From dcbd0819a616feadab7f070b03cf63b72d2694b4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 30 Mar 2015 11:26:32 -0500 Subject: [PATCH] Updates related to SSH analysis. - Some scripts used wrong SSH module/namespace scoping on events. - Fix outdated notice documentation related to SSH password guessing. - Add a unit test for SSH pasword guessing notice. --- CHANGES | 8 ++++++ NEWS | 4 ++- VERSION | 2 +- doc/frameworks/notice.rst | 21 +++++++------- doc/frameworks/notice_ssh_guesser.bro | 10 +++++++ scripts/base/protocols/ssh/main.bro | 4 +-- .../protocols/ssh/detect-bruteforcing.bro | 4 +-- scripts/policy/protocols/ssh/geo-data.bro | 4 +-- .../protocols/ssh/interesting-hostnames.bro | 2 +- .../output | 14 ++++++++++ .../output | 2 +- .../btest-doc.sphinx.notice_ssh_guesser.bro#1 | 26 ++++++++++++++++++ .../notice.log | 10 +++++++ testing/btest/Traces/ssh/sshguess.pcap | Bin 0 -> 90921 bytes ...oc_frameworks_notice_ssh_guesser_bro.btest | 14 ++++++++++ ...tocols_ssh_interesting-hostnames_bro.btest | 2 +- .../doc/sphinx/notice_ssh_guesser.bro.btest | 2 ++ .../protocols/ssh/detect-bruteforcing.bro | 5 ++++ 18 files changed, 112 insertions(+), 22 deletions(-) create mode 100644 doc/frameworks/notice_ssh_guesser.bro create mode 100644 testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output create mode 100644 testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log create mode 100644 testing/btest/Traces/ssh/sshguess.pcap create mode 100644 testing/btest/doc/sphinx/include-doc_frameworks_notice_ssh_guesser_bro.btest create mode 100644 testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest create mode 100644 testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro diff --git a/CHANGES b/CHANGES index 160ec42f8b..c84410303b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +2.3-636 | 2015-03-30 11:26:32 -0500 + + * Updates related to SSH analysis. (Jon Siwek) + + - Some scripts used wrong SSH module/namespace scoping on events. + - Fix outdated notice documentation related to SSH password guessing. + - Add a unit test for SSH pasword guessing notice. + 2.3-635 | 2015-03-30 11:02:45 -0500 * Fix outdated documentation unit tests. (Jon Siwek) diff --git a/NEWS b/NEWS index 6767537170..a0248d4966 100644 --- a/NEWS +++ b/NEWS @@ -30,7 +30,7 @@ New Functionality - Bro now features a completely rewritten, enhanced SSH analyzer. A lot more information about SSH sessions is logged. The analyzer is able to - determine if logins failed or succeeded in most circumstances. + determine if logins failed or succeeded in most circumstances. - Bro's file analysis now supports reassembly of files that are not transferred/seen sequentially. @@ -123,6 +123,8 @@ Changed Functionality explicitly set. Before, the default path function would always be set for all filters which didn't specify their own ``path_func``. +- TODO: what SSH events got changed or removed? + Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index 49259bdc23..b7ffdd164c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-635 +2.3-636 diff --git a/doc/frameworks/notice.rst b/doc/frameworks/notice.rst index d8197c13af..eacf9c917f 100644 --- a/doc/frameworks/notice.rst +++ b/doc/frameworks/notice.rst @@ -88,15 +88,15 @@ directly make modifications to the :bro:see:`Notice::Info` record given as the argument to the hook. Here's a simple example which tells Bro to send an email for all notices of -type :bro:see:`SSH::Password_Guessing` if the server is 10.0.0.1: +type :bro:see:`SSH::Password_Guessing` if the guesser attempted to log in to +the server at 192.168.56.103: -.. code:: bro +.. btest-include:: ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro - hook Notice::policy(n: Notice::Info) - { - if ( n$note == SSH::Password_Guessing && n$id$resp_h == 10.0.0.1 ) - add n$actions[Notice::ACTION_EMAIL]; - } +.. btest:: notice_ssh_guesser.bro + + @TEST-EXEC: btest-rst-cmd bro -C -r ${TRACES}/ssh/sshguess.pcap ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro + @TEST-EXEC: btest-rst-cmd cat notice.log .. note:: @@ -111,10 +111,9 @@ a hook body to run before default hook bodies might look like this: .. code:: bro hook Notice::policy(n: Notice::Info) &priority=5 - { - if ( n$note == SSH::Password_Guessing && n$id$resp_h == 10.0.0.1 ) - add n$actions[Notice::ACTION_EMAIL]; - } + { + # Insert your code here. + } Hooks can also abort later hook bodies with the ``break`` keyword. This is primarily useful if one wants to completely preempt processing by diff --git a/doc/frameworks/notice_ssh_guesser.bro b/doc/frameworks/notice_ssh_guesser.bro new file mode 100644 index 0000000000..34ffe2e95e --- /dev/null +++ b/doc/frameworks/notice_ssh_guesser.bro @@ -0,0 +1,10 @@ + +@load protocols/ssh/detect-bruteforcing + +redef SSH::password_guesses_limit=10; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub ) + add