f"{constants.CSLE.CSLE_NETWORK_PREFIX}{network_id}_" + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}", + subnet_mask=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}" + f"{network_id}.{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}" + f"{constants.CSLE.CSLE_EDGE_SUBNETMASK_SUFFIX}", + subnet_prefix=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}", + bitmask=constants.CSLE.CSLE_EDGE_BITMASK + ) + ) + ], + output_accept=set([]), + input_accept=set([]), + forward_accept=set([]), + output_drop=set(), input_drop=set(), forward_drop=set(), routes={ + (f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.{ryu_constants.RYU.NETWORK_ID_THIRD_OCTET}." + f"{ryu_constants.RYU.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.10") + }) + + config = ElkConfig(version=version, time_step_len_seconds=time_step_len_seconds, + elastic_port=collector_constants.ELK.ELASTIC_PORT, + kibana_port=collector_constants.ELK.KIBANA_PORT, + logstash_port=collector_constants.ELK.LOGSTASH_PORT, + elk_manager_port=collector_constants.MANAGER_PORTS.ELK_MANAGER_DEFAULT_PORT, + container=container, + resources=resources, firewall_config=firewall_config, + elk_manager_log_file=collector_constants.LOG_FILES.ELK_MANAGER_LOG_FILE, + elk_manager_log_dir=collector_constants.LOG_FILES.ELK_MANAGER_LOG_DIR, + elk_manager_max_workers=collector_constants.GRPC_WORKERS.DEFAULT_MAX_NUM_WORKERS) + return config + + +def default_beats_config(network_id: int) -> BeatsConfig: + """ + Generates default beats config + + :param network_id: the network id + :return: the beats configuration + """ + node_beats_configs = [ + NodeBeatsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.10", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE, + collector_constants.FILEBEAT.SNORT_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.78", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.3", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.21", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.79", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.19", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.31", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.42", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.37", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.82", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.75", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.71", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.11", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.104", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig( + ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}.2.204", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE, + collector_constants.FILEBEAT.KAFKA_MODULE], + kafka_input=True, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE, + collector_constants.FILEBEAT.KAFKA_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.254", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.191", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.75", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.71", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.78", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.19", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.3", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.31", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.42", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.75", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.21", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.82", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.79", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.37", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.104", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.204" + ]), + NodeBeatsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE, + collector_constants.FILEBEAT.ELASTICSEARCH_MODULE, + collector_constants.FILEBEAT.KIBANA_MODULE, + collector_constants.FILEBEAT.LOGSTASH_MODULE], kafka_input=False, + start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE, + collector_constants.FILEBEAT.ELASTICSEARCH_MODULE, + collector_constants.FILEBEAT.KIBANA_MODULE, + collector_constants.FILEBEAT.LOGSTASH_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.254", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.191", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.75", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.71", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.78", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.19", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.3", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.31", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.42", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.75", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.21", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.82", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.79", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.37", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.104", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}.204" + ]), + NodeBeatsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.254", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]), + NodeBeatsConfig(ip=f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.EXTERNAL_NETWORK.NETWORK_ID_THIRD_OCTET}.191", + log_files_paths=collector_constants.LOG_FILES.DEFAULT_LOG_FILE_PATHS, + filebeat_modules=[collector_constants.FILEBEAT.SYSTEM_MODULE], + kafka_input=False, start_filebeat_automatically=False, + start_packetbeat_automatically=False, + metricbeat_modules=[collector_constants.METRICBEAT.SYSTEM_MODULE, + collector_constants.METRICBEAT.LINUX_MODULE], + start_metricbeat_automatically=False, + start_heartbeat_automatically=False, + heartbeat_hosts_to_monitor=[ + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.KAFKA_CONFIG.NETWORK_ID_FOURTH_OCTET}", + f"{constants.CSLE.CSLE_SUBNETMASK_PREFIX}{network_id}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_THIRD_OCTET}." + f"{collector_constants.ELK_CONFIG.NETWORK_ID_FOURTH_OCTET}" + ]) + ] + beats_conf = BeatsConfig(node_beats_configs=node_beats_configs, num_elastic_shards=1, reload_enabled=False) + return beats_conf + + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument("-i", "--install", help="Boolean parameter, if true, install config", + action="store_true") + parser.add_argument("-u", "--uninstall", help="Boolean parameter, if true, uninstall config", + action="store_true") + args = parser.parse_args() + config = default_config(name="csle-level14-050", network_id=14, level=14, version="0.5.0", time_step_len_seconds=30) + ExperimentUtil.write_emulation_config_file(config, ExperimentUtil.default_emulation_config_path()) + + if args.install: + EmulationEnvController.install_emulation(config=config) + img_path = ExperimentUtil.default_emulation_picture_path() + if os.path.exists(img_path): + encoded_image_str = ExperimentUtil.read_env_picture(img_path) + EmulationEnvController.save_emulation_image(img=encoded_image_str, emulation_name=config.name) + if args.uninstall: + EmulationEnvController.uninstall_emulation(config=config) diff --git a/emulation-system/envs/050/level_14/env.png b/emulation-system/envs/050/level_14/env.png new file mode 100644 index 0000000000000000000000000000000000000000..cbd4eb9216c7101177733797f201078b9d1fedb2 GIT binary patch literal 236355 zcmagG1zeQv)-^tKOSdo}AV?0~Lw7eS-AH#xcZYzWbV!GUbPS;&jg)i?f--c+cjI%O z=bZQd|Gx9`n_+He=C147*WPQdwJ=&;RSpM}0uuxR;V8&UYl1+is2~uU0Xpy-WHJOH z0)a5gY^9{s6{MtS)LosdZ0#*UAo=LDbTnm7;=D)ur%@2*nk55QvIG zfAAXzZVEVuYc` z;(016D*mALLo`LAM?Fj~KH@ICf5Uj@Bv|-CP%umX+1M}37YF+x+8R%+f8YB&zJK|K zfT5oE1fSt^bO#cCMO4;vHOab~)bI(V8|&w=%!J$@0?}RrtZrIMPpsedyPT(0s~D{F z4{;)@HS(xY2z$T1ETfjFXH|WaIunE6R%`W+E~kP;0X_L@tpr7Pl-24!&$S;CvOc3l5upq(Y zM>JF)4rhy09QxRvH|VlP#VZxoCsBSWsSh`pL~+OB#$o{#@9z!o9due>QA_gNWI63& zg0f~+R8?~_kA3`6@~AcD&IG~cbfBXaPy_XvV&6~h&Yx{z2-2HM;wa4GNIM`TlaLb| zq{l&62Oua6j2w#ok-%Bvu{@&LM~X_cOo>MWXu{pp>WGg*dh;+JqcKX*3E)--?XB|d zfN)`i<7lYeb`VTx2nKqHGah+?ICIj|A~bR-5*n~(qr0k3)yRI zO2UNb&y`;`O=2K&oYs(82reWvBT=9AZG@$XL+$c+bbAp`Do;vJu}13Gd z0pcvqQT*-1jn!|?g3bQT=FLjY?29z}ghr?}(M_<|>vV^bek7gf#-UwN@Sd(dHM~s> zU*y*zV!?9yO5Y^}ByFB9GGG%tjlz^hok%8Aj$?FuNeq?<)P8 zZZZ&Mx(&LGX%$Q}CF6Tk!f9o)3OWlSpQv%ZJp8z>^BDm%ra;Q2(D~U*COM{ArciCx zGzm+sjk3$BjVaIF(l-Tf(lkrIQGC$+fTifqL!^@XrI_KH=eX)O>TjLHTDkr2`*YKU zYaESc+g-LU2iXVxwnVmkx6lTSwRf1QnK78#v?+9Q$_sSjwbRS1bw%@hRXi-99-X~@ z`#0^EjN4+mq0@0wh|@D=RJv`2e8tuI`ybdfS4skO{G~&S*9!1!G)i4G%=J?Weil6& zXPs&QE$tQKDzrJZUAZ;vQtceD zU$D{RCb)a_#&RIWn##Pxh1ZR^Eysn*tKMs2)pL$&Ykwe$)J?|Ysg{3HTr$7i0luy5Z!a3GE#&7w7;XoTpZOe6bad*UqP-_ZBb zNE3V`U?y!9X%KQ385XUispRl8y@)tiz%R!Si7J*iu&~*j7^t>a0BBGBMl=Z+BEu9;i9Ots9sXW zG~^@ib2=Xt*OCGKRJvWITD7?pF6J|0uu8b5UJ>61jpXi~gg)`3&?2#=XB|AZle^>7 zB{NKw_|+}-Gd2$U^XcR{^bnivZKc0K+qI#|yS%nrTeb01JD>}>NWxRhb zVzgZ4SASD*Q?t;#;CO3sr*){7vS8lW1pheaV#4TI;=J8!INDZ@NrcITiR#I*yreGA zG0bxF(Rw;3Q$|+??VR9T@$8KFnwbChGJLJu(iA9U9sb@er?n>|K(Mid+*_w%gi(Wv1PO6SM3gNZEFdq z+1y<(?tP1wiaXY-e=ik3YD@SrDw9pxmep3h=+@NfM1bcYn} z)sqk@D*(I3Sn4ZSsi=UMfo*gUG6Dq%1=vCWo=^nJf3{^2m_SH>-bVz1B5gs)|N4$9 z@cQtR1Uw)1`Rf(wO#}!H_!j~2^v*;4``f6fc}Rb6qZt67fh4q~6cm70Ept~(OGh^w zC->hX;85TV3}^Z0ZXgf|!^0CnL6iOfIR1BAZGCrr6=flFCkJ*@3nw#6c5esghvR@m zyoG>G2TONT8gB=CM>ipF(I0(}CP%k_ z-4<|z91ovxaI!-<{y8?VtH{Ho29FilLK&4cj&(->|ZmQ>c+{cUWF0*F$eD(w0o_DyV!?&~G=S6|{x3i4O^x}yB{Xs6V zN}sDpKB39?23bDnzdpp7un(TlAQ1ewM=5kBDJIbFIP_!impyJke4!2{N}%(6%>wOg!JDBjXp^NnF-rs{Hv9g z!havLpdL`o|8ngF12l+4s9ZZ1^=1FdS;b9*W`S!D%7qoHWLgZpWz%f;b}7@ZEeI5~ z{x5g`EfN$Sd?J``kAYzk4XZY6vlvLCJ-UW>*=ekHqk&Uhw+1brsZlE<>LNmO)l`Lk z((f^kru;QX;)@uoKK17PkLJ1pyBb2yNE@wCN$|oAu9g1eTJ(}%$vZHZ})*Jf{H_P+)ypHSUz}ko1 zdiK8t%vKx(=YTBMylhgvzdc)Us&iQ2o2$1@yvLQ4*k5e<;JntOStO5NruiXes`9xO zvraiZ@2e^F1zN=ZN0fZZ(7Oxsmi^Yf%?Ua1Ck?4fN`A)^vHKoTEZ{~ehCW%sQ2s~A z%X0zYrhq!SE)R=EKHz*k!aFsmMUTvTwTX?_M5lekEjPsb>5uGJ;Fdvjkiu6FtN5K6)RTJ#Ti-zq!~*^lb>r zj8lbPTCia@*i1;WcV3v;j^_naE0~CqSjJKCD*B%8evqRwaQRHkWjRQ+$L{*;JEzaZ zTBO66X3z1M7{~ddTjFnTeyjoWl}>-x!Dl4{WhFV~a$?Pb3D^H)`2`UI zcc!Y{oPf*~2lD-%U$VH|@%olcF0qxEMR&)@{Vpww76A=$O!PbpcAAfrO`*J`a^ zaO$Z8J!5~J{pO8?yi)@SAl`RmFwQY|G%$M65%s}h0gJ7%fjK=vV3dC?Co_6bArv_{ znvii2SS~dAGVkJB|4H z?SqnslV4wt?NaL}zD0i9Z_=?i-f|RT0qtGrjHaMkY{)#pn4}0&lhcahp7WZR{)jXS zc3yy*=xHi-_Bp)kez%gw^JIVN<<-g0LK$4UyR3gj%fD`tA4ovW`F;NKH1QaDq!iGg ziAi?IS}&>87CD432|K+Cd8YC?o%0$6K_eA`JwZoV)o&IC^8MBuDdu}&?ECWrzTuN~QS`BoP0PMY#cH|iEPB;MWGi;F z)of(=O`gAB{G6*VF|rn zl)pc;LM;^TMm#lr@;~Ou21A`J>MhwhV=xb0(DKrBg&rZ>Xq{puGcxrE0@K!*8A^E$dzs%}t0dZ{Ce zadggO){s8QqRSuPYy&*oh)jkwGLu`<|Gj?Dk7Ur#E9_ z_pDwk{!PQVV#cvZs^kLkWX|)rh4_kZS)U1e?Ke0i$dY~kWS5@Gtix1icWHmI37XuU!WjL9Q4H{jzIhu9oa%v znPfQTw?aAGhn&QqS8Xt(!Z}8_48!4H%v(Ybv|QIEgVo|t@QioIR$WTdVVg8aq%rHb zCt280TXhEB-yQW4s%6Nin$yG1yUDr_A%7>~;MAu8#Q2~FW>G_YPWRDv@@d(NPvvLV z)Xa<*HR13j?ok1{DRzwKxW=tkMUqd#gDuih@Z_mSPZGuM#v|fj%$j8A^gWh;4j1f< zyt=-1I%}MMz2C+mPZV^W2c)nU{h%l>5qf0G{h6xFUn^Z=rM?sBNZ(0ou_~WYn1cF6 z?=CjD?7u?0i@wJ^UhFIoHw2R*Fug;Q;N+<;v51+(wIoV=xSuOzvl=?sL3IpiG2tN%}9_e zUjd^RPz6KHXie$qgz#1kpDq`G(DUulk(}d61r%xLdO#uM=eyHNZTv!h7a#L}lHJfmE?fsGecrRn54&6VOMFvbfhSX4;0&D>p!gCwLQaz4fhQE4V+fPl14(d+? z<*T?Y*V^k@}$mC$%E$RvSD6 zQurHQyBTEO0-!|C6F<3uGcxBdDsgmZ^Eocsusi`S5;Ibr(`(O>5jgYHL$&7pMau8E>RwGVm%VJNUZoR( z`q}UrY2cpFVq;c)WJ$1ngwD1n)I>Mo}hj;yox`_gPJkuobcijEbM8o zu7YpkJ)FULr!Orb+~tAS|tNU zUpDMut@nc$d|7B^!KuqoHja!o5qed6Hod2AqFH0d_N5U}wH-eXbU2C&t@Ts|K{&69sv>;7Fq)3MuTgA z0+nXHmC9U;TZve|G&&If{VP$}nfZ_;Q^u^32iPAhK#;-jlw;ufm0`Xnz@*XH4*fhL z8eQPA{@drv4Yn!TRWEez?yj9WVtRsTQ?9f+af|N+EwKKP zpS%$`Os}dyrqaVCxI76`#RRa#r#P_KGN)X7**8{mV4!Hc>Iw+R7?21RS{_YVN%Bu91HQBDZMYhp#i6Ygb{UPuOr-JUQV3A;H z+?zG?gYUKGbw0;dqQ=z*f?qTFYxoAFyuYS%50s2P>8F`OrdrBfZ*Phz69`l zkx6$*>!T=^;45S!#Oiio$zkDXGvBH%3y@k`vjxyH`XgHxkaO1V zOe_SqQniZI^CcTuU9fkrnEeA#kUdZiU#7yeqU7>l^fw!mW%V;6`Ja7ii z?lp;jf`nWK7-89LN4~en(h=C?PjJOTE(_B#G z!~D=h5i%RGi&doG&;bfP*!wkmVvCPJRi4q2IEECFa2PE%LZ5Ga$Mn#L^pMV|Dp zkQ)2Z0u%M2(y&dJa;*y7iigImS6wM*{{Yln0jR(zO#?ZdYj!DAe$S(T=G7;k3}mLg zMEA+Co^Y%^qs(+8-!k|8#pk0!d#nzuUW7qHx~3rT$m{ccUL9xNa0z6O_*CbS{P@Wd zwb^YDv>ZUV`}}+`nnX9y8g`+TW7n-G8wt(5d}rlEFR@6n81#sf_jtxK%JBj3bd@*X zxv-faN70^VhntQF)BOXwQ$nSoY(uc)tK)iZE$LrMbw75KeKMk z)me{GKVVq*-Kl3g-c2mP?Dk#bV9ytK25V^rHmu#Augt>5ibo+i=6wTAD*-G!kLz5w z6mKj0uH^uLf7?27@ob)D|8v7`8)AE@%2=3}VQ-w)->DRVASyb@SHlc|$pd(Z zyM?`aO^$}StzOMhgB}SGqMuzuWGv_8hkLF<79Mpz|_nyH=x8mbW@% zK7rYl`0h zW2_6&^{kDnkJMhhIQ$o>r9{;>jt^)ixPdmv+6w3+9nK~8L=QW!_lFuAnGwF1#MMEk zQx?27;`v*v`?u1Ksi&wJu%$)r9_pFU=wQ!q+t;D8kJ4h4vsEv*%kOL=DR|2(qO1$K z@~#iq)hl$_Zk7A$Dd2S8PCeWdV@i`}Zy1!WsJ&Maz=J)t`I?@cxa;J10KU4Kl2zr?ZPYju2S=qCSSvzL2nK9(B(3|dfm zEjUtq}&L1Bh!kid&Y9~2qHaji$ot(dVzdA+)?)1iZiLCI&@n=rR zFY(H5zAU6^^KbkB)>{e1g_ep9SIs`@V}W2;yORmImv+j!RJ};#J>}7wUeM9gIlVe2 zFT{-lH3#Ux#T`x{*Y9lsh%CjMxc30SXsXaxmu>d_RkcJ)>bT36_n=$5^06b1d-xR) zXJBbx<+219)TXJh_K0)k#6xB>&p$bj$u!8c)J%=(XWau>YR?WdCQEilo3zp11q5>E z-R<@DR8(u;Hmgv_ukW>Vo6o*hpG&wGwOszlyq)D){%{a*3ouxAoV_nh+s#*(6yoV8 z;D)MH?o8PF(JncES40|Ws*%exUXbaJ*hsEy?zLkrZ19lt+Ei`nYBc zwwH}lQeCyGrx2o37nV}H(vzPhxtNRSD5!>gwIj&Ptl023L_6b*}-udopNpb zX*?er%l>gFp>3`cZ;8{0^#<#MKaviuo9lQ-3At1}81 zX!G|qU;Blq_#Ly_0d8ephQzzu36g>Kv^kdyU^q&XkwO}oHDue)df@oibd5-U%r6Q3 z9`#ZojgkWK4#Ftn4hHg#LWl3EB%cO(9 zA`&joK51d7qfV)`rdyQiVI#_M$cR*;X`bqCdu|e9C&qxdW4%#lIn?kvub=w0@cMCyNJgCYCnJ?oN8=VJg+a_{}h&EEe24B z-xZy{f21vyd)qp_v%#5aimpp+gVG~7i^C%XFM>!9-G z^?7$%SY{D2#=-!0N+Ll^!vfMIbu%f%cD*mU@o1Pcqg7DtDOmN-D$~ITYr|bPDwSSJ zwR=%XhgymAxqiEKuiDK|R+`(4MmRVAWuyHByIbWLA9u~o{&lL8{}L3K1*Q&Xg=jPh zI@aWLuD(cNR-2bkR?yaD2^`5)C^=ne-XrrzFz=_{dvEsQBTe9KcK!o)9MQ+qk|-4y zBay!afo_`KClX@!dZqxlcwOwvW4mHV>la~$BczcRvlgkxy|`imb#8m85-5b&Lev4C zIvk#MS_UJy6g*5!9Aq8SQ8;@2bkt#j@R_n*46>t(N_3Xw!u54D!4_;Z$?(v0L(g|z0p91ayoUa#(|3MM*nNu0{mFl8GGPz;5fOPcKnFen znU{J9)Ey1&mV3Nxa`fO~-jJ%6PksX3Vwur_I(jK?qP_q0=qnQ%xamhIzjL|Y>WhjE zfke0Bn=RBW1b)?vX0Mcw#sHQGIbzbQ&f0TBGv|fcAT0!0HWy>2nGvI=ItAn&ZNoWg z0K^PMM{!(;yDAmHNhpYUxe@(IMHMxBJLmOitJ1(FKuTUO;1AU3)fgo_L1{MhJN*2< zB_@1T>yXfIp~(sNIV%4Hbs;WO!ndy2t z@egFhE2L32A!O+dK8`7FzO2k%*xnNjc&N8m50lznJs3V!OW!QVbqUa-;WUZ=klN^S zKy(NQEy_MbM{k{q6YI%)Pdkfnm-(NeBw(h2vG`zNim>P_ajZ%yu0bCF`P_hAe}s-I zGpgl0)@SJ7V$Aj9V#0NfWC8IjpkR6O>_)mFY^K(vGzT>{*iL@2_3B_JF$F=xX-(eQ z5qI28R4o5KjR|oXnW=ioA4TbV*Y^9TlSAsHpgKaP;q)^iq>rIshmx=>Dd*6ksNP82 zJ$-8Ze(8ti_?@`P&Un7Wxzq8lKAy>Ngc2_<{+^)poOsnSo2-|_8M7J?T#qGl?cCFO z$nivTtMb%!9%j;GZT_Z052OVsVvEusPXg>`MCn?8vGdB5Y_=pIe+ z{_eK0`~+ZNev8fcxxcebXE!VuWcfDwFaoUnhl(O^yZ_`J<}6o5_g_ z%g&$dW*;$w`vHPvJ6OJlz4v!gS(gXJ{)TX>hR77&JwWBi_aj3JU~El`1%{W>c0`f) zwk7zFW{m^=wNcTKkP+~!9KMJgc@e?{h(dv0`|9l1oO#S@>Yr+{8i+hzA$pKwXZQuZ zPFty#;y8Pr+|J0zmoI_|UwQ=3V9GNZvC2M8$@l!U4J|{yEC~>6{)N=jEY|R z-iE+T>75_IlQh{p+WL30q{mAJh9D}c8406^FIc>5Ya&1!7Ughy?g&+dgeOyW6s)Ha zoCcHVcUh!{;_8x}RY`2Xuuz?wzU%`s)P)#o)gq&E2Hy9gye&Y>5x^uwH)sYrw!GWk zsvu4<^p2x-=ZWzL#WcTz%-9KZfR(}W(Pt|3&VvN)5mwWU7lOeT%`--?fAcPxLoI%o z@&U@kLh@WJM<>~j((z1Ze_;$9$59C;R7gy72dd<3+{-_m^({I~z}|luWppf)pJR)H zs)BQ+EWh^0)(7jt6iATu{ozJ`_WQ@4*^}4L4B*WwKzRRI=oOts^sGQJ5((=7WMzR8`dnnZL zpcYAr-S_-6%bzmRZ;^(S4x!|;KLFB>-W41WYFvLWfKS6Y=3t46tdV%mBs)i z^n2`#OF%C-3Hu!;sRadZ-#<8|MGQGNDw~9ki*`>0H ztKospxCtBtaST!=ml~N#T#sdNN@;_7@=j-n6^HQ|uOq{x@ z6WXcxQ^_bf#@-1ZG+zPoA(I}ok(uStXuoBfdO?UEt9EnilXc-PC&!>(XH|>MEYPDn z>@Bjc`Xj>CW{ScPG-Q4D%9Dy=+BQb>6iXgp053tVMD%V@?XgU~p8ET&75f2PHLpmSmo0Z#y-LE+P~WVQk` zgecc;3tbsr91o-9uY%iIbm3T}3Cv>k^}8B7q#VPoquIi-t|b;ER3-Uj%9(sB+BItZ z=FNXxAY9qvrQ4*X|fQU~H3o|;rW}H7F2L;}?x1ZU&6QKH@?9eh7 z>y%nW8o(`0L2ze)t51mp2k3hdV9cQpp`s(;VIKV$VF8->;?8AZ&tIj&+WMXwtp85! zeTm}jku(r7V1>Z(GPo>bR^pRd?F1g#j_&$46NaqZco#`O`q?p&{`* zpuJvb*LWLG6v%v{q}tg1niY$Pf_d?3s&vin`^WqZ!AxN>+DvSV8Ybr z*esGQ6B?q3{?4{Rp!ONxcRt8_T6EfGOcNzbc<=lWOUPOiFEDFwP=174@=LT!al%gj zs%G@7${>Un+52t!vw0Fo+o5k7NII|97>&s74AaRfuE8aUW?!+`uOttL6M(G7k}nKz zpDb&^pY@qb!(;9Wybk~y2$zp?(~e1$x`mz>t$&Wao|1oI+z|YZE@b1;KWLc#Kn(FQ zXWsIc40#$uj6Ad%Aahh?dI41m%eN`q)sir}n}5ZRZs+H()Fe1yH^}0X`NXbW)2Qvq zfD9TGXMIp`Z>Ho59t$|be(a-m^sZ8r0!)u95d1M*yL+@-nfy*~0bT-yQ@baqR2(L; zH-d>>p@-@zdIYQFo}4I@+cUbf64aPf@7NkjeO4&<(L@{BcVrBJl;ahn?;(RIdpddM zd%ID`WVYiSuf6(jQ;lEs0}W)~WytFwEj3ZzUu*eftG)soaoj!BL-7wcmQ;oeiBZMa zN$9B5$@A54aXjJX621WVZe^>{tg@x{Qks+May%uDdv)^uH|etgK%hefpcn&yCUB>J zCGB;Hn8CCu;C{|Hf`EX0OWh1;KlNXyi3-sVpeKNwi(x>?^&d-6wl zCYyTQ8}P+}6!-9+dB$-UYh0WkdF=f+GH?eUuRq0f3meZEyI9X9_u zWH%qERS2qgjMe1u(Fm&q42cW$NpOou)<8hD?Ka|v5im&)(?>qIw5iGEC8-lmd zhj2wt)cagFYNeP81*&CuU3+wq<49ERyZ~bD_cc(1{5~9`mDcf^K>wH6=}5mIfmHnMqdJEu*J@(wAJ_OV^ct7+fVYG z9oM()hUG|KP$+nu*_Q+F{c~N9H)FJP!w|L#1`b8a1W>C7M|V|KWe*7$6nF3mf_+$; z@H^Ezq&V6SB=2`ZU>k_(X;>eUBIr*Bl{{U|g6u+i#Oub8hX8h0o);04vFzN7lQ714 zk`)2V`88Fd1~vq@!(kbFe4ovRanrn5eSCh;WjyK;FFIFkj|HIH_YyP93+=2*^%8Cy z(S*>9j}~7Ea$WVd1VUDUt{7J+f#pADT^G1#Glu>Rc~~#K)EL&DBq zeIO4&@N_<5ePBCr&|ynCG4Y$;YI+j-{&;CAY1&x~frd2gy_UHPM6sM=+RJ|sw7C#E zQt~p|1Ol>S@amv5VClgeGP}@BYW<*=BLKL#x4T6A=+goU#kry1UbbGnXr*HxBhg1$b_)c zV4yr*FP-bde|vX!TG)O8bzRS~3pvJfh zTK%d2;BqjHWdW)=jD{643s?);e;ffOho2cv^kT;s@^VzGlPfBU7J~U9Hvl^@7P)pa zQIt$4Cv=2PgbGMIOL=GJo5<_X3^(&^=6m9l_ z9P%M}(T|%RJY29qjMeNyz>+0#?!KtRqFcGs8`UDsco9$ocw(xhfHuni`W&8EKA<0e zsT$t*J{@SojR;T)PN6o$s7KplaH*_F{YkemQR}w5s%&wyk(7T^F-buWqmu-*w%@`) ziZJNszI7_V250j*yeO4AxdKYa&y9n%{ih6d zSzgON{k1rNbk>$xK6lmv@4S9|>`I4CQwX>l7U7zMgM{qW~U;4>ggJa)f%R+2@aLt{SqXpe|aV3-M;AE6_g zY*oY}yyFw}k4Y|AnFiF`t_9I;wr%j)JV|wmTi42u=mt_4JGS)xC)So)K9qYQTknfWI^H5GF`ykFd+d z=A8lWWOLd3z+6BhyUK#*B+mk5`|Y*q55UGaZi$+ZA^y>(;^nhm;%&!oMGB1~1|DXYKABkU=lMUQ{j?KB+NrByGvaG=4V#~ zs8_pE9KG_<|6&w@s-KLpdUt);55C5OEsOLI6Lr)A!m`l{&{5J^6KzrBxzO?eS?^_f ztcG_KFP?)WBaW6a_h&cZw?q|?pt|-Wdw1Wa=;@_gLH-Dq;)(X_r@Q_Tbuydz2HW9m z#LlZ-mW9($Z=L^p(m_Li&S=dP-Op@CfsALei28){@eaW~ptIon z#Yt6RwkX?rtC0fCF#Ew?n_xhz+r7a9acIN60ITJ`-{R9gqM!qldHZ5#^V3N+vG5U8 z_P~Re=saYw>1jEzKhfEDb;`q+l9fnPg@E{3y+|M-&VAabx<(QDm;C`Iia>TZu{W=9 z^0^)kXb5p%ZNTNI-fFO@<_Asu+WQ@srJwiR=Qmkl!TN?*5B#9S7%@NHcXg*45y~~p z{ww7^zoK&y#(e=fRXD~(oPo;JwFyA3cpdAT2Z&y7rtldh3k?a>t_%HJ1x9}`12AzJ zs3AU+1&PK0-HqwBH$bdODSt8MSLr{vh2aX<`vFaU^Vc4iTtL%8+rpaV&o>wVTEQ8# zP>w-Vq^4&YTQFyk7g9v{yB_CSze`uW=}?Xr7gPNGsH#Xy=MDCAn()0%FOrC$bmM@z z$h_Vezk}o}pmUeodWDG)&(X3;kc~T!G(oG)g^*umDaj+`zN20$WxrRu0wCsB74=`S z_5yDX|?V1``wC~D*%L$ z@pk71-U$w<;QNLNo+gD%EHr-#)&Pkt7E7mvCQ4ic;#eTo<^f3*Kb+!1^9#hKSv$no zuLM^&3s7ji_KJb7FSk?kgW}I4-?Lvozu#mFdtHqS<45?|b(oxptMTx&laa9MuL5a5 z8_I7pRG0{*_{N3{oyj&J%l{=2irNAwg&VxAd?q(QQ*h-h8li|64|t#*-PBO% z5M@7zvqo>G&!1F_0Oqq(CoC6YBcH9bC^O7}Oo7Dw-NfTq@uYt(j;f_x(jJR=qWbjT{TVhbpkTc{wLMY%K zbWdq?TB+W{7a(}#GhJ=C@W~{;ZpLb|9)BA-M5%O?(AgzwyE+q@+Nyz`O#lAXOl6rc zZnI@()VTz(cs<(JV_5tED~Z>nwEswcVLZ8LjNRdq*NTV#NHcSo@IURJg-CFUxOhh? z1bC+i9bwvBh5Gd`PK}O18Gr96uB$=d;$=|O-Ry(8tYVISvjZe3k)`-spu;i-%KUb7 z&7@*#$>K&7*U{dQwwjPe=cFaz@K9~Lo-NDKDDeHbS2xukSBgv7p+bK2!G5mp?iSHH zwN{tfcZXI3ypG3yn>k&Ipb?xV^BI49FSW*7W8YKyG?mbjo^)$jW_B`AJnWtHTkh9q z_9M^z?dMxHYby4tnRKhTzY7ke9FN!CQYZl@HBF;=)UUL|OM_AiuvxFJdOkUfpj}ri z-xe%_e%eVzqu;R}yjCwXl5UYAU?7SjpuAZ~<&;a!c&b&RIvqGTz)>Dq$b_JpI!;r5 zUK(i3jf6S~q93$jP|SPt;Ffx@*a*}FD@5xTn7Ksl%9J0YAX#EhbdfSpqwJ6V<=92Q z3MOP!jp8aF0w8yFu1Yif1>rtCo`RQvfncYMi)ha}-2=QQvW#}no&zxrDb)zPdI-~H zb8WcW&#AJM4gZz*Xg>}|3vL!-cPFagx0!qn1iW>s0If&dTv3gi6Yj01Nq2xe<}tk{ zIVF$S!Lf{RFx*WvM!)$%Rw{~X7i}xtJS~>COtSf6GJJ%7yGeZvYG1+!PrY2}X znDZ?