From 994c6a5fafb2597bb7edeabb017b05ef38603122 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Tue, 20 Apr 2021 15:48:06 +0200
Subject: [PATCH] Cyberark Privileged Access Security module (backport #24803)
 (#25156)

This PR adds a new module, cyberarkpas, to ingest Privileged Access Security audit logs from Vault via syslog.

(cherry picked from commit 2d51864ef6ee2e41702859ad66d5d6106457bced)
---
 CHANGELOG.next.asciidoc                       |    1 +
 filebeat/docs/fields.asciidoc                 |  263 +++
 .../images/filebeat-cyberarkpas-overview.png  |  Bin 0 -> 569960 bytes
 filebeat/docs/modules/cyberarkpas.asciidoc    |  184 ++
 filebeat/docs/modules_list.asciidoc           |    2 +
 x-pack/filebeat/filebeat.reference.yml        |   26 +
 x-pack/filebeat/include/list.go               |    1 +
 .../_meta/assets/elastic-json-v1.0.xsl        |  161 ++
 .../module/cyberarkpas/_meta/config.yml       |   24 +
 .../module/cyberarkpas/_meta/docs.asciidoc    |  171 ++
 .../module/cyberarkpas/_meta/fields.yml       |   10 +
 .../dashboard/Filebeat-cyberarkpas-audit.json | 1574 +++++++++++++++++
 .../module/cyberarkpas/audit/_meta/fields.yml |   97 +
 .../module/cyberarkpas/audit/config/input.yml |   32 +
 .../cyberarkpas/audit/ingest/pipeline.yml     | 1106 ++++++++++++
 .../module/cyberarkpas/audit/manifest.yml     |   22 +
 .../audit/test/105_add_file_category.log      |    6 +
 .../105_add_file_category.log-expected.json   |  300 ++++
 .../audit/test/106_update_file_category.log   |    6 +
 ...106_update_file_category.log-expected.json |  298 ++++
 .../audit/test/107_delete_file_category.log   |    1 +
 ...107_delete_file_category.log-expected.json |   51 +
 .../audit/test/124_rename_file.log            |    1 +
 .../test/124_rename_file.log-expected.json    |   49 +
 .../audit/test/125_rename_file_cont.log       |    1 +
 .../125_rename_file_cont.log-expected.json    |   49 +
 .../audit/test/126_unlock_file.log            |    1 +
 .../test/126_unlock_file.log-expected.json    |   43 +
 .../audit/test/130_cpm_disable_password.log   |    1 +
 ...130_cpm_disable_password.log-expected.json |   76 +
 .../audit/test/178_get_user_s_details.log     |    1 +
 .../178_get_user_s_details.log-expected.json  |   43 +
 .../cyberarkpas/audit/test/180_add_user.log   |   12 +
 .../audit/test/180_add_user.log-expected.json |  704 ++++++++
 .../audit/test/181_update_safe.log            |    1 +
 .../test/181_update_safe.log-expected.json    |   49 +
 .../cyberarkpas/audit/test/185_add_safe.log   |    2 +
 .../audit/test/185_add_safe.log-expected.json |   97 +
 .../cyberarkpas/audit/test/187_add_folder.log |    2 +
 .../test/187_add_folder.log-expected.json     |   93 +
 .../audit/test/19_full_gateway_connection.log |    9 +
 ..._full_gateway_connection.log-expected.json |  579 ++++++
 .../202_old_backup_files_deletion_start.log   |    1 +
 ...kup_files_deletion_start.log-expected.json |   40 +
 .../203_old_backup_files_deletion_end.log     |    1 +
 ...ackup_files_deletion_end.log-expected.json |   40 +
 .../test/20_partial_gateway_connection.log    |    1 +
 ...rtial_gateway_connection.log-expected.json |   42 +
 .../audit/test/22_cpm_verify_password.log     |    2 +
 .../22_cpm_verify_password.log-expected.json  |  149 ++
 .../audit/test/23_action_on_closed_safe.log   |    3 +
 ...23_action_on_closed_safe.log-expected.json |  137 ++
 .../audit/test/24_cpm_change_password.log     |    4 +
 .../24_cpm_change_password.log-expected.json  |  292 +++
 .../audit/test/259_add_update_group.log       |    4 +
 .../259_add_update_group.log-expected.json    |  190 ++
 .../audit/test/265_add_group_member.log       |   14 +
 .../265_add_group_member.log-expected.json    |  667 +++++++
 .../audit/test/266_remove_group_member.log    |    2 +
 .../266_remove_group_member.log-expected.json |   97 +
 .../audit/test/273_remove_owner.log           |    1 +
 .../test/273_remove_owner.log-expected.json   |   50 +
 .../cyberarkpas/audit/test/278_add_rule.log   |    1 +
 .../audit/test/278_add_rule.log-expected.json |   46 +
 .../288_auto_clear_users_history_start.log    |    2 +
 ...lear_users_history_start.log-expected.json |   75 +
 .../test/289_auto_clear_users_history_end.log |    2 +
 ..._clear_users_history_end.log-expected.json |   75 +
 .../290_auto_clear_safes_history_start.log    |    1 +
 ...lear_safes_history_start.log-expected.json |   40 +
 .../test/291_auto_clear_safes_history_end.log |    1 +
 ..._clear_safes_history_end.log-expected.json |   40 +
 .../audit/test/294_store_password.log         |   10 +
 .../test/294_store_password.log-expected.json |  521 ++++++
 .../audit/test/295_retrieve_password.log      |   13 +
 .../295_retrieve_password.log-expected.json   |  880 +++++++++
 .../audit/test/300_psm_connect.log            |   17 +
 .../test/300_psm_connect.log-expected.json    | 1481 ++++++++++++++++
 .../audit/test/302_psm_disconnect.log         |   16 +
 .../test/302_psm_disconnect.log-expected.json | 1417 +++++++++++++++
 .../audit/test/304_psm_upload_recording.log   |    1 +
 ...304_psm_upload_recording.log-expected.json |   52 +
 .../audit/test/308_use_password.log           |   11 +
 .../test/308_use_password.log-expected.json   |  867 +++++++++
 .../audit/test/309_undefined_user_logon.log   |    5 +
 ...309_undefined_user_logon.log-expected.json |  299 ++++
 .../test/310_monitor_dr_replication_start.log |    2 +
 ...tor_dr_replication_start.log-expected.json |   75 +
 .../test/311_monitor_dr_replication_end.log   |    2 +
 ...nitor_dr_replication_end.log-expected.json |   75 +
 ...set_user_password_detailed_information.log |    1 +
 ...ord_detailed_information.log-expected.json |   50 +
 .../audit/test/317_reset_user_password.log    |    1 +
 .../317_reset_user_password.log-expected.json |   49 +
 .../audit/test/31_cpm_reconcile_password.log  |    1 +
 ...1_cpm_reconcile_password.log-expected.json |   71 +
 .../test/326_cpm_auto_detection_start.log     |    1 +
 ...cpm_auto_detection_start.log-expected.json |   47 +
 .../audit/test/327_cpm_auto_detection_end.log |    1 +
 ...7_cpm_auto_detection_end.log-expected.json |   47 +
 .../cyberarkpas/audit/test/32_add_owner.log   |   16 +
 .../audit/test/32_add_owner.log-expected.json |  993 +++++++++++
 .../audit/test/33_update_owner.log            |    7 +
 .../test/33_update_owner.log-expected.json    |  436 +++++
 ..._monitor_license_expiration_date_start.log |    1 +
 ...se_expiration_date_start.log-expected.json |   40 +
 ...56_monitor_license_expiration_date_end.log |    1 +
 ...ense_expiration_date_end.log-expected.json |   40 +
 .../audit/test/357_monitor_fw_rules_start.log |    2 +
 ...7_monitor_fw_rules_start.log-expected.json |   75 +
 .../audit/test/358_monitor_fw_rules_end.log   |    2 +
 ...358_monitor_fw_rules_end.log-expected.json |   75 +
 .../audit/test/359_sql_command.log            |   10 +
 .../test/359_sql_command.log-expected.json    |  852 +++++++++
 .../audit/test/361_keystroke_logging.log      |    7 +
 .../361_keystroke_logging.log-expected.json   |  649 +++++++
 .../audit/test/385_blservice_audit_record.log |    5 +
 ...5_blservice_audit_record.log-expected.json |  227 +++
 .../test/38_cpm_verify_password_failed.log    |   15 +
 ...m_verify_password_failed.log-expected.json | 1196 +++++++++++++
 .../audit/test/411_window_title.log           |    1 +
 .../test/411_window_title.log-expected.json   |   84 +
 .../audit/test/412_keystroke_logging.log      |    1 +
 .../412_keystroke_logging.log-expected.json   |   85 +
 .../audit/test/414_cpm_verify_ssh_key.log     |    1 +
 .../414_cpm_verify_ssh_key.log-expected.json  |   80 +
 .../audit/test/427_store_ssh_key.log          |    1 +
 .../test/427_store_ssh_key.log-expected.json  |   49 +
 .../audit/test/428_retrieve_ssh_key.log       |    3 +
 .../428_retrieve_ssh_key.log-expected.json    |  233 +++
 .../test/449_create_discovery_succeeded.log   |    1 +
 ...eate_discovery_succeeded.log-expected.json |   42 +
 .../audit/test/459_general_audit.log          |    3 +
 .../test/459_general_audit.log-expected.json  |  177 ++
 ...key_for_jwt_authentication_was_updated.log |    1 +
 ...thentication_was_updated.log-expected.json |   40 +
 ...rithm_of_the_vault_certificate_is_sha1.log |    2 +
 ...ault_certificate_is_sha1.log-expected.json |   77 +
 ...g_add_account_bulk_operation_succeeded.log |    1 +
 ...bulk_operation_succeeded.log-expected.json |   40 +
 .../audit/test/4_user_authentication.log      |    2 +
 .../4_user_authentication.log-expected.json   |  114 ++
 .../cyberarkpas/audit/test/50_store_file.log  |    6 +
 .../test/50_store_file.log-expected.json      |  278 +++
 .../audit/test/51_retrieve_file.log           |    2 +
 .../test/51_retrieve_file.log-expected.json   |   84 +
 .../cyberarkpas/audit/test/52_delete_file.log |   10 +
 .../test/52_delete_file.log-expected.json     |  502 ++++++
 .../test/57_cpm_change_password_failed.log    |    1 +
 ...m_change_password_failed.log-expected.json |   85 +
 .../audit/test/59_clear_safe_history.log      |    3 +
 .../59_clear_safe_history.log-expected.json   |  116 ++
 .../test/60_cpm_reconcile_password_failed.log |    9 +
 ...econcile_password_failed.log-expected.json |  756 ++++++++
 .../audit/test/62_create_file_version.log     |    8 +
 .../62_create_file_version.log-expected.json  |  382 ++++
 .../module/cyberarkpas/audit/test/7_logon.log |   12 +
 .../audit/test/7_logon.log-expected.json      |  659 +++++++
 .../audit/test/88_set_password.log            |   18 +
 .../test/88_set_password.log-expected.json    |  781 ++++++++
 .../cyberarkpas/audit/test/8_logoff.log       |   15 +
 .../audit/test/8_logoff.log-expected.json     |  845 +++++++++
 .../audit/test/98_open_file_write_only.log    |    4 +
 .../98_open_file_write_only.log-expected.json |  187 ++
 .../cyberarkpas/audit/test/99_open_file.log   |    1 +
 .../audit/test/99_open_file.log-expected.json |   43 +
 .../cyberarkpas/audit/test/legacysyslog.log   |    1 +
 .../audit/test/legacysyslog.log-expected.json |   40 +
 .../cyberarkpas/audit/test/rfc5424syslog.log  |    4 +
 .../test/rfc5424syslog.log-expected.json      |  193 ++
 x-pack/filebeat/module/cyberarkpas/fields.go  |   23 +
 x-pack/filebeat/module/cyberarkpas/module.yml |    3 +
 .../modules.d/cyberarkpas.yml.disabled        |   27 +
 173 files changed, 24967 insertions(+)
 create mode 100644 filebeat/docs/images/filebeat-cyberarkpas-overview.png
 create mode 100644 filebeat/docs/modules/cyberarkpas.asciidoc
 create mode 100644 x-pack/filebeat/module/cyberarkpas/_meta/assets/elastic-json-v1.0.xsl
 create mode 100644 x-pack/filebeat/module/cyberarkpas/_meta/config.yml
 create mode 100644 x-pack/filebeat/module/cyberarkpas/_meta/docs.asciidoc
 create mode 100644 x-pack/filebeat/module/cyberarkpas/_meta/fields.yml
 create mode 100644 x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/_meta/fields.yml
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/config/input.yml
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/ingest/pipeline.yml
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/manifest.yml
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log
 create mode 100644 x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log-expected.json
 create mode 100644 x-pack/filebeat/module/cyberarkpas/fields.go
 create mode 100644 x-pack/filebeat/module/cyberarkpas/module.yml
 create mode 100644 x-pack/filebeat/modules.d/cyberarkpas.yml.disabled

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 2b37503f969..a3c43c84036 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -542,6 +542,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Change `okta.target` to `flattened` field type.  {issue}24354[24354] {pull}24636[24636]
 - Added `http.request.id` to `nginx/ingress_controller` and `elasticsearch/audit`. {pull}24994[24994]
 - Add `awsfargate` module to collect container logs from Amazon ECS on Fargate. {pull}25041[25041]
+- New module `cyberarkpas` for CyberArk Privileged Access Security audit logs. {pull}24803[24803]
 
 *Heartbeat*
 
diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc
index b082893d758..4476737e72a 100644
--- a/filebeat/docs/fields.asciidoc
+++ b/filebeat/docs/fields.asciidoc
@@ -30,6 +30,7 @@ grouped in the following categories:
 * <<exported-fields-coredns>>
 * <<exported-fields-crowdstrike>>
 * <<exported-fields-cyberark>>
+* <<exported-fields-cyberarkpas>>
 * <<exported-fields-cylance>>
 * <<exported-fields-docker-processor>>
 * <<exported-fields-ecs>>
@@ -34079,6 +34080,268 @@ type: keyword
 
 --
 
+[[exported-fields-cyberarkpas]]
+== CyberArk PAS fields
+
+cyberarkpas fields.
+
+
+
+
+[float]
+=== audit
+
+Cyberark Privileged Access Security Audit fields.
+
+
+
+*`cyberarkpas.audit.action`*::
++
+--
+A description of the audit record.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.ca_properties`*::
++
+--
+Account metadata.
+
+type: flattened
+
+--
+
+*`cyberarkpas.audit.category`*::
++
+--
+The category name (for category-related operations).
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.desc`*::
++
+--
+A static value that displays a description of the audit codes.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.extra_details`*::
++
+--
+Specific extra details of the audit records.
+
+type: flattened
+
+--
+
+*`cyberarkpas.audit.file`*::
++
+--
+The name of the target file.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.gateway_station`*::
++
+--
+The IP of the web application machine (PVWA).
+
+type: ip
+
+--
+
+*`cyberarkpas.audit.hostname`*::
++
+--
+The hostname, in upper case.
+
+type: keyword
+
+example: MY-COMPUTER
+
+--
+
+*`cyberarkpas.audit.iso_timestamp`*::
++
+--
+The timestamp, in ISO Timestamp format (RFC 3339).
+
+type: date
+
+example: 2013-06-25 10:47:19+00:00
+
+--
+
+*`cyberarkpas.audit.issuer`*::
++
+--
+The Vault user who wrote the audit. This is usually the user who performed the operation.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.location`*::
++
+--
+The target Location (for Location operations).
+
+type: keyword
+
+Field is not indexed.
+
+--
+
+*`cyberarkpas.audit.message`*::
++
+--
+A description of the audit records (same information as in the Desc field).
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.message_id`*::
++
+--
+The code ID of the audit records.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.product`*::
++
+--
+A static value that represents the product.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.pvwa_details`*::
++
+--
+Specific details of the PVWA audit records.
+
+type: flattened
+
+--
+
+*`cyberarkpas.audit.raw`*::
++
+--
+Raw XML for the original audit record. Only present when XSLT file has debugging enabled.
+
+
+type: keyword
+
+Field is not indexed.
+
+--
+
+*`cyberarkpas.audit.reason`*::
++
+--
+The reason entered by the user.
+
+type: text
+
+--
+
+*`cyberarkpas.audit.rfc5424`*::
++
+--
+Whether the syslog format complies with RFC5424.
+
+type: boolean
+
+example: True
+
+--
+
+*`cyberarkpas.audit.safe`*::
++
+--
+The name of the target Safe.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.severity`*::
++
+--
+The severity of the audit records.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.source_user`*::
++
+--
+The name of the Vault user who performed the operation.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.station`*::
++
+--
+The IP from where the operation was performed. For PVWA sessions, this will be the real client machine IP.
+
+type: ip
+
+--
+
+*`cyberarkpas.audit.target_user`*::
++
+--
+The name of the Vault user on which the operation was performed.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.timestamp`*::
++
+--
+The timestamp, in MMM DD HH:MM:SS format.
+
+type: keyword
+
+example: Jun 25 10:47:19
+
+--
+
+*`cyberarkpas.audit.vendor`*::
++
+--
+A static value that represents the vendor.
+
+type: keyword
+
+--
+
+*`cyberarkpas.audit.version`*::
++
+--
+A static value that represents the version of the Vault.
+
+type: keyword
+
+--
+
 [[exported-fields-cylance]]
 == CylanceProtect fields
 
diff --git a/filebeat/docs/images/filebeat-cyberarkpas-overview.png b/filebeat/docs/images/filebeat-cyberarkpas-overview.png
new file mode 100644
index 0000000000000000000000000000000000000000..768de758559ac5b7152ef42a5ad6cade07907cb9
GIT binary patch
literal 569960
zcmaHT1z1(v*7l-AN(AY&KtQ@dLIgymySuwPC8hPyAt~J;os!ZbNF&|dv59|fJ?GwY
z@44T<AC$e<UTe;=<{a^kcZ@}_jFcD_Ite-iL0GR}iO4|^DtL?5a{Cte72Cpk0zvno
z*CIj+F3DRnt_t#}8JyP|%Cm<jW3xPCDULg}n?FyB?WgQ#?Up8|)Hpa}-%!bQJ@ma#
zr($W2N+m_(_>#;vS6K9ECBBfT`cy`S5DsxN%9CXDfn1-AFf{vD2Myl-jj!+DyB#?1
zI(ktkUlH|j_vb|JlgQcKSZ<zE2<PuFM@(EXY@c_3f2rNUc>eHjuZ%nXDEI$<jVx*_
z;`_f}k&C2@@Ji%wFLLSX>ixjODVI!j^4043k!{Pa$W0WT|2nCYbjEECD>K7-Z+5n8
zuDRLz^Oa@8Q2+j-g(N)`{I>~mg~34B4h2t732y2McN$rH+ZVh~eWNPodB|So-6
znbP%6_Uuv|r74jw{N1~+`Gd_0E#^x^4x2xR=e@n)H!u|Xr0-IE>q0d1K>GdoF-Fv?
zlgRIxa{FOs2kb}Db=)3gA|fLK;9biP%lB<vLh!p{QqfGWKGF7Mi1o%YMsyl+M=XaP
zgB8l)+%4!HCKI^z@S&OZEv$WqGa|UuYaMQF6EZ6kbT`PICF>?C5H6ToHmM7~Xo(@e
z)>3x$@MU#1%h~SklqPiN8U`bGBL1et0Il|62&rAT-tO-17gji8tf|FzJbQZ&emU&R
zKQCX}y_(cO7;i4Y3+?PK^KL@@uI!qwQ!j{K1$*QfLwGWH+LB>wceMM|a_H0|2Jzc)
zFLpwLs?P@d(U{nC?-gxK#uH?UB81ObDph)wZA{4UO*f;2%PT8i_UjHeJSHb`)2?7|
zaM;X=&>vpOk}YE^IzT;6x6<^+xD~cYg33Q4$cUn*araQ7e7Js>z){!{(z413A$3ZN
zER-26Ev-CYxZ<NmkqUZ~6?k2h(R5}`v)$}-U>?uL)ILv$1mBiQPxvO}=KWqM#}|$j
z=U|`X`VXx4o81!{va>wb*F&}#^kqmiwa+HxNXUJ_hrO(vP5b5>dwicLe73Yk<#z|?
zsInX9{3EHmfjfC57qCNyIPXrXw5p>3dQ>x&kRwFC#w#-K{U5gWlp#Kmf{S*!@U3<F
zrIeB#zZ5#x9yj(#V(TKH<AAAblaPAQ(zN38BJ=+DS%a$7M)*zN|4s>x2#yh@6hM9b
zy?$nTm~Z%-2~BtLUwH46Poc~uc)z_KG85T-XL^kN%)=fT(wROBX4*nLJUS6>=}Mg-
zlRsN|N61MH*PfGKy1;?|+uY=>c7$>88+&aqs_P7lj2_UrDc8prjuc1>e#%Nkg}{Ge
zB?4D{0!&oL$aPn3d$ZzweaLu5*N!kT?1rJD<*xIroTp%mk~A(k6z;CyXs{uq7C<9E
zpR&{502xs~XPv}&JDwu<_4Sz@hqmIN=v<tKLOQmvWY-6;1ie4>roq*8;w@Z1|CA}i
zZRnX^no<Ey6AxmF)^P!qo7?#Va8n~@92ptTJRZqa5xTD9B-}itZmFM-4sGmq-X0wi
zlJK8~TV+?k0xugW!N1g@lWO&>%gtG3_#P&591c!Pw19Wt3dBl`!k25&pZ|z@5gjqX
z80&3#xB&eyg<-U?-RM<5Hm9}xt%MI@6Y@~gjC^34s{LMX3G8l}BdOEYq~9?q=X~b8
z00Zl-RWA20KP>M86KtPLf3)}3gSoEx2P@Z#6=N+-=E!U8ve|`QY-QorsSri@5hXLS
z)Byk9j=NRSNr`~_(FTU}?$FwpcUoJ?lZP8*zqOFqz-Y$*O;**#&FS=X(2Fd&=J&7F
z89FpjhjTHvPB?$sc-0s0v0XZw&m0bR*P`nA263#Xc%Mw)W2Sadsp$M(h$s_p<eDiG
zB)05kvWuTVy-v-(TAuFxIT0m|?bn89#2OSp9`!kxIO^59a&rz*U9cu5vG!3*qML5Q
z!Q<<h*$pfp*xoTl%PVbf7g$(8i8j>W(K%P-Y;cF?iFMNqYLgej+UeV?fXVlf4fAYt
z(4&_ToGcb+uYi|t3Gxfl|5V}~8fLxs4Ts3&XxSZT&m1@j>6X{h-e&MSUQ_}fxCI=u
z-S{sHJVB8X1NNG$U<Q63Q;2tdYFS?>Pcy5$2$-%b%JWYVi_aor_ImhzQ2RL;=zUbu
z>fSyN52?{jW&8Kkl~}~>+3NKhsJ0tL2mW<JLcsbu$5~_}KK$Q%^89w=oC4d&${2hz
z`rZg<CLEB?Vm1T8m|10Kzb8#Am*|{|9Qya~O!qzH{U>fsX&?|aKDuSPPAJj76DoX`
zeLM6fr0%r-s+7+HD`P{8wDQrd`J{(;n`mEX^w<LfyFH8dc6yqxjsJS13d7$MZIDg*
z4f^iAdZvLTPc4JDufc7O#Eydns<Nu!9o}^{Mm&M(-1oRbl(;Tl-{8Cr7V>@4IV`7A
zu2lUr#buM6IC<8h!C$O;hreSC<A!1FTFE*}n~NSIwc;}VD)w{lfLPzQJ_~Wr+pWRe
zwn`tIx4$ywNy5Lf%yvtd|79XsPOW~G^OlInpPq&H8P{pLOaT_#4QquJB4l@Xz^uxG
z1T21jMF0;tu=h#EYi!`F#D>nH#cBt#R@OABfxxLEa`87Tu1&R6LfZb{Z0+#GDm@TX
z$d)6&*&a|w=76<6Te)4>n2yscsDIN~f|#X9w>Erj<-RgI%>Sw}r?ViPINo*-hn1}&
zQ2}uvfe=yL)J2=$9wm)gcu+&Zj01Q?lE&2hVk)jUV7HP#d*w(XXg%!xXLcVopu&TW
zv3>!>e%;&5<2f6re-$X%?{$NKB<Kqi@#p$+O84S!(`q0^<3&g_0Xn;OGjtZl%79t#
zxEuVStzmAH@V?cJ&7O^IeNYY)(A#$v7y%RZoiMWXO{N`r8i=3Ivtulbh-Y#mtR<Vk
z$L=(J!5wyiG6yVLFL>;#=qJ$zi`+D)-jc~zjp@0iX(WM6#P%-FD@3^E!Z!rW_OZ-l
zef-@!HN;;QwXv1q-2RT-U*;%bQ`hZy{Rx2|Sj6iLhJHj1imF>>utkYZx})b^f5_df
z--U1^sUC3+ma!pV_nrFWqr~0d<z^t+=roB%bqy~eGIKFu55P#`ynP!dDxb^p9TCp5
zXkTYtk<)~TjdZ+twW5I+K)u32*G5mw<@FG{|8z6<we0HpcF=S~S9niTHa!9z->HgR
z{+Y_IGfXH;Nw|p7T!9gN_i0!gQ25U9)OUr2>I?29=4S$(UGxo+doFEE&q-qcfLr9p
zfFi_iDO3VLTg^{kr_oJJu^PMeUgIX6Nm2HmuW6<!;gKBZtV_u(1e|XVBUpP(;*|g|
zO3e1s`M`s%nWn3GuwuX;5QuXsR|~o1jJYoe1Vs`BU@!U2&#ylvFnfWpwn^wCB+Lib
zKyYH`EA5+?6{sk!xM>5{C#(-FxEP_?O|Iu2yIxnQA&Z1Yd_6Nktz%5kjvwE*UB9<`
zN5$T|&a?J@af3uIE*A?kr<hqfZN#CY5&c7Bq&SY4zkpS4MQ>jnnlzJei48riDE(Pq
zLSg)aflr4=2f{|9l0lKPXWU_3JL}7+m1+#vyJes7`Vt7g7sgPl%UzgRM{j@Dgy>f5
z77r1mh<==Mh@hNQoL>UK@k)F7$I?D~ErhI7cB$@AdyCkR&f|}mw_Evdo;#9UY^G!{
zYoBxYQ?DdMd;h^hxNl|>IKvgk7aMI>_AQCe@D`+_tx3AIG=1a_p;tfw+86<u`vR6;
z-#B*=Oo|~qBM#1GPdJd{MN&se<L`ABkVaSo%gI>0qxbp=o^op#*OOHWqV>(l2b8X%
z%>+gbSj0wW;ukkZF3R*sACukFq-U{#{`<fed&z<ZYV_<(jCOwHdDU@KLA`a@_N8qo
zXBSm3-N<7L?5l|!9Vh$JBkQOHSH$#aHb&^<>{dY2Zf}P#+!^f=<NKsj1j116kSw5q
zeLe!}K#{tCGjVW4VQD8oLg4e?E6%n<Gh$Zx!&gGZXn5M3Ja4`R8Q`GIE*hF~EBEuk
zt1ou19^-llw4iC%+#ulwBX4$|mU&XPY=>Kq>54~TwDc7w85u)6{l%hYuODdfJ0kxv
zBK-anh40ug#w!L|cD%Qzt4KevS#+(P0F2hzMWO1uuBe)EsqF(+jMe)r9g+~Q_MRDE
z!Sey=0b<u`jRs4ZTT!71-Re&?x2GJeK+Y|5hMfe#?ql1ozadn1ZkUm$jx|mBnJL;@
z@-Z0;WfJw^3lXQsW4PBCBvkSwVzK+ILcq&&diT_HhXNS&aX@0h)cyT3xbM+tJxv7r
z0D_(1Pv@&|?avxDfwyo$lK}$*qd);MbfG+@Eie*q&~I;i4=3}!Go_hb>T`3Hv?BdS
z56#g2RMgGeC~5l#sZs;k6(j(Lv#5@;UtI>&F|IZU8zD`~Lv@ZfTwv8+Umi<Da_tLx
zyH{G``K;_9)Ns`k$VyWLcW4V+5gUI{lQVHzNli013DlH-!{2yi@e{jb9#a6!mIRYQ
z_P8WA8pIL;5zXH^<Zj$NyH|>u=B*Z+dwqM7IJeKv*Z^2LKp9C!lyM1f6s7v*gLMm_
z=`wTdpF6Y_HJ+DGv~}d>j*ObULChg#C^!dUXO68$<{er`QcfJ@(vGm?ZMIAQ31^Cw
zCZfH0W{>-n7Rm_Rb8WgtT_ZLxKSot}qNFvRLJp3kj~U%J1im6&U0}1*LIEsyh|WIL
zOy>b}w(U&gM@h^2&&3h<;ncXcA85E6mEhgmHhQ0p4Wsem=pH4;EZJLt{g^xo*Ueu}
zY9J~+{1C6$;8}P~^?WSM;=m<Q13K9l#!gV>DqFL|N<LMb>y!WZ<3M`vqV}-?;g||N
zwB3lB#!Nb>G_t|E&#{8uV!Qa{As1K4&}MnLRj^^|KFrMx7L4-I7KBH=lj%;jlivuf
zlFS_}KA%PSge8bhi*eeg{9`a|N|yYg#^dDKEyME1Mr~9KaBI}QdAop{0K$hv4_98_
z4>JUsoeHa4=~4FB4&LG+Z-x0JV<F2TM4PY7OlKD;@$?A1-^aA+Appm?RKJgSzDET>
zp`D74zfmkHI>0Cns<g3)X!`jsSO0fH`%&{Kf~d?dzA*l6@-$xs+ad@(LEv4P34CqV
z$XV`CHfJph!c#lo^Y&HrPP;hhF3DK@_FFu#b2EwveWY$q25;M3F-=b`>1Ry8vCR#+
z)AIJ5LXtu{3gh{_-rd-OWUtl0{sZZ|$4fXFj0Ae^5%p^%i4S7E@0}PWd8mxuM$xhQ
zsqb$cQTo+|xIYj@=U+jm4WRplI7USCWleBQ_aK`1_AHsM+-=TF-QUuW*jeEFfG~+`
z(^brW29n^Yh3@W&JtoAsB9)n~Q)hchx`91=M^b;_%sQw90$!N6v_!TOdlg&xwG(@{
zvc>^L+aorlxfFPhO%QjtQVBwb9Rc@#gCIONziwXBHS2EG&j^9I{mr}O?!8vlj82ra
zhMjmpGCnf+7^egS+cJ?K7WQlEuyA)H&*1tDd~I7GX%#lvLU8rZ4;&;VmHPHa$1g?5
zk^YSH{)qh`iUM2%K|Hmt@p#<ie?ck4oJToU<qAed1ixWB*M=n77nk$F=>|SzBF87d
zBef@Z1I1-q*N+V<61s4OS+9@Ez3A$eB{TFS{-)YC+n%a*tv$}Rjbu<r9DzN1;p}pJ
zE?rPU8*w1E#_bBg0f6>U%g%xHA8xnPC#r2q&hD0@I|(aZK@%MuU%wWJT%2P#m2^$Q
zG}};3Ez!OO0v8>X)5okniDnVw-04sCS`kZa4R}X@LsWlJ0|~nD_@Ys5v9e}sw2OAu
zK$Ql(n+N-}Sc7vau*WFaE*xopas4v~@a$XwA*92SKWjH>8YVp+SBdz|B^87hmhWSf
zSE!h8qwEjkApD=R@yz!IYoIMScwIa`qQJ6FEz?6d6XgGiFD@|eK{R-K>qkziO9R{k
zJkt{IdMPr3`)BqO!W#32q1c3m{y0ymAYG}TBTI;_!iuEsPE4I--?hCRr)Jd%z#z4*
zu6suZe!#Q!rPSZ0iy@(lndc5uMhTgrTz&5jo$Njp75a3HSjyf*dGF#z+jf2M^m<=e
zLycql;_Bw%)lhTE=k7(<bQB#BY4q5F^yDuD_2K_EJDP>E%=kQq2`cLfW#^3~+YrBL
zoEsI=qND+<wWS@(-fEjBvIr0T6<Nxwq0fe{<B6+vglSO~y6b~G*2h)nWad+amevCT
z>QP1ePMbgP&CHfxdW&okS7%0qzvJcno&4Mae#vrR<DSuVWsLg`SY_T^EzgSwI+r5!
z>Sb!l9q~zVLE~4pDil@OLq*(V4Ad?}Z!GDN%v45)DbEGNs?Hm}uR-m|*yf`ufDw=o
z^hVH>rYNh2=<|NOTTV?&TQG~7b)LQE7M88*Zp!HUj@jbrC@)5en`k9%Jw+J7jKs{f
zYwKsP@5v)=Z<tzBGR=47b=pxq42OZ1isJYnLmP1|{YAy(6M~e;tdfM3%aVn*pRe(<
z)OI+QljBhO{t*qh3mot*NF*lPzkeD9j8BK(yCIqiJ841pm~G4!@L}yort6K#NiBNI
zUO!I!`xss2^D*E}@DwySXm7mgc6_HB8mOB~bY~`6_x&O#ar{6)%E%>W;oL=_Y4~|o
z3A8m$u0S^#Tx|mwl+Q;Puf&^m4g|_z3+=01$(7Z5%OtiQoh7E+*?}eZLWE<~!pA*r
zsk=r-z0TlRN(&FZ;v)*b`8J8#T5OK#XC+p+(YCdtqoI{2OXAYXN#buO0oy{U?N-O>
zPBy6cD{@4Jgl;9Ga9<5z<>ph~=UtSvcynXiZgfXfs6)~AYBc-c=;U5+d0=<HyG14B
z04RuG@nhFEb4+yi-Ipa=Hh?_w*H@YJK<sjHgK@YOXPx36c~z&nNDD5qlgYOsmclbj
zYwu(g8IrE=VWMzqCL-c*G{{4{XjQK(*}Lnrg$X`}&yZy9u1A6cspgnKL|z`!oy<RE
zv&+>GrM~v~s1*@dGbRA7(SJ>QyR?+gNZu99>E7M<bN9sDu3~$A+j#6C%@@eXxqjZM
zU-8+W=2wva#i;&C4&v~9k4q_bxyv$H?2bq>d$=pqzP6fp{={Vm@mu$V3}Wnv+1*4>
zjFOL%xS`DytJ3#3x*q|$!or?Q?-wh1;`blIf4=t2dWS|4==;hWPwZS6pInFaX{m)V
zq%ed)1Du-BCqX!S0ZZ}5s(c0fkcG-KPA6|NkfOFzJslp@X0GR>1|kAV5Uz(A*?ND{
zt)e$ga{dufiy(-7Dj^Q`-M*$7--$fpcx0>7gbExg+_*(&D>~4Bk;xgO|8a+oM!)qS
zw_hJV+@D$UJ6^WmW;wFr$>B=k_C}LT;0~OU1n=fHIKR#>-UplW(C(Ki0cBco4I>Hw
zH18Z>VS$PjUI6y@rAy>X0FB76R|(-#f5`l8J@D&(y*8fzc5(18f4v;<{}u(Vq`zLg
zcYg~3x4~a8^4q@|y1$0_AB6Zr0v~G!cT#Hy`^*0%)4zIIJFq!;ww6#)XU%#y`+3K&
z!P$s^zbvIZb5@ULcjKeq;yy8M3$&VX&zMT$A1ZQZ0?aiA$i;jQlN$fdhQG`0U#B{8
z3yc_)LFeUZMnWSB)cwcLI<qdqS7yw%|NbGTp@)e7d44uh0LuM;oQ&D#kX8yA{9|z4
z_&Z<={y8}2@LRCU{}e`-S4IV5{pa}-sOT8a{~=7gRQy)!8yCw)pE2P-9>~(<VY%}^
zCe~7Cx?f-Vy?8M8e+Vk^MBGW2N()P>B`_N16!#`<@efUvV3}ox29ji*u~oqC{zItj
zd!i*{ZEOpCoS&whk7VMhsTEu?QgBw&$2N-uBLC+c!CECjN;z!>U(jgsM!4O$CGJIm
zS%8q~Kh_IleLj{$eZ~3y#+^J3UI(}99=8j`jY(6y1)mL+ZQbbqvAUMe+!`qo)fgV5
zXJrPpva{g^;DS#W&le4p6&HRialiUw;r?r$+pjm$SEKCi-b6b<CDdJI$p6@mY)P@4
z;mrJ(z>$%QWyoaYzeM^Nfsz(KPi%~}JbOssjddyi9RYKYdvmQ#{~vo<MpPu#g;@Gg
zj0URY{kXi^(6awI*ugU3Ksp}n?4tWogaF?^c8Dl+Xu~15uviyiJmQfojjXEXuq{T*
zW;G?(Ifo{$o_Y=>!SBzAR#qh7^^a@gR{%VPVPiaJ0}2W~FU!Z>I4}#HvbQ@ZwHdM-
zih6R+WaA)V+?{C688W6~*YjEoJLo?)FJ9{Xi464eWA9s$bdix-GBIqF!5%Xi*-XbH
zW{HCr=+E;ct~FAge5`~dcx(w!ql3BABt$%3pi}VmSdMxXE=x>`8faY2ESxlSopTd;
z7k126^SE9v(cYoCm;Ph&2FXP*=dK}sEJllXT=8?dDE&QV$}p@mGHeRI)<)QbOeZCW
zc*)q}dsc*Dqdp-~Q7SWY^Yk#mkXbhCNe&9#S-P0X9etC21x3aAz65p=(cR93iglWj
zT$AscOd1VgnZdM0?7V3i8Mr-XnUZdi!^Yoj4x&9z*DcOeDFtmw0z^BEQj?PHzHb;S
zYiUKu=L|kzrMo3|PhLhwhQ=z1*OT+I(*r$EBEovqvYe-QVF8y+zz$PzH@qWL>8#dT
z3gk?><$BasKO45!(*I`s!$S7eX^5n9J6s1>c|lH%*VSQ9xV`FcL+@iXed7-;7u{n{
zVl(WpoU&K-E=sue+SY?yG|Vop%v{VktppjIzpZIWeCFkkFvQm}+S(m=TEVds&zGno
z)i$@}v229Gc;ozvD{$Yt)!*fBm13_&Zn%6E01otB*zd`je0D1+xta2P>_K3U56P$$
z3&qjCarhYXZEMjqycA-OijaY%Ftoy2((ck2F}~1|xsB-eg4s}s25d=ErJy~U*4@A#
zo6XfVS3aybZ-pK(oOlgJwMWa}#zYq~RE*hvg7j_u=<I6e-dfRR7zWDR1H&uqW9%s>
zm4=8)HS%n!R4lMw_0GGQxw%Ag31s4NMP=p^txf6`BHcZ80do@%YMf^5$}phjj!q6<
z0m3n%8i(_cncd@c5flT)oxx`Yp%c|N@42g{oOdRV6Th^1F!$+4YYtW(sXop23ZI-*
z+jr&Rab2j=WN|0mUY$Iio!{X6JmeJ?DqdOFXM~VDw#j1s<&T%J{R1=`7t;n<j`o9?
z?y}X@Su)-`f3pu>tI;R3K_cnx;_{1<m!>N?^;$QShf&N1_Po&CA~~^Bb41?Y{*<VT
z>xJ$syf^#a^%AlVITz8O=OtWtxJl9m&z#bV;)hQ|_P>v~?5jo7M8Btr9*<9C5a>En
zGw(I+MM;ynHeAYupnFbQLSw3El5_~tGYr09#^!$hKy1!r%TG$ijgW__8K1zoPP~L%
z!SG@c{uAZ}7{<bhcal4%xBB~$uuSt>8#EcVGF7M;Jz&ZDMs~1K@G%?yd$Ot7Z1fh#
zdBKq80r%v{81w4;%rwYda#CF8saV4wFrF)_;_s~Dsd+|JA~IjwJfz_7!CzilLV(yw
zunrDW5uYc~L-!)HUeHB7n$KOHjsHVl3cPRgoV!gXM?JUFKlN_934@i;`IVs^o@zYG
z7;}*(6p^$SqvBhnN@_J`o+uA>Qc8(PNl}0+7lwn;!HNFXKj{Rl#oIY;$sTzMT79OJ
zE-71ZJUUWEkV@gjNC<rf_V=3!JGAu_QuaP%_{7R1@G-X~Z+O+_coNIMNCOop&d_yg
zdR<*-@uFGLZ9ybUexBOMvW28wGJedz?Oh^KIz(SoSb1dt+}hctE5l=A??hMRiGUc$
zCuf7?((pufU&HALaqnc<?owBc@7hu7AtP^*JpW(40DSZ)P_%;CT-`POV{|I1SvC*r
z9>l$Kz2eKH(nIt&bR26qPKdA)zA|&c7YN)pX`WAy5SVFE!ZDuPg9#D8)1k~Q)V_c9
z_&u_ezd@(Ls|J3|W~W{3*WcfAszT^!s#SM}eF;OG2m0N8m(4l#)%Nrxu(ZNrHXq8!
z%9@sY+KyMp6EqOn6Bc!rz!p0!zhJc9t#ZN`wT@^%nh-D3=~jD8Dfq~W5WQt-(U`^j
z8eJl_5pUMw5<#>hi(3E98-9ie^Yxza8kh6L?vwEv<i5maM0ulthb}@ye?*Sm$Xp$5
z3ejuU;>?Qe5NKmVgiP9P3#Ha9z{Xb?wEW^zvDxz=k4uRF;|@cmRQ)2T!J+$7qUP&%
z{oFbS!7@I+5k`x8^{$@KS369K6~Fydi5Jsf+QLsfUnTf}53MZ^e#Tepyw234;#q!-
zC*Rx&4#-Gckti2y5mv7syIm61A}vyT1Y9HWG4F@wEm$-Q_aGlp&LM#Pg&&)*cwW)9
z_hA)YYS^Efe-zbKE!G8`|6-8kGaJTjP&)2R3~SEMM+aKeIejh;jS%_(pUnLIRNrHX
zhh(;J%0NybCN{s+$dbFk1M$~!Qi=zRi)vb0cbHNki_q!dgfAH1ynTYsyrfg{;c;a$
zjE9K3owV3WIGrnTAi?Vz7tHd|>E=P$jREcj_FfB!HsR<kxob0fM<nJ>D=D>ub)`FO
z<fMDGXYqU2_N$~utHi0*Jw5p^2T?J_KLlF;3~7DQCI?lax5&l3N!}hST~n{KzyeAg
zL6sGf+WWTVB6Tq^HB_raOyS5XENKrv&^4^}GC;h;HvZWv2q6J+(oifT7el%6AXdk#
z*+^OWOq@aIi*xY>C-Jd$5XRtw*fqD=-fQxWoORi+AWVsJq5rXUZenF;N2x#mz4B}K
za-;IU;bnGXhZ4e>t_umCdr1=CiP|exFK$bfho5Ot=DwJp+o&b`DjSgnIvmrIHN;w%
zUu|9`xHJ}H!gShHZHfC9t3&tVCdBqFdps|JwOq3w-ZnFHq@f>cVLHIQW`)sQlX>8!