n$actions[Notice::ACTION_EMAIL]; + } diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 42c323601c..a64a4a0e21 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -57,8 +57,8 @@ export { global log_ssh: event(rec: Info); ## Event that can be handled when the analyzer sees an SSH server host - ## key. This abstracts :bro:id:`SSH::ssh1_server_host_key` and - ## :bro:id:`SSH::ssh2_server_host_key`. + ## key. This abstracts :bro:id:`ssh1_server_host_key` and + ## :bro:id:`ssh2_server_host_key`. global ssh_server_host_key: event(c: connection, hash: string); } diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.bro index f0c76ec904..55687e2afd 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -69,7 +69,7 @@ event bro_init() }]); } -event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) +event ssh_auth_successful(c: connection, auth_method_none: bool) { local id = c$id; @@ -78,7 +78,7 @@ event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) $where=SSH::SUCCESSFUL_LOGIN]); } -event SSH::ssh_auth_failed(c: connection) +event ssh_auth_failed(c: connection) { local id = c$id; diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.bro index 00b52058a1..feae86c8f6 100644 --- a/scripts/policy/protocols/ssh/geo-data.bro +++ b/scripts/policy/protocols/ssh/geo-data.bro @@ -30,7 +30,7 @@ function get_location(c: connection): geo_location return lookup_location(lookup_ip); } -event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3 +event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3 { # Add the location data to the SSH record. c$ssh$remote_location = get_location(c); @@ -45,7 +45,7 @@ event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority= } } -event SSH::ssh_auth_failed(c: connection) &priority=3 +event ssh_auth_failed(c: connection) &priority=3 { # Add the location data to the SSH record. c$ssh$remote_location = get_location(c); diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.bro index e43349c030..af6f441646 100644 --- a/scripts/policy/protocols/ssh/interesting-hostnames.bro +++ b/scripts/policy/protocols/ssh/interesting-hostnames.bro @@ -27,7 +27,7 @@ export { /^ftp[0-9]*\./ &redef; } -event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) +event ssh_auth_successful(c: connection, auth_method_none: bool) { for ( host in set(c$id$orig_h, c$id$resp_h) ) { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output new file mode 100644 index 0000000000..11b77dd1ba --- /dev/null +++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output @@ -0,0 +1,14 @@ +# @TEST-EXEC: cat %INPUT >output && btest-diff output + +notice_ssh_guesser.bro + + +@load protocols/ssh/detect-bruteforcing + +redef SSH::password_guesses_limit=10; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub ) + add n$actions[Notice::ACTION_EMAIL]; + } diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output index af9ea0dc83..7905ffd953 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output @@ -31,7 +31,7 @@ export { /^ftp[0-9]*\./ &redef; } -event SSH::heuristic_successful_login(c: connection) +event ssh_auth_successful(c: connection, auth_method_none: bool) { for ( host in set(c$id$orig_h, c$id$resp_h) ) { diff --git a/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 b/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 new file mode 100644 index 0000000000..a8d9ce96d1 --- /dev/null +++ b/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 @@ -0,0 +1,26 @@ +.. rst-class:: btest-cmd + + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -C -r ssh/sshguess.pcap notice_ssh_guesser.bro + +.. rst-class:: btest-cmd + + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # cat notice.log + #separator \x09 + #set_separator , + #empty_field (empty) + #unset_field - + #path notice + #open 2015-03-30-16-20-23 + #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude + #types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double + 1427726711.398575 - - - - - - - - - SSH::Password_Guessing 192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections). Sampled servers: 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103 192.168.56.1 - - - bro Notice::ACTION_EMAIL,Notice::ACTION_LOG 3600.000000 F - - - - - + #close 2015-03-30-16-20-23 + diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log b/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log new file mode 100644 index 0000000000..ee206db117 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path notice +#open 2015-03-30-15-43-30 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude +#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double +1427726711.398575 - - - - - - - - - SSH::Password_Guessing 192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections). Sampled servers: 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103 192.168.56.1 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - - +#close 2015-03-30-15-43-30 diff --git a/testing/btest/Traces/ssh/sshguess.pcap b/testing/btest/Traces/ssh/sshguess.pcap new file mode 100644 index 0000000000000000000000000000000000000000..7408acc94835c683af86ec68ea1b348020182d65 GIT binary patch literal 90921 zcmeFa2|ShE`#!pjMTQKS%b0nd6`~Bu98rdlA@dv}LL@Rr<_rmyp(v4|fs~M;h(rjf zWK1%jwYJx=ZSC**p7VbG|KItaeBP(m-p_We`@Yuw+-p7Sy7zkC)f8u9BXAKLKez}i z@WRZD_QbOzI0y~!J3MwGIGA*C2oW5}-xU!Exjs2LgdDzg_0v2_EO4CdEJRSL69%P# z4T zpcxM03@{oVXo$MJ&PYU`Z4qez;>tRr8YCFqa0zE2CI!ngHfD}|BC9^^IkVvd8daji zRyHj+dBY%&bm6CbLO-3GPgE!JZs74 zW^E=cCeHgGKP0s6M}$Nnz#q;bPXP-qxw%>Mxw@J0nOnNL^LYpg$vJ@t0dMk~J2~)f zIVrf^N#utt+}!?