(h>z8vS-pv&6#rFtj3|xbCf;<5^fBz3W%)4a;6~QSy9Nf%sTI&ug`+bkyn({K zoseHnf0ZoPtzrf!n`s}EJEgvBn%$@?w5L-j@WArpFzBp}oe3hp!OE+td_TZW-TK=G znB20J^sFPC;n1Ofk{A8zTj0-^nu?mi7~Ww)y9^(2Vj!^cW%X)1lnuJL&ib?o3b3&w zAu@trdrwAOq7xaUP@%jetCZUDsu#PzEJw3ooiJm|qMjN3~exj2XjLM(hVigpKk{DmTlQ~*u20Ca?eL=4iphnnw@+~{Ct0t516y%1j##rI^5?r|a3_=4!$)KXWI23REP zoyn%`SO8g;iX;ag+1cS*%mg(=ej}7x^y|w8n|!gLkpWCUz60oB9Wt1RBwV&J3^WP z-iqTR)9esnLaik~(Xq$&UpBNp=%OO!FsgiwB1DB|E-K6UzAUx9br` zimUK$lpun+kzTJ-A%3xoT5aBz!h>CF0HV*SKUmgb&xXq`NARThosG@w8*RP``SpC5e^@Pv=&N5XL_|e|K8yHH;i{0hi5Ovk1%vmEB)8%dJ;+`kP9!cH>?oih2@%9i;>nL=DPP*h z?{0{GY?po;n&=qCvV(vcD$<8=qS*(=hVM|Jg`(Wiz)Z+Q4aC;WC*C_RA4){~L0%w& zlP=`@BA>?10RK&kLMbWs(M~*CllBD?nmLU`fXV+M?M=X`-ro1&y|--^+fYQIP)oc*0vFna1=U3Y~y@isbU>!k>9m-}oRA5tK7bzATaDh8Q=R2d8pdi14A)&vZ z;@5%Dz@xt}K?LV)s?B{_pxvycj}?oxeIxPl70n{qIy$C9e3Cw`hDvVz z!dtno`GgK|bc~%imBFH{m0c4;=+&J18KrsVT=f!f?*^i!?0?ddMABBsCk^mNe(cAI z5iD?gf@IrSnT!WY8-u^S+Q6zYbEsf3kmts*FYy#n2&aLYX8fkcHX%a-igH+)Ce!ui z%WTo?GURCuV-nNZ+*U;paHWGd1{vATiF{Tiq5l?R4X<#^_T`Ru0|>2`H**!)bVY|h1Zpm@5< zMN??<{BRqNf_Y%<{oy!w?;63cI+mRpM$n#GrHpZzy*&Rf_L~U^p2RNg`u#t&x%G-T z87jXPHHKQ7P$~P`;pRUW1$u&_ta}^&LytiW zod5L?G*v-6JDpqn;lF3#-T?7{jZ9Z+uV zg629+1(^bzfzesp)4XHg)qgPkqV& zxsNZjD8{NlhiX8<(Mu2l2bZ7l|MUI-_s@MBVa6(aw;khvE_JLpMrRE~GJ}xNUJd&F zqal6YkDdHKm%`sN@kB%XpUJPg0V7R>V$l3#)4e=LmPjsq^S3IH z94zhzVTYwMbsClgcML0KYXm0~BtX)D;^ddi)y@C;+Y7+G!|0aMY3c9pu4lR5_fY-1 z>)QW$&MM%!$QF(GF;D{~%Hj!jfv_}!Q>fV{4+f$0+RPC4*he@zw2UEwk9-X4%@|3o zVN#5}w+1|=4y}u_Js_Fcv@y{o&47Fkiu4Bwr@y|eJOgZia{d}sAP)Sm9frO_d5pFxj?FABs7&_;7*EZsLUryHwAWs2HJehAA7ScOd@e*<_jVYBObBn*DhRI2E zP&X&rRt6)+!-H>x`Llg&|CfUXc#JTv(yVJ6pw~2o!^U6`HHD2|-r&cF+d~PG7!%9` zT(i|$=54R!odp%9M(VTXx4)!$&nk&B>cwx7grQ%J6Hqz;IKg-5QMNAF^I&7wpzX>@ zhnhi$QZ;&h9A)w+9imJ5TI_N-2b5CZB%-`$`~H!f{cF2X+C*WO%{Fd!2RJHmE1uxN zr?Gm0ZF9OKD>yH7p72vQP4lurB=v_t1v0sa+r}M37js1BRGY*^CX*~1!J6*@1N&z<52ubojh#ni1qv)e(JVQ{uiIJ}-w z_#6=cu;)T5m}lBh(q1*XtGXW!z%xMv#+M5}1Z;R?tvkU`qDq6wySva{X9RQ!0WOhA zZ2#|uB*081tijfN%Y9f)m2DRBUl#N zQ5qk^0FXn)ND^I)(iGI0Z()@`ba-<~bq)Cq+@RxA!N}S{Jp7#342bT^08WpIN77W+ zveYBz4Fzc9hd~X!`4J0%vHuN6|9okQ14#Zo&+Ie{p{YV2vy}=b*&xWs+otK8UkNia z%p*8Y8G~9Oikc(BijPqZN?il&p+TvL88*BQ|I*4nIJ&j9QN~O3|TsF1@BT2t>n4jDVVUh|={Pt>;_qKgv|J0Wrzc zgJ%-GdR~kKG7xyf7Du)R0TrgiU8GEX5A!s=3`;+lU?f8`K>blC<2DW&2mXJ&HQHY* z4B@za*2Lis*;=ADzE9f~9;*e!6*pD=AF*@Aj=r)X#Ew7f3AjxxB>^F+xNS!Yv?BOv z<^s#}(@)$xq}6>fwc)W_By20nz!%{_Z}6Cu;1EWXk;peQ-eq>WZW#oJB?r?1xNW$! zac9Zpt>!F0qx-H6Bc*C}((j?B)Q2yA*`c$!o*hRpG^EarOQbs2rjj59ifYQ3_j8UP zF~o>k{G-q!~(qUrEho5uRp8XfTj zjx48!WM80QhUA{iWoHh&O$EgAj7zdw(67Mq^xV7dxWJ(*XcXcn$Nr86iANx1d~zVM z4khK}tz^tAzoEvf(D8T|LC?CZJ~iFKUbVuZHbqAL44|6{DA~%SEH91~s9vj%WachW zHh%8w?756GofHWZ?F5EE=zI-A!0ON@L8|-opoqtAv&>kb{wc^2STwe*ft)zJhj`NN z%qu{e^X7h^UOz-KFj%JhK(yLVx%K3d7n8^5lKqf16xa+u?@C2ZD$Ca~z28u-53VnY zNg2%8*h97zfwKC>4;vPoz z;@Q{y4dc^%e=dK-5$F?ne}sc-dh={m5_Wi>d1bJ_pa-8QUGpn0wDb4|Fx~FvkB=H6 zYUN#3{}xeJXkR|q;Oeazxt!Rynhm+R>Nf4iNAtkOWL@rhgb8V>_xKFFHqVhB+f2bk zQjq6?UV@OI{b4V#E-2(8HTlMhsY5S1_pwT94Ss4hUfJPH-nE+TNk?eq7zg+=_1(Wx z{Rkd9V;h#Q_2W08u!a7DuVn;nYCo{uM{m#pB%8cN#rO3?3V2eqsYl81-v^8}dG`s8 ziK9&EuaPkhbf&LEvhC`V250H#`GgyIZ@>=MNz2BFM^Ie5D)&AA9&j^!25iL$2C&$PNo^-GWfB*M5~XMd>~1vN zhsD(|&~U}Dd;=mZY1_X6r(ngC>PkU$MZ^x0JXV+%9(wd7QTrV5sP;gk>+XhMdWU5O z6NJ`)*4T=@$RVgIhM0`qzVD<|`(z?g@@y+DqdA20_1Q^VvcZR`J80-`@E{e)nG%Q9 zrX!a@L>4TM+f$c~eXScfUR0L>31bkh8*T1pYa=&V3OlxIUhqZ9pTv!E{!)D01W9Ru)$QAb8 z=rkcpV_sup7_zzXtTA+FyL~ROD_f_Ludh_$#JuqTE#id$); z^U#(E5EH8l#UI|b!Es!S6y_B~zHj~*2YLLg!3?Ii~`L%#GJcpkI$5g=(oI$v?+-m;C_TOy&@a6hY~ zxjc0~ybaSWY~Mx&mT`U*dpy5E*TJhBw^L%b5)SYw`wT=Pv#PIIax4Zc3Y#L%*rm%5 z3?ko&^~IBv?J*Ay#w{H@``o9%iIW?2%Wv!_ljNXyI1*yB1HV^dXQh|#;tY6 z+ttIgOb{3$GUO&)fE+-Vkwd5rP6Y4H7ygf-SIiqMACaTn&0_<)a8-g2G?U+-q8&)o zV!Spp9hCgV!1X0v&YsRarxxdK`+>D$;J8xOGVwFXmE#Z(1MZ^tO?)>e({{EqW9=Vo zwwa7y9S+guIl}x|;hz6x7u#%CyRewGPe7hRQq=RGwfeA!rF&EUe79n8!fiMC1-pzda7=l} zNSW{z_V?kK%eE1W_*}coiYj2IsqR*)`fjj9d|-%1OX9dGue z3NE0uiP(+UeSK4hCE4apyrXFqHjy3H_-pLeVsyT$;ihIaPrm010v)vzG^N8Z!!}=w z9QCExAnk3e(%_UMFcNk_)Qw#lc4K}OHrZS0PZ|KXjFBX)_s&S68+>kONob7u#1m#ouFxp9_7Z~v-xKxJ}Yda zJGx6xeD{{~e$J!zv8Rv0TliA!cgbZln*#+19mu|kycgFWNkQH!w&5%OYn3A9VN0&e zZ~y$NlM#ISRM!x@a0Hpb0Ix8DT{(6UI?Yz)DyO=hJVZ}|k>%*q z`v#sFs@tm3k^Y7*b{F}J2-|l3LlKZc&VO+dk0-h+|G2pQp24MId#T&MQSc>ffUyTS z@^x<3;ftcU=8OG2h|59w;EJv5&-1paV1_gCRnVPQ6XYQA-j2Ic?N=dca^n?G_vXfp zKhTS7dAVRB8M`SP=veH{tir1oeV@^tZv^SV_cy#Jc;;6xgruV4QeYJH*|4KJ<8Ls6 zL@Wtdl7uC2AonTcCuZkVjc_unbf_~e;eh{M&mZ&>iWEflR`nV> zKzr}F^|3czl#Mjuo2uFPRyC323&FeaE9-~Q<}owy8d?Y~fCv zv1_$unow`5@4+m=Dz{)1tF6bDF)ae)=sU2arY_UPs31v-s}J$;JvGZM)Bx^6<-!dy z3R9hq2_wo3ovE~hwE_-sat~j$pA(xs;Dmv1o*0QG@Qk>>jA#s{fe%zWA^}iz;j$y zln%=7$74|wqI$83;5c&mq6&E)qql{02p1#J86QC1*X;SM=ZCNgV!mpTzU{xVtqV_( z?+2aD709PpbP2KAcC_9=0i;ECO40qxe6YN+1vYuP9L!?z&_7w6vV;_8f(+s3j zyn@YqvWx(!PM+Qru~D>sPsC=&jCFJ=Fb+mnF3UDl$5#V+$;2sV@W1nc@ZC8X^+RKL zRx*n6dS%;<_0|IUE`0M|4rvqsNd`FJP+Yz3^d1N?-D^E`|;e#tu>J%eB=IEm-@4+BOi|(&*Tc#_Pp1O&t3x z1ui|IG(+!$cpqx)t{a-+FWJwi0m^KZ_Pw}C!-^I*=lQnM(a^C#&@s}+U#oT)#y@hv z*~Wla^zZSnO5fN^L#(K4@XDvwb}7^P1R~7T#655@^?XACZ*>Kg83;^3*_zCxqKM|q z=mj5Pv)4GPaQAB8Bs3!yIlfF?Al1yjx)7_d`I$Ddqe9ICMwp&8fWX_m;u3isSYV;; z#m#9APjHCPd7Zzd==tcnh!8OolE)MZxfZbYERq^Y9Rz`oqY^+mx%f`sDv41~0_vz5 zOYwC*a4A|Eu#O_pI-+<~sU3$jkROHpko(U$f9_5==(a@%NX zyx`t5hZlFhoYxlk>BAP>_uzs?_cRDZ-uskbG}P>-^a)>4fiKzp3v?|c2z3wF`mQmB zA3HlgWlt&k%ETbkrXxnusJ-Esw|kWAXsr3|Cu4QOW3asf$G&z4dIw_e@nSv3je07` zgmQocQ29eRj3N5eV`CVhPH&lbRS(=g5%y(>Q>vNZqNbBUs*#|u?yfL?Ca8^j``16R5fzquZ=yim5WL0k^Dpn(N0Few#q1jQ5}9ru1c^qPAZP?mrkGeEG{g87XJVAdh#bjv>@-<|wgaDm70csr++saUC_{*8$k2>YTHQ89aXm6?K z?W!Hh`Ea~`uH=e$S&tHbKl-uMjVF6w^ya>6l!R!p9C0k+4B`ie?S9|5WF_xx#%FN- z1n~>aqpTO5?n^^43JCE%i5tGS23~%yCst$zZ%5iLFzI#!iQW^G$f_V3NT9KeFbG#vWCc=7mkXlh9sr;#@i`uLf& zak{KC?<32wkbz+IHc{z0ae}*#6_Nz5Co;CfYBef=?u*({S`&x79ff3pSKg-Y<)~^Q z@BM0X=V~BF+8(BntILll8mq zU?_?BK2sNPwfF^AL~nu7=NTQ&_d03Meya_iPQKnwtG$8QYpKS>oFagJl(>KWW2jyz z%}74O`Gk*a3iHpHMWxdeI!f!C?uo?cvpLmYJShhoJAFHJ)tJhb09|?q?v3e9#6Bkc zoYc|W8-q=$nsx_&@%C?Z>&Un9g%fZWZ+s^n`5jaMW^Y>L@MhOg9UJY_AFqFUpBwu0 zC&B*Hfn3n2|7Vgjx?FpVW(j5B4_`N3VSBO)DJioEnIrnmW!{6}GUL>EM@2P&luLg< zE3_e5{Cf@S?i4WII{+Z0LD={oKK;JCL&OIv`DQOg`7#_CVK{ zl8Z10rD#eP%3bP5KfU?3pXmRu+$HC?fTJNixB>AK>;;2ax%x$b;l#iwwk<($@6q!5 zt`ax1Yt{_VT|J08ryLsdX>E{v7vAY%mgOYK2Q{Z@A=+YBx7Zs~rPtPFv+Y*SU`cn6 zpyA*~hx`o;gwd1N%G^2b$n-!aQKLfzV1=ZA4I(Mu!)u)g5W@?TG`+Rq9K6StOXvV8 zk(lZYnPk?D$Q8p+L_HQP6MqEuEO*ZRYB=6t1cJXjIuY;&P(8Rny-Lv2O^cJ^aaI7y z#$nXb07GT1qs0T$DBDjIUmpflK3ax_?)Zz6KpEx?o_{V0;={0$xisx+hCF;-GIa46 z)HoDf&UxVLK6Gii_X}WxlWrxLQAP`GZ;_et;-&+j^u}u}6ek;Rk9BYbQS#us>$`vC zA|J#cD6gE}rbx;T*{c(NCZi2I(py=+U2os9v0C(dY5U!a?Nyf&8qm#ID?4|&+y6?> zx~i;7X?8@($eM4DTk$UVu@oXXAqv2)chDc(%|zOgV4h%ar z2j97M^<3d*Dla4G`lIPCC9%go9zO9SH1MS(@W5u7p)dTtN5Gq21IdKn*S|qBp3V~AJUdA`no|wD{WX}$rz1I&0~U;pf#AT zGM*?C9P|oX7*=xmKV*TsF+d;O-(CzsLUj2>Jdn1oi0DMu18%iVKS3yNF))ixf=$_^ z9|-!CafEll#Hh%iiRtp$_v8>)z0kk5@1JGcV>{4m1ARWsU0{3HN%+A+{8W()NLeSs z!<+7@+t2xzf8=-RYdN^vKjg-@uws{{c4=~{SI?s!ZvU}%LqM{}%1&or1uaL*1A54N z^wI;x+WL`?F*Mn%A?g1AKRNPPzQz!c+#*CxG4u6<3Pj;RE~emI5U(PQ8Jz|+`jkBe zn~Xp&V60z-Jzmzx{eTDuc2*C6|0_{j<_Q64smF&VLL)ZN`5oGs2EP+Em#!ZQx)lGH z$C(>hiw00j4W|WN_3t2@yawP@?JS_HJY?4U;7cg!HBApnQ4z?;k^o>n`p7(oi`Vvj zBswY_#MhUNK5f~I9eMN3fH?cFAd@p^Hb>C1`6O2tj3QkMCioNhR~)`~?$`bW zcr625k@L_exW=%7-_<@1vPs#FZ~!%b&9okNw@(A!&5H{fIDzY6zU**so?r>Ko?ac$ zg#aFqC}+aO61r|N8uIEyWny@3MoTX#=mbX#>iPPD3UYqp!DS%*uh8?niu;-#0$Xn$ zf~~$SHMI0DyyacknOtFoQz;d{-tK$?&91UC9>f6;plgH0bYsIXST-f)m}Q|8ksce~ z1dfev?YTF3b{^g35mGn}gr0~p98-S9nGsVJp8?(1j$0>;%e?KSjMSjfW?JgeWl-)% zD@MfbtQRiSIFZ;IQq6A7O(fjCe;vw!KeoTVgiRZQ#;Xg(x^ z>!b;YW3RvfVJz3HaCZd#sBD6H6-s`V}gM)T(^jK_vx1BP$p340dlal8I?Dx~6 z`v@GlPKz6gy1Xz;vf6_l#a+4;8ID3BeuQ@38A z8k%H8I--EB)wBxsy3Sp3gvc1M2y3`|wpUVcZvYPy4-L@oqyK9(+>T6gO&q(dI&M#N zsYG4g8yn3EEK|=G=^4~xDZ7a1+V<-!ulV=sCc`csh8pX(?!S1&7VujJE?v0^Wow2g z1>F{av{joGJ#Oqe{zSL%&Q){36;Z>y8&rGw-D^${ca0Sh6f{<5%sj0r{q({TMcZO< zaKK#$w~n`g2u z89kED=VAA7Y1u*HfzI&;SjSIKuj*W2f8%lNLit_j_MDpA3*7HRx0VEF$|6}G$U4^6 zLu%wui#JI-_32S?3JK;H5r7OV1sw9_IZ#m`@z=XLN1HhlO?pMeSN|Hu=G9luziFHC zA`C-}Q}Hq?m^^V)4YbZbsJ6sFBiXL8I&IH+P!%k=>4n{)R=NVdtgn;zwbdQEr*?dC zZn9u(6i9ulO;|x{kNq=**7#x(3*WiRXifsE_EwsIGLi$IT&LY5t zqP$*qVRKMo7W0a}c9#Kh-@n3@_4#tOz`J#&Y`bkI6t3Q z1CI|!U&%S52Xk1ckOG~YiDmHXBoq}NH7;jrTn7w!!88!&85jP59Nju7f5fQ5Gz zu5U1?3R}TTCrYp=I}9K|k>js2FogydaagD2;+Vw{oblg)o*~S1dEKsx0Qa#l(OxVI z4*5=OmODAjNr&h)LbBw9%g0R7r6JJn_Fb9nK+^g_0H-dC-!7~JRl7bQLZSeiCc_OL zE|R4fJvMY_2Pl`Mp#V;SV(DX?@v+5j14!6x)@MzbgO-w%=O4Is5ZCZ8U|DSKSq&HM z9ht%Es&A8P3V`ijwvC){0dXDSxkaX06O`#7DZ365O(wQoMVVKORQCf?n;(h1u%THI zWuAM?q(Fx}aO_IXZrxbKQiS7o7cy_o-(Bh~{=MOfJ}ZvE(8mIr5KB|ooeaW_EapOB z6iqn0zRWR-C{ggK>b@bu9QdzOu&*nXXD2PLyCHwC&v#7~V_-er!}qDWLKP7ai2GKT zaQ&v7%cwFP%0n8WjO}`e>{Ri?=<*E69InEBDb@mCz)CUpM*zoVT9XziC;Nd&KzDXsZ|%ei>mERFqX=3_ zaP44nR5Ga)&HjH9y(iy?YP4x@RTRC|`qoB0^j1a4COAkjKjjA!S&#q*u_6hq19$r} zv%vV~^AV2axsDt&ea5+{ko!QgVeMuYk=C+{pfJwrRuU%d0OCia(*-!!5j``w2UrmU zTOE$Q)3cE=#pFjJb|j)@iV7F9J22AlG^g$BV{MG0jkR$n++0ZV{Z|}mSh-s$k3h?M zCzy*p3**IzF$!p!k|x_Y0KZAdG2M1M2k$DcO;W4k;w)-QgcF^jT&@UJ&t- z{kTt5O7`NO6R@G*qvI0J_?zq5{O`SX2O(+yZ!4ki^!0Us2$3AcF3Z0|l@T+JZ$qKa zH@%5yRNTH8T0w*X5sjpD@^f5&2&h_`$N!#3GS8IZ}3{In^ z`yb3bcul&CrcIsVf^W4|706|U@K?%3-g^)A_uvkZG=1i@p_ThO7q~u;X;_~ZApnK_ zEE9c<3g)cN@WTX7I@I(GKj}o4{S*04&g9GcVG0PB>%q-ha^lOg>)`t`LV9~~$CU+| z8~tDBgZG|jncun8C;pXP_wJghg~KfpIb+T%&!AZq1RP*z0I%9VA<=gX@R;FU-ncvW z%=K-i457c~2PE7mkd{F{Ku}6~kG9oD=00&jjd|G}c93WwG<5+8tn|{sT$~4q8#nJW zbAkB>yu1bcZB&phGMn+W@p^{lw2qZi%4H9L!F&6WdS3(L(!Um3*V-5R4YZhN2I06q zMeaiYJPDqYs!yXaz%&I%Qo%C*;ZRY$WB`s&JrU8f!5V;8hM`?tzA3_8%!9_;r|7O@ zs+4DFVH?bRs$1Sq-HXEA-#|BZayj}KH+n<^6l7Xf*os48VaMaAvVvzn7#a|(;CEpN5KfkQGzTWC-i1AvL5n$XS(4qYAZZMcTvF!^jW9dcvX75mh z0@@E;6hJWE0j4_$-LtlIj5T9F9YqpGz)p1C!{!ef^8$IV?qiH*Mu*(idqlclPeZSo zFA^6q)&1P>A;hOJo#!1Jbf>e0NjJcJ5^u8!ZUS-x#v>f-C6#4e>-UUM${^wqcwPYT=3 zp=_^{pFFo7(B+TOi{n~bs`@(A`*c#HymGFqRn=wUsbDxB{tAd zUx3*5j)8rP>*aY-J*nNyGF^4BFwBpOf%}DSS!c6f__vpchvJ)d#;j zOW+>yx%n*3l?Ha@K1>J*81umGF0+FNPaqLH)<0!%Od*n!ZE&$XZjr#0kEteoOpWSo zs!r47V#Cj^Nj9=!@dT#Z@b%805*_C;I3M~MMk*)}#-SoCft0fo>WZ7%68R}>r>{Y) z9+0pfdhD+D4lFn(Vxl`Xf|4F*|7(`Nh6%Ec9=%W|yal|L;U?|LA-iVaXGSco@wh}| za7>YgWILkA*_1IY45bWpjh=$``4~j~9#?Fok-5C^%gpDJfGVqh<`#JqbRyiz&Ab)} z!-g9UHynVpr8~t)e~V9K!|e$8U4y3Z8Lo~uJSwAQA}H2jSth)=>P(dI6-U&3;xg7@bI}K_qC&R zZ%>ECl54KP?IE3rxHTRVD|oj1BPhk)z#*&{oS-E$x7lumU)jY>VB_&*yOP;K(345* znLDZ&5>gcsDNYy)ezM>taWjoKv?7*>n`=Q;%ys;=9H|$G#AWT zz0vwxkf*(c@t4n9daQZ@dM*Sm`}5tEM;RlblIj9?>675*8T#VLwb4J;hjV^qg?huJ zX|h(Pp4SQ&<1<*Yx+_Q^!GhkyL*%O`#P`693dhg9Ta#;2b3_cMv5&UhH--J)%jWxp zd<~tG@-ov%;5-I)dY~L+4z6%)fD26VcF?0M1mw0(WQd0~p<&V;pGp6nU|4kIWVh{2;ZhhFcJ9F#y zo4fdwm#1EN0>^Fh+OBsqLrHVLwYKxy=x@9K(BguHi)zBnpSMTCK6Y4k2c5zrTa3Qd zyq4+ocgJ1sIzwWpq^F?&cxns0V-nE}miVFXog7&FFFlf9uX_m1oD)8oxLfR56!6cQH(;GVk8w3}0JY!QMa9LX~srW50V_ zA6QhpNEd#P>b`f0vq#d||Nq!duN4^ZEpy!A7) zY+yD`wU119=}StJBVOKtv;p1E zi@p0dvAG&b#NqDa&Fp}VRSIx}r=KsL?n~kn0}K?cRXpACzM`EtCj1GK7F9GsZGitV z^0ZAcnorbW_tAMg%cw4{j%?PSOWua-fP%gNJGW@Bd)RllFXL_g%f(ZVfstPHr5KAI z{1VJK@oH$-wm{qhAKUQP(hEYt65{Ux13s1@q;C4Tv_x?rI3hHhEA)gID+AZWt0ff1 znEtHvkHeOvoa2Ta`D}0P!d5cL5~sN`bH)8k7zjK(fZPY!9cWBovH4gZ2*#lrum?!` ze}EcUzHigzFCjn)IrD)2XVqGmI}lEMZvR$614@ROIB+Pa*hGVYZc%9ha+yO7^B{C9 z0@{K2L(hZmqWRl9=eB>Gqpv1yy}2BkYDWy86m*G)X~dgA0FOBv<)@9I++nT&#kg14 zSMa{fv>t-^bQ;P$d4*k913sR6Y?*B=Dm>GDyZlV~M5$b;+oGV9Www5$^aP?V90R-q zlmxbNc@v2T(8Y^AfVX%F9oZyev@g~ZPGDu&a08LQ#(tk;WoYBnVm+VvSw!nHr~8hV zX`5(+>zdn8P15QCQu{h8*FfPQ2`vXB-DI!l4bKkh}P&0(RJotYAQSq8R7hyyZ>#_>;>y z_LcIyGKld!0R?>kt8}L7X-^Q&ji+Chep3GP#XC@bSn>~U;l|>%w~=HB`2x32SCebb zt%LyD{369m7qD+bvuXOL-s;saH5*=@W@1Pl860xK(=7yjRdz?=B^wr;R;An>UL2E? zluY>QxpHvNpMb#aqdsAl2e+_gW-f#sR_>29Kikk1FnTrXDWSyf*X`3UM>ZWgs+_j4 zh)B#zzNBgj|C+)9JGk$_*YEdEqH&_n%t!s(!F`Xj9Nc1w^I)JdUMq0AgqeF=nVslH zzPm24gnBFq{CQeh5c;2NY{r!WUBIFA6aHlQN_R(_dyaHVe)vK8x4U-jt0u472+5s1 z)N9=WL@w9Um9s|=428Uxtt+FCG5cJW0&95N)#P&l7mmny|7zG?ZnV4W6VIK>*$~G^ zqK9VvjH@)S*G|3;y9iGe^z*CIO8#N=negydFx4LPUBXyAPBN|6(-LD*+0i-?m8BP; zKpN)AN!|rvwh)T+7Yhs9jqbRDj7+vN>myymCG7|}A6}5tpwAuf3G=VIh^F%&lZ3~TX^JOs|WTOZE41Xq>Z+Vn~tJU?5yq#k>AkN>^{+%7^FGqP2 zPjL)qTwRzK=`gF+w|Qiw-&Zf1Py#$@^@ld{r;d%qy2%6j4f6<-S-O$P*V!I<7ACcc zUjBPTFjLOl-QZ8IGbB}KczucT|}46g#b6mCgy%lU`Z)CU!*ntP0S~`1Fu$L z22TNocj98)7Gt`Y;FFag7I+hXCZSZ=D3pyl4!qfclX%eomXqGEh_!l}LAyUH0 z^lo%D6kS;=@Q?U)-&=jb`+7}yJf5zni^qeTAKFg@Qk zjT_Dt0x8hv)#9gby_3j6I0WuJK^a$O@1K!qzKe~ATUn13*!IK)H>Ys%)0=SpehgN^ zLjfR_c|qFNvyi9o{ml^z8)w+&a#99|XsdcY0YYq8*mjA*6GaYD8#eEG4GusXQC~X` zY`QXM&%~>aN^fD>hD3cv5Z+a?9FvZTgLJa*f z4uEZY^Tv5RW}a+j87KG^D=u;b9-PgcRVC z!8e^9OU}g~AkcM7(Ayl|_CN@ZJZHE{Hsdx<^7e1L6KESAf=^!vQJOt{zn#T&s(@-O zQn?!1ZlRHnt)3m6oO3wVc*l;o>umBEnrQ-41Uw+&CvFIia~1Ap;oe&s29;Ct7UA3C zT5m<`k8vXzgv#E6&P!)(M^&=-#ly9SlkGe)J==H-J`Jbku<)d~_FzAJpS1X>;C9c6 zp7YjQ$t&p#g->7VKtK7MddH#0xKQ*SS|D?mkP3>w3~2)#giN0W`_Iu9+ppuWb5bXT zhTvHGg5)9%$S+7~V>4{hXA5dqm7qU05IpT37FKns(d;+NPQKuoH|jMzY!JsY3_W62rad|4>Jlgc8T(pQ1ux#~rg^mnN(_dfKGQyX z@Hr9kZe#d(9pwO>^&l1xuVV{OFD$R+jVLQd*Dw5mSesEfpLh1t=+pe5pP#4``X)__ zC}~h2l)OY&`YtOU$}lptN>gB1{4?QhY1~y{LdT+n$HJ>3<&}FiZ^=0^8s>n{RhGQMChBK0h}V9(fg#xleuk zQ@L#`=YmNac@;XH&qqS#w}-#DJaf|5$nw2K>+j`>)8WOy0zYZGuV`ubMdqQK4oIL2 zNtDYQuTcwH@2 z2QyeMrDXn0V1Axdx@x@bGJA+cmfj5Va#k=3nf(518tMW+v+tnRYXdD=mi5uQh0<~S z&BCUZd;7st-Kfk)QP|bz4cruL37uU}2u_6X4eNo)L+g! zZo|p{8BjB~Cbi$Oo?TDg?9H7_2pKQBK-+9UtU3|@6!6IqXtL+QeHB1Nu82*zPj~=; zq}NImw~=!7vz&xI8d?Dm&Z(>t66|IsGHD;3LF{96;QGU-mf(Zxev5ziu6=8Yu7dnf zJ!eR#r3!Q{8{JtBINog7?@p7Q91ieKiKt0~k&DWy#p;!5J-R4dL!)`i|L?ugPtH5I@PT-bSK zbv(hq&<@P_y$s24Zpx3TENx`V_9+Ld(GUFxm)bWr*VI~OckHy?U2mPIl;+-i9mide zbqu(O-R1`^w{(KX;YK!BS!V@<(BIpFU)cTa1@J+s_o4Gl_DCeU{<|Db7*Ftxe4ou8 z0GqdFqwA+fSFLt#+l5Q`gu#7L2DJAy#x}Au(qbcevq+d?;w*dGF$t9 zI`VTa8@#`-cFL}3B&t4ZgC6R`SHovp!38byR7sNRZo_+OT{9u->!&27I!p{tHadmF zrl3KV&bL&xDqWvQoig}nNpG2L!OA)G0_Zi{Giw(h@7wn%-z+PBB%u@_oi30*xmGRz zy6n~%R$!v}#6EdD3vXM9YlqF*r!dr;HCzhKV>rc2!uwP5mASVO!$Z-Y3ZY z*u}{dO^(3kNj-)7i}72e^5tCmnUH0OCq^=fPsKK(r3j5Eu&B=pi;mhI zKkEEFdn>v?ndgXZ84U%;sGm2wmi4jvu*$~aPP#%!6Hl6LT!Q+E!YszZQ1S6NeQlD( zbpiF34|{zgu!ke`@h#j?P!6B92{nn3BAgbJttJ&tZg#l<4>*Wmv6nrvjl7WHa5kqu zyXE@>E*bQ$9DmkD{Gc>*A$c{?RHm=)PA-2>TF~m+bV7KUTx*Gjr5{P>Jj%;?ajvh) z+Bk)13BG1O&jJ$$7G@p{m_k&~V$4LV8i6N!>nQX>lng;g`F$KhfUl_VkH))WHTWnd zBzb#2vFg zKnWW<{zE0G(*6|#x-k-^l3sTst<4|x>HI$6zJY-Tnm$6$WXAld;KWzMx@)IwJS=>1 zx7dx%hTm+8pd9106-~T_z9Yn4%MaG%_9>YCPPDuY4Iasf^D*_V48)@J=p3Yp^+V-# z&jC^9ZZ=l|KLCHTp}`2<%53B=*O8syYyMoCADi}Z!>!9Fs%9R$;>nrPsv{X!N{=5p z)K6(Q<^!>MC}=V>H8-`59kH*0j>6z3sdfWwL3Y;n<%QopOy|)}O>NETwS}PQ?vY~a z2AJ}6>m7|p7OgrQ>Q129Edpbep^Tp}KVRUo0%tfx8~2Br14tVsf~Mw^`wEw#q%QM4 za^`)rLP0Ag28VrtaimiK31SVqveViUOfqur3R;PCHBYWy47z zuZ8T3Ab~Z!>IVb;0_-|JU)x2x5nz)Q!%0&XbV5;4XJGAkk}i`PR>$ zu(A)zg5CuT;gYPVKJa5o3dwF8&ckH3J-cT=+LJL$FMqcgO5)`0p5Zd&a<(vbYcXl(Mem8+QxNygZBjv^X$kO)BH&QFu^3a8qbI`$1Md=j&Ce^b6| zJ;I{ZY7MhFsGXz=0FOC++pDR!I}6TK4*J0peio#s1Ef1)cLy{LtDX~e;${Kied$i^ zIHNiG^eN~l%Jpq7XPO(IFBftwFpRUZJW~cP&0aj@=t%c7qAT|ILraVz^jKWA zoL8{J7AD^J$2P0@W`K@Zb^8V2I^|h8rU4sLB`4tk3_u2-Oi#yUOt1pSm>O#R`NwTl zM;4!1KVTTx7(of#QE`DZjeA2+ck7a=sPXJxadAEzRNX~zsEes>j-W)!pF^h~F_8kN z1B2^0to3Rxa5XRh7bl8mnyCVBrF3!`&G<(IwtR!96?AO+9v% zqKksdLlOeU_y-4+fgM%CDXQ0eTZ;Ea8-;{r=HX?Nc@|Lkax+iZZkreKzb5U*yExfi zUz*~lwBawYGMFC(a!%>-uRET8?t06CjmiK^dH0$}%nV#DQwXRelNey-ZB8p zc+{u74c4GgQ8!4L=SBy9N^(6x&w_6A7BIP=NNq|NGD6B4*1bIKPFC_qlJ!(TWYYm1 z^At~il&sT>8CwG!{rePKtM<>77GC4YV=Ds5*#tJR5 zN5$*~t4dL`oz7<4QQFkcgkF2xHQ+NZslKu7k8ufmXvwYLIw-yqPuFl}o{jPvmxHJK zY$eJtv$XBu3|@Xiwzg@W&b3^ax7L2Bx?n!eK;ql7(J=&a#SC)T#dhl%C_dbcemv70 zh!KT3e{*_e$JcYe<8E&o0>gIHzY|&R#FW3=Iz3b%-!fwyj8XKE@Saistq_&aemusaq_Z%%dv5aU*Er>vXNLK` zW-{IYj(>(@==3d7h1PVxcI^hskp4(+BbnLJhbZkHVaniVbA?mYN>5S{o0srF=*h*^ z4Zj;N*-@|baZ+aR@DwxU*Y%92_gVzMeBQkX>)0sAkGq;A{V9hPRp%&eM>tL#dDHJu z=o$BvsGK5oBz7OV%-_0^ZC+(1UXK|Z0~+!Krhw3`&)@oql&(NG^Ze`v%Q@1Uki4Nq zQKN#&xtY2<{Lf3aQRbcpe@P7<&B>pujKFJNeh*ce7u@gSTl6aJ%H0dWleY7dvs+7U zlx$*LA3qC>Un1~`#VYpAOu`RFk(?uNS-05W9Tu8vtNI z;KM59R{_;H0NSfJgZp`v)V0#NPlLu9VGmwAZtH#-90;8yw6u{}WGhAzN}|b|dXALc zZ!(nverO4(FB^bUHyrR$;ykon%NB|crYq(0dzDC21x{CRKEGz()bqv2Y}-ge=gxBf z;!|s3MhL0g!)dUcuer_R6x)N8T=Ht@QI6x2Utc=uZ|5_}eC5I@KUs}4MT0nqD7!8!C$??UHg z_s=CctPD_b4|XP;3ts`5`13arsUUk-dT9KJ(F2;dJ>hFBFE4Dq*r@;0=EWHwO0-g? zNxJ8^%7WVGAgTc;w4ReJCo4v-40yf^L1)z-%9#l4k9MPNBVSzr8B>UpKlqTqmXZEi zk;!9cqLEBmrNW~5iIik+V}nOekCyy6@P8XIXY=mPThT5cDf$Cvg_upJ(#L%YaMukz z9lAF<-SAw<8n~Dgg1q;|Q$|pxUQbDQ;LpjxA>;vwhwIy=L0_FHnd{cR7b_u4akF?F zbyXqM3~(x&!u#tS3^O!RK}S@k!#U>^to-L4$qqzCk_neY`RXw@YzXtuNH40%VQVef zSXGyl?q^NFQ1Ac_qNH%59npD*qAmg%4Yc4b(~Btrbz+$t^{))?s(zYH3x`9l)t2on zfEZ`0sQ?ilAKCuW}5xyz0K-x&_qhM!B^W@OcS~?305Y-KzB~AcEsMYc`T;;_e z&8Iw;TYO;o^O;`Z(3vE6yRYC=_O`BLMjtYi9ZyC2;4YNn|A)P|0IIs}-bQH&L42eH zDM3V(PzeQrElQ|>gbLCqDj^+`vNs5#NT~Rrl$4}^DBYoeK}yFal@5_m@~nF!;`==B zcjo-hnKN_F%s1mO+r58r=ek#1>sklX^D01{C=RK=>`!B1c?ZN{ug7SR`je3;bG-fZ z;V&OL=!wawFLCvNPHOm6w{WOLAC6yjfVUxgmT=g{Lrm17{L7#oP!v`I6qWSyCbEchULBV~zF%t>_GBc?UqttLMA# zNkYAnU4mtvNVMbi!d(byr@&c~!@OPam#mopUwzl58mZ%qN;g2&D;7Y4 zG{>g)Lj;{63Bw25wIu2AgZ%8()dcnFb_a!-(VLVME5-YpISg>h-Z+H10USJ|!BZl= zX9}l5xGkFb#7kOw;fT6Vs1l>|>mf{spA}!I7p9%8nN*LaQ$b>`+8|EmdmM01)gryF z5Ey0jg&k!BcjicD=U@OWa1-2I`|QjNOrxs-t$i6H0zC!v`|ND!zyQH9)$p=3kRQ&? zDb2lTT+CV_nj#!2ClVaU)U|g;78*tD*ls#AJ)d($%4#L!depUp(Shfe&gO#DJXp0r z7}NJ~96cJH0ia4q3I+n2mLP;)*wKYO`U;7pS>P%;osf6n$*%Wt-m0J*p!yjJmI9-n zFYV}sz-tF^E1X?w*aIjT68>N_k+Sa2HN3LQbS}`sWbJ^4i0_u->LWWsOOf^F_71IT znzK{n&6#JolVK@?Phdkg1VzyVtPrGB0=n)ZhNj8fl{HP6UfR5jZC{`C7;o`#W>DjE zdD%9nrE4b|=j4`7DSf7dimNyyjLiWC6>d?eVYdu{`T?uSwB3F4bBp5lJtm6{yWRhln=tX z(AWLh7*HwULvP(VeG+$zvj~I9U=%m)OeEcLqM?~S4~R0HTab}JekfQ)B-%(@`r3hf z#)i`3G462w;PXzRUN{p;cVEmE+)Xdy)ud-{t6xKtB_XV z(2toTPyKc|pw3{>aqh;6AYrbn!tVF*a-M4D#eQ$&agmY0I||$bn7SYceu`^n#5wJpo6jt} z^A5-D+RIYo7Z6EbBgxXhstSOm0EZ^5s2lO>p62>WW$-R0*i9fGF&F)LIGdxWry(L! zPHDND4 zQLe&?nxf{XK3kjJ-$za2BM@wfwov|RU8AYAidbUQ>t_srLThf{M*I=llceG}!>^gJ zJ>vLZH4Y#dXa1XH#Neru9$tZnaBH06j>Qo%osk{f^N*TBC7!6@4NRya^AbFou9%xY zUAXTX-3#eVP7wNL>fV!Whb)_7gzlle19g7duijfu@_hrvuG@hlY!c2fo6n}np$1?# zPhd&ulnz`_=Zelgj(qclKqC7SA8@cX+=mM~5dD04$ulTF+x~k`>~j_Bfun*1-3)Z+&MP zk4-4c2iPzuzfK>=#}6hyM)`;VEQc$av4c+_fLyTHoTN|r1++d}>4g@hjHvao;*3|L zf9qOh0s{TrKDD@K72YV1Q*6kh5Y*Fp!6<3K35<7Ur>35=FpdCbZuzkW+pOY*gH5qf zhVI{d#_uHrFl=w=%BN%&rdHx&2G|dK5)k?jC;zlhX1$lFuC{bJ)Qp>@=0e~qwLbcN z`+T8IfhHSMfk)AJ+qC7g^z4Ba#sB8N7|JdK5B3d-9*4)p(5VEDb^&vGNdW2hbiWL% z^U)|OtK1=b6ENt)NA&NwmdGx&U%k{VD*3K0ic|LixRgch^0$MYu_mKNidGQIeHK&*7!9+iuo)&bZ>H|a!38gWZu}ev;4`jLx_oD84_BdANX92U;g6s#!k14 zU=Hvnj(R;Z;h_+H*MK6bYke^JIqwe@KrZ52===@|^FHvuWkFb(duecQJ!2hWpet4s zQM=>IOwJeVZ^XrK!n!j)_FXrPSQ20(KHTCNerQdSPfg)v)1&k8LpYzh><*f22+xm2 z4i_N*m?s=nE4D8#fw1HuR{3c+o|fAQOga{j%4&Nfy~?3BIYqd3KFa#tcx1A1?>@%u zHL9LjE-`mLH6KefnA3UthW;FQP!wpCpNf?GsL%SZ-qx%?BDj>8O;g}7dIhq+l$Fki z1PA->pjO5Z>q4rtoNWuW{zXxNBuIpc$xCn$23lZ7aWKCnCUpvyUrUqt96|+;Qw>W? z5FXH_KH4!V7qJhY4kizPm{w_6=OqYANlGkal zULS6sW)3SezRP|cf;>k2LT&&Qo|06Bl4EUU%=i7ze&3sAG%Qp&afOs(yORBRamDCY zmryY;5<6-M~0v6ak=F0rdCw+-9kW2=7NT(?nj^t6_eHkXWm zg5m8@#cDEdF!1}b9jUITKzSMXUyM);0%kp57Jrp(RZQ$LD@98~a_kIOqr+Y@QrzmL zzPI!>+8EjM^VR_gdkzjgPuxxV8k{0`*y47)+mZEmJHRAAaz z3zm4n^qJxevBL}uZ^7I7?Sk_T+zN`iO)pn>Ks&6E2WL=8kkCNN(=_zkPg@|=IQ1nA z?TXHii^MoD;`uzSV<>``N8#i#9qyKy zjw*|ZMezr>C#Bo2PS^`GsBuLPv&N_;DDO@M7S!Rn`VJOEA&(|zv)&XX;KGa6PZ zq`;QVh{GTU*OQE8X842vi_W!iNMV;TJZtdW4fedyE1=*I2MRjm$zjWnb;)8>HghP0 zOre{|SclzJ(02`TgsnPboJIZz!$ePc4^DXzE0YumUq`^&?f@3VG@x>If^^GvnBEC5 z_SysK*c)K@w1SsF7gFde{CQZElq$DT4k3^a9xtg1<88+ep8r$IDRRhHg6S&-wb1<_ z>K!*^G*DKlsED!5)LjZ#hgd)i@|>i#%m62N2O`L^Xij=)MjeBW75wdGOY85J98?rJ z-2Jp~BgP;<{Caq2!