zc4&xZWnW{sn@=6P&6U{Wma%Y<HY$H?rSywvd9=V+ywY@rpI#>+tJf+uyenF=l3&KV
z&uHf8Rt6=z-^cj=Be2YiC?(MTRJ?sPPSJe7d*JCAh*%ALSIj@vY+um3`Ri*sEph(5
zE%}8qyCYQG6n*tFQYg^=IxQEMi8u2R(|lImet7I<;g9wGp0KtvW<IRvi-^qp^~gw^
zDQ$2eTuteKTPLhW8<Xfe*J!{=^aWv&`FwQ~+(~?cm^qoZIz7Y?<L#4f;rV3Cpa9Ru
zJYuH9yH6U|xY~;6JWUqiY>X$EsD>7+mP(PjLQp%AByt{SHOcn#ASHp1k)AU`jbQe5
zSxhKqBtzm%HmIGO65<fy`O3wR{P@8UFW^p_-G|;Wy6t|qjNujto+`CY;#XcxTE6QQ
zaSJ)x*m_qhuaIvA%$?D;Su4QJ9$Z^OSS+$Mpxv$=7fs@I=8wn>9J%<$n>yNx7yHMp
zF$=iCv`+>ef`bowNA<f>RQm3y27uswnc|2FmEL@l1>@a!=(x3YPIU)(l$Sa(@6J%J
zvUi=~0YTo6P`@{_-e$ppcju?O54a4O>2}+RX0zVP^zs7t76W8$C@88}dF;&qXmFdM
zg_!p}OEijkB=|lc$lBPFBZB}P-)uuWjT+&jK;5;I>cs(AxY;jEPx|4X;g(;3WtheM
z%sRe{rtf33Nb+myXpg5GM*iWzum~9L+^dd@i(72%=smmaH3fsif1O$NR=r##M1R^b
zQbKAuZ07j2yIa`S7OkhZ7sP6uy?w$3CtWAqr4vo){y=P0&ywDkM={+j{3eW0T3y}C
zhSQn8ITWJp8)9H>aKMq~bt_AOI;gLMJk^^A>vYE$391s^@mHW0lRL2WAf*6~$4X9s
z{Pinb?M(q2WZ<#_l?vEsA@8507{DiWha`M6BfYt0x>G?A!rjc0iU?Uve+8F!9h6qS
zl5V~Y&IzB-t}uGyK>&ZxfHNhrb7f4Xjxx8-W*TU2ILH)UHB+C;FyM<PK)BetZ=x5{
zy;^P-u1h`dKZuwfe^KcYPOM#lHCVehp{S&k;K2#x>|gT02>4jJ`8h4^F2G3@tBi=y
zbYmPtQ%-4np^RD868|05YnFedaT2fyP^X+OEMSz6Rw47QA96BBnY(I52iU|x+llNc
z?#>)Q58n(!<mfdzcfa}ooT2_yO6Op3?3bww_dWWyiFN9A5B;sK`ggclva9iHVZZL|
z9mdw*VB)%eb3z6};Vny64^(sWdYOF3gp79B=75e~pCUYjCKKeulY5&RwRGCM0K`(2
z?BSC***Tj-9C_SWnX~^R#oWcPQx~|7E6W1^#l!Rchbv@XTT_iFOxgWpK$>)#FCTxh
ziKSrb5Dy|On5omMIV{rIU=CQc(@a}Y)}h-gR)g7bEziL-HMSHEZnhI=kJ2y9>NbiQ
z^RX{mISvnw+V(;l{DJf!OO@=|8s)vNQi3MsuQ`m-WWZLO=1{!IkXc}=h+GJrQD!l)
zuX7<MA@nKf;|@!CDxHz>G86^XdLf252)-UFHhbAMm^-0&b`ead`{|&2r$PrkH>lmY
zIF@x#9{^OqQj!In5dgu|-8Hzd(}=oo0zh%s=MpTow>>>QaGQ@$Jq?|b{@Cc_`=U)@
zc@9NarcdMXKo2dg>;qtV&E(8|t+?ndYw;H_FU<xINe^%6c49pyMqDv|wK;obJc}_c
zL69d#3p3LGxA_axa*&Gvh>b&e54{ETrDzM+?6ptcmrzL~R<A~ztQnNFY^BiI-O1~>
zpOv5<jp+{7!4AjwDi<nGAwovAJ9!d}18c*Z$3%R6sD44`@mub0-!#@XymTH_@A?8o
zZn_GBh>Vi34vDA+5PQ8ZFoDK}5|kk8&}jL;z{%B4InYR)KP;_8Ud!rLZZGdq@`sV5
zi~A15^I(HB2UGB&TqY=d7vl-ud)LU+`v6b^(_6UnWAGu~fUK-+naj1tOdx0CF?FBZ
zhzYyi+sA!2NE;Y=z_O@I?x8<7yp%1Y!H=D{Aeukq_N2zb$B(IT+rE{J+8+RfyTA&h
zdK|~dg{P=oGUFqa;}^PlzXqF3w>%Y~kdWnUaEe$;=Dz;Y9R*^|f-3aq^Y-k{*e^dy
zJ)yvWB$8NA<q|ZKe>@30pQu2@BOnk0;r^%Zg*{br=p(e(1cT=(sore0R{jS^dmr?v
zSJi1COU)cD0R$UIQgmp%?C{C{w7>NvotG3+kV_IjVQe|ToAj~n^f&*`-m|Yj!d^e{
zrX|%cGNct3^B$I3J`^SePm1y4Tt-Ze#}iUQLr56jJT(W(xv$!%xPP9rLm*Ulfwx1T
z@Xl~xqs|T$0@)tW(1(YwugnZW8pk?Vhew^#@irSbqH8=wTgibX^F4JhtM+$QQ9!G%
zLoDgV6Gp4MvbZu+X;pDAF4R6Zg-wWoEaPhr7uhUGO{m#wI8(m{g2deFb<COD;&)N*
z)y+S4gCoiNJ#GcR2wr1{^`^zX0_mT`&2eD=DzUb?fS^`8u=vbR<=4-?K1dqg4>AqJ
zZ}2y#Ui!vhTi-j$re`{t*fkrA-V)1r<8y(yH~2;D0c_=SFb`^Z`)VWKjLZTE+#Ov4
zc~3R_@qJ$K_T#2~%m4%g^6OcF_pfG6hf(IX>nDIBe+idpvnDcJ#vgZPMu212!#EE=
zU{xUJ#7%7m5Eq0ko%!#M<A<9<WtT{pD02rKNs=dm`U7$vuo)-l7-fz;(-#K<@l+H<
zM;ZA{A&{!x>7-<vXj<;lr0$K@YD@_znmW}1NceVQ1ty5L<BeQ*e9|F2bn!)7;z2!R
zAIePcDo`F!Qd}6)pE@n8P=e?{4!NvrE(!>C1QjNTzp?Yh%0dJ&+iI{s70-_iR@>PZ
zd59xSj<pUGBxR57D7jk=D1il}Xz3$B92_L@^#7?+aa&xJ(Yw>_XNe|fghBuTf^=6H
zXx%Z_>?EIHD}700^Omq=_$`n>MHz|)Aj;5WKy9p_UdTS4Zf3OUq2E_|dEtc#BFR#8
z)WW%XjY(}c>}Qj`a`Knhk5_jmCa{OReNaKNq&NQ<Pi{Zxo}|_@m-t8*DR79I%C3!Q
z@GCo~RjYDte!j1gIn5<Fyuj^$u-y~08GhotuXn3esra6tJ!SL0(=3wBX^Qs!m~Puk
zkwtG^1zA~IttiOmvfZ@J;!CO*z93;b8J++eICX(1wJ;tH$W$7$NuP4~U9PQ9OxJ1U
zOqx1@e>S*FZo5v3E6^JooB*4^-aC&Qp5t1P_u!R90P!-!P<On?kwB2tzD(hu?DF5V
zS9}CcI&^6^$N^WtS1J$7v(Q_BnP>r21;Q8{zo|<JJQod5CmQ$ekQq&`HNLJFP48pT
zdUz1^QMug{Ejcb5ZZhXe>HXU;XixgfE)dtuiq)of-We>%=_*-JUk_gD1Cv;A<=`4M
zHVpKoU1`wu6)Td8j6ba1i>wR#Ss*pPydDIs(so@o@9bi4#A5##wRlB1L#EYmn|S{c
zbKHdHLC%D1XQhEwiWkvh2AhQd2thDFpxBzqJg^<Z?26V@q19q@#-MB84qdd)1ZGJ)
z28=`ry=9c<mys;52dd_F`VX>He?kYmBAXX%W~s8vny?JAz;M+?(fN+hhWXq&l2a4v
z>?DV)@n<!LH*XZ;Ng7l%^bYGOogM)E7KJF2GdvGCmqUUQoVcL|o9;a(6<<Ps-D9`m
zWlUgfk*Rzft^*@;9cMd1nlgF4aO{}*`iW$f*v_RWnXp5jHQem_YJ1C8rivCCFAMQ~
zgzRJIlfnh#`KmT^uAB&cA}I(nRSez3mtwUL6;uw`T%2A#3J4HgXbKmnNOwti=8Xop
zffsaa)6FIGn*rq_DsuJ!*3oNxCaY-D8vg{BP-tbrs{C`#`_>FSi^zyC32cFarGS*1
zU*NrcPXI$?V_!bp=nxG>$5r%-QmfT2+7=Z%^t4Z2;;L?F|5IwS!3jkO1QNHJ4sVJ3
zWXf&CrY~+`AL1C-yf!@U)k_TBb1hV<y~9%P{pA|z4IB>rG~Zjwt03sYsWZsxxH7Bc
zMIOBKRza!RBCiNhM#aqGFt$_hu(hz?^24*ulac@sIzZb;fXW%#DRS5|7truPnsNxt
zvBG5l;hku@4S8acZ30N6iZ>OwQ$V)&zP3gm&R9_E^jQf{(DtcWz9EVA{14y1_=!i{
z=MA1D6NHeKtKr9Vs&Q`@ZPZZ-ks?k>e~P%xqH0RIx4%h>#@^o@5z%M$ln|h>^vC9F
zt!;8iQvq@ohrt%MsazD#sv!0OW%uIXE(@zd(Pfe-#65u6?#t55H?ZS-eTbW*bgY#{
zFu8P_Pp&WIA6~n(cy@T3iIrbDMWmW4&!~F4`2gA0@ic_JX%wE2z4WlY;8)(*ez70l
zugTUM0g~h**GtQE$fD=~yVM#@COr&)2cJ%)V7TJ98qRep26nC7s+<7+=yHWo4GZE<
zbif5}v&OyodO?%$I#Z>|v{Fr@F@=heOEq6kzo$?J&La3+q3Bp>cnVR|3nj+ey&+q@
z=>I?si*H^c?Ne`fIjy}Gf_2;_lV7e1F=|&33)#m7i(*3b8g&CZh<m5?(rI}=COx#o
z34L0(N-uK;+gE36J_J8=-VrJp3x(ZLuhg1m#Cyt853s4dE%}IvX}i5C;oj0~0Xw?`
z;I~*TJIQRPPS%JjP||E=$CzK(j_vWZ%KagRyWuU5p{d8MrCXK0AI7UInAf!#_vG%t
z;KygD?S_wI_Qg83Yh5F4mp2?oMoju*WdZ#UvVXXqcGEr)wGFxxy2vbGy@LMy^z9=V
zE!nqkg&RQfVau~f*Vi#>%+O~x1>5wBDueSDAP34VD#G8LF>Y9*hUitRNI*!)kxE6<
zsfP;TUt~I;T3t!{KBc3ZU*{NQ-rO_0DioflaBICn4H#VZI`MnSc1cG^XUn+lJ7GS`
z-CFsGe$i|vCA9Ut%IPCw;NTD(%eDUm3$wKq1d^nM!Z-5*8Is{L7ayN_CoEI`yPDyU
z1{!PKOLzlr*qXfzi!iXolN6!+0yEnkui&#yw$l*c>B=6?N4R)DUtA`k1RB~sKjosK
zW?9vz8s~uxyb~8iK}Q#QFNa>RiMhKvEi_yqz6Ww%ZX1r-C0pI#L7>c*1U><dH{|&Z
zKh}<80o+P1$yMLLXHJg#ymc|SCTckFmL7nWOAnU8rF~S<80yn)wx&@5OzAf5)yJ)C
z1s2FxC(i&2kT}itT@GP9v1@k?(dH)RNs-bu!U?{Qa|-dmZsE8DXznN%SAnVmKAR!b
z7%)CAc<~_NC{On!^@#ixu9rC*iq6+^M{dUx#0ct-?I5LwbJW==OfPk3_$RCke!`jS
zrpW1V)JVIIRw){2cluX;3kMGdf_+~;v@gQl;Y!gnXj~hTg1MnFYBdD{^bKdp;Gp7l
z-h9wWP;M&Rjq*2Bh^+KK8$VcNglE$NUu0e}Xw(q^5^u4mQUYY!>KfT2Y6vcu3M7Cm
zFLhdstZ`fw&|Ac9p9lrvKYv4Qy2s1xnCFFB9cX9_b9D>v_^EvoygY4kGnh8KE)koY
z41BBCc$F}{us`fp@$4S?C)T#c?K`yh+7Yev&rWj-3*j&wq|>jYc!Fp37D*To==vH+
z)?sDcw#2LJ6^OP8Js{_9NvxdTJ3zbJWu?)lQR}8jX1}*}H|h#B(}Codl+)@9DCEHX
zH<EP0j|YM`c`AsO!Q+9RFzhdY*{!L$(^_GSV$_>^bQniJP<k&Gn}I=5l>rKJ4MWta
z;YwvDE&cTA^U!sn=V)trQtK6I_@h1<34SkhfY<f9@%f%1KXbbF2h>{o;Y0d#(*g+D
z=jbSOVbf?((;tAU4%IC6CN74FfI(FNhK%+Q_iY=sm<DjMG|O=TieUke<$Vw4DKE%i
z%-Bix-8KYU+CKSMyEGMP=DYxndiWTEy4tOdPw0&&r)^gLuJjE+>A5};RYislv^YPZ
zNZTy*H^TQRz}*GlKu;gkO!$-*4`-Bt?&Bos)>zMwrqiCaeRk>Ne;+V16#%Ec0NkJ{
z7)@lb2ZfZqAk+Ob5Z^^|mhYb{J<!7Vl?4kcDw^BF4WfXZ_ZMkQ<bXUiz}K23mIY}2
za6ySsu`$)aU1CdoAGMDZn%Ok_Qsb`;mU8bpGt6$`rgfH}`rN2R!#TFjKiaBo=XGfV
zEnmY648hMtT|VUfSReA7uyp`g^%*(w+46UN`e$~eOwxj3@PV5q_i90LrxlYe^4%e~
zeF+gL9RZv{6==y~QLP9e7CB!=FhasH)$NGP8yZrfvEDwODEFZTb`FXg-X}Pfbr-wO
zj4w~>HBsiYjVJ>iwYfuy!TpFfuQd^9&QfmzmllWKlU;XQY--sc&_rtipMM)vd90hK
zA{x4~ZxHnXE49xPk`P*Iv#u6J_1t+kye(QaeZl@kY?0p^%bEuTjVN=#k~+qu0TDfB
z6@UHQa-0mUqfZoWV&Kg2TI19jhQk$d+XOk?JUMkBTl-~$_OvmuQBKchBrqWWt5!!E
zi+oQR+ZK)K)N=@*dm_|;s*H?^0%nm?C<x!%bPxdGWfH0sRZ7!d_ZhX4U8!Tb_t!-N
zxF5-kpT_P!>d5E-YHS-zq(fuVs#FvNf_)jE>fLfOwW4`cjd;Z;7D<4r`ovo668QpT
zhm4K1G2I;#saW=cFa*F8Ssn-+63`178ZP=O(xeY0b7<=6E)dGYLxOI>Xy`5%Aei|$
z>t0rXPRQkqQcabMq3Lt=yXDh1*GyajH$%@(;3V~GW0~HAm}rmbB_5Dz&pjF(S^y7z
zg!=*WZD-2noJ_48RI7=bk9}teNTCK-QV=SJ{Z<f}@xn8&1li8{2fM8K$}6zg>_bDv
z_vXGlN<z7>Q`0;PfOasvX7$`aA#7q5eQaW#E!#Y-K*7v|$271e5=5smwiRP&Ww6$k
zfKkoLDH&_9x@Z$GSNqOrO`67MZg@st2E$h6$Nm>(1R4sOfZ>QgHQ)adSOHKnoVjWG
znL1JE4j~4rsskN<AWP&?ei*{-R{)UBPH#l$6dVMjZpM1CE3ZH;wXnbm`&M&MKgoFQ
zYHSI&4urPC+|#j-UqIQcqpS%KtU;nN1YMIhXy5vuluHg2ZMwA?JDq>%(L+#?%lnel
zyE%9ch*=%Qg&9J}acWuRA9`!f>n?_Y=`~xdqQUSfS0R%Ivh9l{81*3NQ%+Xl1kWE;
zjqX>2yb16*Kjtn}eHaw45kNu+C$vC4G(5KevpKFWj3e4}CXT!dI0X371rD<!=n|w9
zAjYNcHlZ&&!l=nB9aMf<!X8gUE@CNdUT&_)i65CsWo%qyU%&gqftO}G?tGp`=h$Q)
zrGlPFW6)a-c6)|pEOb_s7J`n2#r>!p0&#l#+En@5iV53>FWz1t%IvvkAA8e&i^jvp
z7tS0~nJ)few!f9Ie27A1v_U-BiYuqC9@-Uo*l%@DPEpaYTq7rI?br<uPvu&}+>G6Z
zk{c1gkRq=;%gf6&43!!UvC0Z*4bzvC>*Q3x&AROE$z~2}(sXZuE@1#%BzB6%lSf8J
zLn;E)*<y?3|5gQyAAMJ6H9CEmt(4PMl(YP8qi?qmuw2QwuqI<XIfY^&-P+|{WJ^oy
zr$ZY@HL*E?FQ*#rX{w*PrTdg|aa8g~W%LiZ0%Wj%!5jxRv0uRWc`v0m*x~?O=3^(_
z&=_xEq9(!njeK3A#_@PlLd{nZz`IqcK}G_!ZE!y$lK$Dn`s?VOIEW)^KnY?ETssbg
z-K=k2N~#ty3WHL{L;H$ZUi*{lI_>1}D)&LA2nwnC{^hWO1rBQZ<DS12%mKg|PPBDE
zsJZEhdYPpm9^>5~tc4A7y!1EvH~x>Hugc1qg_8$M1*4e1dKt!f<dtN@VLVJuY93+{
zpppXkX?Sc*p6~dtQ6m=C5Z}9A!wcWVuWgIup=`2t^Dc%G@)@~B<3vJ7SB?-xOXCpk
ze?zR_18_g2ho-!N_H^%sRh;E~LSoQ@u77uSn7c!RJpaF5i|*olk+DzQ!f5e!rJ_dH
zSKu-S$q->D#bKlPvVV5?tcd>Eq=5l0YzNc1Y@gvcyng4&SVAu73mQw3G_Lsv&;DKM
z`AZ2B?-BTH3j#S^CSm{l+Eg0{y#<s%WaRQ}k8D88O?@eDNx)-}4fLAsE*k%v-TFOT
zwx?*paC-hrzj^iVIQb3BYxB&K61fKif!43Z6vKgp>XPo1g8#it%-c_SKT;@ikZ8E7
z_=Cwxxvx3PF_OHJ*j75=6T%bb%|c}OxA`Pk4!n&Ws}+!g&i|HoX!H2nh*>&aNqa#3
z;NFn)`q^N>Yv8v=0<TtEAA1~W@-j|)-cod>Vy{$NI|lb{@PCf8z?#;vVYh@IJ?Hh4
zZQAPyxtc<t_|Sh6xoy=JHgs=#&^@rh7Z<Ofw_{mQ6{;Hge7eu}H^=!)2ZpaR#x`XO
ze!zQtz@+Hny?cc!;g=b5ON4p3lC&KadK}<b8eNHqV)(5}watnfh`{I0|6V1wR*C15
zMd`N-^GDOl>jEd!^3AaF&Dg>1S`J*^YeoF__J8k*Sjm`h&akku@@=`P%mP^07VWiv
z>Ho2Sy75(nKmdvVwN04AC;!(Zfx44gDiAO8w&&%4uRt5K#8l|g#dg=PPQZV4<V6U{
zW#m5>`hf0w-to2jX-iv!vCDhd$o(8C#=rXfe*Nar@Vnm8{mHhpgnyr@nFvLcE;^U)
zK5a>%P;echDAh6zy<BG6s{r4J_$fbJ)l}a6yH5|iv-JPAh}Nj3`+)?0rmS*WL;0;g
zdh*p2luTu`RIwaI@q2m-Hi>Sy{$t8Y@?*`Ex(xK?m>;=?-_y$T3I5n1VaPW(lhu?D
z?b%RMP#hbzWEWX@NByr}fVY2kBL4n0Ng|x8tf&b;w`{kdc<4n&-VY)90^#tNp(Nq+
z&EdopPySj5`0tFWG~3i1Hdl@Bduab5{)pF~kJJ8j_Wx*w<iu!6?xOnFWt{u&;7R2S
z!od{QwSi$fmzT+1<`_``)aH@9S?aR#JsMaX7(R%73Yk~d-N_NroZn-)`{&I&;+=RP
zbnhmBdr*tz_rCt=surQ_caK?j6~Cc&tEMfK-mKW=a%x)S@<u3Vn-1ZbB|?0X_SWAA
z_*e@qol1y^EYVb5Ult9Suz2*kdX&M`NNGxQMUg3dEsjk`Og_^?{qx#=f2|n&j~8@B
z`hjP+DAm2Mm41wXaE*MV>e;j3fnWLF<#KmDNLEq47x7#2^rfE3XWl>8B7?JgX!hgh
zBf|IOSMJnekzfaSpO|}JkD7eW&HeryM15~*!RcEePt9HjY|s@{Kt%*T93%`kdN2Q4
zE6!y;#<B}4yk=uCq?zj|kQi*0rtJ1!Mu=KaT?WYyj(&RRoT=h3NxxDgBdnd--o=q!
z)!!bRH47)$up{sxkEv@Q`O*Io;cIjJUuyJ$9~grd{O=N+tH2Jc^Ro%^59opj6-Rg#
zmKBwDk-q->uQ8;M{_FM$d_EFlJjXaAWc%wLV?h`FK4_uM7zjeq0ZozL5U)GJ{uC#7
z8QAb8H+WF%5OnpqmO-C=yjdRod8HW-Jwz@DI&n8VR3IlUP_Lf*pDX@9rW~F`NdrN7
zlSORq_f~>tF%KDqiBGFHo5>=V`mghYSIOHNYUs&o5+ldMo~$)(xfD?Bf->C~Z-zJP
zE+})>afhXA-x%ugq7|PV1^NC<s*DI7F||8#Rs`{U*~R%C7oXh6Kg8-EoMi=Nfm#|h
zC*|PFru=<pwr*7vPzxC@wEgUW5btnE3`&euF!55*w)w%~FhN)V$-UY54UZRkcis~Q
zt7i8bgoQg)_jkL8l}OF=>M(7CaBX-N)uObNWmLk>9(9%KuMXBY@egm=Tm5Vb(gdtv
zQ;iE>xAmp!cztB_Vvg3=RVT))hs9crLu>n+T;+H18&QK_cgZSh4nJHy@j7{Q+2Abb
zb;WQ8n_^ku^n7&0>;vfhcv#(apLQ8}#1LQUR9RIqJSt~Ucj`p*l@vc3&<EAj!GKWW
zcOgHKmgn_dE(-SoJfx~L8r_h9a573(*JRQ8Bk!I?`+(`xE*mk>LvfsG5b$HNn^Or0
zV&-gKuvUp}cb*@{rRV+NG;OXbCUjIq`9n_XzMVTJc$}NH-rK#HM_dqzK~laz^zwuL
z*KSXGf!LeEyI^<{TAI(7uyvv3p_hZrt}qI~c4{;@bZlLNMM`@qZ|>y1QI7s8g*)7G
z%6Yy$ufnJ#J^Ok~3&;lY@-QUS$hoqB+1~z-rw1W)$$Xx7X05}05B69TlqP0Vx$B@y
zgH?Qxu-<=s?DT+otKp#)>bFl<+pl_s+DshXGzR6{U_qgh6xt&^!&j9e=_dW4yBG3F
zpUrXx&)@(Oe(9T}Y@0Slq~z5yZyl(G1)xSGY5v<9czp$Lk-r@q4P7WH;81I*TtEg@
zUa$J(Ahn`9(uzOMfC9p6)d_Mp9YgV7#i?O`c)Q>6PVoG!x@fYFxL5h!AZj<_G5RJO
z#KcGQ#r#3{opa2ss}$3@yVjt$Y<kekzzO!LB>}Kwuio$sndxgbIN*aK<Vv5q#i_Z~
zrPn>iVn09_f^I-OkP7J*aK-bj<}||Ew?P#KG#Y)dU3QB)0sr%AXrStXHq#`1xj4nS
zmM@P~z(AlGsI|lK?n{_=AXTr@Bd*=x{;?YpcX(m`LHbh(iktZ^axn9nU<(pB1V#)s
zjBi|ZntkhHtNpu6j*KVq`_`dmW?sjb{R==Oc9{1Jo71P@<0Z^!=e-FBeQgP3V{^I!
z)S?wdr-iwNodzBB`;}lYAhueTf_eTqMjWVIE{@GE^jSp$?E{sT<)>qnYcPRs?^~eA
z0&mru&Bg4ma~0zYYCTV3wdBk<XLs5j8$CWKOuG##RFVQWC9D34(HbWj_OV{K`f9x%
zVE`3qC5$p^0XGLA^7Faq5}f+k6Z)-?9y5RcK=_0*9vNq6>1QJQysSof@B6%!Xegrg
z4>O&w{lUgPNY@QNp^E7SH$;m68T5C8zFzzi!+AcpbL6z#n$Hu0_2RKboae-U)Yd%O
zz7&mGjeoY=K}EOE<_HoUaCdEdFI6uStiH;k%z;ksuU}>7TYh-dc)Ck@Oq*|_z}=Aa
z#+#NE0v}~N#c}%w*k#1hHf+sgP}<N2i;cWm)X8bhXA+2cJ;!{la>Jk?&JH|D4S4cJ
ze4kM-%gga9wn#FyKmR@qaGx0wX}Sn&O+$Mf<D>G}0J^1T)De^fJ%)2BUbWFdbm0W&
z`DP%h(E;6DA<Jdrnv_E@*>TSrb&(V|0W_pte_$ufC7H=fbw&+k4%EUsn6i@Opokm#
zyOgdGFLh<n0Q9toocz_}dP)KQT8HrUFk+N%Rzn85m%cy;bEK@(uKvam&%!u(&<|KE
zC`O>b+spniEU@K%fJUrbycjp`cV>`*2-N2BV`_DeMq3u0ODYf0a(NTk_zXK_W9P6#
zIx9OR(QU((&VDoR^^9G^u}02HEgMI(aYEu$wOjTs^Q7HSZdl@b6U+b>5=`Iv2O?M@
zxWTX{(Qw;PSjhb}A9VEcIv<Ojt@2^^BRi?pD_ADKc74)M6}&H}IU9;^m~y03?VEDy
z2kM(=OE_Nf-a~y|l_r_f6-0>wglFE52aMsOhepQO)Tj=-P|<$dLe|r7rpy_c!|x{S
zn*(>>u`IBdj<J^7_DYphE9%*iD3~!Y=4kjmR^MAPrDAW&ECtUe<?Je>86O_*hIAE-
zs1?rE%xsP+v?fkBOuaY2NK90pUll}nkbdaysX-#SVs-kyA`98)9+F@3&k}z=PhyCI
z*W<;Obr)pw)3;-foaN<_L1?IS;F}`Ri*WkL-s2S))iOIQFcYW_RaT!YN1Ho+iRS9H
z`Ee^*HkJ~Xm(tyvFYNNNzQ*n9R@L@6Mr9{9m~1HD-1%bKJ)pyBs+$wK)ZIm>ceFd2
zo4?mysP@Dy@n@5~iL->;BN}exD1q~7(`TV-P3Uc6x87;FiFO#u<W-*8-r$r}XBGuT
zroPA;)jLf=VisprbKH(6B6_SfJL9BHKn|a&BWwA+fjRg3Gd;{$(Jr@R0oYThLFuRe
zdCsmoCYn15#Cyvm2i**U1Pv9PTnB1C@|?M73j{Js;#4;hx)MLCHb`%KoZ0qRe<_y!
za;lDW4=u8*xmb!&_-(|*hj7!Now-Ir!RQ0D>N|@(>s=mUQwe^vj1mrYDL2NFw|v2~
z%dDSrEg^0PQ*?m|?KvkNKUOH(!2I@E+_>^-D77=uuje2E-Wk%-A%&#)T}TDy_f<Y#
zKA-lcnQ}|tn*Nx`I7r^eK)T!K<yy2Ni2=E{&aiq@#)NoseLQWdsN6LYt#-TT^aN6H
zE8#wQHSyUnuI7~$DYUXW+Yy#v58v6vPU%k2bkgB@iXO`1wSd>&@kC!w=kCi$EC(Kg
ztRaKWai2&QW39)&IRQ>jA&pWKT1Kj@cg>F5<Y1ZKg;rBM72M*7V${sJFb$QQC=|?!
z)=<_=iL31nZ2lj6Zy8oa8@3A%DIg_Eml6ijB3%lKfD!_N(xM>JQnE-9NdW~BloUl!
zq?<(}B`uPRM!Kb?_BBtxd+%T0zkM9vI(!~wSTl3SbzgCw=RK2^%@A9-@Q4|ilOiYi
zy`Z|iqfSk~)EZ$;e{ylim4v6D$F}&AzH+qIYJM`AmTyHimV~|hQNd6hM!C@Fhnyon
z8}WP6tC55S_3iw9>-jc`x3o`*SfBdFE=yOGV%VJRf3-bBVM{Ic7-iI*^O)Vo1Gl=&
z{lF%^+Omq;4N<^pmI8U*R${KCeE4T>T<KdN$=Y%-)eItGp*{Ap8EYMq5EwS}yl+Fw
zodutNNAzkwYs0YFo1#Zoko(NYW}#u!YZ=9<41*6A_gqMkGsMKEZDo!8xL+$TkF$-0
zq)ya55LSQ{H)VreOc3LqIeI<z*wTj3^k)ijmGZazm-!||aS8rWIu{vaL_6+p@0C>?
z`=r~|`D1W^8!@0`4XIMrGOQ^49wxw@ayf$U+O@LrT(QIp-zq9!zFEwVH!Sxe*dcOV
zOt|224@uU|+{8!?++51@+<UvB|8A9)`@p4ONGY7+YcRvEO|j#aSK37{qw?MZ5+s$i
z^y!-GeBAI>{--Y6#?~3XU$W5p{TM2wG3x<sQHHu3;nV)RV%jsA>#3-{S_CXPF{-Th
zhwPB7B@_f#M%|&YV6Fb8qD;VBS>~Y@d#UC*r)!<nfn&=>>9pmUTmx<oZTzYLip_Ah
z%nKWCRA0TQ5Z38~wbNYr1*axo>aG!q<}>FAO}^}%ABaaZMoi_E`#JAT4p;Ag4^V4p
z^ooBt$E0y{YTupv&onx@T9p)ut|+#rb!hV{u9*#39@TX`9w#fdWW?uDGf_u!!|o2!
zH{`ss9@j<G{n%AA0!OXESnyeDjT8*qAm_WJ;$Z)pz*bP_J=EWA^ShKABHQ39(tg|_
zRC^n&5TG7->U31d%$wU1cS*`=&-WIyhN+jt7;Kfj!{H@yrYLDx_A6Y=C3+e1{@8kd
zv`e_q8*Vr^dj4lIdEHb7c8J*L+ggHjhF>Swsnagy3<-8B9rPp=`XtJQn|ncl21}cs
z;zoXn>rK;om6k^~m!$lXMydV$`SOqQa`j6pjpcotGqS-g-|bbHkWwKua^48F4PbO0
zyybOpJlm$h2;1=U=ZRu+nW&RLQwfwh`vy5MYb8v=T|);sY*{q6_sqe_90y_xu-`K+
zPFY{l4p*q+9;r70@Bf^Qx$i!%Jz=+C<{9{8&;HC;NjOnNyJl~l`F5J!gPOU5*dfaO
z`Jlzso40icqV9ym#o=QctZ_N?aPKnNDT4w$rHM0Y$F`<_(ghB`LR~@eYNP|_1!h>j
zim^^xvMdBuv!@&dG1ez9*V1v=f7kY?bcq~VDgRAL@aPeliO6jNrTdSE>r{13z-Lt4
zrs2aBNM6|KnvL0;by_XLy7YYPnizdI!RBs)9SHj-4AF<~isHM{O^IJ?%XhaM5#Hdy
zxnFt~cqT2Mon6BFOU<a@D|c{CY~e4#mfJ@%YQM5S+Vv<|!mnDUVMma*;T$j5H{QQx
zk))xs6Adk7T*FxbdmJT4rHn`tSAa*-0prFmSFZQ%+Pd;0mC(n>xvgf1v3<qp=l!^H
zt)s}}?|nh>v+9}}rt!EAuG@<0mD@Gbh)<bC#y0;do~`slVuXvn7f0lSXlQi$C+6~K
z;>=n7*YCJ>jglhj^xCd(2s9Yohr1nF_NPBy-&3_N#ZhO!8w&Iey3w$0SYniwUS!<D
z^ZB8}X@1630j?l#b>nL_wMy+}UKtfG`{w*@b;e6Yy?-GS$zlz5bX>uvDPA&%H00*H
zM<WkMTzgm4&u2+`+C~l&LXTG8&sDP_D!I;?^17!?)KkCAsv*U@0f~a=Jzg5BU$}ow
zi91GvU%qH|U7S7oL2sVzdY`-^UlHZeR6^Q>sWHsn2Yj9ax(2nlXI%OiTI7~aZ;k6$
zh8F#7y+Ki#dz4dchaa2GE<zpv*DSl^U!#Q-oA2Lp(DZKoodMCD7+jXa=4E{UaPlfJ
zjZ;l@ani?+9B#?k?;5cP)KIZAg4pmZIXk1za<A>>Ycn3<GDW3Wo2<$iA(w^iH*9ux
zV0G^s)NnFt5-u$6BIjOFs|eX#Ehf2Dn&<t>M1zs$yH0r5(%cP_G(sO0pRU30#L8Y0
zB8#6cIJn@M7#EyZc40$YoS5q3Ldfj4ic%-8Fh1O@u07)tE`?bT(SB%C6fWV4m-O9H
z=)(CU1<o59R(shT<`lwqlN=9scwiNC87m*RQJUqO3pPW<oiPj^O3$l<qpZGWe>_<B
z9(^>7%>c3pym%Q=NDgL*4z{%Q**?(M7Zc7~#2l8a?GN0zE0=M*vU}ch?D==In?fG<
ze1;5SGYfa&B1t{l?`FKtarOJ|a!=kZ*0A%JUJOU5SG@Gp@AFqJ5&Imm(;4qdBomxy
zG_+Q6CofkfMp|Sw(P@1p*9(v4@Oi0k)F#K^Qbvuu*#9tj|C;%Wjx;e`xjzk3e_Dq6
zj~oNh=z5sXOu2rq!g;21<6QXYaW(-A#X#GY;&Y2avcu7K^a!1He$cL`m^nW3mZir`
z{)ms~M%<?(c35(}s1>`pYTOXU(5^D3&QPVUWV`tRX0`gA)pFI2-}!x}Dj@{j8jXJH
z?CA7rE9DeZtItTYu`f60VU6>~P9NAR2X{^1Dq|p1C9NI)foPO;OfDUUwL3K2Ch6;1
zQIEi~BRuq}%h7t%?qmsczd2qAxz0YhsiPGDZr8+8o7`7+mxia{7P&wgA#J-&%@GUq
zK%`tezi(6mvCoax3<l;Ep?YEuYq9CxmfJ@a+okj$hO%!SuIK4CYdj`Hp86_KW9tXz
zTiU&S4X@>GHPmt-EzOk^!ql4JbbGhMeCu6bG2GFP$QX-Qr1mQBFMM`|8>~Qj^ZI&z
z#t$Yr7ICMRrJOC*FKhHXc)l5tscj075JJnw$0N}h2OF^-$ZekQ&6i<oj|*u?4m=C7
zRF8?aE5mHYYnEUTYdrO%;^`U8349(r6Gv5M$Z+~ZajuI`?@XMT`jF3xpD!>F#U%y1
zcf2<Ez<U)g4~DEc1d+tDjyW?-&OSa@YW&c3Nds-ito_S`us`fIFH5I448G+eL*5!e
zUQn-2=u_QwImfwyt!TMH2yy!0*EdWa#naR?zivh#Tgd$Fme6cuJD8-~KwCg~T-Evu
z2@b)fC6`w}qa6c@JvX`A64a~0cf;i;q{uE+pK_`FD2ZFju#vn@PVTFc@eJZ3WNR@(
zj{ML-Na<xN0>mVcz1XaXj)8L<XA!4ctIyiUj@!n+S7-d_xZFxM_Sonml2kHrzhjCY
z+1tHuIbKM$`7@|D$MEB?z7PQ;cW-kdB&o}~dbRAK-=0UWt(P1(viI8{Xvj)*uJr|P
zC3yv6KhjFJ7c*NHk_Rp^?wOAa#UWS!u7EkX#Z#PJ2O*Azp0IU_F2o-<+!>V4*e~E)
zeZH~rTR^pW*<$_FEdw>|lRSEXiG{l6YbCFPD4%Y4YHN3od(_avlmxG>_Ly`&cx}Xg
z;ef2I!T8cu^Mq}kFdAfP<Xp`&)pLQ^SHXk0XM%6z4<82nh2;@vjqqOkdZ_o-S1s~+
zRy%Di7`oiOGM18=*rVK!EnK8qA~u#)uQ>O`{bsnD_dL<@Gpx1nh&%Jo4#X}Z9<=Q_
z6nO5(50oEm5y<Cp)gJCsQ5Sg7vdLn|z{fS8>n$bp+1cqCmPO<G<5{wWes^k!s7o~3
z#dAWOO>_puF<dnXN9iN&$L`XA#XmoH$@t`{)!^Rc9K(?(O^Ip&FiS4A>&m&#{8>Ry
zF1ZvH%niJ|X|-rnJ0yG}0l#XDlfZs^I`YLm)o6|TBL~rVCTg~qiU_J8kzAazjr<v1
z?#08Cp<rdCR&v_kc%iM(6P!QOh$cw_-9SpOLFfL>xN;M@>seTvix}%9!x-)+0e3bD
zDZ0Ip!=z?GKjxwZ4<U=BpWRlHd3J|m{A1B)Ophj)MLh1`5PTl?3ekw*0|15y3Ij-l
zOd)oA&|}#mtYL%bZnEJy76SQ{-ZA9>>L!;kS-WCMqdDfcNjI%tVlECXt>##XI$Me@
zg-PhzRP}&s=hz!ApY}0Knqok}c2l~BD+;BFd{mgV!@5g<UuBWNd|Pxfm>0FKU3rP;
zQgm)j*xY>bv9(3m<;&BqZ+gGSE}m_o;|&ddl6Xjn6-{ALB`R8W8(fMf<^;b#-q@*i
zw$wOyTUA#&q4tE`FY2V@-i?c!+0iP<W8q5T=JDoisR>48G}`#&RR8YU=XrjG%ZOmJ
zz*A8OBsTW+4w-$6!dY_J72#VP0uy>h1q`+)5XtMg47u8*2y1|#XU`9bZTu>5ux5Li
z2G2*L=0(!x+vqPq9w0WB$mM=mx1cg`BQ8kws%8^GDqd_S*VuT92>SD_HdX^=Y)}_{
z#EVCK$0MwtRNt#F**-6RJo<TTKM|OI(XjW%X$U7r!V`kWu4rXhjJcQ!JvW~hh9u(h
zz=nSD+m|*)E%RcI4!<wcKqgV&x`5A>dT(_78CToUzn(O_PIq$((LOkc?sF=;AjRg&
zlTl8b87)?GM%u_gp=756gJ<=<LVC~U=lwkw)8xlXu}t8=O9%HyRwafTJqLV8lv2jG
zG(X8u9&(lJ;w5qE*B(zf(hU<K_$GxP&*b_72BN)*Yp2`Z*K<Q;JT6Pa0+_;cuf}E#
zTJKLbK8T=(k{*oC(4Xzqy`yan+%9hj7Jj}F$4bmf^C^topsMPgFATIX#f9*RSigI`
z)W1eL#D*`z@kpXRG|{@~#^%8TijwE2FFZdzU*`YK>M_>FYJLu_Q=deB9H5Z;1jhWZ
zccP`M@J^Z2mFOf>O~qHuTj{H;&mafw8!9y03I|8WVX(UXHnwPqPT?L84NaE#V(65b
zvyBX-W$}_LYnFa|fi)i&cd^|E)&y06F`$L4VP2E%wjvJ624`L)gz$QAGeF)nJwda`
zMla2Gg5B%HLig^fQ<*q%>D5TCn(KDaW1lJdzO^+40Mdc2AUJ2)`>tm@X!wCjxEA-!
z=31f;tn|SO0l-C;_U!C`{cyu>jY-{oKBJt*@_scsGq93%x+(U801fJ`i-@330e4Vr
zV_~j*73x%U2`mXUCz~x|Zep;kQCky-2S;3{sZ!4TDp-%TE!y3(5(`>;%faPT(KQ^}
zwyuPTFLtoTxeL)JO7(t=#YhvT+4y`UbWw6lH}=}BBpE&E4NiY7@GF-UXVQ*C><8Oe
zkg8h$F#hH|RvPV9NRB;zYvJ8gVMdUR#g9b-$oe|>7p!s1tAA|zOG*Z7beC;l$ss?t
zv4X>FbCaFwH?}dbydPo}2E(ljIC0NYq)--IHz!S*3}5sjjl}S&l8=2N^eM7AeNyN3
z&P-FYzzx?Bm6wmYWsxtRtf;pV)r)<bKZ#+=Wd8Ed4@@4BBl82#w>S1ww}*P0IvBs;
zRWC$7gEBQ><h6dE`vl{G%|3<0>e-C-$qk~#Dc(KI0e4(uR^fZUpe6ErHXqMVXYfqS
z979M#3YP}}D{~@6yd~{Vz*GVXwz92EBx>6~>y&oc&X-I-tX7*Y`t=01Z{vZrONBQF
zM>LulEQbfYd=tef?RA%RHNDHk51cZCn3pi>S#I7WgM<Pb(wp%5-O35%DxdMQr1lCw
zE`9g2=M?nOC=9<w^NGGP0$2jcThZsk=*Lu>*)PF$H5E@hTC<(#TfKmqTcE*dwn!H~
z0=FI4vf)Aq)X$ma7$NZiY-OO_^?v1$z&ZL;0b;n%X~pEwcu+%K^{O^pI2cRiS2*ME
z&v#<k8&Vhu<}S+;K7gKyKb{c>j7{;uRI3%w+Pvr1KJm|~q54l<^rO>q)n<)z86nX(
z-A^1S=XxUGJUzBG1>t1Cbb@iP1}dy|+x(FY??VEBXsVjDreDUoGS7=GX4@Xp+sN&x
zFhNc;@8mYjA^^Dub#t>oafsVdI{g4|KK?ZfW9EQQ2DokL_|KnoNf66A%?MB=NioZS
z0*V93rebK;pD~Q**Ebos7D7b{=c2$#&T$L4k3O%G8+-dav%}t3iDPBw79I9KvNpmE
zT5&F}Zz7lHHkf;cy^9`U%PP#IVreU`<;U*%Vz&Vhg!}RCh}O?97Q46O5fTL?b(x%y
z@qPa~>oUMl;CSwWgSyLb#}#KdTaESXl|{$HHD?|o>QI7}^@b8M1JPYd$3~CMc<R?d
zt7W)D>gNnxvojs?+YU>FWbfhc&CfY)`!&2zyLtrCGtZ-(aG4stt#!t$c=ZboZ`6+d
z^mw%K7szUs{bR>Bb(E<z?xZU9tzIqzWUycTj(w4e1wA2;%n5I-;OZh7(y;uk&Tr^e
z`66DLhQIktYd|ohMJFh3@D)e7(mO=oM1A_rtoxTD_(WxX3qSMwkdCgXb|Z3%q-DWT
zHB-{ek0X~a|GL;Yp&nsO?2{pC_~wG}nmyE+r}Nf~O$;mFgyhjLVpUU(nrn6lrzdvM
z=cA+8;pij-6p%#Gs&iw|<E^4f7B+{aPaJz0tpa`C7sc?FTf&rp23zy66tj>hulgyT
zm2`n1=ZJ~%>@B2t+Gksz)Nn3AUqP<{$u3Eu&`J#mO0u`EYS><RKPpRwgtN#HLH?um
zG^g22N-}hOgSCIN-fd-t6#O~w(oqWivzTZ%EV=R~3&OJ&kus8P6f4CZ9oUimtY=J{
zU9Qe`#IEXtx~via0JZ^?ukOuX*}mVoSw27$+4Ysh0G0#*1`<R3!?rlQw;vb&)&f|~
ziWydHLDGdOE04_j5X2S$-xReTKDBh=O@>U(tE7BDz*97ZI8N$(Du7h{$<%AnEaNWT
zroIZtEJJ~YQOkE}o7BG_zehv1K7kr;>>?;8NuVQNe~LK7+8}+=iz=ju4ZFUM)|n|<
zZOl{KzA}Y%a`4#SEvX8YSOl0wm#KHP0MQ|@>mM>}yUm<U3*b=<pg@3{C*0CD-6-Wl
z6K=Km3Lk)702~YhB;|z*U+qL;?xN7yrXEw@s1Ehn+wL-)U6X6A5zlYvyY!da;nqHJ
zVVCx&uUo~c`K78z-C?5T9Ked<G~XP}E4TqJZM0+T`1l@}@#>gT^;tgepWP)EyKUtw
zYl%qIfFxDY;_AGzH<6F`nhwp9cEQ*~H_p=wUJ@)b0Hin+lpS;ZJg_2W%)O!fhyDK?