*u<0Z^0yqiGXfU&M6B3r>Gk168g}+J(ul))LSpC)2+{)>kE9Ap$ z^;htDgM}EMr8_Fo z$P+Ni(9WELeg6n8So8YBj&T<11LYxLslys#5@iHd2Ah@aYlJvpocUATgGPvMdZhp?y!%|pGOi1dVflLlq3`Z6x*R#Bq z<`&k-xA`1x+}xdETHo@Ph@|M&x5R|EAI<)6jhO!ohrlv{e}=WSkqb5hMnE{)Zde09 zV`+gjAN+|u91Sp!Ppco;X2{uYBmx6G_)l1n&)LcTypV{X*ygVN-_TzB|N3-|Y1G)v z#_F~GUuRbc4~YCf*0DX?W(DB!A5VaDn|@#>I0-VrVelS2wq^o^D6cEb1Pn>2nSgRp zoiOaH|8A_^o96z=OaKv=HX)*APtk`X5b@fUo0hPz;Rwn_|J|gs4sz?+6Wr3ts6)hM zfM@{hg9jR-S|#$vDx6|VK3+wn*^M~RkBSIDDDhdq4IvT@fnWmvhd;2TB4^MNxDSQL zRyMHIc-^4w^l;9<>E;l!aTUv-25a}!?0R0*0C^GEk43qY5x$4$VN!1BF8%$Lw$i-! zilJ!BlA}!V72m5$%WR34^MBYWeQG+PLlqFbBw@xv&CnU^XG%_**TRU^B72gP@mn%o zb%HrVV5EG2iRe<(Y>0e%{{bNhi{#rf`-51CXQot*5U;NK`VNYFTss`@hT}0sb4xb( z;7;wwk6uXc`QRnh(9daHddMl;i2h-E|BH&4DAJ%)@5fE^SBywArWXqsOw?<6{#iq7G&?SF_SrGpP>G;WMRi zRvl%!E9>*sp1m;4Ke;D@&R`cJGTwP!O(~(Ds*Ef#whos|Jg7U76!41$?xj|LAk*Jn zHsTJgPet{aAk&lIQ2X>MRycx+5=MzV@ha1R%U%Oz=I#W$8019=765(uXN8vLFAw%*6bXq}T9r^>B&YvdQAi z>!tWBLAn(d$}VitReYs|gX0aaj~t4-XhTcr+SR|J>@a4Lqn#xn6A^RIyyN9jgxkc& zi?LWDz3*E5-42`_A0pG@$W&&`A9-y$+tbyz%$yvnG%?331?$#vpQ+1TYUdMcPgSFeujC>%sAm^Hv->(zl1#On?jrd3A0I;bes z3B$?2)xj|%u*xuCR}=IbU>QexCo_1D8o=-PXFLYK;$Xp*Ai(>?a=h3pjT-HPE>@)V zekpx9)bj3k_uuoDY>70PzR)`$A}+sQLs;tVy;L8GF00Dk&j(9(V2{Xi$KdQ7R|oUG9Y~Sy*~stjo-fbAAdLj){)6 z=Ud>;C>RqEJ*%&HLtLol(l~a^Jt>y#hYS2C2@M=hGE-WOS|vEiCA8wT+TD;}@={tx z9RJGYqZ4Eocg?82>LcC9zQDAG=WVxY4Sr>kmEBY>Ou5hY3a|LkIY0u!8kaa>pmNrh zx!;vP5H zKdVD-am;}zBUwMXplPP(paLbK+$@LO-G?*+SM-kN-CdNHNNk^S&2XM(;7(+xt<3#; z$m>yF_OKXUe%JB%smYVq2yL6XNEVbD&oqrFI5Dvid>*dBS#W5@=j@ES+6fj&uwd@k z2oEeoaL7!qwZF%w-}8~hn=ig2}XsJ6uwjg z*LMhuOKI%%x;kBBo076GOLzGixmYsZSaT}(sTZ;Z^#fM*Jeo%kTzz&7rOH&npRvkH z21*_Z{wTWO|5ixhTz7lU&sbZdBgGB7dT^>*rJB4y`ry*AI~`pK4I1VhbulB_rCM$I zJ^8eAs%rNGH^-F2op{e)DHR?IBa=vcf1UECp?7+z>v#@Pq`-Knk5HGIM|otf*YQT&bgcal5rTEAwI7%RMPe{z)fZpk6?%yoH3x>1g(GM!Kvo?(`v_il$R*Qk zc$GrLxGa!WK@;%UnpF`BSCDIiPp@u^2(qfN$vR>lLo!*aH3` zm`eClZh5fu&SV!|R@A#`?igFhwzzNlcQkD%`5W0A4-2MF^bcb9hiD$!Z}qHsft^$0 zfoU1EBu#w7H#C+-LlMxDr-WNr26xG{sUX&tt-hkN3=y3qaS>s_BzT}9Ua&?Y_C4Pg z5%iniK2$^iB6w}`lDYYjWZak&!`~?eZ7Wvfgmt|8^a3vQDk&p8o)+u8e}16rSLNOw z{e{+FW7$||ZN*X@9@CWXY44s&{x0Aj>Hm@nTIQ{ck##R5>xNrcPX#fW2}iz7tQ)Pd zPA8KPK50xzk!?b6Y5YrjIghkcRU4Px=+zp4T~0`yaM^RZhRsZz z=%Jxz%YIVb8gi_s=gapR)<<G~{=aO;(LTaGzp#_|!m+N30l z(xsZpgB-tH^REu)5taE@X(i+CbtQ6_%TkNy(2K1b+rw}8*7-ny^qJ&$bYf3-+%cJU zuzY_fk?i)p%1=>;AM!P33#3%KeV=G2Vz@%n_l)-i+ni0Hh92=b#A_B80tavH^xBH6 z?P<8Jxgt#Xu@~=N`Eew=LSc}CO5Z#|~ofhaXT0}#{L@em(?N$}Vj zrHICJtq`#-b6Z3ZrLnbZh$p^7L;&Ki5$e=&4XbL-3EQFj#mrSYo+@?$k*vO`LrO%8 zOEuwRRgpV;iR&euZVS>hyS*Omj8qsSu0LexL*RMq8qW=ukssc8`|c5b$#?m3wt#|Q z>?jyqNl1ee>D}`wDt5HGVH^9 zwP<=MqULkD&Hbd3{Ak`G=9?-?687Bw;Ue~w1mn<>*jkcx-_UwdbdnERqTjQn7lBGg z2UI%JWxbBIUNn+JAPy~90K^LOT^Qn`CKw_H{n!=}#6_6M8luTDhzR4tdMAlnsQ0I@ ztv-88N z)aSqJ(ha`T`*Qp8f!yVwg)@K=xwP zmRQthRx?k-<F6p{& z=yAa+2rb#)joOP*Dj+T{z_?J>TkFNM%U~tz$60`A_XSg22-iWxJq6n$g18tyu!d+y z2N7Xh%=r~ClHsaSEcj-**ZN2xeu~#l)+QN>93^DLzI^S|C56k*OZ+3V7n+=mKAef`cq-=Wv>bM&cdkD; zA^GCNoYo&K(=6{Me1i(PxY=tpX-9~KePs`1omTSg$xNQ?4Yl+(X#7Sj{!KitMKtv` z^fVQCiXkriki8hOr57)NxabFQ5wH;#M;>wr*wNVl#1ql@nDWI%B%&H=-Bx9I~WF zlx1s4je9OU2TN)odIUg+mp?qv7}&0)rijEiN@{{g0wniB#Lak_3>L{L&w+=q&YUYP<)YG5j|6NCOc6EIalTL&UQg zTYP9lvVtNzB7Fd;P-v$hquIotatopvHMgu5*EOBJ7M#PBKTAyQ`}LhD zKDb%$%r6WwKU`ac2imN%mghH| z12SAf&HUF=k+VurTxTTbN^j&9rRFg)4X|`xqk_Arml}V%S{g=$&KR$ zH{_d2YF1~t5RtJJ(@dP13Lryxd5_B6zh{QWKG*euA3&O`2El(M8%%ZQVHfJ)CSSHw5lgda8);HgO|p$gO^O zAdGhxeNdLdbp|7|x$@2jn#LF2b}9$I>6KWFu(|#k-=yC+_VkFYbbJAh9*-yow>;01 z+sSk6GW$}5y~)}dC(V+hX6^kd#Kbbc#4ypwx6rtX)swr6c5yY@zwHX|$8Ou-t-xCB z?!kVz;_SX87d)OuDGS+&?u@jqaS?{Ri=XVO%K8|zZuILF(OB%`a`Ez%3z%aokeT-;Mp~-jDb+yQs-=ilo&&zAo&xayjnAEmn&arJ!=@y+Mu7)jiZ& zd~R$)qu;9%J1^H2-y}E>`fhdU{blA4}}kYQ^))T<*Sl_WP_7qz5Di5XlSfaSj> zHUF`s23PPa=_}uF(OFEl9ZJTZB5DnzoqB#f_OI+=DGIWZ!`^@6T>R0+bNXV$yM_H{ zRO7#mU@_ayM0`I{Pen~XZT%F-`jPglf+HH@<{s?TwYTS6uj&YTI|$Dt95}6u=k=kk z*W-JjJw6j#uS*#JXrhhB{a1?$5qtBzoeTq~bsg0%?u{=zW@W&>OFYEy2>lptc=^Ib ze%AN&>|=z!F;@GplMU+z*z7k^h-YpxdQ$au_nl-{`UIn}o}`Q{W-43uXvcHd&Vk11 zVo68pDzzeI1o|wDk2KK4dMbAvx*=6N%@&{A?8Pz1`oUyzAv}suuZ#Gcmu^+U`76|^*^g2aF!x9gIzRM$+qJ~N3MQHh($qJ zf2#KL;K^1hqY=aJ{4B=aL+UiOyho?hJ@Y&Bv+Tq=v2C!ATq)tge@<-DKqn+axX<92 z<{R}FD|`ur!A0M5o_?)y_=db3SN}mNPk}jb=Mtu@O7j$6p@OQYIWS(A#Q5eY$f`pY zyVi4H8OVXm5b+fWE{2ktZgYs}kgzQx$f~DG))6ZqA}|}xX36Xg`E{EaNGWW=Zu0^@ zSS!3a3bG0)1KM0tqr?lcN+q;;;?