(bZ9|F2I28R=S&v{*x`Y0Q^_voHa2I0&+K0l2N_!b$if ztT7pKKyv~Zd2&DmcFv7{P6K3_yiCyTlOptK<@RJ15DB3VT&{ukVw|9X9X~TAHg?fB znC@S}#^7Q2Wv#mmP=zfj^Kn%xae4HY7nVWWvDzQ$pz)COfQZ`F5{`99dP#*4O4{W&Rg<8xFFuvH*Z@&M&JJrh6Py}O zZtHOBvb@2p@9+>3Nk4cbxI%`|4Upl{ZfTPMUSsO0cZ(fN8hHwV>3b2qpva}cj!8FY znPl(k3Q~llZwCU8=ADn&M?(4IAV#DwLpYlUO)5hIEGJ|9t#p8x$_c>_^|XLBdlRtx zXq8ybA}EF6E=b?IO$REs2J4m zaftqK&0sJ(_18gwG>OvGLoWHgpihqs|~k)9ueT3R%!cLZ9B(9i2r z-+(P*0(PJH{0|7H6|h5=k=6Z}3rxrBN>jf)fD`m0+;ZVXI~_4u#UWTnUkg8GqpU8< zkiTKV%--AU!7eOQB=#cawDowY6Gv4P>qtz&%_zDS zQULcS_mZfhhSeZJq{@;^21!18a8126S0VvDNUsF1$KaV%snJ!CZ^b1gyMRXBYcDh= zM5^2cwwM`UE<+MzstL0}nF^26o<7v(1J*e@vl?=r`zsRR=pm4FXXLuw0hq~5xTMNq zf)M1xV&vczzhcTm8Su**UaAhI9{IsZa|M2gF zn>DZ0+kVy&-Vln`ic8lqGq|1zhlP`gY=y$s6Of(L=SzVb0*9AMmIOFy7?;F=>!@#}$(M#2@f-q9~?EcGVueftXAKB%~7Y zJr(r2KeAScNWQ^k1BEj}&<}s#D%|0-Uz=1!2S4c0aXULN=YAD;&?CzIi0=G!Wb&7%m)+v3<7(Hh*lGV6a2i; zKe>V~JxJ$aKpxQYZgU~H8*Om90v|(?%a@%W^jA_yLVM+3~nRDLbb=h zA<&+21JK(0y9S`Q{AB2%c^~yQqBv(@Y(uh+RU-oseA+%VQe`NM7LjMFyudJ4k1bpbh!Lz3Wzdv^9B@MiQ8 zW4%2Q7B)NyA=X_ymXEohca*?S?#y_37=u}q=Gi;NG7P9~G=e{3&PKv$0v-qkU2UY7 zSPx)bcm7yMBydLamxb5u@rlv;abTsZ-rB;gkO{ysF5W>m;}f?RqdL7l8upvC8B zsd^6*78O_UE*xmF+CYq8uc0OW1m1{HQOnz;!XIBj;CLe31R1y$^tDcc3{_e0QzMMm ztY+D=OM2BS1gsgBw`oOh`I`i(z2K^Urtl8v1jIjfwzF?cM-wB9q(hRJSyQ~j`GH== zdKVEJa8z}H!~D`1a~0LbF^PoQKR?m);=pHl8AxuZ)M0D>_2sM4p94w17rvzLQ5O2$n?J?E)`+8=Vy@7zX2S9&G+FHm zEXREcwYaT!!dgczYVN`qJ-W@#tMS7(K6Z)us(&<&z6RwyrpqUTNBr0A(WjBbyYtL@ z>z%M_C}FG0Icw(g{=SSJE~D-jvJd#P7kzhOQ*x#>6Bat5b$x~K&Gg$nu;;egCkKL* zzKQMQHNqK*US!M+`+S-G>(bUmaD)iM5mIWByfvO>TJVjbOEMwnb@P#ONU#ose|)j^ zG&qwezxRCU{Ew&oaUg9>W0?dzt=BYpBN^aV1OJe^zb4ig$)NGbF9rYcG;7p0pJZ@I z|N6R&8MRG28Oip&O?tJn;_7PkeCeiN%H)u+a(JBRH7&sjdb7UQArU z_OKu#9%~S?gMKeDKbS6Dx2X`M@@>52&z$(Jnb-%5PEDg}&$i9WFkFc+{l~w=ANiwk z^!!}#4w8ZnJ%PZU@w^KMHzx7U#Y)0@7 za;M6Cr0ozo#&rn3G0uOi2jHNs^%Rl?y*T4tO!P&6~ME zlWA$iQ2NzV{4v z|HpMm139bt{3=0#Cp5(b7HsfgcBwz*4h9D|GyISs3f;&Dff*k{I$8<-cpX8X+HA{N zuwbIIrirQ%xx>bA)d0kui$@&N12(@wEq`EywI-ZJgfDSLC~f{@SJj!VcEG+Sf&nG5 z*>#M3b4-YEbI{%sWy=2)TyPfrB%O4Ln8h(&I^gUbWHnyYPxxc$~! z>4S+tdET~ltIGj+XJ~G~V}h#tt93XcSYl*-d^Xfu7mmW1$6Hr%Y<&ZturMS)WPbOF zzUCafv#7{2LiEoyOa>d9i%0^expkouvK2gzE^K{+KJj8i$`%RWMZzY=7$Cjsi{)Va zpNoWx2*#HuBWFAaa+>hxKNa%LF{Z@AToYN5B>r(BQl*xzPi%=R^xI~p z#jgSQ|K*ayVaQ2=lr#q-Nn}``KW3M*pbSj?8_#bqB_qQV7aAr6*ER=+duLvs z7Y$_no4a_3;ixHG!MBO>NesO0X18W%9}fz@LglT;D4QFS05y(m`$8}VH>Xf-hGeV{ zAAja?krU+w5gQZ?24!)NDQH-;tbae=+W9kDMqm`@0MAz{RG65|AC6k%c+mOh%8HIA zL~c>ohyu!HWkW8wh;0^At19V&9dQp z__ew)CuvqdYi)&8Gr&~`4_cF3zeQC!P!{s>^vJQT1y;dp1C6KNNUwHk*n;$Blat43o@& z1|cT~{YHNTWK(dDn$XrkPlO`^srJL!9xi|T0&KC3-S}^X5c*0CdeY3dum6t*l(#en z+(;SMT_*Wa&NZ~hb=3=_9zpWBvUXpNBc zD5GW09g6Nuor}SiAU>GfZaaU=($xi@xykbEKMu=aM0OHk$CUQKC^~6d#?~DD1wCJ> z{tEHnSNLK#>s{1{*5Aq-@&vkoan2IBCX^q%-@iGeXaIvRz@!{F@5K4nc9Y?1{N_&> zZdfWS!&V1b@*p))MRS|k+cJnN`@6GEKnzG63Osayg>k>Ao@TQ*gpLxd{nV^npsNXg zz`ofooEIpNKkCx}LgtNttU@de4sv1QO2jy=wWYRFw6%*uW87ETO4qI-+YEU$Qviz# z>4_pImH4McnSU$$AyH@zF8r58U}-&q2xnNiUjda<&0S!se}#Aq9<~{~A3=Bs5hJW1 z1nm%a1hCZSNH4VWJP7?D_FHA93<1s!Y!Jlg|Fyp0(FoWK^CM19CLlHO${QxT)`z^y ziaqKU^0m4F@O&@xT(^DwWhhR;li`9O6Pw~92Ud6oH6O$^xv1zkx8BD9-dFyLegi}o z;M8(aOI{`kLTrcyi=6DC#HoeTpZVBr%7}9y^RnhiF|dZWg0)&>5%tGD`;|d^W&yCE zUX_ZQuOtFY9k@Yk@|Y3kF@RH6X0{wL=0Nc8K@r^`@Z$V@8z{T>qvplMB(-u#WU~N# zt$z^&AU0=gGdL#le(eu`1v(F-kpjMxt_vV~lR(b803_RrGAt0E*LUvsL4$1v*x1XE z*0(n_p^Li;^>1NDc@ueHLQGH|5KLlC zIHW#gLfqoS+&B#?wgG9mZ241wzs5t>VBY`enTS)I;9(C3Bx;!1;Q^6QsKS(`MEUBo zs#N|wIV@w2uOGkuVTYXsjA)r6z)k;C;9*$2a6s_c4vz9Ph!Z9xdma&l@h!}@>gg<8J;w9%&uVp z*l#nzz1;D9Z7%V2xFUWU66SjVM)R-@GBgB^q^S*gi#|tUVyb99>D9^M(_7M+|0WXS z)3W~*<6MT`I6&HTfKT`)5N@E;7ZBG^Ad|Qr-2M_>peEFgPo`HnGm1T8)`Bu{H=$>u z)*i%SDW0(XTY(8_z$sukzwV3$)5r?SFTIrx2~a3QHs2mlJ(-i>#J62+3D==?0a)e& zK*9?poAdBMwEsCv7D!_QCvu_0DD(9Z7KD^Sz!3(n8VuiT`?XO0n~+1j0N`atDjEhp zLbg08AjdQeVPj502KoIWJP59r5ZOTC#u~SKQT*|jAB!&g(B~Y0?(8piLs{%7KjERJIbaO}pQxU{C6<+HYkL6*Z7ZF4h%%Hnw`c6F2cFtI`=#j^ zeVayz<4wQl$^nfjJ+LO+HfjaJ6ISu%u)ZuIr~EKE6ZKICLDs{WpdfWUUthWLc}`iU zlIclAw0D%2EvA-gTmaOsP5>o>@q$XXxqxRq@;ZRE8D%rnj1NR5m7`i+=?~X{7QmK= zwfR^tBzU*k8$y=$PdjGqPmxk>k?T-de6UW;$();<2BpcTo;SX$AgCO1tWhi{Ro!qn z#mKk}ON{s+@)}}*1M^a$lcfZ;F_7_!LrCb>2WoM^0e?~8d;mcfu{k%*?V~%6T3_%H zZ}p=HDDV>mQ1oj!ajQ$%UD6tH6xl ze5;t>g|}N07pF#8U2gwgU4Ly)%Ji(bLuJ*;MouJP?%Y~KG#{;Hy#n=J3aTswIbK$c zjKoHLhfuQBoUVM7g_~vE=)EFT#Sm%^_Y{Sm;mlr#>UP}>C&JbgTzuA7-@{_VK@Oug*S*eft(mGW}3p4 zMjowB9yX8&=s7DvGL@sil1ZT60hYPcrnTA7(mbQnaWo8voa4AIs5158ETKw(Mvb<5G>Gf)^dl?{@N?a9{uZ*y1@Iw&qalBN zkaL~?NZP|3LKtG>oVx>lfU@f4bN^IaYwj9h0;a|UQGJ>`msv-e=2ZRSFD+ag`V4eQ zJ9WR$Dl)5d#2Jj;yYE_*s@_Ax&>Uy*xgYWM-E+EElrieeK;3OqNt^JHNFYo+5xlfh z#m+PoQ2SK0iF6%-7D2p8Xgpuj)`*U_Xk?J-yd)nmiKs|Sq@){d8BU<;s8*dE)29M7 z8k%Jcjsqrn0w^aJ3=}xT#>!~e=B@)IcoH&Mg50A%>=K)?IE|}dOWP*`pjat@6yX2hx!LE>r@c zK8vUi+|Kb(f;5TVTac7ksz7P_&?Ez?I99Yo(~h=5)EdAE^0vn1Kwq%qO~3|I-z;im z_@;37?NlY=*&;{{BHRpUpFf<>|7$ax+(98aA9%YoVCsM;paM* z4Ad+0Sf?T7{rq&AC5M<}(AWOOvqdzZrJHPg;`P!TKB4o5fAus&&kqbFAZm#Ys672QiDFh(=@ z`zH)Q3$bFS5L9@XO$+o*qph5NH)p2zo5!PcxxLm0$QldCbefN~#NyX=x-ix1jdSv0 zLi{=W?hQ@_&jqN3vN%pnbW&$76Zn#TSt)u1d+7YX)Pn|ZVwJ`?j!^^e*Q^;WMj6MK zcQMYp23bX1A}vVxp}u3;Sw5f>vR#tQOuV$NxP5b*u9gvqZeZPJpiUW+zkn15S8GO> zZs1iiGd7xkX$XkRaB3w@CWPs-lG0CXRn;zb&1Nf~f#mCgMIa^_W8zw1?VGx|U;4IRfm^)LDj`Gmc z`lH>Fb}}|rFDwkBbg*At>?U;4@LydF_9hmKwFvZ3NgQMpytxc0`=R~`T4-e}yq@Bex zoDOSMw4b)<*NLplY`SV{oo7b_~@AvZ!gh4S2>|^W&={$#>^;Xs4-J zASvKQ=x)Y5NxV6)Fd)9))VXAe=u|WFH>FiL^ur-d_7clX8|*|E-)E+z|m;s z8UuPxyGmi))htjM1^x7ZsjJ4AVebg5BRha{LoM{$?y?fcC^%DC?|xf+ z(S2ZLxEFo-*Wn&bL29lo3%CXq+IoXVuWX?Ic@1_#ubV}9HRyTy6xNd&u|IzTPon1M zqV;BDYR#H8`-!$lC+9=De;<0KQn?Igs|u(BLRqEzndT6fU2;VNi& zX^2nFkrtA*7?On>clnTw;YxvIy@oIB3cqXSP|dajGCv3Wg(rXu^4`s~{58m3Y2{H$ z9ARaAYbts=Hg?&m>CFE8cR`My21r6r&!fzMO?z#Pa1ev7{txfLNm>d(v@*AK>1ob5 z%ll85m+Ofw>=ytU(%f@G`Mk5XV7m1%h~HaK$J&6F+XV_1Q^zng{|%c}9`~#ye%Jg& z+m$K+lKZ>Aq?iVnP@!3%!-@Hbw$Oy8#sXsM{c}m=o??-zDfntnVQGLeB?Loe82G6n@L9os+H^#+7o%x6M)#8`>e*3puBVc zOL^LhO-8Z3`${kKpi&vC@Xjd5$PU_7OB=fB$*?Vb}xET^tIQPwXEh$kPY_#k_~F! zIF#L|uwXhh@U^ThMB2PTE3Q}z{C7r(KWWh}yc!h7kAkWb9?=GqV1h=5&sMt$;|CD} z3wSdR%szCjtgg#7H1XbU=)73drC;5UxnW_kSw@>-i%{V-9Y_Eu3f(PjE_#>gXq32R zSS?Cf%_{-=Z;uUC{W?T|k`Cc)Y9XtKOS#htDbt06A7n zX$d)D?yTDSS&wGaJcYwL^UCCR5OVqNtS>%HSXV#4F#F|W7mRM-*jiWb+NJo!70@=! zAh9)US^4vJKvln2*%q%()F^L3?*Kr;*}nr{VC2SWhF*{8h~D*_TOxsqt)-4oKY6e+ zsnNjERo;Tg9a!+XUJ6H#YgLw{rvb1R|8+|J`2nNgIGG?pYIZ~gkZbfhf&WpQR-p8P z_UDS)U)WfX)wl|Rw=rthKfR4!kk=eZq!Kgu1bkElQ7hkAV~Q;e+`q|x4moDfC z2cK@NgEJ)G=H%xQQOnNe<~$Ezp=5ZbTYCPvjFq}kON=8OqJjeo*87NKHnml{ih?xk zh*Cg*hw`-M5Yf6vjBG@fIIixZeA_w@Tx$a?d%aM8X$QD4vN)t&PdhbVI7_X607sGyvEQOj(Ch^k z5r+}ATengD4c*h1pC>;wd_KCu7=|zhf^T2e4BzNPj^Zi_nE{P7O(3BQq6ly>1~d6ig54=6ou?*zMJTzrDc%K=|smAOopf8H=xL;#fPx$Q$~~z5RsQ{6T`!9tXa;*(DwS&zXYp7Jd#M!Ggy3~WQ3P%HTvc~gK7K9n5Il~aY z2mA$7-+^4O;QNAj>l%{LP4b~)`yN)1=?CSs`H`yphua3=V&Jwp{$C`284yfP`0)h# z&DF?4HL6J{aM!6|7*LCXI%b_*Dwcy!5SO}GvxTjm;G@)0i#bKVR)(1bwy|GcBfJok zw7^Ntk-4d!E-@2eCmDa}`>m#G{q|o{DJNsRDtt`j1EzFF7NOda$oz-45DfJRAvkF) zoirO7lGNk&PFoClS9mG=CrE*kbfXKVfW!cm-3({B zMo3lO$4P$SWLG`S$>VhRT7X^fUAZ7-|F1vW#LO&78PgJH!2DB8`MeAc`G~^n?B}0D zHv6&JpJ0QsUG_d1N0h~P>c!b7d!H-HHj0&ki^Zw#_;8+$0?pBb-N>Gdl^8@U(Hk8H zS{Y<4z4^DoLPya|3S~U%gZw}mO+tQIP>qF{jv+W|bL_sHmGB92?RBFCHe~}q%O-QL zK>b5U8q$M$AcKVW7I$Ue#2G5}><{UsJGt=-$tAY{*Hl2^W@!js#~N2s z*79hgYv5c-7Z5CQZ%4|(egy9Agv=xoz@t2LZ>)jXseGD-C7-7KFcnP!@>_Z~Di znFfsV;*r5>MEQ;iZ{M0qIZd-8HFFK*i;X|^ctn=Xn*<3B;q~@dn-`#cKTHmWWR<~m zc>@8RvdhD1Hkh`T%L!s!7YtvI2T0Rx@TC#Xv5Ng@(M$igQJ~Le#fwP?DbPUGjB>F< zsXKLJPC|Viy;HXV!mFnpJ;}ItB-=GvQNr9J&@DjR&+@4O7({IBGxeTppTz>l?bFVv zfftNT_I6SB%?^zgK0!&v00y2Zr9m%(t^g6okZ+!#pi}aq$849 zY8m%k7Y8yGOX3j{AF7K(b#AP(OW4kNYbE1S<~P(?-Bnj?y^liFXr82PUk*i zltwZEOs0-)1NuR?YN6nzP1{R#M%HWeQnVpjoE!P%geC6-&U|oy@cnC>OS91DCXnht zW@z#^1KK8YBP$>zWQWru;oZ%ankkj@ahCJdzOFBY4T{>u;vvY?53FD`%)D>$GGcbA zhYe|15DCfrQ>aBjTDd5*W=A3bOF!kQOu!WOVt7 zotX3kk3|1E>1e_31Ca_TyGXq4QI89h(eu%Pl>Q(L5u$~9)ow3V{2Nl8Br_d4VTn~ zZ;2VW;jnJsOV=B7s41JB)9SM$+YZXO7LE+3=o)rvb(!OOogEdYcP*b-%9G4ttt=L9 zd3MIb++C~qwrF~)LH&i{1Pj$%;@;FswtdmAMHWIrdVceRzeB7WC}a1c>VImuICm-v zxvIK91HWp)1pVFVpZfd%E8$#7qAU3^KqJ9?8`4`&@xA@CAy`a0sO5J1b|-Rp;g0ba z{SF{<(Q9#a8DVf`GyRp8AQ!|znK}qWZ{344e7{91I#AFeTSOD^9}#S>&qk=QP}V~p z#ZG`HMASe6P8!&>+@JgZ43%TJ5VAYJ`9U&d08-ou-IUdk$V1*lOM$W>fW785oamjP z!4e`lz}ejno=`IgFP^Fx++h3q9Yy?KG^WJ}6>>tE3P7~<8joBiY6tZ zSbn(Zyk)7OvxgT@OiH|uy%(t{?669Vo1MhqD1pM0fikJlP?G{8KPbMYdpaJDdX(eP z1?s%skcYwVW1Dc>MuPrOpNAK250?hy4Q~9b#zm4@UIr)j1ZXOD@HE)Epk=-ZcnjgI z{cNJ9!I4n(AqUPItMA9H|MQU>IW$8f((uTW8nnM3Nkn2G(g0dG1U;X?5rZoO)$%U` z4>)gM!g+8BV)%EuM!eyW>xAR&xkLDXOtYv0RL!up4d1uA^72jH5q(2(K%^LCLY?u! z^$w{WWl1R$>z=1v&nt1w;iUvrb`sOvXPl_fxupNG-r!Q3{GFyDaWxB_1s`$CoY3bfu^_CB)P$lQ5 zl8)waHxYvpr9{BtBLMx?17AeIVcc`iwcRMl%6jc8N}D z=@pQ4O$T`?x6lt-F+&hpP0Ci)_W_<|x+qAnFGy+80ps-f;G=Uw$>;~5GmWLvx~Ns$ z`2h+^-a*U+`tm-$r7K^Ar*7b(Xx8t4WK2*!i!Obe5AnACCec5>-wi!rk+9kW2y!fh z{IvTJ0-RL{Ov3?)Ps{oVBp+yW<+l^?9ON2mIVeyFXr zRMRa~hdmq9AH@22ZstowL`2n7%#|xwBKt$f#`?gzX$PAFO-hizzc&X*&(jNPYS@=A zUsgTE-VTEFp)P(ld3pJonwm18c%x)I$iH2bdOsV~H~cmJ*g;rA$NZjFV7+b3!nW3y z*8^;#$PAR!e%4`jECzy8tTpo8@x*vTi9S=2f&w-TmZb2V7QeR;e9$Ii-MhVgVor7pEcHNuUF_xM zB?G__jfRHC#1&}ZD=7JA)2{Z0=Z^-Wa_|8aT5eaVNwdEjAJ}{kybwc$c>*=1 zt^g*0<%F{cr2Sjp_zn#VKn?Q^WB;RJaZn@Bl%b@PO_L=latBm`+!|T|${(j#UZpWI zFmOpqcHSO(LPp01uf0nvCIuyMe@!1w0b19<@18A@AfhJ4`S;cuBBHuLKa(h;X8hz9 zuZ=VG|5#B`2isOlMN$1)-$$v6Qm`(tZw0p27>2|b%KF{j37A_SoRPMC9d5Hx(fgnp zUSFSpCW{TdkjmCxzyzb>iY7Fja*3ymqkV)>Z;R8$Whe7QfA32S$w>ul1twU~lqRwcykXJnkB@^1@POrT ztdB-t)*l;n24shgO~C)j20jiY)DDA%*X{njHV>SL|KknJPE9K4(0|@vLn`Hb^WrHuk^&ki~rj;idz<-4bpX>`v`MC&AmR^IFQ!j_mut_Y9(){KCT3 z;0N#pa^*pQ4$($GwB@gbs@b@&Svq?xRN%C4KJEK+O9azvBjqBGgMnhtopYZzzL(i~ z%wdFHPEO9gngg~ znEiZnYaMlsGcZeTQ!HahRN>t1<1*gVx^PS?n8--Tr;|T@nrtr*PwjqD(X79Ad3YDb z$CLT^_H&9m#xr1;mAs~_s>e5=yVpF3v}oIEgaWoUS~vc%WNXZLkj zgM4%)GMs@!LHR$9sJfLb%-eig26WVZz~0FkmwS=3hyXUF@*+2vuyDP*#Qbvd_%3#K z+SN7RyLZ|4m&mrtTY5qj2Cymb?mVay%YR{TFPROo501!S4_z7_jTRf@!L6eX^O&GP z-u|O6MsOCe$lgAo5X51b4gkSZQ0X?n{$hF3QE50Rfb^gY>U7)z=>7l@5S1h9=qKT& zlP;6-QP0Ls3-j|MW5@=ACTzsW)0KL|A~j6%`3{Z~e&E6H?_FQZ&CI@0&yiGl{P^+R zkp6xs;r#PJsCg{8B%Uw(b>QRMaC7{UN4TijUl$%M!R1$svqs0bzt*^)e*&kC2kB*sV6K+_Sq02uKHOFrCKKd^zPleuSF&ALbpLopRfA&h0J3514tfHCEd@j<9ysBzRhX>#$rn3>Vt|7txv~Y=6^6 zvZCX&#l(#>hsLn02vP0C=VJlh$`_ z--)v_N>?YXk)axP_+AB8W$#P|0|kj^z_E$~nCt&kSD_*VK>_4}#_9|d1Cfdq{ZwunoIbZn+WVr<2A|Qq;0W`Jf$ek`Ukp=?SkW_HP2tP72LjxFKwya%DrT)fybhZla65E7914-$ z*aN{XE8NL0b(SRI;)D!EgERX34q)p#YqS=yvHph_G7<^>Ys=)a38A;8~2W$20 zdOc{U6@hT8#xPzCmS5V%F3*_^}+j4c{L)r=={ilbA3fN|~8oi}%3 zO;~yPkf^wu6`E21gUp6bz{xNel z9-TFz@LY)NU}K2JEYR_dEAA68)5$gPnnRF*+@Q*jNTy_R$%7xyPg%JcB> zur&vjPKue*a|EyoY(D|McxUiI1iS$6L28vm`(*l@$|9US;nfhcr9iMx{h?foQ?PuA zVEIClk66jd>^UCQR|B+Y zwM3mJw72g*LWasIQ=Kx=N)R!6Ou2FpI%*h)VeQY{#c}$K?PV_7_rsY=bFz@eh275? z?h6sYAKg)e67ZYW94pi`$5eK-bUdoSMEYqH>?zjMWxav!o?R9V@h4ct-aboL9SdZa zDyY{*q>#3Fmthy}wA;&o#uxx}f*ASX!-v~*EW?k#%5$yt9TqhaDw%7AjmRxue^DEX zt=rbPvE{Dz%pP(BXHxAmx+s^0V##lA^JCX!!^VM>`r*^3+6U^tpR7EIu*7$~!+@jk zay1}0+w^^4Vab>Ef;IMIA9WHjhsOlztW>Gpp%|+kjm9`d9ZbOIE+dD;USHa0?Ij+< zTmzWA3Fl*r5$bvU1-pta-r(3&!NB^(k|Mo@s73sYaT#CvLG;UyQ0(N*>{C=?tp%_` zolel&CI}mr6g54gX1%RY+0gtq9w?Vh`S(bT9w)sR+2nNjR0i!ce_;=?FGXU!4S*%i z1UwUKJuN>!KL&8T(ON35MhoE4ZOFFJ%J}@Upc1o#qjg>T^BX?%vxwi0Dj5)Hx1K@K z8~c;S(R@0%$n(ZruiExEDBS9Pdspqkh5PO8N>n|XLc=W~PlHb+s&d?CvwnK#&W{lc zo860VAy3#V6gh<}KiAhiw)eXK=`!hL*ZzU&qe7V6^yDXFv%hU&v=P^#w?CdIckT5d zmY^p1=CFoT%|kWypFZ8W4L&6QtgI~8>O%{;#Z{^~+;wv)s<$2K#``O>U%*Mg$*NkT zy5tTi2VFt8^TlCC9l9@kZ|z|ON5)YpA;2Op>D*lbVl%lNI|Kdv$^hDK3lYK=e%|)G zySperga^IzXYLAW0mQh~J17_74_shI;IC^ql~@Y#0BX_}C9$CG)TFgnBT24>oU`BkhZap(BpsEjPVI>D zPuJH-$u_3=V;5isk&Im=QtJ{Fz8jb_1_t&gbj6O$&fQ6;eu6*MVYnMy z%6X#+;obFXd1h#Iau0k>qjQm-$%8<>GbpYW?#sQQE~Y(?9{n}g-3zj*a1@m)uiIgB z!@0W%m`~LdU#~6ta)_sGW3z}A=_5{l)}z5fpE z$y0Gna__rx5S|v@?w{YYNTxb; z=Z$^%)-ra~`w!bi~DKNJv9x%#DZ6s3~jsL7X{ z7C<)LU7jxOJ$4Qe1LBi_wK=;@X4SIZV!w=u_}gb|%f0IyNYN?`1rC!ImTG+Zg^Mgd z0J#4ERnHY#0OBS4Z!ZQDo-TrzfAGd&hci^-c;m6#D$P+W6a9fzES-aro!okoZE2b}2W7GZw-44=vj)I1I7m}!G0qw#I zKFO5gY>&P&;-sq=*@py}OqKoyBu(o<3D2(Yo%eP;1L+FXsP8}l*wJ15Qa6_ln6d3; z-3osK&2;p(kj5bT%Q(3ngD+9q0NFMF^;PW^%6DS)%Rp z!=_$JR+bZ3f{(;DLt(HlAJr_Nl8sVvTgVH z@og9D4}m4}MEko-f=GjVs{p-%PN+!q)kA`U)g>PJPgmD8ik3PT!TJwnS2%oZHLE{w z;*l+Ju^Z-=%tY7oyD+7@*ImEpzH!6UpB=%c(XRFO+=#W`KV3*fYHWFoV$&Z2PI@|Y zu;!ip?GO-*!b*ORi;Xq^G6Rs}L4@~iOP&mH_Uy91)rk%FJ@z@(x4BWG{&Q24`DC#G zr*zFCSh~sC0U17o<8{xJODVW&8gl37`>r!4tUO$Uor5V2&(F{2yV(G72|??3QD5el zK_*!t?%l7!meMxuUFFrFjb;j{T=lNNe73PpFD~%G#kmbq1*ys5zuM0jabH@0O?qBd z>bw)*wGUQ_{Bu*0zUzfwowu_$z0-Y+egCmmuwsdJxAQ`N#;Ysu#5>5_sm&}0RZQd0 z330HA3=Uzow87|naMASj-B;h-55X8|%Auj5ni&7c9x+ImdH}n>ZgpZj0FIMpPmq^D zZ6|2px$2nvektN`^j%SlV|-GzPY;u#l1{55p%$mU4xFpL>xPH)4i2b?`T(5$t^upl zAKSC1K>e!?Uti)hVf|aF{$m4ajN@JZTn8YZ8vu~q(QPW@oi4ugug5i6UY!vw1r6|P z?sb*pR}AkEv)?##X7`aJ_A^rxFMdoH`pX-UX>`3EoYTBJc#E0cQjS*ai@W)_F3dOH zgZ{aD!JdrbHEC+zW;HoEQP)Lt|H7#gDs{UDrf{7Ud^yrRxui4wZ1%IY^6Y@6gM6OwA>5 zr}^&`$>90z6tuO2_07TgKbqG2BNjm)JPcVj2#}ixpem2u32gW^C`C6Tj1>+W+>*aK*p*ibJY59+jTl)XlczqqcS>=2gH zPlW|^H=IpKFHv{^Ct)UFrhQo@Xo=7A;^Pf}@~O(|IzSeCzEVk#6{#|Q3{WpA<=JJY zj0&*Z8Owl41;byeKCt`uPSpQ&?JFmaDOm%8FbVb~$AIwBQw$S+w+?|oA^%F?)IG24 zg31IcHfVEUXm>7vUseY^bG1*D&tiD}8YjbDaM{fZZ~0cIpc*v_W*5t5em$f9=N)sU z8|fmATVR!~i3y(L{=j#dwENJy!ht88oG0pIeC=)_d)2aj`QEkNhZ4GyNh*=$69`5*(iGww-BU5fM{0IN+@ zPmlcUXr;WI2`p7XsV51$L3HZ-^o&xaMO?rbTyU{cT`t#!0SpCwN5pNpIM5kOTwC{@`{jEkd@tI|GjAH9K8%96}*)R6X8!)qU&LI9re&@AznJ6XL}DP9bI@gXrn zHp!6y;no|9$hzCGSNCUoIB-B?Exos8ItJsSyFwll86O{{B%GaT8y#gaZS>=V2(qAE z_Xr9939L_$V4?q7Bk2EFqjJFfqd>`zR*B}3n06_&5_Xfu7m-B&IlTmz2#-eiX?d(x z6ytg!wT_vMvJ7&j%&!15#op->C{u(|LTjizinK&0KJ5UaKrArtpbf06YX!T>%F%Ry zSL^gctvMbT#bGe=q<;OYv?;z^%5`^lcRgT_903$N3nc7gN5YMktE+`nbOOl4Ea?NphQ?n_SI3HI`m;M*q*jC{-PZ?+YSOEDbq|wLuh72hd2Ld zN9Hs0g~k^o?pIg>cg_h0fkB_<@T2ANg6&3$@y41E&KCXl7cN&PM^%5OIK`zaIHG6g z_6T=}C0WH&B2?4NO#)c)KdxM4uujU}SEr!aAZRl29I}E!%SMZS5S4}EHo+o3T5r;O zWqM@?d+wX-0wP_Zujmh2$Dfb*FcTt}ct7 z8s<&QRk@|d5z3fu%F3xBL&Z?drEir=M{`^Adc$K z1I$Zvzut`&D}2cn3e6fym>NHyke_WuCiSS$pKe zy#aWOPX*erA@;*_c>85Ie=710SQ8OG+zT%7Z2aj?>P1RjOcyztO|K8qE!jP8qAgB-j2Xh)D zN7^Qs-D&m&tc@^9bT)E$Ezbp*6vUlLf2 z$$5DRkdTn5Q}2LmS^veXiwCIx(n(|+3G^-xmTG!p>QGH-N%{HI^oPt|U4wxJnfelk z%$W{(?LhAmdaAv)=mpxZ&ulYp2r^{ZU!=VExOLQ9=6K%%8QvZblr7iGDL@65Dt_KN zo5FzKAu(Fd1%~a)T#;&GD?o|0mEDZHEx{dwbZ8Z@*I9T4m1s|>?ypC^dca5fmYI(g zF9-;BJvU{4g4`XW-V7^<;uIU6ILRerB_Q7z-N3+Lt=CZV=q71JzsL{IlpgIOLzGwl zraEi9PM){ze8VrJcnP5bBtp#(J>E>u-ITH;RKJ-Q><>lm0Ea$CCfT z(rf-eaT>3n9O8G#np{i0dyFqp7z{)e1KW@h@CUW^D~qDF^c!~xekez`?HAmGYN~Ex z;l{Om56G7a9rw@G(ZyP~GeeF5^bv21dVd1C;Yn3E%^XL4Q&;Dpxa3TAJK&CX1F=$M zg}5y7>`2o=juAKsH{U;i+5&<(o!?NqzaJLw)mmvyiLaxn0@EpRU5WiqCJw)rnE*Q8 zSdChpWr|6mp6qm|uQJA11U2f5Y+m@YP!v>7d%zn@yt}y@J8ZH&<-rmXtRXpQx76nUK#HURBG&%>+rMYH0(MHh(8_uR zh?S{_2H;+3Jqe3QOHMYA&lf%atBDPBh5{9aP$oAA0Wi$CNW2y%g=NwNh*DQSvaOGU z;%n1kcuKvPmz3@I$P`CkzIzO6XxmAx9(3>g+~+n=ZU)ko3z>+bYThWugs zGJj-Ll&_(n#rK87S3QmA3FJn8x<~19@%9s>$)58^oArBytp5hsD?n|5YRf3L4C)Ya zpdKQFRB&DxV^vU~k4f}{Oa=H~g`pAg;7;!JO?RrCf3)6-oaJ0)4~=9XblzQAxnPrt zXe}rUBq+3gsc$}8W-10)ZzmpDm1j3TaR&7dKZ%naHmnQ?ZJl>CV$F<(`TP1x5 z)*-O`okC95ptIXGQhMnCraW)~UG`EF)XvhFvJH@9d=TYxnOD?(+f8&&yxY6%@>5+x z6sfzbE54@mZT3m==xr|Oe5ISzbIyKP>SΜB3DM7cNI3*oNCy`nES&UR7^dwT+bT z6}HE1Ef&J9j!f(+!qh5penEadY}o!>RRfYx8M=T0kLi z#O7Z>+B*wU^999$n-nn25DTE-{_z3;jka#AF>5a1qrq&9m|w+9L(|J8?hptWyG6Mu zEFVh9J>iG{&e&DEKkZ_QyU5CBcj1?biOFBEEAuj^<>Du_m!)RzsT({b{L&!i$l2mZ zoP|O;eA?x*&+`s`Irh zhva1Ky3noyouE4iM3aJ34OJbh8Ds8GAzRP?Rdrgf$x|5pp0lnj)?`#FC5JxzW6RUn zr7O>Ic=w}K`5z6enx68tJ=;2Y12@?k=T#>@< z=hYXO(0WV--wmCAGr@K;@Pi4Vi;VuD%6~nPFtqEkZ>ns@mMXwm9)%?(gM3@Y*#L)* z7Ud}E=To0tZ1_DJ;-Tp=mxcBHTjeXqRUR?FzN9t^a! zJ;C32nGOf1uXeo5h7Np)`R8@c@>A=#JD4j^BbyM=E)&cDkOF-=r6Czb^Z)TUN5^2s z`Y})~=?}!bL<43~lnNmC5Q2NUJS|I#0qXOdRDR&$^8C4H8*$puwR*?xMxXH3OI)t> z=;kjZ^#E^m9-L{hl^f(hl2Eg(%*>*&t|r`ezw3I4=hF4o4paTN2ZP81Sre^y|5T)Z zZ9(hEc8CQ&n&phI@B4S}2=~6^zD@rOc02O(=AtAB74%YKq^!xOlO2utRo4Uw=inR+ zeZ_WQSZ>|em9MR52swfpwz}N1`#J^|t5yFDE&u(7iU5qAOB-0W?!h>E8^FNE} z^8^5W?cc=#a_}!(2PzP8dkz|S1Ttm#0irJ9j=#~{bRO{grxTd+jG!%bb?oJb+}E2E z>4`U=;lPIrn&kdIpUcbR2GfY5H?Be8Pvku64P8a?roPL^MoXW<6Ml z^k@<2QPIwYswjVgWrI4@ir@X8fAN!~b<-T#B@DaG+ z5NkI%I^-iHQb9pD<<46jT8FUax;oVdxXxEvhu;!ORh>|hnSLMUZW*T~hLef%uz#n; zU)})V;byo`z?#1FpEWTOgKY5-@&9^Ya7X-2)XMLiG(qcVXO-8U+7m$nPjeL_efsAL zff9xMv9$32{~v?3M$tir8L`e${_~aXf03rx|NAun-V`bLoV4%x)aq|=x56{|LmAgk z(EStcg?|3km`nUaLV$FqAPuU&S)e;d_KO|u`NZ*so;&L>$$7o&XKvLm?LdrU}= zi6orIn5oP^KW10|!MQQgA(5`0=}&j_@1KQX06vGE`^>`!DwdHax!@P5YEb=i^&|5A zbsn+)>pTKV2q2DQ!+$mxCQ3yE5B>y@RRict{^WqL#DASAr2jfm;PKh?p@Dg&h>HvN zz`($e@*!k&IRq!+0{#uh5G5cR8#d7F*?tri5lK7_<+k_2Is&OaC=tDqtjb$5Gv6iK z59sIKPvT2`vd)8FFbxjqB@*<_@Joc|yZyt~;o5`z(jX87|C=?Q=q+Sp!yFtOte~d$ zsnj*?qXKD~NVKY&8f=N3n{T=bj-Moe^Cd zs@lFxnD8Q^n(C^Uh)THmWAJnb`+WVv&SG4d&%CKp5G~GP`iUvuB0#+(%_KiVK@MO=XofE<&IVIf7+&46#9qXssmf zxS;bxbc?T08vO;TQjA%R#mBZUEp48G*~FdW_v`dByr-hFpC|^E#9Mn)D(J~YTuhJ# zq>&X>-chRFW0O}mW0U1{3nlQynSNjvLywdXnv239AqcCEF|hv>9ePpFFDWZ0q~}g3 zlJoW8wL%3cv#=OU|NC)L4vrZ=u9NN5I$5Fi_ux|cUX`Q+yW9ji(9zU_mdI(YzdGyFmtYqw=@*j+=O)1EYLoe~a zZ=4#8G0yYz{YRj@A~PHP06O;R`Sq~3cD7LsR)UUS)&%*@7%RnK$B3TfkfZnoNWer@ z&_-bNIw=u$WUgTnmssJd9uKKHjH%kpCsjSsYJw?tBg$8*)PI;_vc!SExU0l?%O9Av zwN5|$8fI4u%Eas@p9Kw_*K~eQDw2Ey8L`qQ`icKfwB0Q#`MJ`&M{&roVEH)Mxd}tK`6aW4jmd zCr^W!ud8VcoupuIE@bUOH9bFI&Xf*zR6mtiMOW>UOXhjz@5A$?BL1IfLHg;h?ey~h z*iOFQ2e5r3BR#|}gI;Y~A<|M&6>jJ=R&RUDl4|vPOJ8Bf#ZtVYR!n|m{&iPJ^oaBc z2h*f!AWVFh!RtIbgno%@eHcArna(n-Yz2EE)tQ0y^;NKxV>tZ+*Y6@_B;lUQhQ8&> zXGlc1>1*+TO#6c_Bd#FODP8@?Sm1CP0?D;Z-gRzUuol7=cF1#TMQ zJE0dQ;&a_}tCiaN^V}~F9q)!mW-M-x>H;@`z~W5+-k-3<012uHZBYN~W@kwBCO%3^ z_~xI&%SxH+73KG2peLY&_h>Mn{^TN)jgug1HDi0Cf(ZU>@AC(3o{TU*n&7V~a76QUq8b{B+;=~Ssmj7=be_Uw zy*Y31^h%m{_Vuhx&+wBII7iao@9$;IXO4+Hz~wqW%L4=qRV}A|X3w3L#)N%dTk9=t zJL^?AirpH0osKVFoL)|NQu#d6n}5es(6|1-Wq*-EAr$FN&@3#h;ut>|nxN5ieh+*+ zUaFk_;YEs0_UvXWGU!PLIkZ?1;usy9(pCOi6AyJ=+XB}-{o=aDWK08{nx}J9tzj?M zDSyhoBSl1bwRp~Yl{I^PQVm?QgoR zCzSOb3#kf=a?Ww03taX4ZUy;uu1~B)WMbUOZ4?~w2>YUa-KOUlycU(Gu}UB8-u5I| zTCNAu%ir%%!$zc(sj9k_yj%6IJCIGCsfZq&{Lueq`a(ms$IuU{!GXQvRlHAQ#}kuq z>^DJ7U$F`Nf8--l_KK6$35h^|`?mWeG(}3kwzxh_V=W&y=R%n_Bf-%yK%ZXs}`sSb#Q{DI6QHU4&cSDiwd)x8k*Me5}t>>sZn`e$CHb=A(j>jlg z@N|C;3`Uepu6IQfv#%H);O1lD(Er(DY<7PoQ9}QnMERssL9C>W2S&Utcqb|>Cso|< zJ8kb8J+THl^=)ViurlBCW+|)rU1c!HS8t@(TK@<)Lv69*oeyJN5SKnBr(Bm^=u*q3 z>cvOU8FhTSJxPX?RE4H99YHM=^FZWi(e z)8&lHXX{4hqBb+nV>b3B4lPq`_JVY`XR|<^wC#;XG@td2(0NEn5c)eg3P7*nUubis zdq!Idm4t@!@m;J(V8i3Lhs*xiqo0!?7v1dN&6+>aU>kI2T(?TKPx{*zty+5nPg{j0 z^$@B}mvF}W_d`iEh=zJl8J3OKoMw#A`H~D8vSq*UWNnOl7A=)#vA@I8v!3s3<+9on z+E$0_7Qd#Yr;FT&$#`Q;8zUO*wbc58zV_hFjptxSYKm&8FP#4`wYa*28spuF>5?Wd z4}0!I2g%Zh8u?MWi@tqk6Z-esTiL#`z8>1c!_zTt_}1)W7mY<7li|v<%EIuGvA7Y( zzD+tpc}il^_Bob=%BXgso=xD^!iAB;%F}9xk;UDJw%(#r~7KYPMVcmSWPY7@Ux&9CB~}`p-0bt zE@RVC{H?hkpNp5^;?Fx6!CF53y8lOW@;Mx`mT~{l(D^G-`-B)16Vpf5(Nr!i0yq3{ zCVh8!OEOMZ!<)%-@j}9*J|S;^ua0Ouwra^S)C{LU_qsqk+_oeG&1K=O1#u_^uTsa} z*LU_)FLxW|H*G&B>}v-YqeJHr){~1o!{@s%_Mw+ zVBt>STW^jn4qJXpvu3w6sj5D1&V5s#-ajPHTvoDR+;rfZao_k(nPMj1o7?hRW!D7} z>)q@QC#)h%S>G?hv%~n%wSe=^anTzo)eXSmB(Sx!%aAFa4{Sz;Lwadpb1{6Gq1}cV z6f9rvRuQ;%Ac0^yEa9dyE>iU4($?WylA^{Om(qve76O&kpRv=p-1elo$?nb4q@N-{ z8efF|Q2Yjx)*bo0oE}J`6GbOUeHDmo<|-nJgu1isK#MQ6UCo*nWk-|AWLb>pg_g6I zOzwVu{#wiW0da~ZX6!hcn04iSz%$!V!k=RQY+IfGNn-x19pw%C`Exsjk7=~e)BLb( ztXAtvBr<<4tfV1-s?x|WJj%JopK^$^alm`~hH&C_S=G9d#i3)Ww7QErGur-gXsd<3 z_0ZA7_JjcHFHs3wz0ZDx$egb&9ONX#-jIoPy!a+1nNb6J((cmKwUXNznG-B_9Kxks z+$Bq}GZ@7W+MVMWlEK)W$F{M;naL)Rt(Q-Nb1eMV77O+HcU!3J)xzzW(?z@oudPf? zV+)M%>O6O}WDADKuq&cggCfF(44iR!q<&<7Cl5HYd=X(?p-inO34^fy z94AR4_E+pO6^7l!Rhx$kjc9YbaT)TnXk3qH(Ezl!