z#~|`5mIMH_2?0PYL~d~<5AW0c&>6ud#D_Ne8<rLM?bl$oyK&~OUOOz7;+-_c%02vR
zuZ;yCg=|ROZ0n*!<Spab=$E?Rm3AXYquT&};!4q%BS~CXs)gZo0rR%O7XEC17n{Z6
zw_d7*zF~m=B|-Vw9}<lkJWbXIPR{e}%DUgN#6C6xmDa{LD!aKy^HN&y9=PMW*Y(N&
ze&a#o`)Ql2`Oa@Uznj)CSE$v?H8@e6!uZM{#zVj6ncr&YXl;FaeQ3CV0nBgUO!Gr)
z+e_HteGRwrg0mcC6`b`>Z;oULbpMbI=)C8Zvix4)hm4(1Q(gX*u%cLQMnDeK*hhwX
z7u3$qHGOuL!mu1{)Ti6(62DjW+byhDkMnhAF5JNEoX-2{wBxDF_#G0KH_dD{<=w!w
z<TUNxkL4~=A1P|$1!${8xAqivpgpYUqKK&L?8bD)Qp=}LGg*j+5QJ!h^LDvM+e)Pt
zQpNB_6Lk#(gcpZL1XQ1@KbAIUD-ZZCDdXkl;O?A`hs%=7p=u(hVY}$mH}v{W&x{D7
zeYxuGt@ktCu9Y8I-!&`+?H)=@G1<yK^jFT6w~IKX?^PYD)Oy#eX2$Ok)CQ3X)Dma$
zt17(Ij8~>YZr?B@fHJ9?GvFObuqyjF#BC9gf>AZiAZL;e|LA6`<r&4=kjPsOZ#HrY
zDYhPB3UP?WZS#!Qpf9;o61F3Gl*hjzf4|&fSj3YRslcB7q`&s-+}h4YgS&S(-e@`<
z*gt;&m&fth0jaMnc95_^nf*M5-5MNmmIwpa97RgB9h5AUSs_IL9-^Qkge(BEj`i5|
z`2!Af(%QvuNHG0}_iri0<2bm{+kU>DlgrU567jq3tIoS?o|T)3eScl9ty?64{QIWo
zdGwJEo8$LSM9U~Ht`S37=#L)ZA099)(MfIS4{3rj&_5zq>G7@GPm5JQp^0{w8YfTs
zygitn?I4f5r`d%ix+qC@{2!+gYa1){6!AoRqPqK3tD~J-kh9m<DOweQxBW}bvi@;)
z9uZ8*XItj~<u#KHxiUveeueSyt~?b&b?8AuEATOw@!B_dCQ_$a>M9sxOZ*|l>#KF6
zP?Thq>7LM3FPL5L%h_!(+N$vwBENbZyj(WKCPn_RdK7{3ns5<1A+RAp>|>YJ%Y-EG
zr(OL~_uW>)P-93Sv<4?&-d(V9O|AUN1&1ayI6x&mcK0sR9cz5-=eN`1?A})fy=6~b
zX*oOt<z{mu-BvvGAmyi(ErC4HhPkC}wr?QNboN=t+sESl{qB--%iod+%Qa#Q0u=-S
zJwa7buN4JyBx1=+=)#-(Kf1-LA3WNhC-)4%TV#z_Tb>tW&>ZO-Tr_qq*8k%HcxZ@;
z^~Eze%z|g5mwPfG73B;_X_bKa-x44=^Z(6XmXRVOhOd4so6>Hi5EA<=t%NZC5mDix
ze<P+y-{CyG1;vitHL>z)9(nw5po3JdkW*8X*vaB#*<&up4j0q8X4bDVv<ef*EAf?v
zc^M!16KUf}t{%6cMBL)x>2<$Da7YK2La(Xf@O$DtjMsQbf*I*PyNM=Md7roGYTw)6
zNGT=f^N&WvK2LSbfUx@WGZXq_r1u79+@_)pM)`-af#=fO7GX(pbCJTimpVov-l64T
z#;x}e@fYP-!DBh3+z+g~-`AS>e@c}>ZkRL1pC*+o#|!1d{1BVf=<Ns|xRm_qiu&I+
zesykn{&d2Ri}}eF$^rFsGENu*$r};45RIq%l8{q$&UXy88$VU{RkKs{bd*ZyzWA<e
zTq2lVcjDmvXZp{xq2@#Cb>ZonMyo9Cb8j_91}Wo*XIu{CvM|Wo7CMIKG?EnN`K}D_
zx|lmM#VE;GS<#n%pr2&1o8HD^tBR>&N#(VHYEK!7-xEgm?_c~_?S&52jPuOWbXF7Z
z`z{lIxV2e2oAV7x?cSo~Uv3w85{o)~I-bw{zV+kcY)9Yc05!Xz!zEv10Rnl*j+}F^
zL36ABDv%WwxvEVfOgtPG8@sNYH9~c1bDT2UdlzH4oETa<oY9tbeiZ9KlDnAS%?l>O
zuvIH$sb>+$;|RXu8ql|apr20MyEDDdAEPZxbH)7Lu@Y$#@D5ZU@L#Q~m~ZpilKcl*
z{i}2A1b;m7@sFR--d?&_MdahW!PnSw{;JAVykq5eEyZjny!yNN7d0ZhtA}>OU%0Hf
zRAzA=b5=Ju5=s!u-`t&+`19uQ|8hwJex#+5|8htsL4@_G<ldx`jQ6TiU%uEV!qspb
zoyd>m`Kr*kWUoW%zvu?Isjdaw^c*A6zSruj8JmedN_Oc_=K5SrRX2sne($fv{bgV9
zTvAqWdOu&9N!>%PiDdr^6LT;P0xSJeDQxit-pS6Y`hS8#-~)Rz@E~k&T5=yeJ)PHr
zym;WF+H^MCs`qa{peRzjE{X7Fb(t+SaqMx6vI3cn5|GAsyM(sx9s4%F?paYo&KhVW
z*Wl6!r<<5j{WD_8)fu{YqjATd0slvnJg)L`_rsOJgxwEBnhq)Gp{WGkxh`7s8Ts|!
z5`_xTbOPpohZ|0AfM{!$#koCd^JD%wKf6}e1rGQ(G@`uyR?Its&iUy+N=Af+!up?l
zBQTJ-h>gg{QSAi!%`A3yj}_6WxU&n9|Kl$DkZFBNq3C<@i-b7Rb&ZOxR3|9?J_Y}>
zK)O}K?^jAQPC3$%{l2#wmc}Z*9f=Nqc}l+BFehASsg8=k#Bd)Co7Uk>`MU87tmw}V
z@n_p3K9kOvGVIwVn|3*+4N1;n@IhxB@r9j|igc7xkG1op?@ku5;!Y7%JsBH&pSoW`
zxo$p}g{;_d3ZRgtlH=zx%pRmjS4R`1qqmk@9}@%NATr;owtRSM2y?h{<2FbLsCU%$
z(Q-f_eE8|@+|lLNA57K@tydq9guc0U_RIX1fW<%4R^Gjc*tZ2;R;-Jv;k~`Go2Cs#
z5q1Oqh7Q17?0%phjb)I$cYpfbN63D{ZF*g++P(21v`Nbr0zabC%wGQ8*}FRnh1*-=
z3X+UBRTY0e0swDzYvR2aAV}eWeaJ`fZF?=AhN>>VaQ0-=FsmylIrNH5W4m^HZ2N+f
z$Az<cYI9gCK7+>S5zpS<8TsDf)q$c72(&`Bdq2HKrpuvjCy+ZNP0REQ`;k5iW%jl5
zx3)5LgZUfDyD5+#`y8Q4T%Y~zG(Fg7jPkhvAI3>~RxfSdGL!-k6p?Z{JZlRT3kh7r
zuyA6|S)UqG8pGF%06+c7pa}xaj|ya#4&t#}wLnQ|MQdf27+C1q6hWbGC1$-b=eebX
zJYF+B4jJ`o+rs0$-O^Yinbab@(dj>l?FCz_hhjm8Qp7%}mLu_3+DK*GKZ|<f7T~#Z
z4Ms{!k*{qlHI^dj_9QkjS-RUG?U15COKcW7hqm+vp!=YE;+~ty4GqMA9TA1RuK2zI
zLwu}6oCz4+*=WxTHdn>XTjFrb4cF|xX7>95dVI2}Cu!WnfP<^Vy<sSKMvvEc)iWB0
z3SY|E!WLI_h<q&C&*&+r8SYw*^kBDGeC|y2F7K9!z3RwH&Ly^i#~db#2Z+YAMJ!Zg
z&<|D|iMliId~zXlDS>&nYbNIj%K2h(ugrwRmPG-?Or_O<Ho_mn%Nvb#oh#mlPx+gn
z8tW^cM!5Q!h$RnB!p2AbFgB@BAP8%Ll>}5GdwaL3OC@?<U)#XnhcvNoQNW_8q>CPJ
zG(Py&-iw2l`3CQN0jkQku|7Mg!7DJnA_IgD=1nM~-%d4B?fx=)756MCP+E788@Yb=
zOYPxpM*?q|Wts!aNgZBU<8fhxrRc&DI3IyEv9~mTuSMoI1et-OnzK)Uf#fb&L~*A-
zyiz;X4*=kh$w7}kLKJB-zr^9sTXL74`l=ysZDkfVh*4>2RO~2CIi=`7tJkOiRxiw}
zjJJ?jJ0EY>YOvTl1qHJUqIS5@PhGXB*h)Gh&6i6*`!F>T=IV}g=BE<c3l@CTGJH3)
zKAHhYWZrfMo{QcV(!hN>_0%H=5m-hjq&ku{#Kqs%7FU1(9E1|}ANjCxnd)k4cu*gk
zVj5Wt)Jn|h5mC`1ldji>F_JRmrg@w%;v+%TYqC~21dP}yh@5K7m0+EL6pE5v;t7=C
zF`}G<nGL}ewLY!-8Ov?}DLr~*Y@0g%{SoM_0?-y)HuKL&k@Fi*7@6iYAKfg(IX4vv
zB^PywsV3(@9~Os~fwcoISqjM?2{51or_8%0bL6=C@gr~7j3ufAMkxzTJat}5eNYT^
zL})$y%-A#J_E^ZtCc0OzWaXjqCn2M(j<7TP`XVN%$r8XZe;5JInLGiMKHx{JtshpS
z*)fRNau$Fz3k0zjD1FRE4r&3EHnOqM&)l4kOpS_>u)<@L`{V-!{n(p4y1-q)BcR?F
z0GMkWP(D36*7NvPP~SsR9@^Uw&j*M-b}Z33wr}k;qP@8Y9T9Xr5G#J|rIlZ6_gdU8
zKxHPvgZl={@o$Bi#Sc^UT^FjCWR7HG7R^z(Dfe^zgjZmQdOZlKav+DtA|1R<dgU$`
zpttXCq!#f5qn-`Q976S@b>K=?$|^L=Tm}lr6&3lFH0()w>;_H^#Bk}`|GLfs+KOPa
zww+C9&z9CV^p?HMyfB6=2Rk3OcUwvx`}wss4DO7ebw3A^FVhoO;H(c^2C(wz)Pw4-
zvE`e?z^2*V-uL+n?~1cNm(poAn;iqx+N#Hnb`jSvBnjh=(w$&_=*4!56=S&j({1c!
z`H!hqgkA#L9yCtlx766o+xMB^NRB?c?zA_|-xGy~l@*6xQ%%>UVJZMeKEIW8!2Ky4
zyR=vCIc)?UsU>0eBFF=%=lPmss1Tb_ifx7vj^r}i$igSauC;Q?OR<RH++D^4%rJKr
zo0VYGcK0BmNAVe|aArxAUt5l3?~^fa3A2WvGV$KiEoNJRZTO81tFk;P;+U8}8sERV
zjpaTU<DN^hT+X2OLkD>*l1k=%$C=gp;u*a3NcQoEw*hpXcYVpH%U;V{4gj+A)h}vZ
zs2t?^@axdfPd&S;4{@vMC8X$e^qi(-4;<=r;BIDJA-hj0PgFt7tW5AG?V=o6#XQjZ
zCqL88P{)_IP<X<l;Elo9y1J3EN=k;3#K99FfZs!<0&L7ABgf1%Mmqe!Cc)30J?Du4
zJOfH9_~G&P%sE)PK!N1|{s3~b1^&UMVMlcJg7Clx*a}b`C}`LR4qX|8g;*S8U()=0
zP~aTU33XqqPI}~VF+B`TBtb$?lLA{F2HqRha9%%fk_6m#ZjRXj<_-jp@EX0QzWrKt
zz?^!%jG#m$=!{S|0xUHNaq{ad-#ZflXlV_)IRK}%yMK(WMv^`7P%;G#6G)|G&<Y$P
z1y}$0`o$?eJ#th@M{#bQl^BJH;S7k<)t~?bZsQ$*e_$I=fNv-10I(eO*fA|M9P~;6
zn_mXrx%0d(dThJ$@QI!m@I(Oo0<A&{E&=fG;1^eCZ7zTS!)wr+5JYhu+hH}Rh!va_
zgRHRpI=}YjOMuz~4Ol`O)Oi$<zK>m~3=!gd;225Nef8fz9dp9K3I3Q^w8mx(F6weW
zC~+?$iLj<1(}Aw~)BQ=lL#>St2}}Si6^b-zR@XM(kgz)M8+#vcV~H2za;9$}40#XZ
zNv?lvB|)hh(D!vxMwy<l!M&qFK0}M40YJX?Bv@{#g4(5MQQIvPo=VS&nSAKPbe(Mr
zSpNXPuQ|CFONTZ?@30+(A=j61b7^Li6-HnLK;uOQ$VbfsVa~-n#4uM=Eg@fF`G3tp
zDd6kHFu)-*QR%BgTg(e#-1@+Y!h!N#%6_6Nsucyq%4gK$=^M}$>0qF%-P6Zv)izMd
zH<<%;0@|`1Ja!oD<eZW#`JP~V)L8T508Zfp%D&1Oh{EoGsi653v=|+|>*h_fLZ7YI
zvipyr5WJ!LRz3wfr@?_W5U<gg0GW+uvu@B@Z0g!!t&%#RiaD6YDgNb32>4*CyPNEV
zR?#Tb8NLeafM08vJg9oH8%tS8hbZBK?RGCa-e_kW54v_?8MZ_a9cD{Ycvte?7&IQb
z>jS7(g{RQhVn{Gs7MZY!pos+~NSz{vs1v?zQRyo9s7YBbzDeDK4dwa!33qX|0`}@`
zknZ{wswod{2F!@;Erzi9g0Cye%^0cd_$N*3XL3^T;i0#P3h4qh9ZYs$r4!NOZ%VMZ
zzA|SquKt1AiP~^qn7`{_H`tIYcoI}K^w?!A;(PPGLv=ZQfiSUx$1GE}0Mddb(kL+T
zj0Jor$o{a7$HQY~^7>w<)Cw>UFMeh!Z0dCX2s-(pFmo6q<UT|PIzcdKQ^3E|K4(4y
zZr8|ENRr|zB!#Tt7feLnz)cNQRGz71(3VHD7{9N0M+(APtZnb}>saUXPo80*KOFT^
zmdJJd1%v%EQVV(Cgz7)OMAKxRJJr7^_3W-uu8ZdpupG67pgb%ITY>Z~1L;JWEh`7(
z)at;pJ*fv>v!)_%j$!L1&lq7VCMIQhyt&xqU=gFz8lV$FwpE`w{Z1vLfcY07Mv})4
z*6&G4*$U|Hb{isT<WyG79q1bELbA`)p63q<yHe$+UP^vsj-tV3<{SjVjNGA?i02#3
zMVvws6s0a!QiFwN0+7(X=-5eS<-r^6KS~OsX)0x~x?^pnR;dt*(RJ_e#XXPR+Wq@E
zoGxkd_ssi!tg7E~PB+nU8Rrnc1X0cdTg&4zmvBxPbWT>iTn<-`Lnm!V&H;huP2Dm0
zz30AriPY2}kq?lq&ms5t>Iv?~0W{cF^M$V(*rc6UBCHoreY$DoFlA6Co(dXf(6qsM
zr`z6xP8ekhc<%&5dP))6dKTzgb7dFI^Upu-bP{xeP#2b^kU-5%b=*mgM~u*!xIuh~
zU7ZRm4f{%8!|4X&54rn&VQ~2aqT^wy^x3Ioe_nr70WJoXL3G4T6A@+9P<G`d+RORy
zOj4EW<#^R=(f@!4Ldo^L@}+N_(e1li&SGe+Is3RL*w-Q>#^EO=R05heag=%M!Y4fj
zJ5D8ZnZAO`AR2FUgipEp5Qk~DEir8%Gqyywp`=37%)P=v8m}#9VF-i!m$W*b;G;}^
z^VW^OE3zNPrL0Jsgl6E`SmPP@^E{a+pi14uJd+{v0WJ1POm*L#Jg@W6$-u_@sJsgF
zl(0s`fy*k^n15bT+i~AEdtRU>8yu}Pu~3)7)JaIS>PEmTyWoui`-hTu*xu_E5mW2F
zo@%yuU{^QSIkaJ!-7cVvu)YL7b32Ry)suqD$pJ~0plU7&KZ{{|<2nOb-%Wf`+&c<d
zbLDyv4d@-qyGr;>MW7if0FJ7gZ0UXmDhxAcK}ecf9Z>y;LKVpU>ZR3IJ{z@ZyFAZj
zRGDoMQxxBD9<(tR;c5Ddoh~ker!zOxv4{pK<D*ALY!ijJEHS*K#q7kkDZ=%yIjk5m
zB+4`PU|ifWAA&7p$5+!chcdxdlZ5lrx%8=}`Lz8EmIglMNwAj>Q57~6=h{h08WUr|
zaziF=Mr2$nfv5{g1hjILSmQwT)d_O8d-q_mcNesyJd4JsjPm*9*A0>sNrSA8OZf5-
zCw;Y*3n`Bb#3CIo?rA@I*c`q|bZ?3$(ySAKPDLStPuzYcMsHa;(F3hU`NK6Ew(erp
zhHalh6)K<7Gk(=vlxyd{Ky&>^y6|alSE#L^pbCMi2_z1|5Q4^KQ^e-Kr!jo}ni&9<
zD)_c>2Dey$<YLS{zz;4}wXy8A)0Z#5s-(JiOVU%#4695&J^P?1$6ZjB4oW3*C_~b$
zE)K|SWleDfA}g-OXC^9LCI^Pt-7>eMh<yN_yoVawRlDY;<SwoY|G-trVrUWiOHu}P
z#F+S;X3xrS6=%tHi}JR>${ilkN$1~2S=p(G#;j?yu|2&`cY*Ks`6=j)_QUxOTUad{
z6gS4l7Zys4aWbipi<&Dh=^({FaSYg_wcq9wW!*K&m5V?h^-AV37r!-@4DnQYerfc>
zCm?-~0#poCP2ka=--xy#s)7n{ExAaAhfcr{55iq(nE-d=8VH;V=l3HXUCVWjX~wyd
zfnpjTik$uWMO3c}F5_73BOdyCorio*i#-Wi?Z)ek67JPZaj@L?iVp*aO1sNv;%6A>
zSfsqr5C@F5yv~jIVv}WlWPL61B*v+qGRhKnTsgvcb8cZqWb=U(t|Ak=e@9OnA0~aO
z_PqPbHA0_@0)<Kj9=Uq2h5b^vwxkg!(P?8>1^K^R=prP}Uu|G_Nm|;MCtQ^apRhIo
z&M}St_2$=pH6w!iS6@FKhIn+hP2P3!2gv=3*um`ugzHUrYGIOj8Y1dlPrRc30@w+7
zNa4Ikf_Bw+A!j=U83l;<a!fjJ9z%k&r@YQ>F36yqCBzh`ej~^waBKyj$eQ<@Lggaw
zA|4sdHzOLByWdJ~x(z|rQ8xn1?3yw*3<T<^#nul|AVW3;b_DY3V1aOH2uXDs8FH-R
zJZ;X9azM>a00n~*q$5zp6j<$kbFh|jdZau{fL&7qR-_HTa>?H(%aNp`@52!&nw9Q$
zIu2&_ka`<98~Rz)U0g&9>2R_0U)O}$MEWW4=CDG?y_ww@Pp>uKKeX)L0Qy+>jNA$D
z@V-~iDid6rmM(^Tc24s=rY-y*Yt$(Mx!t`*BJqvCU^th=^@9tl2?XfVoS+x)IFE*?
z*w0;Ofz0OK@HdDFCc>)8N1|=?P$e)Nj0;y)geG4n{f!U4&WY5Bt6vrodBc6|w2a64
zi3n@fO~>W%o{|sz2G>C=SqFu+J?91ebz(`+O^#sI<}1i8!(EmU-k`#xNU9pu)5Bf%
zla-_VEfM4p0O7ryL2n19#W4%{hE$CAJrkufPMlJ?JWk7HSV*~30(wp`b3a-kD?tzr
zlNeYVgI_>vMo^iGZ$3=_{0Yq`fs8JWiag^#qV0c0$Cr0<|7^P!eid3ILqI||8btk`
zr1t!eI$xrM2(@)7*JW2GIu;0wV8@^&Sy}1S5|WF<BKGwyB~avl3}|@*BGt{8xtRf!
ziB+L3)<WTW>P3#44vbK7CPM+c=%rKRhk7WeiU~o9M}kC|)Pb<k{`?tra`stX#K~o_
zgp91m)_!=`a?wA-D1azzu_IOjX$Vau2bAnuX&jF)<Nd}PIG40_E|4JNjY3jC0nPvr
z51S&-!2+!Yq+`g-o)+Q3>CP&<jNOgUD}+G~j=9*_T=^7mzd#8=i)RA9Fsh@LS7>u{
z*FaSrgxG@$1nL50OZA(>mhCY#X@x{3R!v|ka?PowmCS_hR~CYtM3faTX&V!QZ?K1Q
z_|_K#2ukPi<+=UBAR(mZKOJN<2Yu-683J`7jtXP|HOVyA!w-kffEq|+s|*ipyf54B
z2;_X!<&Q4HVw+146PLMaNaT}H_@oFg3A<LgDC+9m;@=uZJxx3rK+^l&E_iD<S4PiW
zCcvK$G8e^cIoR%Sts=rdgftq`?<73|ZX}LP_{c2do0^F;v@&FfVS%CRV!0ea)gfb4
z@F~?yrxH&)|AO9;KM-ImhOOQ;{xOqV+_tjTHIPr_9Yws`3Mr3Edg=1#vWZRX{ydU=
z#?+X|2L-+4GE2jXvCiP(<M^}N6vREW=x9O`CZ-p7_PXN;QB2)D=pSP5Sa}KN1oD=9
z-oQtTYS?AqxQ1rdg}a~!_Y~ertkIeQIB;j~l_`hKG?msDqoOMYBD%KoA`I|Sj=K)4
zu6Ipd6j%MOHJZjtqPctS)H7klQK$nKrzUS=Ug^2hX85Yu#Otd@WGI~C*=i*-CImMG
zatwfU49dL}$OC#am#OLNqI~XwP*lkKmWx_N@#vSE`T=Fy{;4<+e=;O=0DMZK6<1!5
zD(NBOVix*K0eZ34g?(E~mn&dsPwH-!T^ihMjd*~nqhO<-!2%VoH|xu1G+f**w`hqw
zkLeWmCj#|QofRrGf?<c1kYQ8GzuPE8{SaUyNI_8b7BH<axd5%59Nygy($df|JgQu{
z{y^%yLLiT0bqOvDg?CYrG;AM$G8>!pDSzP<3JJsIARw7ceIWw;cywLdNqWhM8=U+N
zL{IZJCqBBn0kGEric{%+jgTdNwXqQ3>MJ-7R#;e`>N00dqM^H6eS7pi))NFC@bKEp
zpnC$V0NjlQwonR+j+*7zy)t!LJGvCSISByWX>UnGLLZ2rD43c<34LaPw2UL|=9IgW
zYs(}^m|z#imF$a<oODKhxsgg=-icQFgXhyrfuI~HO@|z5jkWy~6mE3kQjcefN!YrX
z<T@SO`h{R67;JYJu@ybZLj+;B1SE2MDd$}-#ip-SPKdf*eS>otcy5n1yEY;9&DK^K
zkc{1e*soO7uNJMOq*vj#ntIwCY|G+KIVv`bHfe(+krIgedjb5a&*lVRs94YIZt-j=
zrtMMjq1hAj)X&vipFk$>UUj5D<z9HoIgTH@(aT+{Bb6n-;hU2|(;ki$geZgqr=a3%
z-#?L<4AwT-a->vBk7TNOoi(bwWZ`=|*TnN1C#v*w*p<sD`^NS+8?U%tKktA%c>P5N
z4|rO?w2=Fap5Hla+daSg!oRmc-TwQ_bYe{`qS4v+1K(mTuf$C7Z5b1Po2F8#rXTa^
zJi^G^bC0~OV%ugN^>I!v3Jv|jZ@94%wE*<ED6C36d|>Sl<hNU*Sk~C%cewsXEF)+M
z21Pi|P~25pcVy;~cmC|U+BCgW0gL+lOc2dkh8yNW&p%BZ%q_XN?BRyIF23a|TCT>K
z^==lsN3r1Ep=qm&ePI|1vc)R3YHB&AH*fXCyUf|jJ#H2?aB?w-`9qDupE&Zd%k>S&
z9v-hcwUpr6GfH6>Oq`vP{*cXl7!y;hAzQR_J9FG{Z@k%$F3}lE3!BF7k{p4Hq6O=}
zAG@>u=0H4jKI@aGJrpf28@X4Q^d*y(IC4+LsIrSo%5%Sgg0;h0WxwK&*E#<|Je75(
z1Ackidq{3t@zeo}yWyVXL3>WG(6pjyV$05SniSs2ayHlubS0}86tnvkvcvWZL5fQf
zg|$nBK4IWC0~4MUIucei#cl9&F*OeV{FfLE#ANm2jn3C2E3J`lqMq7FZBoX-&Jn)t
z*(y!!7-f@8gG*m5vI5>8FwrOZR*W;YR6_?5F>(H1f987`Qzci_{Cly#SVp+-Frkm)
zkHdeq$R0aJVGHD4Bj?}bAu4D1^CMD>@|WQ(K$*!WKMDQUL3WO!{H63G>i{^DSo9y6
zhoa(Bls^2`n8OO02vgtxxCzj%*DG}b=?s-BjitFU`XWWnPL=_*7b&haoiza})#r{A
zYw=61AIpi;e>XsJeU7{s$u7+#6>|)E5uqusn58!miaX2e`8|b|>ALXJptoOsY|*YK
zYfzfI@Y>S*DL2PT?}Wbue84rQUl_%gf2w>LI~-U)<?<J6e}`l4f-^-%n%(zzIVG%%
z7*6ujq^I+E2a=k2LDfqkm@shhAH;-$ADS)lhEI@z+li^=!Ls0GVA&1rxRPao<?a|Z
zg>66NPc?m;T3oJ)bhve8{=;ZISYfdLcfkI*Udew*U(|LUP@Dcc)@YYS0tNrc-~ND8
znH2vsg6K6UIR3-4qSqik_MgE=ukn=RU;Y-oM)D=U|JjVrlmD@b|If`ZI^uIWZ_hU!
z7Zf<7lPkA%CvLcH?O&3;v#J+2U(H4!f8X?U9{GD^Aoq_l-1vS}82ER(p0&&--rDW)
zIBWN?shxkR^9R{8LmMWLJ=i3tl_gb!+Tc}(rAVy_{DD_~&lCt&if^e1_7S=Wc+=MW
z_hzFVYxC8h)tS7T)5&#d#Ik1M+topDy^xw;OdK2-0`#8^QK2(4B0<K!;!?9~9%|@F
z{qYgWc5|2Mvq2uX=Jc6dUVSh5LnObNx5*?&kGCgQ6I{KG0<#Kx@4H$P7tHtRow&NY
z@Ef|2fBz!(a&wgFYi9F-SV^j${&uCTq`Y#39{q-awx^a9k5#Oxpo&_97xeVsv;MjU
zv65RU+k!BXAJ6%@*5q>2d&z4H=W5^<cGk+dlXY3L*D1~9*F4((_nYcH{bXQBwaJ5M
zpQf>17D>)7Bd*;0rRrVDjyA326LdV^l?i*Duz5}5KW+W<t`wP%Tx9w}kPaq%7pB&Z
z0%i?8qpp$Vr)cZgKEtI-T?iyY&4rdOv`_z!uA--3-2T?TVUjfkYvMk-ASQ^+;Fe6(
zI(kM=3*kHpbF8uZ%Kxp!>1c}?5T+Y6>+z@a^PN|Gg`jB^K0LfxmsItSz(Ix^H2=3d
zUTf~&FcH9)XJm!*<|N%ctNW})Id>kBy?y)k_lylXAI&*r%~l<s=M|MwoyU819b_%a
z-#)apy!7Z7ZOrwL2S&92ov}Z<fqa9DQaK{u1o#<Z%a?>AqM||%S6KV&>Tl@3^pGG@
z@TaW(o;G<+y}inNJM61}s6K+g<H;|n*|OcabH{k25G>@&CBtt5vXYXmcfa>0#I^6f
zAM~UX5f$Y)BSsY!rL&)HzM10D<5`I@%zEv(Y;@|;qcu1QK>$;&dGW56I??`<z^%yt
z-6kl0!R%~D5&BqK_6pvc5!@SNKMW*2E=RMugbRQD`qmf2BD}2-)fX`_))WMlhLlK*
znD;S%a@cCS{#>{09CXggzE_?S8S<n9%9{-BN9hLhu4(In>dqJaZJm2ruh&v5)6h#h
zxwzmXDyq%d=8ME4Vq#l$4|CD6`A>_!Tr$d%LE>aAE=BJy4VHx5Hg&XL*jC0OD|<WQ
z4#%9v10wB(WbqIUgPXoOIaY!;7!pz20UrLq0e%ZNC-RRssGjs&Up4Z=>&e9VSavC7
zJNB|^YXfC?>mCdro(4PxLsV4sZbREpjHnDD49sN*Wm3eXww^DBR`keLNQQTGv|QDf
zY>8y0xb(HH)#Isx=dCHfU$8xisdJ5yv3NqVYv2h&+RpvE&oOccboO|8LzMH`bLR^5
z1NxSGgWH1=!`T{O_E!4y1+uNS*seuzy?*o7h4$qLZ(a1eF_8b0+`CPT<QL4M9rJ5V
z2xzo>J^nrA13&J{&X-si+d^C1llG6EPgtc~Ywroa%g-mztC<R9TSBre*F;;$VxPKi
zk=5DEi&>+SiVkbbo-j*F%Kf{$KPTw}4~?;}!%{~08{$fiI)D-6<~a&lEM4{}dRQ<t
z9hYwNe=KccyK>NK{(5CHSQ^C#Gc@qbtME_`nt8Ai?)?>Rv10f3@axOO@OK|RXb*0(
zS8xi!J-7EOg=S`EsM~d}C(t~vsp05cvsdZRCTEl+e?Lq`P49G@mu}wXQw14<!{HV$
zi%qiV-?`%tT{3IzFzw5BxPX|<7qSW*43BT_l}k%r<!#uMK3Ey!Oid(GnWP`AKfJXs
zg&LXM{*`BeS@dSRVTKICP7I=U{lv)lG6i#y(@vZQZ+I9U5+~uVHu#ZOY<#{B@p)tH
zkKTacf-U~RjkQGdl!yp^oDK72UYq7mG1bog{&NRQ3k!bLCMUd$ii$$+w-~QP6?^{J
z#VdB-O6Y@k4IPiOJ<oko=Xxv~ytAn2|L|r^Wg7z^6Lei3c4S2G4Ff#&e=j~lyWOB3
zciGB{`8A*Mxh36%T`+kKLoI^HCO=@vO`uING$OR>iLwe94DmSsY5CNy@^6dZP|s_y
z0Zgfo>?Lx?{(%Ai;*g%oUNByGoJ`Ot8G?T>Pk>&1a*}E=p)yLt>cBV4L^Sr;PU}td
zu$0RZaYy+n`9x{A;8O|#r$#Gf5#)Nz_8$xM2o)RH<6*{cSCOLp(YAQ(_*&!LoWK`f
zzI<Wf<ICWf`7yu2aZk1QRp8v*!#G(-x*ejT#U8N2-7aJ82iDe#%F3VgD!7#Oif61=
zWrb}AQEQ+UbvKIM`YBGBmWSBGlDmF7Qg7OEnm_5?yGvyWoev&iTVd+|yQX=2Ml*WZ
zkT6CuywvtM+PAT>SX%U_YRebJX4AH-gRlUCdp!@zj0{+G_`lf>=10jOw|RT?bv<d3
zdauf!S+~bvT8Mx`W%6!aas%TiJetn$&a{95p$Q;DFtmX?{B-hL(};G@Sm#88%Y2fD
zTFV=(hV(5`oQkSyeC7zW`vq*`X5V7Z#`3L9sDBlFuW~NY`9dW*ebKpcB6e91KdavF
zb-TZ9yC0&%8lCmQ$xR*d)^8eVT^|DiU(ou@l)!5+hio1HXV)M;J)RGZA;^{j1e*}o
zq-CLT^JcIw&h-Vj_kn>@{&phdeWxFcuYt01U5|~_SB(dZVz!%2#Hc@daua&UCjPh&
zlNov^EF$9Oi6Mcj^`WtkS4K}Eqp1V|g7?y#D=J`OO}D7r;XP^IQvP>jND;7)leW0S
zu1i8ErqBgio8XBUc?~~@5%zHw*Wx}gzp!v3@fg^sg0k{C@Bl9&V~@bocnd{YfBiaY
zKeZr{GYB3&SD$_|PmPqtCSb?fs;k;sbb{(|TWK#~`Pv`<K^!1?-}z%w2JCajHa72H
zS3Q4dvD}vUwscD_?2w(jaz!DvGQW%6*8Gv(M+1ry4f=|@*QHUVx30Xqm2xZlEMM^5
z91ebG-LJIT+QG@iM|qNcNydrseHZj=BB-zZ`h6hpc#`I%^*&czui2E0RzzGRRgOwa
zmm?*l)7z8lc=q}Wl*J{k#_h|>YMD+d>WRt~;vPTKoG^t)Zc{B1S2;FKk4-H-nY~a^
z*Y7x;!YM>XmJr@!bxrXn&DHY=9WAY@lJ@dI`H?58SkA7^;w7u4?jJt}SZp>A_T3SN
zmG<Ro{LuipqZq8~A>QC1HjC=<>bS8>ug2}$q=;xQ5?5(2Byt$bTc?sV{oDO0J<<5+
zJI?Ky3H6oEhD3OG+8xQadn+&BZ}SPOU<~Za)m>%4-Ojq_C(zI$HNA&CG9R~&&6nR+
z*Jt|G#q^`Mmr4quTz~s-#jw2*P9#5X*^WtcY5n&5$wKKyW&fTSqJ8U@N~&PUKt616
za_mj~-gzw19W&PW(oc3b2cl-+w)4~V?Qq!xMM<V-f!EZar}$N^`b8-xH=$W4MR-}_
z<Kw^Y=MhW|_+3mtIM^$^n$c{jiy-t`H*N5f$`grhnddQv&<V^RA24rA=(3>bNjwhU
zRyjQR)gmJ6#5oFL0x!J^6*4EUu8Nmo4Biou=UKZS4B1&)zG=PlMQ(no#qeyo?AyZ|
zg>HlI8`M8|4tl@1zqL{Bct(NDP0Vhn(9KiUBjXER2Zqpm84>TW`Zooh=#`^Gls=c2
zv%+GU63w_J_Q6x+;>FOZ2oMx~dq6CIK0cGkJkPDsig7M+<kqGaogO1Ov6Hhi9-^Y6
znxf|_x%zxPhARAoosCTaHY+oeKfkDG3rqa8db9&0H|T9<#>sD}78#brvVh6&2^3@U
z-~D&IU(P$cL5m>H3v_rLjI{KXQDND!(%tI8zVai;w)(uM)7S>H*t0MHKEkwKju_Of
zZ(gV(yyx8m79Ftm8*>G+N~=+?UXNe%z|YOiefEV<XqK0fMf!Pf)(DB4*Wbz%j))_F
zpZfR18#p*3r2aT&@}I)%udn_8hyEV0|2IY=mBPnv_{5l_x`3s}>7BdarnGNK92iVa
z(ryoS9X*w<U}FmwS~s0w6m!9KEW5X8uYvmdE`}IM`t*r3oK5bMmX=mx!{kp{^ee^A
z^KIFQ%?ZA~(`U~<mi@fTmAo2?_xDDgz`$#4aiWN<fCrwKE7kVFh;HD(iBKPjHPrJx
z3&9V_Pb7V4S6t#QpKA5ecK7^-@Zg|KHlIsFcJH*DC!Os6bv&dPv%v&MUnF>yw@<L$
zlktni9yw4cmtL68weTHahNaBb?Mc(QU5|)MUm3VH=wTdke);oaTgFzw+3$tHMt|=i
zId<&j*I9zmHbZZfq8;@_B4`jijooiApI9@t@Y>e>d&9N4Nt2J)XL4G-fc8S*_XcI#
z(N6lK-%X%}N$?VDa6K07@eRM&6$HJ<?#4++k%ZLYL#mX-erxnWje{jN?M7!`{*J39
zU!vDXc}-2By^o#*Xvc5t5}#4$9+0lQh_Kxd4}-6f7%)9wU!NC@ZAB2cLRV@e^?EJY
zUYR*x=1B25oAloK9B`lTzD*%;#=*~9+z}s}94XXySG5iiH2c1O|Ea|7gMiqvCWOEw
zd~?$Ue2LV0-v=wP9AOEHCr!EwZR*qfr)CFQt6d4JOazni@*KHT&oC9fe*L<dT~UPi
z`BhFyNl8V4r}sW*WZd|TrSFvcl%9SRQ*N{_eC^{pMy9m16#Z?Zwdi~J!n!aZ3wCPk
zh<C{I%a)dm-@CGEp&@vVQv`^wmmWI3A|fIP@|uXRXlLMaSy|0gV|8JnD2!Z{MT7ui
z(z_&M@3>X9_beo(>hbtbOGw#k-~#7$GhT1rm!Ule&!0>6lp(NPVvCWT(C0cGU*P6t
zh2+boUL2HZY9d0u=pQnJ83;OVvOG8tV}$RCyDv#2C+|6*g~QajlG>QC>1P5T(ss~5
z0!Il>9+U9H%WlxXH`!=Ce-@s>mXbQLsJ2tbr9DzM-ciATD030Z(>%j_p?DYJ(){<w
zz{V1BPh>%c-E%L<$!`$cDr&6|t~)zTQRACxHNNL++{3vJ1+KlsA{pG?est7y)@^C9
z$*14CzAM!YdMe*Rb)JRN$Hy!cq1dscKt}uXJYX<RKJ21<P#_sA-rs5ZwNmF0T|)>m
za=1$dw<ArUukeA_1Yf;+`k~c4vT`CxQN)SdN5-ECQB`kvzy9OcuA^iE-U|bKf|Eft
z$TbcjB;qW&4;Rg!KPvt-h?7OG+5}(KalXhV<K^3=wLc0?A0ICgWC}%Ne>RsO10&-b
z0warMU@3-D@op$bg`N2FWzJ}A|Hy50;A1<Axdb2oAV}J1l(+gq4lQSs!H~o3er1<A
zE#o!$xf|`9zCJS;fT|L?*ZS%i5{jeIvSnrnSMvX&?JWbU+P3%MwE;oeKtLoE6hTE$
zkS;|+Q7}+SN~EN_VJi|!iHfLniHMYlbW4eJ=cc5)n|CZd$2#ZU`}==*KPa{L+H=i0
z<{0C7#xv%Myp2qpdWP72)jiWMA4I{gXmV5N11C)KLzrYO<Zu8?GS$x?Eu0D6Fsx56
zES%PVhR(P%dErWQc}(;ca?q(exq<z3cbCZ8CRaveBnCAL1};Ux8%OIlB}N--sa7(^
z3Mz7Knc!Kw*N};^u_qrf*~!hzu=ZrMNV0lf%WzgAX68%#9pocsraQ+1re3CX9|0Ck
zx1^a|@nGY6m)<Wclj_Q~RwZ$(SN(`LLV?}e)WhQ7`%p%m7I7qly(+ezgj)%+iwyaX
zb8c~^+oUktbH|IoFn8rqWu@g5q<NCCJR>>jtY+P@H^R<bMO8F?<I#0JJ)2>XiFpk0
zFkS6*tIB}rqY<-9X)mXTtixl?%HHiz%F`7=3SG-?4bo8gtvcwN1;R<WCh7;D9V36e
zO2of0-VYBR*Q{}(e<&~B^jhC(?Ij*eirwto5u~?%;Aq2D$2|Y0G`*TG_XchGqhXl3
zO^*$jrx(J_l;E=ilFBm<bG7LPzqzamM$k6YaW4<nxG54+DT%X1mchdeYzSWWq1x=%
z0Cr{1Hr_dXcD|r;C8%F46Y|R?CVm3c225}UX&<l0?NJ_lSaApp6V}u3_ci@%iRq@_
zc9PHJJ$v|&#-!6{I`)z$OE1m!jnotT1oHE90rs4v*PY^IizZj+X|BBG(O%_1klO=G
znl^>ZaQheM$E<fF5i_O7pFPjVM_>}+V1=m{$)1F|sY)}YRIcyHl)d}=_ZWG1lgD0k
zd;YxTY=-q3(&or2zgSZGOkwmCIO^?d8$>Wc6%`fqX09}xTSq42vXqZ^hrO`6DOf#J
zEP1cNK=R&H;Rtu7;v);ur%scE;>e2D>M<~sUeB)yMq$e(h&~Tp>?THB=f=L*&LR>j
zs<5SF3JwcbR=Q7bJ0I!JFuQv2)vI6(Ldm2ni*q!e?bOOEJAat-zfVkY8p+xxvGE6b
z`^d7LwYB$BT|9H~VpU9M57j=F(J%J7$?u9Mu##8Uns<_^xQBF2v0&iwFe!(Q5t8Op
z!a<s|T(sE|+Qw=kF1PkSYLZo)?amdCQO_m;Yrg()IOWdh#S<E-QXS=<=zJ=J{CC}t
zHRN1J;FN6WA_Y9JhysfGp!SwcJ;_XR<Hi}k0y7@wc7KbAD{mv4$6`7a!bJJ)*Crx5
z1&tA_2Xd|VUD>zX<i)Q0jQILi-T|gyJN-j+$w-|G8DU9EYh>%V7Egz3*z@PqIm>{b
zJ;e%HnZXGZAu<-95Sb`0<cSRUClc^a-+yed<2!RE8i(*77paPL{_-Lnu^i@<R9C-O
zz1{?*9XwQ%o+Orz&r~NOKOY0byJElA8)SXJ?4-bs#tr;kv`x;)HG@$hwr6)Q%~Qfb
z5_(tEw-{49w;wFWBtN!V!fTN{e>PHKU@^E~)R2}9NmAP90gW{HBg9zNr^IRa)LK2o
z2M>pDlg?8Uo*kGZ%IlfE9^Nn$%5P7&H`mG7M0LiQi<xh$r<Pje7B8|S8a3TtTCmk^
zE}Z$d7GQSxD6_?x|GvV6Bv|fbQ8Rrea&q6cUHkCeuaO7FQSuu3+`HN8e5chj4(ZMi
zQ_tpQLYi9n#3L1=qoS^nU|XVzFSBxkH9Yc`jVb3`5v4t)YP+B;VbsM4w;L>A$B)5o
zA}@jzk=ln(W5YS5w2y*sn9}WH`dlSlLX~03nXi%CHT03=l(|y=?dpimY$L>Jh3i1h
zc9(ZooVM%LOUzNTSWF5LwCU{r7BEJ#Yp4~;1l@hJi);_?`YojJ^!P4NMda=G4TZBm
z8S_JU55PL@sN;hN`=t^Bdz02)<Jh2>X|wr}3Q6pF{_I?&f<%0SO!SqvyBA92ox_B9
zO(?0In0(gO2n{+qb8s1Lq}aGUwe8)&O<s^#3p20-tGo}3W@MsDO@H5d_f<EO@%L!n
z=;87E5c@Tr_kS8cO+T%-M?J9Lz&UM1hr;W(aPrO9*!bgxyn1zSY^g}zQ~B!EhtHaL
zf;)jp2D{ce{c@e4u)4m}h}pmN_PuMdXI;)}g(GbZ4J7W@eB<m_>&C1a+Jr6-Uy;W+
z%-<x0Eueq*?#FgM*Om?LsjfUCc-2Ssa2>gsxzfmza>DNCFisg(2oYf3^xs2p((x@F
zb{OEHEgge`5=7<>(+`t>La&f<U{}};>`O%^&7o$Zowdiz*tRfOxmG-IUNPLm_07%h
zWo4`coZI`s#u4O5tPbpcw&TY=EAJF<u2V){c^mLF*wc@KrQc@C{c|G`KxAjUgUCwl
z3vVVxkEqulDad^<zc^)xX-K*?o#q!wSO}M6yFo|KZ$~vb=>Q(J-<y4l%~4VGS&*Lx
zn&pM<J<6gxPVpgQJODNg*xcCI7}3ApmpA6I{>snXNZ(8`si&|N_az`HZ+Vf=@(Mgg
zwz~klI_%m?nrj%ub3k4u4j%FFNQ^`y7Y}(B7`RM~h0_ma!cQr7*w#^swQthjeS_JB
zyiW@kADBEEN@BGf=EmZBszPgZhx?1(ugBGd<~kNTDU8bj?jGLz+fHjOg<esop9#-k
z=8$fpRd*g`dd9fc>BU^nGr`sRCM|-w(;t^?tgL9IbEO<#1*fMdozQ-7N*4mjh+zsh
z9C=(xfUikODE@@yTmDyPeF_>ge=gXb-2ya#k@nrFrl;^^8Q*XGU&nwZU4n?s%P;7Q
ztF#b$RT!W2H>Vdd4v8h5=+A_Q+2SM_7G5{-pakLn_%nF^d0%i%T10@JqMX<hV`c;v
z_P3S&u^N!6av>J{^nQCO@O#_f!vwx(vT8K=2kU3xeSbOM-2s;7pAr33CG@I(@8Y7~
z?x*(FQP?)p`PEftpClBI>VrJ)uNcnEJly{bv#WPE3|YFTgas+5{>63BA`d<Mf8@>&
zy+TOw4|<mL@%Q<(BKlmkkDokg7+$KWkqZ&DCb@k1GJ+i%(!EvS!Vn)HZ?`<v{U+HB
z^LX(4Mz&HT!=5jJ_5LfLJ%7HYR0lsIDG{Gj_U_f0*N++v)t@&-UB<BstDEtM1XSCR
zVY9Nb_^n2E0cEk)74+hTS6$r|D3}!9PSqT)36+tNDQr$q+|9`7=i%XTRSkyr!{z;B
z+}>4$g+WKs>kh0O8uO$}cgW>PreWmdr?08d6(%hF@PUV3z#>K-aax+#e_LA{z2>7w
zB)N{u6n%Yt4W8DH%TuL^su@z&9RGFQPaZ(NT7<ssW3#({<mX)=SCo|W_aecsUd@ar
z7eu{%dyxd&-rnApZJn_2qAG}!<;)pth1Q?Z^k0^!7~!Wl1xAo0W<iW~T$(5<^`^P1
zq2WI>V>UQEJTTRr<K^oc$oTZtt4FdyCj~a>rJ~L2>PM~g4Giv8-l4NPsge9Cl{=Q-
zX)du_z<G-SezwxrFg7->8(*Xld0w)A(!j)oI-k%_7#=``BEc0weu?lBchlY5Q3Rf(
zxQ<X3chi9Door5__`Ww2B=z*-W~|Ky`4|`&C<<_cW>Ss-lj`d04>>W=ulm;OKe(B&
zFQ3A1Wq&PMdNZ4sy63wiX^+$IP?JQp7F`){6C)$Sj*Za~5GLLSPX|GHcfKge<fPkn
zbR_KQ!NI}yyjmk(3Gf`g+df%dtJ+6>q*^zmM@(fe&O&BbUuAaex5W8iK}22TBrQ^Y
zh)|rO+~(B>;|eDQY+Af+>a^0aB?j5j_NE;4H>}3NGmGs9vIq)suG<X3yvD_^F9+|U
zqkB|QA#*Foh8#2n;6{*a2ob|I44&Z<3C$FOzP`S1l9Pk{2<Y{%CFPa`T$kiGoAB)x
za2eu&pDpz@!0_wtrhlKtcz8VQw`qjONX5rr_%@CBtEOgL+vF4r+(h%Z-oACZzHxee
z@Wpi<9ml@Smt35Lwstf+p#tRO<gjMDVeU3wr>8gf6&PBUE&C{Xblkl|xYED$;UVwS
z{k`L61gP(Qz5_I$>Y}Hob+jH$TfI|HbE%sQ6LZDHUesO|eOgHd5e-cpPizawg$d$M
zU(o1_3vVSKUALr8R;Pgk%3Ix|5pH({E_Ku6ous)r@yF6B4~U$yvf~k*rx8C1@MChd