{<=j5c4e_dp7FZ5v;&LoOi4TOe5gHh279x49qK z%nNL0;#aoeJ+*M-Oy3P|Pi>Rv>|n4yjFRhTcJ|r@~s!I zt5|-NJiY}j;m^V7+asiJI;a^F=^Gg3(0uEMh+MfFzM-*Y-&2M}q}vt|rMLsh7VrVpQtIPJZCSib|EyuMAc^YW?mQxo{+Sqo|KN0poW?qzL#T;KA+_$_5O z#R#+nCvU?yG?qng%s@--?Aa0-U~Zhv2IUTOSyYxGV&ZK~B{c=v5HV%nwuqqLctueW zfp3E2SO?YHod$C8I#WGDgNv0)WA;W`iWK+Zxt|MheaHQLXX>wl;OF1$X9~a78peL> zAzqPldikNs_Z%gH{Cg(N?Ro!eT+p(?GK{R3BUz_KWj&h>#ONSuNsSU8h*2c#hgKLv z^-Q!D8M4h@-{ZA-tvsK)tGhcB=gEikqPy7A4>gMtmUP_h#npd4Czy|E>P&3MX-0DN z6cg)C*P$g{8->HGu{{V_H-fC60oV0v(VY7*h;6<##6OqR81+EJZx6SyzKRG~$G1jB z1g}h8uS@yKah34+=Q&meax>w7Z8&eD_)X%NhGPd;4&llEGFes}@zLz;T zDj=*Vx^zBTGYChMv!7j)TdD2=aD$dB`=91 z)oe%ZVMA#7^ISK7+1FB*iyuar?-9PiV_!~|ea7nD%yL?_xOLI<@x-r|ZVqX;%pJOQ zGNS4a>gek|Tc7+$^RekOUuKbv&UJe&*PVY$^LupjD)JZyJ(<<5Lt_F7MRgRqCkHo4(3GD>N-M5z%;Zh{eNNsSUeh*A(A z2qtau@DjU@Lp!iSX&PuxB1EShm6Bb~w%v)u9(OFaI-_Nr{>@oT5eo~ zVO6HklF!dDMX6ywwB!dDYD^^#e>2X)Hyvtk`pV@z;p z=eYJTgfnC3-g4!kvWj=#J@~FDYMwD!?(ngD@gZsC?H5^>6vUbcum-yqbQu}h@r^7h zEca9oKAKdBwD5wS@|JFl;b^@m+Ean-Ma?a}7zcV0sBxQ1YLuxt1iZ{00OGjHE({WR zPbCtOYFk8$uA zkaLDh8^r>vOspaTiQK#x6%k!&1`;`J<~(Qy%H!}r4~iTHXn5Axrl5e7Tm_VXnxD

rEb24QR*A0q0)`tH@sc?%*ZsBGMfxGIc|MwWTV8~d8F zq*0qq&QgG?n7_i-90KHv3do(9#Nn}speBrrbv zK}0q#VhjakIgAi7U1VEC@O|x#eJoZHR}0EI#W^PQ!io2fuUJ}KDx{DEqvhX%vcCmo zU}KO!ZaegMAB+EI+aLW?Dfh?iD*ku^T$7uAU?!LWnP4rqpwGl-ieM(tf#1;EG;f}M zz*#hD4sL^I>CUca&x>Fto&*uGxrs4Iy&(zh&7Q1XRMW^=mxZNz_ z`57_5cumPyH{0|i>-j5Zai4Nr<}tO*5FDMB+}CUvg-da6J3u7g_8Me3U4t0It`j-Tkm2+s)T?94$D{e@M^uSiH3eK9faSju`G1ti z?QS+0p~`}sIkE8}fy^Sea)quQUyvG9+Zn@)(9NM8!0y`ythZ)joYRdwa8 z1XfRwo>}CR6Q^5-=?I&6`|m^?()w`5nf9ic_3}lV!lMO}FCws4Y9@Yv{cx#{S|sS} zRr7Pj*-G(}SF^HfQ+Cd)H|5wpxMapX=JLsBrnx}#(d==Oq5Z==%zHxku_8yg`&!96 zqMHqOO4_W{ zUYqal8*%Dv9mnwWel82CYlx}dKac&^Da*l8)nd}6?a^uPN6h5helHIt;c*AQuS z9(*|x3NFB{61ltFZh`KY%3BlFVO5Df%l2$biv1LUBsI_GoORESU)K92>mz%|`LnLJ z_<<&RQaqNo`pVe*;&8+kE!^oGm`jOxG|RNwbdK3{jAR}zdam&<^te7<87>P&!{fcP zDRyj6AIx+%iO*Y<$nI*zk4k4EMkqZsimeObVPP3q3~1qZtd_aT%qcJ+#)C_CGH!n; zxlBfCxmQ`}dA}-{c z)1;aL5qF&dSrs$|546!-p;QE3^RX|tMFd%u5a9f?3U(DDZfCQ>?1s(T+>5Zl7P3ZA zv&u{Z$SOeA-z+1m=7Owp7253an|NIkK(pEYYB)r!QrcqkD3S$W^SOp~o52FAYA&#u z3ET1eobJ;@gNipDdi+R+RL&GV#8JD$78!^8u{TxqDEINo^LYn3O*0H%{bIu&cX#r; z;2{Jp2?ds{^~W~8u_Ar@g6`W4kde`RLoSXR&TaUHhG?I|hD0pf77;}vN3sR{Lomf0 z`>uXs@Bu%}lg#i=LC#+rOe%l_ki z=o{_)hHq#ri&pDHOTtP}S)KuR$-i(wtSwW5%le273i&S_ zkLDSBREd0p^;tnPW5VB_4*hRd$fw8k4hyF)R5V(#9(|%obVpyehWW#y z{3%In%CPYHm1{4w}aUY;bpa#Y$q6CRT_){jv5oqqj<5rq!G&w`>!0 zqKSI$hrL{C?VoP?j@b`CZK1v2m@OVcp8m4CNi1N0j6`f(9v?y3H&(^z_Rs1BIG8V_{_edEe!RdT7eKDv?uH>z#62-Z>tjm=A@?)|<^w2{Oc_3O^t~X!GI_#1@04`neRpn?)tkWU?6lVtg<8JU z3gTwbdg#(F+525Xv}C1J`hYd&wiG(h@<4Et(I}&vrE}wh*$I~+4&vrOT&_DZ@tKs=WmaArdBwd z54cjv{(J%PKrF^a7g{n7ELqEYXjigm@gTJ1Iy-7i{Tc*O>IS2fY+bkv18ZrjdCmZl z$C40(M9!xG5$OfCMFdfLcRe>m+=ht2H~&zxD6=Utk@-7rBfj#S#P~E?XMOtZW+Jur z9UJ<@;O6!f;=9&nBr7*K)om-kN4dnypHtC4 z!K9(om=l*ARevd_siD5x*6)(v`ka*lAFJG2Zhn!|zY#m`%M(aocI7N~KXC0aFS z4uOc&iA21!Eh36Ut`Q9pVO&VQddZ`%kbNuCPk5jF&h{Xdj|M+_u(P!E zMiUf*US`}f!S2G#Kc&p@)?exDA-!<{wI9Y$p(XN3#u~ zj&vCtP6v^@VqMn+4<(3p1BmDScdWC89%)H?AY#!*K|WHY`v(z71Mdtc}k4qDthN`#A&>)1ZwVksFBUHfHcb#Jt`uUi$*C^Pxn(a%0`b z3>;fxxOn4$;MU3I02Y z{C41px8Uz?5aw%gZV&t}nC=$7rG$a_^a8!vLwrHuj;RAXY%1OW$cfQ*~)gbWW zGL*m5`TYfm=Up|m}i2+q2 zM~=^v5OGqM0E0v>Wdad*K^bfF9AXs_MIzUd0V6)(4eq(}k%FIYB+0sPh>selt(KS= zbjM$b{I5j*S0aaxHi2>QuWu&vMUwIxhjabQ+!)Qusq_)frGU-dTt6U*lgEU_@(oc4YAFLk{N>ho({~`dfM_e zn;pQNzgW!nz@fjRm7DDNRb5p}*|1vTaG`x{#R7|?KAy6JW#rO+yw$lX&c>#*)~@w8 zvS>vqajuxU6g!0RQ-$u6=BANnwwo4z6dpEUe^=fd zqIR_4E|tPW-2BqRT@Jdwea^S#PI5`~GzRZ2eKb9haNl(NZBEA2tGfL*p7uBq&2Gk1 z=MKG3xjioXWrrnBFxJv%gX{eSIN%%SVw$A&6yDNTOqQiQ?U@*w#8_=2ZLiF~-Ftqq z4)h%Y0sE}tA^`@8T*?eGOtg8oIWTK*)H{$G1ov3j^k4?9Ltu;tEdQ0r|D!~HfWCGt zhHvET{+#?e?Vk^9smwcHsuXcWNg6f{OFmq>`ZVr?!lM~iriR`oRi8QJ^U`Wg zjLp!IO&OH!IUYLfK;WfDS$pdDxIuxQ(`S8Wz47`pVo5r;555!p%r~51O6j*dVTZ>& zLn`Mk-rs&q`jgTew82;GuV&2N@(9MO@Ix%oJG``?yGTHK!GTbIfSkFh9ADN%oZA>& zhCoY0`4;)a1U}x66Po)^Y7qW(3wmqvOw~yv-L~#k=@9p<(_W9;e&-nXzI~|g${|;q z?_wmQYC8P*bA&&|(#furVHS>i?gw2zM_%i_ziVpx<$j6$xO2hkWlu-WE59J*_s0uz zEG8Nby1x6ixKHKWx5lVR1}~L?c-ygVg&Vy5l#?wTy$1*6k&6Y#oJp&qO`o!Ht}exSdiDH$Iy4~#F4J@ z=67MT-U~Rd8C#H-I`gw^fv04 z>yiVqiY}^*tOcHuo4NvRo)aL%Ad$}?OL=teZ?Rby$pWyMNNdgJG%$0}QUx|Mt>6@B zzOB@bs=XYYXtJN;^u%*fNgC;B zg66~T2WOvN|3<=cpvJHA=I`{azuYVg|%=48?%5>Rj2UX|eGC9eG zpzr;|SHwNszekCBCadUosikVtzqJWYo-%Phb>U;(+4!bcGoN`K2$0l8_}a@O))ahx$U#fXro;yZN~nZff6bpY<|$ouG_kf&V7uCeITpm1jLs zikd?wJ|nJ*%viJ9Ke$1rrWxcpChP1*-q3FRSgxliNiFkb zoGywsPxoCsbVd#Pd}FDZ{gI=wewPaMb=Ap^EIZ}NN*rpKDid|33$F3e(e_L_{kkOZ zCnJ~6F$yA*MVWnX=;RL@bQ?)61u=|NPr;t71U=~uf(stooEns@2#bN4j{?|?7$$A ze~p8_o!*cckt5qbh#*S+!HUvqw#m?kh`=|0B~KigrsO;Fc{uy0sG9NKnse9A9w-fo zZVC9L?aO0)lVjq#pQrCwjr+0Rz2&#h?2wCDY|SubyjV<>G9epF-#_%olcM?bmHRa< z;TBPI4dQy4eaxc@UGpMx!32-5H>f2NTBJFQjr#1mlg7?LDa}1+&L{b<<;1PzQ}H+3 z6VBSDc5tL0PGEego_`;4WfWhvmq@=0dU}^}C#JQzv&deA4@%jzlIE%bdJ(8`n zRt|v-eNTWmPKjxwbt!8kqTRNLC=&Vc8Hfnuf{~~@k$ZZfW~2F4e?In8lr9S1|r&3Br0Wt zWGib6TVN&g@(`*-u2aS#aHkR4*zjNj5#7el9}v-b?