%C506JMT{WhREimo30?@DBE_G zBV}iMvRYgf08k)B2S-3rl@lxet2F`1nJ_5-Dug5dSGqKu+8%zE;(XhJemsw0hdHiK znW^DaP1swSfEU>69KxTnH`B7AUQ0NzqwDCFXl5hl)+}3gk&`e#F|)B@NV{0~)J2_F zp`4RQd!F)Fe3XRF5T@wxY76st)Gww8o7spjQMX5ka|#$=JQ~EWOzfytq_;Ef8{lYZ zUq<_ShA1j%(H)-{ZVCHsBu9K5<2OMX$6c&J?LplM5Ns15`F)Gl*t?tRZzjVd#`q_Yo1@0qHlk>9OlDZJD2JNc@IJs^jG^JV}}JtH|S zl18uH$Cn#)Ch=m+wEQzf;n(7svkWiAVC|Qg$H!;*^z@ibJ19fB9v>rrv=*_`8Gb_4 z&@aIae_6gsEfTyn2Xk@dFm;g}iZeXMH#-WGuu!4@JC4iqjOp&+&Tg#XJx#%3p~23P z1jy*6#Bkl5E-E`~Bkyk=+RHPR(M2u@Vf~@x@tgk;&k&9N3X0nQD<~RC3#|yPR5}nC z@tyO}J4&}jQv-j!jU>pwrT7XPIZn-Z`)V5opzN;hRYq=;H z`LjL_1oNSxo=VxK3IYALf=PLiOTsyRRPA?I>kRjLF*q+ssRfXn+G?IGR9;Z9i8zwS zGdts@@pJs1bPU$ipH(Mfxlncv3Pa{>!fdR4+g@H;u$>U=r$Q^?qL@L*^=gZ}&+NFXWW=m`W@ZLE)t}XrOL15GJ)g z5*B2L*RS zNxIID{t*OSYo}&wkyoiwUdg~&y{vh@VXC1zHO=A>P((0qS|*>UxEjxKT^c~Gy02bC zH!oTB`5v!tI7aR6 ziF`&929@%jDcjDBasbWeYbH4+F>(}R6Er1!B%$2cfFJz?lQ1`e-SHB-G_%#Rmib&I zPKj6_A{OteBD19AuHU-c(s-l3Qx{cT)Q22nOe-`4i{6J6&BzvgR&q2PiuY&%#5NZ= zl9nrTL*fAx>?JaqLc*CzK_{aT^X^PXdTj2yBS>{#UCm+shyOJ6EI zek1lT`5tFQbd_*w`DS;C85kPsj;8W|KtFUyV2bnWqSUhQW(VGJVuxRhRS5#|ve5cN zZzCOWD+9=-fVnQ%7M1U^~x}oa_AHUb{@;o#ASm~lF*>^ctPZ?Vw zqdmk)Y2%2XY~w5ago1Il+Jc|-r?`?gh`z9EuVkszpeLDa`MrWKp|~u(C%y7&zmbgR zwPI0xHv7I?O3+qS_==wSw1uHElf&5%?0eM^z8&Rt_4~%)sOWD#-|Uv#hi)H2$$Sws z;We*DbwH0k@B4B~!;M+{%`%&<$Fy8L;wKXeEcZ<fkQ^midQIF%}B=rLc%Y^`(K$eRo$>U1wa!qJN zfSa#gMr7A7qh6*H_M84_tGPS77gTHVE!+evOIW9%QkQp7z8d8hQNbKL^lZl+s*KNH zyK2K_z0^8FqQyU06dhd5 zq*vD{AF${wEIllk63#ag$_pOHyP40cO3UJO2yx!+x3(iuDZSb{+R>6p> zQpI&zTQ$Shy3y0#I5KrB^Ky9tFnwg3YWb2E35YlU#%zUJK-!f5A~!%elWB~}(p>zX z7l@Gz%a%McjwSzQXgn_c+y0(nUe&&EtO)^4bw5+7={avv#K^b9UwU;>pH0uhCe?|i zH8u;a>YO-d1sIGS#oY?ZHcS_?QkUQO1?uW-DWQC;f~H12{7nZ}c|j5>>Jc)Wbh}}g zWBZL2R%+dPrP9`k$cnQ>lVMbyuAUqll1v_5e+R_KT1@!=5waDrS!a zgpj&V7^TN*XkMZ#({=0u(lItGNj?cQEmiaL_wj_oRXqm>?=2TE-}QPNmgdD4J6=p5 zSY3qj9{2CnMbYxIX}BVD=<0M25Y_KT90H}X2-^39AKM$+%?9)n6TglJ2IH;`20wNP zMfqJ!$m_q?(n`jpnf{U*7dNYBH$9)U!uYi){0b3?F;^si@-3YA-k!PnLM`g-$GqhUNVcvRPq6L*Z?|WX3 zOfJD$8B!K%v=ZJ+k)+a=Nb)9V^6rFuhnkecYKC~eIOZm;UcHsw=}q&EhWMs8I_3#H zwc3;O(}9K(c6@N~gW=)ndiQ%a>Lv8^b8BMuD0qNhZLc^vq(TjSJ7|QF9^V! zAWP?;t*kKc{-ANSKV&@YOq}8(*W!ed&t!c|RAn<>O<{dg07Jl^rfK=8VD9⋙9Ga zx&-u-P0q@D4sfr4^b+BojbjPS4;ZWaHT~rQSm{+&Y|_=twrTDtsph$X%bOV(k7noQ zk^^%ScT-o*wy&5Z#Ay9!6^n~n0P}{2c*Z70Tx6}46W!4fZlgityaaB8Awa}}BSGv! z`D<;>P;`b2;;4VM`|;7#RmFysn|m%$vHZ`g^Ogl+OSZ#@9u$-56O?~)hbk~*;Eb8} zH#6FC%1y!SY<(hqa_bIKZLSev2k~VpR&6(QUDg5>aXd$9a8GVg3vXyx?As6BRea8T zO}E$%9akCJBcI-{7)mqt)M|yC+D6v7<#A!u2#dEWOYl~G-BNqS%3^DW^*R2^fU+L# zqy#r^x(zQPzPu*~m2Eu&cKR3tY28nUa7c<1_3ONYV}$HNeYx5`s+yUequ>lim!j3c zo+n*T@y4e9P1VgTVN#$8qk~fQm_dZ` zD!vYMDH3gJeM|J~#!09QSn2ZLTup1ZHf;mOhCqKT2$)Ki9Y_|-&3GZt z8ARmd&`wTIWw|oI_PD%)@IM`O0dWx?UrG|o-{+089i`!<~d zKRi0SYlNB_>V?#XS>rX7SsJrqQ)!~3f@9{MhHc^yj;RMj!cvpO3IexzwXY-M3#Q4Q zZXb98Y)w>NS#8AjwG>#HzvL|nGubt@!ZC5%@2BHTuKr3ndXXy_$Iw*DQF&NWG#Jod z0|&DZJ0fnTY?Vdi!L+ORD)APH#qkU2M92GbWEkVraRjXJ-TCclkE5u=b=0#XYAkrR zsbPp{J9*xfsez|~J+_snv4zUvtC@_4hZ*3WUu=F5HG+(?*_6EoQ=Jx@4a=-9&D6+H zo3d7&O)K-P?wt-6=eU;7QQdh9Xcd6n6%f4RZZ*$O*b*ff^AnAN*;xJ%A2XmCDq@~# zv#6^rx@Z92`Z6gzIDlNwtPJ!fLumfM!s|sZp`A?4CO*e+Adlz-?=TcGeU0y+evOh( z2_M4wa`HfivBYlviwFkZUK&VXj_}m)2|#=lq@Vc%ha!4HPrhz}{^)Ve?kd-SqdRWX zb85z0RP>QytAc0JLZU%i;%$PP16N4Z4@Vw?&xu>FXL%Qn&8JyEnDq2TD!Cev~J^&w& zwWFQmCj~saSxY%w?ZRr**&9DMd!MwLm#Xd4*N1qw+bwMh%o5Be3gi>ooWcP8XSzHX zCe8f>=>cMa7wA5H0;H5l7~H@FgH_kPFjm!LMuE4HViipFiRm1DTJ&5W_-57b6c!b3 zxEbZ=L%8s-)GJ{DBasNq*wQ?G)0!ugZgn~eT(u;K9AdbA+p9c04gupfq(7P_2}5N5 zO?L!DWao!i*@-Z1Al->(!j%Iw^!-6Ely`x+U&?RvZv;pIB46Jb9oR|)PG)a<;Qs(a z!ZJesJ~?gXLIw-OpZKklxgtbM<_dk)4ntXgEaLT+_fM$)sF4)xi7vi8$@U6mRWHj8 zcDWdube*Xxd`fJU*@U0psr_;7vf6BRwn*h^)DeG=u7$a}$GiiZ%$Gz&R8-*@u10u! zsqXyc{qZIbmVv?b{e{o&>l?&uBdvdUT!mRJ>xzPUzUBD?6 zV@PmGEb5lFY3x<5BJJsx29=~arEK7T%tQ&{~j=So}A zbEcXheCYAEQBz3t$^9BhtXj7IWC~(g^NCc;@U|L6l#3877s@S^n>wwG~oe z6ELQkzQ;X6dO`m$A&DCb2Yx1#zVdlX2!|*&X=$%DCW1^P!CG>yry81`cm^8fIet;m zkHy{T&V<9)ajree`z56&MI2MXgLox8K3BI(7Fzo?yt1aVXC}Pe+M^n|x;|{0zNhwb zVZDm{3%Y*pzsNfkwc-OinziVw1FOG8DG;xYSNuvw@3nN9e4K3fs5?HuP8%xoCh6cr z#o9e{I%1xaL-z0&lan_4`>#A>YvQ=|HWOp`{!m0!JVR``&cI@PtU_O6-IO-GZl$}~ z>bc%hkF3!L3!Y1%z|{M(3{@|&exGim)YSXI7Iq7HvTolm{M1Bcwb923;G)JWYYJDH z5X3oUCxt?Jh|ukoTSvFPlvZRB(sHZu1-tQ&**>F zWp}iPRC#Vi^XECD{P2ayKbncjn?3Jcv8a1XRac4vUb*g7^wKFugoXJ(M0ko$f~z&q zthAxWkMN{ABQqcsJ$*HFCyC8(OcIGAFC&=E;r9d>+x1!u=s-PW<6VIWj*TpEPeIHP z7}0ScefYbB-tGhrox8Eh;d5~I!h&)BG}bkqfS1Q1hAN~ag3Qu-MlQ2Za(*Z>;{@{Y?F4aFv=_JWIols4_xL0jann@1RY|H}+9l=3Tog49J4q+4=bcCIaIjh?OMB@|;NL0_}bF)d&8-A5fj1k;WTgYhf zk!R{DyweDv61)$69PykbB-YT<(hGZU-d*?GyLM?KeVC$$oJY6|YG1V{cQ%+=b!hN8 ze5s%fqGN+2%66%@8b7wug9%j=j#T&WTr%!~K`B|asLV`qEG#Yb3zTS^0>pBfIz%&; z$_j2)0=Q=f;c+^t~;$^Oye$>A7E#p9`~|XOgI{(A5u+7h^72Kl118+QN!WD2N!# zxQv8u9I}p-I?-k{H|v?tHTIU-fv&vh;Rg$kN|zH8`J|7C4`@^d=%5|X4=l(pvTh5} z>~YTBWnJODdsZ)HZkj%gruI}oWd7Db+^@{rDYWu1EAKH0D4*sdZ_0Ofp$3$D&ElpV zw99p%%%X|0`xO}?)>(J#k@Jl2Jg*_lK>f7rT74dln; z!1ov=c)@qSSYE9p`ybBc=r4`%|FSMz%#HJd!=EmK3EzvNUi~bhpcEe=f`pzO=(MwN zz2h8#k>}>@3|pIX*nwat&`tB~8Rh#9=WT*JvJ<3eZ5WHjbKwO`kEosbm+5HM7G?eW zD4eI2w{Z#ERWs3M?)H=q_M5bOQEE%3@5?^AU*ia*UE%=W$WPfZ*htE3$MyO)HwAg= zPNT##1dZ=hSE?D}zWmlrt2jmq3J;TLC~n{6M<^H27j!h-LNZ1DNO|8-KLFsc7Eb*b zjro34ihahwE$9b}d}++b$xfgEdWx!OkO!Pqk$|Z| z>HYR8U`$$dga7-}5|CuVK6C#4YJReUQd5AU$O{JI$l0Cv=Z$@rPyfn98vfDY!KmyW zDq-+3uvWB}qTrC$&o3Zpj5{EpV9l1c2unSc9Z$I34`za8xO`v=sl*L6lvQJ4N3fLT zws5+}y{8+?$G53_PRl6yRu_|*Tuw~?(g(VDv6bMSH#=Q)mn#N)fb2Ut{CaToO(fSW zyHVW%GGavNn~dgfkNcTa&L2B0@2cG!Dss@A_qmx%qWzxk(0>;CNLh3E%IYw%zn&c> zik;exkjJy%Hf(aJXJ}>JEP-pPM%G@8D>rm6?3K=YZJO*_@!n;a zv4%_1ef$IhFVRMKp1QX^{WK}wNNeHWxO*~XHZ>>%V|Ijd=%hZ?M@eELWs28xDX4{p zsdN9RynS*KLb)Co{`O|J?tvlvq*&i6>}8j4+whF_EQe9JEk(_~TT^&N0aomKLst7) zhDX2qz<_jx^#Nh?a6E7y4tQ*V@zV*?|}lVCdme;vXX(2usWu za@D?3d4z|gIl=6IuG-IOLhQOi$&;@6<^cb?xIg2*u+k1$Cl(!Z9pm!r?a~zL3N&|o zx_tn(W*v)ipLMArT3RbQ?d$xUAKxTw9a{lV*_boAOqdEr&zNYToVkd=3m zb_YvhP-RL4HDe}6r9_leW|6Yej0Q32jqpDNSE#I;G-$$(HP)u5UmI0w%xb(SYMGuH zm?TUW>WX7DdPG=pKSs)&Y?O{Kn6##4dxzT@1XdS?`Vzg4$y!NuaZ8^z1C@Xyy=IST zT;AjB0nc2s3oDzLGEhB4e*OARpB0tLep88FX=F$ucZN4cAq*bf?)%F;!A=Dc;-SgO z$>9TU!fOv>ntT2%t9xLP65<#;TNJ=LaTsEJ0~qAP2|(%Fx>%&fZ2ePcyPi!E_sE}k z_n(r~5IhRq>CrA0U^4&8{+G#YB-ftAlpd}-n7|Nj>e6KYSZEblPwK6 zsTtuwZurp3-t(~{wraxh*!SxDl9p67)idMfcI-szBW5K99YX4Ixi&kyRmKxHH@QXB z9z_CFRMT2s+I47Yp2t)Ik9x!$=F6YEE?9ajTf`B!DYoFNIY+L`%N2gh6P;D^wr^lu z66T%5w}uz!q0L8NqEL=bO`{a()Ks1D4N8Zshk0@93ptT(tHYQUWisw-CK3=7HpL_` z2?wrQ+!mh=_x-3Q{+%>KDy&y#_9Np9R!^3LZ6(*T^m;Nhe_Fbb=D_RExR^-4#3-ZW zl_)uk4tg84=bpK~9g&K(O=`o7lSEj)DeF7M;4`o`azE)z{D^pAaL|QN))tx;cjvvH zDjLagf*nJGES%uSJ5hzNgi$WI$gC6Fd-o}bDZNRYEoKm6_5tQyB7^eQ!(W)uX$Qsg z=sUtOP&PuevYUiq>}E4RfsnBWxL$>gr0}YmiR-50f0e=;-Ux+q8@p*z7-fbysHGT| z;=kJl#$6?VfCz?tlq4cr1J|=PQ1}!Z49*4uH#a24w!2Cb;4G=?TKrG4ivv(srShX& zBJgf0a)keFH^`)O=(eLJz#vg%jqJ6U#pzt`98!9EL4S24@$s|t-T1I<^dhkGjyc?J z;o5>X9w&?e`V-OZhtm=s9G3`fSH8@_r(LUBh28Ab3jrT;YLKX~iLe-$Z_zWvmbE;* zj$Q9)S3RT#l_bj@+2dQQYw?QMKMYSA_(2VGZkQ@QU_yPTdx6lj^yXCCZj5hoq`HD= z$8>lnD>Lluu+nf&m0;d?`j8BX%0PsuKm2pYBFv8lLw-jKjlkmlB<6A}#$@|DF%$xx zF8t`~Nzo7rs^)i!>WH<2!ov#&2*L?NO__rGZF(p?#BRkGEiXCmHJhl5Yb%phe?r}z z-HQyRT_UkK?FsF8k8ktokxPkV&`RWE!YW~>Go@3u4R; zFS_xdaTns6=*IcFVQy|NUcjRRY6=2wb{=MY)=1o_ZS=9nQ?D z@F-XP&(BX~EIjAc5f0Zpi{Q+@=QQ__z;Lv}hH2GufONxs)C4tKnZtgMpL1c-L zj#2p7=l(~PE17LoEdisw?WHjJGZYb-r0`$aQ}OrD6Od`#{YABkuUI4X*n|N8-{?*OOq3m5aN`1{n-ciy+Qi+&0_PtZ>LCnL|3VD zb}h38+&%Qk=e29g_-)FTI}JU>*Z5L>KfZnrc4nVvGHE zV-4H5-K}!NwPude@kFq-80qH*ckhgQXNJ`pf116Dk{8y+{58pwwHwt-*64sgAkv|* zOo!4<2OpybbSh9jD${drwrjeT(VCP&0&%n|6)zK!6HY0E*zPhrLt&XgTi1#5{0 zpfFDZo1i%S-G9&(2XF%yvL0&!R)1SYHrbz3N=o`Ogh_{Rc;|dJQXr?>78AkoEhgXz zBO*8!OXzwEJma;Ouq|7a+@5-xVawr7EpJ@Y%3p?N;_yM!@HIjcpM+%dgTl2z={4qW z`qoK}-0<^B*W!AoZ~fw~lyiTY`7mmW`%$VkjK9PzOq$s6^=r+qc}++I zl)$cIB)wi^Zb4?XuS9e^ezuqhS{@;Za0uhkq1zK{-D& zP}FsQO}tDI_qdeT`O850_`>cv-D|S$fw$JH?@YzLFb%I%d&rZH@tcs|m^lm>kw(1F zgn>nfp$s^qgg=AzZB&%7veDka@~&XltbIasy0T1L)@y+X?HVHR4CVJ5!F=C}bZwEe zIzAW_U0798o$d3>FZwL=lxAtpg1&e+WB0%K<_lp&vzd0%2TIJ4=x-~uG(uqMwuG9I z_hI!b+oW3e$~F^~!{AzWwleT{EAsbcaZY?HXDD`iu-p`aP;iN*5Te8KUY>;^~_(R?2zdIjg&`pmCCEB0YZ?BkyN5$_0 z`uJ)l$h^1S!5io6lZ_LQ^q4XFf@vRA$B0b$XZs7P)~H^mKQ3W((+4}N?Ae`Bl*&}5 zK7A#tMR!b`Gb5I1E(WN`3f5Gt?C%YBdgC+mlR@ zG?uz2t%hQCMS1xImw}3W{jCQQVZ$RrWw**6R6+2C0vFT$ntI+I9u7;}6gD9jp0ys; zviZ?W2YxoXA05m%Unt9m?a%P<-FBys%Zm`{-)*<6uOLB-=(%YUMV*4lqvKv^v}K=L zY_ASsZ0|L)VYd)t@BBmFHWb!m>xJ>yiiU~g2&fQ0m*P_FfDU~`BKJO#Qds>=i$cp~ zLaTxd13GTOU_75p`85|-bEjdG+n?gu)iU%bzq(Xd~sDa==!PypH4H!yk7=Ddx9lKAhH^!5jd3|LuE zvs%xw{{g%LD1Msg3K8^Ti9_Rzi~Q14?jt)FhFOXQQYK}R zS0wD#ND&`$aN&;&e|yCApL}psZjuLn-%jWA(@3!?aj&pop*de3%CJsKSbMlO~xJ<>H1f^r$dpo^lh{nrTu0)i$S%%mutVzl!Ec zJ^DQL;;1Ky*`tNNBw>-o$bcCs`75Q@skibTBLj1jy&G*T6-!Uy1C~mpD`+q=9fFRey-oY7hY) zyOskm?|tPrSo)_BWFdqy^Y_t&x5lkQ6?N7+bJ$Q$hlOEy-d;r-BBsShk+CH=P&4>~ zlA2sAGqco8kt{^YlOU2J&ktM3b~W=^a#{MiQhxx9ujmwwv4|u|ju3596Gy=J{L;0@ ztl2KNUm28(x3Od^%idO4PnGni#XMq61ixSky11pdAs zc3Hzc53Rtxg^x?3!=60vLu|<1Bym0dti|K>W~5L-$XHpx3)?}-L((GZkVn$tbEM2NKD zEVt*?;ry&+;WzN2eYZx_rNVFY;2!%Uy`gh8hvUS=^=lcX;xT3|iM2YbN zv&ObzqdppL-5PyfWy#lC*SVgJ$#7~len(mdTUobL5P_V1xhR(3nyKYKqe3bb34q7$ z-kvWdB*EqH17FF%ubAuwjtM?=z~`ny#ES8iVrsGnxrrOjJRWjsLZ$Zwa3cu1-X-Fr z1BH6om9c+X#8mS<%cRwhc#W!9l)g?k+RUls#iYo~%4!}u5@GoJ!IVtBKDo&ga?klN z4{UFB3Vh4Za28A7Ef+gI{oNZE7mx25GA}Zg2aCv}Z&LlrGFZ)PX_Au*jFY-pE3`A$ zpD7hPK`mH!hL(@*&&D~ehg6CLGkmf~_NZgRJ$3hr4VmyRN~~#)QW`|W;4T?;#A`=h%xQ~_hAMEfxZtK6d2o? ze7<4T#LYk48FdL!4&H;HyG%Z88pRlrcphaL;5_g4L`xBbV3W18loqlFG&ye)m&vDr=m7+%CI_sXS)tIt@-H?f|KwzB3-(yb5Ny7)$e_RyeI>VM ztq1mwxr)!%y>tBXX(*i1C<;}iu5u`ZrM&uSV<&^y^KNb2ZzmGV#wXC%_aPD;Yrnws zZfQ{_grd};A|N(4_9p0yd|4$7Y(j0_-c(=1)8akA#W~U!eI-k*V~+i!j8OHJ&@opO z^KVujj*#@ zy}q{+4;N>?+Dyc2N|$&cE?G2~wudUS6XA|Br4|e~N|m^Vo#E^+>Aqg@S!!Q}-Rn=Q zyEjw%As71@T+q{MWU-I6p%b!=hyt;Jb+=L*qBk98B@V;FAm;satgYo;9qRqXHCrCT z!Zes^E3NsJo`&~ojEly>@`K?xc!-oG|8*+aCe+aZuGrXc}6tn7u$A;_DYS&ZP;rxe!J#*+r6NG*A=fc$a*vC6Mjs1${za0u3R@i&}?imifTezWldw z*J&7Irb-yIPzDM2Pxh{6OCk~+k*rc!)_OT3O&^{+2(~{BM`)oL8r)?r*Dir9AtkKs*Wp&p+oM zD;D?26I+Eaio1PLy#*F{EGn0l@>vqPK^Cx3UJt(uKEpQ6HVZ=XaGqgwra(jjlSW>C z@I!0K_b^q98eyuyIf6Ma1j5#L0F3 zXvHq!)SzyjuKVb~agbe1O??0h_g8ofP6-Vicu;|9A>p;w2)F_9h{NNhh+{g4Q7O^i zdinIc{}M}x79biGo&o1ZF8=)hq2g0iQc_#^n)5K?y-Atskix}R;8`t}uJO%TQ88r4 zSnSb$Ii_$7CnX^#*Zj^^XWRgKuC{YtLH|6%i5>X0Bk9kEuUBT)d$kW1Y*K5ltt`N5^XFMH7*v|w1dc6GNk3sS8~By?bRTj zz%uFkLOV1N)Tq_ZgTjuz4mLLS&)RI+K%CA(uPHni^EB~?YC9{VykO)Q*BnmHwIF=E zC#@8OwqC}HcH%Rg-k=eT2Fx&n7CV@7K?km~|6LysZ6feUX)m{2mDY7+-R!(^tOYLDpOoI`m8qq`JEc=?;HCQWjlM`m&s~d5f}S zHFZC=(}|q~>L=!FG`U(-hM_2E5Aqle50ppOzho-pfDn}G11cJtH=zOGS|{c*6Vbzq z#m-LKh^K)TTf@9dm|r%#^5gTtaixcdV5 zg(H}yN0KbCpo8N0n6b__E(Y*VmpE6+(@pMbDY$=Cw`bf*q2*D%%IWn*A47_WJQmbJ@%cm z>n(KTgu*Il1dGqOT*W2+#tY$2;7sF-VX;slGjCE{cxT=E*!XP6^Q(En$Ly(j+WZy` z`P8*+eiHkNmpo)-WaLsZL9O|&KoG6Dr(F9>k)M|8R!!+j8%I$W5wa?1iDJ<8=AcF& z1RUacfN5gfX4^-wxGBfduXeIxbng<)NaCZS0?1JZ_!@ zjRylDX-y+6d}@@orVW9wRK<6Mw8mvJ|16)8aVd{N!LjX)k=&62Kclh>V&QIuR)+j) zGXqYCWnSQ9U*b8B#Tfl7OfcRSaf?2K2|j z>8E2_PmWgoUAE@6U%Jse1b<$BOmb+O*qH4eHXJ+<6m;HDi3!n?hue^FPye#PMJOwd z6EZ^>(lOowZu9R_Qc^e!CvMCiCi-Di`5vI}}N|pJhJh!8nl2})7 zXkNg%6I}oD+3}a-`i<$Z3YUdLqs|usjUnM?&tgq$a*XnXzh--NbKuBR1LTjEGTA`)C~na5G{f&r#y z%Wl0NIpdCx^9}CN!*?vT-&Ea6t+2QzjlMu3#W6T4B|Ei*VJ3Y)#5CLhE)PZ5DE!0A zw!|zNx~7ff0$$8#Z~qS&m@ZBh;_d`3Z^$o8XAPDzVqB5_uJ6r0{>kq;@?0jjh{c@u z9L1_{zcqbAl#D;T^SJTxQhLiP$2q~`xvGrWyxvt(+S2{(WC`CiW9 zz#3}d=ce<*(CEPqz!EWR-&c+%F>EzQ%037H;O;~2^W069D|L3=G$t>= z4o^Lq-^~91c`pJHsuLiOA1~#z(*Ze3XlC!5&6m_0$Ot`xLq};Zi&8ZjVx3Ik9$x2( zA{qBP{bwpy`Z6uzkXu04T z^~abDNwZvoqEr?VEu>0};ZWWRJk zRIIr`aq?(5bp7NZXjvS?nRu|L&8-7Bcq%5Q2fPU|04NGU2o&1Hm;y}RS85A<)4^4_YV&b-8MSQx282rM(D#rB(%TYAA{1R%x(UQ+^wE8?ik69h=upY zodkK@MW!`ur01`oq?qz}ZwXsrg`p1Wuub&+0z>1u?tJ1V##K0wx#0i%SYf{brRcqL zBD4MQMT+9hIpPjB3BM7xBI(VLvzK%f8%FoyZOO?hi3!69aTJJ+j)cem96J)@a@x+I zR!KOwZWei+{}SR%ehW%1Gv-tnye=+0I@%umY0@MeLg5!PKUkDe2Mkr6YNyFzKgyvq zxbLE}2cSX!CL`cDJai4;Q$RKW)dd3Vobgv2WQdm7|8 zUykaQ%bCW9{7OrJE;5a~U0eQaX^_qC(~J>Ml-3Jdbd&#EjgBmb=Xd*@dcNxG)S3ft zc43dnr@H`vyiJaL8iHbLzrNSkItgO5-1h1(RNyzVe@YQ#S1oI5l6`qeyi+xva4)sq z_m2ys^gPt9~FdG_pDg$FdWZc%Qxj1FoDjbrKP1~eY*X# z@Zfea3FB)tcmvx4rBs|BWw0~*DOL9gClR?;o&n!N|NHoIhvDz+OvG(iAAO)&^FEyG z%^2Jb>j>1603c_;TCv`Hdj@cXzDOKL+OVei!B0CHpXpbhvr0li@_AP4+mjoxHi9XP zie9ypwF&r8+^WmeLRQzKisuG@3%P5_992u3u2tw26+|7AG2vQf|K*GJ zM$2VfZiHv^ne-kTDD_C4K<*ust`}e|cKl;m)cY{~>sw9c_HW!wHk69+1@O)9@8HXr zOkNGksJ%r}N4;L#2Bz7z2RpwvfIM z3Z~-MU8s0}VCuxDBYVyCO4es>LWet^vFAjP)K2DmevrAn>-2C1)XF!Y{k`9dmA^P% z<(MIioM13Wo+iJA9QsUCp8A#w2c0zqM)1$64F;{wSwlqLX5I%^@Q`UfJ;RptKRx#`0{n>ja2tP7v7Oa9YIH90`W zs3v_?Zu$llOXF?-*LbXuSoHFYL>_4jPX4FhbqUU0U(MY)`%8sAto;0@JL~OY$2Y^P z17%VsX9MDltt=rHZ-Cm_Jq1aFl9=;X)t+Cu`}#oW_@ghJH)k_K0`J2T(q;u?68Z0z z15C$v{I~j)XBXaPeD~jKR(Twh==VazF^OCE&5(hb^}r-V&WbsCC2?<=M9)C7_(9EIS31J?J4Rj6-rM-1< zN7WhWMEq}KgT0PDU7vMI-G11ju|l32TASe5~=ZOAXq##)H!ST!Zhz=yCrgBMWaw0EMiTJ&D^wCIeUN!=O zS{XiryCzgjOR(mOi&J`34LX!r_}G_N0_aO(tT}MWWG;+=MX!3Xd|VuOz7@c z4u^#Hs~}eKk?GPXA95A^h+b2lk-zf}Qf+A=MJ`s}B5OaAfCx!1eYB<*k}RQN^BZ zwnpM2tmba~1r@72_#A)=t5h$2U95J?d=OGx6gObkCEd0$^u zj|wEN1(Y=4Ewb{B^(mMICjXo)mj368 z1>iz3CX~pd}a>y~Qaj80= zQ#`kDtW&LDs(w>0BGDgCRG=KtlE#yrr`r}jyr(3fU?NiT%SYuK6g;OvniiaGCy@)` zYr5xtnE5o(6NOi8vPLK_&w=sa6K{~hBfE|78mf$qCZWR*LZ=84XX-||zW*`S>E*xC z$>qJg7KY_|o3nmsd8kAo-E)fA!L6iMeewnxE8Tx?MQYY%{S6iJwLu9_43%Paz+@-U zxddB_f~a;ug8}+Mvz6h2icnG)cd{e8xdDTsAx+6-`|%&!XM5=;gTEA&WPH$)KO=K2 zoAfy&$0DcKz#)k$r%U`C!HO>hWD_KcLryTGj9&G;bXvgN+8MOj^)_P1VdNaae(q39cM{(> zvyW!XdF{G95p)O}p{|LK!46D#+!fC5q$N)$GXoP3DC{WEccxk*y=ODZ_SbBSEw&>n z+eFg_8b@m+t~$1+Ss)ipMd| zpZTQ%DxHc{+ih~FvJ?|2jP`%H8A-Z6_VX=Ec1+N*>y|i2V4SNZU(%(UYgbD+b42Ir zYmRI(Z9YD}CO#m*&Tj70>REqz`}+k%KObvzc;)(e8Y0gAGR>et`jEg}eG;F~L!S^c zlkLB}ITB)1eg1ee9@?Lm@-Aml{0bwsB3I6#UOF}``E@y2S#yrVI<$PuMNaSYPc9%d zzd*gL`uX`)Zjzt4Gyfd@>}LSqUBS8jUMw^)VSepA=HypvHuc4>`e_pLNsU?;&9Qjku7nV;2xC z*mK!;FWW6;@=h66$L$f$Ww!@>J|k!QIWAP_AUH&H>T+^nqD!KlbXb1ZL6e4TN8Ici zHEB}~AHs+8I}vs3V+kCCla!Om*Er>bfByJ6Wf~-+5Vw^3`q7DB<$jm0LjBOXi>|fx zG{?SDS__BY)?d)htA^a$X_qVeBIm3f9<@CwVa_YG0$AsoY2uoVzgn4)*la7drfMV= zXWFA0yAQ5mD6RL_a;c)3!GoVN&;f&zBt=M~hPh^&rt$HU%IS~2mx*wRL?SX)JCp-7 zjnQPU{Wz?{269gMLsiGdLIt&^&3s!!XR-ce-FnzVsJC*!7n zY7dle9b*iyoH2Zsr8}-Z@?a6v{RD=4{mFyO^1v zy=j?>S&bh0usv`z?$ney%5G*5rT6hJ{!!~u)Wa7zlK|y?GAPfhL5b_oybe7hu0-Bg zpx7pD=dO=N*Js}xP8LlolXon2=SiOl41IrZ(DhhUkk}~UzD2hQ!2|9DUTL#qP zJ05R;J%Slb4RF_Tz@bhE=mzapKcWk6Q8O{|gRM(k4_6>Z&zj}l@xf}nITGttM~BKE zw-w1h$GZwHS7kY=1Wb+VWsX(r374aeQm-LJy=G$TMh;jbbuA3pWm5P*n^b9DK%_}K zU-vFoU+bU~x%*slPfH|&njlt7dij%fjq~xlD@6u6$E&G+aRQD^!-F&)ifx*v+%Kva zwB)s;&hjRi7+1by*=#;2 zoRoOS`>d0$09N*FlZ@lekic>OV{L-nCC)&e$^AikzXa=6^}Q%m0E#X1c69gC4lQm< zH-&r20{lk@(kn?$DO0p>$W80qxOEy17Y!5lj*1zMck8SZ^v{p$D?JzHejArbo3t!f zMLuecPe6iepk8BE$)7UcMyD3`TCl za3J>b?Vb)8Xk^1scLO-j_nI9FO>0b}KYlx^se9IW1|D@${m%1GX=2~p2}7#n#sU($ z!bs_}VTM)7gK5qX45DA$?OVwZA5|m~z*G5wS=%6^9nh zNQuoib?n_VJxM-4%agTNHQ`KuI@(i6mH4gj-l(eKlhFsAD%Gzsix*YNuv@tUBX@rx zBecv#lQo&+hdP|Nlcdbmevu|s78t9HidWECj2u5{?L2O~abWlD7w$%PbThDo4Ajo{ z7Sx6FsE+<@t>6lbzmSw3g!*z2d2OG`F{(zU*$W~0)m2)G;L;<7A+ghPt_rlhEhppQ z$A6|dvF|Z21*&syy?3!-e67Uw0h;W5GK(@W)JX++?-1N;#CHyW(Qpae`?9-dDxt0} zAa7^1!fM+QXxKx$-)~7R(#j0_J@lg|iO(b(#z&Rv5vegDEe1(29#eyqv5eoLJO6W;3xrfJ$uIebds~*0G=S#I{+4nBZGU#-$|m zwI{qW7yOC4n6l+x&1(Io3JLT-9$}}pV0`y;B-TUv$du<@%T(Cp$<&V%+o6-~c-{6G z0D`Y4keStTjrF3Ax$G|op(qM|(fa*)ZF;<#JyPwiPjc%?5}TK+TKmqf`qO**PX~ic zsPXvCqhdp!_$Q6~Nw6u$m{Xi!$=vm>+F-h4tifZ*!yy;=~aLhAAxl>LsuQfPRTKg2e&?7@cUR(p)&DS@gv@Jt(nf01PekjmqNZQOa>TcX^HZ! z>fICEo183y2&$+YP{?zP=Amuye7R?rtjhy}PvA8TRyG zc2_2Pp{0dW{g<}6YhsT3Q)`{uG8CKE()0O0L+Jp#x~RYE7^45GVzVS zU%bySc9uI4*s7{9uyWA1Tn-xy(8u>8x9m`6B7)iC?*+m8-!HxGZCOTs^%+ySfDkyt z(bMXSBG*jlFBbDVtlpaMQ)r(%0SEQCYQagN&%o`9@Hw z-LvNdd0kRBUX1JsagX7%i7lU>uF+0XhTJro0|B|i( z1YkICIr%O7zXD{_JbAN-{H!Q7K0*}rTpH^9woDf7yhk19rh`uJ6&B?Ttl?CQZa~IQ z1l!f0(Jz17k2jbxc}`#tb9$a>y5IB|XC0r|#sA>9hyzPKtW4r<=0i+;{vdg5^B71R z*}#Xw%(G)=ZB$61I~KTLXAUe1+34#k^!d~b8-|ESKA z`Lra1f~iAKMhzt!jcq1U(#uQR)7?mTlCXL5GKoPv8)Pohg@%QyRa4<)u@$O)8t7&lEK*a6woFW`OCK41XZ2iB?!Y7Xpoci$ zs8;#AbH7Knpi z4nhs*La_~PJx?tung#*rD_)D#K^9Z+*IvMeYL^-h{FSm1TH6j+pXDR1EJygD+8q!D z0=%VLmFBz;SO#;O*H!14%x|is4L3aUF?k8Lzq;n0lla3WZ{48`$tGQZT&2I>U)BkH zK0dHPi|*HI`&^#1mA(sutA`gkih0dGxEY5FytfMu=>x)MHH}-W{rSlhh9^ZNxI3Fs z+L>NEM}OYhpZqcWV;HHie*BTj`Lb-`ZQ@wb#^o-yjBAIuW$MD5RI-LSw zn{IunGI3b7L(2wzWY#UE&k{c5dVId;*Q+AlK-T-#5+){T3KE>Mwk5SIEJ}Mn7MqLY zILv2NA|jv0&(k|o#qaeUsNoUms|E|0HLw{LhVaO-T(=&m$>S+PSFCA8YDb0?h32B< zTA!#+*PdTcM9ay^?Zm_#&`^u|ALo90Ua#-|Tblo^riFHmd#P$((z)!r@h&|<3D%GS4aUB^`RhUI4~W#jJqP_~UmW+##Q-CY{U zOQxYt;x}9TI?M)5<<6(cbzEWavPhC4KjdrIdzW+3E-iZVOx%4QFK0wZP{48=XI{on zJayrURc7QnX*usa(iQhGCuLmU(j|VxI`K9_AP{d_!Ub`Mz0S(BsxhX_FU=Fd5jEFy z2G@|iQ1#B9K5^~&Oi66?jLV%AMdfQ;%N8GAq4CU;I@WlNn=Wd<&enTxs?GC$RgU7~ z=u!IpleC%)VH{q=mAH!W--(UK;#rF6^g8CDXT6Ib>7V=cws@wSHm$OU(O3cLdDz*y zzdY3UyT5iqGJ&EY<_IQAWCaB>EfT459wRpOv_c87+cAM2r>)-_4pi2ce2GqJ*Ft=O zFgxsmp*UWfEbS8}n=i95lg7tds-NpKgR=viC8){C><)@IFnomIHBw<=<7!+CtG zu8Z`wB(9z(izk7p-sDsMTs*Wh&zw@9b!!EYQI5_vfa#-lNV+;!qXlA)KBe*sO~><< zdaSC7c}Sc3keA;zQ}rTGNTh0YZme$*9CS6iBXLMcqEM=6Zxo33kD-1yd2XSv{|`tOX$=#&Blm_2G*9Z!;2Y z#&GkWH|EMeJIiO>UvQ8!SC`>`?1i0$X)s|NHv8SPuY*xo#oe^xo<1=tX(D(-f4(*E zAxsofS4!R+SVR|LeQ^S2VHWinKaK;Dt}`8!=QL)^8Dt(BYrK@ssuy_hZk1D{EZ6fW zkOF}-`-Y0Fc(urd##Vcz*m_*Eb+h-^YLVE!)qRG%NB;U;CRmlnKP6Z`sy9hU5=>1y zs?_Zpx9oQBiB{-a1x)n|ABPF;z_d|syBUL^`?_g=5Hk_XygvpZfHkjvkJ6gG4^IXOT^aN>l`9w%*41fSOp= z^P@oPUYg$PkDa==XBx{+R1>JEALQOV1Utn$t3mnq@=Qq*EGbz0?!CC-MLQoe_56kx zlEq$&re$T&8pnF?fZGv|=*-ZR=zV!>Tl;OlAmt#9r2IwmCt8C0iLo@-@{Qw&*jKOY zzZTxGJGW8*9JDy~`b}aPuF**xtBJ_B4PS1wN8MWzO85dcvG|$2UuzS1^m!t~UrrzS zY#D_JaC&V$Q`*>g@|!_m^VDr50M8e*{C0+!^WPF%)e?f%*E%oP;SsC(@fz2+pK+Vq zS)B><^12haZMp@&$hU@D)VSmnJb!yo_AsrD(IX@fR(bFA;Sp#guquRgK!vW$(AgA- zYuCqShozkZ=D($Pzr8uT^rF5Rx?rzgskdjUA8$u95K!Q|{Q9&|E@n{1E`lR3E~cKn zRQ_zVbL+WCogRkfZ&YzF@ygw=Ef4VC4?j#MHSj%wG^&a?E?hb6Q)VWPW2d*9M28Aj zqO_WQf?FlAL!8lr=OkmGrrQ?2?!Zc8Rzvm1dO7dhj@2X;B^|5tI*;iy;V-;`SYrf_ zMOp&#yPC1Y$f!cF(|U7bw3W{gFCriMjeXE2JFYS8GRVKQTe148^fZ|dFrW=Q0F+$zu|+Nc@LQ2z?=wPzyj>sM|orV2do81QObYLYMh%txVs zFU=tn|Lw_L(9)a*n!2->#Q$7m2#EQsrpC=Vt*N<*(`5Y3Io0xCE0kD*cC|7cxM-`> zprR`s$H&}9`);l*97oZAM0o<&q7&bP!%waLc$n73yuIsc;{$sP~n@7MDbNTRi z^pY~~F9&iokx6LEHmaw&dPQTM<3++sjAHMOIjLu_nN)DX{^ZqN;-<@Z={G#vDaA=l zrl&pa{h3~q$vd%T4{C8fXT45|ciESMtZT?)S_@FSK2okq$9_Bh0+wd>n77JGPdKguhh~H1lGz76 z*h}Z9m(bk3?G~lQ5AC@QG1Km1^%~$c){obtp1QZ~z*cHJuv3;4Li_@)XayS_4KV{v zMt`QTWs-9|cWfknO7Pyi8w1bA9DV1omDYkN4p$nT2+$P%ynYf<`bvTYDISrMHCe9}9149{;-S=9?$rZb@vt9T(!wOfSef8~H z>i*M9b$j|UF9L~9EtAfd49|GW9hq~MAV0ge;gkSg7m0}v83g~v2X!poOsh3!akqB} zB&x|S;(Uv(<3Mg=G+p$$v0mweeDnGhqMmO@nf@W|a)*9d&@{8R7UL^P*<1BvmOX)e zq>#}zRPtKLqQQ4(AZ>*`-5&tkSxCQqgMhB^!r(~VfOc1wh_HDWhcyY@(O2AZN`BO^ z*i*|BuvTG{Y>*5UnYT%ivQyyEad3>mgjGW_>UN}<1Wnm)B|Ipbj}k#ON3aK`)8OlM zp#Em3z;b%A&GO)@y1?D(QfA>V<%C*k3zUK&Eq`AOnAe|GIUu>3-7N6 zM)L?dU!IkU6|gAodFCuZa4R$r~zx)Er3;~*qRk-f*^oO?x%}CS*Dhpu*>whwd9cMJK*I2oCiSk!oIY-y^9%mTcS zBu;{jHh9t*t9cy+Yad2%BKxgS=`#KeBae1Rdp=ygN{b5r5YW%O5ehk~^H|;O zsW!WDErK&-^+v~d+*l5pRCRtVfhgs`{ab+#0kofo5-N3Rkf~uPP zro$c>NOysMHXlr$2ClCKlLmeK_4x%S2Ztgoy%t;xg6U(8?XQL7;(bQqhgMt4(bz3b z86fWQ?cfBOfy$v{qG4Q3LZm0G1bqWG#dlUKwM3rTuejJ@C-BIYoTOEfNGS2!l%jC) zt($-gWe0OzW39m5YmgTi9dAnrU#1PglYhrZM89%2LK2iku7B_URR2^dJ-w=L6^fcn zDa{FD3^G1lzEGfVzf4&CU{w4!DXum#>uZ)WbzLAufnF z*lZ6`bj^WuN-`CvnrQtI@blwaf<25oCvCxIyJBt9>8E={u@vf z)yzTF^w`JOatH`E&-DsTjV2faG$GsSe(wBsl;e%XWFHW#MpP2~MGjc*+LO#dSE-8w zlLMY1hk~oN9v4bpU47(yH|eavvL2z&3!ydbA%%!z?UdUd|v z_qL0x74~2CIWIi;S)M=hiSm_8zir74a&(ifCRYg2`Kxsm`!