zcXVlF>XQp9ofHl_g);fw!qYSzZ%vk#l-%(}mpdvd3W~2@2lz}hH`m|<G$Z<EYqGE8
z?DCk413TcqD1f&~-f@Vvh}6^l&66Hy%k`hs8Zwi>pO|N<A`YY945$?i&4|v{3hoFl
zA?nUgO(ljn1M#uJ*!0n(0IQ+g1?!=_6L5cwI8JrHLDF~_w4H{sdppJ(0{?E>4<rIv
zAEohB@Ou+lB^!)KTTRYFmNM<$nB091;2FUeWuLrtf0>NdR=(cW3jHsk1ytrj%jXiB
zF(WRV^TS~hFEY4x1{`oL501Kx6nglcs&If{Sl5$O{=RqDpr|t;qOY%i9<DTE#Q`79
zA81D*`#kAW$Bc}y{hWeICwv3B`J=*!8*O{`E-$Z{Fx#!xDnY{I%^tKLajbNC2FW4E
zW(R@=V?Qb%&S0fVSZEGjv1Bx?M|y*tSMT~XiH7O){$xx_QW8amDej{q4!li7qxJT|
zg!uTPEX!eZlAk<za#iEk#EuqGlef;n5GQ{&n_J9r8E#8B4Oz%}PV26p{+(|6bbe@u
zDe^_-^l!QN+3@A~{Vypa6b#H(D$F;shIc`px##JV`i6!_CDMKpkY5ial0oX)W~9f7
zsAq>z#9qV)_yNEIOh>!6M?yx>5d$g4z+gN#f^6@%Oa)W|+RtXoT`LIo*oG0s78
z+^y^oKk}=mAnJQVq<H7;Rs1SN1A{>N4_UExNf|9txJnv76SlAqIXL7WT4%T3r_e9(
z$z*#kn1Q|h4kUXZaQIVYTh8`QNcGIlY!bpqDH!F%zqBv_tR%zch5V7(i;jFG!wx{M
z>p9RC;Ogv0@Wm#K1ygQ_SW*AxzO6(6#nZcPniOiJeTuRmEObSFBy@mbt{_e+cCRJY
zVf8<GyrG5s96)M{mNwZ3XhL7HCv}VAB0`8Lj%dDeMUZki%&QmAeBOEbr<%G7v)ZlR
zRy$9Hox%mfLmrWATr{BB<DraJ_k%c>CjC9zjXcy%u|P~Fw7x^FY;@eCj1?*D_E`rk
zgdof=-etD)c(EhP1D~&aGU`5*7`Gho=m2k-Oq}2i`?Z6o*p;)VbL{W&+wq@Wa~MwA
zgh}``+2uV=!<ms~EPILmd9o7s$j1Re#H5YZjWe!#YMv(Fd3_*qc1fZW$FwEt5JKvk
z5x#Jscx=tL6J|Vec6vK25xhVt7&Fp+WF0QfyR0YnIW=oUce<TACkMB<wL7Qkb%Sc2
zgW3bJ+qUFun<@~I21PG-d^}VxHqKvl2DAUq<Ux%RKVlyE@*jMGlmkg!k58FgSC%8C
zhFq|3)_f2!GTN}v7XzgPNowde>4~vDPxFhLIQ4D=iks+mB>+r^L^O}hRArOHNH46D
zsc&&3y?583FVi_<ZlUPW4XtZzPMfc3uNQ<6gU^F&UX0u1p%aQ!Fqj!@KA@kwIm5%r
zbTN<+mI4f>qO!WA^T{<>&KH+Nrb{^E)JmvuqYcZeD;JWi!eNX0GcG%YF3z07*W{Gm
zD|aEF`L42=On8`1Z6*a)vC$N)R(9J`#UOVx2B(0eu%5t!;giI640$Si)-Zsi-kBnv
z{6!iqAbCRM!RDU!;nL){Z_nPob{e+VDIv`Ot2ZX_gN21rZEa^KxU8AQV4b~~$!=a+
zLUF&Y;gaZWijYj7u@0$_f)Ms@8&QtEH`2-Z&H5W2`{OMv2D_888@P#1ox4cqw5dxz
z?x^`^Hfkk8hOL3b>o3OBAeX!8W~T_8AKn?y)kLw?ennF9$hB*YMkZC2)lYA?!&LVd
z7Dc1@NXb=RU=OlxxU)b?N*k<NJ>SU}Dp;S&CIbM90GZ3YJj#7SWsW8PML%b^NvhJ7
zTet4N5VPs9dZJTwNa+A0F+kuG)TH-aR)`IYT>!>NuUYn%Bw6tEJ!?`BCBwoJJ%pGP
zn=BtDT7|TEFH$8L=ZRK@fNzlS^e4}rgehiVkOElqAbFZSvNpT`doI4r-8%@ea-~gB
zFi3Hzc7TNga4+jHVTP}13VUKfKx|yxfvBMGlNc6!YO3vIL5^~*=EOvCD3N_;@FH2L
z>-Mr)(hj?U7PU(=a|~Q~>M|Ef2skzFh<)DQvRwFQl0M=<i-dxk{fo?aLQi`);cAKi
zJtcMRC$~~=__ix@g$NN;BLzS7q$WgKQIUr3K=7{I4ZTsGaMg^-VlXGW)wwfdg!sj+
z(pr`ayomS(gZ%)&K7alk%d-BCkQ8fJ!h+IdYHDimpyYdHos>mYu2Mj_<{ou+FPFCf
zG@Gi2)3TEbAwzb8y+iqqB(2@&sC*b;@aWtP5$u%VCi}Cy58h3Qj?I37UU9Z&rM=XL
zM23BoNr5J(htv+mmf$z}ZJ2jM^)T}YD+RD|(I1l-A^KmCX1taGD+?ds^CD3QVx4qD
zJ1Jb`O+o^bRi`-va&JmJPQf4sM^#|z>vk^wd5xN*z$6_?Ts-Qz4NT_F7imfzH_syk
z4$Qq~{Y-^OMc;z0L#+_yoF<P=QCquv=W_VcI=^(-z^Zrarj)qhhT~TMVoCuKVPPr&
zyuXMeG}Ub_K}LlC4Sd$ftN{3oX*79tiFH)`2yAVGElh*6_;P?P>^K0T#!CW9h|_fi
zGL$Q6bgg-jE}reumAdy~L%j5jFwso=<M_zTVCD7EXOZv*i1`=S4e#FdfV=VQNQh5_
z+bT;R&xkE=YH2P3PIgp)&&VfWYMl$A^9@ycZxy?6Yn(ZX77=@_am9;RJ-;FO`gE(q
z!2wZ3SM2k>bMaDAL-?RO0GlcWAJnkv{d|Kh)N$!kB{w>e@$oy*Ny!{rpjn#I6_HR4
z#uytDc4gs~M+zbd3QxjQ-1+HdldC=<{4KwM#6RqBk3bSonhY@ukq|vctd_PZa6L&G
zSs%lqVWZu>dw0_1q)w_*U0d57+nm?0hqOe(Z^+6fl!!g;=v=HDUlp}JsFG+R<Il8=
zsk@z8XxV?~9kF*|W3CfyBh(9v%g2ZH3o!&oWuVz1N~`tu5g?mHg^*p@kzAoDe^}nb
zF3x!?>nOvj?XU}@piqvPD2KLE95N}A$I`1`T5xhNey<WF96w=c#JCn>#R#GHXUU?>
z86F-Fp5k15gC+z<U|$+W#S^7BIKY`aKcV*Uh^*r6`$5T8=QZWzmUr+^<6PM$s{jIg
z9d+}<MPYnQkPkE)9(y6g2v~%FnYb^il^l7&b5K^KXnNx-84u6sn(#^P9L<W_<&9Fq
z(Kp@oUao4aU}|Om&C~!{S1=>_?8lzhFm<lqO4D%Vmd-AG-JCT@HR_ZFap#yk6S_l4
zX*m08x*Z#`^rtr&c9gh0d;t3@({($N2iS~;EqKlXGz9AKE&LT41vWNM{}mZs<fjGN
zcnmrpBp3Yeg$71KnLr$QvG(;6EDn3k4Fv_*?JQd(7lO-2tvJA_P$Yyz<Zk3a_XO~b
zVD<q|UO~ae*e=E@+!_cx)ofS(R)n4%g+W_av2N97ep?3;{=rxL5g`EAdmG{P%Iqie
zaN&F~Y6JvA$W*E=N8y(4o7SxZu$q7H9shhkDSj{iC)5Y{ut?(xHU_x1{6D;@P44MO
z@|W#9c%=!#F6ViFnZS$78p3)0gFg9lXTXF7kz?IUo4KrJs=s)?vib$qd;H0%)Gcx$
zg1`s;U8Vw>2H?82F@xQWYu@+yZiJ}Mzm1_bUX$yay<gJj1C#Iv6Y@tggAymeWtQ}r
zmCbV@ejL9sP1%fu;=_RGe{vmAfrOWanEf9vTMYAP#xKWDhSdft=ok7V$rDp&|C4PG
z7&o+>nLlko{tMj%MMQblf|A)Z9h>1xz{qD2{$RiU7}H^*=5)e$-X{y+9Z`OfewcJT
ziu8(_(1+!lDED`N+6}TNE+Ng`a$%xEQVHqP74>@|`)dCJX=!BZ0l-}WPKWj(y<*xY
z=SWGm>(c|Ae?#O@%KGIt4B0R<H-{V#tFzIWnds!(>TCRP4kOusV*X4M-x`w7kXL;A
zWRPK8#&@u>Z|4g*(+gtH(u9ytNS83ZSO5XAssK~`XU7~NJ1K%%N(Cp|v!Uj3W<(so
zqQ14@H?-v+KDebl&b$t;5>gibz(a;tA!9L4&4IhCYiJNefx-`}4)$>ZPOT`X_2}$W
zHT(Mf+Tpi2HS_;9)?z-Ig@>*!#JF2rBTLlYJ0Q<|c%hOv1Lyjf975KRF2~*Rv02FD
zyQ(w&C1qVc0r~-^S1--~XC<d>C_lX~Ak%!F;%2h4|GtFc$BQ$m-PY)x0XWE6P9*m~
zf3;o}s+?C68nuR}HeU$2vO^Ul^6gvQy6GS(>7{6Ta2Zf?9_0;;^OunJ0|)dsV@P)w
zIpOF`AIk}Kar>*_lCuc@lTGmST;AkG3pa)rS|U1w0s{dCM(5>CI})I-CSVnbjh%+2
zKLyoJz&*XoiRR#x8g@JUTW#hx(tTAQ;0{H3xcFch4*2cKtuT5vWXaE^Wt;cqr56k-
zI{_*lTHVk<@i(2R*vO)j{Hi>^`5YO*r;aY@9Me2+vf*533{D@VN%e$@#6#s;hd-8;
zm5DM@1YcsMCDWdly8qwyh_5aFj>4DTOk~-ca1_P*1NsE4fVVmS)&nZUwCD5VDb@Y&
zse>~<72i3H-fCv%`E1jo<sz^4Y<zLs6d`)obJ_9(lb%%ut!u)HKWj8+q4I{|;!H*W
z|H_J~0-%A671md5Wcd;c%|DAYf2~H19XXa$BOh8V9xPZJ8*>18l48;=_`t)XzaxE$
z@5sxSFLzQ>mU9+t+<)+ZK<UKut7^Z(eY8lzh94pOdvG1-mXXJ-y?#RrDUOsjuGRx4
zufMEX2ny!T+2zs1ac~;dwOkH%_jB>U?F2|cL>ci6N34i)r2QR}+WFwGfS+I2T9$&f
z!M?w$fjj8C_~yJLW(Ht*POam{`G&{pVsv3}sa}!M<H4Q4J3$O@g6g3)GHAw6FHoz$
zmjTHz?(_hDHW-1_S0_Z+eh>0EIM_QSg$u;=+LImWY@D3Z($YlCEGz-RLfJI*j5TMF
zDs`qbp?#%#`;p2c;MYLqkTkwD+36-{U=aVk0))BpQ%Vpso0Q$6xy)7=kJF9FwwYO0
zY++eRQY$dFTu)Fm1-rbesK~jaFgG_Wf;P>XsO7=tBd9jQz7Vdi^1K=Mw9MgHP0uU^
zC;*n2yMHeO*{g58Th)VnD0$r~=~qCKc%4ujSdWuw`#mUFtP&k~#yjfTy6zKFc$Vys
zYlQD~)egX~X$5^oP6tbGzTvCKTuE+aIeN656&V^FjCl8s44GM)RE0HW=HsIQp6nUp
z(`U~fEG#TsRjay!ujwkit?UWH1I)L|+(`Dt?-Gz_VZuhPatvoJi>}vK(F2u%AMuL@
z#NvvYq4>%W-j`b&2se!w`mJYwcys-O>ws@FtppgXtryXfp72q*GT^h2gF6Z#!HRnQ
z8koO4v^I9}F5Nd7!baw4sx#@<`uax20306Md=<o|l45;*FT-{C&1TpjhXlX+35xnx
zmy){rrh`3_|12!sr}7~hfC>U~;`tPFPqWTB&(yszS0ForO{;gyFS5joLi=cT_9d>D
zUueHB5s5oNCRkj2E*Q}d3=DJ!2K!c)#SSq2wtVLtD;zNT=35)9SJgn$6Y-G^pFFGb
zO|3|4?O_SkXQx*D3K5yxe-+~r7OaFnKiQKlp(zFk0%|G0fVMpXLy*SW$*+;Xt^j^H
z)n4}9LRd2$()wWYm|D2$^#xvo&W>ycsIDFFrh#H+gWhE(LU^Qro752mPuyl{FR%tN
z*YCkuTV_`3WEL_mXAi-?LJOc@M;nLP8n*b&kq?EpF<+=jFX?h$Vnyv?Sev(GV>#S8
z+IfMgHw2Rc8qyrw>9UqY)!DJ;<A}J84R2I*bZmKufTdJ6Zv+ca!1S*=I#fPD7lq)N
z)zLQ&R)m3+^6jBxA*63A<snKgE~1pG)krFRjlR6Kb^6R1pooEw21aUEK1EI4aC5!0
zo$~~u&d}XDt)Ppe$*;Nh`t@r<mBgDXf?M(IZxhQS^^#LLr*9NIoypxPnZ8)uD%ca3
zm9>9y(J55m_G_RUtE;PvTZ;m4`spg3+ey{?aT0#@V^+>4X&{wAE2NHj@YT>%TH4e6
zQmdZ4Wtz<;(Tv083;Db;ETH;RnRR7le)2SRgS&P=ey=+zO^PW_G}!eeuC2`rHh)u7
zQ=tQSp<Zp6@0g&61A*p1nzz2)D<j)iVR5rN#Vv?8WN9B3vmk0T{)m-`FkYSg%uYzr
zq`?^o<2}|NbRZIs3b0s1MX}K(@Bz;`R8hVju51A6wQJX|?SfK`m)Fiu<>mfsg8vmq
z`G$bdp=9<b=-tYQzsX$9JP>{=!B7ey-Jx{&O9DsufHdfDEx;+{kHiTISCGs>ZTJ=k
z;ui~0&apn&-0<tIE|uBDP31F`%Tav4>Y>oO*B^-+RO&z{#r%Yru#i!L7_0Yus;HjW
z@^P;~_Z0n&+VYpNj`ST+-201w_!o@)tt9xp!s!nKm~i4~m~QTy3%#3T$(_L1zN+H6
z1Q`3T<TJ?|^DntC6ywgHE<)P0D=;%I_zkDWK}$IyMF=YbsTm1ATGjlwEdSu{fJ<D+
z5^#F|74AX(&Fjwn-)sE;$nzkB26@{*%D>jD84Ub0B{mb=hgzmW)c1PwWiUNbAHvci
z`w_{X`m+D<?)2j)_lqTMkXEg~tiYXQUhgCQ7ytRK^!m>cl34D2yu89c$H<T-v_sx6
zGU=H7!f7IaH3-{JamyY7qAk(G$N$nv|006PPHG66WpfO~!k0}sOOa&E$fe($5->>}
z30G&#7~VJN9XjqzO~RPu7Ma%(X<V(#&C}xoCz@)8qnWDi7ZogkUg;0{z$Qc9boJ_0
zVgy)A3CHyc+*7n5;hUim4i)}#@XND2oEi=jAb$a&nM9wr;<x$-vt~{I?!-Qejx#_z
z3q?8e_b&$DhOJ1_*%S5|9*E7yxeL-%&>;Y`F;Zvqw=Mi$to_4ieQiCK?%q+KE1e|W
zYs@<TBw1p2-M6d>JR*K{{nC7-<1!OCNNr`aii#F}u3jh~jEbZH$5IuPEd4<~Lg>V?
z8+0I3=(q%g*-(wfBL<=63;vsDP6K&LM?}FGXhOPvWRF(Cc|Uz}$e>yLy!=*NW-UOH
z$ZoVw3A!VvQ>9GDC0e2~GYL9x+kz4$A~x0<%?|&$lK-$Zx@nU4#p|HRqPpWwnVokA
zfw9EIyl(HJf%4JCKp@|#X@WE*6v$9L3ozwcTvi3135f~i{>LTE*X3C8+-_>YUr`O$
z`nz={$QohL7)xrFQ|$YJogPJx==`Ee`vAza7?vH0>zDGZ_Tj2Y&yU3>@Q#Bkb);Yr
z^>~Rp`7D143LURq1onc|CeS1ph)*=RG;-wWqe8jFHqHPv8@|zehBp~1w`Gw2Llfm9
zG4|#1dzAciDzFoH!WjcyvB-!E)6(z7tDJF{=iBs$5=v6_EB*Ohn27<7tS^<LBno?e
zV=7cG5Ksv3^`u}b$#p-g1Tv_G<nCunsl38_;)9Zyx%Bsa{Pd~4+a=~b(^p`*q563t
zBVO3qY;K|bY=+Jck41@H%-o77n!1&PgK&KE-Z!1jzqmPH+x_v^*U7QUqiKZQJ#+|*
zOQ+BNG-@csH8r7zqIUinRl(c0cTp0bbDX#LmIVojAP>SYkcbZp41o7G^u9;}RSw2N
z0tF`HDg12t()cTHA%7<T8Zrt}5$*ytFUaUoFe;Wr<_<(^b+w8?4iJU>_G4t9t8ks~
zoFkAGkQ&0}fRF_&20O}pdzyvLw@eOXc=v(Fv$Vw3*4}(af)avI=!wzD(MfZO5XuLF
zRpCZ+8$qGZ7a}wvavJ2{>ayGkrHV%(D9;Pq&wSKEkoSD4=KUbk@Y(?=g2UB!&zH-A
zZGrU66NEo#{S|IY^Kx6V-2y)iGPB;o50oK#Unr{!l|e~KV9n7~t!GmjnxXV;*8>Fq
z4Fr8RbI6N&LzipK`X=)*!)F&s|GTS?nKgmi?;ZPcHY0<uaJW_j))j<vQ(oVsWWh9E
zEYk8a7&F|K9XN$69Ut@a&t`uNKl4O6IaN_j4eFM@Yik~&n8amv@%cFts20{OE$iI|
z<t57G56-(@=v4MUyzzLk<9^=odTABLDm>~MnA<w#d-GFYPk&>iIM%QFQE^Qwrye7N
zB?`>9;X!I(r$FbSjK7c>+gS&{X2TZn8eUeDB_3t3MQc^T-@yk1&_}R06Wl8A;MFZt
zg@MMYskvEpJ8^cY1PD5$8&gNem?*VQ6@e1F$?46{U+{w{Qun7rKxe9YtUOc6g{E@a
zq&?Jodg@>rZ*8RW56#TKL^*@p1ButMHx*koOW$&x-=HRcTKNt9x=cR5jNHn<?OScV
zh@HA_sGj4JBYznGAVVPU6+{?H!k{~BH_8CLC6pxEy7f$3Sdj7Y12Oeu4ssV(8*9f?
ztUFJlHEeKQvKfH2&Q^?>jeev|{4QRU)exdXfU|BGRR}!hyMRMx)-Iny-2}K9R6N;I
zQf?FOxb7zcfE#!iEvWG=tW7OfFcIb|CiiGoHUu_U9s|-)^ew8ReK;B563u}4|3iIO
z^>@4lo~X7U$Cq1&Z=%M1PAC&}IVYid0{ZQL-N@kjbEGl4F>>yac@A}xjzooMDI&h1
zcf(x)EmAzKyt5bKlQvBw7XD6w05MuZfrT3H0`Y}=XA{h3%<h+9QpDI@WBbNUhfo@t
z-77ZcbrI0+@cyppQ7$nuY)hm2#}6OyMg+2Ff%{vmdWk}i4}zgQdD|P%*v@wH<k>Gw
zLb1^-lLm%{CDp3?QRxEIN(t-udYvISKv4yam4Mg4&1^(Nd)Kkn|EcLq5JDKoZ7*st
z>L6C9e=D3_pdg!UW~(46cT3=&?H#)Wp+ksj8|g%LB2Y;IzCe38X$ol(LR69?gZ|X+
zNswTHJwB`<<6htP@bzn5RH-Kx@Blb`_7nT^?auTgZFO~Q4DNcH`<v?8nub48!ZS}W
zAeQsQWt8<f>+Ew`vqxRvv4pqAc)d_c=PI=ognAsgTM>3<@oF1=9yx-RoKX26Y)APp
zVF373mX}Mq;%d>C($UcYPnQCLV5f4oGu1G}vE56uF;*m3eKVNg+-?e(rHP57Zj6|f
zz9p9C=H?wh@$3fJ43H14?32W*2y%>y|63y0Qy@ccWo5l1DoEfUp*W%V)nAG?nt-DA
z9<2p06TLM3xKRii|N2(;HjHu<K*dmPKKb3dT<B!$bN2M7_XKY{c4i!dw71Jc@`4tb
z`ZZnGCyY~&omNbN8FxlMi)KK5K)aw5bfsW9MPM~Bjc7GeJ*@`=*@xERtHlO(fw)zo
zh^VMN-)lXN3c!<hX0=XPst!cKN1(OcMM@@-8ux3lMNsua3S+BA8wMcZLL~=4Z;}?e
zARA`u^*^dSolq2F=<xd&{bxeos67w$t#jHgZ#V6q-(MP|`L{V(cv-E>!)GY{!5`F|
zK2n{v(Qr0{^oQD1-P13%PLpqm=0gw`4Bf01g5MK$d)Di_I;OQ7S$?jDiX3EV5ZuYK
zSsgq5siFID#m(UdR`^A{aM#X((bt})ZiXid2YVJ2hrd*Ozw7k=A2Rh~WxNQv*5xbK
zj;?39US8s&EgLF<8p1Eq$^V3bLJlGMPOIqCOd49@{D0L96G=Ne{+477|0hrOAmX~Z
zti>fIvsIi02M--8>YFzddi3AeI#j~gfvgN&-YvSk@T3e{ia?Pht`lfkUiSXIt=+;(
z<%|6Kw{PtHYen+R4vT7i33Kx*W2(oPb$&G7Nlu<ljAdtM=eHQ#iSz=Ew6eL3tMBM|
zly2A>m77ZsS~V{ppYtXrQ*V+0!2M@l{jX8v&g_7upWby>jYD^@^WY7A@r1S@>XRh&
zi^Fu63${M)hQ<Q`$aHDLZ0sEF@VAfUlkmgAs99+%1iIHNDl1cov7H&F<t3h!7z9*e
zFhofg7g1i5E;bQXc6Q>?(b4E^>i;p%rT?dPHuG@j?yRS97{3|8N%FGM#tR@+V&hCM
zgl0FHOM=HmrYZsmPLQhjy&lqqZq~k9k#)4W&B&+2C&M-TdCi^Eheka2!7II;*C}uJ
zMTv)qh7#nd`yW?qm^E#7MO&j*NofY41;x2#4wfe>!>BZO)q7W(^#SOOh+S7NaB-`y
zKZSO(*-ZAhWoJ8#=D&Mq^zK$V-C41B;$yK@yy$-ITNpizj&Cfy<gxwq)=qVMX1e6_
zMB)hBi4z})v0z1PY-~u~rk=9CK3hXWLyGgd&FCq`WcAY3`C(~mhF><ozrj=QMxsI-
zbMzHB%mKRY&=#h`kW~Z=jeBT29iV&!t8=!>IR9gIh|LaIJ+u>&Td(#WtR38tI|#Ak
z!r5oC;%Kl_lwo3PD|^u%G_dOY?d3qLPf#CapBdF7$#vak1aUT8z7Tqh?z<*zc|-dI
z+5w1m?KrGiJ57zEeTM{_DR}Z0M)JzbA7cp6zAvyQsHmJoznq;UPiyyqmaT8S+Hlbm
z#AF^Y4Cv+dfi??a$LExAg;6h=aaUD*%}>b(&<-!OtBD|;58iJ!-!gf1`^+Kc)*&B^
zS>x-=c5^Z7OtMP;&<ikg=x>sVur*1|azy~nG$0D~@F0ZtZrMX-5m|FnqE8+r_uZ-A
zm-AG?iJb2^qrivc*RNSo0*JAy&u6KrrG-QTUpg$h`EGqv(_trukVyH(=)($Pa_1JK
zKe@0HU)GU#PqvHz1S(-@m@s3#as7Hj-2;{#lKhXiU*iO}`Z+GrtvFh|la6bQOijHC
zBFMQA7y$5GJ2i-;T^c(&#%6Ho0t1d-6#{=Z;SobeBr%fdGQf)7-^o>BK|vpMiowd(
zCiLbM#5PnHHE78QX?>+o3;N#Obsrj?(3yGCa1HI(feC~jrU$_pCTQ2<!wY&^(AtxJ
zm|p16jzU-_(zJH6Jau$pSD-Ugv-djIq+>$}K5k}4ix)Y#y0PPnMkejPebce&!kiOZ
zG#}s!sO2}w2Bn_5%Z-j}`z$r0Ih~Jx4QU!xK|lF%cuS!^&$;B*0cgX5c2D840@m|`
z9U-R>R#w*j!OEvdb~0wAoXIsJHFdX^mKMkY0+KK*6Ybod;nC2oS!ZBi0D4Q(ORS9%
zmU*WSRO)0rR<fv`Ivmtp+&y;7bE&zdg)mQjx=vdlq&^JP)qRG&6_!AKb#!z*NOt31
zh_4dxT+?HJQ=2Acoi$vqvU+PpkcckvCaSgT8()bVa+W>dmv^GHuQ+3~X0&yBCf~i_
zXt@K>v-B<nm9W~dDiP7q66hiwh_2t6c=I@DQfDR3*A$K7YeEm2!VN`q-=i&Nuw~dz
zx{yZKdqHnMfh?X|KtKR7Oy@?RL%S|hi;|w{v12{a5xoNFRL#`wHuCdB_ZFlu=qUj<
z8OocMFFw=;Cft;*9e|E3!6#-Bh`tD3eUAYxwE4TC2L`NlID{6AaHy^u>4`9#Id+{C
zc35beQrV7OseQ8{xT}7p&*z&+@&K=q_?<h4T~@!+K=%O#`I8CsnB!~!`2rm${I|y)
z^rvdcH4IEvW26k*(t^w&N)_JmhD~?}+rv-Su|PHMU_+fgbeFBuVP~cNFGxc}*h;oW
zj=zg40}0$=4%3he^x{G1ARDyVLo9-M@P;o9L@99cfmTN=_YAnnQ_f`>2sUlF1~tDp
z`J?SdiW(ZzX7J<@qlq-?aY0<(aUz6@rl7Rc+ch#iOF3IUZhXsZs;|Uo^o_*0b8Kuk
zlh1Zwhb4I-TpD#>`bwGAD#wrY_^-5Ly~=3xc4C)aRO>zq3R+&Jxh)u)RBI3_{j2QV
zVtHD^<(zO>DO0MDy(eYl*ae(niqPIak~ClsVb_tp;AWEU-@7ZFoeuh#v9M0+xlY6g
z1lfmHpH!z0wg#WsQ)YsDIL>F%4_)M!t~i$H^WY&i+gXYo(zhFw5pmFF!a{S|zh!D@
zNV+}Fl#1?GP^Y;O7D5z3`+iTUW<+LZm+5jC7%0Xzx`&C_s%NWfsHz5A;h;B9CeLa=
z^yI}xGt?dl4@%m$1(O-gcIzClDY~873!jO$Kf*L#@FyoHWm?qO%WPp>Lx)KILOv=^
zZ8_UH%ph>%<F-Jyk^ZJPWF9WWdES9jI#QM|g^hW7v&T1Rf6+~&Dmi`n^yE}rbcxr#
z<E~GZ`uHXf2s?MopPkIH{o3FR1j6W&kI$vQ+&DUj0!b+t5*ZzGfQ~NadSIAfV4I!@
z9FF<y+z<o>@W#fY`I|%(7nYr;MvtgXgV3foqk_#Kbi8Go5Ul6ZWZMqp&AWG>J|yeO
zEZ2gQxm;acV%PjoUs(Ik-i+4k&}y2hsKdXyrdD9NMvmVrh7v5_TRtvOWUGu{u{RXD
zSd)0JGV8{h+;j%DL~9CTL*8J}c9y_%W!Ag&QkA&0Tkrt8ibO5yh&Z7-@JEj>BI0mb
zS4XGxR@h+>@j-cG?UI_B2wD|~=BNhkX=s50WB~m<PfTPBZ1w`TwcI`p4Xj2>C`GnB
zB}Q*064aOk(%z2Ut{TzCV?o?d)(F0eGu63qCO?>FCsgEtc7bw{mA(*k*7((ps?2bf
zx<bf&bQaeJCu9h0XqlRFaG)A$iJqjqygb|_9L96mXk$in+(2BcX|wNPDsGsEmJGi~
z{`_1S()I@*8J8cskKNwgP0m?1VI<bi@rQ;$W<X8Rkl~U1j{fR;0p9CQ$Lb<?>YsiI
zR7~XD!o7O^_0_t(Zyi=3xw~`T5IzB<VG<6M@2<R^o%=ezdvfmxg*OnQ09tt)p-&4G
zq;LwCbAz_4uMeoj%I>*I$95LGJUkEVob%Fw0~tgB_74?A>{@2Jqb;G}BVj0a>Eg!&
zRFc=<^4LA!c2Zb2__r2TYNDRT93v#xZkBV@E5n;+d#yY?+^eGbpM3hMrkl|xMrl8D
zhD_OhuAz5}{HU^Utz6`Xcm*n<b3;q0WIm8D<3G}wz1!_M^Kq=xrJLKXO?<d4z0)Q7
zU-T2cs!awrPS&-&O+VT6=;MtpJEp*Bj++T@ygoCpvzlZcoa)CT@nWvnqpU-@t7Rff
zRO}$%>%)iH7OXwj9lqSMyjvXlpiRO!Ebpnv)p{i$b<B@G)#UZh^OjJwrF5adJrc6@
zPSM?Dop|_2N<#aoQ}>GT1JfQt-x!IJjD&!|P$Gnjob2FG+l3PvS&a2WeieEoemLE&
zuXs*rPULf(G?^m#v&hH=r*kCv8_O40TS>*X$iki0j^wYqBs#U{?kLK%NH=Rp^`t15
zdlZKLK`vBuU@6Z>%yqn&H##H3^cr%)VTQKAq}}~S0^h-Dr+g=i=iMgdvu$?hC*~|~
z-OF}xE1%ZduwR{8PjB15-+gIGF1+>(lIx`GJ1Ml>n={?o@6ea1OpHAu|2ZPSit8oe
zVAY4S-jBmxj?cGY$+4xSNBC_v2tJ3eE=L{T9nf(KkprJ}=KCJS4|;>xC1#Zj_mHj9
z+*H_)SYEGx@p90bgXaByWE=C-Xe~nzZAydWzi)yyyxgCtuwr|nghnIrG3WHe#C@p-
zExkL>=yN+dg(AsS9-zZA>XAG_N?iJCQG2<*t&I#Ow1Nf)55%IxITuhL(r_BKVc=T2
z8A5l#^Fa(xQ)__-+;q^k`olU?MV4tNQCJ$1&EnXRX}-#G4pL%C2Pp~_m7YwIrFcBe
z%f=!+Pbh#!Q0o?{lMxhla+HGPuO#@RjsD@#a$Cs_N5m=%9;a}Swq0PjE1w2QX*Yt`
zeaNuQ-ch(N>3`5*QAXxcDNM19N*=v1CB5(?|K|^S=K{yu_U`kwC%u0(k9XLNf5v)*
zQYqg;WUfZ782%Qikx3ODJ;WY9{(6X7Mn%MCdK3SlUIUluSuUO@CS~}VDh?Dw96N1t
zjDU)p=vnuy)yC(A#=iOmu0JRI#g%TacWczivI)jgd6fkjDR+=N2-VM19}JR$Pa{Jf
z>%uO=fLE2tVe*W-+uHR#wdHz)zZyQaW4-LB1%^CRJ$Gg<RYXK;HEpvjx@kpk!rIE}
z9Ls23qjm^Yb&s=9HF#1Oss}Egb;wF^wlYqGdAjS!YNl<iiDT=E9%+6K7#%|EZPO7U
zX}9u*faaunQCwC2bI#-T*I0=z$x|@+l@|Mpl?1%tpXhYm#l%5;FQz#<EunK7$#nYa
z5TiF(p<#PWR5`yuBV(dCJEeMV_#mC*I;)5Wd@w<^#)<8;#=Gff8^+A1w@P5<22y8X
z4_?X-Jt|+NcLZVd6F4N+I^g0j>O+1YV@3E|6YCLL<S3{s=)Tv@@5w44KFN2*8xo|F
zWs?kUBMbL2R|I}iI78Vl9Z2i^{N#+fsP2JHLc5=M-9~Aqx?Lv+v=d~OPFgNvQ!`pl
z<eKYUqs1>fr=gao^%;2)U`?&zxz%gaRa3z>(SBfZmKS%%g-}!8|7w_lW<LkJ>#Ffl
zAiN);_f;fOK3IiL#gK+=MbKt<WJxL*my+oEY<Js`Dbhs9@dT%Gqhai80U@?S5MOk4
zL011T19$)qMjH98<shGTX(r|VIH|iTOV4T-;XuP(mJ5S1<$R5pnM)Rg)Giw@J9WSt
zXu}q&)kf<>3imN)aGXZ`_m*hdOj-mVG-nn+wRF|iOOYo2dKkI}*9XpTI)`Vc2@4w<
z^d5h32oVbRk685vMP3(PFGTrnJpZb%_hXs|Bz2mB2UX3OmM6IYk4P&XeQ>7$KZ1{j
zQ>}D+Yg`o;%O@`Ot9H;=4M}vP>Tlf^wpW>&&9uegHH})`zA!U9w=A;N66xlq?YhJy
zwmvnDG27tAzl@JR*R!cSXpyDK#dC12mUeX_&$c_;nF%avWPIE<hdifS^sD72Zj&fg
zyY<s_K%e!%JA%U53=0OA;q))C*>;CN?w?me3zUJHNC=c@?tX8}Cp<}5SXhF*q5tWF
z?rJiPNp&U`)IC1n=h0>Mp?j?=d4(tw5V_Kx4FR4fa-!Z7-3b5Ieg~be`%;wN@zY!4
z!8l<1H<DoCn+l<D%7kW*{CpSK6xSNxYo)ahrYPJ{n=iuD=}!dKMjhDJdz_kK+MwgQ
zyj+XWyIvYFm3#~P-j$x;htGI&<!eSL>PXUUGj|l?6ZxaFVz>B~8eEZ(jieTC%MHP%
zkQekdjdGg_hO%)$=`$vHVbvoq&lz1BL1#i1mT0@H%I@H9BI2`jJ`X!=q~26eDAu2V
zvrBiU?Lj7OgzgV<N-f-DfiqDgZKmwOkg{_eofuInJZ29Wb}yK|FZ`o|$vJWiVZF)6
z9G%oYevKB%yNxJN5EjQ-yZo&M_#qyB)q(rwp1^CWnM%~;fc$08lZL^J=nee~UK=eh
zE??$Qk8Z*x%gS7Gmul#1<;a1K?<28woVQ4PW1bE~WOO<OB_lh1LLV*<bj(}`+MF4v
zRrg<Y1ZhmNglpkixC@5MMpp~=9o#0pApLPM*J(m=&ystvd!C2|n<>k%si<}$pvS8n
zoK|ERHRB(8P+mSeHP39Y$WQIqF+P8K>lVItcrD+SBh|+~K7BXpKCstkwT<iOY=Mz{
z#bp#9u-y=pOU0z5=Y<dO%QXiZ{9`t#aoK&A-IK;H-Ov^Mn*@nxK1A;5+WKWCs{_>D
z`)($zk6(3m=HBiYFf!*4G2?gIe%Yg&rlnapZ^-2Ayy?;{<yt^|GRRQHzt$wfF%S1r
z_cZy+R+KH9Akx7g=QqHA!w+L-10L!ZFJ&YnFMi$T{j$yx?KhD<$(^@<_vsJ4o`Hjh
zf#1_cLO^5@BL#L%g0I=ThZ<?@k0VpM+)jq=;X;o6?B&?An;qa%xp@d)Il`aw%fgo;
zw05*e;LoO+|9J7+2$?V$_VcgW-p^4L$cRN2sHXj{FRFB|$8FwA%l|z@(ZH~@P;2^O
zLCn{vB?-l`dWZ#m+|(>tVLJ#me%+_sT|IssAGqIKyfl-&_Ku7!BVnM{2~~9b==OdO
zUE%cQ>}F)xG>{25eebd+yG4e*7nhi{!(g|x`JL)R$yIGGWX9GUQA}eYzxG~#26e7E
zeO%!wqy}0ru6^&3=Q4Xpg0+qI@4Gg*J2@wHnyn+OU~c?l6E&i$+G)l%gvV=~Gh{98
zry*`=7(C)BIQ)MYP842mC9W~mSi+-~;n5}O>UqHe6Io+Sop8gw*BuHx`4{K1pRXCc
zkY3r3O@kxF{sKDxar)uh!s#xV()KjHys5SH6ILH)ImAW&F|*J|HNd~)Pm5~PLvEJJ
z?@xJk_sOX{5ceMZ7Wcell+hI&pyE#_5D%(ykBVZxbLUP(M1;7X#pdQ_ruhKj-28lf
zSC{a>GWd>P*Xnnl8gnTz(U{Ht8liV72?FUB98F7A)+1Wv@1uL*yYa<6N9?w@oHv#W
zwo4~FGt3u8t{!G(E&gh8h?SMFva%9L&_X{3Ax$1Sy#<&3Ki$(mtn>o8M@NU*e5=Oe
zc>^vBQS!2C4cDS8s=*rNf}wIFG$$ps2fl2VPxTCHoWx2soGmb8_sMexu^)sl7Kle(
z+0NTcj`Ry!9UVew<^#S4%`m+`A1m-9T|wF!g|J6!?_M<<W@ijijLu7Iou+9swmAwv
zl<@E~Z<M<D4P@G)H?y^24^7($GSvexz>^{p1ZF}u6OT3C37Pj3nBek7qJN#Tq`9Z&
zZ@k2O^?Gd9sPH3-f7_xBxA>Y`Jb1c=4{vR6hj%tu&2K!yQh4r#wDy(C_SOlZy)Ev>
zs5_raetP|M>WRY(OgXM=W+#J4A(uM4GGxp}O9$N3DTqgeM4nEJ2kI~>+4(!n*;l<}
zE2S@*L~gXk?z48uD>V7owkzm~e}@Mj_uPHwRd0uw@EmqwdNX>OmFu#I5zuny&l5lu
z!4uSFR5UcvF);*06!eb^hCT-#uc)mJuU`j6#NRo;V)M&$;o~m4FJ|GlPOiT>2%gsN
z4W0Rz6~6r70;453`Ug%<;L(&<-~q*fL|5fuV02cqgE$jXorf8nmN!*y9nXAdEMyZ6
z4Md109j*A6)Te0D97Rcg)^J?ON7!zJ7Qjf#;T6mCMmXP%svRr(7j~k*0nlY-V_jRA
zb}lV(@WOtGO{|Srr<c6?yBoMIoza=#VoyNWv)s8<jZ%a{QaUDN#BBE-z0O&3*EZ8R
zv02x%S=Tnl=q<v3_oJLW&b5Fer{rPOlZ&5X2TSfUIqs1pBJdl)v%L#ql$S609TwOa
zMI0Us4&Ir-6);IkO2SDEk2lV&uC8V}t-i-)2rw?cR&jL|TU%R$gT9@n9LBW=dArUJ
zjgK=1b(-z9?Yy{|op|pahK!POeKDP$uaTS1x0ne(t_FB|Ei<z#D+9f+3$hoo*%gCt
zdMD|rak~^Oa>^CYoOXG1BqBMkBe`>Ie7t02<PGFe;T__x++;T{To-lqJu^x>VoJTG
zG`!~F>3NEa>)?jD*;oj0`xO;lGv!6`rjT2}elBJrI_hG1V{D^RZ`+r1xKT5_Tz(&%
z2mMdD6^uabh6DBnKoFumwK4FlTun$K!V2t&bGrRFxAXQy;*z9#R-HEJ^Y^W}%huye
z&nesQc<%n-w(O_v$dMxLToe6I&%I>Oy_MLx+>OV=uJ{ewm~F2c{t9hWjBQ}9qi0Ow
zJHM7hQ-83g{i<<boydG?&UtmBFimkvTmKVTPKhPrG&6W)&*>!QlSi21u5m_3jiq-^
z7C3H>emHKowX~Ly5mvFh8*KZDUh)HU&2;sOWDAN{y%n8Zy5axbxeE!)*_7!7g(8ki
zy+v+BNLg_=s!|13`n;4B_#q6fBWWFISJ#|_p+92So(voE<`hCWHP$eGCFqnj!5uiw
z7{Vntp}5>2IL)it$Y2?t;^lov+V=3?ZxcBn$Jz(LYEWZ&fi^P0O5fO60=46G2RA1*
zgHdh)1d_CK4P&P^mO_&tkw7#2!O$E61YUvvq$Z}SyzFR9Z+Uv(^d^0s*tFRfV(6zp
zRz%jgc#XRHzkzTY&%LeFqLQ~RicSHx)!y!n8JFhZJ*=xPana<EdJFG>%Y`FyvFcJw
zr9vq}tVD%R^v-|>D4!&%oq7Lpe>=_eL72U2V>Of3;US!a&gH$(;fT$A=JdgKsklwd
z3nsDm&RAPAM@yyNP78WIKAZU^kuUHNKpg^M*V$u$OQkBGzW+Xr&z@1i@gW41jKbn~
z?;hLQn3v}dl{+sfdFc3YQa;n3Pf2PybzoWG1T&B$XZlrvadslDD_j&DKSO6hHzPQn
z-nw{Wsd{B|jzb*Bgu_!1SfP$Mya$K(?0lap7Cd6GDJENMfSUf{L(3eazVh(MnKFh4
z#w+Bm3=ac2Gun+TkS`U2-jF$(37P2Kp<0^oC4{zCnve@Mg#b3;J!);b6Fxq3_D14F
z;%TKGLjK1F)28~llluD_gDjj9PJKX4>2=ZW)fY!iS$YcVMq&`!aF=~B!GQ%gMXP4i
z<DE9`gy{?NM=l)6_F-*fkP|+ZSX|juRXjjYZk|>U)SRx)(rdTjsI0c$lac%!(dP{|
zUmUxE_5pzQH&8-DPw!|=n27hgcPHQk$uBF=A@?KI^Tu$^{4)j&&7LT1TAk-=Y8jee
ziT@70?)&`>z4n1SECLSU>$rN}+d%wY*jGnOBhQTU^;w-ejSv=Q^-kpx0kT*<A&;QE
z#Vj$qs6Y7#!k>RNZC`pau0n56M=cXSxcgy_>40X7yU<*jc3<!kV+NcrdN&|>eZ5sr
zEt5q<V=1?0d_WT!<hQQAP7v~NMbGxlQRETGR)55QEli3a#y5FSoYEfr2%4b)3Z9n3
z@~azXnqQwnw(x)A>L$%MiR65)?LHIRs|4-a^TZ}w@7n=vT_Pxi!?hQdg9imd<%FG-
zP+|w%#|i4=6y+gUaNb6|2R?s34m_0C7B`_g-&C)6^34iNN^&yOlbilcAB^Dn4+7LT
zZnPo*_DCoG6WjssU#A=Hq-?%=9DIznew&XFW%wajb^ofjSJ!fDjPWH{OfY8ppL}2s
z+|kJ89yL5}_-YVQQYnH=vFlThFP3}X_5=lCVLS9x{<!<An3TlRCBsr{>g(33cS*6&
z`{WA3#H!5VeoqhUo67Keaf&KyWXR*k&j>FhcmgVlK61$76Fzp_J!2M#AvB8Z*>nAn
z!J^$({}ChtvL<k*;5+IFInIH1UCm^2+1Ri5gnLlq=;7D5tJf}X*V$g;{wk@n4>sd-
zSASB|uG#TSpywF6ozYnTH9;z)s_HoTT&K&;)(mvF8#73)u8B5s(WwY(rpa%S6*i74
zcJ=f(PSH9ZsNcG$wYv6>bZ@KbJDaZKF86A}Qp?xgd?10$;VEN6^VH*QhYf*e$!W7`
zcmgNumfvSngHt^>(~zutc&i;M(`fekBMFbfi<nhrbU1$UQtEul0`Ka#x%n7rLL28a
zb+T|}V~>$U_a7-aQ_ZMV6r81F^AdQw#s-VkR*zQSZzNmJwzL|GtsI!yy(@XR5|b(0
z5dHM_fEV`UFgUxF4<za2re@2tmawoa0>gq6eyJIRm%rqCJn%`dQ&4gL{E8KIi`Q;q
zPTX9NLHJ#kdb12EuiR+$8Mh5bH-7Cga>xhR?AKTCfnV$`O^_N?<2VPNwL{2J%a;GD
za^nLqiY`uj=!d|--oM3W=k+vx6^^dcN*6K{+$3q3Gbx@ji^{P@U_hCQ8|Ul_d->&*
z|HNhc5Xa9JT29Z0oyoB3?H<|n>l^*gYBg|G31rx9<R><I#Q^$O2)Mu-dyI%_rvNyf
z`C6d($VG_?!Q({%;|oG*vx1mC7nFCPK0Usvs)F-G*_%>U*URAsN?S&Svze`peAL5R
zjL0Mf<f}KTGJ>Anz<SDSWOomjG#nE+R;G8W)Z4a3{Dab@1y!zj0U3l7MN^TpFiBDz
zyloS5F@x01!wqV1x3ud-yTKR2K5;K6^c#3~2DZQ-VC{DRz~czdz<m5X%ncV!IRLC}
ze*SqE;t^zJN~*erJ$ZXw)pV^R$Fx(RdpyokjK17F3=TE^Utm<Hh5#^4W){!?`tb8H
zCm>{(o0HJv_f7yK{db1?uL$&Cane8B@&8Y#`QH&Jq#4jV`xW@~zYYyyX4cUH|Lb?X
zmln~3u81ET-uWHk+N;X6;Tkjfk4V9wehVT0am+yReC(>6&Fb?bEHDAw{A+{RVF2a-
zIwe4vo)Fsa`REftvZKu!k5Bp;m+t3u_z|i7!an<Ga+5Op@t{tJ>L<U~0R9_%mDTo-
z-nbLeDk9|k2vg_X=Vznv`p8<BnWx~^m!oLI{9i|E(!I#}Vz;$!DXcV)P__sc&f~&M
zx^%*pCXF6?eS*jbxg0R9cXWpBbEm8&SVUF!^e?s<?%+$keS`LJA|r6I*o7}$24Zs8
zJU%W_pv4vVZPmGRvr+FqClCAub^mEi+-)r$dc?DKVb4aa1LN6gjSTm0UKtktu{mS1
zYPxjFx=pA0hqimHI^i3+<9JI;OJ`X|Aw<1N;JdV%4%F*_g46r*@w<1&!GSX-=cwC}
z0)T7FBzP96c<>Cz0f<}=J}DG19c6c``dTb4du~_0{Q)u$LU;-(8T_rN=umh$G)?|H
zy`h(qNWSmkEF}A!w8-}EpKPY3TItrK3$vz9`_?xdjdvo~8s4XzI822O#~<IbJ867s
z>g+=JshyiPXKu@X8i4fD1T*8%$AP9&=!=R=k2B&&d`mIp1ubX#qW3_a4;)uTjezIi
zvrDVlZ=7AToi~?49k1NHd9S=w-u%Q84~hsNiAT9efLj~ZgcA5m=OqWwB9hD{dMWAu
zkFu`-t7_f4UK<3I6qPOo6%nPoB~_FVMWstXknY|pNJuD%2uLG{luCCB0@4!FAtK#f
z|6HE9=X~dU@jv&u&y{^)ul3e^=Nx0qIqRi=Mt&zYntUx&yFQ2pa*%I4+)7pigaCk<
zc5Xv?m!9s5B!&Gel=Tm^34+P3AHhAyrd~5{g_Q~5fGwv@MqEcNesKdXU1oWso%eJN
zw;I<zH@4KEI5aRg^axSbus1-~;2VM81dIc4rx4S??E*aae$HhS-`8C|d^?NM0D>C?