-m<}fY%{VB9Ee2x3L+4&?!3) z5G9$hF-YW&lMwL(@j7BLf=a!^`y%K$q(uG(Xp`8ucn^SZjkkJL6oS&JRf!y;Utq!h z?N81!%-!2*y1<&4Ij|MFe?JKnB%*Js(9c> zCzQy=%htlM@Y)*rY=^NiEc%C1K*Y*JTYTt5vVyYFy6#;NBmfmI`YU}SLrndkWyn8R zDQ76ZOBclD-$nnwi~fHX{r|@<`or9k2{OT-H(GbLhnb-5*Pn9B&Ghx$5(jh3YOxFn z&bxQ_3Sv&hNiOYq+FTP2GQrS#XoCUSOC7-D$FM=CXV);iH);={5r9# zjkBeLg^;-5AOBd0PwEfI4i;jV&i(6U8UI2N#ouC?f4x^==FbP2zYU~jc%aQHYkj3) z=5LTk&HVl{$XO*Qmf;gd&HVpDKmV)6GSI^k;30;&KPB|=2^`xt&HekM)jRybCSaTQ zlR(aL;~-+*kqtyN&O`&-AYz^57S5XDs{5nCZSXAb019V!A!0E=GypvS4>UwIyxS1* z$gyn^!Scv_ASxmN*;XQlEhTAymi{P_hwgzbRl{d1Ze?Q#RU%(y1GG!IlM%L#=wVWB z=q~;JmA2Bn_llut%aWr^@fF{zO3Q4Cm-BzvDSc`>p+glAyd+`9Le0<_>t{+%n%BaJ z)gpV6lkr*)zHsrTzbeU+lc;QdjE@xm?+YqQ}4%3^H+>WGo}{{ z7);a#XpQ?;3F}4m$xS2NhtG#0m9Pk`roH{Sl&s{pVgPe&8-^Tu#^V@+655K0)wxEWq{B zGJ{D;;fsjGs4gNNEM>U|pC#uC=&hR>+U4HNSjr}JCnZy3A8qa{lzxJ(Qg=>g;x@4# z{`ZNLtCPo$WXQ_U{eGVzBtdi`aBk>)(Daj#zH?`~4fY;aFPOGh7mqU&{9H~;8da5d z_=+ouYQ;tII{!DMg%R8YY#z5_9#n^1&W+vmMu=BIZm=z+<4T;CO+4TJT1$f+hb5m( z-dF61ZI>~+NjF*Y$fDpO=sN@g_8F-IHU^12lnOFjxq0yptP>36sdog-pi1Pr1>lYt zu#6+UgBkEl4d6F+(njE5A;1*~u9=DDc(GR+HQEPVtVrwqQu=bJ<=yY@zvnI45@|Ah zp?5$;Tzn}9+Bq;Yve0+{b`lD+E0zo>OLl_Zxxw)ZZDoL zwcuRbaeJDYj?ro|DB6Dk_kL>yHt~w^T*63R-m$OUIWkAb1V^Il8JZgi!sYskT-dXs zjw^gmpX%I^n%*@1v$43#y|5(XLW{N$$;}R*#B%+Fci&(6%{gEB{KEYZn z?2PXP8s8p{&{(;veGZ^ZQKg~Fp{;h~a06uO6|JB(@0YV;!@&`dC4cigd9PZ%v)(Dy%7U|rL-pvL8n!McQWjNXt(PNS}#IdSA1#qL~&<(YlUB<3Xf$2 zyASJWXO7hOCg-L;Wq&|KJRjE>w48Htg;dqxME|KPdwIooCk_NV(S_{N;0ZUHl=*1# zQpV^~+OMJM6#?F}0qwfi7(ViydMNAR@L5#j@x9}R^^#IqzgN+{Dz96r**724J(VrZ zN7BagJ5p?Mk5r#cIYMEF(bH&8ZjpIC0h(k+09DSjZUg4W=HmZude-5_Fk$hL?etL_DV^$#M*uet@`C7R8<=rC<88%hmZ zcrp!I*fi!2{Z{V?#6y*lb<2U>SWkiJcA z)eS|gYG?`n-VNW-SQagwf|gu|+d8j`wa8`qKrlBR7KCyK`xR7{A)@R)91Ifq<7S8$ z0V4q&5yo05DkAVrknll6lJ`tcQ9#~H&&N|Z)*Ka9Z;hWxjJQ0^cyWJsWjkjyb+65r zUgwUY*vmi4C-Wb21mpW82^eVW&r}W4KcI|cBnX3+C30b8oes%*87k|;f*?kNQ6=&X z*7XA_gthm7O1=?5h3jI)DHZT>anJi4-P~Qq6k|^6;!?>+6ZyDypD!T~DUNF$c78)! zNwynW(hMwFizsx~O)o=BMuN6*6bx9mMzW5#&JmD=bju;41V0W2iTvt4h*&YOEh1q3 zWIrk*cxCFx7RYzxs(b4-YuUDQ1oznNma8+n*(h$&tEmU+-BG7mrqbcKq?L5HPa&YP zlSpBKKfiKxX&_nr$;yL_njL|SG+ke$nM#8_8Bf~qB4Q8iY_S-&NquwH=WgDSp1sa^ z-TO{yrF7qYTq9^gP<2a{NjX^hEsrUT|eRPG{%YC;Mwu5aVkH9|)RP4{>^M(4JW zoNBwuOw(!NdZ-|__fV^5<8z9x0*#s51(zBE*(4JQwMw+Co)oJECHK8!_86Nu8s-oUq78UzN3 zoDeCl$wX|62%_}9+#2G2Fr(0Y41DviPCQ?sdDM#ppGhSu#U@OW_fSUB;vv)In-ttr zk@e%M6arY0AG3Z)*Sw6m+_`hW%Z}$jexgg=!yEg{W1cj8tg}|VB0M&dpDHaJ_@S$) z>|)kH`pp)bY?TPs`IFy&IXICkvOBRPwNShq+VSPWCH|9? z(r~q3`AW2Q=g09A;&hQL(aM%XPZ#o5_j86~acoO3W~g@r0X1&3M1JBb zhrs<|AAmSWLx3qR_97ACqZBrcu*0i}C=$6oDMW;Ek^M;V+XK1V!vdP}th^mc#<%w6 zc9oh9Hq3Az^QF(Ec=&N;s!o{wNkTMF*crM!C!*OM;v>+K2|7$Ad>tmx64$$^y%+>k zx?!NwkuFoi*&uR$Qnm+y&?mhB5JMC2F~r4Nr2Kzw<5}d$QRp8;5Eq&`Ylsy<`qzgu zO@Aq6S5h7tE}C0G^j@Kk8HL(}*RRCsMmR4EG*@TXmf$&7i4*9*=+`AqJw$KOi*+x0 z#HK?k@R*O3`{`Zp&R`9nIw)mjvTR@0;&tir@a-U%XHVIeugWl0?tU`2FhJ+4)K&a~ z)i%oBl_uA-L@qF`(&kE^`lTP#zi;2a-hZ0_=W)t@U%K8pT)~rR8yg$01Om?*|Yg$}sIZ5z2^+i;^vI zv5H88WxMf=dV^CC5ynM6ql5gV56_B!DzGd+-&ZQudv!wnXO_h=%MNif-#JgW_C^c- zH~nr{M9&_F^wG{IToF5|4lOzV7}Ks3`&gkR+;AtMP5C02FRuE_ZWtH%g=@X|LIkW5 zow^7R7lQHD*+L&DofIHqSKYRVpmYKcxoQJv!gWv95M^RF5Vzr<3CY$sRJOkC2K@7b z(uqy{8&pA5Xru474McPs1tK9L?H0{Cm>+me21_S!AFX*^_Z-+**Y_H720FhPNPM8$g61 z2@f=GRjiQrEdznuB7)KhHTHExBZ!DzfdEP;U^D%j3`e6xv{V`z9{XksB}sr11=P|B zBppT&aUl~IL+M1R3=*+mTSS!72}7`{)@vhl!%<5oV2i3*n8>djfh~r!Y@td4kY5f< zCy2mJ-D*;PZ3(E#g@}ANaWM#{e8`FXp140DF3+GMt_r66)UVThypUCHs?Ryd;@S?T zoqq+>zZ>xX-GKj}Z%b}SqJITbOUJcxk~LPK*1IYYu4=m=!NelZ!Izfq4suS;+x^kj zGyi-g740w9c5X&HvDW_oFJx?(`K3VSZv&|r9%#dEElC|5OQbfQ+J>Bf^o%0M5+Io3 zfNu|M9!vhG38v6PIpE=8;2k`+8S!P2<1^fJZ|!CZPJ+srPxr!2zBWCX+7N8j_SzC6 z=7T3q&f_4E$5up~(b7W@F$zw8&=FB~7g$AHEi|+q%(Mv6og0(yf6}qYY3T}#{aa}G zx6tr!q2b!d@IP*M0hkH&!4qQFatm7a6wM}unIL-sb>7^2!Ju!_1>6SDVt1}*Pb)AJ z&x44>;7P9r;Nph|8lu{-c8GXvRhXh=z6>(0aePaZ z#2NHWg~BMoTL0GSYn!zw33v^jrVRQG9$TXXOTpp`MEtzv_Pci#5kyJ-#CnuCLPYTD zpAGo;E`I!~oooJTM-|s{1K|FG{hyWP?}`m#5#1<(N90 z=j{!r#u8J!D{T5ykN%C(o2KP6`(F(_tDZUeiYvD8ed}}m*B4H6{T{oxS4ZiF3FAcO z^}WqSRq7%6ar-m^==PmfQ)|{z>I^m+789 z7|&1F<`Mu=41Zvs^>pE4D4i&khYUxZN4+|xLYYs0%0?}nFa%#Fcnw(oTRQQdODD>0 z=ij{Rrd+Y98zDN~R_1m@^;TsSgYjGSPpTi zeYKPAjY%$JmQ?)Cdxcar_XFzV_KOSE8ftW@6Ie^Mh)>k>d$vBXnm9Sh%!vI&rpTax zGFj^qwQPEA;E+fG-hQ@t1}FS)pUrRa5Z;ep+AY-3I9c{VAp3W-e2-$~=uNrl!Z`=C z$8~H|BDWIL(!BWye%<%{H~9>tp#mAU7Poze-oyL7$3mQB>8 z&VlQ2Yw5%;7U%hLDVm$l>6>m0HCFbt5uf{Q@Q!9u=_eK!zElDWxxjOi+%}f-3n#hW zBwN1rt*%Rbq`^+{g3eg$Y{hg1?$swyBsE&R2?9=-<6B7ZRG;{5PgT?rf zrJ~%*tOIyhSHo_uFxZWg8IxMz2gr}yXBYZnIz^K`deTGkLZV``pRS7lV6)IbWnpHn#8}!X|fvh^T1lC0VxpM(? zZNs||F>e&pGwP3=got=Iw?zb5b!uuI(E}oGXEUGA#sc!zF&80PdKk74`wBIy%yfaQ z0v`s(u^|ZefVVCcZ5;^^_Aaj>;`^OjY<_@b0oYttv2JrRu(=f2%#^rz zIDm*Hm@VG@DBr=@re!Mc6_Hy>QZtWI>Ver_2VuK^!Im}xWiEVgUXtB+|OEVSWlJJ+iLHJOgg`fJ z0WGoh+wcvIWlRnpLBWA50zzzsDBX;L+L~YHbl&Ox-BB;H~R!s zMBtmC#m+N|T&GMJ3#6>IhQ{g#x@60AUQO>h6{*3md48!lNQ_H|Fo3d$IqmSpn^<{FBhK`f!Y_DxY8?Fh+_R|twf;Ce>J(@U zFDXl;J%*NWL}Fq+xeQuTxMkkdCkj|sfvhjUe2NqwU*7<+{RkpT0K`AR( zn1!5O|APovrv%}>84IMDZO{@$Tj)U+cp&-?