%Lt-1*p-w^k1D6^QLZ z2wMeD%_g%`F++29w^8g+>_L0a(7&P4x|di6-**?jDTmw1v)!kmDt-LUc?c_dp(PQhLmH{mDa@_lF{WAADdlGUwCIzjLKnX$%C>k^1kmffRXD z1xq!-XLp5<2tNcR4-ckn?ZNVMJSw=76E9*Zi5SGZ<&>iLl{7MH*!ucJ5_SU`HLj0b z_aeu`x6}1{F4k;x&!s zpDY14r#onas;4``14SoN3s@YxKq$a%B?g8Y2Zvjfb5blUO>=V#dDLm*4#D}R73ys4 zHh9+eKA*pqZP@D_C!*<2hgzeT`u(hVHNGoR2v!)RHT^oZH+iKro8y`Ry-oo#V;!_8t}19iM|cwgHuAH^>gld}a_66f%L26O$(DEFWse%>%sX zwLc3U%R}1Y9xM5qFKs_RADEk4dP04;+u`N)XvolI#lE^_EaKZ3?&yd9*lSNb78atB z-+7veabsjELeK#M4f$!*|BRGmG47*rtm`Ahpr>imnf~`=m8G7@a`rw%qHU5PfUt80 z9WEa|IzB#dyxadyTZk;R&y|G^k69|Pr~>M_E>OA7q0YK&YuNVa3$wXn*tf>vIYx!faOp|Mvn)kM>eZiM7o*t1VMaK|M+D=VQq?@a}(H3%U zW7Ok7XS8SdyyU)$g4bONDT2D+HBOSJ$0i-Kz~Xu-ep}Isg^nuy9}KC8D=B&vA7D+Ir z?S#_1Tr{8sa@tY3G%XdCyb4{cEHIGsEgEHTqa_z&VJ`7rGHK(2R44o2uK|OTU_7=j z`KFvASD2&H#D)X&kYp%T)L>G0=>u-z(>aN3E|i1 z4YE8OmoIR+w|%DV`4}6eIF8Y`VvzLIijAm-oidEbDH)@$)#KC$WDT%M8dPGOWnuRAi&#LdG!b~# z3&<_y7^ZU^@Axbl>i(*Ypz;=5h-f*B06djCj!V-)y?Y4Ejh|&%PLpUMw|T9FzAVCe$vDdH z6s`#=r{6!XGRiN078y@~eH&u5%GEnxWPQj*eME$QT^GCe@0*6dz1sD!K%M@7enCL| z3!@s>Xo$$klcBcgh6SIuy8ubC!VX*&hQ<73_hXRI_N?9vnZ~WvaSKdG-$nU=JA%jl2aZ5+%Da(`j=r4G!Vg%=k6_e+4rzy<9-z zUo+hQpJ2&bxRg3l0oPRn&w0H9V|}G4Br9|po7_sNUP5b3 zuul@?yT9;uKe&z>RVf1{=DrauJoYcGv9t^T_-i-%;h_#(sI%?i*>m7w{tRT4RS3u! zE&^X&twdVjG-G2vm8>!3I~CrKXMY087Mo1qbkQv~fDv2SYQjBCul7yQ2<~2vJM4Ru zT7JZNL`-}?I5-$H#w;%CIzn8ZfQnY!tsj~qZhDai{g*#pZYv8T{0K{GttJLPPqw~k zey#WMfIC7F(gq4J=0Y1Pg>@dQ=3?Gk?=;GzJdpB(&?n~Bv&LPWApRc*X^jOMAEuCn zA(#m%vq}Cn{Q1v+Fo(Asij8~(MBZ1*$fuZ%9|@0@1dlNxzb$S%E`s$4kTwEHOef8okBfceHKz-k{(oV@5CJK28kx3=Z&oNi`J#jHWm!C|T~Y zILgBd$DafK^SW{e_9+w)EBl58!aBPBx>b{WHPktOXWXW@n6L%DARZ=2)GHQlK6E); z9p!X@iKnkrNh@Jlg~By|dwZ4?-2@98*$~XcSFw+2WSuz?^H1DQF#P^GZK!z&Lu>#0 z3nyXF8#-gkQ|RG8|5ExIglP=T>)R!S+rrmtmKXgNa*}6Y>u{IbAng+$4y^Z;-_6n- zxod?r#skMOUi{&r%Ia9XgE=qkh&{>w!Z*(R?_Z*gl)af)ewGMV!hQJ* z8q2z>Z0|zg(ZR0IQ`FjeJ9GEf9Q9dXr}Wq0V7jSHknjHN5mR=$2+I-}rSVs&js3qO z5oim%oi2E57j(0R)M^4yjs)<5xXNc%Qb0=`fcjEsCLx8ESP%@@t%CA$W2JUg4JMVd zkRgG={ltQS>~yIgGMOx9Hb(WogX|8v30T$elq6w`#2AUZawql%vgzJ~G7N!Er_@%} z2*Al77hGV_q7IjxMLFol*HSxmZmm}VKNj=nWU+5f-Ntq;X z0{5PeTyibo{rPrnx0e}mZg`$^ zKAshhs(mwzrJ?nVPTqD7B{|0d8}TmlUsxlfqOKco0bb6dpPR5OsR2l@@`JIu)MaCk zMac17pK>`q^n$JS>!nMgP*;$4Ch@&UlYV5(_2XfF!qxi*^k*(3zA&M&4Cb>&xUDSV ze}ZVA(E$~9HY~t-U)n-`LGF?NQ;A~YD=oA&mXpn(E%o2q>Jz#UDgt3q{;d(5CR!p~ zfx5Mz8_0_=5CZKtg$!4G@~~T;#8LDj8shHD7uOgr0zb^0awYdO6c=m}?Bwh+Q5#Uj zCc^h1+F+>WQ7Nu-ozwUOHMWE5y{8`>>(;}VYMt%vtvoZX-cOQlSxp7X#%2B=mB`f) zVrn;^t?7JAeV+p3iYv*mhsKeoQ{!TndgZQ8>85DkdtI)`Cr{MfN%PYm?HEaAK*4vR zHkulh1{?)LSM+7~OBAFA`8P8)Ypnxrufy)i&*xKKbW@*SQV_6UNp5toKj*A8Dz)vi z$wFEBDE_+|j!E%4e^p$l|50&45%f493l%UhdzTya^*p)>v*S>UzV~4302FRMEbjvs zA*nA*`M%XF5Ju1e)c_3J(+B#o_)FaVVq`VQU5lJiK2q{_$|)q16a26AsbKei&lWNx0{m zi;+)ay9PA{1UY9;c(II-?OCs+1XC&zKV(5LNc-L#Y#kCLR3@PCU_m2i0do3agT}(6 zlAMP8H19z&c3ue%N$kX_2Pmc%HTkRW>-<0OaISt{IkpTRwJ&S{Rj}>@-axAW*Z3G> z>e9LG!u?|~dEsJLjy{`zGaMDLzlMd{clu5iwhq2NvTrmq_)%%i6Qou+Z4QQZuu`}I z`x~7QYZ9*`WhIDk;WL$AT?M%VmX;V+1dDGE9D?#sUqrwJ96gEo% zM3dG_gBWZgT+~MMM3gV~MbtgOVI*29WI#0~$*k5LQU$>rDEH0luY|4tpxXj)O1sDn zgMw{KS-w&pVkROfBth)9$1o3~u~w`sEYG$-1fO&g`8}5Fq&-=(NLeNvPi!Q9n5VC$ zo3hjv?lWAgL@lRdh@XQ@_$moen;n+}*6H!bC~qc`XH}KylvrQ8J5pUjBj>~jhvO{A zcql4BOBpVfx2&FAU`Nog`|?m`D0YAIO-!a}zLH6XrZ|F}7c@eAkpNecoLw@89k)Li z6>yN1U4;tpz?ohesVQTT33^oHy`6i*^ezC+2^Y2H508#2Vgm}wf_ABy7&{`d*F*lR zCxM5S57HA&@*n>9J%!aB(apQ(2#VDp4Eix&4#Cb3QJyko_kDUf0Hj;QuOQG6h_ zy*1x|hD!RO;kP$8zM%u2AqKD0dy-+c>*%l)K4@FEgs;=(&1+K_%3Qjn*E(ZySFf)# zu`ihwA$hd*4TBY^1C;%cF@)kdltMe_p^jOWqK34^1%RVFH-d%R8RSmf<~iKF_qVtQ z{6)MD*V`S?O%khh>`=G#|Dn^mJ=G$zEoxOA-i`%Fi_Ey;(B%JP@6F?(e%rs{8KXhQ zUK;z@m!uhl5{)ggMWiG(7+Z)EA~XycS+bTjYa&ZRN>nqlmbFEwkYq~{Dv>#^mjB+ejqlvK-rzfCHzE9Tpj(-%2#ItOkEfXM`AOEA6mf zOsAJ4zphJS=;bWpD6fIHrmS!8xX6Ddkg#`sa^=5JI9g&rS{}&*>VkM?{v9W(;|ZmO z4*398+`DXVTKYIn0Tv-J;Y8GuWJfLFD0qZ*u}8nugP!fTG5zK9PSeIr)IpHx1)dT> z(-Gsehe;7uCT)$*>3F~O)c~<^_7Q&eDe@L}eFA~d=9IF7RrJ>mO5|RCKz3iQ0mgi{ z+c>X!Ek^v`tWy~hlXyr_s^ovsjn&P#IP3Otz(!zDbW z_>mhh`@C*_x}rx#XFl2&{)75{+xrV$R{@{kuzUYz8@APH(D(~W5oyk($1CTF($DQj zsytAQ*6j;^L=|M6@jeJV74AT9Kn7NkKLTD;EgX%XHsdRy!Ct<|XUg8@?S2E0wP67g z_{*!RzcYx~0%jT{Yc~WO2AUE2g0F5JHhZmC;~vEYPEVe9Gh$JcURwZ8>H}`Axp$36 zm>eQkxX|qB`t@(e_?-r40$^y=Zz#>hx>0P6b^C-nN(HmL8xRz!I31BZTnAR$u^i%lGN`f9k;SmJ>WDZ2|QTG8}c-4l^i%wb@Pynm>MZuNHp4{?iWL*S4GKWop zy+3MoK>;6ygmpGp<7jkZLUBir>D^PWilO?_8C#W%5OTVR!w`8R@Czds=F1lJ1bp7- z^Ez`xwtfHn<}Mx&DTcXIhyc#5O2xh?s`n-d zRO<>T-D^LTyC;D41Zp9WzP=!ulMYzN`WGgT!*R|GiOtQs^``YZB%?f4H=i{mzGYnS zgUpi80TJsE+nN2r^Apb-$bOPDaW^Jj_x?Y*-{8RofwJ|xmJ=HYa2?Tk>pz@66B&fG zVskf>>kJY$Zn&&VvvOi?EQsUdJKQJ?Iu{hvr2^+k`8%g&@qOV<&s3^!iM^-t3bHj5 zA=G&en^9m8^T3-*?qrXnuB`K-Np&&#l$Q3Y&GA3jW2xy&iOq=kabEOX!cqqHAs!*l zD?Mi*riY1my=is-g=JJx7+j#UjOXoP8(~>cpx`OIM0gqsg9;|AoclAb)G{?+w+qk# zuPy@d$hW#|^Njq2FW@-5Xg`0N z7mepO!1|FXm+>#5a@y$L9epgoAg>Q(ftus-9BFC@ms@!2XGeM&Qz{@LQr;fDug+>L zBI1V>#EWY2!}`j4CbC@j}s z4JRjl2M42&T@nTH@vPk^L%&9w zmWav$iOM8p^d^@RJsG(t22YYXQm>Dt>)<@-ahvpwO-Ht~Ym>37e2X1eNZ8<&;w;~g z9KmjKY0pS_us`g$vB-HGDNdt`Ur;3M%s;vH;6RnhLV@MomP6LSWT^B{w`C$Y2Kk87 zf)yhtf$$+Q;)-G8(XUqyzoFf@a`>}idb`BMw{n=Kg=R34&u*jN|2^z=yTSW%H4zV) ze?<1{KzcT_uyemekFc}r8qjL6-dQH7MAhrv7po`?I?Vf8VuX)YdlHC=WM1+9c88$z zo~ZaU?}6(oM06}7^6(;lQMxPM+KTP^W_Bm)_h~jskNAnU`-v>;Eu$RG;_$%RE;a`ot2y;C|`8eNMw(=gn zBJoRP?Bn^ydEJNnx)7eS+>QIXeJ{FNcmzNDq%>jcAWdlg7EZkf(zBLlL3l1$(M?Zd zR~^%#_|fyj3M56>;SohT`j2rpBg!Mm^&RDuK3zCn%?e`Lfy(wTAc<_S1x?##V*BYR zsX7K9@qN18p0PsmGmd-@%0sR^GKvnoFecz>MT82mk`@m)_rT5Dj*TTpzGx5V9Tld@ zvpZ5>{p#6VRU}?jblrup>bLib3r(nJv;I4rTsT0&zqQIy)(9z1=daS-k84>DqPD1E ztazG<5D&g%=0vm^`@^a6N7FIEf&UFF6#UAP14rf>pKy`=1;LBD~2fs9mZX*X|#c==HCOh#Gno&!vX@hR1q zIpE*_keFzEZSmVuxG#vy!~36Z~JDCYou7Hz106 z%4rNN0n3yY&FHFNMHIi*`Gx!)b9@kyq_cHM{yioG5AH32=>;1e{8zXPXCpw1k52=5 zZu;o*f)rB*H=vHydzTqS0&_gbmS2`_I#NIZC&Cm;FCuR{uK&WD_DE zL<&Jzo#KgPre^}@>pA}8bJDSXP?^KzLn41Hf`0pewnhh1rF2)5cJKIy_QN5~m~cI- zm;TLva|cXt$q4=-0F4fFvMz|zci!I*v9x4nzM0mh=OGKKXt@IcZ( z3pF@Wn<;Om2b2B_e5A0xl|mSN1=h6*aJIGq`FwF?wHEtD+iH?t89+Pxg&!P=2YA#pnf!ry_1bkzF@Bg0x-@l1pi3|DvHvRL2 zKT8+=e_6T$W@Qld@!a1a<3BRogdXKM|Q7vVh(DKz{3uaEqMMLxjBCvjjc(AtPW}i7)HbyqxjFf5sSqBS z^dj163~2^v@PGm=~HS^97J?!q%Q z%9*T>JvUg%V2|p@D&P_Iij9p;hNLf zIQ#LO2aDP1W=k8HYN)1bfcy?7cPfz3q&PdCsJlc5Dj`{LI>rhIp)kVhbn^*l81n5D z2L#R_+rE7L_9)d;kcu zF&QAj=YWOv2KJ1Y^ARhinM|#6mN^Q5DmImAR7}{j;3MI<*u>b00Q0fCw!3c$d!6s- z31*5!Fl6X6k<60e>J)blX4ryB684zq{TiRys=zb=a739Wy)M6wyB)a50#`hzk=}0( z-`P5UQ+ehf!l?#mXhmjT+`JMB=*P@H#E3Q1L5BTKiIE6Ds=GF)#@~QqMe~R&Gu_s< zJ^*A!Bls4WWw6&Eq1ZEG5lX~lleCGXUn^f1!8x0Wc7WU28&T3@I~WqZ1yBuB10hM4 z&Zs})p-&M*gMC@pq&BoG8kw4}T(O@i0OT6MgXd3+e#Mj?ugR~$6p5^c-nl5sYkqOpp-#Q&;DovQ^r~Z0?)RLfT1ERcZ6urxVq9a zB`D{@RL&&+w+-sP9eP~oKLo_Ir1zg(AHa%BtnKZRn<=gy7C{g$`|lZ4*8zHrzH*gG z*35Zw=L_aG|J#cHI|f}GV(wvR-4--cSA=AKfoJ<4xB35a&|W)uaPNz5Fv)zIUq3s? zJW&7pXS;Iodk^ZwmBQJLqT8D{v$B|^^O{OY^75M$7^U#C?>d))cz)xdf`y(fkw`3# zDr7G`$9f01`T2#N96KmDh1*RlKMpIK#85Vta{a2Zr*zl$*186|`@8Grk>|s{=r-0) z-J9y_`kCwBW^X%U8Q((D?B8=ziyzffxESaxgKml)_}QF{^%G3LCm>B2v#9IYme@k6 zEp5uh#v*+S10MOwpmU6N^uk`JA#_^-XPwt#DGj^u`|LE`I=N1#pd4bBMXc$vj z$ya{AGd z-^3e?L7m1C4)rUUJ z*(t_c?|+=%f9mgl9@+mqvj6nf{>M}NKX2JTNrC@)%l?C4jAtlzn*~D6Ru*JDhol8I zoy%f{{5h8sp6mJt*ki$RnNb+0a!T-+M?u|-@hNdxN&(bc1X%z=VevS8eeZ}Ov(d%hOL^T8<8u+T zC-c<;j`_E}*jRhKp~j@%N#Cc{0?Yrsc-mlEYZeLt44_@ll{CvLa zz9{V0dALZiOT@RyY3fGTL6`CqEPT{i*O8F+$LpVcCn04>lT*2xVhJv@_+W#Aj2CQaopK| z?T|?e-QGRd_4h)|zQG4h78SQGx*Ku>hs*i{rh0Zyi7r9aTgJxf?TwndlkY|f{dx)~ zMMaLN)OM-9Kd0n!uxH;!=n_Qqvzd3nB!9Er_xtOWY$$`y_;}Spe)ayh8-aQV;@9Ib(YyN)3U>l#&9{Brb&#|Fn9K5e$*yGtn_&H>c7?~9l|FY`1p|?9 zZ87KP&rEy)R`{#Mo>FLd3c10+q`X7#d+fo`LeJYtcXghrG*&=rNtm(|W@xys9xAxr zbZ!9N?ar}Q@=ZdAvBCiNR_+XbTTdUMJfO{_9uAZz%>Z|i`5q+?+`ucGSFIJA% z;%JvV0q259`LO-u&&v$G;bINAPI3vrt=?Cz@N2)#5sZBsKM#7DC9lB^qur1|HFDp> zMe1qCu!)9TuZ5opg~6_; z)Njv}|DMOvWMw`&2EE(04Xr$}?I5zjG_O+=NnciJy*(t6Y5UR?AH{?ZC0t9V5U$e1p(kKf9 z6{bNBly^wQp9hlrZl*xT#U-yh#fZ7la!w!8UY#zgwAnM{{%gz1_N+b-y~LEthRLjf zBYGsa)M2LDTDj)E@@e7Ct^!5$auCE&(c{^7k9og0V+v)$=2$E}nWiQ?guQPyAXn_L z{&D9;0=`sv{LBQmh(_0b3*VYfxrEr`H|JVU!XuJlt?S2(drw(NA{XAN!Z z6FzreVUpdnj?e^8=@<1fPr%fyQmPn!(4#0}a&>RZNnFRHwRiJba5Z-4e!VfuAm}mg z16N8&^ulCSjn1~_xFC+_JC~>EiQ%Ax?)50=97+3%(?1Q@Jo}oX*#y)NO{Q|OwJ=pW z+z=(Y7p+XO-+RKpd)GiL=aAvV9@*=#}du?a!`e6baXOcwe3eNI>k-+ zQAw)P8XB>SxlPPvVDYyNuFYs;`+|NIt}Hln9$^6&mu6wof-wCF#d$~NRg%;9fkvsg zh> zJ@$)ZO4m#tEP+(?k=`GC4d<@#wQeHC>=JiG!q}J)?g{P76UMVn!#gj!Sx8=b)x6T}y7a_DwxgxhM>^nw zE_cZBJN;Q{jVp

>rL=m#Ef*YrvBdCdM8f33JP#mn@1(x}zc(^A|TRh=_=D*`kgOrxbsre4+OSpWjyZcTdi*|ZMw~NJ|sWOAv}uE6PQJPScw`l z=;?~E&AU^^YED7A953aT{1=!4jlw)rMc}ltufAU-xU~5JY`9ZYfc%`ud~K zN9j}OsTL~o0``uEoEPOTSEguzrYxFWP@l~X$=}2yyu)s6g@`fS-=!4I*B?(+II-Z@}07ACS7w3BmjqT z#jXr3DFyigsvtJ>i+>*HH$Lyj9U=L;yQ!~ogGM|%F>*Q8g9Yw>Ny8k3>TZoUgFiMR z*u<;38`va5``mo-o=Vc;-OdMO2eu%?1x2lvaRjyWOY%P?VxFnt1#m25n z6IRtaTFq;ZelK>m?hZdn87tYuz?JnDkEU>K2|=?7sgo!wUTC&VdlK->dp3foz5(% z$kXB9Yx9Qqle>Oq%=7IQJ6rsziH5Xp>=4DA*X?+nM6hy3IA`4LW_nGZLIqg$iwPfu z`+pcp#CY2%zGt|N8=BkP&ZD`=KE7itX)LmxKoQ8glmDtj|8!DvYvY!)-w_cSwQk+2 z+Z@kXA4IcZlXQq11}Z{jEeJ2?>v}%7X4U*TN2Jf~nNV#aFX?SgvMBjjhW(Hs0Ht6j z^xSzA2t*AXWM<`R*V{-!LXaXkOm2D}VovpYh;Fhnx-Hk;bfb=!z-d`!CzPy$Lf9DW zF%o*6@#d>abVYBPJ?kG6Hj#r>lfSw!lSh(GCZ_58x1oE0dZnE%Z9!NDVB{{LU0oN6 ztne?DBbfK>gRPziu)>0LEom%;pssZX$6oqT!r9=FA%C@1F)Iq48jDJGNAHkY%xroe zMeh`c4}^s=eNFICe75aWzRaL_xa2%2*dGcK6Mgh~Uhp-O_i~?;MxlNDhu!*BQ*3BM z-fF)Vg6ZcAQcwL#T`uS+tXT4+n)ZEO&g>LPv;pDcjg#AL=<0ak^WA|0lZG95`d4m7 z3yWIIRT=c@`|r_S7mj@s!f3qlR$F6=9zx)q^Nc%Ylc*Nio~<1^c-*2Evn8#@`(|&N z3x)W^iSMiiFP3;8c;^zXPPjN9NYfM&O?vm&98Jd6!_JD$wXIl%yo$hyz|- z9|jzQ9JMvMc8zNvz$9^Gy>uUuRV{f{5{V>RbR-Zc%EGIOqh_@pM^7Fa)?n^O2hA?b zt&$>Ms#|*WSLMM#~C&lM&3Zv~1{o`2+7Vx96TYXO9&y>r2#u>LQ=!eBua2st_(UQdwcTgfjafOAMCL^@4h@VV5NUnU6P8z_?dgP zXwHNfTG+_Rsbf-F5O=NazBiOK<;2ihVg_-WvS^NS`I4G)TumE57FcERLGCHFi%p6H zcS`>W5kwz`hV-di#Yj@PB4xbv;Wg*sO$XPae8;o4#{DnVxySkn6H;4Zs7wH9%suXZ#pA2^n0xG?AQ^lQuhENTqn z%EKK=xRb5*Lg-5WhrZcX=x?BH_&K!Ov0S0WV$!KAiA%b>FEJ2LzZ9wGF@!qcObN); zc;#MW)#pC2YtVLbEBSfUpFLugvDu%I5**KwG@8`XC3|!{2q+uaF?A36(-P^NO++-dY<&s`p5GTe@sm9~U zd+}4!!x^nIH}?8HwH~3G2p1+W5H*TvSNCK39@~ZO-)Wl{oM=@WF|EDFtXM)sMempO zDH^+VVS;3a{^b=*Y4rKTz*P)d>xQJKemA;s-dvr5xT!9~#eG6G6Q{_)6|YM?ry;LP zTYx#S*Vts${9-B>rb9QvFB0!&Z9tZt7Y&oYtn**PwdolPa%rS1+)P?-IDFmEoc|InmeShV>@~p z`2ldS6bqkp_f)(IOtQo-dvh@8LX3WQN8!BI812zxxM-tNd~EKOx!f|Ym^QEOOqud< zx9Mz_@`%104&1-L<^BkdzRmTtyx0fwsT`QUE%>^6m>bh@@ji9v_b&{ZteeEp!%Jtj zWf?tbQuxyoF;BXzH?5(6&I-?dAkTp?7PM*xw-s9LAcEX@6IHiiAWX=|Cf$wDT@t<3 z%SuockILdIKA*&42%?I8L(JbZl4SoOMm(va7r#>ipdh|?CA=sl7O^_o-nNEFMoV9Q zh2gX4wX{;zz;ch>rOT4Z_vDm&T z&zrp@if%2ITL|@(Be|0moyA~839w;VjoF7#xin;J{^2~yw)59;b7vAS#UuGfNeHLg zLZV&Lv_nzeT$0c43cv={&8o2yu)MBlYk^2zuagc}l2Xa3)+#B799}B1p$gY%&o@KM zRGVXYH*B$`W77<_*6sL|vcrAtA#{J_ zl)Fv9af3XAHVSELO*MO{6eW6HybmSi7@NcGv=PJHoxYxulyB|#>p$1OK|9&py zS)XxGpurL^_C2qQt%i**8RhW-TIwFu&c5|Q*d>Hr)hl*0!e z4>d|f%|$Sq@vL?=M(L&|-&pOs-`2S0ui1jg>}Nx>x~N{cl%aRA-{refd1HVSy3QBQ z#&XR;q1E^+sGn2=_SK3oA07S{PBdAEf-08C!EM5-osX3Yl$Sf%La&z33DtNydMTdDtctqgMWfHV?vFJ7wT}5S=oI1bgLt zX49QAWvbou+P)-Y%Q$BYZz`Lrgu?bHn|ohEzJjWCwD9s=jkie-Dmxu!`3ZRWeavU^ zi8#?BWistS3>Jqf{jx3rLY(_a-PM=wf{1vYQ#QfZW(TI~!k2biUrj0pPfAX}a;rC< zI{;tWcp@|fi@U5`>2$$1uahiwLp-dlL_aP1IzvxGXdX+JO|CLbFlflUtRfA zS>CENXVc$&Q3l02A(S0b0yla}S`hUz_NJwG4|-~(pGm+~J@7f@buslZ71=*aR*gU+ zBbxkKeZT(38{evxjYSqVzBs0xZQ6$LcfgmvDJl8puy1PJd8cqF(r_#ljEZUGQsW+n z6fCL2)T?sUT;_hF7s=|L?oDX-T3Hy6d&2+bzbI?gAg^Xucq#CTf*_QZV|CqhKHoo2K>>5p>^RYoNMUEe(q>WZW?+_$l&7X50 zc>P2uDs|698(F}Bsz!^Jiwmql`%UwIJ$5AR#&$w}O)Du9X?mevU?pzMFmc8&STqHXKV&4aJeiE3IIT155eM^4<#7k)S8MI44(Rl<)Y|5?CH z1oVcjd*O~J<~7(k_7<#vI!C6+uCZbUsVG$x2FG@$>(y4DIaADZZ9y-29|_F2&bP!o zh7=h?TanAg+}zVkY|;FHz`o36yf?)tpg%Kh7XekR4iXEhdkldp%<`*xeL?h=?0<0q zr0b0R)lLY*o<&!*y{7B6u}4g@jgE-qxydUl)foyO`tk`b-%zaV9k9$3VxuEca4?*P zn<%cCr|{CW6&}}oC7=30%5hB!&3cLWGAfd}j1Yum-zl4ZRNGyvn(;ai8Z5GX;1VgU zwVyzd5qu4nFHbv$z}VAEb+u&`oU~uuvfC~HNR8|OB({1R7vBgu4==ZPyJ}tHcq}qZ z{BGH;UUKWqeY=|$uYL#Y;jc3a)Im}V->IQfe^P#R7M5+lKu^c^xf|qlrnnuq2^%=W z6~?{$0tI$=73UiJzE zLr$7{iE{Mq{UjDL56R3x#eHO^A#0WC))-cGwji7tB-JxS`&T5@;3uS-Bo4`UN?f{9 zj|l39GPOZ0{q0)OnH7XHRYfO4?V#{fdR*Lv2W@y;Ko+T(Pqph9LUoABOAVpSLp!1< z(e09L`gMux5;goN67g}S7VaW?N1<`17TyDVtVbItA)@(~46ULUBziL+W|pSWV~U~Z zX@|LuQ$S}1OslP*^)w7k4Qn3f#AML<0@er$l2Kxc-wfxA8g~&lQ5jOdnbkd=8}|-9TPiHTXrgLwz{lp{xDIZG!W1=g z3d!wYl;?m^O*tXecKT1%CM#n1|&2263aaP!i0Tj!E37 z7>WqKw8-tEoimZ(@ydN7QJ2c>g*VB(Z!el4fB$(vd*()p%GqpZ1-^pxtRN;Ow+^E%r*m=7)z}y~H5*IgiIO z$TgiUNQ}N_M)9^tB=_#_F`Tm)=2p)b;CjpQW-iTb`K^sDtTdx-*y>Vl9V+#l6`oGu za@xOJ5|2ApH=DH%YNVN9<^?tdu}*m|U0lhz#Bop+O>^lc+Cvx-PK=B^r@5Xn*Vl zfyl!yZt6?~)ZQi?D-(;%$+6F3K6BMA9BD)z+WE@i61N%6shTqF5Cpp7Olh2joosz3 z{fbg88)!RI6I1(8p+uvHzO{bKuDHVY)hp=C= z7uMKS)@vyI>Au}vU3cj9kQ6_Lc3l2E%NrCr?Mz9$U;4LkXc^^r6=Yn%@$$d+gQHH8 zGmdB;Nju7ugpB&tAFZUO1!E@;D}#4dtKo85kLc1NBueI~)6G6w;Kpn! zO6pC3Sn0XRt}K6u;9uHt_pw{s-#y&~GQ)m3Rfi&-Lfdz!0$Y5P{m9{+ zkJt%xe`kC^pHy?=RnaeIlY_z7Spq!b@dWXM_$MK>%vN7D~9V61$qdg== zpJVDV$KWmJ{c16ZqVCA#X*y{5PQWMLrS2AOUaAFwmH8%=D|cBq%nkWOszNEOWT(AI zJsYO)q#!~WeO~?y>wBvTrSV1>S#3$h$;RQEJ)zVzul8x)5(9B4Ds~^Ilb~u+xw0rD z|5nIXBXDDia^Z9pubR(PTZ!!G}g7TxDU= zSl-IRMk3qM!L$gPp74Vq-JSXvKY4GZAu>}DBzHzx81dYyDI2;T(la!TjBo(=OY=nd zPge(#>_Zo)^$zomGG|*1V9A`-^&+M0EH;$XBgta+Eet_EM5K-t=GNsE6@ARY+t1#& zzTCN#TmH0UvX%G)B{fYYDok)Uw6ED5ZVBRJ3WuA$@nB@6>rOE!^Sl8ECsFmZF!sUQ zESTz|_};^Hu*>W4Vm9rYR>Ruf=nZx?;_z=JqEfa}`%o!My8a5Iac~%9CS{$8tx+H} z+VoQt0x@!J;xVT0L?%5XUL<1AW4OXz(|j>pJ%*x6k80U2^P^UelQ9dT<|Fuw;_EJR z3`#VyBOx}?IUf#O9z}1fkf>2CGJQwcrOU|d%_)l|K;o4oA`q@h@#}b>^W+Q*I*ELk z?6-w!cucGHM(Eb&GvO2PHgZEh)qa=mO;!*s{6I(C6pTXfRe?;&neX^k2-dm3b{P1H z@X*m(5;XozU^Wm{4CCyQ8P;i7E6nhW8n{XYUXm^pX{iOvlLO+0W;Vm7(H4G)rFk6c`dDF!y=GEyVGVN<<=r;QNLt?Dvn@9fU1 z@B2`RtT_?Lz^s6h`MHQcODMOHJ!<5m^dZt00FDlS8LP+&Q#|Q7&H;g8M?{eq#e9yZ zLH~ByfNZtqZ~oJ$_^kq#m)6-7`Q!SW01JWR*Fvt26|)sglx$Pj%ZghW_%m5OhjPd_xa^KR&{B7m#c7 zq!OLOi1_UEo*Ug{U>>O+hmJ|=rTNOD&!2o1UiWn1+Yf*`7`D;6jo%5M_ZBKM%>`;u z@}|uF?+kcX;+YOd{7s`{SrCu$4O4mU`-l_Gs}|p`+44@_Ayjf&CL zx5L*e9;;o%jf-IXp1wam@sJhOaXPQRjgPw9BLdkXzO=iQSo9^#CBFr6<5(>$D(p4D zUESQ@d~6)nQoaS@`^@EX9%w1D@3C=+3JtvrE<($xcJlZQg25`I8+drD(QmmY&-uszN9S+y8V{sr)}LI@?<433c_B4MmdgONM~5f{Uw&YlMjXsT-c_g`koEqoq{b|MO#tq zY7+fzt{|CyDUZJtlm*ivbf$KsaXL9x)mm>*D#st3_%Qv^;FDn_`WlDcW+7X6f2QQA zpfQ$2A1&L@J1%#O$8_!sL0BVpA4pSRl_z zB7%P!3FynL^z*ysH|umS%7;}+Nt-cWt^@KleElGrD25=^PlSR}@UKj~DVcp3C$4C0 zv>>4;z*@++95creDm6P|Tz4iDq~S$yMK{8RZ65~pOGogt?!=4Z4;oGm;_$?4VRIYI zfqF+R@(g;!aU@#2?lMBTTF3Am73r@nAtVYrby=@m_l2*wQl`RR%QqpaVtEZ?ESxRc za<*WOnnjCZ9F~X5e}_W?jA`fzc{HyWI<@X_+SVJc%@qP{=*py8Hd>0DV>-=K@QLC1 zq@Q3f@wpZAUmFVLMJ@ACInaCAj4^VYCSrB^8X1P6YD3l-+Jl#+7w`(&)F*5N1p4JC z_hvdg>jGJ}Kb@_}Ek&3d5pDdHsFv2ncCKJ9G-i0M=G1ceoPnF$x+LRk`=xRD4Y3`^z_+3g4d8t2CR@Jb?&A5wg zYJ#bTB1LRkhpyVYWftDc__U^*^ZYG@==dYBW~p^)MATP?p>Qu%an_kk$^ZTiJ&A}5c4M5*_#hk^jg{xmzGoEcOHzGEW zp*3V2j|FZ%)^q89Ht=>XC<=YT(ZC_sXQAZc1Md0-M4T=lAf=&Ffn(L|ns4Ep=X1z)wW)#XEZwlC7o zN&bW+o8dG~xefFDG6&(a(&O2W)V{(JViQ%4KaF4cZiK-(;OQhKwBfv})r>#zn5vW6 z=T2}82X&A29Z-XFx9cSMw^tI1mK~pCxLYX+Vg{$lejcN{#JXMeMiJ`NH9@E zi@awc*OtRw#m^ujkn=nuC8>-8Ea}O!%URz)rrFs8>ak1-;s{guT`>^gyMK-VuJ>Yk1Y>7 zT@m1bZGg>8lWjT+70vR#!N{>Iaw2>>lqUJH__2N7d=Vb5Mxg*&*a||RqXFBi=jLob zpTg{D*IMT-vbh{B+8bGOa9Z1cwWfwG6d>ie)2qh^8jF8yUxJ`XL@|j-6r1Pl|4t$< zhuIII9?_8LMw(&YlevmP=E&fLFh^bZk3Ri{9Qxp;Cjlma%Ie(V(0yP6+z?eFSe?5P zp`Oh5?j}_*;1?ldk4LhR)m4UhpWiuc@sl zmV`gB-a=CKaKi7tSOCN zv?xf${sN7{gk+t0o>k(+cFvtp?PS;Xn+HNP9l-7R=P;Ai*0LX+%hbL)38M&*Ts>H?G)4>#j{}z6PTxNFYWOTb+ON7na)*uOL0F<=iLq zPzeuSG~6_Gev13!FR!f{yWC$t2!{v@*;$z?LvJvlL-=AW7BEk6-jH&-$F^#`GJf13 zhxABtAt5@WP_gtK-h9|JzON8?WIw&of2+@3Vtq1;MAuay5fO22An#lanK5TtfCR+D zu3=x>=Go_c@=q)1)m^Q8O&(=kO%$)@LG4<*I}c2e&tIIC0A~`r=Fw!v8aD0E^uz79 zU;C@E43+w*h)p;NgI<0(hv9zceo~8B2=g>70ZUB73S;CHW0aj=l2UH9OO;@#GkmHB zEt+BNgI+E7zCZNn{;dRI0|d3xA3t`B(ZUgFaDxNh+4z}8H$Mte;Goo_xH@R@St3rm z6@V{|9W1D2+;W=csqa)|$O6zwzDeM@J70WuTkJ|zBv|vuz6IY%x0_{9Vvi?J^<7xm zQ=@Rm!4S=s{iH9eoI2G&enV?H&M@?d9@r6{t6k^E zybg*n)uTWAh=klmycaLaET;K@BP$hV680O^!hPF`-OJ*S61{cH_H_M9JY@3Vys~h> z$!MEnANA2Oy2gjVYtVWFA&8K#4=C*f)&spP85a#hx5a8CVy8u(|18Cl;&6AKw&ZUH zt<9Z%YpKyL+tke&Ja6x(l|8teW2~40R0R)i{_nHWNS~sY2===_jJYkH{i57OxaJal zx3@x={Olu>mY}U5`&w`6e$ojQ>lDYGr(GoX^DeiCay#NyivIQ2inSfWLYR(1y~(Uj zLtfitOd_l)J&tJ^t?c24XBgi}?k8yix`L}#pCBDQsj3+A&IGe1ofI=4V~WWM9QG6o zaqP*XDL*+{Sb;fazQr%9I)mJ&cOqfM&Y79?IRY5k zL8Av-7pEkwFET?|B>qiIJAe3S?Lm{*(hrE5osw%ZzAZs1*!z&clsdk+s21=vV4R*G z{UL%DkP~Mvsz15`{}V(QstW|f&dq2aov7TFCxafGcpe0fYSwD!(!?wG(e=qy!_ZH^ zCCPkNPx3msu?v{sPt1_6ckX=2YP^Lk|H*HeU-N0YYhN^9Pd$X(Aa~aOA58}b51I(K zMK=kF0wm=fra2<^${mkO$^Ai@LQtDl=NdO;EK1$tyXW4wX7x^F&%&4znCjQlNEcyybzb3Vq-8;q zy*fxX3U;(I*CKji`zae{f2oIihs7f~FzQs77_q==EbKWrEUZ&MPvOrz|#%!W--T)+9lt}V{i&WHPl;q&LVhfqdM{)PvXCs|*;VCamCt5d!H=2|S$ z@CJJ6R(VxT9ClZR_Luubjx7_rGK8Eu!uAAY&S;~m_JI0%`ru1X7AgizXKTQ+{0At2_(a_nR;M#yr2kjv9?+$IUt) z6BOowv+((&eZRWMHiUduJ&*E{?TiE2X z&(0Y&BK@|p`Npefjs1l&sWe*=A zl){34)a6=sd3}^vk`ygIw%X9gwRY` z2$Eh3xfZ-~8y)1Q!Wf5L;5ropKr#W62R>iJrk)*dF6YhTg2X0uZaKSqNonFk$Q2XJ zeN(0O;ILe*Rk9O4V4OHBk519!jBY)U@rpDXP_A{zA&chun@>#7rDne^*Cjc#x-()R zve>C*;1TS=xSj3WJVfFzFe@f(_>IuLKbVjg4@{iCx-Ky*g{DUc5A8Wa>T8Z|B|Y=U zpJ9gx2+ddSH|7C3k9WqfSS1dR@2J@@a0LBS3Onm*aRy+Enpw5i4y4h>E>0|$t(#PJ1NxNGRA?6b*A$oN>iCgd;{9n5-#Hd)OlwOXH zD6aUkIpw?Ap5#&=?u9|Du3x)-Tjnwo=4`cPC zcW<(1jrTEp_u-|HM2(@y>yK&s!5|ZQlVP0qET!^O0G8T0;c~h=S=n)t5Bx!5Rzp24 zqP%!gmj_e*4t{{|bqhzKida%Aj%46d(U}1<#y*|tA(QLfKsCl;iS@b6Z5e!d>kbQQKt1Ul z3F2!0X00ST1=-_xD-N4a^#q4?SoN9mhhL(H^Gxu{UKjAB@M0lR+gKt`4cYG{3{wlr z?`>pFeSrp^B5H$SH<4S2d8qT%K1w`EH1aqzr6JlXHp1qh&Z`eL_a3W1y=<_0d3#lL zs^+OR>vB=o);=;Jz)n(Ia^N)sYkAzhfjlN9{%6s%7 z-;HMzGo&0zJy2>k5t4$X3%=|JG_g0r!nNrv1iPWz;uCwZNgVC|V~9hT42S!qBpEc$ zbJhb=6fZ#i#2l!EB&4GSEkVa&^l|E!WYqSN+QNG8cm0~W(a>;M{)XRrv--%!y z`xftkFbOlHXm0??9N)(6Po|`s335gF^S-MH9!l+W-H4GPP%KJ|?#`;MH7KB~R*y5g znvhBKjGP&ayHwNNwTq)oW{Dw7m4>7{Yg=Q`)V%3gVzY(40n6DJ_!SC3ibQn*I-wvm zt~EiKct9@s0Z|6i<|k15{4n}5M4F@))Aiy^0w8jIQc{hvmm?q{wx?Oh@I@CJM(0wE zL*>kaSmYbep9i_*xb^V#`)VG98H^aJ&>(h;>vMxAgKF<3TN4gA+%swA1>e;oN)|GB z$1qO)`Yq~l9eo7ca7JlBfC5+yFMqiqhj!eOV+CZO&s}Q0L)$ z;iJId2r|k50z(f-gTT9EDjkv{4T{oW(COXd=li?Q zbDw*k=l-Y6IcM*)&)#dVz1F+lcjT2Ny7h^Ue!o@7FWHDh$;1ghGGk_-8i78<1D^;@ zzsH+dO?w9l&ijxS*?l?&5IhTGBh;8^R=rSlWo-gim{#;ix~|G zB5gyA#GByyDE^{*_I8dj5eT^7dWLrw*cbLcrt3o5$DrK;p6@V_wi72E!~Y!af`9d2 zvr9&Od-NDQ_7=r^s(oaS_j7!5{h5%nG<3*)1c@8_<83N8I61&UX2s+C3TW(qp$r9Y z4!$+%mQarfO9IX7syF9bqD8+i?$C|(By10rZHW1Hv|tZt#*P+3?#m#d3AwWm_A_|x zSKm&9D!$adpLZ(3F!2higjIdQhtRvfo9GDfax11H0J+K}(Ud&=!%68}nl#zopc77- zvSZ^ui~OqcPOgE|7`%Lq+k_TDm%xLFy*V6h8E{8n?UFd>W%E#bF#aJ$KCGQO?m+UB z{W&GP?7tyU-4yzHb0lPh#2*@(5E{`DBm(lEEK$#MNpf$U;xSeoq=Nc8-@$@fO&JcT zA<(9o*~l=kX9cpUsBeYiV1WQguQxC#XasSXQ;TSA!t#smO& zci(%1{Y9YPBkJ9j=gz&rTOVG)7{PPnr)~nEf{mJL9SMKSC?8%@?)%Gm&;V-S{bpnr z^EVR|2uc3CM!~z^865<|385aU>)aS=OgDY~X z0hn`Esm+5L{$kE9Jw0|07p^8+5pcZ3M`N52LEtO1AL{4>9?s;DZ>n{eF5G9 zPWZt$4mw6Fh|2RX&Ta&O*BQVzX#Yuk1$H6ANI@Rig_c2B|3$E%DuHk*&26?Ws~4W_ zUR|#wwNyeLlr19$bu}cqvjZ~H*8VCF?>yZFIBi` z(l6dyuXIrsW-EV22t2(Udl6t|*f836ZzJ^tqX}D=>h9=fe%pmd7?MiA)bpDO}BtE8MRE(kIakhkwdTLd}3V%01z>cZ3hnt9S`g=af$r<`JL z#O|kO*&*{%shvOYWUy|l03E@2dx6`sdl{T(#Xyms&sOf*siZQj@>g*pR6`lQk4eC2 zi71EalI7g{o*?TKs1$rd^3Er3;orFyZr`FfGI0eizta|_*rV{bN#ls_R=X>xaAl9E zL^ZudfxJQpB?sm8;^k{R?=XQb10bq+1NwQbwyjjx7t}LKW|-Ko*_@n5NS(i;X`6Mh z(d$?EA^BBAN7gLAkmk8H&iC3kNK*1^ z7{wiPF=bc@1;PRvF|8COY$iWot*<`r7ATl83Sl$P`gT+A5f8Lwr8vhsGhqHO9qgS% z?;njQs$dV`QQj4x2Jl9D+N-N7EuxeVr;DSuBS}ifIm;x(D3VNrFjU0)p0(PrY*T$} z#!3XC6B>qo%(L<30W96e98^CuyBQZ}<w5E0dESWJx6_8}dm#Spd(6J80zlT`)U6YuH9 zsA=z?MKW|orKADv=-<7=E=l&45!hN<-X9$LDj zDCI9fv)J(uC?zh$rk~iGswavOTdYw1RDUUN6IZjE+3#gTe`G{S$&!M`Q;cW}5Ctgv zHNwxrZ%}C;-%LLMM-cTBT6*cdJJ6w5$R1|=6a>blEnfWV;jC4XQFt81)u`J^Lz{1j z2@dyI5@P;PzjMr*T<5nm0wYS-(z7gW!