zdtVQM<vLRphfD2Nas?a`<q-0_-(2AL(W#=jYw`h1GL*wsMWhrISkc(i#EK7s%%%3w
zqi7U_yth$11o5X^Vxmpi;yPdKz3r0RRr;+BvjM1-(Ob4b7FT~>1YO@W7v7-%6`JQI
zM@X{iCJK%7`haP2UVKlDzye?_+L*U4h&=r?O^H<8EyqtiezpZaP}sG@5Gl1;X-U@O
z<5=zQx_tR+%?Kn>gpvjYH5aN|A4i!o$~}nAa1dw{3*Waad7A^uclj`R;Uj*ck=}qe
zHx%scenKe+d4=ZQLN@8(hpYPFja9zuq8s4Y`6CLs0{~t`6JAN@k(^Hf4--^Z$%vB*
zypGC)ofa-0+P?%p8|s;!Fn&tmn0g$rPkFC=p1%=S|FFr)MV4oWaQFc92l!%r&-3t(
zr=&NE=)>tiPKxtVp$yCVny!1EG${(dJ1^&ImCxHOsfB<jW(WyNe%vLp#s3!m!e*sg
z8!^1J1at^<{z4sa6B!^hU!meacfFrDIho!Cq<rU9?5$GN#Y9FX7c*gXfxRnTYULj&
zWW(XESK3~C-S!o>*XMSJ0brtlDV<nB$BbAPA-**b{9>MV;pcpUqQrGJ^n$D=`FHd`
z^yw9dj#vwE*UXV2xFi4Lt#&_)*C|pw7SDMyT9nHv(t~lqUWA;_iyP&T;nqL8XF{Am
z*9%l#&En_7mV@PzY^wlcH((aSlq+O`FWxF%{h}3uX&bc$f=<PGJh*=X3Ms-U?433c
z>YWSK6YM=G%JsF2?pf5!AXrwQ%~Ul_5H3nYrb7GTa9vIS6?hqt2)n^lO9nJ^XC<~@
zi-QVxgt*vk;o<Ja=fXeP6g&bcDlLx6Dch=1`|8mVq2TCoJCRZMogAx_)_vR;bO<{;
zJE)-^u1vNjm6XsSZNtMMknDR>Qj!T0EO|ZS{(?{c<4`B#|KQ*~zkYk9DvH4Q{SOTM
zbCco#>(9GBL?S${$_4CgV4V(Z#|~awE*_qM&La($R+w$KRs9P`_UVDMeVdk9&l=}B
z#f{(?ngm_Z5a-Y>3Z9>594OmBF0D{OwKmf&^P${48J4M|FvCdvn+X!W(3ZJ5nN&h7
z86zcpZoRNC(>vz~b_yk-v4fT-$m>gvB@FQAEZddjfq{X{q8p`}pJM_Ha7PNiIg`Kk
zyPRgcViJ1{SI@&kJl|?K7ytuietrt*?Bv}vA${!{acEeWs)`DhLDUg6axFjq$C&Tf
zbqht=<oZ^N{*9ee=xv3JbkFS^j;f#rO9brBNjS^Pllylw1$GMs=xMJIz`lU{FB_N_
zCDzl15EM74S`9Dwp56QA3?x!-xn0PvIq=<<&leXk@5fx;&?A_WOV?<@SiwC7L=37^
zK(H9=CuMIlszFu&8wa-6b&--zx=#eaokh`HCB{;5XjO)@--f1E+<biAzGO^^zeAe`
zQnq8YM+VA0+~gM`{^Ixp`tJKTSlRT)>e`xHnWd2taNYYc4u_GHhYus2FY6R(ajdSl
z>{d{<8J+E1_2m3TQ%d_|7JEM!`UM131M~=b*oUB~1_1egfFA#0M1J#Pfc#T2Kn4n|
zm|zuvyo8QH(2eu(K#?7RFDXN4#aY;y5uCc~JJ8}Ly_JNN)WF*MC}c5DTIPnI%$^eX
zNJ}Wr0slMi@B$*cnwlDF28Oj6b79Mrp5bB6U2f~?fuBFm0mSAbNou*B-ul+}R1<bP
z(6zNG!*{93rfy-QVaf2EIQfjjy;P;d^y0?sexAr{Kpa-bHF=q(bW^^lkBeR2a*MUa
zhaW~m9I{#sK5XtyUJs6*g0}$;{9!Np*W1Q<8c++%Tar|1*Y7e7nvHN1=7>u`fYQgu
z2dQgO>MM3&4|w{NoQ8(Yi*d~VIIH!>ymo~Zl(yf}va;fIb#?vDi%IRv`{Dap-~@Bo
zepLNEIzpTDHGkcLuAUx(u!iqFJ+=eaAgx_-({SXgFtq6?FP9h%c^tiOcEemHOr3YV
zBKD>F<KT{9nu_6iZUq(F*|!^?7!~?gCOrq$oty-r_^h{N#KG5MUAo27^R*Dr+%*t`
zAG{^Ii^>7uTwPx$grSI-@X>M$37tdX$o{srXTy+e-8@JBoQDe}4QbwRjBISU*XIYJ
z=Dk63O3K*h=PW>Z!cLG@SEsZbD)rYcaZD&EaFSne67f1Yf#O0{04J#eRP^wv6^7Os
z{?Ukj@*D+^2mw6$#c2FCVMnQ-Vy|4eQfNOFN`Fp7RMcjD_O8*rdkF~%`gIH7di)u<
z{$v0C`6X!>6{s8XCsTBU2+L}q`uymEL+h9_FXCGDH(vQy6e25oz6ucn_1d4`o`|D&
zukmi&j36IG#Kc%)>|biflRpPS3ufXF?#N%C1B}#@Yq+#4v}N-S>*mA)n;YOT{EOHA
zPqJGd!!^h?;lYEr*8gAL?Y|xQ|0W&yZ(jT#flOj$<w4v#AS212U;W?ML4L0M5N1bB
z;d~EIvVMsQ-(HIeu6*T#xGha)<`19~iPJ6M<sk%@j4|77u+0zb<F(>}DSPP(>#1Z^
zD-iND4ppr{%RctoMBqL2=Q5RaPSyH{`EL$;c@SMmukT5a903QnA~-XX7m`BF`!>=X
zE#??DjkjpQ_W<{3OzvK|Zaoyu{>PI1V`Nb?fpbZ{g_~zRiO*a2*L@O9rNFqk?Vxt{
zvItziDZ70R`q4J$CBBV2@aL_yT`s;7Axf_V7aHijM&LQ6`<}<4m@HiKWT~D08M9*E
zo+W(?_2QOraiKbj*8@av-@dH{(G2`e0HfHt%PhEJ&+N~7z-t@-x7^RaQT+el(C%l6
zmS?)(*rgj@vY7B3R=TP|i9+{)nC{w)yzh4y927@^Hx%QaEi$|TwN6hWS7a~U^mm4f
zXy78E!&&MBzJ)&gfmWgOy+-7Ynx^Dban?Lz22npT5{9GK{<wbAp@}0yqYUFRxiV^7
zbe2Jqk>S9zAJlKC`UpV;qDcUtM1uq1glg8RH4$uK*cAZ2szXOwKY(wI{ZJSV0vpLJ
z6107%in_!SZFJ4(Gb@vw7V$#YIsD-Ix~86CPFHWx2T1om8MYoBqu5&JZJ<Fz7r(g@
zbk7*wi$m$AEmvSI;Dr<NEvGl%o%k1t+y6~EVmDY9!Wy?HSZ)zFyt3nn?ig@3v#5sT
zA(~i@yPc^{C!xK*)^8f_d$8A206Re#q13840(%d<QCTJ-oGa;Zj;J>JWr&L)GQ{b6
z=t{bRw8428i%iF~c=?*CV~g<aLPdGZ^3Kk9r9Ob~fv`0o(2|$vT-tgXafk9)z(w){
zUsmP%M^gzE!Kf2(N_0caQC=RR(eGSTTXB1LHkVA$NT_vG6CzPmu83G~4B^5SHyA(m
z>~-i7G>G_89Td$ByA>6yp=jiYJ~zb5AZtLZCoRcOXG-YlBq=JkR)Lpb8G$Bj4!RvI
zx?K3boMiCm-yzgX*(IKXPevVBAPfO<*_})QcmYPS3;0kv|CSV8?%|{)V+8xjz<~%m
zd_nhd=aJ(kxOMd6!oVdug{qTPx<TfttvGmp-}{9q;sWoTN(i%b0|qf)R#s_CJUB2g
zv7|&{A9Z(xqMgXGJDS*FNu|dLmn0m~BvzQ}l0j1NmzpBFmK|Utzr;nQdE{;eV-G4}
zyc3u6AzTBudwSg+4I|_HsUhBAKFINET)1@QU*ewsleEZg@LDOJDTLc7bGEa06b)xq
zC=ao?uLvMguEreYq<d9!GZmX=KJ*BLz~6Z%krA7vPBz?;@v+pOQ{0KE^@o!_P+>Qa
zw<H>;eXEyviRzO^OF(3_1Xv&pyZh_cQ3z(1EzBUor5Yx|X4BCQ&fD#J_8hDd0hR!!
z0zz%~5|kvtjfW`bYV3=K9-5#sL#r@hE-WnhQM=jXe#33pTNwvaRDr=!06xEU))AiA
zh(8TLGm1M7aA;EH(}=Pp{X;NxU*wA;!IKB;Y=RF~7JTGDJ@hZ8g*QLMRgB1byk1cM
z!Ny*zN2=ZIwcNOx0%i#DWDjVdi@hWG-dtilkACUM#381$MRvb;az6Jek}BsA=XI(Z
z!dZoYr#7wA1jyiLlT!z+6s_#Am!ZL}eTmrAwPN?~K>$$RThv?T=I2*U*p31}0JZZU
zKbC<rCzkF!>R18W3mka35eB3OL(FR?kj<%&**05^4qL@hQ4sZszg9}ENABFV0+qli
z){W}q$vac?LvAMz#Ca?M5U6EM{)d#X!~R6x#>qD+NABk}>qMBFuFd3wsP3Q6D0-8P
zZRXp`?#^&9?>kV{7liNpJ+>)#r_=;7s=U0sjmW8Qa~Gw&K)ndqLsEJP0o)dwFdHTp
z&`zW$6dy^}r{B(lc51yJ*a<;@|JuG3ZZ%L#Re_yUh32M1LlR(w@j}%(>#x9R08y$B
zgd)%?wx0$o>1!ni5Ddt`+*+i|H%ZZ-O>PT<B4TqaodUI@AZx_kv;WqE!UPci7JJ~2
zfLR#_p5o{1tTYIi*wuYdJC7_<BM(1(W&^F24NrUAFvq9&{c~uj0tQ_V9Q|)aldwR`
z{TWKX3dQ_KfBD;_W#-eEn9+)JBn4wsNMO=hrDo_}e2T3NWBH)7F>B9^uQBZB`PPo{
zPb~2ND>l;d)NGD<uG&e8B0K<R)r?kVYdSU*lmQZ!nHhVK1dYZ6;7XV%*d&Hm7A~Ut
zKEtV7#4#M~IeO#5?j~=t$qyVPR_vm0a#vGaPfyq2<7b@ZVHKWx$`zlpV@Sxz4B^s2
z?dmU8!ulQ?!7pK&XFnU$28c+gsi}9I4q0KiU~AUrP~ldAoCHia&{~h-3=*OwjnIEF
zAf2kqDMWW~t*LQTWVNF@uU{&r`a4~L(KBRY(-j+TgUxZIRd>2BY$vn;8U06HQ9e5m
z7nJD;LP*@Mx{@)F-E15t6U7Ps03dPoGr)yGwbBu|Z?z}wMFv|Q9m0-2C%<z+y`ag=
zY<eKp7Y-sy(HD6HeKH7dJ-Z62lCSACaKj5G`|1AcE4Hg?d8Z8A<ePlsHuQ}zSEunm
z8-6N-dvy9GYhn5R^B(OW=YSU4u)nik<ju+G1p~52P_2*s2DOMe-w~VZr=h10ZGCxx
zePw~av<M2>`Ca~Pv$zUA$VuvXAea4V<(fKO2I*SqGm!``q{BXtptA1E=@9dlCOzaP
z27q#|yARHpEi4JkbRt=&E9%~OyJnZfwqqG3B~zaa{iWSW`!y&C2qIoOI5x7g{?0dV
z^_2F^+1uNX0lD7w2?ekHF7y9V3cE(^P4f#3ve&daDT;HvOFlLcBi~LIHiV0N@;bP$
zAYs4S!EGR~VZqBYUCLROMHBu+0$<AKzd-g7hC+QKs3tV@M*B-W=VaEYUH6CebInZ(
zQ%z?7@^!8jyrDY$uG+@X$RqyIf0Vg@cdr*TI42TMv9!-T-6xqk@-y50?6!Ufl)z4&
z`pL#2-TBR)&nVSdtF!0=z7z$_5YUyNc>SXilB_Jq-cZ%&RWj`0;2@N)Th3-6CHP_t
zdxr`)-ia7%2L!`)1)FaE*WZo?9Z%nI8<=wN8d=`&L<Nv~BfkWp|Nf1nSSZ#7Ej`#Z
zG&L~@$YCIiCqPjV5Xcm2Wzm#Dqt*p#WD?YNQNiXtPe1VUFwF?)t`)`==u}PBHvO*;
zAi=V*u%O`}$dce0C>~+apP%sN4IWfn0O&>D#bqmSm=!nPBs0Rc{gng$^=}P~J+C5b
z5$bqq<i3b&-_y36(E)Y0uQ2v#ML$%>9mcWGGW_qShy?5J@Bh0J4FZV(01FHjhRT-L
zpmj;1=iYYU5IoBXo>dmRCny2)47^1r$RZKk_)xB2B+j3eR#8^vH$1|9^(T2Sqc~wi
z(;0$FP}uFR_2@45oH%h}1b_)%*9tRY>^=Ux!kel-Pg~Q)=jHG5PityCcT1zV5*eg6
zfA?O+vxSEe#IQ#7T1T*JDW?X^=Bo34kcO1(r4Yf7r$R0s{Y3+zYRkV7Na$`ngI@_y
z)Jeb&K)>YY=O^XvE|#TL^k{Eqqe(X`EbK8<rK_;YDJkjCc5rY24N}`=79ZuQ^nH;V
z=Go3##@ZN5KJoRLe83by&N0)|)3QpM{9XT^fk3%(<5D5Xk-MKu9SQCi;n&8b$qhu(
zhCIFQ?&EvLLb{w_zNQ<RqX261Fz02D&sz^qT7C)}#@jp0<WJu5RamAM6i~@0seayg
zzW0+&K)1x#;kNif!6UcNo~t)ES2DleV!b_nYnuHg>utBeXjUuZeb2DcVO<AX{&#Bc
z+Eu59TXP}X^VPMpqpcIZEo~OEV^2kDZ+&$hjBFGUOLKp0m-_A*-A>00$C)x|HIIVD
zh5K3A6%|b4;^Lr!N^Nm)a!RVG&;`NOS3$r-HlXK-ottbjF<KVtd_pZq05k$1oBzd&
z7kWGEbFd|(AYm1H^0Yy}dN2GDfILB_*yW6`_n^*jR>=kX`GqgzhFhPER`IQ%0maPA
zUlu*rb){W#TM=TF-3YFz;38Xmy`>;&qls8KGo>tOG8-eaL~?Mzay)O82BfvTAkJ@v
z<#Wb|{+GM}`Jg&qu#7LLkzvT?=Kwbc2jS2u^+Q*ahvygo8@!&nuyu+eG;Gc`x%D=Q
z^*l-(W5ll%4#Yf5G0Zwt8LZjU_B#5<8t-*Y4x@zeZvKDWDK{SLgpn+n4C^_~n$HG%
z1a0P6wV5w3<T0jp9szFxO7X=`C|t3-uIWZl4uk^`Rp5z(o_eCk=C`?8MK+yqadDv!
zXO3+@if^DgiGMv5$wgT`Ml!VtA`b?1$MgMU96aUV7Ciz~%XN!A$wkxqS=L2bs3f9V
z(CTqj8}_kpFre4mLO*v_W`7}t%xyR$4^Tz)P0;Q}fv^|{1X<p{lr(=xgqs~wTgxL)
z9Mm~&&(g)!?+{{t<E9KDD5#CO_UPM#m)UMxA8GrY=Bu2Bvp?lMitf!f6pV_}Kmeq~
z)Y6OkqYyfvzcAw%q`25^(QZ?Hph(jjbT;}Be$diJ8;?ZBd);UV;{k8`S_)>12jZz@
zlkI&c+y7jkpOLp9&E^A*#34AGM}A46|2UjcaGZp8tlUcsbs;(D9nw2Agob1fhKmSH
zRyYiR-|Eg7K7<w`1lG!MV@MKGbx0tL0IzuwC>lVl-M1FPQATgMWpW(7S^?PwGyw|o
zg9~<eYfKav(orDen7=<=Fy3`Z_!bVtJiz*c9GVaeLN?gwUsEOi=T}W3#2yG+F1qaA
z#Bj|U9fLg}zwZFl7$DT$-2&)*LGsV%p756vVYqtGWC4Q68Y|sNTag&liGA)gA4-p;
zzk_(6fdS2WSY7?nqA=e!3rQ8#a~n*^zh&+4Anzb&<&SH(`j<@okB+uKiob!34Dx(N
zz;EflhbGE_Jm}<u8mrBj%Ng!P;0@vG$#>s%XV`w+Zv!z5uyncf$nYDKr`=#+zak9e
zjvfTfMcVls4|pML-ui38(C?2{P<A7an&D}?5i#Ym_6<Xh=*E=z?I?`d%#5&wu#3F(
zzCFo7=<?tp_8068X*GW^*d1Cu<{w=k`k6@(S&ee97~;JJc=SQMW}8is76gT*Z!@Gp
z#|vI$nfoBP^|nZ<!_I!PP%h|LUn^ZUMqaZ(3<9K9SnKj3?4L}`Klhb~#V2RA82$;7
zX-<F@nQ=$Dk`*_3clq{9_FvR9^tsdC4%^+401y&QbNb5*hSIJ^JrMF(C)u|fz#h;G
zj;wwY^!y~L$Bevu@dBhcr(37&$3|-mU~7W_3q-6oLO%`xf1sE1O+{S?17{VY+jFHh
z1i$fdkmdlRN=~^~W1Q3Q;qAL(C_x_lZ-K$j`T3>4q6fd9;oyWHH>l%cWRzWE>uK0q
zlCs}bX7?YXK^BJCYST8w=tXT>#>c{1#^+<C|J8aWrUemHR%GX{(jX^Kv5^3703km_
zhTmJ~|IZ>TL`qE!O1aa6NPrMdSyM$l?5ItL0XICU=)tXZJVW+tkCWcHRK4;$_v}`8
z9>~B0o~yE7Q1^Xz@EB|mz7)t!lBcN6IOG;qo^nYvtrQMXZNZ)qjml0a5@?<=p~?Sh
zl8_V`hxthY`B(OVub!*-2d;`NK;oV;a`Wh)GK16G)=H_z_x8>fG=Uortw)<G1WGNv
z<vS9}$~xy}wzoH3o3%`MNUqJyNS;LcxW&wTuE=pxA1BBA*jViN3SXWJKKW#30tOPM
zm*zhvGTBKF!8@buk(HkkhEX~7AAO#wBe=v;9n&b+ns^Xcg=XnN`Xt-7zAECp0D`Na
zGCeUaBlTvYI$7C=86UG4aAhE>?)%QPPK+(*MtG1G3Sul%$~z~do}HvuRcp$j=!tqe
znOz;g+Lg%L(?7CE`6iO%xpxA4_~C!^5+DBk`RjcA1t%|x6I3WL)qN{{TCJm-Sh*Y<
zhuIWBqUv#=w^hu0QJe$acYc09&Vw-fHc5;jrtN{-&KAhc_w`_yui2qj#kHk$5m}uJ
zm3=EdI!@oKDgMg~#9db~G!E^_d))-n@|WpmzVUJc>dkXfM_+U#CXI$h>wdB2r`m^!
z$jM#WyF|TT27AKC`uV*ROq+ijZplX+PTLMuiBIo%!sH~s(15p%{fMiVUFGfC`K&c>
zV~rPPhVXCcGRsiA$t?OXwyyltO*)bG`}E%<!P6i#$PsOC=UrT%txy$4f)D6TkX01v
zx6aZ-cDeS#Tiag5@Ju{i2#UOt$n+x+{5z>{P-8cr>_}HoukL!|i~&1|b9;L;TCMZY
zpGF9DKuvDoq&Od@XUt3V(mSLrj?0z18sFIV5cUaVi6~*x1?=OOu5)e^$hS#yJsMR_
z?<aG`ml{UPjZPBcSCZAhH@=m>N{TJx6jia~?wRb<z18dwSCY%)RMs(@1-;ij;j!1S
zqgTXn<E8%=x7_S5GePJNX3v4-Hi4XI`&!M<dH#gV9I9rEK~vXGpOkJ6zOpICo#F1R
z4^2WK8;FeCwaeGscj+JK4$5!QvEPVlGoh_(^TRW4s+~MQ_ZS#uIG?`y=&oh~AG*BJ
zkuT=DjN1IynJiasR-6$!8TK)j@ulIl)KU%!9!3f|2V(3$rhjqpFlhV@OnY%UE6=%J
zui;uJP3#xKS|%MCEW`cD6NSEum)>BRmDf5gf!-{GZ1#QXl!vOsB$`}i`Nf|gltKUF
zpbrb<;1uxu_!8AIFOd<4+xvF1t2M8=;i3=3tE|fjGW~3^Soq;6D+eMld42EYtLsH+
zc4rYshx}74ykx#1y6eSXzKGqtMNN%RK=At?@zlg)oRJdpHiJCF+6Og@eiSk+l*FW(
zTtW}(+TPR1)KJ2@%`-*PJgzZDKjt&2g5O~=rbFe8oAt0<uwYOTizy|!kha7ruKvlQ
zqK?z5b?i@HVMA)<2tuevB4Oe@B#I{T2t~Ri<2L6_=^W@-x`%teEWVaY3%N*F|Gs0Z
zAT<;3`_ciw<}8=y9GB)SHGlt5ON$MC{T>V5PSMVM>zI?5yxaCxGa|$fb5jYy{9=uL
z!R`35`}kLxOkA{YxqSTN@f>HmlTMaldOCF62Et$Tyk#>%b|FC*)xG^EWO_++1iMiF
zY<7<LIE>bEeR7I;u0prvx4|i)gR7XNi88y9;=WY2bSo77?k7=-`WZqC9<43h$h*on
zwXRx9JlAN#KqE!-i`@Fl1pi8$vm_0|v_aXuUvBEAKBRdKi=CIg=i2ciz3ACYkA*)e
z_Tt(%ogOnGm?k_FYY4HAFXHfMtccT`ra`^UKfke-c6}u;>zk24G*Hd5lEkj&b&%z1
z;83}|j%V_;Yu}Od*OGnfZPiY1#x(WEH7x808YA?-oh=xRyand{R0~7t<tuehzn%zj
zi;R32K{Ev^yU$2(m;3Qd{z$c~^sSU<^^}Lf&#e&~m|9tw=#IKp%FV}vod3^x52dw_
z-mxCJN9%cB0vi`VHd5Kd2cPVUbpK+<(n`T&?=3hu3Bn$U5C%q?OLrqTdg9<G@W;N#
zv~KLUx#&U;`an4uIQ%FXhE#$a0!7d;2nrf<o=-R4TY7uxZy|uEWHuA{RpK>9yLhHs
zyvRj?R~M}$p9YKz1@90TyY1xkkgkXxVCrh`K5B$cZDnO)I`oc0^jy&%2biB8T<D=D
zheNHZiMWS5P!tI4`$x}+Ev&ctE;<iifpj?|gs*GZcWKLq&E#DL=l2hIIB@dUJJhv?
zoru#a7}kmv4}=5y6z<tEBYjVb_1zskrz_&XgDA_2{M!}tquA1pNnNb>Dd)nRb$<YX
z+uk3kRggu5s;)oUwdjL*;&A_BbgQ9mdB&6EF6AwLIWoo?KCY3Cjg@jVXB%Y>QO+)^
z&lQon<v;?iHU>e(NE#XvGa)8fcK;f<2z_7aB_qU+FSWv{Hmwb)>((iC9rXFb2)nHn
z69r|KQPX~CG{G;Y!^ja-LNPqZq0om;uPCfSNJR9nu!=5fiNNdF<pT9N#Z)+;aOVlt
zb(TxJB5YWvV|5G8h(L?)io@eMVj(kbE<PA*!iZz_2CA2eC$+D*T)cqfzbva-lC)cD
zYBee2a8>4LjJw$qgKUn4_Eba!wJx`5y1*n}`j4ORqZpU7^X#XJB?jk6$V^y5gdmj|
z)vCY_+G@>!$r^`r-}h!~_^_XRLEQ*d6u<+=1?mT~#L>(kMk+};NQT**`Ftmkmzowu
z?x9=*KJp459~g<#Xqr3t;^62UN1lbbVW2F*_niU&nEMy$rl(0DF8mD19!xz?pm*ZM
zbL<<tu04=He}^g`*i~RHtk?QTka<j7|M;n4U_5{c)8n~btNnXib|<*87%qCtC9AIi
z=Vb_7x1Z?eEs;^n%3jsa5pDa%i-ixL$g?U)wPO|`(e1J_lN(Xd^0F=TtcVB50P5_?
zK=2PmsvQ@Gf|i#f_p*J^i?YiP%-!3I$jf2V`tYQ#!sXlH^%V4OK6EC;zX4mtFFU{6
zt#O*{#~s-}R2e%h@Is=cIwm?&XQS}k@r&2(#xF|I{M9$_(AwC0EUtq)qWp=#opFH;
znknd@We5=Le<?R14kA7-At7&&lY*ZP401>;BMW@?{p70{J5u%Z>!g;XzPP9w7L8@0
zRs&iD1QH9lMa=3R`=aU900<+MF(q>FPe`Sp-<}bI0s=H2?OLIHzzJBjJcqD@GOKq;
zA&_JS!9iu3fs!G<?*HTiXQ3Lv5>;?Br6{dN(9ii5kK$A0<o@mV=w)ThIloYrfLqay
zc@GUCel<$&$<{TT>CS|%81+MCZWGxJEiH9xGd;f&K7XIj)eSKjHH-5Qe3e=%L7k15
z!q72sW-UdxAUffo-=|gM>*E=+pu+vnD_P<{FKOp^9f-w{R!HE!&u4&3O$~nwl5Fjr
zP!kjIpBs&@2U4|aQpgdf*?{WNSI1%R&_E0ea&=tfWwutxY9RgAjPfT|LkPdI4OW<_
z@EG4;B@nLd-gOcyguYbFpsU-8!&6U(Fe3!&epgS~qaSH;mf|6Yhf7JGAAIAK6aWUY
zybQY89Q7FaoV+mJHhKrdsQn<<!d;|CQeDNq_oEMooUs0TsM8C~wmajF4rXz%b(fAi
zBxY}8e%MqNq$C0*xcnsAkZy3W9*J$-B(AIvVKS@_W+-%=qYVfMSnSdDYUrW(14IOO
z`1c#_Nr_Iv%!Er^G&sgbsEM$6WPybmU&kGoarM-$(?-p7lx3v}SXkm!PExh+z=2=8
z&VqCcL|LQNTjb|R+lO5%LC^iW4n1ndc>1DLjlk{`U{@fes5_Ut@DD8jH4yU=***9d
zp>7MnG(aOR>*B`Z>OsYuK}#>O!h1$B4ka;5{a3Fy;Ug&Tw<fvws9lv800JQMmWmVF
z$GK;`w(oUp*!;A<faZll*^HsjpL^rn#PFnaLwr*l&kEy0fd6IgBPc08@bWZHepp~Y
zE_Qz)3DQux+aoa^*9u3JHyy$fnIy`s$%11zBcDGXhAiSIxCEr}&=UetxpCu9sFTG@
zAYO8NXUC((lrJ$gRe|)O+MLFUj1e8-a~-ed@sA`vg<adVzfvrr{_^sSxrr-{3yDyS
zMu-}l17k#}MP;*_)wAb4*szA!iXS(xGK_`JEFSch<YWtExm)ZW_(oW{x2IceYcKee
zj_pspF7+Q*+CClA*&wWxDr#e5D=%vES}2%YZ_%4uKp-E(`-%qF_}Ge=pG$1jm!!%s
zD}k?Khw)TtE`^_#x`T~v)fmnr9=esM*!LiO_3gWWCW31p$ueTPMn>WrcHYOCXQUJE
z-FyC%vq$xf{@I1p5AV)t`%o{)pA(~%W$!LHa;54bex|vB0gj=e;n{B?quYVQanUO6
zv~L6JtUaDIFfEj6d}x%Yy|;EsolV=}Vx5;I-5y>0YVwuhM^SCMo&LdnQe|D8cY~*<
z?uSXf6wUO<P!!wMtg0(G<g`?1`zYWZ!--PW875mOR^OaHm)%E6taL5PeR#wCx{{KC
zz5UnkdwP*3L4kpKW@e4(zjd!GE7R@jL_55niKmTXIxbGM_;h!MI*O^YWVcQcdp6Z*
z<mZR+>b=GN^$oAF4-t}Q&$9Y-cu#8{L3qQ9oY(RSVA8VkIGQ75`uaqyS9@)|6>1Mx
zb$tEG7tAOc{BBw!^Ik1SXHl0Tc6x?v>Sat=NK$>Uq4D5w_l#9JfmNJTS(7C%qD6$6
zq@?8L7q|MzEAQv`+1lZv$E&E=`hn_1YbGf*0&IJG`{Lqa+qUsODE+?M3ghGBd%Gb(
zyHl68eEK9;#xE`&l$OSJfs=D4b9Lz0x#Aax=Pn<=C>L=|crP4g+}If3&dv@$kKfVf
z)7ufc4ouvLV>_X${i#&zqx#(EoeBI4mX28Z-c}JkZzg~J*NSd#7XDh%;tiT7>4{u7
z$rF;8uMa63-g0qdI<~7xKHhaf!~bFCWuiGQQ*HS2SCNt24W5C5CWeI~^2@?>S^o9T
zcKN@S^oa1|%Z+r>(k<~u{0>TV9wir*HQH!9&TA`ca`!>rMdLZ*+x1s(-#Q_Gv-N#p
zq3LqHZ7P3z=i`9-*tg4T&oi!O*PC*hw{I2DjdumU7;*fX8(5j0fGe>!7dp|?_He1l
zC2RpoQu+AcJq{7Pd%+Nj+Ml4Lq`Wpn_Hrv+BeSly*1KV+ipPV&NM^;*+MUvyDS%-~
z<^v0T93IVyeM~fNWmnfNckAU799p^fh|rK-RSDET0+ITwxH#XuAck41L0rV%-f<N6
z!q4gHy5;4MEr_+fJ#oE`_``ag{Z}zDG8Wq6``hzZ?9+;U@|j+X`50!$VxxUS7E8jI
zJf6gP=2upZ9F>=^Uu>@^m%U-TowC<!hL~RVy4=^%aZJZ;oMFJm-S68sVQ)Fvad-+f
zEp2znZ2kh~t&UdRz%KJy8W4ZY5uw}SHEfIBM6PeqB8a`UH5LX9^=VXK0if-?PhKAX
z0}G4M$w`ydIm-#U`=y7@abjFm7LUb?^7ap7+o!2xHil`_c;+VpuKPzI6oPyO*q8qI
z`GS@G)%$Dt&Qf0EZC!X$=6<AYDaA9eyKbhORp<JJx;Vl4DMjqNh}(<q#!9x=_=A-b
zOk7D>#KqsPugJVf^)>3k$B)lRY>rpNcIO41ivMujQ{;Sn8d2xdUG;UxrDO3%SK&<}
z2{|!Wll$wCqsY~(jXuK{IXTD2&d`mPyP^{o8>^F$`6KpWz)$BGOuTU!>yWE%;c7~H
zbcA|8>m_|5*IA+M9RlxR5>k@!?+S58`XzV9vlHVCE%*_>WXWVrSO6Wb6>)lTNBZpY
zb%BnK9AXX2e$2=t*CV`kW?@6T0e*hOsga8&Kfc~k;hghFR3aK0u7DO}wy~H7E@eIi
zV#MhQ<|M8Z;;hl>r}*ujP{dtk4S}MG&+|e;!v^<|!W~!El*RYS^0wDvnl4oBjhXQY
z3h*KWCe%nM8#i)VO&_^zME~^Z(^s!gc#%npiuz96s|m5HuV>A7-^q{scK5=Cw*|Rh
zEZ2Q?UcGuXaASwz5Vq-6jGCc=nWeIaUa2M&5>?gItj9ga+*dHIvCYNJ@B2-dpYp5Q
zII$Fb`Ddh!o*NmU!N(Fqd2(_(f}NkTT0u(3GD}pKK69S$`y}pKwC;}FVR%d)Ls2$~
zTUkD&<IJ9Trv7W!&(qFw@=0$>Ut>ljYLI8wrs5A_?G&5*7G`VqrYRc;E#~T0?(b*L
zQ4j;iv;NXz2-kXtiJFx)b!^6}WrWOY_qfvT1VitjedX@%54tO~nidueSDP9Oc7Is8
zxX>(kEuMm=8jqlFu-=1#TqajbCrLlQ+OzKX*likGB)BELU4%O*Wr?lbEbdj^$ag+m
zDIOSwD7*>gB*G`*5pdPY>qUv1zj~LUmA#3{!Wd(jmYXm_pE)BF#(ddo?Q2iGiJAQJ
zTG4%X!og0vSDHM{WoADJcG?-%PQ)nhomQlv2~2oLh>zVNhOd6}_!y#eO}U1Ro55s^
z=gf?}0seFeY0I~b9R^$}=ESmzH~83qx2C5q@6<3IoZj6jJJ^rYCd=J#JrECoAw1YZ
z#6(4@pfyL8sFxd4T3WP~^VUZTbV$@l`FlEyp1UEPXA?(wse8}FfNe5=9;|(sK2pd_
z4DL6MRIb`l##p<@;~QCt6OL63c!U!i^X*M}5xAAlqjbJ*?j#CuNqscib#K3UBS7Iz
zG3SS=J2!)VjH)Ir_yPvXs6~u4ydb@b6mp6CeEh7E%+7o|or{OKW-fF4wmc`^?<2s&
zuB@y`k5JK4K78}$OkhxmjN|G-O+t-=%FUZN2nfVKu?Q-=+icTmm3SVXpfDHoe;pZF
z6`3<>y%rVoUTLQ3w)Kx$;V-SN<4<D5TV9L%1~i`E-EERXyT)I<Xik7QEeulS@69<$
z#;2v-O}A21R6Km-$fs{it>e{lM75t-L6_1cI1*D)76MZ?(we<5*{f4jejmD3%P)Rz
zmicKVW5_~DMYS|uq-(uizfzrNdps=E2A(OaP>+M~gx`JtOcOG*yriV`j=qfODYv18
zp+E)bQ-YjKx3j;E*4tH_6ckjpl|0Luy2!^zZ{j6JMpVQP`Psx?>;9iJxDa=JL7d7L
ztM<JLtYcRn1eglTe_~-5jKG|XB*v|bnQCa2-OnTX{5<Y?1~Y-Vnp3AKH4>mE`)TyY
z;AyQ7%H)|PWXGTBRw`oWUyNen=cO|GdI+v>xh#@|ym0p@KNgKs@R>R{Kaa*kl33pq
z>5aY}m@!QMe7~&BXyVR*oT6h=6(;`d_ptL7bxN?6D}O&!ioBgFa`;oPSxT56aSc`>
z*4cU>bI2_y%|+gqCf+#Q(QR&Nc}c?+UqnQdo1fpO;9#cgy2)WmN(w_GqeJMP^D19Y
zd7p7s3|+68`r*FZfrG6Ig%72rfpK0%=XU4k4qVCj`SUb93OA$OJ3nTH45+H!J@a7v
z*CF-Vi|MxQ?Cg~GI#|gQ^l`j?y?Jx<tBH{P=HcaKA_O_u-BhC&aX*CTBd1{^ZPtCz
ze?}3h3{MvnSes}YWid53ry2~gs@S<CB(sFBDf+u?Z1?+ViDm8IbN@Ew`(KRg6(r@H
z?BANEojCQgx!DN0e6|L$Hi?xp9+^6D_f1{cmH8+w`7*jVTHY=mr?OZ!P(1AIldl)?