%R0`hDh}xsScOCFnFB8NFLNZ8d?aNDt|=V->yx_%|6u zhRJqbHkf7oWGeqGirZws$&l7NuCe{}jvZ~^Nay3`-uz$feR(vNUHkSeWJrcY#xl>L z2o=c`A}JzMh{&ucGDgT$<|3IgW=iH+rjV&nB$A;L$&i`&_P%Af(f#|rwSH@T&mW$( z?&n?JXRTwO=dsW0y!N$^8P#CQkS{u++$$Lxm`Xxo zR$Cr+EvYX>Cdnu|%d3r_$V^sD*|*~E+_=E;UDSc?it5%7W9Y?YMh#E zkxJ2IVsqY`VJ%*oWLLZw_wY}_g@g#x)NEDk=~!bCI{L0lX|f5&G5I;p+Z?zcV7hO~ z&WeseE63cr@aZ7_YkEsd;&G`|!M>QYkMhV<4J%%&5!(oQ40oT8a?7sThZ`{-!T+0I zIF_eyL9bM$$oZAZLs={)sa^p%lQf}dtMm-AN_{s~sVx1K-c(Sf8xG({Rw<|t1l^^= zpV`k2avQfMPpHgcb%ozJ^DX&Y`(>sv3NAt20ldrKMZ>Wc+{lhI`FyxNpgI}b#B|pl9c}=EkMWt6g^?!BeJvZ)ndX$jFi;??9 zD)BF^pQh)yI-@mTkF`B>RBrWNV%C1AmGIl)J(gNA^#R`Z)=!7($1dLuOH0yt7(m_m$LZ4fnGt6lgy3V_-d8uP zf>rYN!Avi?uGl!n-8s_v44KS3lc|Q{_vmIC7OLghCh*wbR!*)j> z&r@>;{Ev~gbhc#IYoGmbALpxpkz1UIe>ejMeo}x7?bNyPxqkE6kFz(l{PuTYRP-HE z7k4~mKb7#R|tn?bYP7zs?X@mBbccl$P~?5LKZoT<(p;^?Ai8pp;{-j zV_A7RPk8`DdPQ`nk>s95B6@C%h+>`4?S+W2E&>u+m&q-LgS{7z-lNp#vEg}>7iPek z_A}^CWjfbgj6bCn^Rpa=ArH0B(bj)Tnw9*LAAJx;GJ65tX(am#VI=(PUz%U3i!M+X zY{P4T}S=<%>uPn$ln%R+#xxRI=;{%zHhIAu+2!-sE-VW!_erfBLy4mpeP ze1(l`lX3bh{nnr^T-Mjmdf>dN!4KX5Q7at_UB8e=B6@6#NP*$9zS_BF3K3ylynoG? zgqeMV>#Axw^)p%(dbS?lX!-0zwwb?fS#>R*`jJ_jH;`dub%F72t9WJq9i>2~mNpnk zXBN8WnHXfhNZiyf`mNQ!%&^0{r~!KnD{GT+Wd!1yDMVz+L5Fzt3e4?WDr#N)MFf_b z8nBVI8Iinr9dS!{<5|z9a>?fMXfSig(@12}H(P3^ zIpKeUmKumI4$z^U2L84%AdEmjbQDWXc2rBN6Br?8tEI*OSZby@p``{Q-*8?(X=m#* z#$gSJOr5bQ?ihgX3@tU0I;%{;cn#tqqJ#@B8cPjsC`3HHzK&R7Vg(UcYPz4GB5rl2 z080%VMg?~5|06Alx^yP+r`CC-47TvSWV3LOw}C>$4!r6%VS5|L{Rr zYv8Ds8aN`y)Aby-l5Z3NN9-}%M1C&FBMMq-BAM2xIts{7fQZhKxM(ajH%%ep+x0UD zR>)sNv;n2Ga`8 zqfG2dylY2g{9n%V|LPe8FvC=kA(}gW7xMnhz3KiOCD~l_3oOGoSZWM_<#qZfMD&ct zMPsSS>4u1Y@Oz}I3ro0$SV2Uw)T|(`SZZV!Y5L#MUkf=&Koi_~g60gEjvY(Qj-_VD zQnT6x|8tfa*a>uF)_cpA?#Ulq1Uo_Y`jNuOb#u+HsFrqB@EAN3e15Haf;USH5+ULZ zfCzTe{$Z&R8Hb2_c5Uj%D~MowM0d?BF^xn7K-*es;7IJrU?hxxS!!}V!;u2v+uR$v zSi7oZbM0=hDNQ^vvl2Uq8(0nDXgih~cpAz16!=ohx}^qLB`N5t?a{Jg0{POE2N%g{%?I3cvnOa32EfDT%cQ>c~fC+V~BSE{hiQ0S=MFFo;-HrIf zNvXI}BbUDWT%~>`KbX#3Y-sxU-sK^l_@{sw65^;&cYGXQ3pjAZL_Q{(JNfmdf4%)R z5$UhtYT9<=+}i9!oF!*0&#_5;yd&jf6+x<&JkooHD{s<@W`Cf8>V=5A%{ zDV`OE0lUfI>HsY7SZe-fOHE@p&)^^55#2|* zV{-}N4XT=ZRV5$OVYO*J%C)?Y0R|)kK57a# z2s)WxJT2mI`;{T1My%Hx{4|i-$x@BZ&(5J>;FPNN8x;qK=$gvOFGKN{_cOcbcpk`R zsZx9F#rk=M&4A0C)YY``jr9DUtNZ6(JtCUz>wWn(ib3xqow`z~`9+COfA9{3naIDX znN>ev&har-eC}bg50&E7ufnPGJzPP*bV`>!I^sPmluv|PeF9a2$bLY zX*C!K9J!bG9Qwo`5)Cc!+wc#3?(ge;%5%pgL)Ycy*khk_RNtod6Vg)!3{{C16O-C7 z;O3-;N?spLi4*RkzsHAlQ>{6r_@{;YwOZfATEE0cnfg~-^L{@n=MbFSOIrB*h;~S? zzG7{mM6d8jopHuFFM5fPSHFdiD3Dth;q^s5NXQ6vZ1uTGcD=b%V1d-<@V*1SFYu^D z?^9sE$K!oNBltU{zWScORlDGkUAM=7dvRZNlOP+J(y}b56_R-D#S8IUr^_C+CmLyG!U_ z<#VgFRcoa(J{}&cJp72|7PmetO~J*dM|IjHy?>d%yR31{@W>I42Rv<4MCve-_aG89 z&sn|5+}O9t?aDT}89+pq+v~Y)*}gW->4S)YW7{I4m^+Ycf&373RVAwZr9buaLRcT4 zDR_RqID+D;GJ>^xk8CWB-U#(?iXkly;$0GsM&-DaanWMkpHwc;1j9&7ZPs(!!ZLq@ z2aLpF{ag&>Is+eYb7veNR}buGg~|~mYU-l5RvHmrg>XI1oNiwZf)Lx zsDPX|UjCVev7cG{j0decDs()^*xO3Frl*f_$M!0G%q$}hYzR1ATYBcAe{9G(fthbY zdru(R{?G0JCi7jdvTPlf6Zj|BRZKl&$ zBf8>tI$@X@l&|Y=$?d`sJ~x~`r8=3GbzxRp-udRDqnyiE2~qJn?;HKKGROQyIuU%s zFI{u4m4r#w{kb-zb!Ya`>D|+G)^fp5Xtj4Ia#!6r$hh<!gHqy#M7#KK4GCK{cAC<`Tl_gzFM5u1WGz|Lv;>pCc>B%aT2mYu37{y zoibDsbu@>ZMwl=QD3;qeFa8dksKe~;dvYm}>}Qd;{!f*pqI~PcOElE8WDDH>=ZjYv!G5>mpW z_d!>s(#R(^jP(ykA$vppK~SZJuu6R@P;1H;$YI;ptK1yFU+Q|<>o=k))Y4Z^>~SNgBoJuB9vn!2hb8U8+_ z(O4}7X6n+relo+B4$q(S6=oX5ylEBX0ZoOxC1;R+mY&Xp!(A2tsN=LM0=lypUc`@%J5XKmO z0P)WhI+IT84TyLvY+FPik=r_~B4P)wB9>yVuc5Z#ANguV5aTAcz)og;9_j}>jNMsz zu>)a@9N6oKTeFTShA}28Y>F`tWDU;d0UsQlT#GRT#OUr15X%d((MaSs>>y(M`n@*? zL5_(%mI`KWMIz7JB$4yt_Q3xJC31+qs|fr5O(M@xmipZSMo8N#k(;Qq0(2;mLuAq7 zbz9I@Cg|;9+^qgtMD#7eMkA49YC%M)_4(h32qbbW zHdMr|N;8ni;V@6ZF#lf2g?hnZGF&zk1*D`EP*Q;^k+0AJ5d}N3(MaT>-bh59Z4pr< zauW?m$JW46C2}|-ZTET(Tgmr11V=0x-b8){$m2JZ$g48esQQjTm}o%6(*W_`@6m?( zK*ZFVO*#BVvV!u#4iim~13-lz?1)Hs&}lO>|P&;Os z9ka}iS!Ty9gW{?9zcf+ooImrwZkB&#acwIbGy6~_auY4E<_DwgNaXO;iBS7Jfb?~V95Q`&8eNqf z4S`IP-$tF&nSIJqvz4$)3KG_;SEr@u02^)<>uGs_;hq<;z1XU8iy@m)Z6((BX zuT_csO%J|V>zUT8`&*Cvig~$InWE_$+Du(DE-EO?pSBdb*ToN?lUFPri-}Ub?fYzZ z9M=5jXeIS;Z^}$M_T9LfTyZR|pe4q^nMQ$8&cgNyS!7b|Ek!ImLSCu!C%#=iviq}Y z@xvEi6L8h3Ri@&eI(`ej`|~YMe|kbw`|!14lHfOe+9i=cclV1s+|=FOLFZs2^IOU( zuKzuvFi5~&&{~ezQ;!*^~oyrIy$|MT^PM~hR1@&BU|`zoH1`hCh^k( z^CiVgjzVx}U}fusmUuTBi9GZnWH=2nylNl;`vkL`c*HfEt9^o_LC-Xu4c|(zEStKO+^coRObbG!vXY*55i))D=DP z(&9||ur#xt{)>LD--i$DKWI~4eBP?PSFCnXr~M7CAZ4=ng-9Jc%j`jyq|V202?Ii9 zzENdmwNLiS_|Ht)bhph2>-ZJBV=oRJyMD4ab?WwnScZGJzOQB5`|HE4UV0wB2d>>o zi4P@tX(-8W=s?P%d?8LwSxEED$At^mFOmh8n^#EGT$mL8MPB_ISA?WY3gNB)xLPRS zResoU1^XI4o|uDIzm|>H<>fse`=Kd$a*mjG-Y$p0`$1n?0q@&;y1PGuKjWh?U9Sr} zJPP$2K2pMliEnks@_4jnwfH+Luus25As-P#*tuDR96MKpEhu>S=)CVQ;^k69r3*9_ zJx_W*y_Hu~x@BVD)NUar5d7kY5k}i^^~)Hk1H_UU#s$XQc^3tlXUp<@6MYWG9VPS6 z93W#Rh|tXazPpO_v|f2g>vDo)IaZtY80|I90AjqGe;V1Cimx!3T`aW~yOvLaBO;w> z(KL0@tpi_=&GB<3A61j1Y;r^GM|?j)1D9j7^hfMfT?+T>D!uVJG;%1m)QVCuI9ZwF zro&qjdp?n6^E-ugbd*iwd#8>hC#Dx#4>o#fw~+4p(xr3ut)eKdr9uyT2W{aC{@K{p z5t;p%g9VkPQ^#-jXS@@{Dhk-eXk?vXEl3Pr=2-g&MQ(;Ya0XnVt2=pH)+_vs$Sr7Q zcrMJ!