%su<+^H$UNZLyKsNa4pK9ZG8e_#9ZbiQNtr%M{W>gEh?bFFXM^Il?&b2cYVdw zpZ-dPnC%j|V7YZ0u%PUxD%vRZXylSL_iRi8#mn(9NSlc=uV*w!h%+_q>OLMy@-T-oB^hM6LR zF;c=(sUJI}5PM`#z^(Nj<=xO$VG#ijT)Adz3NE|J%+*T*6(S7%q3{A#8ZAp;ODJcg zM~E+n(%=%z06k3DkhQV~7nU&8iDeC>pI3@wQ_UQ)G~6W20zsUm*B}J!>3I|jUjPJK zjVT-MMGi@3-P?#E2^gP0+kLj03^5S+SijfY zhDaB-XqXB78a{OKv&EK*raGFYuKPP9?Ck)uBO@|5gjalkMdVFY1s>Z|FoWn+N0$SS zOgiQ{5c?Fp=K@MTV-=k;*az}(t=CLaS7!1ut(R`nd)^=Ovaei{BU8Jr0ia#FCrBvc@#>h3%3t}RXCa-kt}XU2ZzkDLGTT2V5-LX= zvl1bp!j?g^J>Zs`p#XcP;Y7>E>T*U5$i`l96|^{Hw0;dRxQ51OR+`?lXJN$s^^1Y`x$xe)Jo?+84|p5WwiOZ(UBH~KH}a_SGmxH&y9JG`9g&4qx^u?G22c1b4b$@?{E)uC(lNgxF_q_c9J4-)E_T7N@`jYG z*FW6^1+BeVVAefN0S093U13-s;&>IyF#Pp`x(;!V8F7yl!7JuaYvivhU^rv3oP|Vi zTl1vn>26locj09ntTICfcr9!COA>8Pzr`50`buy2OMV+NL=#nz%{e)y{vCbuWjLc# zhOt=KW3`A3;si^NKwy5pNyxOoL!r%<+28XbI8hxwNi>i%wb^O28x@*=#mzk)T|G++`vnHg!^=FGC zRWkS0k5Zl*x|ic(P&i~-F*3Nqf5-9g!fqhYD*HP#)cncU@Ry47gs@c8`OC}f?q$iE z%Ht>nqK$YEIA3DDuHhAlf9{A|W80}{Ff)R7o2MXh!%}FNmT`4=QL}+woBk?7v3CWzBK5Z~7XvjVMG3G`MwF!6NVejDb6@ObGj!A_|}K zDq*Mpx9pb(msf4lC-vyr3-vHzX{k;1*5qI$*41&tjTU$!qm=oX!`b4wa@p4(28Lt2 zx5?gH-zmO@8qETU5GSe#UOdh+LCUKum9l*?v)2Xvu#G zmLaeRqppq(uOv+ZAaM^0fJq|kyp?~IwEga!pMFosSBn>JYJmzWpHgmW$z)YlX`i!9_bz4>d-D4%dnS}(LXeyFR zRScj&!`D2U#wSwtO|DhoyVez~M7$pJr3o>Cmx`hVn$6%s8x;wfsg6KC(V4n>6n*=2 zDD&1Z=S-T71Pv)7ZIB&&Pyr50j0@pVHt&tjWyVenP5(E9a-(2I)(vc+wI%T18bJ)$ zLW8Q;WYvX>siAB1^ROM4$ZG^vef+=I7eA*Ozu56%jR9=QH8}~p>%qsd1Goq0kyrdg zLvvjr;(Y65%?2WSV*UigX4FbEE7pX z{pySX79!4eG}kMp^X02?JZy5xb@vLxro&z;%pO+h7K7J13>Ezw+^N?8E(~dCR4uOH zEHPuD#jf4Mo~$+s1i81tds%#(1~=gh_eP1f&1vx(mfQjI>SEpJ+faj9J_B_sQSU*q zn#f?35aip#9GZel01+!nsd}_j0&XjL#h|mrgJ4x99!^JnlnJ`NXdud1gw-HkB(!Fi*3J)Lenr&h&to6v8oQM z#R0P+hWd~|2X8Pvnp*U3mO%8K*Ybv7@~ws(K*P>{s*TH_;U{Z$?{14GSG!=zRUFql zCuC-qxClFSO0NrTDfMSmM+pwR5Kzz_cw=7}Hf3lTXIdBr#Mw?56J1#l*}orgy?RM% z67WP}|Az)M5mlO?<`&4IU<5dt-}8bkdKpya*B6GxgTzW|bHv3KXGZdO&`*G{fF5AB zb)~sp6-c2imwVD$CXT>w9Bk?Ie+-35^>?THyBqvD==;#*zKTNrRQM3zqk<-F7K~qqfVUr)q*kQ{=XzncuSYVbS6^%K{?&utf?O=X?35bV`}; zMHi3pp7!e5fhpyx@)c`YYy zKt6Q^u@FGFyWJzE_pGgIb`OA6zik^}jBDMK1A6nSigR!$dFk~W*(TEL9K|_D-~D|BQUbkv@{S>#%Hk$e$xTVznBO+C1v3E?wt8YJ(wSl zy$R|H1rj2^-b0{a%S8E!C;`7?w+Qnvk7$bo5zFNe623}O>7I_^hi4AGvB6Wt;m8I9 zA_9jB+40z zBB&PMr3RCNsuvMelHa9EmLF?pnZJ)Cm71uH#Rs=#qJma~pyp@wXQIKif|Qp#!n{OHTXi%)CUoU+Ja1=8JtEynZ=s}pM2hw>={68;IN}Qm1WzB%s~C> zyY*t)5Z<4OLQfe9T4FM-R&!dqvbWvRB7lz^2EbaLCy9<3Rd>~@2=UpJ_ADwB z2|E)|=mOsfL1@V}@I`|fk4{FQXy7M0UHfZo z4qPZsFr%Y|LjH(uMXzA61rmI>lV5gsX}|22V2BFd{%2SsSclb^iF*204J=uG8DLZ+ zN?=Du-USXxiz0iRnjd50IQQ$i>G5~BW5fmeRQ~(%7Zc1%3M;l$`NMfCY4&I<(!&_l zrve8z(&0Rr{%=oYMdh$+nQ>x*TPpUHRGn~ZBj7`zMS=I3E<4`xXgB#fnL(~V=R5vS z_WPKAdO0IjXf@eCN9W_W*ai?L)XP@3EG*~}gjxTdiBJR(Az4y9;7KuZai|Q9e zM*eQ)+D!2TibeSS;8~5i%JALUQoGePqnB61o&~R>ag}z@h*^#WrNwy7NPsg2F}f%V zzjxRqUfhjp`ZMd8b=`{pI$LbbEQ?oB0t)btq_`d3`n1t|1p?0figCg##cDMg+Dd2d zaNaboXEzY{xGV)}9u3AJ9T)hqE8dJ z;y?X=x#EUirL@IX!L_Z?=wT$S)0l+}wh`0e1@@d5z@#IIc9X*eXb89QQQoCxWsGS3 zCJXRrzkfdDuOLiE5!O+Os&}nRBJOs`JI`(~@FzGlP{^`$XHe!uDXTV3QKkQ zz&9E8>tzAo*4=D>GX1gUss({){!^g}`yU8pR8|J=i*h zG<@i$iQN8a-ocaz-GDi5YV8PGAJ74t^aKr~*+*VxA{Q!Pa=G?u6XE07SptZ`zd6%?8lQ+L z(LB_fm-rtd&JFNP&J`C~DNpIh*nbN_Hkd&d6s<`^M*3NvFmUYzS3N8U{2TwtJ`$g* z12|M=)dSr2^+bO>=%Z@E0e4y}L4oU4MEpfjM)f+&;StMU+~-6LCBO(+D8Hn{-OYG% z_|S7K{y(d~0Qm8Mn^l0Y;$rI}lwM(vc|z|2bzIILCw-E`w+DRwlF33J1+;9;g+j#LELVFVfsSc(;+7-%_+tYfe8 z$)Dub-0+VrkV~)r>fA9N`B{ig6yoR zg;0dD3DusW{Q5_y_)2nScuii6b3oyW%ikZCs$_Fe8$&&wmS3Zqy>OJr-@3W zj)po9o3KnZ+aD~sFF2a`$~9(Sy#|d{O4bH%OWorN_7u~WF&Mb#T)pKY8uKxnb58p( zHgEeD@GvD0r&CLxUu+>VlC5sD)dDwS_BVe4M<@a_{Nc$w_!7CvYUV1~ZXKBo*9ZR# zZ23nav>t(3${o7<8n~DN12=14V)Y-5<2Xa>y)+ap^6puHb3b9{M_`hYPxCDc51YC% ziSn~JyKq%eLuQ?b;EecZg^(biFh%|$ARjDvo-?058?bFj z{4+v$%CeKYkx_J+aRu*slLpb)!en7!OE-Sp1yu)jq%X-smVLQUwY5$q4c+F?=G5ig z-#u4?Te+(^_JBm>&5g(LMgqV7Gc@;rdg7}7(-#Jm5r0|THFzFnuYv>fzjlH=e2Xw{ zH5h>>3tmG-KB^Haoq;SlOAdBax*_xP&4ai zTLc>sQMS@85K72PD*b;RQ2jw~-DTkOEYQFrI3b1gt@bJ%<8Wn7z}>p~SfiO7!qj&V zi7tJc$i17yS3b7MYz3pzU*aPK+E#Kw@L8$Rv5K^k|i=ExtQi>{$ zV=Yxf*~OXrut8In5boBBkiSChczdTv{ z>0A2mNq0G7R=hl##czQ#D=SC;^T^E4U!pb8leDC3@fEC$rJ<@MKY1NZSGIA^rN2?td( zip#=1i}zU&wd925UFb-}{`*+`b6UV@=@LFW__N#>E(C3g0l4c0YwTGpa42*FlfWVJ z@-WI~PX25ypvUE*pNR^|0`I3tn#b9-6B;(5!=hp_d~FTPlF_F}a0qXZJ&wrJfs2`{ zUFvLRq-mkNw!MOl>$#dulL**-c)L1o_7{xm$cQa?>H?EDe(Io1n{k{VE#SWSKuB5? zYTaR`MOBT#Lj~Q6R0w=d%CvZ>gE+}O|IXq3cXdVf6i`VzdbZYDfXe7&TpG1v_?dxs z58AO9?48fz{)pBLKPRucD@{Zox@o>Hn-810fe`2jh|`gA9JF!Yp|w^C0Q_9_XUSW5tO;c=?nUu<2=S0RP?pIkG`^f0;4yt9UpAx&Fh75MZDDr2x&*{N)~VZ%!&`-|hQrxX$W^v@2s_O} zI&);;@A!@Alfx>*I8^~HQ64GvLqGRk5M0qp(aqFx+$wK&nYBFdYkMbm@dF&Zanz{h zp|v~JD#Qn#Z+~3Po&fOyCzZy!*xsyxCvuZQh!PK4+iPI|0{qGGg<+!)U)D!Ie@&rN zWfE#Q06H;c;`%tolLL zlGaQNm7aNNXeLQ!aRTQcOQSH1lWb^De~c)0PEByUS!Cb}E*LYZt2v`8G%{yVD_6=d zV%xf~6Y%uXrAC|(_|c(-LlaZacC3|Y_d(DZ@dRklzzW0KPCr)^Ej~Y)$MJ+twx^v$ z$cOj67IvwxD-xdvwRFaEtGD`fWU^vz^Ob_YP~c3=%AJgncMYpbHN(_x80Ab>qo}`O z!08a)dZ0q|5V}{)O-qTYOU@CW>kF>`&bv5^1@%78DHW&Le00Zy1)@cd6#zX@RUb&7IwV}@QH*0Kk^xT%!o}v7S)#q+mc(H;H(aM5uwvcd*y;`MTAM3v(#hXDO4nmdnv-AMwiEA%lo7 z8DYo$EYJnrI0Ej_kIP{c8l$_#j9F-y-5LmAfZbMf+Lx#1ja-E+f}b^BWWOUEp~c}x ziGXWAo3$^tKhk|MTMWFIg>67W{ATUiV00j1;Z{)ex5-|9d*wiylq zs^#xBh;n`N07zF$#w_>MLRAGEa=NWa^ql(d#@~#;93E+ZIWp{-*qY_@Gg7{f?L{-X zA6F4?0IKxG107JmfDHNyphbTiV&F~uFaX8emk&Wc(OO)g3tOjUX8of7ExTx+B@AVi zM}n$c^xeu>y4dwe!Jw%iR$BE_gaF%*zb0%%|Aho9`{Sf;!9z2v8y}iAV6M*Bg;(%3 zS@XUTG4yo-;Rv7&End)+6b(j)}=h9Hv+_70jhjm9jo7#FuCwt zOTmk7DrS@G4x_eqK2FyFjK-Ef-f_uy?w#;s?98Jj|KV{AQm$Kr9J46{TV}Oc8sHW{ zy7gJRzHC!~ZL{nd5oK}2n;dtmuo-QOLgSsCsji)d)Uu#~KF67P;~*<0aUCY<5cp0Q&6h=Oub% z5ILXuy|R^IZ#E~s)zf|8T=#daNq1tZ;e;!q*>*qy71O@RWeI5O#(mlk%3K>4`SzZw zIq)~F=MO~Ui<-7wmbj+Bi8;BIZ5$3_6E$!`(6CH?kr-J72?;|c32K=RLgfQ!@La3` zs3zLr8gcEGMYq^jmlUtrpK!wZD8_j<);{(*XV*Hi-dkDs!G?_$ad)3CUTB|N6PExu zqgc=myWZNxQ6OMW>B0-aOL{)LMZp$h^UPf%`OQ}u7&;7HlJn$S)Ph{b*-yE~sz!Z1 zkU!kXsa|8W`FqWo?9;~GE1@QAIxg98LR~9C&6~(i$1XGwz&)NHEO&3CAo=lN!yGkp zZzQZV8iBmC#Ysa=`W6m3M1sVK%~FxmoXXWN!H?yMs}KJQx)gd(BoipM?6I8N+g_VQ@Nv?0r)rlC#0zV_2I21#U0Xp%eN zAgF3qEgB+Iq<_S4`QJU7xsM097EgP_iC>y{eb(c-1r;R-ExfRHuBDh#GvfGbyvh_h zWjeUcMR&t8^cSVqAOdsQ)$|9Le`lYW@%s?SY9~m8-PU1)nufgf4V=56*iSmZutMjp zr#6N_TsBFgvprl1mJnS^Vara7UCZDkDS10*@=fi@p=O{UNnid(IO#;eZp+@MNgWwD zL}0NX(SL<*>DQDQj6^U5A^xia(!3amFZpOd)hu`v z6JYN@>`}{$`jx|)-2Qg%Zb+w42!1>y7PXVAeb%@+ zNs=G*k%lV^zdz$t9Hy%o;1E6%*eSLco4{9I0gmc-FDHXL&zM?VU!Je1>SL`)ev{64 zt0b~>XE+H(nm)X4ffq4xm^8DJ1T4c_5We8dDAM-92@d$L`U)JQ1=5A6_Fz`dXqZ|G zd60cvTe3*R<*CDd_z)mw@SNZFV^ib|N<#Rgq&2G0T-I}51ByCyY z%w3Mp<$*&+$QzOL1#cJ`knu39)oMkx=B>H_1y9a8liuN}c8{pm@UpDzARtMnHh7nI>{8_OW?6~-KEyCq_-)PvHzoi&jnH?Ev(>*Iel(^tv|!zh-q}6%VMsf3MWIN z60Bgb=+{Glv^`AO=XE%4MAUxxpwx&*=5DOG7>?+e{y2K-paxA;1qL$42F8(y^b*NA zejG?`5ftuHA8wOq%RCz%T+D5OSG+|U@C$NxgKzvN%aS#!urLg4=nkb#;xT)NQBi%u zQH#KM9Pj$HJNC0vk$Q=;iF2||g6$X3-WX*cJuMmT3j>c?9#`dmuhG(kQc5M?RDi+R zHj}eoY4DCc1pAIvf_6xW3k;lsn#dqniaUSL_x9RW&DtY8C~Or$|32C8>WM*zVuUU8 z=ukluvm6o-6k5S#A~HB1k#zbOfFC>g0*nZYMd(wU$bTkhe_a%p1^F(GDKy9E=~=yszp|g$&P@zG^B6Ra&|Amcy|p zNMS)576duW`&2a2**qDA$VF?8nahY9QArSoG@P#$P)lqE-#NF*B-@w!btD%(-#{)>`lW~M?+`A*skh+i%fS6PmLLn|l1 zUpH-GE@Yd)VI?fyUlmK5vE^Irl>H5!DF>7D2xS$`TvpjD(z0N1lgLMP$ck zdhBlvY!5_#VttQSVy8o{XfUzsqNx z+SFe@u|z{+C`LXsT9$}HAF};?QeVyT?yT=Y*!Gl?@K#SyV*>DZ_>~>|K)nX_ zOo7?QA07igkklb0%_6HAV0cHLIa|lR@hxjnT$MSF?laxQqB`i~WARsg?$bF64_s*) zGV{FO*^;b6mP7kP;-t5z$?8|cBqHKBrTYWi@rF#RyP4SheiVL)XrG`@|BbOK7{h_2 z#`|Ptiu*W1AS`es%^G0)Mv?f~#yN}jGqZ^iq!-y5;*(a|S&42FKR7%Pl~k>lYA-Q9 z25^&BHULh$LBJB>CjzJv@Ib1zKFqysCCoNyEjjyn`{mC4P z7D)M6IAmLPx#k^BeUAjdcpM@@4V5cW$X`?d;{5iv4A^ z_B9)bd*2>1R~*})h_K`5IloER&noDlw8sWhzFi0lmAapdao1EP#s-q|b zMi8}35s5FD?w2Iwy{9eIB$rWeuEMmYHHBWEJl6&6lM80$h zdLqc4to)Una)}!Bx7Meh`*E`OS$h`#ST&aXL+7i)uns!gtM+qVA}YmNNufQ+**91?UBDk7QPKU+ zC9Z$pSNIPD_@ea!tu~L5Dsh#2YN{MYhE{p z;LT0+jk}TO$d~0mQH*nVBCxz{VUlm@Ap3a!$W1tlcv)3HuZWBPu0*KwIZnj}l*VaD zu$A#h=B}`U0F=_!{$tjKHWwJc$q-+mzn7yztj!I{ajznilo>b%IJopuG^_#3n}1Ue z_z6u7Mf$uk15GFdQ1`l>gXUtUe`J3h?6q9h_x(gfCwqt!>Ba6Y#60$SszRJ1L2YfW zbyK$b1E=N3?8b=}ilp@LH=oMx_80Xnd4tfODy%^~yD|=3TJ^<1Ngb7E)d_@CQfJ>6 zStjtZbwSsKR|{~luCGVpdUo-F2&sS;fB= zTAJpn#9r5~S=>Bwu#f$opjiCK;I{%u%Z~1i;u{CN&tSqih>~l#-=-k|`DXj)g05R0Q)F5=5cR)p8Du;%WL;_}r_zkw-E^dZsP|&bk|&Uf|}7ZR_|Eq&Y7(XwRyFa?A+;272C>Xgp? zY-yge25dGkPeow;{_hC6yU0PrtR2kUtLR2exSDhR1#?7eUP zE+<4S{pgH=;(qmi~rj|^_*a9dKaK(Qx%V41-31W`&N^fZ^F1_D4`WOyFXMg!W3wqBa9 zg~JCb4LY>pIx?}E_P6CEN2_A}$C}6-vOPesc&=KcDUodj`33m2U;`OSCC?92FV>M^ z27EO*2pnVJx%=7Msyd8|xfqmiqw>}5!mv9jl~#=A*1w})_-|XkxCux=SFJb=gX z4}1c))dl%=6_{tcj->6rh(#VFmrq-%#i&7K@Tc*TwTexxpFCY?Nu6E4FJO{*rYcAV z?l}Jc{b4wyvjq*Cy!GRg5AI@H`^i1r-T&Wzhyxd#{Q3eS4{6%FLO37D6Zi}IJ!l`f zQYkP8KM%GX0BC?+iqb(lNP+rh)Gvbi)-v)pmq$vl2mE_eI0UdB%jdr@ySZ>Y?Te;B zMyjZv2J%_8;f$dM2glg`GvuKFFdIr`^FM)eVES~m(fI%M-zHUHss2rPt*Bt2QZ#m7 zm$NWTDWe!jMLE9#sb=D+zl_heQ67s=*VyiJUEbnq;S-5X_W8i909TBc0c+9k%4SWx>Zra6GZ(TCIOSgM7Y~E5Qrbq+KfvgEk}6--(N{@=t2$;|PN(!>?qWi(XE({b zi2`BJnGMq~$yDY~9_{V82F@LLK4a9_!0o3KU?-CE^;|$`<(}`qC-b3xr>km>mQ81skkFs0Ha7*YFkTDxGf372=Tcq~J45-P-b1^Tnovw^? zKKqSx4t`9kt!e3StA6YRNq9IL!GOaMN%STe$yJJb5-Bf|IG7Bpl|@^rvy+Vi@aXXEbaRz+?p7G5V-puokvIye+H znY%tNL-t*otLMhAQe^m(3xBK z2Am!M;|g-dDOR5fx{Z?F!A;2Zm@YiJGqo(y;pkFcn461@*NqZcNdN+V8jQgFmf6uZ zHbUUULA~)U_&1LqK4gcM1h#AxWf?1{giC`QdF)h!S6IiswFMpr72UJ3fe(0!c2n}& z;JWlt*~645{4e=@E~!&#QNcJpChsNqcfC|bw=(dBdxoU`o}aHzo(iItNgzELKzCw9 z`7(PF@Sj9VUl-@rB~5oF6aPAUdIyEhyHchGGxVvPDR$i20vT*({9D!*K_1x>?YRGU z08vX9;uS$u2dT)DUl;=-wTB$gK4TyVYoPKOBFGSNoo+Q2V2_$&xc|4hfuW%`19gPz zkBCuZl@NJV}i?nr5&4A4T>U- zq-Py)1Nym9n$3Tw!AoY_P;h7nH*Z&~eo+r>Rvn+_yqiCfG^WG1v^5CAEtXXGr*E-* zj}~QVnLg%oWH$gqI-Q-^{pEXq^7TJFvp7-RW-^Bpkn^*TShL=7Y zy$;^i+nFQZJXaca+_8+~gcPLO=A*onW20$fjabsbao%M4(>H!I6c>4E zyd(aK6npzAKt0sV*G+nG`M*k(R68|QB?e@E&-!Sx^X2I@Bw4sQixUf9-38|t6xy)| zk4?2BI7z@u)IWZZzkR+D3kTsVJ{mQk6lL&rH*^K3NXZDKPu0FyBqjjoL(jm>`sYU> z%NM|coPNiW=eMK*qY@b$Cpz0_BY-NWbWXU(-@2dl%G5Zu=ff@Fb>y4dO+VBr0HKH9 zLGHm=k1x1*x@B*?NP#cY<347iuBk&)H$Q-a6PmN$wgV1N=9}j`S$Dh~b`Y`j64jth z0A!!mS14lw*($tgZ~{?rS78FOo~f*#PVbY;rvXdr5nWBY7xH&xu@!GbM{kWFmv!@i z;g*9O%HmrqialNKHH!8%G}n+8n@2#UBAibpmKjkYN8xuxIx57C5=#h|jk>4u>*>vI z>S&-#it*z}iuQValscBh?cw_Q#}})d3ENMeBfA-kk_)znZ|~TyO4Zo<92qY>t7vU| z-?nhjvi8E6xq`fB9((OHpOFj;r8<%>vsR-DTF&*vhwg&X@(MY&$>Qs)2aN+urPFwT zW~S1W4$rpf0jy-!FkFR`TxkATdEmm?6Ux>vfjASZpJGCA{^o(q%fOYOrxH`y2lt!X zj(CX)@VA=rATQ-dtPHqcX#(NB&s;rwE%tPVH6@tZ#Z4JD)<@rc0@i$NIMb&ny<31f z^xFf6v}pWyc%@pzzssWDUjZ_mq5>7>?%kB1eM?Eq=FN5=r$y6z1qy#gUkFne%Dm#p z%!2S8Rqz5q3r(c+z1dCW1o7hEB6A+d46e^?_6kz%UB?wiPDz<>NZx%3fO9z(`Zv0y zRyj;;V4dpu2so?x^2k%vm7 zImlUK>J|wentlqz&x))Ps>2fNi1hIZ?nhLXgzf})5?Lq7;_a#UT zA9`AWd&V7ciVk%A+c*N)JxO~zQcNCrqVxvCUGJM1%oRX=M`=dzL>(F*jsN-G6@=1~ zB2-`$u*%{?@RFrxJe9&MCXP_UOs zfLdJ z={(2o4!Xr(&o>3Mo~~a28OqOm5j*e8U_DAw%`ddp@RskY+PoqqV5>7ryWy<@|y&|7JJdDt>R2XJ8F+n2m+LvN2U6i0qIj@hmS@%YOI;0k*&764p((u&MopMHF_1^m z>`ERjHy!OvTN1};tXFG0PBhY9jU(+i<)ehW>;|6%h$sDgXO7By zp+46^%fk(QAXN}K9I>Fe8pb#CS>1mSTX$GzzC!@RTrn)Pz_TW+s$0%-orMa5+4pO# z`2j3X>_NEw$7L^hEkI+>U*1Dhr=D`Qc+|$D2b=U?zP~y-x##R)n-gxV`9mk|*{tFA zxu*Enu%hy0DQaw;#!vE^@y04Q0Poq#LPdQSp@jJ5M{*Qp=f01xn(LX`iavN7Xl9`w zPvc?q24PnRrfQ~F&7s&8gkkvyuVDPnyy;(VCu5l=E$j09Z`pVMEvI!Uk)SV5!A2te zBsZ4Hc37?edH^*AEvDtz@Fj*_w}>2)i3fM((5-{39|ijl*)eEj1*w}t|2@W@a?B%q zD5L(B&{I5H9Qc!)=*xSHJUmFdu5-i5_btJwDN2%fCLp|?a|BjfhpRr@9+m4>w0v!z z@xMj5t9^wT+&Zdp?JXq+$&gKq338n-zJ5($lmXEI^xYq7SG>DRMXaJo`4Au4gbyJv zZz8PDa$@7WU1<~)?9zd^bY3LZx}jG6v5AHAdI1DbJTG_mZ-R+#Urg#Ng>N6E4DN$K z>>jgazvBs_Nl^s@VUYanvJDUNY_p(V^O``VY04G>M67vcnEOWE4@C#pulKAFl$gA` z0v%r)yKlRUl`n_6&U8SfuOQaVQEtgu^H$!2CX0g7gFEWeK@?|+FZ>Exzs}c#K~tkt z+O5Xq=zjeqHG>w_$A^AWg3|wAY`u3pmEr$CevZSjXW-HLU+SE5-{(Hpc#Y@l`FvgPz&2R; z@Yt;|wa$EpmVNPknkfE@5ftuk@BWT`I*+94?)J#Ho2Uc@Ezov9Jdn754R$P2{O>g# zrJrpD^xLMgV7L_oIhkS7H7&GA#p&}3)s+XM0VkscOhpjbA2bCf!s|DpduyH@@&e99%pJ@O{1$m3 z376n_20AN!)$Sc>(9l&5A6q_tzD!rG_RISuRGppYbK1JQl#PJXP;$p2x#qS<1#=41 zofne+B$U;Gw&8+TJ=XlfS9p(Zx-upU10UAq&x38DJKK*rGd^j|Kbw=oMsE|y6;Xe# zY&h?gWg47daA;Sw#SL9=;9L;u4_Xj0XeZe5FODX#Y_z)wI4@F8gLD$?yBM)7TVG}* z&lY)EEiW}?Lr<|QpDyymUJ+3ff`OIgJ^PGq}v2@%VKG81^s#l(PvM0+=6=4U#2 z>`yd`JcH@e@>@-QTQT|>>-=Z(R~Fy=Ae*&%u9>G}m0(r6=90ZV!_i}ZCx_|TbO%>} zFZpWjRf7?#4Grc!S7elSs^&{2IRTZNbNZ_NQfkk}3C6a!HSuETynB>t)-QYp6l&J| z-g-A_uVT4Hw8nSd-=(Cqbk9t7klQ_8AfB8qulGn}-}JdA#RD1%`Zx5_PQmKn++${Z zZ10&ql1K3XoZ@X}p`L!Wsa?+(oJqZ=$xnK_;2z~>pR^Oq(c}ERypX#61#!PWTEa68 zI_%dLWC#8v;5N;gcg%$KDE&b2JL5Is*PAadZ?;K`%%l(4|7=jy{x%8uE%6((UpT^) zwY1~SGcd%&Tll5zPWUCmf;0u^!h}-)J~-g>qtX;AtJe>!Ez+gD>IhbCU!BQO3JHyf z(T@TG?s>D?lXUB$=bzq1fO%pEhx91Duhl7AWJ+4&y&voZ+FPv~Z*L1pHh_L>>31w{ zDmMz_2fssTew7B&loXq|Ptwp(v{T>S6H?kdr!*wn^Ef3Cnvqb{-;~qysi&-(4S|TD ztztvO<_PyRJHOg=Bo3^~pGI0lQWotlIFv=#)ZJm`llUB0PB%Eg#FdYGrrNc#r3wa< z#bToDKDIMV{RjOiy;m%XHJm@wubiJmTBh8P*=;p;%H?BI#r-x~$>Wu!JNW_3i z&rnh2Z>1B2p@p7uf*ro0qd}Tef0xokgcLsrl+9*(3)l(x;;)3`Ec+#!ds{qC`_#=F z)L>y*xDKg}Jj?=6y;OSb=7KUx?dsUF3Ab* za#lKEOWNZuB`1IloD#3qtz);VsqnhQumCe%)~l+R7jpL@w%t0?>Hu$L5~fMv{5Prf zT5t3>QJ;^rO9V&(&D?hv`eGlh5=Wh_C%Tk7W%&nn3txZlHSan$S25uSFDq__EurRB zwtnO~;l8Z9q#v1AhLu(xC6HQdfQLb|@_%FT-2&#}8umkUcRn?K5P@}TKALvsNAm2M z-{Nw4v|YJWC`;IPXjoC@uUOhVJf04|xSfH|3u)SK6W{f^;JBx@H|MtFIX96?H>}e8 z0GJ4qA7luJZ+#Opw;2(r**Uu79jmjQJEP7#kLQ}drmj_Nc#tSKz~^fTV2&@NN(*RN zgf5=dYCoJr=ZX>tX#{01G($F^hd35;j{rFA$nZ`-2~9Q>CbZ{rBCA{F5O=f}aJHA+ z&BXq$3OGc|(l2vb3>)cZ2kF8E5%N<%=%kL13pGKg5E$sT6M0Ijvu?5OJ!-gh9{6Mg zK`p9#>2$9-pzscv^a>lM$snjHGCC6it1tYx{MMY_Itets2>6=v-F5HI*_L>U@Vlb& zaW@Mpl43`RlHsyEu=@$htXwXM^Ck2Z?ragfN!BqStnV!# z{6a4Ossl&X{-6&q{=nEv-h(C=14qT72HV6*wr`Oz{90F4`D6)#?2Fj-Iy&kZ^3~P8 z$L=4;K>=_y3?8;dDeptK;#~8AKq%OHoQ{?O5*WK(1rT@a?EU_}8vun%n!1J)a4oMt z3-$zkw4TGxmDP`YczpGv2G>Eay`q%Qc#owa6t>r}pirpxdS>ptOT0?zgM0nXe8#vy zg}^`qC*5W|*_)Yzevf{v;G@sk#Kp2x;^AZU?`=0M#)WfyG||f6t4&EzrZ1Cm<4WdD zx0}-xV0OvjbyEY|R1~p0XPYqr4c&?h=hOY7gkomySGVwH)jIYK{v8M|3;eY)P^Gz5Mpcr>x0Z zZvp*4zl~t7qTLn-2Ikw$FBJhP%^s9cH&o3)I^*Hyo*M7Oagi-|z~}oGa`rC{Mwf@& z;?qou-=ymaVR67Tdl7(buAd}W5vkAi0I`~1VV~K*$voD&=MTtkHJSo*js@ms0v7FA zBs43OG(~eZdG`|6L8rs(?Sk$z;FSx~SO;d&1~f%d>$^_D02Zz_wPD3@|EWqf ze@8-Ndu7}hoUG`Z#jy#*lFp|bqwrwzokQ`A!SM4LVB$H4Jq^T}j^c!cGhD2;Eq zGC?=|dw!Hbq!=6Km`gyjJm)j_5yev}4P(f;91WHCOfxYj2HdY)Gntq;itkbS&BC~n z*lMmDRzmH+{`!%5x?-Wj$;|XTBwk7UMajs zX|m|eqH0(fNW;CYD_MKd)nXi@KiGN8HO7dmoRiV%3FYxM#~^{IG71!3e1%OCv4P&OmT5 zg^?}(x$jokmZkElZ?;j?)v1N-p-NGeBi=4LeR2+~vvWsFhvq9k(wQ-#s z!C%WFW-m)SXD}@tPKtGO4H;ry(VfmapV~dN%eiZ4GKg~x^yZCUH5u^!_84t!FhG#l zDi;yO;GX>=_NV*Eb+V{Fa&3roU!Fb;s={vzmFAa-zMykyxt~O`R6G_~U zBu)y98VerXTlZL5Uk7lCk;}Bz>2Is5!;8hA=l%i{=);^)a+I|-I_7p~-l)xZ*Qa^U zM`|l9YDu4tg4F9yl+-boONgur%M*)U=EGSj`2itHh8vKB+5x|{i4cz@}4N&b`~ zhGtkKX615H>Hdq?xeCMv8d>)+=IaHD^Kv#rp8=(lN?Gc=_6HDS*UK`TL|k=9akzwW zHb>t)x0P`aE2>%-tyXqt_XrdVn>9^eUFlG|+g0#){;f-Ye%wa1;^E@>yNf${GQ<5w z1e`>#>ElQGs^6rDc#hvo*?4Em>XrikS0Ox<;RQe&zOS<7vVJGWYHuEtBUWjC3wVM0 zMRUC7qR!d2PT@fAUoIq%L1X(NKC=6o+iA%ma}6%r^Ovxrap(1ur$@u(XbX-@c7mdqBiS;&cu}e(a({?uD zzWT$yhp@f7t>;)RJ|mPO{zZRg@BbV94a6hrqv;17Bs2}r49SV_ zV&Q=T5ysF0!IEm!{8*>?`L_`3;q>SKF;&l$3j0ev+r}SDbUb84RhOd1pYlBodFDXc zvXBFTJtRQw+0^R_J?DfrZMos42Wc2{3j*BbV0y>zkcTx&^n*mGYf+|EE*9o2p!ydQH>Z)tS1X0kDc!i&kN40n{GEC^iQMzz&~?JXCTZNehU-|;ubf+%|` zp3!Kw=c|dPxeB(UPT37%rA{JfHGDyv>0&y$OhC8Ldy$-CJ8GAhU&XObPy8vpxAsuzXmk?Q{htC{t7YRIIGlYwhAYz?(#_Slm z<<*`{%qf>@v-D=sw1L^7qbah1a?QO0Ks1q}+a6-ANN=?N3 zC1|AJ9%CPRozExel5M za@HOg>43ctrV@mXr!hTm9ZBFKzewK>jd;SRM%~IVED30PY7*#$rQ`_WynX=ly5-1; z&~3?%Q`tpj#04OwjPZ}ofkUbSEzr8!NG(IqC@B5pYzqFNKYzVZrz2s6ZP`)2o+nz0}pFJWnBUvFin( z2YeMSurY9O%If}HXVM^OYlef4u(U@T%ui3D0U$aRhQ}_0oh-k zYL;x$3s@%I3(bNr#mB^dvWP;@H(u1gZh{%w08+h*XHQ5~@DHS)dKr;7tSP}7$xw_n zNf+?3%DjIx`Olx@SILu@D#G%deQ=WzIQjyMhymw0eZ8&jCoxLkJe8#6(xH+NV;S|?&dp1ggqpaH z3NxtfON8;d3HQ2Vt;zd6inCciXZ|UVyfy z!+9aPPhE4Es4&m{zXQ#Vk-qBvV8xxt0`A>?X!JMMM_W}-@2~{SALQ#%vZ*V~SmcL% z-;DOqe^e?R*&15f((w4$sYudl!^O5NAMvtGWWuGGYXe8FPv~7gU0d%5SxABgl{tWkHhx_!d~}H3vl+cCae{gs%3& z;)FaFEvpM_F@Ydn%!JqW0R-{AFoBdTKgSzTJGPP_SGSv%e-e5>^}M zd=YKjAwIYDra9%iv4EmF*| zSC}-!dnl0*wOy#BsC!}=^V198I%kY4dzrFto__BgljLjmul2f=8Y^Y}rVqaNIl*>Q zz=E^oJkkU)j?R#^5P@LbxcxUDX#4GGq%$-OUYkwxKxvGp;Ej;b1#+c*m8)LjcX5Qm zwhw{0;CrkDT-WeiMg$0yL3C=s-n*>8AG;)7UI?Ijc~ogQt^U_1Xua#6EF#eh!OrCu zZOh-)h52!g0kHD~0(;v5>SA?s6-35fg&B*yf*EFZBH<~YOmSmr3Pj3|r>JK=RW zt@6~dFC_0iYY=biJ~OcSgRMIlzfoDQi-=Oh!kPOkCrZt)S}R+Fq%;&S+7vk=NLtG^ zFV(+Z<8Qd4kyz$nhK&Va-M`so26+G`W7+tZ?8Y_HydZaKe0PJfO<|qU!#`dX>T0)0 z52#S6LXw=q{d8qEOhZj%@17UqC5it08uF>6>SgfVS1`&Ly+{g*7_I` z9)a&NmcFd)dJXwV*gBWK-x{vjlib-b`>Qj=3nZcXt7MG!AYJpv1&*D+gU%yt^D-8F z)P0TTcg(pH2&zgTYqE@5FaI;xHnP_fJMthcR$|5LNy+HPVwUmjQxjl=gJ>53)hXv)c{Y zfW*T6vL+fB#((H;s`pa<$W`GPydUr92JO4pjI5hDav1@cK6swY?X|^+GS?-8=09G7 zz<#_enA)rt(!g#^KG%F1&$`Xt^4#I)gn&kEI=<)4FsYwDoe0yoaJTFOYlnN}vOnd< zsAxMANTd1yP?MMVa-qX>*e>|NAyG`OFX}LKPL_-M1H$a}3A(8R_W1h~og3|LzS6r! z`kuh}s69d88Jh1W(;5za#F&!`4663pmyEha_=C!!sy7d_`+} zAxlethm7GTYqHd`jfq7JK|_P79WS?&gn7WISDj8HgCef{(Zl2V!YGw8?iigjNK)LIPH6SE z2ZqzYz16#Ws-_oSxUZI}zFRdUcJd9Hy#HMo18HR3XrEHzFMIVD{175p%fm8P_G(_p z#2l3}$^d`kTBj+-ax9@4+xKk$N2n2V(hhn~d(CC0Og-}X5FCYRl;jVqvwXvb)0)|9h%g$|6S#sJl=(C=^BV3^}fO@%k(HmxNQ5unN3^$@+Ah;I9PwU2>H36 zyo^(5J&Iq5l?RS0p3NK2#r0D}G7BXB^y@GHjCNLq#lds5{(I%E5AsS{Wi9>fX9oiO zu?2qslq+D-;%PqQ6lV=fehDEDRBX|nOWPAMzU3mIH{MImQ^kpp0h}pe<(xJA%um7p z=>-tdKgs*s-|%sG-Oa(TstE3TtP#@VO(X&#@dHD&0K`?s#lLH$;ik4|E0mbJD3r&i zZ%y%pD&biJ>D76uk8>W{B>?fwU}xYi-`s5|DqH|4m!qp8*%X=TGDzJ5)1|mV_5oxd z@6$qUsY~WDHEPR-DqUdo@C)i89%l5cO*Sfs?t_WK7^uKl)IIVZMPD9(!P@;@UY^iD z_FFbHa)Hbk&Hu6CIvPU;d-z*^f1Tl)s+mWLa3~KPAoC#Ris52yZyg6R1n8Vs>m!M4 zMvZ`*O*-*fvKcB+6lj$0DlZcZ64HjQ=K6PR9Mln%i(;10#;z7lHm`PlCn25-!KXu3 ze4YFCO@@0OP&f;)$%ksLjvwrf@2-lf54_mdNR=d-JuPu=0wB> zs*&$RIV^kcD2~9lnzbmi54B~QzB}8r;gkj6&zy|&Szs{|mp^X+J=pXId5p>6(-D~R z1t)nFcZLYS?{YQnt}S>Ieh@3Nng+`!lxrq$h1dm@L%jLFf}()rGg69+po}?cP_=!c zbox`t(6>f%S*G+9`cgIu`|bJ7&K6>YVdz0|cD{R< zQQ{DY3(j8qw@A}NjSG;zI;@tiw*`i<6(oHEDUk8~8_4M37L1uNd;%9(<>f)ajyM+_X#0Ni=BdDZISI`b_JaTB{op8} z*fITAU5}x{A3uD+Y9(i6#6dh#ohP0q#3kS0jnBI?1kI#J@+9XL(B|^#9g1gshnLm} zKugv^KScazR((~W(KnBR51L3XSd)|_X7^XaXedY-MYl?O)ufuwfXVqH#td+>VUvlVZFs~EzGig_q*DWTO(h;~(zKSW8=;O?6J zxGUQ2+}rtC_K&Iq{Tg0Ut#_kMU@9m_9!h#fPONbb!Uutp274i?OvSKahsKSnC2p&Vpw@6 zFE1sh1~>f#I%rK{e5^=M2Ix|HJ27n=egUCwl*uG%CmlvsRtwHXN@eP7SaN~>7PCq2 z)lG1bJa=F;A98?o!#{|FM=PD~rzYoWFGyDn954VkMn?OfdndcU>yYVfDYS0kqgVk& zq#n{tPc*4{$$j=K<*kk6#Hjoou-7f|#h7eN;-eXKJ`84o&Coei;UOKXUUYBBr5Tb5 z6|>PBQ-;jFycGRXOki`O4ekcUYl07iD%vMGk!riYsF0aegoj@x&n(OXSDN zu_UWwO`WF}7PMHXYL^NMk?DB9F#Eq_HZdQ*AL)FdY5w-sMnQr9hkY@iCgqmi{m!!412i(4Xvn7q4 zFRyZxT8dCQnH0@Hlqa6=7mEroueNVfF_6;yl?}RC{pXl(=#U%{t1KtpLySQQmzS7y z-ZsC`KIU`*A>Nxxu;uKgi%$B6!QN;g0h44 z=CU06Rx*LJ5=4V;Tyxcahx6+g2^G|S1X%ccdXuAC!A<~Oz+mri;a zql#Fd)Es*(X1kl1U}8&-kB%jcRY;xRzea1nQKJTn&W4>yrDS)JUl!wkI^0h}mKm3p zg7o|2x4Qqvp7q;wHy9&TuA-V}J|PJN&|kvxfl&(k{!8URuWl)IP;(Sx?`_sfjb8|; zUUbGJ+XvHEt1E0Qcw!TsF4n@)>Zg(6dp(!qGoh925lZ}W_iDDIyE%s-CirJGIg;uk_}b;hvHuZ(9W3L)hW z_qNrnNe27daXY=&2skoSnP7@(8;-#G$5aB+r~OKwU1W(GVMCIrB8nU0BZBR`Dc+Bm zVfTZHys4*J-~$lI;KQzK=dlEv+oUICIrtMOh3$2-8|wKFDi|5~K}(3WUr6}MJ51nk zr8Rf?jRI<`zg9~p*taT-ztUaGz0Rff(2$IEj>Vk_;4Kxl}B2`Uo zX^eW-NGTY@Yb09if%vr%fPGn~#hXM2m1r-vDNxlgoi|piTQot5p+oBD-#EI%TIXX# zd+xSD>H+pkATpl_$HvN+*FLj0E~+tezFz5*qs?0HD?~@?OTHkfKE+c6OU?A53fq-_erjlf3zmeku7%G%W(c6q@8bsIQ|@WN(;{P!42|lUt{|A1t=n zDs!gY+-`1&guf953+jLNFZ5Ex{hSfa4+}y;swyl@BtOwFC3HvgWwW$NeQa$;YDcM2 z3>Qp~fzMEDzLQKiA?9@z)yp6C*~hG|vneWmQJbaefU8AOvY!