zu;LcvKP^e*Op@YE9r*F|3OTK)HhxZs9LDI~)|V(|j{Qm6d!p*>&Z2WlHd*tjOK(Y>
zneR4NDYvC%$V~g(Onx04mhn|rtv!BL;2bjR-W?S6LbmKpEbsn`IR_jaciyLpKjUKR
zS0aVmX`^&2OZ_=Gzre!yU`~>^4=s1#R6cvAf)0s_L*sJ3|5N2!I51EYHT6Sbq2Fb>
z6Q~Vqt=Q}vK^CVvxxO?vACWX~Ir*a4-q`B^d$cepC?qLe@r?HaI1GON{^)7bbL!Mr
z^BO;X%*P|@)vFWRUiC|i%*;uiy7QFK{LNd+_Wu1Vhl!%2HMt}tPI>$B^72X}n=71D
z@W8{co6!d<STZK=By0&o_acC!{BFu7B!0Ylz^g24?28#8Dj`QCT5lxsGv73En1muv
zzZn{m@G?K!=1bq_WE*ZcM?|9Ytb$Xyl%ho(t}v6abQT{AHPhzHhhAEG-zgp$by5nY
zcrf*7`iuPOB7WwHOJ(*hd`SuRz46HV)M8xi(T6{SkA!7py_dSsd@cIBjWFPPjPCkD
zbA_)oAI5!blAAG8C9y5px!xg&k2M0>E_y{oP$IBtA&_JdT8ePW^^}CoyuXjRrmS4E
z-_3wda(Ouh!H$mVpL)&9hs@6CiWYVpGPyrRgCyfhz2TvQz1}WTqMVbJpYI44eo6)1
z%(z;dzJbAwpH^mOBIwl6Ij&1npHrWp2$x2vkJFJM)$3Nh-=5C<hGbWCizw}n>w*rT
zW5@mI^DTX3v)b|ywjpwFk!<dfmuaf3!ztc^Ka9csTg}XGq@0e1z7~8iZAsgF=?G$H
zNx;0UOGWOv%-Vj#eVNYIl7O~U0=-&;GE-Bj$e85D1*2sfTt{ewrauat7H?;meRIeu
zKF#*)2=boyg4BlZv_1wr1}tWzis}R%8M_>gr`qX&?x4>?=ZK#E*Qv@PE5Ca6Dkg*B
zXxwI#D0&>hkR3fr?Ts4G#x6Pp3(c2CmtRIn&7tS`s~LY?J*)RxCK*D2kB^~dL<9r`
zMq#d<_ck@9<M?J`qM|xzkZl67Ds&TC*x^B+NN4q7Z0RmeZhqFFq_mw&3)%h#3%U-s
zZgt(!)~4WCxT~i2w65+fh({80Gw4w(0hLAGJ2FXYV@9T@&x4^=(NR4j2bI8t_DInA
z-;mt2Zo+-&M+)=8IjfFPA3e+P8qa$!4&ma;AW~+oZCbd`idzZE(<3df43Ss#UxUBL
zleS+ao9Uy%=#^f_uU2|;a`*AccEUX_>Lmdh{Os)1i#XyI&sFlg{chWF;YzV^86&;V
z<9t(C_usCNJ<CWLVSQz4&b{qPZQz;DG<Z?@jLbxfyyV-c$L*cnU`^xn5$DCVTDf?3
zX_41A<nZ+id-<}Dz>Rs68g-B_a$ZCZVF}2zy{+fqYU1?1d$83Pedmr!Qf8+1rk5f+
z-Ds>MSWFD^hs(0DzvJay+1iGv<jnf$a_T#8e)8po^Ih#&zW;-Gf2p0d`mQ@-kB@~y
zV%2ZNwY3Hp2RF<gLd8c81Y4VIln~<OxptuM;6Q<RyKTknZ;Lv+?2MsnxW8C0sc&z8
z(+Vo-OS-zb`84@&Z*GrI^OsyV;XOuvA1<(mn0R|wf<FJYpXxEUdW6hEJ>p|fN8$%1
z(tU#T6nCMv37cUtiADq)uGBp(vP5k<^0oJua>vA?5&~zqojuAd+Ew`RrZU?1tF;G`
zB4$n=!jeQ59nN#?a`A7LBBII-=ck7Is|r~Jy`1wRIFBC0$OaQWaC~k}iX;f8vZhn<
z@C^E@qhG$+QPX+ZoW11en03@_Z#2ZKnnctsBO?PrpslnIFaE^K2p_N3mKMSpdRmR0
z5jjhjyX?r9mKF*Qny9od9n)$~P9fGWV}Hax9v?prO>MErGxXzZp8<_cYbQ%fr8|@2
zslL@b;J9oq4RBT;lpR$0es1DKkW<LDYgcvpJs*^+1GFdE$bLR=d%x<y6I%3eJdPt{
z=3yd6boG#P49I$}TzpPDllFB?V%N8yAxrv0=8lpEzt5O}@~Jak)M+<vaXp&7QBzK=
z*ND7NcEq{w)6uGF+;Hxy87r~Q@Es3Ad2<7<8y9c2zfuqX<!Po6BK>jsNi2yn#nqx*
zH@hG2rjtE)7>zZW&=^**_;@U9o=~gw^|`xFOm&GL(wcwn=pV+%5>Vk*KIU9$x$do<
zTiZ!AMscP<`re&qSGFC&5;r`QINh&tMWRlb^A2-MAEEXcxs>_yd%?foL%32w4GnCk
zdXMw+pV>PQ-CDfa^R#VuSB#SKYrjTz`5t*rZm!WHK^vXLK*+amcfm`uGS`+hVg&b7
zFAJlm;(c|wBUZni6Q?p5U$=qmlqjt`n0qy_Ms=`}%Ss=$yYS;1Ps*8FTVgt&rtC;r
zx*OnU#(2E7ny1XHdud5b8kCgpLYOA<C})*<g#@XOJ!6o3^^^|SzQmJ-+E#fKYp3Q6
z=x>x0M`V1BOKg9p{xB<rwHP=5rQS8=S3hRSe;<Bp&5yGj9v);=N|Hw}_VYSD8#%5Q
zTF&qSv3^@}e8aQs)E2d_&>kY_^-;k=r#!9XYK7r1XXw=hXkeEZ@f7a2AJhn~?fur!
zfJ^Y5)Zn*q^C21Z)K$%68oMvFIW#77nnu++AAH<99N1JXIDcyMyUkluk00cZ(i!!M
z5$IIxE{xF&bRs&2(|4MED4T-hP0eN7EQPU5+J>vP?-XQI*>R=tv1ic}pt!auyU0Lx
zsISCdeN)@%MSXpAvK7G@<TWFs^gxY5XoyXG8Qlq`khWXe7SmZBpb$kZ3VPdpIfPqD
z^@SUmz5i6|w%W<!sMyOlPd?dMhHFyqw@H7$dlz?>#c;{|W~ixl;MGSah1DZ-lo9G<
zPo9!-h_4>I*yO9TXuTom>~V?v$Y#|iGF>sk6PelCxYnJ`zL@w!U|(60K+k~;-pYUt
za~ZXXbD@vz3AFtm&Y8Y7H9;f4)99VtD*Z@xZidB$se@Kh*Z$tU$X^4vseGNrzM|*(
zkF#n{;hy!#Ge1)+2t{R$&Y~M;2ot|qwpXkf%Y%qP-H!Rd1kA`~hcmQ$9x4ly>>4DP
zeN)oKs?U{2&6?h+ywqjZ!8>D`mZo5<b3{pUv93P$RH8$p_~8i4Awg$J7<0TC>C4wd
z-H)EY893&Rycf~Ph4Vy>OmmeLdM6a&HPGs+$dr{<Lufbhuo9--5aMQdtmH4Zff6-6
z#*cnm`1O1_nXVJbIr2M1H2;}NiS!em6(Zx{v?NaK#vEsUz;sGD`;N)`4S%<zEyJ#U
z%hQfx#4Xij@5S1SnWCOzpIv*rVVGN?vY^%0PuYy9RA06@|D-X=q5G!ECp7T7H;c5D
zq}*LzE|k0%QIn8M8jj0?25O9li4iim*h)e$Bl{4E{%z8NF(as<FdO62VAo;c{{W_f
z7ZIyOr>`mk$uzCJUN5BeUWqbOH#2N>>W!3!C3(xhTBS+We&SkD4wGkz3sdI1yQhB;
zU$Nr#>K!>rilp3{pw9FUe@!HBKF*~cSB<Dh7r$XoRMM9HUg1fZ`LlK6?V^7_8o~!M
zAjQ7y)~7`7ezcUUOW3{p_!}PfhRJuccRAdZKQVeSABm52zdU?!t2mTH)4;Y;ESLn8
zj+KvL9P=>Q2V8Kt`ZUqq8+iow6<o}{w~zX?oX~BUR)3<GEWw02;a|xSM}bWqWFYnT
zEwO1G-V&dX&UQ2=$kP<uCAQnH+V_1}F1OGLxFSL~;>d2*9d9U#XTOMe;Her@A;E!4
zi8B1y{1%D!X_YlYFfgN%b*EOn9+U51dS>e5dE(K9N$IfJ8A~olq?djq2w#$^!Hkr!
z^0LDO$06)P*OvE0Ja>_|u{5#=Ifu)-`upyEMc$udV=8DFuJ!38JKeMtK}S73&(|<+
z3p!%4O=`q)xN-V?3RMIbPxi}<BWujYXJLQOL(mQG=->9$`H7d8MePXh4|`qEpqVU}
zF7hq76hRn6oyFZC(bmF+3`7Dz@Y2nhWp5xN)b3JWq?$_O#byqql!-c|bx>xpVO*tM
zWR5bhvhc!bi8<*EbC$&Uo~P=$<}6n~;$QoiT~gJH(es{TX=oak*ljtoPZgsYcgt)S
zdB5a8)RQ0SpRetH`prcpGW}cu9jC6^glsu<Y!Vfe0d84~Id%~lrmR%g$jBo9@U)4M
z0xONO!>!Y2V<LRY)z*nyZ;Hb;4G0Nb(?k&PGxLJ|!m}er9+z9oS1xgqFV>}wt+lu$
z3(Fd2NZ=*qEm5Z{p2%#E68f?(_{xaM6cDNTFW}^M(kG4{^w@RSRV{TM-md;Oiz7vK
zaMXR}+)>>^0{`xfto_3QSEL-L&haS9pXrGRl??3r@pz@ccvTTAp*~{LbfTfyL6CHU
zqOR<asi6z&6LyNwY;!{gf9ka0s%q074vEkX%2Z!2jR@@X^FH=nw35hdhN(<=L_`Z&
zS9)n#{15Z`eC}V17m!ZRsPI4`+h}5qB+1U2+LBy#Q&>dqqoqP!V#-HwAW>NAuSf8`
zCR}vMgqO(2)=o>`>p-|l>~Bu`7SeoTd210{4TtjyJIfnM?~Fhrq)-_gn@IJp3mt?C
z_Ak#Ovu1?e?}RUxYDizB1rkYlinz9eu=|m?9TBo~tD$1p{QCLQwR&q^M%+pUd@KWr
zge%7<n!u&e^GO6)IO`&~`R#qqzajxJ16B2i%4>5+a?i^RVHwel(qHp(rQaOBG^r-p
zFil8SYkK_*IKTiKLVyW2&+jv|WOmmtz>!MJIpF&Qv8O-y#<}l|pYQJ6^(?+ROoNRw
zKsIe*6T<SMrl;!DFB^G|gN^S{mA-x`#c|4jmZ<Y^8=m+D^`Noq^GLnl!kfK!M)rK0
z@kv#hiSBLv;SKQpPvHB%hB%!pWyjTznF^(75BLAJj~{rGjZ2G$O^4z+by@&CF!TW%
z^1$;^R*F>n^aDaY#PkKyc6*t-`?YWrYN#)v_oE?lj$`K~!?Ena(2Q$4nm-$x1k8}$
zo;K`q6?d)E`c?Hy2Z!Y+yUw~?`*P$juhy%K8QI(v>genwXJR4?zj|+VZ9yHBBB%F8
zZQ!y5JdO?U5jDvnjL%gzVJdH@d!~5U&`UB7s}G5gh}-J%I$9?(KfRgoAV)}@jN%J8
zWKDuLPQZ%lBX1YD=QD|_zUo~>FL44KFmhJxn32Zw?@No%YowR7398{^TPk{`_9qw`
zY&S<m&WDBu(juT99MxA(Xi*FiF`|tBP%wNt#9tV_5OWJq+sJc#=M18yt?iSO!;6E1
z^DHzJ$K2c;fM99|x)KUxy5u_(y!4r0_@s&$LLAss)ibZWgj$8|0r5k(#j7{m5ux@d
z;4Simm2%&m_;oqJ>k1{#aAyV9UUuL!-l3xgNLlPCdTBqw$C6u!7v50`T5-9R=#Z4b
z=;Bc$KNro0TbWAQvRFEO@$SR*dDF%wUYKreohP+^T!(yo6xAOX9dhl{xW4@A)$zYr
zf)BblQsGze;EjK|<^zL+2{+FN6$cF-Mp!lMxNlIr8OJR>7no1U^Cu|z30F#24o9g3
zf8>RUA2?6zha$Ay*X6*fGi2J4njofuh)Vs8VmMAxp3SeDks7@jWpJgkdk^hWNBS*L
zG$fu02~@Dv|Dd{K3{G|R;Ps7x<=*4(9%+3aDtr85rr?aCOB04c_%1#k7B_t2XMl4e
zugXm}X|6#?<Ez|%h&fFe&hoKT{o^sBCQ$b2O=n#-`1^WXU}Jljl$5k+XJEiQHa-pm
z(k4P2+?~ZV7@A?1qY)+-a)J!0cMDk6?fxKvT8vMSKMd9dItculWN{nvpM+#zX|9n_
zP1599xrrkW8ZURbrM2}-YRTM{PP~hUouHTya%*K^a>G~b4%rw`)ls$l=c{~aYI+PQ
zD2sNGlXC3XF=8E^<MUJRmX>Vp^bgj+4ZqpTE1N6fwB);Xowc@L^5lEAOD1m|Pn;b6
zNW$Z}EeQX;Q|h@-pBC)2)PJ4Tefyk>ZHcbX&e*z#@~&g&kpsst%Z)cVA#L+7`j1aJ
zlJ)cnvr^PBi{V9_ZWOrT|G8S@^qwPzM$&`1h-s?A-G5sMuSHa7+%QD1Va{`}lCFK~
zoB7=7zKpyTX?s@z&yLRd=$#M}%gOIQ1MEmSMEX5uz8_&#xV`JF=~S}d?U+^EKe&Po
zOJetI>zv;ysVFE}xvVVeB&6k3dsks_u4Q*<J}@bI-Z9wHy3kR<swBsWv1+uKrMzM$
zD`$`_%5h`0z|PkGlhcNneL=~bnMw(hRY_$-JH@bw%k%@MmP?)UA7UL_{FGYj1UDQC
zb{eW^&a|2@C9|nob=9*y^Bm1x)mrSVzg)74%kxgdM(+8UEy4Tbv5)$>eLlZ6^RY<2
zVIn%2Y%oy1;NMB+ae8C)#m;ebmY)0Mz4!m}LMu*8jH2brC)fVF^2t@gY1A}I8_!t|
z=(p74{M55{hc6e~V+!Vr#)+sT8}>b>X^|O57ooC0v;fgc@5`sWTOD$DzI5rDrkax;
z%x(w|+`fxR_p@)<E2NLa=-&I(NAIb#K_5G6&jinTA9y)TEAG0{S!N>ho*&i>c6$*T
zc4hm*TEkjiuG%Ha1CLMld*oSK?$^qAiTeJO)*@7{vKnnjyhj)56ZlSj&u(uouSjC9
zAV=gtpo7!h2NsV*`^K0r)5p^@)jk&v$=w|7I5Q<+KKEkLPEmf_%4GGyhPn5!{Z~m}
z^B>!y+dsC4C#`XRxMt66JX@bBD4q<|t&sc7g6Fw+Yh&DYDe+i&!bG9-C4Z(CqbuE3
z6~<Ku`aGovO*ju(lbd$5g-aRn#&;sbeCfn`4u)Eu35$t{)9DUxbbOmHO&P?snsQ{U
zk}k=%&)unIIXubmnmqPJR!NN8QO}a8WG_-DH|E@(8ww>}*;bRY?1S^F@on=&4094)
zW+s8cyK*J1TJ~Q?@mtp7N;Z$oNjQ)^d$93o+cCsG*KXa7TaeDWbbf7=|4`|fJ;CoA
zw}qKAN=J9PHk_TOS;aQLo3z{RY>*w!EBz?YGxMrOIXkXq?aSKem8m*Wor;RQafgMC
z?;?|waR(nOJJ~(0cUNh%Je+TTq?h<0<0o^pbf~MM{3wx$v)6vmcf;M0u(;8!ZySpR
zWoZXOyRkdn!98oaqT@e}7nh1V!wCv))+rx&+J<J(naqvaPdvO-Kcf_!wYi`5;m6`|
zKMj}faLKp<{Az+-VU^w9;|QUi5`rUh#KNRKg1+X>Yc0h;w&%W#7WdHz_?ow_ZBJS=
z_klGBZ`yzF7}DL-Q`6l|nVz1GbaP;$Vqz>7m!BNM=H%pj{&G>){ysl*(~K;8aWZXW
zkq<Q!li=I)hJ-2;R6b_I*6r_>LoUflV~+9Kk>Ao_DH?ngdj31bOXiCOhgI)A$y57j
zN~NjgUs`?RE3tsgRw*$}tD+oxMK<9@nV7eSo8-f-yuW+i#IH?A%4KZWI-~NU=c=V(
zR^c&+W{b-$oX;QRbZ1q+ca(dQ_muOU)Fn^u(A9kQgEH+jn?8!HJjDxbgB(>Oj`uz{
zwG2y_@C?ooHa-h|72qvBICqSwyF0Z)dum~>aV?+yGpBrMtmBm@`AzW0&&wUpR1~DQ
z^=D-jk=VHQotccF7NfF%(VfJ@rQ^!67$hZk8DHdy+q2=@7q<i>w@Ob?;F7=}gg!`h
z*Lf0EWsHt5zwm}FQ(~jpvzMCQFB6o$uT9_4UFh4^cp~z=Uz6<{M|uH0|KsMjitIAs
zUV*Fo+iWWIFM<PS-D_Xmyt2+&Y;V!hj83h8aFL6LDDIENCshJQ8|s(m6_l*-Xz}}r
zU)3b3M&z&e8m+xl%;GF4I0h4@8CBzu_w?dWpH@Y;lB;E~wxHllR1N>!d3@T_8~o!g
zY=qnI+PMb|7wL7#Uvq3x-`;rwL&7k;S^J!J`_!9Kg^w@z&wovKT`Nexl~7p9IH7!F
z^?@Kc#nh+EJXQ2Mp?4o$_1JR@4eV>AH0qif8qN@*h)r`{%Wuk3OUTb62v=ozOJp9A
zvHa8VMR?Cl%*=IRU#jm^bbP*aB0W9)1*eqiwP^3^u;+I2Po8fyfBsAx`?1fYxIerL
zcEjZb`m9Y4QeAUa@d)`$^HlQ|{zC1vgt_k4QBJR{o*s^r<g2D8i#COrxyECnD(T}^
zZ$%Or9JbDXPyTUApq!A~rYkZ0#hoXi^y4j~6M3!Ao~fCJj;}3K585e)!!LdsbnU-I
z+sE;a;Z{-5=WA>)+yf2A-aUVLGcfdZqPCDuj~)HKTgf4D*cgo}p|_tBird-A*^6FX
zHX{+y;rz@gFtk+s(9YRFhnuG(Cs3fr%7b)xODmhpK8usLbWnZLRjqlnPE3b2vFzb5
z-?f($T((BS+1c5nw6p<%fyBMNy?XXv7n}O$?g0p0dg4Un7bwD%Rw89=W@$+ZAEnIW
zN2ay6tAd;*x|q)B3Bcjd!t>f736I+G<HuFfyU<@qn3$NrUD=QE`*{+j*o@AuD<X#x
zNclrM3q#LZXsdZ`kRb{DzLZ+<Ai$4~JO+Lp1yC4Q{{tBRf_G{?2@x`Ix&Qb-{$%t2
zA9?Q`kLBO~0iOtE%gjtjk(HS}ib@g**&};rC##UmN|F%@A=!IxlD)@eZ`qld&vDiL
zz3=b+y?_5dujln#FRyaBuJb%U<M<rM``CY7`8ROSFaH0p@3BC3>7UnC;@^vP3aya-
z_1Xl#=eN^p>gv1_5<b6vx!rg1y9ulO*T)wwpugbU2i^rp+p-_(CptNpOmSTaaY2Vl
zp+hww%7gLbaE705tt26%Vl#P5o|NK6OQEx-)9f(k6)r9tb8&op3#fWA(URp^{jz9`
zYG)DRV_cW2j&bMP^`6C)39+YJIGZc=@7o<Ueo#C}O#3vItAi3;Q9_UQuU9J;mejBS
zwjXOuEw9e@Mp{<a=+V=GeLjfMfIuCR(VgDj{F)`Vv*Z^`7;;3m7ll%7&93erLnu&J
ziH_dM`9$0B9dLd@T;IQ5b3ohYMqyr=s8L?w^ICf7P@wuG{={8#V`J=b&y&0vXTmc`
z%IDAab1(2w!&wma#mvOpXList(*4=Rod7Xs{-67O$P1b;l)b7L5ur|#AsHTifA80`
z<o1<Cd_-MMZT;6`p6FOs(##h9S_hn`<J~%?b4d3)@Cp8VxzStHoQj7R=tB2~{!bvx
z&O5G_k}eo%sp@EeYW-B-z*v8oxCiRV#IlWD)%J(U!Q>xfJDwPpk>>@Hxc|>#^;Jop
z+`am$)OlJEx|5(i(GaMls;WBOn=*d0aCgHaH$#G7pulR8!DAn@y5^(7hn8Vc;g4U-
z&w?Wb@y^V&i9NZ&HFOL+IN0xrQC(e~P;=0Tyb?s~0DryE*6lZ45M*`BUpeZ#cJu5q
zeeCtfYa9Iss2}nVoL1g-2=`Jz;;Y*&E~>LMmrGk=N?gs>tdW+MON0HDi=|;qSW?|D
zfaCo2dhG^$L5_?zo`vSRPWhumhmzS@<MM+s$?K6HVq(T0OM;;-&UMM7%UFA~d~10C
zuX2Abb|E*?dZn;jFU|aRm(#5eq~BneS5pu>Gqcl>gOBbS?&emqegHk1>+9>!Gc#l1
z<KrXV5RRCXoXo_+ateBGpq*{Q#6(0F#C7(^J{T^=L`Ta&F9I1^+1K&$+@&MS%U5!9
zb4kd^o}+sR??UHsnb|p;<Ei?;YthMhj7x+B1m~eOIpkDBArBHyy$28c78cANnVK3I
z8{c>=X>Ms@X$i&lUJedwKw&$~SDx)!nwli^^dYIKm-35>EHhF*eZtJh$oPcP(AAZ*
zvEhPl)XF+KoQIVVg9;Tg1H!`Oy}YUxa%r1_G&A~X++ir+T3dU|Vl$64m8@cKg%}S<
zL3H6G6O#)twR7jrEoI*A^xNBWg`#+d5X4zM92xQW@#FQa#rsJ~N&3#tY8oBj#xOK8
zVl84Wlqk@INJ|1=f9Tt(iigrwvKT2WC}0v1p@Giu)O2(s`LVsiWJ^s?P#^fr-IH{c
z8sgZ}a`3Ed56}G^P6w^lujHZZ$9p#mx!Kue93A-~yx4dARz;@8%@8M#mad(fZKf(=
zF1K!-L9gul_W>X<GMpA^@C}!GtVH?w$)TOIro*Bft=>RcSs5u66|SF*4-_d;TqzO_
zO?uZOWZJ!B7T2`CZYSoxb7!w&a3ieOog9H$K2rAfIWx|V8Qd2x820Q7YDyNGnwaE=
z9(@1)U9cdM#?;VZ>WRwqo$<%{;)a`1y&GYJ?&Kk`DtDBEytpnp(Wz-`2g7Yy*w}2N
z6$UKL%t+>nVYwC8MC-?PZFZ09oOSbF1`vsWAmO)J9n+FHP^xP`&Rodl%&^v4eW8lD
zt{$>BCn&Qc+M1eg2nglno3?gXMcKwLnF_VHwoViXjgjg^s;+<kLz|uL?L;*-HQ&B{
z^Nxt1U}tCV933TulLy;Y+tPv`#wZCfjiRD;C=~7O<g?JhodUB8$}2!O=hJuZ-u;An
zr5T@|&hhl=(^nA@*jidzPy)hAv%jN*I4&;k9(zP~e*SfLcTp%WX<%u|@k`DOe4Xv>
z?Wa$lmb!f#?`uW|@71dphKNHT5OENNV!m(z6VDG*$Y!LvwiXlG!oWr7P7^Qy_{gv+
zOf;jSrl7D;4k{^PVqw9j_ywAr`?0&*+cgjgnU<Dz?-Kc|mRV{BhQ{@E9yloa*4CW+
z{?rH%-1_>YER;%|glve^%uKoa_sO{QDhZNR&PYm1YL_`%_dGV7Ha0N8fV;?)l$2Q0
z?7}u#RrQn6nyMH@IdfgQbUKVd99_hbj-H;BlF}cPdhN=m=g=pcfS|s@eHTHX=Tou!
zE>~_|-sJK!fs&FEB4upMT3%6so_#4{+P0ss??hLk{5MDv$j~Z!_5OXa`NJH0)c80t
zlo9n6A|fIJfTG#*GK4S9(+o7^q!luE@rWmJ^^NS=M^FLH(pFE8QRV)9rpOj$b#+{Q
z>vp)rA4+I0?EL)s({8Ds6Fo&JISNmB_f$tm$?7X@E}eDQ;M0rSu2fW1(~Tjt-@bo;
zmXg9oM@NS&FygB$!EU2X7TGJnTNPUZD>BpjEHt#Vn7O!!U_RN|*;0D(JNA3dO|J(Z
z@6X*CjssDR{#;N{&6NQ)Jj@c7*D#it+GjB{J3F~LS_YwBq@$s|`{-Jiot^i9l4PK0
zGWIJPL!$%e_hkq5Nyl8Q2#Av#qXuJ(<9daAivEny>5zGwAvrM-i<g%d9!qj`mh!wO
z`alqfibDFoaZOzv7W8Hr%pZXeU0@w{(~X3a;ydf>+5HDZY;0_<?(UYHMWegKD37*_
z7ep4&GQrnZ4lT9DRK>+Bo<utBZcz~CSS$&8k*UO+cF_3F>Os_}hNd2L>R?4C;^Sk-
zRG?i}56AFv)><5YDmPzV-W!am_3TMT=V9FfDxD^AHg%9zU<rKwUI7v2;X%NbHaR~r
zp<mzFc!8IfR9RUW=^qQ$(9qBa9`_hhs0y8d(#6EY5F{rj=aY1R|KR@Tlob2TIYk2x
zrFe-O78YOnA6pdAK+N&`=xEIB9cw7aYS!D^TMg3%tJeFN7*xLaAFJIY?W@(*RXA5~
zj?m>h?%gAS6RQv9QNK39IZjSaUf<sKQ%O68K%s})@82yri1}{aymgDTUHhS?<}+<B
zd0E-#3l4EHG3gW%gTuq0ii@dNR#qS!sRrtCuwX$uI7=q07T^UyA3#s9Vq*#PS5O6y
zOXyl!S~Od3g;0f{slMc~aStwH*b)*N8n{Y@6c-mmVuGCGZ=Qb*n1G|>R~-{EHa1*n
znnNx@j)`V18V?_Sgslapafy=?J9{U@4lUoMR8-DB_3&WDqE6cucU_m-6Lbb?7boFS
ziar-H5fOe+s~682iVJr3_Ocva5iq^Iomg5*11E9#XY4J}#HcmF%DCI&N`^)hgJXM^
zwzdNY!}#UGn?2vZ-#(2*+-3#-&MM1@i;FwCmITv<3iofa((m8DU+lC*X<}-6qp7s_
zalQkZ6;IQXllua<K`fhs(VGzy(<4fm)IYzr78V^%gIF?31bLk1+9@6D>cW7d^sx;J
z3JZR~E{?G89U6Km>au#1i*38;rs#bwtstoOdq#4+%!L>#)O>1^R9RCtF);zDjRhAr
zBloO4&?E3TDD0erwoRW*rGi3MMn<#&73iCpne{~4Ad4GZf^3+U4lY0*Gs5ATq0Vwv
z5|$PgXT^_6-NU;3`~7osuR`Qguf2wh4Ce2oI;eG1{ABybXXAr|15$XDyu5r@`j4%x
zt%>0RO9-&<+CNeomxNNswCoWU3Ry$fuh02noL@N;IinuzeCD1$r>mCNImwU=9Pd5>
zr%x+Yq6a}W9&V7OaAV;0yEx;{pAioP-k6edT}eHMys2pgGq}<wlaZU-H8FAVf=cVs
zjpt#<$DYE%!sj_T758*JJu4p}sg@q}^z@K@;GLX2`?-Y&WccLI*_PT45GEiYzBM=d
z0PBb1J(wlhp}xMSGG-ytX#&y|4r4(mgIH|#gofiEb92wa1sE6@wI`CEht%*pP}X(h
z+2KfL*eQJj15h7U+Dh_=0N0%*BSVXg{rx9h^G_>4R!tH}g#Z-=;-C#JXudLrL`FoI
zSL6WsQdSyNzOJmoVq}b0G*YrC+1diz9{ZIm*U`{MxTU$7l)mMW*!1+YowKtX=!H{L
zQ~7fO?(Xgo2X$JqqpfXnW4g)C#f8c<<=0#RwayYP1A~8LB-Is8P9dGMY8E4Nz!T@%
zVgS}Pw6?Z>=F>}_yOZV#rKCS*XWO+nTs+sYKXBh;+V)7JZ*X<5XM4D8tS?>N4<Yeh
zH^$+8_wF6^<hzDIVOKKv9VizNBcQDMnVF;ojY!SVVAG?gpVu~Y0ixO2W!vGLPjJ7o
zpg9i05Kfi-ub;+U3YRScDl*koRVN@l4NY?WvxC3K5F8f9%)z1X_?m}TP`(2Y4_a1R
zTBeUpFK@3Y^IyGs6&QlfQhHX_3y|=T7{FT9nQLzad{&k#a{5PKItW^sSBXpl?e%ll
z5s0O`?%<I3n^c31j-Fn0I!w$t7XQA_dzk{cP5;9D6gKuGTy*pH?KjJMuCB#qP>f-$
zLeYqrgmJBOOcD)D0Y&_qETcy1>ys8dmI=gLY&Z(REt6Jy166fA=Z<4-tFM3WCjsaI
z_bOVrIXNeRQ<Ljdrn;`Qv4V>J_8PV~EYfLW;ujGS5$n=x&vA)gMMkpa=fL!!d6k-)
z8i?J~z<lZ(8q7WRawQOLU0wf>5JF%w@X4hT3H=qUHaLx9PxnYBCno_Kk-UR!gMoeh
z`)R6Eu-{NbkbJcVd{$`up3xEwa?jlF^~T1=&6_tnhlur8DxWPqKi@X1)$fIfNJ<jJ
zw{(dbZmP0Vtd3U^!?8?N{i4WdVj1V4zcR)N3_Uw9uSaC*Oy_X|kEEm?wJZe%g(l+^
zkQg|-I^x7-!IuDOJ96^!2BxOCw6wH)2M0@Z+#T_fFA53@7KCaV-YML?`D%olFvtE~
zRMcgWcg@0R@d(?G#?KjQ%>4YSOR`izwv#a(aC2Z2>_8uWw$4~FSk$JbreIV-lZVKF
zkdV-e!^5YpuCCQkSS`UmT`k@I<k$l^J~k{|c0mCYMDu&3$3J~XUDA7{BP!p+Fe{}r
zE+xe1fzh->r6*BOL1jo*1%w{&yJK6kB5whV(a>OKJ5xr^wGbO-rPDz1vrk4k0Dt*t
z=lOKPTmXmJjFw`ntE*4`!WInkOGr469?kytlE^?&ZtgQUz%bpqni>oUaIGEGV%&QP
zk-*~OAOvG-6IMc*(`L8YU>ty809AHAIeH_~PU#-@DMtbs5%zbaFG4F*qN22DXvH3(
zIjv?iJ!k`{I#g7^v@O$%m<3J0_1j5}QI)f12ZHUUDov8rbGw(8AbgV0ZS9M)u5Kvc
zagdgV1_shgN4fqQ2%sN)fFxbqtG0gu@>UF>y^<xN)c_m~Nj;w9qFNwYV3n*`P!st`
zh&VJbG*Wx4uT5d?XV^&nTDt4Tn~+ZM{GR)+jfqYm5_4Tg;1s`)jV1Ry0hMSnBw!Bp
z3lekIcXs?CD`Y{4K`0Jm5cqy!p<pn`-OQ}SMA@Y{cEEmUQP$Yl=xYp84uGMb&<cQP
zdwY8*wM<f(ld6^uf9x6^<@~C!>61FA_@=B(6c8%wuH})$NQJxl-Vk61pbFRZ2@D_`
z-y_YFw!6a;ZAFR>@NVA1)m3Bb8Y4jJ*_O!HuU-KsPgY#gJdvIRCdA`EH$RVlraQLr
zqes;P15}_uU*h7Td<S(VML_52?CbM`5pV780>#2-a4xAvxpQV!*&`M_GuQ;%lNztC
z#L9g1PE2GjEiLsOPfkg}AAj1f9jcJ5!UPZk@@oOL)P3HzBG89G$Szoc`HuLYOeF_5
z?l#ug=;&yDV`JmaVtN`H86zWRDB{i|B!oUB8N@Tm$DT<$meUeePJaW^Um6=Xiad$P
zwDfM>dbwb^w!cv%p+9mPNiFfB$)-#K`Ka~N=>b|xcKo`e6<VldB@zCleCfvzU-vBQ
zeETZ|L`0u5G6+9>`0!>47U=98Lz}T5oFTs)AzoglD|yFG6-i0gm#nz`WIj6Kv;l1H
z{R5jzO0J=G92OS%kUeLbF>Ut}%@S5M=*StoEQOW+{x}(VyL?x#PE1cH3fKq;hORt&
zhB^6#44Pbm)as08`@aD54uf&UHbw%|nhv9+XYlZ_rh!|DHc`aw<ZaJ~vR4pC5KZD7
zB!kBXFILJ;$Vj8GKyOsJ)x7uy<DvA&4endHeUMOvPJQY!_B>k2UGNESoap4aTfSX6
zb38QO?J>RGem7#_F*+#<NX*X}OhotQ&LYl^j%XDP^aEgzQgU)QnwpyH&~_3~9uqe=
z@z~hd`o>00Yb(K(D_2M;C|L7#PW+_?Sfv{Ji}Le*In*<yKHfXsVzDYvFb4d2VreM|
z7%m(uS=e+535MOZajI3N#FCd~jsG_OvOnc;fQZ<9#_D0ANh3o;9zH&1-#b9&z&)R9
zX2>ZkliG|F`vCVUE-ek*2`}V=CcG|dV-$_|VSJ5EO*i5ll2u+>4rH1atgLw0k87tX
zcw<UQNqO7(N6gh(!Dr|m4S){-r)THp)<O<r|6`SDYy{dqUMx2syJ>MP=cs!t>*Gi1
ze?eX76#`=I%ye2p0)pno0I)$ll#!9~J-9!FLe;gjD43NUqdH5uYAzL20zy2`!$SfG
z*3QA9henIWaJn!p?Ut}CkC>RYV><=tnMZ*Br1bSC-p$_`K9@FdKW+Y&)mIBEr^9pm
z!|6E@2oDnz1{y(Mx#A1w1rR!mo;sKpCg$e+fx5bKxC-c2Vt?y;XqW^bx%<hAj<)tG
zKm|85IzXRiU|>LB92OQfW6zv$^c%~9C<N&%o2FXZ*eJJD=P32G{p}BVC8aRChY~rn
zNyn7trneOo49v}60y;7f1Elbh;pAq8d{?K_nR_|gAt53EQog^nwfVuZn6aO3%vo7m
zBX)6dc^eT?1FOJs^Hfq(*<kGHuR70o+1TVC$KK+U7iAWVPwTVj`g0OgA`$HRu(}J(
z%p0JnlT%PkF7~8AVtDid6^&0D#>CH`R{>P{akE?H_wAys3jmCMy+hkV&;cb^&!rtK
zp^cU&$A@J)LvzlU)d$3*EC+5Y{(C|L(7cI-do=BGNuNNob!KMf)bxG5ATBEUM33L+
z;gZ7{1gt!-<Ki+OL@SJ_s;Sk20Rt>&kiiKip7qa#OKYRuqoW~E=(5?`TAMN3`Ep8j
zHV^2V%zS+Jw?aB+W>~;(wK3C7Hi`NHs?tqRsf&t)04)k)3sn!dje^u8rJ?!a)WM$P
z3AI{JM>?ydsk-iOU55D<jF~~sJDPWbkxVo4=;I0p7uOj7XE<-y<2Rw}rnLpCrzf$1
zE6sKuRC9EP>G5&B(-~maO;BZ@oSpT9v2^iSA{!gIU|xky`mpOmu65U{%DaI08UMkB
z-%Qqed}L(g^G4FI^Vw->XMB8o0)m3bB(4k%3NkaxY7BICl7P8{rHHk#^7U)dOXPTB
zKtQkrpG^B+hG^+q2czEu8ltA9Mg1|o$-B4|t!Hdxv_|FgmFg-9Nhp<qk)i@^q{xzU
zb}sCH5evcEZ%moKW@h4<_I+JT99;Th0tR{fH%2-?w%<F;SxAt%mjfmjDi{c+(lL^@
z@BsHs?GO)~X-(5Z>--I;3a~W->IeG@xj3^i$Mnrjp;XIjIaTz-QJ}~vPT$&mlDDxZ
zKj2Q@Rx0RUz4Ve^sUSc9JeX=cJw2hhbL8Q(pN%=<qM||d_1E|I_HI_11c7PgT25u9
zuB!(noVb>*b}$7R{#McW0n+h`igJ|F=S=ey6qAr*{1pqJ83NT`UESQIKi<>Vm)ggB
z2sL8OY;CDL85kJ{L{`c3B6f*k^PnX4P`9NZ>1%Yr(8aFq;fqhktH5?YJ($kcIgoPl
zGa8li0a<smjc-4{2F3>evJ~zwmOnbXhy4M~Hs|3CM6UE{y+H-5*3-}hLkx~=l)~Sw
z+^f_`x57Zzke|AqyVg}|C|xmJU~S8WoPvgWN)<k1YD+$OWebInDa=yW#r0tK^A4I_
z|I?N6Bn`679sRu|Jj-Y`t%cC=w<b-gYDle<t*G?k{(*OO$|sb_NsxAaMOjLgnL9{~
zOaJsXRPckjQKU}tKx@~zf*1wK0Qv^fAwiK=h2+N#^%pPfnforBG&HhV56ju;el$b5
zj32z1skj3cnU831_+PImTpaH$6@Ed%C4!U8(c&YO{hV;*9=JLvAgMQ*Z%-7mbj>W+
zP9ehLc4XG!k$Oo5V<jbS&F;8r>I1iSz+ita@SjHeveltHoM!i7G&d+zx2?#pq-I8X
zK|hgGbrg%$5wjm%C1P;@#Vo;u&CHyrxl(z&!`5XT8WLhz(Bl*@4Krd{LaljG>de(^
zt>IhKt%^x`om4|Y{_x2^hn}BqVG+MbaKeQeh9r*d<n5;SAc_Hk+$h>DsycDFucctQ
z;f_s{p6l?_#hB6j1nq15>xK4NbZ4f0$?Q9K{7|RzSfx%<-yI{N=SY5Ub(ve!2|Pbw
zf*2?hcTv*oS{b!}TAT)vY{S<7+|FT&+1UrM6(xNIkqpNeD10ROo$~djrICKnpk~C6
z@bDA_3rvxlWg-7uDLHi&&5wKmr7T4a-@gam+AkdCLmJ+pHU2Kt0C#C?eLV}hazP;1
z?yCC<$*32OcRuQ$OYle){9+=qsd<vef#BGIYy(<Vi|tR!2Sp!{?6i^xkG;^~g5_fJ
z8K1GiL1C4itE_eCBf-p8B;_c|noM!plO|_2x8jMy&m7(HyX;?CHftafG9bWgt+}P8
zE`(M{AC!6UNq{@o)*?JA>Sb2tKHlx*?o;BwJy)NO0)Pk<J!HeXIv}rP=5m*{lZ#}N
zv6g7Y<MR1WMPaBj2*$)A_u~o=5AYmr6<!1X9O{Xc(`Ak<^3iu$Uaz`}ZXD45_Bwv5
zNKQ>XeKm?eK8&Fu$EfLic=N>aa(SALogL4ktLH$j-|1BN?JgS*L)#XUl1v~olZU(N
z=GL3oeJdekd5y6;J*%Q3(Zda%)!EZimeHg}^`G;Dy04~&0~R2VZeVlAK-(~GH3uC$
zAtoTGZf-sUW;T$|Xd@tkmO%{-*Z{R%q0%x4`uu*d&EZGg@dvwxnAb5KjB>5&<oNT7
zC8iW8ZNefVAiZ(G2UB~}(b`(w)<!6Ka>$pdTM-Brt;rLxmQR9hWaPOxnAo|vxWGP1
zvN8_%3~V<WOIcO5{rzf|qQ6Nq-wUjpiBK#_-|<fE=R!8g{X4ddMYNEc3?(H)E1npl
zCiNn}xVMC*LBjE0$Jsgzj2@4!4t-|7bg6o9kUEr6k|^rV#n^`3$rp^EIAI(gAHQmT
zw6__5LI9IsQ;IXoP)}C*SXs#cmav<Oihg%4)`dwP7n>hMBlj+bPeMIus$(4ujQ~hc
zMmL{^`P!Cm;OM%|Qha-K6}p>aBFD$ORk9bu&qPul9d33og*WqDyLNfFD&BMd41Al>
zW9#+$0R(1_dcFGX%Kes#-m~&nq_b_*{XPoZ#7_>2!vXz*+OYwJ6-K%x4mZPl7JdwW
zSSN;q>W@x0xqdxgJQ`U~iT8Y_nc)v29q6DvUNQ^{*PtJ5I@CP-7{<fG%6bL^)f~>I
z3?-IdzC6>l4OUS6kGh(g!=FzEPI;TQ$6}z(q*5?5Fd%^M>;=rXL-HgTR6nrQ%D~_2