+eOF?!&wGpsYO!IRlnva0J>MUAi=h*i8e$GW#5fPB0u5|ulWO;`t)B!&{dPy zws&#oAtH!;OU%}l>oIS$0`Y?*WZ0v2l|@p}RgR*{$R;MBtIWfg398q>;k|_gQ)=X4 zy@%oM<3<*aB3S@23lyxffJX;nHUTly{kc%0d+Y#hx9YXC7ZJYM1*4REoGy)4ohC3o zAV&79w zZd(vdLj#bAV%s93NaT<$m>+_U2MfD*OvBZ)gYhRuf|9{lBLU~H57d~qs{`C<)NZ~r zsc=vZOdo$Se(Qsr-f?=CuN|@@E-;ciuh()EZbDFUmo=Bij*` zWr!$QyBm!}jwuBZrQlk0-Ys$8i5#ELH}9+XEf>sY?Jt!DBjN5w$NC*3$We35CXO-z>-Qk*Su<-KF@xGR zg@`@?@!t|TAtgjS4r_EH>nn(W^&{@6h~O`slI4!n!;9x`Omd|O%(uq;VW40MmmfC! z;+-nndRiw)+s~F7!E@|tfX^X)!QFdtNIp>Rx_HsuYn0-lvl+Dl22;99RQyY8s~h$z zaxcYV3qIZ%+#8k8LG_%OYUxXIJ6BHE>9eg*o^*v=7MEo>g!nPnrXBlyX+Viwxv^~YV2AA0-3w{oBT-uPug@{{uvLCZcgf(KKZa%jk=vB|VeK3d)- zQlOwV+;5ZA)4QM9IDrjMpQrZ~UNG}9%p8B_0F2!w&1w+~=AL5a7c-7OFMeRt;WFzN zE+P8-m($J8hh9EMxPp?R<}P`vevq{9I@*#V%hcJc%5B3?#Qb_s46ci9=DjPl5yCtL zoq;o9Un-J(g%w;*$Wt(pRb?d-h0B~$#+LhhN$8$D*7#?h+HW2E?#&{|$W`D>@_$BK zr9p5eGd6x=9IVe4?_pxkbD&D($SMW(fuMVG;*@zI?rG57b2!Wx?Hh zV?m0V(_CvmM`0vbG^jN-&jF$-f>oM% zX04`JV3h^}M26?+KG;Ft0uhgFs{6l)ph_+KRuPF*AtK1_uBwd51&X{M`sXXZG~TH0 z>3jD2z~TtcZHFsLF{GSvvgRDjwTIMAGi_~k=uTsMvtNAwrzv~D?>?U_{;^3+iiN^b zK`t6yo7eaGCO@QeFaA)7D;5;Jl_&l9v!aup(8H=4o$LxDwHqHCxk^TllgKsVR7YL! zF%H|;-RX39s>DR4?R|xw^bNVC!R&N}TW=YO$+B~WbYZ4EQs~|y4-H1nBD~{nSYEK zlnL{e&D$EO>+0RScw$ZaS;|wNgxt1>P`40&PA}MHayFXvH)%67jHH5hUH;#C&%hai zxrxzlstcgfEdrH}Xerufbr#7}5D4>@V1TGshpy7D$wI{b@@)};L>}p}ib#>RirDyW z9dS#q=MP2hHe^_DVhiYg^OdL)xrGudFGU)Rai(=0ackDmNHbZ|CP90?5@bCICGyB! zYcak+AS{$Z0OG~VyU6DW~GWJXPNACx=!4kGV8u_;dEV$6RX113PX>tp7RFS2AmZ@7e<3#8pdzjaV^V3iFCO|R z!QFmc%R8mVe?OSl9bs%o7~2uXc7!n${bWZNvoKrHkXF7yvHiy)z<>K+7slYdBolOg zD2l<~mfLPsb}Q`sL5ZlHKerWmF9E_>I^5SoZZuIN? z&+ywC~uLkAg&n7tnuD1 zeyy@)7c^s;`5qO}3#MboP_|`Dsr{FPo zCY^Gvds=~&_-=?u3lRS;k?$siy+!=%wuoSR#J&&}5p;rn#5S^OiNnv{pXBn9tozBXw6rH0J+=`$hs{$IPq1c|QFSUlGy6^+F?TZgbe zRDQAPP>5?zOM_`!bbd=!+l^g>3MUhs?K6LtL|uC^X|2+Ijjqw->!Wk0a;LQ-Z|3Rv zWQS6US$uImqezU~kz}WO;gVo+<_O)qhdt*32HikH{Jhz-wMie&Qe=5LxMzzyR!}HU z4|KCvcs`LJjKGMxSB+2-Pg5>bmsv;@*02=|Khd(^>2!J4Z=L6i5jWqx3{BHvc$;B4 zf7kh^&KtWv<#B?wIs2Zx3ynn1R}C2^nMS=jWU{}9<@=yYHsY7yhZ*$zeS$x zV86T2nh=|e=RneB+w*TboAc{K>jJYV?)5azMp9#57+?#{lp{(#cudase%~1TBQ-PK z@z?YCQf%kX_{M8!Cvd!d%lu?O{_^}OzUJdPxuZ@Q#agsTrzu|gtG~bC+sU^mP)xz2iC6q>XtSqE4udIV` zO_PLKa_*KB#eHH=9U^M!DW?FAW6perXlz@b+3TJ4au6{@MKp%=6N&mn;tq%q>fC z4u8P^{)M1{+~amIN#e3nf`UnLcSOFEj<~dF{!GXP#iz9Ia+r8czX#g+v`-<1@WT%0 zP`JKcu6Bt&K=)xflYy}}skT}3cqsmFnd>S0*-4_FyxLEtrH;EyA@NGmB+%e|n`=oG zmw9)EZ`M0Yi^Rf`If02B$F3%#OXYiSYaW_prn-i6v`0wu*YIdiTT17FZ_6KTp1QG} zwDjY(!eJM}7=5fJDaO9*q;8q~u()`j)b(?dHcLXn;rm&eocC?)&reD55$9r z9wnfwf}!AV%d?Oqff_^beR~Ykcwe@eiZ;9EI5xH&73=g7S5&e*Ng8XnK3n1p>!D}%mgP6g60YTUL zY*(2;%5yU8q2{w4;g5_?jOMlpJV|UHLIkvOzTHE6M~7h7X?p7J3{H0)1@hzi*L{DC zz(~A7B;o)7{$z=VnLix4Kbpq5iDmGVEH4b@j>KYAmLcLWK=cM7!QU1{hqy7ATWrg=h+y7= zJ5Uh;2yZQh<dBcJzO!&64&TbS~4^y^E8-XWKxD`S+7H~j=za@;qPGu)Tk2qI_vXnr_5Y_ zC`5QxtFp~1^{Av=@Er><7ousL2sx({bUvY6thC_q4Il5{NBIb}rEO!##VWI4B=$GZ zvCen`M#B6Km7@Y`z&bdF8L)nQjUyllS&~6SFM#-Oi9Fc|B1XWI4mMmZe-Q!ez2m5e z;4httS1j};iH(N`IfAVRHA4w09&=ndB&lFPf2BL4%Z0c5gE1t2s@pm-Jo-bV zUM{Ui{IDgezvf`x$7UrtB@U@F>|_4rttM}n!fg%}F$0LIezU!rT zmb%LPi~}zp|EUA!f^p^d2m9Hav(xzY4`}Y?$Fq#u#b2DxB2xE4m2&rR?bWNFxKxCA zKcD<`h<`EefN|Mv?HS7kHHFrw7l&S7$km%{2=F<2+Ni#cF5eEPL+tp}?RVdZEDovd z5#&FS63n<3W9OV_I%^{ePy9aBp1)7-;m3F>DsyqpC@xQ5 zt8q0^14n$P)Qg2IwBu#i=a#XPl?>V&v*J4{{iU_9PR(i;Rx`O-i;-aemJc^|7}hEk z64NDH7Um<2&rdwX)qkwWDu&HF2F_$Rm`OWO_VBk&Z+L^OQoK!7YW+Q|FbGv5w%!>I>DidMn=ee*3bhco`e_;DGC~qW6mwuWZ?^ zi2HS7s`kT3VsE0W((wuyiK+~0O%(=#Douq|8owr7QUg)YlKc^@Qt#bp-XdSngNWzg zxx^c)^e-Z)(!FcUEgGxb@{{+8ppdbb?-`DN2)ZS`Re@ z9`xd%a;*OzZDOZ<$4YzIx;=ZnWcoy*c^R?_otijoT=Z-#Ew0 zOQ#hE5a%(`)YFp?T7Tpwh_$m5yjB z;Oc6x;bcG{tY)47M0Z+r)`=xahNqCH#Fm8HFAU4eqQFwVT8ta5(JVdNlTSLr4kT;B^4uY9OS|=Wi zY_?8_xWfMitrHO40ieTahQBQgY-gRwQ+TQ01V;F=)jDAt#L6q;3at|mIT?Y@I-`eF z@4v#68&Zi|RwomfHK z8aS$T0*>fHyPm_=GCUm%bHH6cylI8}C6LD`v`z%btWo8)N`5dv{P*bsG*=)Z+tj8U zMv<(boGxG+0*VBn!qWwG8~)&vDs#WWkbV1k@_~v5sKFgEXh#g%5rh7-Vi4>tiJ%kw z+eG#3GwcM>>+Zl!y~R%uwYRL8sBli1X#!B7*IaOTeJK5fOlFYn^~2 z(X)b)fcy@Bo7upSr_q72bHc5i4NpQyHWW~;6Sj|5*8Drx31FRYk>^*sbL*Hl>w3NMY|QPDFVqHA;N3##N1MC=wML}Q(JJqHn8;B~s;TK$U% zszl(<8lpc$1b?ksCrYNm?D#GV%p3@hU1}k~iJFVWHEo>j4}GFAfI}OlK)jHA& zx0K(r-wsl_Gk@1Y=;b|i<={Huhciqw zdrN(Ih$gjd@MAAu%uB;64RNsoUYWzL2 z2F*$DoqHIJkIVJro$L$#DI&SQGx|@7gl5H{ML1q#($5s0S+ORW{3cflDpI9kySsHS zV%q6>GvaOcKlU7s^jH@7t$H>&rbw%otZV=BU7>SCCA-EaQeSi_QVS(C-lJz|#BV9! zQ0~vR=FM^%H+W@VZP*0nZe{C)>jaH1WSCtY_3AJxYZ%GCf@+oL|h8WFQciS8k_^jkv z?Lv4dEi1X}gL;mHp;EO#IQR22yGv}{>A&jV;^-iGb~e7RM4UMx&& zcqClb?$Dfo@4FL$@>@TB0t4~pS$eyTPb1@vtk;8o$gmcZ6c06zx}AxOD}FqPPhTg@ zq9(uF>&&m(QjIys8mvY=3Fk((gDFj=Z(j5elv_R#dW18u{D`ek`hj7s{bl2ZJ-7Eh zeebyVYqA zx|&cpMs&?T{f_^2MhAtFN(;u5uQi7(F>zX)M;d&~mrC>|WMW1!<+%s>@~n~>g>9 z4Qr!0D?Ijp6T#?;iQ&6%M?M^|?