=8j#E&XAX>9PNv_`2 zDj?BYslz!TJ8Mm{OGw?IznhWlhN+<9l3q+fd39FfC<)DQ<S(o;-~Rc`Win_ z$Ih3`+~HncxXyJrc+u&NcTBCd;;qqP|J&(%v^3lK3t}xbL}byZHfBh$u7j0d^p;(z zI&JgKc_qe|R2e6Smc?f?`!Ot?{%B<=b^KVNvcYfB$4?_t1CG?7@TG~#6ThXmA}Fz0 z!a%k&$IKQlgmpN&oO#))ieJ#;Jrk(mlDgoMm6^jBbiBIn71YK*hHkAb)SdEl%OplVJQ^g>a>M zz?Q0(O6l9bJFq=$S(W|8`-&Z!P?=O9ZWoAw^o%(SI8&jNsU!H^?!3lpjh3H#a9eC{ zN8#XCy!|O-RWy|$Xa=HNCyc@0&k%oFp67M5v@EkpxRk+rBL$dXhW%ax3Z*f&^DP1 zo77a)4SwQ70`3=im{Iv;-#OQ7;uB-)xEt(_l8!c%>RZ;UMW4_&;#ieNPG#NX#`gUq zO8^V*A6}C|6;F@iXKyt(#0Ab@2Jpl`vJME_x*4=XoY)ka7DBpf+QP)f#`#FD2c5tv znBhT=ZuvS87H$>$jHtU_)R=NnebpLXz5eZo!J2_CXF2e@JevZ>)?Wv`pI8_7=$+Og z@v%o$I_$=T(^+z*ylx(6&(G}WB`VZxvho0P%d#A5gGgAYUsW0$8+zH4M?Rc5WJ$pb zyD&sA$Zla5T+^Fy#3q=5ynZtRH+bAw^yc#%%RKH9d#Jl^-ASR)2RtJ*fhS&f|?jF>kuVVV6YA6q*F)?E8~_uQZUG z?sBb$Z4Fz`Y5-Gm+S(q(_oV+V4o#O>Mu0v3a|o|yx*TcX`(BQ~Lcm3OxU?tOg3P%E z<$5QgJ>{^{=gwWfdsR}=GXVW9LPA-b5Nu(hLDVGlJF+}MU$9b@eW6A8g5MP&!?lIfQXj2$SDe#70D6f_;7-9?}OduS?8)S zw0)|Z;qUbZATY6V2tHf~shxkvy1^@#l*uVOcTj#=V;Q_MdTm}JCO_{c%O5Y00^oBa z(t?|gd2L3v()JpMl$BlIsc4J?PQNOhe8o1O>=qvT>MOQ;HW33a-#4JaiRX)Q zrmL^ZoGb^kHbaZ3uQ|@$W~v^P7GrX4nE%1Be0wW~wqf~H-&d)9w8r_sWlMu<3!Uez z7^#`J+#nx9%NM}u(kl^P4p=TAz4He!)?iUeWi#6)6bAZes5?_aa8$}~i4_}rI0A~P z$Q~<7KkQ3==X2|#d>N}~gSnc1d(|fu8{XFgonGFxI#vyZA)Z94{XTs9R-y?`@#R4b z6sku(qUcn5OPVCVoDKh{5`U`zkq3iCI6Pt5QF=Y_3C{8keu7rn#3<3cO$_?%H-U?O z8cKD0Ip7uKz6_az)6#=i0NT?dK`5(B@NZ6id61|8*Jl}bu}!8`r5DWKT8b=&Q< zDQ19l(bi6MuKRrHP4DF%3r*VPx+_M* zYVa$jbi53YrgWHp#{zFutUHEa0; zMoDVIG4q4YV{H8SrurNy2E#U1x21l`%jVi*9XMbyNr5FwdZ%Y;E~S7*>V>BmKM6!; z+4>I3DoI-ZJS22U1>US?#=|X9nNcAzxzjb3I5aAtCjoi;wB+jeEYKMhBUiT_rPkzL zs*XzDAUn}}M}Z}x%AIdWR>RAdH$KxlFFi|0_b5|=z`ohGpQr(_zr);KB<^I{_swyx z9`Z~{2RUCZMu3!R&HBHhT^gNuAo5p!8M6hQkVz^32DQaO51Acd1EDA6OC*SmW2iLr z%RMHSWuy<_OS6t=h=Vf7XDb0;{ia7Lh=3Id?%HRMd}yw11kx8Nv)DA=NMP`9iu6`yxMb8^H<8|MYLfF^a?{uI#dUC}wJZFT z0oE50#ZxnG{F^;d(L@f78oLZR&*0&izWcKl9cCP_eg`qcfF6?!o7`96_3 ziA3>daNDp}Mqxt8p0BuOL}Bs3E`lwpLXn)7EzaJFD}BX$^z1uX-jcU_325tdz`T&9 z_So-I4ye*%E9_ckY=aHf>`&A-qP`+bmN`u779iAfdvT83~!PQGO~Pz z=eKaT1A7F=D@{@eg@nAw!ow!XAS{QcO%oZ~az{>~qxh1Df3*_z0iD}Qg7L5vNTytq-gm! z(ldUgF~_hwe>g=+IUm^!S)|i%QzM?3pFv)4`W`%<#6kDo9k~s8UgzR*OMjZ|yd+J~ zPN|)pCtGhhy#*iqb$tn0_T?Ek520P_e6nd3d}`)cUC7&^_$(G}z!BE93O%tmlAMbyM$Y>qMKRG|g2F>mpxW0LU zu=<>yL=I;e$0?D}%xak`eIORe0}B|In}x=?|6w6YJpccqLdmd;kS@r2y^T`i9pj46 zzHPxq<77Q3S+>M=HHfTSqjll!MZc$>q_)d{G6-p z+lS>X$UQ0cCpYn_B*KAGEG(`iE_t#l$5qJmYLl^ z&$Ew$P)gi0Qf4d`SOFXKabFc9qGl-S zamAB{eBse3dn^Zuwr9_EwColh_e;h_TxsM2;cc%p zGlbdmwXz41-R7UPbOHtkas*7+s5sT{x^#XTM()jPD2~-RH)k?9sRpzTd9pIit-_Ck zQqmW;GWVV%h`SUWS-8t8MXc(7v-19vV{oj&WKkrnITTobB(0xxfWt(d}3_Huk?!}C{Iv$dgM<)3)qlz$=Aj~A5sA6hFifI-11Qa#v5Av^f03WpK2_}|;r{Nv ziqNl%ti4atsa1`Q9oPMxpB*myjm-2|GIdsQCo9=CP9tX6?*SMunM?G^o3voJZS2#9 zQ|Ze|^z#d(3rn)L@9T`Y$?>rV0h-nvZhb&iu+Lfk?G0A9*}tKKNWXNm3cX_!UFkqZ zlQA}DUijq}Biopc@7y^LM=IrA5fhF(uQWT4FH_hl<)HJwj%_5Tw5NdHT+T}#$gW<> z-QGB|KT{BS!fp4xj|7v~ES77rBLv;kT z-?d{W#m8!DcFAiGv>=IOj#sjf2XB;@^wc@=&!{7FwR;}`Mu6=n^f)dvBG-8DXb69c)G#V4<3Sf--cyn_a23Sxgp@!(h8g$pw! z)-c?g1!aL!%!dW_u$ndkFZj4J3jW@OE;FEo^k*XODtGkhf|Tk)j0M;>Q6gt4@%=;Z zUHa>NIQMxMtHQDDsEkj=PVf2$@6UKg`?EIQM5(=AM?+u`&e_u>TlT=fJc6-ZC}8NQ z$fyV?UglP3cgK7 zdQ}Xj_;Tqh=SQn;Msa$g4if^z=bugN0`wc1=S$Wte{%hPEOpG71qL2o^|m61>pw0L zZbuTbZjdjR$pf-5Gv{>q&REt@D*wWjWN4kgLIAHLl)JR(0Bpifbzv4*9Ft`Ygav~g5ZYlZV#Pn5>@F(A+ z)gUku6|mZw8ih27oYvTIsBf(eBLRmKRN)V)d!QNAo(mxDaHx5!OmOSF80>>cEBJRqL+$ne1_J)!0$ai3$T$8scMCb}|>8on{ zs6_qtPgbJe+XhLA14%m{x;$~Z$9`U3M`NFect`cY3CS5uax0~ub8UmVW3(z&QZ*^u zI+AX@&WW^Qs{>yiURxxLXXvhx2ow34!DM=KRX%siUCj3nK&^?=f~cjtD6tGC)!$e6 z56^4fIQVjd|4PX(?>5NeGl?!DUo4dwHV|;S)#3U`Yk>ba48V)T@@L|%f-S79FAssZ zcTGZ#{6F$lCs51!|KzIxfq2IG`!N{SsSB3h0ss8Uv%-oVdLW5O38s!2xeacrqj#?sm(MKeK zxzxp60tmpBGLI&p5_@L>$SUSQg$gtvQ=)(qVD`D^=$|-+b_j@5t~=D8AVB0XI>0ak zuB8yI=6VN#tsb(?ff$u0^Y^X|fMP6^uKSwd0(mN?{3A(dDwgeEI#Z)iA+INi&*y$Z zvk9nwF9!e4M-vxI9atlSaK=SpD{D->vvSZfKO(5rc_zdVQbS<81F7`?d za6}vyZYf_6(p&_sTvGvu`9c+#wnz(`I3hcj89xY6W*J!|&p)XMF@#9Ejk;d>LUXYM zkd5uZ`7n7p^& zaWw*dtdNeEW&qWNjQ2@Bz!4D-ABDZOIOL&I*d7emqGapM-3oAd&N#Tdl~ebedk#|_ zD3icPT_&MzXrPn-5^gy}ER_F;EBoQU;0sYHb)UF=1U;ykVPuHT55IR$$;v@GUHp!x z2}nQ~Odl%&IDTSBsk$|xEPcWJiG1scO$T#*%Sl}E8-RR)>0WJKdrwSlFc#Xy zr-1zkM0`#DfTq}VrPf;sEFB9EzmsxcfUbhqe#@EGwiyQoO7Qspn_xg@*C_^Mj#sW9 z5Hf2uKMQ7}ekc(j3&{7$c|P=6B2pNa^ysd;I)-9bFDTUI=*Bf4A-ZM z`e4mne7%iuvL0~OeevGGKzlWK9TEh#d#qED^(@exC!4nspyV8bwbl@Bnf7q#771oH zBbe?@_a)ub_fK5`&bG9%WO;n;g2H<3-8OOY2>J54Y1tLU(gxfCO`CvU;?Y~@IuvA@4 zAOLz;%f&0BR;)3g-;0MK4TsSSRPL`^@b33K9F$ zGbht{@YZISPPVWE?lsT_$K@eBzi*{U6Bv)=0mpaqC3t_z#U>7Pz|Ji|%$|!9N=wRm zm(-)#ru?z$zt9Mnx@XK_!fKDve zSQ=On&98kO;{cq;WE@;HUPu9R`>xU7AM9rT?V3B{U~biYPKc@1$>P&gKp84E_xWck z@I-Y;EkNIZeykS!o4fi&;vOiF{g%6s1wiK)gU^m6h)XT~|5|F3ObM?kk3c7Rzg?oD z>*HOC!I@MrK!;y{7bt)wX3)2@S5HE-{l3S*2h^|%-Yl8*r6`wzK@or>so-r7F{ZHTm^H3hMQK!OQ0 zB7MfUb@i+$UdDYKQ1k(I!vSlU$>jZ+{X6OcyUeSaXz8ZSsQ7nG<(sR(dj#xx1V|&< zGk7SGJQ2x4T?%VYV}NDo2R)rmcbl-K1Yj2q zHmYck1Hq`5z%!CcW=0Ojf7RWd?}G zh%A@$Xkf@xSsSSEgX)TZU-f%;9|QxMz_ZKvL9UY_uHV=6*ZsJ_@dZS!CgAt4pO}C9 zGbjVpZ~qLXRi|>(FI^t z2q$hO$#xPKc(yxpYDTse(**|~oB{?ot?_7j{bD?&9b>|Gu*v~lB)t(-=k3CVr~)pij!389%p<-l$2AVTm*a9W=et!C4{&ahY z_DLCdOwdDNIe95ZVgdtprrGzuubFjyJLJDVy)r=jg+w8`-2wo8B55B#31-JW+8EV;Cw=Wb^$#Qr`zyK>bkGJ+PKZoS@vaxhwbq4duY)$KM;O;gSc_Ku=%hMd~m?C zUCIu4d_A?=zj^8kk6!e{I`$A)j3P?BVacH64Ie&Mmc?R5qJ!hBw>QNpI{gd2{iNOb_@*QvV%WNTC;pW2>lgpVCYMn<_yPy!`&A%m zb391X;n5ZJE~Q2e6B6C&Qs`C&oxM)>n+WN#>245rSLMaH%KC@0AoLMN@(gnVzfc1Z z`t;lUAyumZ$1!Jm3evz#G%NT_d`&|iwE;p1TdCbw>&75rL~%YpKBq+>fbKh2f7Vk*-_hv(K;nPg`%lI* z%-_ceLw zMb}B%a@!hX9!2R~xr)pL)j7QGmIbiW{|c>1xIoYk$alBfsHvQU{B-o}&}xL+c_{Ln z$?L&f+Z0?NvHQ%&pV9J&=r1E*=}2*;xF}d!u(sjQ4b%f?a`@>%`dO{%I}LM24k!i14XT2If~jnx5kt{O z7>off25!5&m20;&)Ijmezx(2@24*vKT~DLzLPC5fMgH9iz^U9fNpE~y81QJ?N<{_^ zH&LMnDh6{clVd&YI8m&I*>G$;;i<(grPMU@XRz4XKbkK);fkb@S${@)7NE zV6&j;j4k3SP90w{wJX29M{G1;V3@0!t8Fj@eh~oT6q~*2T*u8twTlt=+7ckx1c;yeDxF2 zgC}bW7`O!8M=yNW|2Owoi~{D;Vf-DrhoI!?_o2X+Vhs6{{#nirEuV5m&60fayB5Z_4U&F;YgV#V1A5RbkVvkWt8lK7B~4_ zL0>JMXwA+sp21_Hl%APZrGQrE1dFl6z&K{+Z3Fq4{jMvKv;0uu=aZ4+mvGO%OF2@a z1qq_nf71CaE~f`R->$76Pe}pC#{%H6bqtDAkNHdN`_uKF?mQ+q#`o7H1GV&Swh>!; zPtbsgoyI}|!c8&;7%t)kanf<(wxqPH=i)T^^_8a8&NVMcK;#8SJ{R0hcI6iVEasSz&q#tBJk-;fzw6VV^MdZGy)Jh93l7^c z9Vbi}>uwWZ^hE`4Uij1T#gO4+XBQJluNo2utWH0+tR+$&^OQUV%Dn0w)M1lH(f=DVlmv;wV4(x*pNS-R9lqo!dxT*{! zi$gN>f5a4I=_vr-`j^+)lo~g%DAyfGvkZVCZ{CahXE#5N{7A0AZ)Foc*Y;fceBcWhgt# zg$&C?%2Y8UFfbL&+tUy&3tWJsBn>+f9g zv@eRX0FZ{G)u+$nz>xo*gusuKI?c(?(>x@$)EL9{M_rfkG>BIt3soB%#NP&(R%u{a zM;fd=muw+Y8x3WlVXupO2+*^#abggNo+US7-_U`Q9rLv)1P)~ub^%~r8$7Hrz40a3 zA=!2jD^3bRaz5$0VZ75N6a%`Hvdoig@GdiLsXE4g@lpA|FE#hwY#V8UEwYY77KN0r zZKn~x*W5YKgseZ~-Ro9s9RW(Uv%9Q|iFhFcFRB&4( z!*q8CbhAm<_hF!s7=*yBgEiPCfDZi0;4!YaQbv3p7)vNP3#Lj zxF1r66g3EEVKs->JL)nWJ8ZbhTg;!rY|oYl6u{Nx4kr*7tX&(wiUDWWEopco#87d-Gy=&f#l4e zA)0DYEV>v_L`=JsWg+%(q?na{U?=t`J$-=*Xf8QF&HJ665^%j|&f@;pW~L(u%+s}>_9OPq4pVi=X_jGK?@N|dXV>=P;8gJ}%0 zuM-}HqZ=21_YTC`prk+yR)wt}m|F^kKco6iNlz2G=(YHc-xP8DcA{_~UIQZz@rPMD zssyQO;>`KU1iJy+q(1V(tH_{O%OK7~{`g2S1UloM-yfkc2Rg?FjStVm-}LIqe{UX@|JxC2ogG$x7-sE)#3L#t%X4d76X$!kVH4s(z`l4#`QS!@s}QeYCh3-i5|W4 zK8rIz`xmu1Q~0?D6drhDm;dopT2_lL9%3eb8*d$F!E&8)B@oDXAH#S`NsmiFy?B%o zroN(-LDaZwym2usq|*3|bhSlB9Kz@l(;1nLt!KHIPWy7{a-ZdOfTEVFT%SX*Tx)FNN@UbB#em^bKzN> zDsB-N*L()eS768i$UM}gH>EG*>&SE#@p`puXe|gXgLLkJcEzbylw8kJUxoolDX;-S z0u{iH)zOG;rVL?_r$-zOgfMwas+*BGmWKTpsBg)G)9x#?PQC9}1_G z=g7r{xbFDYayVt$Hmrm|{OY6g`<{S*WI#o?mn3~ZjWx~kzpEHEIPAr;^KlcBsa-5@ zpQmJ+K;>Sa%sr@2U}Gb%e5-gSvTFCI*kf(fv~}ko7)eCs;6h3Xa5;fYGf%0C*J)WP zHb*wPhOQEGyy1o7W@l zI6di5rn#sE067Pq5ZkD)m#wDc?VS)AzvuqJpLf8W9@%>%;Vx2*jBK?UxR*@p(uoCE z_2QY9OnMs&eqfUY=GccIXmZ2tWlJV7KD-XU$zhpGH*CM!&%b7_rx0pEI+$SyVJB7! ziwa;agLVr>jgRS64&MQZ(2VFtuG?l1gE>N(X@Xpg&6@@L#_(-@`6&SwfEy`~fL|E$ z2$SLvxnbi&!t|I~1e44?+*e9#Fa)8)uRcP%)_COSyaSw~R&O)r>NXOTsOW^v2Ht3{ zyabyO-4l6C+vvES8JRE$*^TH&V1rM>1c2&(ETYg+pfR7B_fQ(V;WfEt=l${?r0%|D zP5#)+Qayv37gECv+pmIpM{8b_B{{5jv2R?we8)IPikkX)^(1}oW`)v3M8ScT=B>&-bb+<&>DkUkr#dhA|A>)WszI$S1l`s9Aq}1_Z?+f~#zfT=v zowYxr@#oxe#BJtGJ@u;iJaXvaeKL;*W!Ct)%xW9!zTu-$lG1mU0$C3{-rN6@ zwZos8MhEz5x6kbC_Zh_U8%deN2TMhH+U!<2z%E=M*$MV7SFc!<#*x?t;0M?&vaZ$& zAH(I)qal&0Cxs+^G`&n_Vh`Vk?7`4!Fg{L-w~>3abff5}!|LsC;n8)gf&P3!g;6Nz znXzV7nB>8WN1PPB`QIX2Qzm7(mxsO9;!|z&FqJ%HKArq1YmgQv~*B$s!tkkqfuNHC{rmGIXiG`^9- zMn!iC9p*I1uA zGwLXNF2HU#X185ia$^w3-?y1W8_}3VlI=#q;OGFmFV>zcx-Jw7=i2w!y9>O+X(oGL zITe&CLg&F32y(z6xoUg?i_z%A-1L|2P#9a{5E(ytmH>4v6HeS^2~U1*7sgA*@zz#& zR>V`fEM^gLyk>fCc_XCLnD;6r%xGLvF8w#UwrYNxje&tm?~(HtfADV5kc?m{U~DTn zQ%5V2TSp7gXt9L#dn?gyJJrt!vVdDJMa54|^GYf#$P$R|EZRwpg}K0gt=-DI57$Fs zI8ZxT$rDkiv8DveXaI!qGrS0fPB)9_zui@mRMD9^S`yHE?YbruNysF8(4;F(+@mhQ zCEh1j=QG?#F?;Am6n|mHKCw+NaR6!CYUA*)PAZ)jEc;K-GBXuujR}lFtE1Y5b+hB! zReWs3zGeIF0_YLD%kQX?`XK58{8!kT#P0~BQ`~6h@4N~fw6HYZ)2xxoh85Oka7|Hh zETc}shsL)_*0tn2q$@0Va&C?OxqX*`?NV2ZRr`4B%?~#0j{JV!qT=Fi7=Uqbydat6 zO?=HQ>5j{9be$8i5Z*a+KV3YKjH~E@T3uXQA9k>2G|tuP?l>9x?H%$SJLLjYMb0`| z8%l8w(IAaeWN{C7PI@-@&t$G6Kd&gJR0Hmu*@@i^R3V&)r*oBYK168PV#X!5#S-{I z672gTyTaIAVDNkUj_A(a(%^A@`9YOYVa+r)g5u&ba0q1wN>Q5wuLR$BouymJqGJ9l z-CTP)e*n9yMbsl{0fz=>_Tu7>`sG{W}v z=ag-yY~U2R<|!GXz_YG*pycP!fnGz+gc>d9q6XV6U{BrHrayD)eTN`Si{)cFg5+2J zDBmHISinp052R2j)-V+SYTSwKK@x33L66xLJgw27G=J}BO7eYB3$p(-K;v7aXynpf zGLIB4zY3`5%N{J?z6|a(yUyM;&$|(EeX;gWJUo^o1JuQ~^}XrqD*s(%@L|__k=W!_ zS{_O=OktldBTx3h%XWjyJB*y=q$3U-;UXRjV?-y)l};+Xxyh@^EsFH)XsUS^*F4sV zb3TdM>K-G z#D4u76U$5UOQsnJRFhzZ70cyVU6sIlFT#!blo7W_$msXTisy><*hD&i6vQc>?QFH* zi7VFIyqpI2t3r?O{;CBLE_`3Y3NoLEy;5u~;0vI>T?UEWdAqZ1JX=_1PsLp9Sf`NC z^s7i3Aq)gjj?*dhX?A+;<+x5uv}xt@dB^+nfF-s~xYUe6#~n7lIF#{pdy!A2ERG z^)HwgM!g@-@z$Z=S9H81v;LhNk(mI4xp<*nU3AE9XUqZ>vyt%@u0|B_F0)@ruW!44 z*lLuaX+cvcN9{y~twsEt1V5o6HIi)Hd7BvmPev>eG!+Bp;@ru?#~O{}Kke+Vq+h&# zCKkPhHC@7pwe_zu2r-|T(xA?wW+B!x4 zp%m^cMxaS__ae%-X({#L#Okf~rXA`}0QmuPm(eWyU<#L>UOql(zDpz;gLa0&7JZc@ zcG1LI241GIoJc#={t^bS1Pw)w^YU?Mq!p^aMHUjFmHCbOWyHY<=C3A@#suB*%;aVu zhgU`RzPC&{HV0CV&Oe}cLw<6F!?kebgz;3+2fEnBLyQjbLDq7t={m?!khs}3f8JWR zDbftG=Ro0?unN;#FyvDLx!Cg~>>W%@R7T98ZQl+pKy>-Xm2&6`45lTkwSlD6{5r@6 za`*eY_Ge)q-rDrk#pw{B7NnY+ajN=?-);$WGoYQl0{1UhMv0-c#2(V9xArhe0-2EY zqwwOyk`J!)*NC-51{Ul?4dI=8nVf}1GC@XGEYMCMZ@naQ3exffiE+M7X;IAMSItj{ z6*1GG2ubD0)rpzLE3xVf+M|g@5wW6Y;3N^OYe z?@4_X2m2ZP>ClWuuLfqH!{EL%PfO!ekGrsoP8jbLQJ?`D+Ktf{kMy~X3buEUW$E;% zd`u9Pq7Sndl1Z7;z~Pi=+?MVdP+O4^zsg1nRt3Huh03ZS#P>;6X#P+2|=JTP)H+S`HpEH=K|!uFgF`Iz_pLi_2ndj7W0_4om^0m%z8W36#|hj zRX?VzOX2J#xUS6BC$YfMaiAT@=6ww8G^VSv^#~OSoASMtZ#9)38K1xO;nDIyEA4cZ4UQz zc4tX_Bu|^DyXaVN)iQ$h-Qz%p_}H`4vrFz%j!Qc0s0OUk>mc(WJCZf^Q9Djt7pLWX zMUPTSB-u^-q=Sm!2Q@W=jaj{(bhKK-=Ios*RpJ>=S%`r8Dd05uaRW8NG~$dj#)3!T z@cOctUCGtJE4`ox?irjg3~E|`siEL!@$K&DD@{8OTdp&SchS@{0SUywQ#&au-}DDB zWC{{7&u1_v3&!bYI_$J5KRmM%DMh$P(UT-|4M04B!GU70B54>L$!Yu$dCkkk{}3Lg zuh4jv1nTfW*q@x!#2k^EOn5#KNyAnh3SJ{HM)tI+14}b{;w}xvml}X@1T3Z9L0nKA zcW(A#nGjk_I;$mwQrBRmBq_CHijy9^Gry|$4)JU}DaX4II@cG(Y9^d zd6Q`)Iq%+R6TG|w#3dW<4+ADIg`>2EKzq3w?+bSbEHC_U#^apwv+kljflehM%e}sL zLH#L#VzmlexTM5UZTh+~{}Rhn=b2D-gZ&YvhwtbF={F-NU6mQR7uWQ} zCeP3JG4AQg4|QNLs#`d--lf8)aMNW8=z$ZJ*6aisl%_Ae1a2gKj|u?-Z7t5>Sy)nvK^G!I z8>88ecEF;6|F7|l*3!FHLD7leoAv}dkW~|Q;@p`hOz!&JdrO)HEpmwXHv}_B%6=Me z${_GTr>l|kPsLv*_k9&5K(|9d!H>k*3Tt@TqCg@*q6XK%)k)9qN2GB4ui}rsH9QBE zRMY;#e)tUisB6&gcxHVNjJTmQJJBFj_VAwmq=>v2@LV;66hL2)6eN1%ypJXV`K^?@ zc|{Wnze4`*|Ni`}%5VpHiB5m;saAw89-CVl*L9Qm77}T^8&jpGd>;Sy68zH%)EK26 z+G%}NQSs33elqhelA@$|pF{`lBB%4&gopUhRsMEd`Dv~@W7cqF(X6y(7nnZ{6mJn> z@U1bhgcnJ3cC5z*f@fp0jLDivAVAxykesjVv96DpgOu%^ftUQ*10EnYYVBZYch?~k zPFljb{VI0q(b(hngY2!7Tj` zEG=#T&@l`6m<7}-h!)tCj}FU`5&{7=Hd*FP-q>U%a^Tnnw`6Z3TvR4#)c1>t;CA%a zrV(uii~W?K-U>>7I!M#%h$2F3`rSLf(0ogL+Jis9uJUjo?lzwhvwUs%V~{sy;N)BK z?t*D(22d*%u9V}RvSPeIan2MNtITRU?s#Z1t>xZj&nIAIjW3-t^^bO3YMDZCT78sO zZ^yHf39b_T182gy{T-|Q_Z~T;e<#%hUnT(%YWd9Zf{svxyu*t8F`PGO&jGxUk3Bgi z9-l%O7V$21-%qXWYO&GlX4zs033SY*$ z9|PN9h=dE-5De1L=81lI(8;?0QjP<;L>-R>vh{nfCtXO;1kF6RR5`P3lBbV0lXzJU zc=Gg;`B14^ulNEe)>A@qeDF8tg+pTt2dq(J>WhNQrZHcoKYS_$UUr(6l>` zd`yo5I&LdF_FXeTFgL-j15ijVP_Nv|dw?&Ol>zhE0`W5H>$Tyz$1tXLJLT9YR0Cdz zb4{2CEyBZRGOj*<{>o=1-zTNj$~r;!BZT3sAOaow+|sMdpA@ND{8~+lo=GM)qwM-f z^f^6egF~Jy;>RI1+A%NG7{sy4NWZtj$HY?i96a=|38HuhnnZf++&hP`FfbPLI z4TmuAbFc04ZCd<*cz-K_Ewate(~w*fe=d)=vbls+g= z553swK0LNMxAb}ETGm67q(+`5;4WsnFkbW7v9BbyTV;5%e1KQPw{u-ulb$QJYEpkA zK4ql6pKT_WG}Z`1TQh3Zs(q%=Z@zBYSWwzGWrVB}!Mu3%=gz?)iMVUJDxDO&lO5vc zEs&SW5GQ>9{u_GHxTTrVT4W4{{zRa^lW)DF^^-8>X~!tmG!Sc&aL)L$>d@Fexp_ZOZ8#V}85=l)L)@Mt26qXi^p$aP6U1QD_5p_Ifd~5Mh3&1i_E@Y#F$8BMJX^njyYodl@cj$|*Y2+tV}GFz zM_&jwbX_3>T3XR=@gejLo%UJ1K}AF1Sw4`j`b;(6h&?oqzW>2t2SwhEG9UXuy|<0% z6_5=OCkPLg5V{vPz5~uogTAm>P^plX>4Dvj?n6O$+~Rzpuc>S_!lpb5UUVG06zQ2o zdeF)=MiONt?zA}>ZKN9q#Er0wGGQW7Mp{|9jJG>2t7g;~TT7GV`z*-= zhXMiJ8vzCkR{{o^=WO3K9d1cHR&p zLy8kQ$-5bz2QaWSd^f+nLqGV0Lkk?3M<`8iYzL>}9Iypl$KQ#A@Njzw{(cL;r*j5z zsr`)@`Lp02GNF9Ox3su&`BqLfZbot3ff%?V%j#gs$nGR`-=qC0eH0O}n4GVvhS^>L zit3fvHzJvgK`Su5#@u$2Av^|dSOiLpcGi1qFLF#?w$mFt`{05;9{7Et6@)d3`C`VO!g3F7_ySmY9GoE;fbR~&%tZ}rlvH}nTTKaK*D6tKWoAVra> z%!E71EA3>jK(;)99H4K_LykMC=-xTJ)Cwkhi=5q`S!UF6s0=xLh@^3zLcH-40(&gj zF9Z)8ac)dAEQ^O{?mW2bhNutlBQz!?{dn&LRJ#^BhdYeR)k3Wh%^Aauq~z8czjLiX z9F6wFAQNstwk(AimN8hwNhZlaH~KbVnPJOS$vCg4M(~ctox7|Ju^(lFp=f75bGRXp z6^;^^Y2-U_t>51mNV=xpxl?q9-D_M54Hw7VwkLo837U~;TTL0{WI=0oNwxc|uO9Bw zguu7W>cutD90zV zZ@z@hRy_~=$OaA&c?<~Fe#1<|*u4OgCLA0Z&Qje~Nc#NQlW{2#ok21djLIUq+AzFd zs)zY7ZHLzjy?52NM|HM;NEvBb+g-tD7##y&A<-?LPua%?ifNz6f#PK7F;{GR!JWF> zT%!jSE#NZ{rK)bR$G}IXol`v(uDfkJ9QG;DGF1w6JGcdW^Y!gOw?a}VHxq4ELKGXT zt}UIL2QaeqE&PB2Bi{^k+6F9rwHQ(%XjCnizYfQ=)0UTrXp-^^jC7eK^)A{sAqP}j z=>utQcASV#(?1DH+t7r zLDG>)(bv@;5Stl?Q{Lg%ODT%mL5T{rC7lr!K3WgUSF{G!kB8|^p(`w;yy_d;>1 z*wezbx&s%1sQT5@J{_bDepP#zQwX}n2YpPmeCz2XAK4&r5_oPCR%Bui!rxnZYNu4FUf{ik8LD|V%on6S zHRlRIHo*jf`WX03Q;(%9=YcGHsPVD0mAYpz;xU;%oJ;f+Xi`$ZZ((<*DT;#A>*zblJ8xCIl)!C_c>^N zV0cO!!54IhGeB9IjFf1#5^Y`Z0in01n5yuyd@UM+t}{CD%`Jcx$&XVhnQ9&K;*bMU z%61m4EEZ?H*KdOW`IHq8r;7M@tV&)9@j-y@OLWA0wSt}a3orXv!TaRXoX*-emfm|b zXD#MYqZ1?XPE(5@@l&7yY9<2E6?bRNOm7Ziu~Bb0I=gJGO>cXbe6Ch6Na0w!%CC?G z^*$NDOLSS+neJ3u(k@CpoUwI1s}$Rk_S2!v&T}ar63?-KwoX1hCqhJ*A@EF}D9i1q z_z5-3YpkIBNbp4TMj&Dv=u)Hdit~-5MAQWRakRDl{H~*uXF@!5^-Qgyr$`Y%5B=EN zZu;&z-}!Q!$>}TUx*vScap#X~zqr6jBPt`K3R8any!+UJGgGdofUOavd?bzq_#MF3 zAT#OXgHOq>h{{;b!dQVSEo|%O5o_VWYR@*yLz(M@ghzf~fsYFJW6IYsXUh6zA>m2li3jL7=Rk=x z`4Nd2sp2K)C{vmv4!mw4%|!PKlB^*Ws=mv>_D1L{#Hn{>U7$0gTae}rS_2*okhK)M zr$o4*P^ssFK<5+RJ^jG)UUE*R6UEZ)Rcf(>Y5U$zQG?&DXYzCUoUkeUpxRv#!`e&V zSUr7I$nt@{>-+FydA*b|b1#iX;{*5G=0ZI|CA;1|QjgD>p7!awbTn_W2SmBsM&sAQ zUZi-C<(Tmnj&z~|Yfa%_Ku83Ywn;k=oV=;eI(S_&u)t3n5^s}C)l ze5}*4Te}V!V?G$ZAmW%RpdASm_qv564@>pRgM)!6Cq1utM#0aG$DLJPzoRA=)%<0b z`Y?zIZKw+u9L`b^`edK`+XzUh8~jxBil~OrJ~w6=q!;{6n2#=!(;VE-2p*61)8a-6 zIqGesd!}k+A~Oy9zWTQvz$`HJEnV(P`XEOxG3FG9tCph!DvZi zx{_KO-_a;o1u!f|c`DGtoP3?xjM{PY#!%#sjy_5g6BFk$gkE2VulIds)7f|~$`9z1 zaoNS?gplzv2a(oZQtlvVRLZj@#Z<5SR%*k~Y{1MQjEgVWARrE|0Xf^i()!+d z_)Y%0-!b}3Mx0PDC`-3wpD`Lk36q0uR1n4uSebQ<)9zfN1Tu=Yu_q#V0U`NP$PGt_ zmW%FPNHJTrJ=|vo0`WX4`C!-WQ6TBnIPd_D*|W+ZJkAqTkV%N=aRD`+zEDbf_&ReM zC0kFQ>YD8~g@3KHKMSa4XeAQL)V|o55IgG);z`eO2ilXu=nbANKiB>BBN!?M!F_7- znnfuHD-qwFqPS=KuZ2DwRhE_lwSGQp>lr8YX=~1dAe#JS#chJ1PT6Xg00H{sHpuC* zOTK)9zIdsvxB)4G)|&xAZ=fGsB?Jkv{3&3u4hnjhc940s?L$vY&6zH#5TNSYDzM>? zC~k*bu3%9fy@;?v%S=Z63AQuEAqPuiRmyP?c$Ptf{LBa2wK>}!`=6PLICW9;cmQo- z7YyxO8lXyd@B045m$UWAFd<#G@Vi8L&{hxP-7NIT_-qFRg}@lz)B=QF=^j08zV#HFj5d2uWvfB$@U&IG~XLmYZp!3Z>ET}Ux^rgA<5bfGTd zoN3`qPF>~j5J*6V(AlN#cn0b?ey6|S=eYe82xX@0fAr(@OFEc^1{rb~h`_DUSyuBl= z14F8m0=MD|<8;OL(=ABw@3+V-elcT$Wk21LW3tp^HW2X|iYT+uPu>v~qS^6lgoL(C zUHxjeYeR6z?iJos^k_P(TF8K8Esvf8N}?sxS_8;}M#8-K!eOR7?P=MjW1}sj>p~;JIPZQ3uzq#-I*5Mvl_}i5ugm0;Cc}t1=TI0kni~8 zZw8Ww@q`k@Hoe*6p?yvr%%2{EBC1Fb*^4iFE?@@_Vi(ZK1wR83cXt(A;A{aZ3AUiV zn?GW~3nW^^$c;`s0Mr}~4;S-;$l#$;xngrmQOAZK1V5_~nE}zXuHovt#OuDt7BS1n zFFvXK{h6T+^j7P|Z&Dda3BgvsKeU8zhi3^TIBqyaJM-gjcw1aoGCQcPbU+GczUvuN z>`-|5ttV1D`JR0^$MmUTTVowkBmc}(O+yyBucRlM&Rf&8SPsK6&rciLcUyPw_%--G zv#td2N~k|z^lwdnw?fH}$-b>P8#lurGBCAtm$Y3|$b zAtks;iSATjNE?*fL0* zI3kXl^Hp|yn{k=tQ>JqQH6abTD%GNtfjZUX{+mFB7}Zq)@;9dSp$aFYjSKa>fS zHo*}-6m7wr3Zm-F;SJEVl|76+$(c<9xj^-pDK0~PZMXj{a~wn}40tW6>eN=;bq#4d z*hOMS2h7kmo-%>-SRh`5th+`}aAkHj*nvq;(1d+I^HOZsH}mY3{cz;h9WwZ0d8>Z* z;D~rvZgJccnV1B(Y(=)xSx{`xpD)1ezGOB%2P4}dxLujoY9uaV?2R^rKhU8~j20=8 zTzX|Smd60>Ms=u-ECB?4?(kiJ#jBpYewe~$6#SYzfmodreh%0maGwu}6oY<0|4U!y zT(bjgiF*Ph$AOv#Z;HcSgC1~M$ytX1OOD#8O$0u5_Y}GYl)e9BliM?cH8gXpcYp+aLp@Ii3LKIkJq7U3@ADdyMgN~5|9A2Z z9-wwc**-Y3fvWjV$|kKlVW2HGc5ou18`O9BUqZ`&HTl2iFp*2yP8I|K6b7HYsq~jyHq48{j57 zrGH7=xGn!@Cja+(+NL{zn;Zn%ID$^i5}!@0O*U@JzX$p+&i_TrzmWes`M-C+#k31N z6K+lF!}_mC!hdzh)Q9z(nEmfwPwK<^e~)8Lpb11u2ls5y8qt+IJ*(JGIe^lG@(?3o zx5B9UL~w1sp``QIxZCxVWWxrQBjXtzlrkq`l_Jr3b~x~iTyS~R3_nuISWXJS?-#^)Lt^4x3Se)#@xNO7q`f*UWGNuPq zI(=%$#Kmn2FGs!`^I8k=iaYJI+?)+(k-^V*ww1W8jr~}F@VNIgn#rtyA`G%CFU*!- zbnJQgRD!&%R$%xrnZNkwkJ?MuK#_t=6i3I;wxKDgB={7x&APZURk}VNbf_NP7chjH z;pt;61_el-Oyu|8$j+{pvs)W0TLa;|Qwr^wHAJ^IK;PZkPNe$)*8vJe>F)4(?CRA~ z`^tMe^k%$4XKS}~&z_Xp(KvUa0Yq6ti4EaV%CWZe*lA|3FC)xrVT)@kQ$%@XGV(NT zePEZvG@^?AMs68fl-(4cZd*UQHs*s|K1zTN4=9i~^ ze9D|kmWHQdS8mO zZ9W}hc4KMiJ21Y=-&mb%OLy8=(iF6 z#D1B#WK^5Y?+gPJp#R zI`~oJEyN#$nq#FBM>c1nL&=C?nV2fKA#W9EvHza>0_-i$Ub{iyH!i?o8vq2|+eJkX z6+uuK^#)O&7?lP=VN@bb=@Qx{cGqzZ~uLGgdq+5IDj0-p0nvZvt*%%vgsD5;jJ`%8)!a?=(~ zRwXVhEL4t+j111r&3&JnyZW8on|=z8gSxm>;(r*_-vXmMs%^{Y4y0VXz4m_?)ct|c zT_A1C=xzaQ{_Ujte+}w%!01jz&@TaziXiF@`t5C^_^hZ;j7ozjUQ8;HrgE`O=Qi-0 zQ`tOK4%*NksDdI@lKxAPq)O6MRfD2O5UIKtRayPZ<3QEsspbxf_(-(}Q4MCl<7g=% zx>SoI)#SQiyr$ZusW$1~UJObUJk@AV^=eS^BB*X3s$Xm~hlUd5O?4bnJ*yP)k?MM; z`sRN}M^Lf>slf}>=#CAaH8psF8oWRaUVzb1GLoq#SE|XCYI3ER zFULEjN+vbihnnp}&Gz|^7{$9|XNNXx0bn78l%Q5 zQsWh=@ru-1LeyeQzoIoM-3zEG;?xvzihMv#5vSHO+w6TpjaQ^r#G{rBq$ajdi%wFj za&AOxQUyh7*-~m<*Z=o2pvg}2lSfV^@AO$;JK<7~-ARYUsamOip!4nH5zoAUQ{{qR zSo_w%d(Gqw2f|SN5`u#!d#9+4Dq@=|V!Q6KW7X=nm}X{88e%$PVkVzV#(5Ss$WFPM zj9-a0m`k1yd9|Xu9Y%*GKwwaIESk>1@9Yj56b=IY^*}ASpMj_P`1e38N*sJjI4shlyg4HZhrNxULrS#E(7?Ih z54CPA4gQBC)6gMdtt4IA-%EqJiM*UxbQOLO#bk+kbbc3rkqYR4g;7)SjH!~9&VX&Z zBo+n#92d6l8u9g1NmoS>w}r`Tw_GBecDYzCoc|A^p)@WAxH9thO8zO0MbIbIC`!t~ zr65O$%i-nED*YceR<5@`FE1~Yt~+estDkc`m?xs{=yit8LnaUoAoSBs9j;%$uAghG zmvSyW=D-*(Zrj!^LgC2#u&z9Z?D9aa*KgUFo)^|V+;3vbsxTYMj26e%T^n}Wyat5wv>3r|>-BUr*YUn%#*=Bi$MapHYl3D5fe z9u{f^hKWf-LbisXM54h0qum7zf8Q7s7TqWP2Q_^sp}tTvDa_5|o3n2`U@)qRc$`G{ zXN4q26w`CZitT?s0e=y|<6qqI=g=3=67b|lb;tj?L|9rd%7wH|1omg6-(WQGq^Qe? ztxqTij|HIIp#8Hz2?xNMRrVR{f3OAx`{cEzx%+1ip+#Vy-!2*x|G7PC1U#V^y0rkf z>~u)44toxszp>$h10<1_hq&|49-i;ViH8<(pZoI(Xl&ck z9JY(M-XGoz5|AQArw8tVg(Qgs2|O%uF=k@8`0{wFp{zPmugr zYCKe%_?YAux?QENe*2VqE(rFA?$Vs^E9WxH(TtKZe4!DMdTr`+S(;ex(Z3lLj;`Bd z>{V;LYG7)c5Wq>R-7)AN=~hL6Jn$~g`l9HazZd7GFgJ*3{;{ozs@?zwG8}yU4}${Z zX>M*Ev5p7Spq(TJ(|(Yxy4qn*?_q{nH!q?8|^4#z_$AG z_8r~=AGQxCj`}+M!sYK_p~_$w(}0WJ7OsgO=z$zv|M19`FhM!P48Y8MdrCgBY_3X| z3bufcdU*G5u?KgHBC<1mnD}$361xC*<32Ze_iv1paRC+L21e)T=Bn6Gumz&MzUa-r zhgo59;@Ze6dD!NnIP5AIH!3}J@9#aJSil~fa}MQhAsDtBY_&l6h05Q+e-j`zgTXO6P9La4>)o)Z>KbJO3W0T|ohksebS;;3$~mJ2C0|_p1FA<;yHe$6^aO z6a_fzKanK6`RhJAim)fmfAf!w2!@G)VV2us zPyD%H;id#UY1Ym7pJ&q#WLUauD>|N=tCI7S@r*4%_4L^(V;7^&HDkK8}O zm-&6LvaA0#zoYbLcZ>RmhqxFX#>P6eq@2s|%(XjzlVQ6{oLV?^iyHubngytEsHzv= zmd)w;dHnZ*^7$XN2fDJXYEMO%-N}n~>r84N{MZ(8#ZkTT*;K^%h~;Dw%5r6XBEj|A z^Xwy^vj-+l=8aojHodYGue94EFV!gD(ZOeR%*>(9rNSSN21 zt9}$(+VQEUr|C0fO~l?2x%HOIPpx&_wY$H69Xl&4ynDokfQ%;+-!aM(bcbwWvfyH3J<*h&?!3Xf3i1XD4qQJ&l$H~ z?