zUy>mN_{hNST7<f84M$e_GmzwOBO|9lG1oLD|IIYJj=>`ye33)6V*yNm;+tQsmjw$5
z@x!`NO&yhcx{jiGc@8*h^MIKRr{Ay)B&UTPZ?gslwh-v9IrsHSz>ILvp{##q1zDvG
zNaw%++bL5>5R`Fs*;-JZ90v-Nsh(R|$#6IVWVinFXD#?EHujgYj366z=|lh{AwHfF
zK^NbKMFtoqLrqPwJ$2NH%lP!X?^B3oS~_r<ti{gAqpLdF(MnZiHxdi}O;=lId66WK
z#myd5A#B}_IDzsl&)|>{Fy<1anMZwVZ<c=|N2#fW%E?afT=Zc2mov6&#|*O?oCt{2
zjT_jo_IKkYLQqAv_&$2Nx(tsU99~1UZ>TTEqz|xyOeZTNgR>HzI(hu`<Y@ea5Gbvt
zMmobe8sPyKq_;D&u(Skc2uDv(53$tKcsd;-1ZN!VUM#*okX?&-yNr9d+(%Lu<3XPQ
zWs)2ZJ2p1fcYXcv*Jh*Fz29VHrv7^x+d|_#cqeciFhM#0yh_;x&3}KhEq8v53B8kj
zbpVIcc^wkZ?_7Ky6GN+_q5@A^U-LSl1rW726RrerUqwZw2_fa6D8tNFM@p~&Fat4_
zZ})4-oKOA8fmm5u!u54Awv{izECRZfG|&kYSVy3u-~kb=zj~&&4<K$klXwk8SWplL
zCR}wm%MBJn-}v}=yT$u|xRoAAno2%F!OF$uDqz$WKWs=>-2TXsLU}Ue7)~WQ*XA!c
zb4E{|tmsaGilG_V_H=KZ2|10S1;)CCCkOlcc0Xrs8I+K*-AyPicD-Nr>J>=_!o$UN
z_cYX#_;_yu>g3lxx%)xHud=dWy0p7n<*>=?5Eo`P=CP|&esX*egIT?Ow7I+61hjqO
z>r$525yy`oKZ1Al|B$u<@co?+<%gdXG4$_PeM&34k&jMUh8YYqC?fCQzV!u1IROEI
zl?5MU3xf|GvIlM4jv!_Skl486T2%(P&Y-@ujF;ER=M$}m4{NHcy`cb(2Y6e$1_uMc
z?MT1<C#d5N0EZP(@SehuUcS6_-zCVb<FC`c^sfMvPe<P9FX?%1KUdq^omH27U#f8Z
z0P~NaSh>v2{Q}G=p!MDvrT7y;@tg<9dmfNpK4vw<a@==$X$EPB|B&~U_f=Fv_k77e
zLbl%L)w5ldaGw7PGYR-6_9w#ppA!Ce3djE^zIN=jvnp2ka!HrAcudebI&<+cN^3x<
zVg$usq1c^odq^q6beY7AlIA8Ui#eCVCEvlCuSELq5Cg(fwG5{W#)F4QO~!@tTrmh-
zYX%z|T_X$DqUVq5%wAdDqST0y@7Ue^<#AT5yY;3~eB!mRIRerfFXZu%48f)&3?uwr
zO=jHSmjRkSvCrJ^S%&aXb3%DftB(JK@vwYHxn?tBBoIDH#J14omAT%_K0`k8T+_&V
z%*<!V(8&GnZ$5?ohedg;@p%j()aCNOJk2jc_U{{aF5Kav&ajDe&l6|+v+eNj8%o>h
znzj+F^<(dxG=u6rIRk7uBBqfnzkq=9?BV5a9A7NV))o5?c26va<L1XQecM(~@2>s_
z1$Qy$4$*(({9<*LVObtAdog7AqS@-Xnyrk1IVZa%|D>n*_3JY?9%N89xGW{~#pqu}
z)yGr{+H?f1^?#B}#{chIefiS!G5=F#vum~<Mnc2Bes!^2a$QI*o@(Ese!)=PQE5QH
zf<$^-D3rAp)XWeFAgs)zw;hQa_~KanP~+uyP0p-S{|O1QxbamGm)(MYH|v;B@Eq~Z
z5`%a9`Fpnc3A#p74?<|5|H^B1RX<qpE0oZT#``<R7nzMwkzUKK)GDt!btS?IclS(b
z19L(fay4I%lZWVU8RlsG=f7FK(JNnzB^j*NuQ4q1A&z50-yapqnDWRb_a~O#4f*+9
zWaM&|T=OXV+qVxs&e%BBd9{3@@oa>9e65ZgY*!0fS^4nO;;nlB$I`om5t_swY6!wh
z7N2%lb^On>(kUL`H$Fcq$ILe995l<7N)eLH;Qe$rL*DuWWnTe}>cAIeofPQ@8PVtw
zGNt|~J+QXTz$tLj>`mLgXBphN*v1omMVHpSaQ;8T|JP*tN`ELfp~*!DH>8b{mf#}C
z77o564qyHg_#tyd|L~zFE~9eMY#V+|76?oh2q~%WsJ-VbH2J@88U3T{_bor{hCV(X
zcvM*PD5nPgHOn32ru}m-!j()*t>t04JaN;%FX`_wrKz_3re7W0P;u5kV$XK;is`>g
z;n=4+iCww&k6mamEI77UbcKw1*dGg4NIXK{q=tQm_wQ4^p<6KX^yuSf1YJ9KT(4xv
zuuRVxy`g?dG{ZVUeMFl_f<px%Chor<CeQuPtHt+!m3APV0*a0{cgjuQ4&jCWIvz<x
zKLJnr;aX9J;CpSH`;1SSegBM)p<u8n`){N|;kLanzod&LHUF}F$ng1?nY8jlPN1vv
zDH9Cn`CLeVHwmd<DRB~S98w0P;KcvyK863h&+OW-(gCD%<@(s8nl@BKv3jCUp9wB0
z=?$EiQJ+8>!k>Zc20RbN1^3X*V?jAPjOouw4-`9&%{s8hPN2V-N66~3bT7Hv??8Z*
z^fgtVlgQf#sc<gE+7DWHVgmvgC=RIqT=eN%&&aRRCZu!wm>wq_yQGN2V7kclWx$1Z
zZL7s6A;b!azv74D$Vio2{`Q=)_5q-#4??89=i0tqF2<E6sXfw!%5E><q;;NaQ?$Ws
zK|e(^(1YNQCapZP;aE9#2N@*6q-j$#bGitO4S(12{Dn^@Xcnht`mD=}V*aTKn#K84
zOZfj0IhTIAis;$yFnCj@)60cZ(8RTpkrv=x!`@BkiqhwQI9j<_^FNPqu3Y6q__eG$
zX*p8|s9morUGK$%N61z*A{AYjc@2%|D=_{4HZW)Oz|3CMnE7a0&NPdWDs#NLZ%1sA
zL5gEkr>F;WN0L(X>NB+bCdUXbSj-MK@fYi;`Z~<_)K$=CME6-VK#>ZFb)j0-`Lhoe
z+vOj!4vKLTj*gql`_^nXKd0zje-Zkj;Ysp+^*iyr_<nvxSjW%ycW48M=tUC?3k!#u
zE)voDq2Hty3r`$O25la_7jU<^S+w*hN5gLMF^<hhD`Csd%S&6a<2%6KrwH{Jlf~l&
z+%vV@S2cS~Tk!^ubxR&o(2F=X9(dpeNb<#SzLzi(94_!W$K6=rYu`*}pY`d2KG<z6
z`!nTXEIIDGW0V;wg@u%nT&4+Mm$?urFl=8eBouL6Ufy)u-u`j1>B2BnDRo>JJeO59
z#5__aL;f1GuSu9**zWXmoTlkT(>U2kb-kvob9vA=7c)0&Xh^;Dqmk*IxT_gAmNvHB
zN?X#inBk7>9O+Lbb`9FqFGSSnOTn|d(s#=^HI<a@dAW4jr93KV5W9tS<@)-<8sA&t
zSlN+(gj`o!&#x!dSk==_N*CZRah`M6wpKTl#Ex1W0$y4_x5;uM-or<)Xw}_vj0E*H
z7g915&aYqC7~{lxv1?7KNjXfTnfKu#hK8sFc_lZELZ#~;sZwi(8Wi4rlvld;Wa}-A
zE@bfC*23kcXMRCgxmoy>T$BfA2J9^M0=lLI<Gq-Ocyp}R_hZEMuSQ|zj^5m!eb#_}
zHX*H0k(u~qts?Y-&3W?b9S%KixJ@T)_icU?f)>G`k=$yM_cGonAT<p#`$U~r&!V1~
z>XE<zM^BCg>4@Zmb_K+bF2KmnOEBg9UakH0*NGaXcQB+${#vZNDYAF0Xv?X0Rf77b
zmr)RjgOxC;z~(U5K21gO2Q*-wPr{h!tbdKre0H{v>l`n+ANV!{MH2t&^lT+Rfg;_@
zYYy`mNGQFePtNp3{crM&Mx*;7&?sU`q~n89Q*Vb!!il%^`-6t3seLraDqF9BfWS>U
zLA*1vFB0?f2`mb5^jZ(j9^n$ymTuF=obm?47LX;^J~6c~H`NunheJ9*An3=CGKZf(
zjrsli>IDfV(&;x)Jqr)dh6#RGh`ek!`~5*Z8;jvC1M9mhM|fDcgf%<#q6UImVwH?_
z^1+Rt8Wg&`s?T51DWrq;QqWo|K<Q?E`7iv2Ca)5G-YK%P_A8p9s3!o#vmK)_v2chQ
zVch4L`4qGTt@rQ1odd@|>r@$#!8cz=cu=hE(w`^#0)MVG$*VERGuWIXXCa^utv5&<
z$>g`!5o9;NvcujJZ8bmDpm38~gpQ0&QCd-vP^HkOu3B0)+i;eB!BJ#mqcZd|DYjBV
zRy%T@=zHnUey+vsC+J!12M-PAI8fmb&;_64lazn(z$tuN0!Y%8ca^oMGc9Q*w74QS
zw~U9H!0>blgu$%*YA<wExXteEk8r?x#CMo4XswQ1ZUA~ApcbaiGwHaYwnMQ|0&a4R
zQmc~U6CnqOn6C~$-<nhN*ztT-OGi2D9K4Fkn@jlg=`6xf8b)>sW2xV^-rMInuScU5
za1#_Kl0RfMn12m><IGFy2!2ZWPzDG0u=zGUG!Z-%o-sl%E!@A@bNXUwMZeBdCHU-;
zgy;9(#i=LYehN}fY?`QJBHl@}M^d}Ya#&d@fB=k^i_Z*Jog_4k6Wbo;XYGC|F@~Y>
z8qLk42R7$ba+*B?51FtNwwtJCVhM})-SfR}H5PkeM?CCtxsU&`M{RvGHNP+e7*b4-
zn=`Tr`_$phEQQ-}YG7NWALw!KoLO9?swiw48^%S1-G1_)^(SfycztW|&6^*T$P>%^
zKDhA?e0jONhL6r(REqL{_DqW>hLb^3sm$|ur~fnN7#1Xo`V}k*>UU1K22)4*0;33Q
zIXwEhY93WIFrV(x`mMD#wq%n>e?tGtfd%$$g_e<>J^^GT{Z84qX<KbYAf85s8k#nI
zKh_!K@W<k=jC+y58p8fY7Ke_O?FQ;CEdC0UxVNg{AX+(9(zjaiUdW3HhlmCf7WQq#
zXale-7~LDxudpn^55FbWB^p0|<Z0C!GBcyyG}m?+%`LdHDv6NyV#d*~xs1R8@ToZM
z4|cLPlTN~Un-On?NUk8Zk#-El`6Am7Y`v_kF7-8&#(EhDQoidcS+pX|Az6jM!85$H
zc(@j1&;1eT0L?_uTrIVjIt}F<(2))ui+>0#q4|qKBxjQk){E$;TGxO#6<Q7b*f=uN
zHfmDz?lL1kvF4`%UftkThGVXoq4sno6D0~AEmu73h^_?RrU`mKC@Ac>5K!FeM)A4L
zM7Eo4I(oU|OP?i%l=fWd2Udlu$EeVyT;~-%XRVI!S?XBc9Y(jW*H8pPvUS-E!D|}z
zqJh$&=g;o~8%a%1cfkKZL@&}kb34dwlL}aP2zBbUYpAI+WNcVw)Dw=nAfA^RcIGQ~
z4_-p@_!@(w$Oo;Pb5H4k1x$&2*lu_C7%f~(BX&FX6JBsEeX%-C$^CF{qvA2-L<|1<
zMKx7#y)sy$@HC8eSNdh091|ah)=2v%cl{(RtKu{9d1q0_<tq}-V~5y^47-!B!Wwpa
zhQ=7hTnAT<*87wWo@5>B%!x_p=z7rOJjVd3NHwlt8ZYklJzrj83??v@kZ%df{m(1+
zJnqPuyxV)&{lL=`gNX53;HN3Wu$7#woyl6iAO@7GDYB5Eh%M&T?o@ayPU2tGS(-T@
zfRLY(7E@n5-Ysgdj=SdGZY}BIp|)G_bz^C>PhxIHn@X?9As!Co=t_`#JCbeh<hJbu
zoz*tnsJOIGtxt%xZZo`uqfTCg$~<ZrEH)3)Vq9Gr`M#}<7QN3K3^#^8ll=x)H_~6>
zc!zKpF9{;VnAOKvIMOLSH5LVdY&IYcQ?t~A*c_i!FhFFq?Du}_Vuuv+h6dKDeSVq@
zSDDeW4oQ%kBwsM3epR?ny@Xy;$*9eroA^8iQ;*OR8Mrg_Sy*p=kACN4*f214eiPVt
z!+B01ueS%?AZr4EY>FSxesO&>4B~%b`-#<f4jBl}=n<jjU!GzoGISslU&q9-W%d9+
z?p@%8L-8JO9ttv{PX`>n(f%CuD1W%i0?PJ0u)N|7m;=T-1GENpD{X#zgMuPr$~{pf
z&2D#9C*ShqDlp&W%CD7UE9`UwKA})_`sMRwc-}otP5(Oi(7-0l|DsD81dWW?BW}~V
zwl<fHJsJ&JQ!4VTg9L{{>7RSI6bprB62nI0mN*c{!lRBVk{9XfS(E!AF@qKE+_!J9
zN|j_8cqG1Ql*#B1Sc>O!i7RfO*9(w^)l!sEFlD@Y(sBbiKbF3}T(U_#+H?(9FpORj
z<HKFHvHKQvjcuu4zn&eZf*{YzxK%GN)QULQmGYH--I%s_7w>xu678TxGpAOeOx8e9
zRt3s(G)AobTyXM=q&F18M=xX4!y%is7g?Ue1MagOxggsU)GXH*XFBRDAJ>0lL2poS
zR6HO^N@&Z7hM|nV&@pRNuo|5JvY<QM)Y?@r2z8)=TNTTKW%N@eH0c@ub4M>e$dzgU
zDkq^zH@Aj9V-ia!*$(AWK!3nP7ohp3%ThX$UhbCnX(ij6&G-$ot`Z*XGWr4|IS5_k
zGdVbUSkZM=FRMfSVBxTK+I?+T_Es}}tb_-SdxUwXMZwf@DULT4x9-_Bs->r1h1TPj
z3)7xd=#HpO4@uG}Vf?s^EbnN#yl<oAZKV^n!L$;j)%D85H8iA^k<+sl`Ayl%`FQ5Y
zAfN+s%CW|cX|@KRaj2pBlC8LX(IQ_nqp7;nO(rT{Z(_ru5&}z#Y^NLR3rTTV0V?&d
z1UnEF&&^W>u)S*cSvWc%1`cE}+^rDFS0CO+HLZKLNZg?N(FQ8txlBjwmeXBgO$eiU
zKZvU?BIqe8LHAR?bNJeXmWHcVtcBI^R@79l?TauvC#|N|hYn~y3q*p|Y1a_EG%-_m
z%DesO9FJZ0fRT`0C&`9syAu`Vm`yJIfCmH;li`lWh<?6KuKn>e;!&W`PO^w*T}`60
zF*;>C{108Gk@dk1vMK$fo^E5jqJ)lSb#$5^E}^~U^Rq8PWIQS~M@|~I#}1C_okXfs
zyEUdI>ig=p?4ef$)ycR?9tQHc<GtVeL4TwZMP)%VJn1j3Kfqxc>!ILLQ96XIcTOfw
zE!p*Rd?*!k8v#~6%FqLZ0dWux?roL(=6Y)pk}Wg?-Nr5U8&j-B9M=K<2j?H*GW>Gw
zh!R~pE~P+_0?q0ED$>_wQro=qJ>0H`%U}B}Ac*|Thr9DR;yZm3!dZCEo?~K<x2R$7
zFs1aYzbsLWu0Bvjyr~&Pvg90(#0ZPM&>~yVGd3K01W&QH)H|@4D#l%H%j)=1`OeMV
zV{Ety3Iy`DI_!*YR%y>{;7JWQ^ST`ZfeW7cyuEF)p&>H9Y2IThI3(|dDP`)ly6h!r
zGmKe%bl9jK^T#Mgo>BXlSZboikskysDXx6P0nI8W+v#V*uUxi&2+YjQO#<L6cD#lq
z^5JgzeB+yBJtoO2sdAbc0Wj)}uSML|K}*K;<yfIFMMG9of@mH%ljwiBjfhV86rz!-
z@e&vm8vO!;a(%W$=j#Ddeq+4-vM)`1l1P@w79}F$wJOq<B9}<9_IeOFAzE`%lHAk|
zKRBJKRi#Wvj(9IGa|FEf;Hh3A5X#an!JDY54zNTP4xKmKMzo7+bi$j1K~x%U|8SZ*
zn4`<ihH+F{6llg{BrGMkJ2brwc*a4Fk&xxwy#0fJp5j!yd9+RnmV*TyB7!=pve5V|
z79cz&-i-)+KhMsi;XV4C_gVIrh!0%rTqwUV{3|(dV0^jDPV#aDUP?!713>$R^rg8r
zJ#WBL{P~mN7ny~GhzD#(>e1zNm(&cxcPe=2^WV3-CjmdE*_`8+vauPH-L?k=q3sMT
z8L0*^+ECdvq+4}tLJTX-1lOCk$H|(g6;c<AjPq4HAPeO*wE}~nl};U$sYhKTsudza
zu%*4_5^n&Xapi7m#F{{!?(|fSad^E;wn6!fjEFrl){}m+e*+TnYV~=}b8|BS@2P*A
z*3&Q!)nSirHlco%EyunC!-m)e3-)^+!An#u(5drO!em~`rmf4#@pA^0k>1MlO}@&_
zmW%BqmnE3GOk>zj%Y=87#9>O!&znz3XS>YbjT#W_+qTcdNO0Ki0iCjGk<T;-lz<$i
z?d^x7@y2nw@qHHC!xGVLlxR=aw=N@%d{^`E#hVzr90-KmAyTnEvv7bBZ|UdL4R+nz
z<@FB|(1+k}3~bMEL;--g8o_)ln|lbZybrFrKLH*8DUK@L5cF07k<fv9vkr)-L3$k2
z3aWuw8bnQ1H83nj!iW+GP8j)x{?Nx1z(zS^51<@_siezOFISTlA~A~fr0=O}FFRxV
zI<WV=AViD|X+M8=@ONrA_d)b)lbWZD#B}UcfRky*iFv*e{<c&uG(N&T7qnKg>0uXl
z-jbgfM;*5RbWGbt39pF+rm0)|pgh~O;1GsVDJ_2(|GX`PSgpQ4t8C|Y0om%~D#7sv
z)TCo&8at_K6oMrsO;SG(VmWt^QXCW^#kjTM#_biMdsYW}UU@Hs^$%e7H-}0U3BIUh
z>Auh^!fWu<-*{s@m9P<sPbox;l<qLy|9qF~;FYM$ZN}0t2b&_DgUE&x7aVWF7{zjt
zM?XyY>N)zrSTZ<sTfABv5pzHJQ41Kfadp&vl);vVx_;MTceP^5eN-69*SIqEfGJ%q
zi=s|&AiW-AZ#l)ILcQ|cwUneKkTqX5E7X=nJ5uyWaDCYB#9o1?Zt-<6RV7Tk4&4oj
zDVdUBBcf%koCo)Y82%&1JpD<-jkUFHA@>05;>{MkxM4Iw@pXFbN6n9X{u%a1Xevt1
zgPaQiy+opN&r@$YO>sM47nurX7Ju?R$7r5wgEu_o&gMa0X^QcfZhY2p=d~64HHnk@
z!WGem?K0gDD>O)DcUn5CM8(O85Yg8g_S`UC8LlFbCW)rAozI{gbIansdNq&X8m#?)
z03XPlbZ+f*fD8@cLh}=;4y9ZOPt+aiXknG7Ps8FKZ)l~=x2FWLeF9yf(Dm6e(3AQA
z*m*Md4nYLIii+Tr$dXqo5oWz7UBih~g8*od_D8QO8r&V(6I~L?I`3Fvt7mS0&KnnF
zqW;!>1leV0udlIDT9Y65#A@*A1-&M8YU=C;Z@aYjdyNkDCgFkUC*cRcrfVnd5Cp6N
zf$B|Lhw_XYmCry6#6hk++>a2>{-S1yMrv^<3)6yTt8}Wi<zInIO<f(>rL`kQKCD&o
zAzMy&US2AeAw@99P^_i_TR=eo4HNcG+6B{iA9#3#^C$os>u{17N0HZ}p?iv%?oJ<G
zP8H$}V5(G+N}S#Nt1EZ6QIk^f%E_QTnSOz0O#WINdH{nj0FlND&(7EF*aIlEasV^W
zUAlV5ohVSfMk?#O0d2e;FB`Bz7VL!U(|N^4Q61;5qjALnfzo|%lSd{c+h@d2x|%Xh
zFrV%M$4Z}j$EjJ~%Sm8&R|tISK|as@0}jRkvQPD~fGUikKmD0=YX9QhXsDm{?S<4X
zZwm!SLlp{r@Il$U*EfJ=w(o{&);a)Px_*KSP|BBMz#+Q>XeAejOC)|NHo9tK-h7}5
zpqO~ZKy!f}7%rfWy3gnMCQvC{bmo?}-7FcgrK?lICCSD+(6@$%jPCTg=~cm=Qr1-g
zWOXRB_5tWNutIQ)mV=v{%9K4y!l)3nVg2;$2aJi&ZI=;-)=SfeS0>XH|2U2U<(SSO
zT4*zhK98&RXEjR(^ADLq*}L^UeV1x_UGZ8=OGP$l^8hl>J691Z0Uo116qs8|8h|Sv
zT`f6keRNgeSJYB&<NenXczS5*#Y~Nnz#W20Ze&tX_<SrtO#t!VRy+32WuvAC5B0Jr
z*YXD5%S~74Shv@0F;x!B&Y%A(B$v4HdiW7Ei{5sUymMg1LtVZ@b+>IBEh_X{$}`|$
zZaO=cnou@Hb!PleMu{(2kbISxQyw<7wf2U7GQUdplu@cm@hLiy;>)JG&ub<MGBBf0
zzOGtFWuc7(s%ffi%l24+W%^Ceg~);0P9@t}TZ@v22hQ?z$Bj6V)kF9<7JdEp`cs5D
zM7!$9eP$uYZjFfamQ*TMb)%Th2f6FlyGd3h{4aEX%0Kn16-=VF6@Ow?t}DO9&_8v1
zsFaXHEmOwRQ@Ys2FM#F3$n!k8MAGzuuXUL^?#~JdFI>P2gKAIYZrwfHhLfLIiy`{H
zgM;RemG6=(I;QCc22uN2QswNwS>e%c*iQ(q>C1pi8iP$Fe=O}c7;qqwU)lS4-u3I`
zSC)<b<-EN>40^z)OVu?G;aQYBynl?W*I%Pk%9Y6{Ca#c@V&nhECx9+jcL~qV?p;8@
zGr#}X%F(eI<k-T(3fHgK)c(gxkM;@&V$#L3UihSMz$p9Y-sEoouMGRsGg%V-LXiZ4
zp?m3h37^J-MGNFczVJ_&ln|+}n!S2Ba!)gyQ0)ah_ApJ>gHP%ohm)SSoA~S4`5w%Y
z3IxHbDGr^&y+cIn=*-dU%%>_yW?_9%6&0MCPgAclbO%A)oy5Nut+{1R;SI9?n7FsZ
zr190j)A;(whQBXIl3K?jr-a+qa?*Yb=WbZgl_>}5oQu$K-{+#F=c>sc^}BhuZMV!u
zo%Wuo;CWu7u<?ku1;pW*47Fcr*|K@ouJltG8|t}nbz80`NNGJ6$-^L$KE11TLpk_)
z9=YPzXIPqL*nNV`w>dS*-~X_0(|CSGR)A}f<8@})3%=6FRZG!1I7ot$ICfw0gX6xv
zzSQ`_Ge1gD2@i8|OAB5Y48{=kMA2zvMpip#Q9f%vJLeL3iRZuQr<Xl7L{Pgby>2p=
z#;Q!!=K)&_&xsW8#kKP7dy~4^m{MLA*XMNav|S4{#$FuMai(7saJlzMy~e7@?_ebv
zO=NFqq)8Hrw3Lkn625(HR5YT`CFm1Ac{MpEi|viNd%%e7KirPD_BCl{SSX6~UF;Rm
za8NK%Uqn33eKkq{i#l)6h4+POMc~91KYT%G+QRFwR;N=#^$O`cy9ahB#pY|64H-fA
z#wuP~Zc}tVY@3uIVBw{UP42&g=x1vw8wgCiOJf-Fw}{1;>7)upIxQ7-iQBp>I@g4;
zHh;xrM-0f=*?l(;yz~2@92(`KUPZ_IU^NWXRd4_qlVejODuaEC8O5$zA-zEq@4XU)
zlMM8dPI<@u$cs%Jycg@2*Vk}K$V}MpQo(6l(=>q`d`uu4*col1{tG(lq`BGLhL}=H
z+lwM*>Z>m{?%{kbNw%ZjGbRlrST-u>i{j*o(h?la>U!jJJHvA0$)&?BIX+bj`qpxF
ztMrsU+K(zr&;%L=(<@_<!N6WX6iVXJ^+iJmzeL5y6Sv>@k$czm<bLVoem{4iONi^0
z<eEv61eK+P{vYTGC__Z0Uu>6Q)Am(*XH(UwpracG#D^CI5G(EYM=1ukj@_2IJ7iz#
zV*B`<7e7VRuEOGQ8WTv~CZ_M3pz5?0bzNlu5hDK9WXyS?DBhnnorI|3a;yBCPvAX-
z0>W=NaJ;)~kb5FB^oWV-n2&avH~cg=7M_1aO>+x3ESVn|Lm&YGa(Q8y2;)W{4qba%
zO?RRTkEhn2tVBG9egsB=bTO`e0>`iK7*?0Q%Y6R96)a|-U;=#SLP)bgop?HfP;dd$
zhxYpx7ztXeS^g$bXB&-%vLgq6N<1UK3JVB9F`3lJZCos=#nVoRYr<YBHS*5l0n?C4
zzCLv66MNSU@hg|ELgY(ACylkRS2}}b$4JA>2W$i4?Ib(wge;o494h?H_9=}9&eT?a
zJ4VkyDWD!ZSce}gCgf29-}qJi#CyXZA%m$uOl^ETo6c!$em_6xb|Qtxu){kBCPH-r
zB>6d%I`<VpM&7zB6Chctk$#V2x}HH>_;rojP?{x>#n>3?nq4L{VVqZm9)UQ|d41g}
zXkcCR`Q>QasZtY!bptm@NoH=`M+U)Y5m)o_3+kTMHF`P$V9b8cz5U&Pjb80z)?pk{
z|8<KOam2@xL=BSQP`;D3TmLSFcjbQuqW#|K4gnGtG56mC!Fx*+awcd;N4`56|E8t`
z2Kv{K#uHxK*~;eumZ&p2r8`pAA9mB%=D9We)kR!zk=FMD#I%Ao)*F@bm^j|O7jW|E
z7mI#qc`UFMAe|5EuI}g?j6IA^<MMAeA==Ht_antMz5I5Ih$FC-M!Q?xUmP}Qfr%it
z@|?f;ya7k%4F5-RlK<H@;l)E;UgS<&$LVIlL~L2+#fhA^I5^(qrv+%p&c2Ip@V>z|
z%5L!MVU=w4UYNW=`-oqgL}u<6ny4ss1Oby@-6z&S$`$t{2xfw|8mGUNr8IrsoPA$h
z;iR~B&Ke`ZlCWbiC<~vPN&P;y4_2k}3*e$wlr^DOgEITz8zJzGG|6$io|hbUX30Wr
z*nUL+L*9*yqbxYydOG41Z>;6;{pGrAj4l(x29i*+J4E|>wQHufn(zDq<yiV4baY*A
zcZ^!dlO368Y!hP%iSpeYWAs%@X?=G40Wos3%I=&Vmo^TlGI!#5D2i-Gowep0g3hIW
z$*jpHHTpQ>LUMxgI{o&52oq_KRg~|3e`{}G;`;JnGQokc7?#w}nA^4uKIwh$ONw}w
znRGg_r1G{fr3Rv-9Zt!!<0TaQ{8DXJQ}YmyvS2h=I~>oH`FtvrNPb3Bg;T27q+ju%
zJsorLV@}uxRBJCWgrf66z0AEB6QT!dP;_z&|3Egk&8!AGi~=u#B0$(Ohd=prv8s~<
zsG>bQP5LRembWDugJXjEOnac%%JagNGX0Ugw86xYFkO%R$?19}1i7r`GI3P-9HSW5
zdqvc_ZZ`Oe{fCPEt-8$7gL~RfaqX=|KbmIk=9oLM-&R<g+KSpVLsjCdWsG?zw^YiZ
zc646lI?0oaor5maEb*tLr9gx(wU0!!lE)JuI+=K_BSC#d+{}7fWUG1tcvpdGod<!v
zs_FQxQ(?`bDiwlUvhZTV@p_um?H1e^AO0l%$7Y^G`lGfC_t@0gd4A3mCfM>t^FZ%S
z1_g5<AD;;hgs$S^XqMBVrQL=8ucIu-Wixj#d;5<V^}MrQ*c%wY5PO1XsA^x}T9V|!
zh!IQ)Jkj0Q7J*ecX0F_?hFdT^v?7Y-xHtKm*Ur?QMQ+>Sb<SDrgpd_$XyKKSMB7TJ
znAzLC!>pOe{#30R=1}TxKs*cI`y7YoE=<)OT}-*JGq0be{Nk5T*aiCk89Zg`m-8_6
zh4m-jBJj4vvqctA!50ZalAbrI(15TypYMow4`|C#m`<bcDaF{r7%h6itq-`&#&c-B
z<%toUg0(?KZChCA`V(R{9Pb%9)7(kByM&)tDk*l(hhpfvT1@rH3TxWq%ZcJ%O!9r6
z*L#+x3|lDJ$$)sOmI0A#rtnr|ccXAz3aeJrJ~uahJy7)@N7@*1Jsz`$@dZof;jfLw
z<Mq~Wu6i5%n;~O<lr#G2N}&(5mD;r@Wck_>+BbA6=Ub0sn|A1U*XUp0_iJgx@y>Ew
z4Fx4GXlbdt;Kcy4-c~eL6BuFnvEQt|d#Ua~2zWc#Cq?i<wi$NsJj=$lo6Ix=B{Je|
zgg<@qwNyUZ+M}gg7=TBfXkdD4#+*?n6fhv3sMS$sL`vV9Eb3}xQb?cf@_3x;q|Z1F
z?Xw;?fHVVnB7X_1x}qpcCR0^^C;2(`(?`rRx3RxFZcC5b{7tT4Cd(Ps$`}*LW!-98
z5LnbmZQT$(#2Ue>7XN;Prj?IfW(NGxJS+x}@-QZfH|}@YR?A<ye7Rvi<T9Guin?5e
zYHJSjoQ<@j?qGCd1e+b%MMW?%Z(?o;ie1I=R?bv2mHyFy7d%dRJi)0Fh>_q<*fA2+
z#yUiRsdbI0{Y@3!Gw<8!7*WcPy(DqG!_<Co7uLk;oQ80mLt2H`-X6g&kY7Uq!V%qG
z;v)evpe;!Z$RSz%uHjbN$}0|vVig_At(CuXG!=q<JL>*S6amt?wC%cfB#j;_nuJcO
zeNC{cX@xe|)jD=b1`5fhBpLjQo>aaVb?=6bpTjIjK5FGA4c{$ouMXX{#IIk)e6tFn
zII{AWyS5EG3KZ`<pH0}d&MhqnF;lGF)t=s+esM+2SJ{&9Rcv$^X*!qTw^~{1A_1Z0
zkBnH=bC%aXpG|Ygl(F78p`|3h1}aAz>G_237S+Zc#)DWzHvxK#DQwOXX*>?Z!0}NI
z`JbuIo6z}dr&asMQ1P&OFv9kQM$BP*l>J>SKXP(nUmzrQ$qDNFaboJ4-iH?=caU91
zK~8`q1_PIEZ{fs0j@@1|MWMr*Uq~J$>xD7$+cHAPaH%KHndY=#W+yxHkTpPEGWU2;
z7Ixrx;M*Nm=XY~bmI5yh2BH`+aZQ^eMPklG;plEOA=%i{6Q6Xl=f=$6i@y8xPa$&-
z2^G&Hdz_3}hM%Rc+eiw>Cuz>~)PD{6)3<7b=l1)r&Ph6HjrGXrv~6$c6^O__9AMOI
zln)Bq-;Vv*(lO!3<+0wOG{A?vl?rJe#+@CF;XzqX9&cZi1Y{-FHON_PkxJxVO}Plw
zxtX3-C%YSPemT8qE9gh_KkSA`q?`f9#CCf#dusR`jOj|*WA+792<5+7&e<CvtIy8c
zoxWN1AZ*bc4~z0u2rBx80Y?X{+DDxZVqU@7&&5_&x49&=?MRMHtZvkHlPSgt3C>>p
zfB5<es3^DY{dY)d=?*0YDMdnrK~O-DR7x5|y1R#N5CK6%LQqs1l<roLF6or+&iS9Y
z_xtXr-rxGKbzSQY4D-&r&)&~|_OtgnZ>#lpOA;s=yt{X`gzwp|bJ-$`b#-`Fltznh
zj9yw4|LX$d&YyJnDJ8U-!=@1(;y>a8?&_~KJr4?LvF3yDeH6+)E>l`;Ziy=sM+cP5
ze_JY?2`&;`Yj|P_9FIsJWV{*W?JTh;vhQMgX(KfYoe0DkZc!Vvb+vw3C3<f%R&C82
z9G&VPYn(kdyTIjB5cf+`d<;wfJ_87?M4C63-N$08YsZOK0PvnSUZmRy{gN}tr~zPT
zf-JR5M23BaTT$Cz3U*P1?Kh>J?_6|0+M4H0b<jTOm^y<=C8kL`tOQ(>s3Nesjk&Z{
z&=2;6Y^in=O_c5rlvr=?BF`9EvIWPbQ2R@Qx*X2t6OlMzV*cW$D!(8rC2yT5+SJic
z<5?Hq-k*oEnjR@IgG-hh-yd=G4F;VKr&d4zHhuj|q^@21NN&TAOP2<pJOa-&YX%9W
zwTb%j^=eg}m8`zDHMkRrBSkI{M_P;G7Gni`*dQk6Rhk#<-9b+>?>FRK#izeTO_S#v
zp!zFx;6hw`G+_1d?|ddq<dT1`o`Mc=gqU45pmM^j@gKUN@)Q8gU7AdS*IkL&*5RG8
zmN&N!KHLW(;<mAnx^()3f+hRs++y7YeeG#x+S@~6%wT{4Hppbuo*U%YdYTO^J=+r!
ze+Y2^%k1jI1ERfyuh_SUIBf`_wiEa+4d8jh$0CKqll|J#j>LVo;`9Y7-adyJY+356
zu&r>n+99cxnN_J%-pObf-<o|<dt=S;iRE=H1UJ`yE_dNmN;F`G;=j#+Ca+<I0qIn@
zkUk)N27`udC&NAmus64P7n!jtrqoUk-v-CX{8QqPLwW_=l<0LG39Q1-We|vobHZGl
z6_-q$e+cWnSn$ZBz!7@1uK653cT<Cn-Nl^Xf=US78(~dIc)#aG{)DC5d6W69aqIi>
z=EKx8p|hVYiZBAm_o#%5#k!pHVr_f#{4#R8O1R7%jubS*1yJMRT^tWHpt5ip5>Lsk
zB*4b@WDb6eWx6~=4NjiAIS?pz&+>Z<cx2T(-B>KoD7H>tVlsTyWn%#vdTI9V=1~6r
z%Wxx-XgW9^lvHJashC#9B5t!9EdczWufQ2>;ryq5;e_sJ4P8D`5HDz6_(r0Wf4!l~
zTwf~xas5-{*OxE-5%2cdL!p@1=<tc`I#~KmjJ3FGlJ%*JOWk!lf*0%X)Zm9~cy7>9
zo5mDzB9WFGYR?+KQXRrY3@c*)On(aex=G&yJl_W2*gMt}cR`x)KpO2Me%A{mNN86}
zlKZ`HK#{r0<yh}YHLi>Vh_*{-uqKE<llo@kRkUR}Ki)1g+CWMrVskrEnv{ZDf6=97
z>V&(>Zma!T-H`bW?et#ibfM&Ci%#cP*$XspV4!XuJzaGlS#)%tzwXK)KMe7`IEd*u
z*WbX0oP*oP;XH@F?lscBNKL^vEo{%nrW|%jK*sp_jE(}m-k1IfDrfp9hlhImKIz|S
z%}~i&XG}b;(?J#9z4zBH>?_hb2nc)=_ZiUYLr3a3G;O|YyU;a5g@Yxd^s-f|QQKE=
zFRC#S4`>Un9=P(N_EJ^B&v1Npjo3f0@>5M6PsThUgDzIee62{Ji#nl`hz_Ld$}<$M
zFHQLbWv5z?W$7{ASkKU>MX#?P+Ul$UdI!$yfT?H#c9hY41zc|45T0O1ufN3e-Cwsb
zK|SP{Hwf)Mr*~)IM|~z{E}1jezN1&=vDyfFPeLQ(Z#LVDbJ;$Ak-3&WdHqjI!KitI
zRZ;k0(&`PR4rdS2$NRUJ2;R$hh$qT)IViylSpK@*acYQ0;brJw#;SOd8S-gzS8d2|
z{Gxa*4iE`t9Z_y9M5f|<z?r6ZYG(gqE11FGwi<W8&g_gVAFo?ri^KfnLBDcK0li*!
zq|Qv!ro{33ODd?;!qp-wsjQA8t0AonDqIZZrOhvo^NqCEc8pCK<--K}!_fs0k9;>S
z{5r^kDvr7i)Apz#pX#-zP2H1p)1|)5!#dKN_PAcvYx7Om2sNyMWNHYj^8Etc{fvCU
zabH0dc}|cbUQ1oJ8_Om1G+_H;1W{$l=@A6np!W}&lCxR|s9-fwMD)m%yRm^eyU?be
zkVPR0GiNY($5V~!wg>LPny7z*<s&}xQLjrrijG~^B)*boLkWb6Fi!f6WHhJNmUCc;
zkr%F7_)vD%W&mIxMSa!jHlk1LMrHr1X%%5|sBBTH3TkL6pTV>OXzL3R9JPaLjF~b#
zX8EMy9%|7Kk>{3xF|xnTNAV7gx^q$h7xx@2#4GodK;-NKrXc^dCB}D~toAT7&1mG?
zu94l5<l-c1|KjwnE<VJZ>+(`Bgu9(xV;~+t#aB_ieZW4xy!24yEWol_$Qo!%x$Q}O
zZ7gBLbz0cMLT$F&mU610RQI%qeVt=v@IuM93wo}@55*G#frt1LWH<2D8g*+L@!(X~
z-5b#o`Hz`y!I?jdMgKtq@*Y;GpvO%F)8t{MZE%DpL41Z^?Y&mF*|+lA((3!|-)!3|
zi3MzWZH63e^QJb=O`XFk&n=6)AwH2?jCGcWGyv~>NcyqhVdm%nH5t$5r@XNcfM~h7
z&eC}87TL~uDqY}re?F!4*-opobttG0!G&@NK!r;+knBB&u|fT1=E5<YQ<Wx#)wOyh
z2A0lZab`gkV<I(8dG879A36yqwB~9+00O-$eu@OWo_x3q+?c@+a^wb=d@cV!Md4pd
zMuLX8IoLw=>SOb#M)}JaFtCD66c8I=D*)PO)8d9B;Iw>}*gnX_jiY@>-Wes`srzTM
znM<PFnB6X3c(%>m%^=_RW*jQ-rBx81?r5{$d8x;f1I20P2fVzBuVMS1FPfcQ@Y>E2
zz44ei|46$HQm32smg(%E54{Ibizuo3tsiN3cMoP_3TguYDnv|ORB%nw90a+s&M;#l
zs<91vET6t7!492F{O>G4_NQ>B`nqeMKbQy$b17hjkiR<lREYgll@|+<!S#K|yD;Yn
zGj=HW5B7WsQgGn{cA1<gQw5vHHC{5YZr%W|-|LSsezuk&{YU=@y9yr7q+V}UW@IvR
zzif*|TaEDU<-(PxS|gGY9|3mu3~694_dNMNb8$274q=y^(z`)~Bk|?v`%?T6zCDm)
z9bF8Qkc~@*g})0DWH5t|>X-m^ugC~hU?R+0M1cEI*<Zb7HWvL$v77#w`pePT&Xs1y
ziNK@G*IUO6QXghJ9ejX0%-F21@EwoFvSoZtS`#qKWiyKud^q9EwU+TJJ{)GSWO<el
z&_1|zq14daptW3xhqm(&)VD2fKT<)#*?ZU6uV`8sUPLha{`-rmJ6{8)c%f+RiU%o8
zaHAMv9lE7|>H04`2vagag-bDW{R!X*hL@H=l}#*n8H4U4NBvf0jh<8->+vEOn9d*X
z4HOfIQw6qABIp<iXd=hFjG>4_gHM-|fK@XQj<0z972*q*t1)0-`;yFuTu^ZwX>$Wl
zK>H^&!=Wv^uL^*dJye)lq=58(&Dm8ws{iC{RVFW=WrMh_Zml%^+e^c@^YyBtRUVM?