{Ry>Ri><=!YNsa_g2Df9#O6m8l*DswN!q0TK|w& zpE>Ck-TU(1#ezNA4a9zTl|Ih379y`l+gIa!bsn9!U_f0=~Gl;ZBfk zj${GEtk|^{GuS}2jRi5&$zKduAhQwuDjd~!?jDP%=eevOPC=jPd&^?qi7K|}xP)aL z^%OZk*c@1q=#9Vc)|7>2G9F~l8$_}?AKT=nhs-T$o7@t%$*lw;s{dZkZ406)jXo05 zVp~KM>jaW5kRO7MF7UkzUNcF+eE0o_cl@5;3<>1OZsz-}q2O6_QJVka=Se=nFAcsU zzuki3&4nTc7b6SPJzyk^lk2%{VVU2~5k}JVU=zz=ZEPlulsl+US%!!aQ-o-&6Wj+O zB31mhh+y7Itx*v{ZoE%%OO6|Q{|>IU(KM_W_;&CZ3zi*@kIpT<*K=o>BF_#yBY#DF zXIMN{yLi~nuDQ73)ra~&EfZ?_-LfCD^9@X&ro~Q7!^liA(H&t;a}CM5`6kw-L5==G zwN9+Fei&z@z{=u|`PX1shYMt99@Z!scrUWPPRpv3SG~t#(sko$lb{S&eBn>wq)u1W z`w}`sv|cch3)tw6uzscvBT2~E#L+Lnx-(?`E?n2Ftgg#pZ9~LDJR&sK3Bz89*zikfx2f+piHyQO{#~djKa?Ur-HEi#B`HZhVM4hx zfZCbOA+TQtE8B`Aqh~Vpy*Y;Cp~nx3DB|A^GCAlA6;W{+NWG@4daV82=mSCVX|8hR zyCV!5_U(A*+6|f$6cSPeYR=EKe(f2v{Y)nvWo_f#nyA)q^SY1SN_&9lS_oZ$^0RK< zq0YjW-|8q921QDuUyN!8#8oLv8ruzrJQNkpop4PMRI}mSIWH?p#^~oG zrY=3oW6aG>+IzgOWJWNTRF~Z$H4OG`#Mgu~$%c=%N)3=z3O_=;;pxT9xnU&N0M$BS z8wWZmm`w!T34RIw)`_eiKXnBAh@ZwQXvb6)UcTzt(q&K_av|Q}l$(JGyW0sDs2&xo!&uZO^GeSg=+g+E)5C;477YrQS;-R}8yi5z@&p$4y_i1{i6#7d$t-a}I zx%iu**JcF6S~$Z;H2w6nyx$*SSFXESb}E?6>aY`|hD;XA(?RWzM;`qA(;1QTbE#;l zzV^Fv4f|1sy>S;jxtP>94g#gGOf-Z78IjG6?At__SE6R?6vD#%U60+Q@W0Cik znI-7$pHPG|3gW*Bq5Tw6Yb!KHc=Z0a!+CZvlF{$z-n0LZ0VBBypCC5enR9_kX9iR{ zq9rqd)mfAiK_DD(o&m%;Ep%p#k2fHq#rgs4$mhtvh(IDY=3hlr5MD*R0c>(;?%7By z85cB*Ze$DSe!0u2rwcgLu<|Mh!x&>s))BY4Q`*27o7N2@D={vEtjC~4Ze+O@BY5g{ zsEGxL)WPV!QGbjMB9iv3@tBVwPpMWk2Q!D1$fu$=OXNymj1`F-qH6>6|0jt&e{Oc> zEEvIJt3>VuY*_Nt zQDqCrKL8P#^3i>D*9*CMSoC{S4kk!eP$Y6E3XlUpg%bHJ^%BPLrPpD<-o-~8#lPPT z>T*XS-;v07B=Y~PL=HOvdjT#Qi9Gr~>}Jp4w>ejC>?>_}t+yy-q4t&)iTrHs^P|fb z^2Y|7_yUuF$sBZo9f^ELBHxk7cO-HYC3Qz4|NkYC!_I#mbp965n&EHDsFAfWn%vW5;@G!9Ax;`rGs4iC!?;L7Z_8jRfU} z_6KFL-e*q@{I)s*}2`NfiBiF^xuB zen8CZyqrLWX4mk*!u`k)H>ZWyl270HGkHoBJAK-(T~;+xL?s*&7&_*6@>z2!BXudA z+_$;ibP;SNGIS}Y?0=ZDqQena924`6Qu%uYp8Jgmstvd~Hr0;G9ClwoY{4s2?webEg8|zSyuzQ&~X- zRT2c=V_MlfR&rUX5)6Xfbm0F(91(x(YGpNReU0PdfqSi~p8KUzk7+c$Igi~RdZKXL zsPIZz_%wKi{(#hGhIQ6zLW3i4;Z0Q`Y9!p#himLNbmiLnVJ{!HTmIAV3_YsWTte_F#1~E zV^X1(DxuH^%6E_7ZDD>}8B2;|7xR=eY?P^z=zv&0Gfz=_S#yN1bfuT>zCC4^%YkvC@;nP4~Fm>P`$guA(bl<4=x(XRCzKnWxES^lMRvkc< z$en1wl?_=7ww#>q zgKGX$%a-HDdlot;gl@(MMu!Hd|B1__+2g}3Yy131qR7O3Pw%}CWGD=$Fuo*GzV~() z%N{pM$>(ZT?31t9^U>s$uQLOuCP%VTlYy5%0T*_X#F_98OxcY5mn{j5TF;#&md+=+ zos?GB!u;tiD2wTpwy&tAU7IEPwAub!@$Mh=i887pgx${lxO!$h^Oo4zqjRjhK`PG{ zo?%O|H6JB|TGV zjCrT6ZJZ$lUt&U3>ufG1$Tl^Hh#gZ`=H9Yw^@kK z@-)ZyJI4=;)bA}AEVPiO;dQEDd_-v5OM6RK)P=Y3h^l$Bjgmt{TS%tcP~>M+ib6 zA6hJNRQ8^ce5;EWP2z{wAjqhtL;6uB1$jBH{0l{HhF56GD7vm{hJ5$<)4HIIyql{I z%*`(QfUf#A;rv<;bO$|<1|ljT@X$!)g-A*6;kuP+BO>Uk;WKN9!0_fo1H#@Cvrgdp z_l&n$FX+LpQkIC?RhE4~R{_V{k}Z%Qg6>CyxR+>Xp9p@)`Ih3RTE{7guaAhjn7qB5YcUiaolS3| zPv!CIcHFcn)&11N<(|>*0WXlNGTM;!+_tdH?~9aHi`U;uM^?sVur^)>Z##lFh(Z7V zd%s1p40FSMgzg*lBzSP%1Pf8;?JpvjH?d8KAUEEusmhbsy)L`v25SX+z4tz3EA4-K zaem-}bF+4bjQ?cZ{O$0Bi}vL&krkz-)z201sVL#Xqendl+*ZiLMgA4fKT5tX6Fkdbk zHQ8FfvG`!b88ocPsCC%YL$v}%k`aTBb)DOgqru=!99aX_7a;3#OKYrW!rF$2<4Neg zQU8($B0kdF77?({ora1C{?duZaA~aX`x2$epp8@bfp}3iU7q9*1L7G)`MAObA$lsl zxqRp34*J2WyST(cC#5MO?-^S0B_8uQ>-yv?!%X9e&+g7dGGztl;_F8Z_IC*7dl9Qr z+YjB%*H2bHPVfBVgZ`_2o=)Cf`IzcY2%qzF}Q!PERc<)+S^1erTt}%l9S+leGv#@Z@3L z`KgKh4{^WXGoR|0^t+hMag_1$$6~cd+>#l+HXeybB-)iH19EtFSL&(J8&a3ZrA@kB zp4PvD@v}ng$iC{68kvKicGG)U3VXvs zO10WgP^BUh2Ucbh)CC*pq@X?!bXuRjIQzL@!z1JE!(RTibmd~RT9qIEotu#}9&FetP};8_sRU;d)auB@0o$KZ11)GVu>zk?ieWReFSqUzqr zg6NzV?r|rI-rX!-{^~?;CU~YIE!FJfcLj0p&M1MIp0(SH?w)}Zw97V1wE2*?lxlUL z#%+|yopo7xFB>EP#P3|VXilB*GJ@Qd8KHEqRYVkt{O%G&gmod)Hp}2Fm(NZ@n|IXn z=(tCIcAwQF%thsWVmEke66%UGh2~lIm>UK-{gCRb_jt&~5j4XGBjMpew?1j+hmqX* zfI5rnZXiFP(h)5M>#x?ul_@ZRONjtcI~v`4>4r}sVlOl=ZFuVYiwGq00K-*8-O*J< ziR5*}Eq7RcFQj?946b-qC346=(EZfiQ6+MhQdVBwQ5a)(+B)LaJLSkj7^8;6rWoA; SswtGn{bSc+1j}KU(*FY@output && btest-diff output + +notice_ssh_guesser.bro + + +@load protocols/ssh/detect-bruteforcing + +redef SSH::password_guesses_limit=10; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub ) + add n$actions[Notice::ACTION_EMAIL]; + } diff --git a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest index af9ea0dc83..7905ffd953 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest @@ -31,7 +31,7 @@ export { /^ftp[0-9]*\./ &redef; } -event SSH::heuristic_successful_login(c: connection) +event ssh_auth_successful(c: connection, auth_method_none: bool) { for ( host in set(c$id$orig_h, c$id$resp_h) ) { diff --git a/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest b/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest new file mode 100644 index 0000000000..50d6f17694 --- /dev/null +++ b/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest @@ -0,0 +1,2 @@ +@TEST-EXEC: btest-rst-cmd bro -C -r ${TRACES}/ssh/sshguess.pcap ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro +@TEST-EXEC: btest-rst-cmd cat notice.log diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro new file mode 100644 index 0000000000..e28ebf5b49 --- /dev/null +++ b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -0,0 +1,5 @@ +# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT +# @TEST-EXEC: btest-diff notice.log + +@load protocols/ssh/detect-bruteforcing +redef SSH::password_guesses_limit=10;