}d)#xiNa=P6xhpSB1|dSJvg5z6V|DewXs-IMb(ev)<)}DW^(4&(w$mW}lC|H`}D6 z6fuM@4zO=JOtk24B8+oJn7a2PxR}0x4r%)C&QY>Mk$ceAjU*x?vgqpAaq-YBEY}}N z35yZ~ECHXpJNLK2ju;AL75|^Kp`>LRI6c07>pXz$paz5jmCk8h%~$0CMrnzTgh*seV1xZj%{3ww(4VH75O1M9ZP#k#N1$Pv6rKFQuJ6r=H;K zphMmb&4B;8U_@=owu+XL5 z51@%lZ4MJUIi3*Zm{t8?H&@WzfLmB}Kx^NjO}{kum^}I@M$DoBj)p?F+I2N*umKY@X;0j+qvrAW(WVztE??9z3LZK83^K@h4qd}H zwjH+pl)OlY}_wHfn7MvaQ{<7%y9GeFU zOJ5$$zh^()o~)OW>b3M^_|@JF?-jS^S(Qp&*PtG+nL0-r;yqfcU1&OulV@4~!eGsD zAQ;&{{bNJb7KT}EW3n!a`C2#T74rE}aD(gchs?3G*YzbUldpYo*dpG~7v3`<>*dD8 zQgmKw&Gx5yX+3(u#dIo0zOd1^*7Sv>OT4llvbEI52i)Q)M$I=CKet3va2bfxKzQ;` zuS+_(dE*VR&1K|@V2r~=XKq5N2csF|N^7!S?Y_yV3F+zEto)9wii@Q47T7a}x|2Fu zvgM9Nqr!F{<5l&2=tXNI58IvEwL|{otJ|cTVMCEM!w9%e!l}z;xba*Xc;-&8zXU^U zH$Y&&qmS+8K|$H8EX7GU{POJRd>Ji&`d=Qo9VsRjq_ z;wdI#g_#eB=0{?Ej0#-Xto9@vzB9*0%CTD}O39}r zYFO=|5pA4ZTiTxUY)s**Dc_m?LcA|UNPn95TzK;|309)$_6&2s^Pd(nEBUfj139;= z*@^NN_oUU&V;l?00LzH}(KU&X?kZyiq#>1=TjITbnz5n1cw@2WwfuVWB)FA+r^R}P z0NS&+?K)n7vgm(%6CwREk*E5mVjdem{G@G-m;|k zaS=};;Ox7#a?U#yx7>tfIt}jSZO^g_oSW?FN-J5mwd*dptY2`kE^;V=u89ZUd7({F zTQ>Lf7;5%gOD(W(pBo<1<^JqBrGOE~6EJ&FM~3ddg*tdI&t{(7U-%vvw;w&P0k4LG zefQt$9oYv^^2I${ph4NHj){}BeD<}kRA8J6AlSTjCSH;6Zj3}<%QJs>%kZ_^M3#gt z9&mUm_i4Ozmhv;Cu2y=g>Fw7w2{!)oT~4K`V&s&MFpo8`jiH1KKWeyE*~9Y_WQ#^( zJja14{-n&Zz%q|7(VAKDFD602sRMin(O>4>B-GRQal*btKo+*EJxJ*74Gl(R21?x+f(MeYZ%Z_!O~X|NhVC1>yp z*}5ye2#IY>Unf==54>rV)C=K)yqB{nmCI>);{7e@rBN`?;R~ntJeU%_U30{$hQo7t z^rgf6c!z%WMa`A2-nEM_V{a5q{_$l0m#4C>-B(Uz1x1Hdd*< zn5T^{-~u~35CNrale_vY{8P>;8u-T=uYWYbFhE~5*al=a0qfgE1f#xL`+)s-FGC~s zMLtJOe*4h+X3-DHoVB{pt28NVRh=l&>r%T<3NSD(CXo#5<^)YcPJzj6j;x+0viPv=s(J}Fy$aVX0uu|}FaA=wkdYWb_@DFo=z^VZ&6@2zycI!TzrjgjrlsM=! z*XnM61i z$Fm#8Kc3*vJy5dv_U0Zy(NZuwGA`EfES!7DBS6YU$z7YYzdF`>bwp^Uc^6vk_#M~3 zFDDsj>eGUYTL9AFusUS~YYrL_)FPls#%dXkJ#soDd7qtqrivHFgQY)b0LFU$-7RJl z8Io!M=CEye#PwCzJ?Lo_A`m7&T>S93Uxl#ip3K{N*%99Ss_77=HEX#O4;Z{L^Lq`Rmwx62Rp|?T zqc3CKTu0IkGT#Ps7EHfooCw#^s;;Rb8q*^`^(#4aN_zhMUO6$-pmeRjChj($Ex=v& z{6yF5#$yjf(|PxvOEXT!f~T=^^#|7`jiAU%VZgNW4}N0l!d1mlAu2k|Nv_M)yJN5H zqUB(*j)vZZN6TH+@JRdl)zhwI703~WbKhEYV!}jB%E%A*o$uyQ|JK*0pwly47j=n3 z?KNW+d#3KL1;8<0d$KETH|ja*I(cop{bSLU(XbzheqZsp2A{?L+pmD7 zGKr(?>X(KXg|5#YWBXQsE3%u8UUTZ1=ZWg! zE7qC|6S>MCoq`DRT$ps&9epJXLnL_$Wsi2AcPuOiuHPZwJGy?*;vS_-^}N!s3qS}3 zJORmtbSL7jaI;M`%NjjWu4I*;#z~*W#SxC<-XrNgF6^zls%+{OZr~9HJjupNM zr#x&5-Q44T_Jz*l>G~s61wKaUB*W~BZu1?N&I8J4zxH!!zjz{WgpZ9Y^%3CRRlW?{ zMLFb!<UE{FV` z&|_urz$MaEHVzhDKo#HP;~sZ$cn07}27D|#w=Cp98w�kBQD~>-s4%e$f!`<4(>l zmW+}Xy3aYOhs&^S5w-i2ct2^zEP5{T+X<)nHlR%wxlMeNn>;LmW8}2ky9eDULR{$e z={5CPy}ANa_HKo%!Jogjm0Hz4EFAR%>iQ)vlPe!tiYL-PGL6Q_iL{2}vHJc~nZ^G9Z(~#L{EPNGNrDHoYdukW7m4YE2@ZpDc7{xawi>U0q9y@N?K73 zU{{var*?6q+b2!xbbNU=8m8-m5a6*Pm6qRRG!+-W{^LtQh_1I}XFQ0ZX?=A*-xne@ zSv~&8hzefGf7;~z)v+dJ1i6I6+Z*$HZ;WxWw;KQSuqXvD)6poF=ddkD*O}=3u2-#D zF;XA)!BXdt1FwWguJfIC2iit^O1wR#!$<}Az6PcB9M8$Z%FphD%=sm_aRoiMn}{7p z+;V`7)B`R{tVB{u43KLz^1o&#oIER{^V-dUOM4vbe$q8w8(bId9*d(uaJ;g*vyk<# zw^Ih}z;wrtoMqg4)b!7H{kP`6J08pa?H`xbMN(PW(jdF62p45UMkv{mz01mWkrG*L zWXs4ZWY0=8tjJy!x$M2y?>KvK>wdn^>v{hC-LKdE$31eM=Vu(p`*^?K$AM0bWZ}V) zGkUefzxxf#-QRk6=#y;}*mQp5A@H1Ume+;Q7vzLVEj=P=8ZI_0G!*tOsDr{@Le;)4 z!*MISbTXG&!o8?)Etrh>cSDRdT*C7DC?T%N4JTCzEoZL*EXg?NEQ+^d8Q`fa2(<~4d$TzXZRM(EiD z0I7Ju9KQRV=`QKzZC@=|^8l_5KoEvJL&hxIh5uB5BK zWW{UpTpOMCS?YD|)m@+Q!+#>bC72s;-WY55IR;+1Gta!#W7NKEEnO1L)_NqzcQE`s z1t%$`;6qF>%UDrtM7A;+n-mnAz&{XZrQmLjoV_LWGm!lclK@bThEt>(Q=;Rywu=q_ zBfB(i!H>X;vG$xeFF1Sq#4D(oEh74}^-D`e?tGKYXqfgtAlaeZn^e58pwINv{m~{E zf?VgOYIP4_hMK9wb*^b8(FwjvC^9mt38Hp^YM^U*=2x$RKThTLciHyQSp5>GH%Q?U z65ezcP2{~kBOfj1{EEl0;#`8NuqyPvw_1+ytFlq&8;`hy$IWfBVn| zLVpi6#Cm$bsQ06 zj(xbfbET`~3B>8iE#CAq*q1f)_+?ny8jDwacgt28Enn*EcK$e3HrF8Q)cPiCE>R>W zPj{`nQEbvnYj}%<#dCn>$kkdO;BCp?VF8mB%Z3Zx!jK&WGPDr@HDG9w5Png>H$DA; zzi7^>FO?5H)wO9&y9|0QS)rW_xYf|1WAA^~1ov)Ktd4RmY5%yBq5$G_jEDE56Uutp zLS9XE5$qE&u6+W^=ko#WcBH4qj;7F^GOQ>oP1QP?BN@Ov-_IwOQZK$#SsIg?BJ@oR zHPhzYeKy^q`LFv$zmgB$v>Nmk+oYyQ zbJVk69SiZQU&?95AFa#LEzFMo#!_|>wgniu_uS?y-CrL=^l|a0H|ASZ zi4uHcvl>?N8YR0`M1K&9Sg{I=-se4^8+WBmRdVIST?!^EG^b`^hqCkcd^w#h>FNvP za{rFXlpHGXHKI)axZWfWBVY6V3du4k^yZLqV?7=ju#>d9WflGs@(QI{E(aW+1vR>C zpI-k#UgrZ?AG17O1Hv@V9+18sASdv`XLH5w z*!lT7(y1eas8~Xu-TMTa!g>T4Oq0i=yC%}<`xr4l{437Yenj94&|Lc&%-7SiHOi4= zSXsg3P=(J+*Q6;EH7D5{El0$`*i?tTfB0mH0|3`HN;QS}2-K%LDDgw&Y2;Da3N4i7 zz`F8MHR+&q=C$l6rgFdV%F1yhznA{upQ5-58xT_oIo!*%H{m=pd_Q0Qc1Dqb9M?(DIS@b)Wu}mTfyx1?tpu{fDfO3rjz-{~e?HN8 z+u&8kS0StO>_Tvle)|OinlBEBINbZlh&6)zZ!shmAly0X#a)(2l3Kx>U+oZ9?jQ&W zo$$wdqBo*Q3^n$T@VJJY;7FgVC|b+#-~7T?38fa$3F9;jl8~YFL>(ZVmxd=6tvx$I z*L22bWr!A`VaqpH$LuDsKx9$hA%Mzvj3R&ljT(GeC2LL3VWd{amUrsPD=KYVv1nY! zjsFt~kc%c3w(T1H{VwjTV~W?-#!>;Ky7uC7U{9j~-EJtKwqK;J%?Nc@Hl2q<&;>wS zPc(jEe?IOe1fJk>pH~1RUXDC6@LIS+i{>^c>j()Igr8qTUPDd4YfDum6;@FxrHuC}CW*eZ?E7Z-BIHLDO(tm3Ia1 zQ~zY)?_cd*co6OS*(99PxER&S1#e+m#xC4L={y(dtHWyg;Rg^@ZmwpK5gB+)2x+k> zN6r^kZq%!YPvkRE5NSRIB=+fJDAO20C{oykpXWbSDf1XG-L+@D`aOcmGou=Zj#gtX z$}sLBXYsHWaAWrJaFVnf!A3?vp9!1PQMNZ{S>DOd_T5ZJ>9q`5&?l(Gh;<6J>)imN zL`%J8D(y^}aZS)o@fB(c&&`!#UPi=@qnt$Tv<1PUok9%9+Fs1u9T{uGA3tlA>`Q(;6(TKYrpsFb-L zj{?1nR{d#v${LER%xw@~*!ks;CTQUXJ+KoK(Mwj8*IdxHonHpN%I7zR} zo4-CD@6D~d>4!afY4$N5IG9Q+XGm;uA@0E5@K{s zB_yDqynYK2B%TgUG{0Cui^e%ZChTdI*3rVS$(BVBpox%731r_=&jMOnu}kosF~A!; ztXYodn|2GT4+6D}HwydQGop1k7H?ndPx8nAF0pv_0UgK1@Lzk1y*o-kk?Kt-+ipi; z)&WGv=z-`rxqlf7xDOLmOM&0t#9Fw=;~K1;buw;v0{FZcvyK?i@9t;#SYG%Jt17k8 zs?3#KxtdL};Mj1sc60VwCDk2N4H3#cRt{Y@^N|6uQMXs;$ojsmbAZs6DqUX**&e-xn19-3ZLYd7|#!HKDy_pO%;2F zfy7JxwU^gR0Dmy4X`Y7Vc3LNWgY(H4bL2}ZtNi7m9(#^N{A=Vf?X8@9b2bs^O zhsO&be?zv2*{BIX(F;s}Q{szE5mHYrY>)!9(^H3E-^{`U$wTLGHG{x3fVk3yg9dIx z)U=cqqp=A3Y!LlLuGM#eov31S)w=MiuMB<&qnbALQH%WZH@kzVxyB)$=D)RWKXFdE zx(b}_=AfS^y@e|NhueJ$_>70wrFM=GLIr#PN-!|>o#ggsV5(A)&G`D_Y>Qp#gfK+H zsY4BshEQN5jPV527&piEQ`M$(-tY5XvlWqO1OTN^QjtQUZeB_AHDpPyLJrNrsODAf zfEgpuyIDis1_8_1A74VL`Xi8oxZiVH91g!D%}Z1^5q5*~m5eV^pNCK_5BMMGQNRNI z+pnJoLG#HqsVsqMhz#AdhMqsj1N5x5rf2O}auv0oBf#48e=e?UZa2~n;A7%m6 zm4@1tXXSAEwtmXyyxn>^JJij&C?ijoO*%LF9Tt|a85BE&S{5pQk~4zMuW|q&z*h5J z%g`3UKmr3NKPb)C-33`5CW%G^pdID`(bQKyk`sYq5_1X^?~RbbLiyW9L<1#7h3>g) zEhLr_DCM=J%LhN%jTZUL)r%;@7gS*7*f=hvUrxIF)~>gU$KA8_vb;9vgpbNi6Xr;X z(Kn}w_I{5d&=DN?f$w($gKr$+=Tmgyp8)3lOsS0&cg;@sHz1p_YS=)?T(?=MHeQ_W zg%~x^MxiEOMnK{`I~KADxus@5No#es5oXvLose+;-cveqaytI1SdYoG?VLGtLcN#A z=OxiZzrRNQlEEjUhK3WnnI9Bqz^DG|Nn|%wMkHs#w(j^Q@!urjZU{m zFS=(Kw4j~GJKm^?hEEz{G>&poHM!&IOkv2_xu}|26?#iu`xDeyHLjNMRbxmMuq z@M^?sXb`Q=z7y`=VATBZg%ZSYZ)tqn4ycJbG)a?CU*bxR*hl|lfCv>;>Vx=YEKenL z97I7)Ektza{k;Q)P{-6Nhb0q*2ziCe;Ac68XMlwxyMTOXugEU~+E=QqgMf2 zzS#8zwi)VhM=`4K!_~f29e?G0Z3Okd6y3dJ(^y{?f9(3YXW>=srWF-tWp;?HzBtEW z0OS^-0F=()GQtPQ)mL!RiI~Z;BAbV#kdG;!t-YsP8TDetN3>bvUv5+HcPf zJurxlA4ul*{I>xUQ&kJ7L(=YC(5`*)1A3W;3PaaOo@%jwg9S*IStWmF)zud%yAm88p@bZQ*&D$9t{lyx$`84swE ze1OYE>3;cU7$9?)HUL|gAWoGHD7sySo@nXxS9oQC*h^H65o@DEoKR%M(9d+T#Yq5(nU!0crIv#jV0L>G>((X;ovvzqD9jeb#@mv=uv=gGuF;uHita_@siU zG3%phUzuP;S*2p+I5wTK|63aV6Rj~y4uz%?!cKZ2N%F zy`;p(vdg=N8Ki|GxWw;zH(QyvV?M!&foDcWow=rMkX1#@eacQW)e$S7bZSu+DK1`D zLKA;GYmBibzd(Y5mc0_)g%OI_wUZP)Bvc;G>t|Jnpet%0?wcr3Fi|%`<^9Ho*XRFbkW^=kq$VRv3P<bU{>tVhCUQ^!*YIKKzX5?#!< z2k={3&)a%AY9k?veyFn6wjHml=Upn>SUaGA`=xSRGs+0FG~SYW zfSq{x0NGyXNr0G6>&#xNZwGVAtJv4XsG2MR48IXbBf{2Tb=9p*0N4U1kCoS(CuPe2 zA`HRGSk;Jp<)74` zB!8gv$6baV&2zJm&gj<8S9+cy{-&zm*-2oKd z1eKv=3q49p?`8nvG%Gh{(GP!fqqZdA0XQy3+GKEDZ!rzF9F?uBSvsATsWDfR z&wDq#IJ*dzvkowjXF-vZ@|M)9HSPMVMhNjXVg{)yOya{Y9HFp&q93z-#_X#Dex0^? zjA`k3Zg9p!IpRw(V&8!`GyyK>G>=o}L1N%!3V_4_SfFbbWtV#X9>wI5W{Q%y>_%{@ z#!7f}d9O{F0|I>@d7LY*JyZMFsJQE7Pf?@!2aFz#%N}{1QU`)`lduH!Hg$$&ML(t@ zw}^^_!uJ}$yWaV;HAil1d`oNT=}uf4$qRM!aaJk&)whXTyS>!XKha$nokIA{u-+?& z!eb+(VhTj)UL0Ob(y!46d{7IC%eTM!rMsk6t|_IT(M(vPGCY#yz41L|15K6K*uMEQ z_Qw-1u+mKG^cps*pG_RgT(g+_Jh`#3SnPj!D{0Mr_`_z1SiRSLXzgUXYjK*vt-!*A ze|d5MJ^Tl|#l>phSD6&Q^}5SKmwtYJhI^s8G2u)Q1)J@Z4pA>+3H&D zv~95=725Trlb22Xu*bqh_mrGiO2o~Y_9p$*cEBSv1pKyas~1HNo=>?D>s=TJmiTN4 zgAUzKqqfOx3@H&Jxr_nO8X6kX2K8Nr1M}q9zT4GR5L(R}IBG;rs` z6O$9tPi#N&&Uqt|ccFbDWT8$-lV%{fAEo2C{9v!G zkhB2a=XLk9uATR(BLuW-y0y~igZQPO3Bh{p=c^2(c#y*2oQNPpezI4 zcuGIHl%SnuW&RVVnh7A@IBnid?NrK4_dXD%^9u1`g9Lr3ahPz=AE*2eF9Db2cN?vm zJU;`$8v=l!Z{hiGHZO3K_wNaqq>=FQb@VSrw=W0u7r^y31>^2pNGZ`G##Lmb`F*}i zorkB}Sf>|j*OX z!*PYsx?6oU^IF6$j(Cwe;9V{azdqn2jCK|bc$`A2XsRLF1aNf>(IwqS)2{*&(&Qc1 z`|G6m!j9w7N1WO=7hpt*5TQkGA2~Roy@B+9e6UqIbHrq^&%<8i>3rfEW8b2!H_0E z7DJmt;7J|wc&x1aPpbyer;Y&Q)7Go^7o?Y@z;P#3-M;aLvA!T+{pKR>imx?5cG!H82<2>z=FOkQPut) z`H#~Zmh!(%biqWDTIgdhJ~~nC{D%)s3F55x|L)cUPC{sX(C={@1hrbp(OydL@Zf5? z9Xbq&RP+*RQOZkAtB3C~xjfhRoT-`Q8{7X_?&02aS?2{&s>hyPai`IqjiyPr2aRI( zUcQbvUv#zN^BG5%zw6BcaGI}=9ysM#BHYXMq4)8!4@NZ+NHMVKkcS#&{!f6L)D*K3}(1=v4W%{-_OQ2G%Vsg z%zx(f8MRm1*wUN+ILQ}4Cr)p|!Ds=7#u!kIT)@$-3mR8$7xBNC6HGXOZNHw9)*XMR zCr>;p23v*H^gin|_j1P6quynluYgjp079(!P?odA7MS&O!7m*x_T_zk`XqP;3xat| z>VS6p-Nrzwv60TTd(rR+q>;9FcQTEg-m2-BnE4U{0H2GdOy4f!fYtA(kXoNEvOb#p zYqO^J{Pikuqx4d#L?xQb_kZA<)Gl_pRP8HgMr=RTpV7SRjaFezDhTm-C3t!ApEKG0e zhASLd;7oK#;^ea>Yr8E_@VbzjU4=UEwTp2HfdOpi?;<%?2JA;m2`)|aDCqgfUcfcK z_i7mG-*39-8F<)11TQ-NSV1 zM*6?(T_d+Ppb^v-@RwZ-)`r(l?>F_<6iUcSMi;C=nGmJy=Bs=T%>1=_p4`w)`0Ha5 zZU-@O|EWq^(=}`nm(D`FVJVUQdpdO5mG5l&FvhCeI;T80x59Vni%y-b1td^2$ufjQtiQj+M0l7`m1C$~CXfpZn{DPa`d`d&jONALWPAuN15kz4<~; za$BmrOx3=_k)O-UtT(kDPJ4f|c#6pLkW1bNWA?^nQXsW3zVwe?Z3jo+N+M(y7((|# zp^YtU-ROOc<&vnz3`9Lf?^-@c@90608g z6KPfU)3K#VPy^WAC*)Tp}(CUjC@81pm zq=bmXd~M>Q?RJpZ=G)7BX=9972liiD*bN?pGRS<0k`t-#ws$2wg8)rzSH5r+=}Lr5 zH)JKisYOaeMb79o-wam1Y09?PolaR~11ZlT2<mEV`tA-RtuZq*T_r#~YXVe$dfv~xoWbvDS{p+2CjcjHDg2AphYH07= z%UynCo1?_OM%rgLXfYdmUVQt%ZKDmD z0(1M_!j)m$ZARy8w!fF-Nfqq2qO<-hT4c~$iqGhJTmNf2-2$68FO{Bk0V!&F_{62x zh~hhiCILRf4EPQBAI0kt{U`&%)V0XdI`#nqtA(&L z7e-F+7II4}_or`98A~`!clK8D7;C*|4K)F7!gT{0)PlyA+Zbj>oxU#tfVq2u;~JO{ zyufMVvhZE2J5xK4(G6rAXb`Y!Fo&nu#pyv?!nw8f%1u+yojz-}+*zz>NmVUGywQkz zOR5+wh$T(t6Kh`#H;v;wXD?dBr0uqKA=_{a?o#-R!{$3xD#gCE8#?wG&%USl#shG7 z0ij$6`lKh2`9Me)KTt|239nGG1muSyY}HqWmkDBp*6j`M^SB>=55Mr1W~!Ze0pNHM zB&O0E0Tk1w_Xx8=xA%aS7p1a$ayHyx$NVrS`j?vZFPr$Xdc0k4iQOscoarc;nrLvA z(oW?N5S1_F9K?@ek#cE~+-Pa#UQOk6`We$6FO7mmtYfMeKSk z;NBG=9yFpW%?kUR)vPr!Km+{gjDw!fgn^=^A6bQcxs$!69)>H?#8|}A%Ir3HaLGfH zBV~d4r!66BMziDI-aGRK^5s8$uhJ@B9ATT4D$<}lUh=Fok~ z$@a$F+t6({{!odRGtI9o2c#cp_QX_IpeRJED!`%WH`PZHNe;E?+UI^jQcrjdyHlxB zTk9?0e)jMH)NKnVMRxKMzuKKUdj~19QX(1{1-f)6&iW9zzuyA3&{?DZ1D6*ZV}1Eb zv7$%4PL1IGe=cS!^s)g|%wYn8iLgGT`qQ`uJiR>OQN|{j_oMTMxh5B-g~Xk3MhLTk zt{6LySgah>EzAdl<;W~r@pOL^=J)w`U9iSnu!l}V`oB93FTi@!d;TLctmogLG4B>T7~J2nU0N=MrC5mk<=s$F+B4d>x#rFMf_WV3LSMl~eW&JhD1C(P|7EMa7=1 z=8GYK071wmqwoe7PLJ<|4MQ}1`1{$}*`UW8Nb839R9Rl#=C^URlgof)?4fU3Eu!W=H3g1m zHIzyG>F+k}O1a?uaV}k!0iP2N627rd@i=)YTDYD^?VQi1XUk(nueHUuAXC(cf9)qn zmw}?>0<9d>?ganqTKJ%kL5{85a9JCc+KMbt=ohXR*g4l$VSosn;nRZUl zd)oySnIY~bnuv%vZs&li zI092@as_!1?@g)zr0b9>#r#6Z5iJ9^mrdSMo-1qpTazglgLpIgE=fT=PI8?&OG0=; z<%I>bCva*W^25q7dhTHz@vww&)b@QKjMH(xYq?)gbZt`m;kikS6~qm zW!4-wlt5@g%;cP!U$@qWrP{!$BD1#q&FoIdKLs!q3vzJ583Jr@}*wFu_xcAPyLSY3r!fsmAq{ zxhxnsAR9XLlfnK)fX-z*+51WnOVuu})SattpXBp=j!bc{QkCO~qs=ogylWczOP%2 zH{l7&^8`$W;MPonhW>mFHnY9)WWWRJgnkh=>K!;`fwdtBx~6+$qOh7p+>$IA_n2X>Zpvsbv<4TF=F|9rY0A0U+-qsk5=^xlFzKY34g?M>TGwi z=xwPg;ss~igb=EK&uJdNHxEE#b17P~Jzb*~F!wqeU%+k zT{#V|&bii)dhhHzJdTVziacZ91)dRQrk`kilML3XJVdnB?*`dnTWET$d1?uWBE9KfPo!-#!Z8bF;D`rIXU5ARHj?}ZEpc1kAA6~w1+f_;vBH8y zf~zE?tP!0$-~UiJK#N`O!E0n70vv}IVO{BZ#kVGxvM9%)bjgFfaOS1&D@yvkm+@ai zf+$UpoFd21&-m;CZJs7NI6B>?;CDN^?{yA*McH}IiI%w()i^t-Vw7&{r;H`? zCm{~rI2Nw~Q1%3sN9N(ob%ANp6lPyIRgC&duHusPU#o*vb?M_K)K4Q~NzUbBxbFfv zg^Nh@+8ybO^LasQnc>3-zXu$50_*%``Qicykm8L<8Vm78@B#y8;z2_6acHC!K`gJm z3Iyc>Eaek00b|6)9cgF;8(1K(T~DKqh;$O0NwV-Nu%k9GXR7V>_47!#pt3a=N7an* z+hDn|WmBwuPS0MYfi)TuM`!DB=S~^nf~=$aqqEJ?3+^cWnCQ`bK1-zIWE?=$TcpWP zB-yz_Y-XX&36i27NqTIOhgA%|azv8Ij~p28u?APTcS49-1%cJz3lnyxskL)Iqd&Iq zgB_aQsS>Ab|7EIVEE^7_7ebIA^DTJt8`sonoSXB-As3c-v>3Lutb@_kPS98DF0S&F zYH%GX>54nkS4i*9W9KatPn1XIP-2pZp&`rykx9$HPuZex3tAb~g|nroB@0HUaFwjj ze(B{Pg4c>5>q0F2TD;2L$-`;;scF(ezGu^G$1k>85Cjm@&m>GAb?36>SEHFo7TKb{ zI#O6@(R`G);=;4uwakMk9Vux!zVi8p89pGET$+IHWg+qDDwO`(?cuQ;KhE#}YPY5e zTxU5byi;+q@)JZ*Tv^DaS#br#`s^YTJJT20*oh}6PltKkH+?Q_tK$uTbdEiyfoQ2& zf}QEzO2kU%VFQ+ta}8maMjo-~Z`IAqtN`_7=Y8xo$1VNj_h+SM@7|8^0Xod2+Ohl= zGLb^IA-F>LTeI%qX4mDb&i9=jm(I$zk=AYfj<%m=kNLb35y2okny?D8vQVXb81qU5 z#qagH=-(^Q)$8e<{76jdbck|cjQRKR-3NpmO-^%(dTYn4Ds5 zSBZ!aLLR>o!I?YDj<3Z=@}2#V_YgqJEtiH>Z*b`j%gaQ0ZkU}^dGVZO--jT*B;g?L zI((g&Eb26boNr&svnL$z}r2`}24^vxT`e1GExz9T1fDsE55}fvUJYfY#vJxbqA}L$nB=)U26DLX*5{P#IfX zPQz@SliUn1SH3D+n9RNa`Zp8FQ|ZL0PMg%ay2tBW*+q#85++oU^q(iB7Fspt*x7B- z+jeyI2J@V;qaPmGlyaUB2|Z#5cenGWxApW^Jzc@Rwbzr&Y_lmtge0#ExJW#*Q5V(j(KSNdnE1v$vAx=vH(BIOY-nY%85U_?% z7_sJZI7Fx@<+MP5d5$tiCa3x+@RoyJb;eoya_+lgVv@k!XpyjnvmLEFS~#P^m&?Zl zUfkB>%}z3C!=rP}wCNs+Ok(ZU=cjT~+<~yTny3^szEvx=dC;}%MO|XEY=g4dJ-^sG zy*1g-PyW0(m3B*_0@Jx)btMO7-_ZsfiR$Cb_01vj)#*GOztE>5DZ2K_uRupH(a#CkxDJ8k~nW7gw?`xK~!d=oJo zK?kb|1W4aVg!sxuVIJch496&h(=Eu#Ts|r*Xe6!pfJ5O8p=H9w3lWLuoVMno2V-3e zJzPs&r-~%D`Y-ZMxwyF44WCg;oa>IXY*he|I<^mK$NPdb!w-M;d3IlW$pAFagN_Yl z0=6P)woq+d@_yz2^QW;u-eKb)=gA)Jucx_P-v4}l_$EmS+YGS$#<%L#WoE$zTr+rF zj8sF{$%eI)e)7XJ+Ud*Y7Kwk(F;bANZupWR1E$8l2O)sEinKsqSKACHP8Ilw&s;kk%? z>~k+d*r3yAPJ6H4*4l*D3{zwZ#Jc7Y$bgT4R2q92As}0Sx6Jq{I_OjI_WRx@BA(wr z2mU!Fpqze1$If5N;o{*5;k+Tt_Y^9zkApQV&yV|DF!y}!b<|j8q8e)ZvSHwCWGUxqieo#{8mt8BFXQ0z%?L-yC+#YO|MFpJB0p zF@rj%uQtRSmPH^L-bbCPk$8~7luzAXtspT)6>8- z`$=``R00-o`rPhk3) zI_VQ_)YgF5_-mueTgQwxac*gb}Z ze4*cE*@lKW1`_c3mo8N>+w_)P2?`3*Tk$^KRcOx#yyksQF_-acZs7Yip8a{?^gi-C zSv&?);U?wHXIE`EL>3XTXEU-+i95aR8XCnebng8D32$3B{qh_!hgbBavF z4Vr(%JYVI!Y*ZCy>r}e(m$F|?NJ>sPm$>s=D(>hZ3yRG8Q@&Fk_)0VVCbNH%fo(6L&16>oQ32c^n3n#nm-(BIqC|82T@-Jv4R#gEDdO_s= ziGSn{AX!}C6-{cN=^Ok;ztU0+R2)VGHYyC;`Vb9Czuy%AW zCh5m!7>-!SARS|u;v^;1%ZK|f5umPH!(JN=)D(7DRv%Y0N zFxC!LK=bzq45Q$ZQut?Ez;^h}K#nVrZSN^x_Mv9wpWf=4%l|L>1iO`n$tFNWi`YMf z=@mf~#I>og$w9HeX}hm;cEUKn9>DzBp8B^G`bFFEs%tL&S&OH7B*b7?VMzxs@(VHN z&));U5c9aN+@o~X-z0fw1zt#c>Abp{MSsWtFYSU71B-yi9kgS7S|++hO?Mj#qammk zmk8ZqvRiUdQO8^lw3a3VF%moM^bxaeRufC~Mc~Y%DojV$!?7w~7bUQG)mYPfg2Ig5 zpX5M8+VHpiZYVkFUnNBJFQ2QLDZA2Qxw z*)I#z1SD2~Q&r93zLYVk{myDI>F3i-CpPQ=izGMLvYr5gpW5Rq+5(phd5tPKCCT6` zb*T)*g^qz8JLck{7}|LcWOe2bW3ln&DsDR!2;|+*$hlt;Ro@}o?pzo!CLxCIGxkP_ zr5Cta?&gb2#MjDhzv+SUzPU5De`&mv9co-hTXkJcO%oBG1{0KVFPBCfry-3mgl(h7biCx06cv946N?GsvuKr{;2+2ceGTwS zYGcsKzw3GZJ+HU^GJl=uSl?vVBU-zW_XkzcH7x!dam9_Nfj9SCAp~Os;LAzIv$u{> zHi3~X2B^&9(KFV~;h_;El{optwGmjM5DjldUL*`N~}40pY|Ans=D?@9q> ziG8Hpap#i$p~y}jhP)BUqO~Ke2NKRt+{k0D9L6M3l$bx9ub+gLGI3Ba9ioJ7M_2bV zRk48Fn6wmbC+0q%HvCWqX3so>60;wU)icUb$S38EetrbQu%!#mGWNZy-`P9t3)_mnzXH|Rqf{sG}Gz$z#8e6e}aCM`tb4fpp zrnU1F(!bKHdQ2hSYf5COBo6o<_C^;%OaJ}?_1#}Zfxxj%B=F}D^>0(jtYJhjvv&}g zlO5~-K+LEM9P`6aepl$GeOa3b1+QV_7b5 z5iWBMn)X(rZc=*L7h8RS`!SwLVe4b^`rK?G1l0!6^ckIJAAtj7=qrrvyAsyc4(45R zmWyjZG)!f6COYCo^B%^DMdvd2<{3lVii%cP=c$Or5yQMA1xct)Z;kBL5%6y` zz~2(K&Z^MvL|wBct*-;c&+$D4zO2=Ouu#LD zV_fMWG#JE{O_?{73G<^B5Ho#F7@zr5i-Tv3Y{t&H%_cv`Dhc3|tiU<0DXZpomlPAS z>$xW8gkv@PWi--Vn4|ehlXKOntG^zv96Wf;mLpHCTiZi z_&DDOy5Ekmcur%T+i$t+1J`Z(A@Ja$&O(UFYR?7`X0s3xKf^rM@i~jdq;MzzyQZ2= z7fL1jb+q!#>OXMvn2d>36E<5PdKuiT3Z%>H#%G(+LP|uP!_F}6H+IVmP7==vqob?# zm%8IGGTD{Q$c@FMF%9mC*}lF~_ynlU7aTiw5w=4`BPr42y*S@j6jsq93lo^6INerh zBc`(NRWeTBT#p}>#-F=du?~Bajq!cjF5Uj_oy=M>7@2FhmD!=%b9TBiG^j)@XXp%PCf9=u>(PoMix$LmbjL^|k z{{bsHmgPX+jDBa<9&RNQ6h#DUAcfOd{O#Pw69vyjzR0f0?Eh+m-yE;!fsxmbLJ2~Z_aMAs z;O&r5T{4z2?^1Y{>Y4fnL<}#!`G!EL+->nRH+Lz`%V@DdVOh6JYqfdp6eni{XsXAr zYfD5-c&~zpVQa)SI|X;p@#2)cssY5Og8i#gS5WBHOVA&4X2_Z9uhMN05X8eZhaC%! z3`e|upT6=Y_XxdNh}T-%7Jx+?Uku3_ z_#WBl@xJ+DC5Od~a_|Z2&oG?&0;u973_N)VQyzwDE0A8v@yOQ!0X^%wQEx|MMFK>#$YO=%phZ9vu?b9!a_?=LYd-0s*SzA81^rQmDRAgiI)MSbfGy962`+T zmW@yDB~_H`gK^?^fl(n6q>M+kmr#XNNM|ec z;=bbR+sR6;{w^gJm}T2|)}_we7g2stP%WONcTO6mS#nI%geI^-@4kwT84N&k+3)Q| z0TrTI+`Z)~`oSPWF|LwWlm3xZ6R{WnSlBSEFgTlh(7ylX@XmAh)^Gpy?+9sF;nxB^ zAloa3LSozVk9CF+7goAmdv<@n&fhjDyU55E4^xC_6DxMKZ^1iJjm!Y@7_Q6*Z2H?wk!iam!1`K UbWl&I None: + """ + Tests creation of the emulation configuration + + :return: None + """ + config = default_config(name="csle-level14-050", network_id=14, level=14, version="0.5.0", + time_step_len_seconds=15) + assert config.vuln_config is not None + assert config.containers_config is not None + assert config.flags_config is not None + assert config.resources_config is not None + assert config.topology_config is not None + assert config.traffic_config is not None + assert config.users_config is not None + assert config.vuln_config is not None + assert config.kafka_config is not None + assert config.services_config is not None + assert config.static_attacker_sequences is not None + assert config.ovs_config is not None + assert config.host_manager_config is not None + assert config.snort_ids_manager_config is not None + assert config.ossec_ids_manager_config is not None + assert config.docker_stats_manager_config is not None + assert config.elk_config is not None + assert config.beats_config is not None diff --git a/emulation-system/envs/050/level_8/README.MD b/emulation-system/envs/050/level_8/README.MD index 2526595f3..a6281e13b 100644 --- a/emulation-system/envs/050/level_8/README.MD +++ b/emulation-system/envs/050/level_8/README.MD @@ -48,4 +48,4 @@ Kim Hammar Creative Commons -(C) 2021, Kim Hammar \ No newline at end of file +(C) 2020-2024, Kim Hammar \ No newline at end of file diff --git a/emulation-system/envs/Makefile b/emulation-system/envs/Makefile index 0968f8c7a..56be4b15f 100644 --- a/emulation-system/envs/Makefile +++ b/emulation-system/envs/Makefile @@ -38,6 +38,9 @@ install_level_12: install_level_13: cd 050/level_13/ && $(MAKE) install +install_level_14: + cd 050/level_14/ && $(MAKE) install + # Installs all emulations install: cd 050/level_1/ && $(MAKE) install @@ -53,6 +56,7 @@ install: cd 050/level_11/ && $(MAKE) install cd 050/level_12/ && $(MAKE) install cd 050/level_13/ && $(MAKE) install + cd 050/level_14/ && $(MAKE) install # Targets for uninstalling each individual env uninstall_level_1: @@ -94,6 +98,9 @@ uninstall_level_12: uninstall_level_13: cd 050/level_13/ && $(MAKE) uninstall +uninstall_level_14: + cd 050/level_14/ && $(MAKE) uninstall + # Uninstalls all emulations uninstall: cd 050/level_1/ && $(MAKE) uninstall @@ -109,6 +116,7 @@ uninstall: cd 050/level_11/ && $(MAKE) uninstall cd 050/level_12/ && $(MAKE) uninstall cd 050/level_13/ && $(MAKE) uninstall + cd 050/level_14/ && $(MAKE) uninstall # Targets for cleaning the config each individual env clean_config_level_1: @@ -150,6 +158,9 @@ clean_config_level_12: clean_config_level_13: cd 050/level_13/ && $(MAKE) clean_config +clean_config_level_14: + cd 050/level_14/ && $(MAKE) clean_config + # Cleans the materialized configuration of each emulation clean_config: cd 050/level_1/ && $(MAKE) clean_config @@ -165,3 +176,4 @@ clean_config: cd 050/level_11/ && $(MAKE) clean_config cd 050/level_12/ && $(MAKE) clean_config cd 050/level_13/ && $(MAKE) clean_config + cd 050/level_14/ && $(MAKE) clean_config diff --git a/unit_tests.sh b/unit_tests.sh index 89ee90c0d..2bc6e62ed 100755 --- a/unit_tests.sh +++ b/unit_tests.sh @@ -42,6 +42,7 @@ cd emulation-system/envs/050/level_10; pytest; cd ../../../../ cd emulation-system/envs/050/level_11; pytest; cd ../../../../ cd emulation-system/envs/050/level_12; pytest; cd ../../../../ cd emulation-system/envs/050/level_13; pytest; cd ../../../../ +cd emulation-system/envs/050/level_14; pytest; cd ../../../../ echo "Running Python unit tests for CSLE simulation environments" cd simulation-system/envs/apt_game; pytest; cd ../../../ cd simulation-system/envs/apt_mdp_attacker; pytest; cd ../../../