zEj1aA6x!zqAEewd<OHW&af{nbo`LQYKRT2?WL9VvhIWq4Hr;>irizvpt9X84;iWW%
zw15kA(n7N$w3nx8>!9iQGk*POE0b83P8{o%mPYd;I2h7sXFzL7Xqx%D<{tULO0YfQ
z>+iuRaR=##lXQFCk!&3I%t{u()bq(_4KL0deS+9bb0T1nc3+1SNi?f<dAQ2z4aOA_
z<3~0C+#IP&jw@r@=C7L14a$sW+h41oN_^1)DPR3kyhYOKqPI<KMweoJF1!HppIP3?
zHCltO+yuM&OvjDlt)f8Q09CUS9~2+0jDdLV$a@z=xZzL{8*F--nHKPQ<@Y&6qX)mK
zj;Z+<j_PN<3g5-`a|W;ETeEi_8xbFH9A?T7GmIoxl0rST#zHz>?Iet2IZE)g(HbI`
zD*DYD_$AxgeL_L&AHi2}n78E?Hwwq-L4)%i5Cl<n1~U-os5eNnDnL*t(&1VqII*bI
zW-KTyO;JW?OtGDpgKYSGMuypLdRk?VF$qDO`2q%^)PbqVr66zfkgXqkB5v;-T{ZLk
z#54>bD#LFCG!M7=7P8A|Vn5zXcz~VR68*~47MuHM6>cf&b3D}zHh`lNNL$^R(iyY)
zgOYAf>#fILi=J?jv_pMgFY0ai=!lLG9(Yvt-0eA}*BmV>fix%~>DQ6OF<ArzhSTMF
z?rzTY7-xGL$f!-^(V|<1qiv+l>nq~EoiAyR9z3M2J{m>dfZ~-E>U{7M*nCFtSO~jH
z^}ys&JIJw@C{V=o#y2+s+G({};;?_A45eur2%q{-DJ2SM^}X4pfNW07IcxQlGIIaZ
zK**BVB8PnDWgty;_2}}_H_bWQ0~Q2p2f^L8lW6r^8V*2;h;vIwZ82&Ao~Udo0A{rU
zgr+=Xyt*cKJV%P;ajGW#z~3orYO?U0PU|xo1N|660Cl^~p@l}6j*u#fjS62Hk^n+$
zDAFzdXmj+on*1aWI6y)AdCCbci^)4NC(WJv8|Ih%5&pQ|%8hkLtZiE(Wek*3cZNND
zSJ(==J(+#pAC=pB?ecFUeNS?btt0WTfs;n0Ay24dR?pA%C#^1BhM(nrEzX{+3>`Zf
zOaFQ_G^fO5-=YOd=bWru0i8V4QxXo~$8W6s(M4KE3$YD)!2>Iqvp-uBN%8SxgbDm1
zv4Q6s9aocpDr5}z2H2YMsP7PX_OzzC%^$|Q)J&ER<mO;tfu47kM4hQ6kaQ*v;t;ZP
z{N@5=%i1<)0$P5GlEv$0JG*1|TTp6`^_VL$7w~&998UlVyDf2yx~>Hu&{r8AwcB%W
zabZLAlw`9&i@OWl78T}M`sHVQwlQE6w={U>YHYYR)sTPTd{2!RRKF4V4S|i|by`NH
z^Gz@0gEPwwy+|ELoVv5`jLlppcf?FVf$w!F14o^&fc)%>o@P}U%)nerCROd1wkch=
zd~LR_ir|b4u)9{q+xsNGFAMjCQ%}y*K<V7G8fPM_V^63AJ{RyN;Fx|uN7$}m_YEf8
z$$)v+00ZVkKPC%2Bzk;RSa|FtiB52GlUEYp|I-AI3qs))w~|fSf5U`Sj5X+G)i=!2
z0=IOhmH~Pz=n4{lUYGe*`TrF8Bt`>vAX<o}CXH;v-186v)4Wl2HNALgimx!!XFgS<
zq|2D)zAxA=>yshiMJ7;TXA}G(13oG+RL$o&bO)%+Z;u>9nqUD99E!J+y%%T(XreT`
z3W=dyb*|##0;8UgrmZp|k1#kT1}rG(e$sBs)#fkjfyv3EG9Crhh7i>=(8^v7zww0b
z1wP0iq9-1jR)k(fbsXt_BLzOE?7%E{#<sb)O>JAd{egvzr#$G41s4R|6_KyTnwd5;
zTV(icEStPfTCHlMQF6=p(4A^QH%`FAYWI&wsmi|0F!-E5%L?!IG;QQ;zSw99<|4?p
zs$X)}I+{FJwx3V#SQ;^<LRIrddzGNhCMf{wWFcOI=#>a8;Lf@$*3VLgC-6MCS^(Yt
zs0OztwR$&bcp=Zq{s$Sm3V8`xv!ck@RMi9vq+`F14_>^~6(RrK?#jUKAek|V->$@A
zq@M`v=B3{gJ?r>Z8!l9NC~a*`4@yETZ(*>5bL#(;Tr*S$QR{HzFmq#x04r-99*F`6
zjqJt>M@p2cdB7-)7WXx<`~7#~Y>f56Y{uXys)%o&ECz-?_AE{i6(Z}2!Hm0;_qsJm
z0sa#k^~DQ0J=+BZ=#aSL83vg02x^)E=gkSuj=D&iFHaz9eet0tS<73-dK(`RK`b}(
z8AE_Vlhqo!J%&aZ+H&U{4aIqfH*9CSZy(ZgVL1bp$Yv)+Xx8*jQdddS)HaGamofOF
z)wvgeZrB?MPzOloeQyS8-&Mn9oNf04LMmSI&46y#40$9r(nV3~1ZYY8RxKi4r=nB$
zhyCKvd|H^%>)UhR9WNRdk2Ri~j#=2-mF}0D4u*(r8Sz6_<hRVZuMf*No>9s}r&J(}
z|4}{s>7h^D(tuxpMnmO;BiD*zjBD=y$Y56RUu3XYqdj&~Vw5aA>e2`VZLpQmkZuMv
zz^Vs##ZW#AT6Z&fshfs}sRED$(D#>srZ1eg7_BR3@2y|(BnAKsD%n=|Rfy*6*Wo~*
zA$GSw{Jhzk6~Iu=ml;PS(9LHZ0T!|8xhKWOa@(+jw*!iyR<937uji|<R5tD#l!6gG
zaEbp3L4*qf7}qa5Ds~)4*@_3(5u}FKv3HSYAI1Z@_6|JntD_EjW9$Ar?*%}d>Y;g&
z8gZ@Qw%T)gQ~@^jsIFxsUMEtaBCKvtuAUU`Ml$8KHg@zq;td}#?AgaL&!g=+B#p74
ze%sRik0rP<?JOmu3B<9T>^vttKoPeI=h+DjD2Y|Nj4>{l)5PFX1ggGIa(bBkKUNJd
zR{tnOFhrs2xdkY-x~;9$4Ik<ccSN;#cAi=&moh5+FB8gwP0ty<ZnYLY)P3%%8reHX
z)D1Is>G_Ha+aewTuxCVzHvUX*-qE1VSS2Q$b{|mLyRrF%#>M^q6feg6hUzyi7arL?
zkU%Snsk<G-?z5FOECB?{pI`!UXG7Mjc$-GgxgxosZR>c}xXq>_45ij|)FR{b4YtnC
zZB}W^ZV>@Wb`_LrQWSKJ$m3R_9>;mKy$5=J0NERA#rijF0av??E`c-LoD*U<oKAR{
zW}nm4@S~mW655UeC_HolLganH_w2tS9LR@cMeV`<wS^80QLU_k0eHW?sf!0bie6vd
zG`Yv!^qas)W#pc05!p3LIe?h&w+u0~A5nS7Z#;Y8j|fDBadpiiYkn|VUu;pHeO#?_
z`?z?S--)(DF!Sr2Cw>|)5AtdMm(weH`NC1Ar)6+SR4^5EH2R(|n`{>;iH%W!4>%rA
zL={#($FJcAdnZ<R?BQpp-HT&?m7YMydUG0$T4}j&a#9(Bg+lidZWDG%^Mo)>zc1oh
zyFwWOGqB{HcyD~!e=ka8=a0Tb10h&kn*6QT?#qZaXv@JQ%q>PDF3MU;{(n74RJj@4
zqc$iO**;GD0`b&ag$?6w{VOlEh^9JU?;^^Ywrg7#@dUHoqZjA;D8{y2aM7`jTT^sR
z2tYXlR_ElkV2`lyn_$F9rY|_>s8xs&C=61=L~Kl`BHMG>dE4IC8;&!l>fpU0U$?A{
z5~0BdQt^4B4ny%dw-QB(v=d=Ds9%i1T}>b=%v+p~!d|a@vO{W>(a@ztJ#=aCvusT+
z#MS`|s(NjGMe1^HwZ7GdKl;ieu<1(LWl*|lzVL3egoKaUQCJecyb@4M^h+b=udc>D
zp23$!nxW_~z#I>#ufylwapN}MKHp?Fl07WD`)Eu0>>)}30Gu{MYBK}eT-#VCWmwEH
z5IjKFhzNdhs4s-!)cvKYigb9oLc=3Gh8nbLusTPtT%2OVk1<m{D?+sQ(<<`53Zxfx
zSBD}m>IzT>VdND>Y3!R9TkK0f#QYCcf!Cf8qSteLB!1-?o5x9XnC6;O5B%7eoDK}e
zgoup;*o=Q-p12uc@N?RO<KMSk9m$NkZQou0VaV?9R$F^M55YI_d;g;le-+P{g&(Pr
zy|jC3b>OpPP4Qt*{oxPy)mZeR8U5@z8F-Af!)9Gt%LP{Ekcl7$A`|o$fmX0bQ_?vn
zhCVmB6arp3d6||EpW=RddSj2SqTU*Q5&QWbKG7SvXX%`_O}G2n*p#^g5^O{6%QvL<
zw95!)m-{|5ZS}MWm+&dgr$z=V08MgV1R@UW4F!N~DCY4;#S7N(sH6&1N`*OmV_*&c
zX{KSBFuwiYum(!|Hh4~7oya(3H=pD01juryk#mG(ks()C#`+ZYEZm1OL?1pzfvPQt
zb9lo#uzf2Sfvj;qWKwEkV`liU<hxrbNOuDzzO5znQ<8@nj(otKUp(5~?m8-HS#<l<
zu-iX=FoWuCp;{(Bf-W5dPUi+!FS5^Rj~)#l@*Q=&3<Akk+xAU9C+=aI=e@aUtNB83
zoBU^%YAsNq^GlBgMPa8_K4gmw_P>DVY-<Y(I450A+$z`-qQ{y97+<`1=pO>tU9t^O
zL{nPQ=0}g(9oR%P6`6sf2lL7l)h7sd^}Xk3fn^K9^%B7K_FsBTx&$Mx)c;<G8ekzn
z^oXCTr<XZk@~D$}5<nU{qNsL?iH0Jk7vtOC8wv)`Q*iq~r=?mveox~341MpJ=(DwJ
z_<uL=3Y~|KlV8{&k7YpF70lRFH>3^j-_@LAZPqFMZtK6UJ1ET!IF-0CIIHcqTrT;f
z{_x5#xf}&SSa&_XzbOo1idyZcz6k<Sr~~LDBUfucBHN&OS%gjPY%*hmb(Ij?w5fwl
z__;M`C_ZnoFocpkIM)m*R*9wRSv{GOM5Y<Q4C-%VTF)T2l6*8!xil$R?NdYV$rn+o
z+x*u7#HN(M|7HYGLtFTTYn2Z85s1spkLdHtF`*Hkk5|{OXtPkF*AMA8-8`7J5F2CD
zpi3cOd_7%H9_*V3roZGe1v(Dz7LGQKUzH{Oy`AY#4W-t4;(<$(cCT-vUT8zW>|l-#
z<KJe7CX_Xd+<s0LhA>WAXtpxM(+==y(<jBbh_2n$&Z0n<Fdqo*tZ5&798{$hN(H_H
z5l8{a8Ek7X3N8s4Q#NG1|4!E#Lc_L1R|G;lP?VnwdxUGh5le$XBmcj?V-jpSzmW@|
zN78Hi5mU$waIVewd4YdT)*Z~K{H{x4wR2k&NI&CjV(<{qD6vgJNL^NbY+ZkJ>C)I$
zRA6UIn{cXp$Rlvwy-b{SLwGD1#HG$7-H|3Pa0f3vmxt*6rY|>+OUgz(KB2mM8O)%A
z|A6!pn<Ri~0#34PuMD35>IeodRP1stNy#V#ORr9)gGV?2Gbq7_UY{Uhih_r;m5*RP
zpg~3ubO6#HX5$|D{E2lCM{mya_%FO`h9Pxd%GR(Trgb^zk)~2vkVN`E75z9>G5Hxn
z06H3_Y-Qh93b8f7&#!lzjJ#&}Ng??pYosk}<6(f&J_S^N@?A96Wh=0JE#f|x{p=oQ
z-4Ga9{znz-gzUi72C(2ryl2smU-9?f--+VWO<KN<Z+?X#bVS<sD{qgip;6FXC-j`A
zFbA_B9=C2Sa_p5ZF$lzg$Y$XxTWVx@0_<AsmAJgN&sRp)cjb$?bmrg{eskQ7ml|l$
zPaaLb{zaa!j<OBerVA<d^Cy(Q8!PKHBX#HC3$WDJ#RTvbh1HX3x6c2B8E%8pF}~H-
zu)+}97}ZDl^nQbeG8NwfamE@MEAIonF#g&1ZZU!!W)G#FcY?ySUoCQ53$fKv=7NLC
z92A!yH<Aq)I7!MAJuqxZCflBhcv;|BHEVnRQdih*K3;$I#w)P@S^(cmIER1OB=zO6
zB@I^gD&zLC4ueR?o3_4NP-NEmoC7jZ6usU<;pqmd-!)DxFkp#RcX5F|jB4`K=h3BH
z@3JI0d2_vs)KdM#2cRbyShzQE+MoPVh%oA^HR$&s7rKnW$;WLA7d%341dhzc$gH{)
z{oBk4*fcXZ${<{uvXQ~!bCw{52@F#FITR%36p;m{(k7m$x#9R<esk#kVszRnOLeSM
zm=@+o9sy(O=m!1l(!LeGGP=C9_>&}L_oRF9edjZ4H$8%pC>n*g?~|I7^d4U=O-gU2
zF&3b;6tJ)=3c$Qxl=y-FpqP^;Gpscq``+EG(YwTWxN@8AsxS2p+~Mh`Q{;H<BAqu*
zs|r?+pTC(XaqLRzY#$eORPFEMH(c>*Zf;%G2Rq7HKojT_a#IWM0x^|PPeRWt%1){E
zL*&F1PuwOb%<#wDx0{T)G@foLeLkt*6tZ<*$Lc<Wl2y+?RL?IEVH()j)IJ!B`6jQI
zdLq#Yx4C7i6`iK73?*c>LW|brWR$`3_J%DO(@n#?EkSp^zteI)i26QUE$8IL$*Xtq
z!Hn<AiHiHz4n{fmM|q41iMe;`(wC4OpZ6Zd<)(?mzh0%|FvQ2HUz|4^P}sO36+Qki
zN+v@wgnNT{yyf-BK#cSek&|iaq@TgEaV78NTnxp#%#ABLIB{_#<d$C)FENst^@$uZ
zk<-SuCe>iGSl!e-$A<WeaFY0(#iK<k49E0Ox5nPW<<Hs#tYLCglG=!HbZZzV;m74~
zRxp~lSTt}O9K#dc;}^RQUcv_xwfNu%vv^&_Lrp2^*32z_qpJ93c*_2K1hSAgcH)MN
zLn4)fi8=zWcxTs6|8<0Wh<`<g(4$K@65Ec;wZ~$bx>;Yf9%V^nHzjmpY`hJZM0>vD
z^+4B=s&d?`OYA|*{Ve|0mO;F2oChs>b(9o-=rW4aNxSA*S??2$+*lwSDOo5S9Y?}m
zSq{Qtk-p3Nk$-U2APgh@kr~tD7c`}*rzUwJB6s^_={|6`ATXHjCSkEa@((@;Qa?Il
z-9VG-vcjvl^hPlx;!w5xKVQpumG=tg%>-9h)%;Ka5lahjRLJ-@xt}~AIar`;CJ_fy
zH&Z<0!ttW`m4Y#t48e`qGr>3r<!~ep+sBk2SaibK6J#L|8Eh%=T?S0DbNBh!Wog3D
zzr3S*4zXP7M_?FS>zRLM_zZ#P>Yj1$>_uiq|8il!Xm}N3j-CYZGuGYDroB@rEleOe
zMJ@V+4!7&w`&VGHvFtx;g@g||$Vq98Q}J;m8ZVO|W+l+Tb7n~pL}hzt{Ya-UjOm3V
zJAAuItb{CS7x8`KZuAGt_UWZ$=p+aXLz?H%^(&Z_l4tfE5mld+IUf}WU%4ejyZqx=
z(~TvtDv%i_do9MQ+Of-uAyhuD<XigJ?w>r_sC&Ng>?h%TP^<lh7AJ#1>m6zmMBo(`
zsKpN>U6_Lv62fwmWc^sQUTGVKIn7Zf2260z{8sT$iw=`H3*o>^BMG$UOb@|VVExNu
zizSzHtLE^4$yZgD$64usTe{y5uWhOFyhdr}pzc$Qw`;FR+o7wdA`7X`D|~zFtDGd~
zoAnaw-?xp|Eeh6qduqLdl>*_Cik<#qpgh^kr#m+h{e|?bg!MJB)Hsa-OfXF}n|Ew>
ziDV1p1%b*?y)UIvMT9U3B7R5CApGc@N}=nUJcyv2S7GBVWI-5A_g`gM-yzh6DXhFC
z`}bAj#4ZBlRGV1Wq{01GJCXn|+lamUf81|36F0B+$l`?<&!e*#W^pe1AMTh(x|MCZ
zt+7y6yv%!jXK4pTw#^M`6>#5rl8&ks^4CC=h8KU0=ds%`=Op~Mt+C(O1<I+;S#?g3
z;MJ@7*Z^D8T{=ko!t)dD_m%d-z5Rxeb|Ynuhy9x<m#w>GcK;O?@qnsG)G8O`)~rWJ
z`lVq5gxI;;eSWj<IV3POA9T-g!=4lC&#PX6`W;I$UJOvJ&1xDQyNZa@X`_1sQ;&Fk
zmoKeMB4vqcM#a1=L=tE&fwpz6yam%Sk)(Q-#E}-VJCj3my&{A5Tvbnm+%v?nAd^l&
zgp0_%5>2N)bdDzr<y{ML@vO+Ve9W&MyNyqJsCJ)%PYQkxkzoV>P7j3e<*SGQ!W3j9
zuO&d^v`#nxEn6s4OmZUrjOsLrBth!9^Jqs(k~^gNgG>eKmveL)%jHE-E8YIIZZ5Q4
zc4p$715KgpB|Y#zTCKy14h|G99!pnsL^*E$Uze|@V<b$-3a;s%QN@wS?vePwa?48W
zutS~F(LXCzSXnz9h9mJe)&-~ddv)SDE$}eAnQjxfl95qdy)8mpLbOHch`P(zpkXEE
zGUaOcytzZ^+Py`KiU`!Tant5?D!*4?->^1|bieT{o=HNLffF20zPfJT`-qY5>cj^e
zO-je5{r|f3Iq`70{G~@<eP@OtXhUez@$YLU_%`J`Yy{1Ru$gv9KQm<TQjoZZ3M=7-
zGF=YYhYRDRuXz5w+^$oVs9aT<V=BiA@wSB+BX$MBZ5Qu;Oyl7GW3`DTzkD5E2>7_*
z^5iNmp7Y2OMVD?D%Dpu}#BFUvKLt&{G)7=-MCZK?5)`;M3YouV1(4b$_QG7!xHAqw
z8<ix0F#zKMBxrWu$z8#<E-Kyg2hi-YR&BtGx1VW#tQhk=7a+m5kmqND$zFaBjE=s8
zhgWnIEb6*#VDZXvoy-AuCpIZHVu}#Uk<#fegID<Fw_j^toZ$Y7rO+h~=l{H){UZc}
zX~D3#dt!c^`4yW(6n~k&jq%3WJEiY9iQ)SXrGG`XE70N*1BmoFyY@j<JPFZmbP#Pi
z3X$=7;(tb)K>fAbp;b<NgTj+F7~p0d8)!ECqcND?RXZ?UeePPuLdycB#jG`Yr3|(@
zP%4v=Ajn9+j)Nu0_!=q`YZ++|pTp#`e4YJl;nV(to%GIKwC8*vkqe`ufE8nUq#r54
z`f-NBJ_p!jQUpW*!C@%VFE%OO!9)A+EWm&4Q;*&J?44ma(te|{A)Yin%ug}9$)#I%
z;|1z#-MR5~lM1X{brri7Kt~U!+w^E9FUmXEagooVEGjndwg+7`am!bRsp687FcRZz
z>_nD>RgBp)9fvoI+&c)@#(b$r*}ElPAL!a$G%h#@GarM?{<DnZXobqzQb_FX?W)VP
zPb^^N-?|Av)S@?B6oZ+RKe7VH3HInGCfkkThJl-NpKkW;Iy_H)6@n=vSsrowufTml
zYpR?cw>g|%jryvyJ2%QB*u%{O!9w=V>(q2qgxuhsXD}8>Cezd!tG92nIkyClHYqGF
zZTJKi;;_dJ|J9fkm<A3mSRjy^6fe{){s6O=Cx3$3WrWO`*v5;Dw@>HZIQA?%mD8lQ
z>JI$n-ioc0GZP94AQ!%4*3dvWE)?!B7FB5!&E@8(9O#PT#l(jiZHjrd5#b>x{l9Wi
z&K#cmHrx^)`QSC&a&yFfh};I}N{hHBCl8fqSEW%*T6XWMp1I1=>X~`x_!;~Ae7#_2
zcEWnDTQ92YZhiraawj?dJ~Ex}W{9Jb$?bNrR`8t1hHs--=h%ecFay1Ed*(|y!#4g2
zUkF}a*M2wss-5T;hA>ZoD2tl|5T4}rY|0U*zUFQsz;8{j2CYAD+28<8Iqo%P6_?^T
zrqum!$61%4dbp`^dB@*NLFS8t^Mm}9F%3|twl`J^6`}9a*0T}(>emTqgql4PrA`h-
zte#+Yd{W!;55lyl)ufH&AIR6h&WXOr@l|?r!t2K$e9iYd&w<z+MK{bCzo724^y1cH
zC~e_ID^?`Grsk8k&)!frP)U_^!yEiwQ&z~AnVQVo-Yo1|U;<EC_H-><|0n!j82_`S
z!lD>&tm$LCM6%m>Cciu1mQ|-NfQ@IT4BkAjB{G^z0KfAVeY94L6@SGLzaMz@x)~Sa
z3zGLE*3qe7ywXOzYuj|7bomQBxUW#UxoVjBV;FqxrI>&Dy4iyRI-Dv;1l&#Bp4#8l
zv^Nvd^PamkV7tdz-Jf|S2y+$_4{wj^29!;@*&st3fJEz_S&x~N$-B+lxZ7aS5Q0{C
zoM;{H-Hpu+7a~DSF83bg=H2=<oEugVO*@@|6A~kcMXMV#-QwZAeYc~#0<YHeol8w6
zmDrRY22+sbPUZ{YL(TVoB*qWb)dkhhD_~L~Q7x`hM9ugi?&OLWFpxQn|HFizYeNh*
zv?vJQk!Men|1TA7HVL`D&;J`0t<S|YxF?P4`cYY>gtMI%P=+$&FXKV<C{D)8am&xO
zY=0cEMr!a2*sBK%JP_lAi{pUp&3dY)*lDh#-4Q*$*6AhBz9lg{7wfy{!39RhC_E3?
z$o#qMewyb|?fGzb0DmysW?c>?f{Sn+%NRdS{rYwF?2kE#4UK&yr)b@cGPLMr%~e!o
zM?y~YAN*H_^$Q0(w2+hVnDv%i?wq3C6fUfXG!cxg(e)PQX|>~qbDX)c7fqX|NXaSw
zrtSWLu%pHBvfe|Hlho$t=A_$ABgC4YO}VQ3-|m?(B-=gIE4n;^^{MAH@ydwZ3ZK_!
zeyTbro==Z+!e8o_we@+6f@E0EY8?kayRBkzHb&L>p`qcGjY&MP<xUqo4O^q#QsEaY
zuE3m*rZokDG~)Dqwc-!9P5#dBS4PnJ1j?^iZ_?#>JYU|5g$_j@wKyjJ?OQEE<0>EG
z7Kxg6f`NO<ws%|~R<lwfK}-=a;<r-ikV<ZCsxh8_tKH`bvHR&WVjQEEeIb8jKQ8;Y
zK#P>rH?6?eyVL*Ghet@(y$h32J%})6hl|SCPQLtf;N*>BWeD4*kkmvXZTeyl?C7%s
z7hh|k!7#;<nK7S19~B5k%0Y|AG9jClnO{#g->NQr8<}?@6Cb7WG8m*og>l6GO5=N5
z-T`Z6MrVB+C^3l%^{2LrY>z+bP^Wz<Y1Nq8N0<z9E@iC{Z0?!4W#7+e(O6f`dq&`N
zk|88+F-Q{0pX)4+u=QmKl}q3PSNU#GWq||YcX(b8;59Ha@M29(43C2qY%WV$d|G}&
z?XvTryYMLRJcX8IiQl8yu4Um7NW5zm&NIOLvcnVqsV@e;{$5{{kRxEpR2w%k-kQFc
z;=gB-bycYDGS?faiU?6u8VS{q<k;L;tzd#3S>ZYbl_wFm-G>fd^WmPeM>h}|2hXAB
zyj{OtMR1~mtS!PbodMCz*Q)&PiJAbinA=BJfVL}EC<<fRV9b8$_B6Iv->4k&#Pd7+
z{-%C#diRncaQY%!-s-&-uI}8a=BdR@VAm5h&q;F?v$2|+D>dT~h<GYKb9^deO>Zw=
z;E2NHp4hyan$y`IN%zqT70(mx_BPajrT22Ehi`9&XgBH(cvrwYfJ*=)gP#{}+1{cu
z9$A?QZ1F4wIBG(qe&qgM`mJG{P>;7A{K(84PdR*<#rcQ$($0>^p@El*QRH!{tFKpY
zC3EHeW5bb9`w=kFl$&ckUG5koX{vJX-eY{llpVwvwf;QSrLw^0Q#<?JM)Q~w=>j<3
zFGQ%F8(Oa+0>!NT+2ohS{}x)8WW!&)Q~aF>CB1{L_mCSk?Dvn~_rIj&F^7-q9CS(P
zTjO=o=dJ)%<=SRG;T3aEt6v9nNI_HaNyRs~6l`QR$HnZ}+4J*RrP%E~Fh>@#I6dQd
z%+Shu`;z?O?YC1$DsG4UF#vP83WS2mD9l(O4Z1UsS?H>raXbs&U>f7oD$)yr@VU5i
zd7oBX8}d0nFEcydPn0fD(5|8bZ>*w3z`z6L7KUl46NKFBs2>~4EMXdy`Eh#xDDs3E
zL>ewn(vSRHM{A|>p%WsxIaE*|xz7chmY>R)s>*=kM2U_7<h1EmJ9UGxs+vsE6L`Q!
z`754Q=r4>1Y~SDDXXD{vP#+Rhww=J)A9_P2Xha7n)oq_$`e$8wA4c2*gYO&l?F9*6
zt(ZMj(=PP-LIXX|ec+eZWOP=7q#Cjs4>R$#0%yoP_+RD2R0h%6TTlY3!l2@sstt9C
zvV&T8hJlzx{!J(5ujMVDJZy>BH>T>|<!drmZ6Qbzi_IYsW$uO8fLOm2&!Rplw5{c*
zls}uwQWnxOATK98<)&P?`=tmMTkeCCCUS@VVQ!F;OkXr9@3xFmmAMg0fBzx_00hvF
zK3OPQi;pytKa)H#c<S(3$$RCr*exwlODFYxK~AJMQXg0kfIiB#Coh(~Gk09YFY0BX
z18T8{`aj8h&ix>#frxK0dD@L9w6vL>&f^H4^V8WpqDjwLXF&b=Kc1E11)2Xm4aplf
zeh9YW1OF^E=yj-p9zJ|1Sw*PJ?>ed4(j`@6%&X{`f(bocoHszukhXVpw1IQVMrtkL
zh_|LKifJ|Y!?u&xdVjNEHq^;=9U-ThS=V2>_|i9VuBqrBB6=ew<5=QXQRo>vRI;;c
z;Jc6E>c{j%vM)|q`9o9XqnU9`22hgsy;^gnJ9NC^?rQqZA7i?|A};Tm>#>F^Ot{^J
zj#DikKXHjEbNJ0w8w7u_K4mvQ2?7A>9#tRXX4w(G0{r-rxAZwaqjh8~^f)aRcyjm6
z_hhHF1s;ciLGM@rm240?KS^I^XQWObN;40kyncN;Ba9;!T06yn9UZpZ1U5eQ(>-x0
z3j~?cjqu>e)37Jr{)0*t#rS5(N{27iO}e_yS2j1$_<s0^RtI<A4DSv-zVxO#KZ&W*
zwvM1Lomz9y`I6uP9W0F)FY?=_;uE}rncZplvmeHoaZ^d}wrIqOG9C?4a)}B#5O<vy
z7v6ijGTt6^>B!mrBc{gqXKvIRdLIcTtT@8zc-r#C=L$dfLu-!|Bm>v6E{YX1p3?2i
zjK^(Dh4H_is-FSm+s}Ed%dEc^Z`64S3t)Wtn}f$o*Adi?K5cL$eZcwn!jbnNMPLx6
zbxo=Ls!h3PYJZ*WVrqc!f?n|f+b^X=3L2jvGdU<8V)K0yA3!z)dwz1N#=Ez8sk?f-
zeyb!(ND(1d3mg-%uRgO$=W@WqyPTLDAc7rGAzyt1ubvL%fb7Mz!tgH>v^e$bacW83
z_b(D2LpFyZVIWD(?H=UKEP3JrkT2S;rXAfs0(8`B_qNJINZf0P!5IJbcr*nmYEiv}
zy!Zer2rOt=?TY*5rFI?J94UeI={$S2)!S<D6+YHL)ih6zH<L;hZavAa3^MnU$WsUa
zz6l8;^%}9;;vCV|MmFP&K@V$6WJQ!-6IK(TLLvS<a|OHE`}>a3)gSe@&B{Ee!JmAX
zT2ceF$YYJOb%z9TxL&qgu$xJ}_dt~8`v_K40CVH}T$zYqTaXPZ)hyF@kZNeg_)~(G
zeu2vtW^{B#Z{<}y1wQD>BP&9}((<L>d>V`xJ+11MHW6yg8}MC>+V;KkNcD^7oLHpI
zkB<Wmt7q-^4I&$y+jB{3;P$QRBj8}x0`2paFX5$mdD~YB56TvJR#OwKr=nWlr`E-9
zIF`7iGl{%$jA_MYZ3Xj{n3-*g4U~DJji4^kcRis%(hI-sp(f+EU-8P-EFo9nw-=sS
z3Hx|6LY<aJKQDOG9e#d#z$gw|jALNE{mey?=SGR6@`wKAU5;Rr7_RQlZ^3M85xLlH
z*VY$5jyrw3$?*AI1|;zAZ*d&Ae!TilTrSYZtM4eh)?#tQ3-1{3V?dsqQvvR8B}Oz2
z)M=j9AnFB`-ovb&|CBsV4X;l3Kguq|$T2_4LH(^x+^73;PlCUq<a+f~ePu}D6NUNc
zEIeH(=;W1@`!-1<9X}T=>185;sBc)6@a0>+AtzGc;MK*_;Hu_Kas=7Cn?E*%UpR1f
z6(j+@`_)*AIuf|m31Cda_UJ1$ef6?@x6Jl9=>+ro>arCBPN=Lz8GswPnO)s7s;M;V
zDZf(P_jWon>h4r;(^hNM=F-$A4P#_&W(YNXiAB^((oUO^8~iBJ)kDCi__e`a>QDXB
zAjjq?Y&5&;lgCQ|G8oe#%I7C|z*&yAB7QE3J}dWwu0Q!wZZ$;+NW<3QyPIw`%VQ_T
z!=Mavq!(J6f_qOmfI@4f!xMj*s2h9u(=fW<59{YEABXerU`!{yd}HT5E~mp-MxxiW
zXy}#01AN=LETczQ*eG{U=!4ojnsMLM%tT}P+u#g3{D|8JH%Sm6!!im?EO}m>+85WZ
zslbG@r5H6Ie*#?gr+1#}Lr8kWrapSo*xq($l%&S@$(U_Kp!Mt2(BiR6z=!kCE9t)L
zTl-VyJeKJRgjdMdX1_Z;RbSfa%6@mD(+acg5~E>^r!mIG#eE(Z7qJy8J6=PHJ7IiL
zo)8D{BxEXK^#qwJYz>>8B`q>Ogrzv0PH{#$zjkeySRJ1uREb<m(E(3LW4a~wC{2d{
zx~Go2+!HK;YfrMWEYenYAKTnsxMoh>f{}i05Y@4{P=?;WPgqCVaxUuUKNysZQyq9|
zB33IiPY=B6=bJb?Ab+MBx<>ANfV@;I{_Zivb*;_$cyp>AXQK5CtjH{|^7@XveE$T_
z$!mBV;M*i_b1VD7KsWw3^I;q`zMC+&Bz5Gq)YWVDKu}Ol3!CTJ0YylB*G5nH?n5jR
zL=1ZgU(D+>E^7eoMrCR2LsfLm;5_V_OI(&Za{(xjLh9}NnSPs#StbJ>c9SF;L*LKU
z<8$uf!Yh)n37^!FjdlP2Fjq#;Nzb!8GkX%Z#Zlgq(pWI(G%L1&W(VvarKgl!MDQ{}
zzrH)o717#2oJS*c|L}bpZ4Em}Ah|R(Q7S}F$E9FLlkx=HyQcJ!lcLjerEZ(=f?F^Q
ziqBoDA03kKAwLj|RuADb3YzIWls%5p3jRTVVj#E5U`JzR%K{BMGX|rdTNQm7=D<H*
zlOHKV5)zlv+I^^_m;SPJsY+1He!amZ<B+YO1?@E>vA~QH%R`N(+H=<}+7dFZTI$F&
zI1;zcdq2R(v-|l2OXcs4Bx0{`@v5gqWKuK%xl41(xLhyzqIZEE|00WCTA-{U<HF_S
zP>;F<|6sjNswYq_sXv1#*!zNf2z-&Jr|ZChXO(?Lt=2@)CYu(GC3EtrCW=X;@slj}
zyzi1;G~4R$w`~2?H&z=?3%9;oS+$9Ac6O{m1+dm?<rwe9Gpi<$^|tiRrQNbOxHN~{
z4VGD^bLlx`<rc<E65w)?{5<RvJ=?D*!J(^7L~z0&pv0Vf@bMRvs$iTF-WZM1MKWMP
z<2X1ifgg93m6b0|?fN8@Jtc5(+`UYjh`@QY$h_?15ElJF8$lA>Ly<l!0s3wMDcT4I
z{DTmX@e=B^UzI}p(S*U^MQ8^hD*gT5ZR?bVEOs3XTwB7b_%4eP!g$)-yMx%6iFOG!
zI`bqRK&o=d4}995KiB2IP?1C1+Qu+pb)@tp>sK<zoX*3^0i@*KstvG`<bKAjPqhYq
ztZz={PRbKv$YqEyr}s*0lnb6Huyl>!MoIOS99n363|?OMASXqzhjd~X<I7+@Y$@(S
zZ=eb|3_U(^NF&}=$+jR6$k!!8r6U>&H3O|<%o@n*#};?><2*K+!A}vX-;*;z#*!>a
zq<Q<^M9s<agnC6i&re7{HwG-1v^GL|)Eazpl*M36)xKU!+4m>)Z&gj4JWh>kl8hs%
zzgD-g0$;sdyU%Z-rQTAnH2QXTEDg}F7Wz}Ex#`ezxMHub(%A6pnGT^z-@?9aY>*N8
zYt=Lca@5gpUH>#a_KbULQa(!g7|GeNko^kfAAKKK&6G0*lZQMp;a+A@8Wz=|hbuyo
z?OAWtB1>w|7$W(dd`?Nd#&R*KjFa{k4mJDCA)2AwfJDoI*3h5&i5}$X2k?bd71K{Z
zpaah`&eRRbH$$ok0rrCc{xItEgB%nIBO6C$MvJkz4;mV$hK*-GV<rh(i}UCZLJ%1l
znbF+PM3S(xc<b2rCY<3HW&FR&cw`9ee0NZY72WE|eu%aO5*(JWEl{YLMbl0qUP%5%
zXPKcGnW<SGyiV4Y=XfaTk}mn1?oS|Ha=fXNJWri~y@FVvh&UBxdv&DB(N8V3o=?4F
zR8ybuTFX}a#TmW)0HZ(|T!*Fxg9cj$BU;;!XhmqqcJ4=(B0Bz2Id=-y_nv}ho*Yp3
zMRAX8>bjZ&ARo2N6lA1`0JwDw%6M7SV|JdiX&{4)Q|j(5OiZ2A*$%pE)vbI#UlcKj
zq{gWSmXjWd-$!Makwtw!z#c#CO);|h^9Qfasf(*aKF2>#Ltm@!;Wu5&^8|}~v}|!5
z`Rp>4@fK~(-p99Au2XN<O=1X>-uqfVjfnnm;*SX^(J)@UxwYqVP{zKcLhr%;GY?oh
zRnyGH{hW)d>w=Boo&d3dfy`4W2spW*S>%YhHpAy8IZbsR*lw-*%ut|OVeT1PtM_))
zMb)YI09L`U4-QSp;uPBBx#>&aJ3-JtoEdLQ;B|=MzjEc!z{DE;>oSXa!2|{%y7%t4
zOpi^X^En=%VRmPQe%@<S5;ieijQ1!``=wXxfLqT>sRT6rqQip)z)r!DZa`ED?X!3)
zEWeBRO+}J~p8Z@j<jlL^8rG>~#DPW@NWbeYq1N#g2<OZCFm>1q=(^&4&GW@qG-1Yv
zXsP8B*`{(B(II-CKW}0%wsK#=V1H{PrlHFqF2B{A5?K><^Q+-_0l5<Fs5N50cjh}$
z5BRs`97n`IU&1>h;-yzKXam;KK&9>CXhV!^;FBsrB!8#x)_83Q8lTJPGXdKX46wpP
zz=A$!A8y^QJ{I?9&jTe7C=fD+0un&y`(aZrtiR{;WDY8vNKCDyK+bqvQrNubQWLqd
zz074xg(EQ-GIUaGZe7<Bq4sGRIcB|N1++vFuMK0&>B^0!z0HYU&+Ami<wEZC12xj1
zp&otu7B6|g++c4s7WN2m?Bxu{J+!TFBUAeeO|N~Ul=OUbc_G^2Po{gvhk6!)z1*VY
zZ;*HtM?cq<3g3@)pH!<?F;ohj)15Nh(dcz<zkY7Yybi|q3%I`VK=gDO6N?RH0bHh_
zlkhgv*wDl}fcn6(H&X-dw9-fGx*7b|JH#fbZp#(3`<~A){YfwYmNHwx2<j8kjNy*!
z(E1%Bu&Tt*$yl4TlCgj7l^IZ=ZQbj%-gr?zZnVgIMTDJnbj=GqxgfD>0JLOPZg@7K
zySX}cgRT$%kD%l6cYXb{Zy2H)T;>c7&2d_(u3zWwb?vkRv=MN{hF9}^UP80%)dq$z
z@T(m41|WT=9eIggyM8&X%r;No??Afb{fPZRd~Nk%Xqs}S`gbFdH%>&r4>G*F!T!F_
z%|J?No%JnUhP(1Dk$?{eLM!c|W$PnIyb|++;oCJqBZaaw`#}jKb2>U=!zw@!>H;(@
zhpw?fi@tf1ppqcAse;|&&M|5c3W&g|=bnllC|k@F8JHsMb$JbPNuMHmWNleZ!%awA
z&<n5bb760yg6%LK0pmb63!0rqn*GV)#e`|K9+XObKnrB8epkt&Rd68~qo5lBV3ksJ
zF{9~fbFPu!81tRt0o35tPd~7XRKG-nTQ38oWtD(ozDg7Jdm}c0h1w2#Q@@$IXy$OS
z_CS4a;2m$mau~;KOvn+*TB6EHM&fZ4AX<Tp4d3JP*hu@UO>&C9D)<4cH2NZGK5lB*
z85qvMzXAq1z+}T+Mc7e)7(GxLk6OpMOP~~2MSsxp7rQDOTp~d9>oA9e8!YM3^B8Ik
zB|A!tpGmjMyumPs9hY>6?g}bKskMD^Myu&2Cng?Ufthtqq&(hGT{eGJQDG+9HtM{Z
z?wlCy(JSOKV+FW6pGT?~mGK9?9JX9hUzFYi%-H$eSNy<jXlevt-|(clKT%#X5Y#IP
zR+^+p2^p>NlYM{uynC!IZLfseQU<5AUL1KVB|7jCiCR*7j-?x*EI`SXPRmn?r~5Zd
zU{s>kH$m>|`D9sCtimn&w(>qX%a|<?e};W@fhz_34Bh3eXCO!D3msnuEAf5F4Fq*2
zc-P+Phg$-K(I2$GU<K3OY2q<FQ6DJK>i}VC)vMwHqcSPO;Z@5Cb1A3`IXxJQTshj(
z3PO<r7SO@f$ipIepR>O}>lxi+D|(^~1>XsQ284y*Dh{qtS?))v9D}W3C}v0qcT>z5
z>-lj~d~3o-y5Jf2JTZbWy4|U^y&{_n9#3Wb*4U`XVbCL2w+?eO5}!_FB~T2xrm=({
zAMh)<;?#Fm>j1irb=#J=<gAL0G5UX#63Y);LVm^9KuScm(WYG@`cJx;qbdl2o;X_`
zAqM)htaBuuuN`d<on)bl7%$x`T^7a_^6#=+-glRQ8rf%#5moKCe|~FP^kuad6I67c
z*C(kX`5zt|69c1DJryO4<Ok}!Y>_d26=k|UwF^*p-Lmeb_iEdM?3NJX(gd1BiTaj-
z8hW;8Bb5T~NL>MsRR!P&26fv+K(b$}do$wRMSzls>%T{g7bIT8lK_zGQ9DLAs8?9e
zsO#GZ3ixS|twu&1G4yg(b$MUmW2XO2=7A<Es30EL+R!TtVMTM11nx3eF<K-sihq{A
zg(rXShjnv11-(ksTU^4!GO4TyX^;`M)~FG3mr$1|6(7O+49JuOjR3l-uU2S~ARLu7
zy(Z?RfU|_O6;^<Z?y$NMS~`YN*DJs6GLg7F_?l5-Zd&sh>_{GucHrX^bavn5FpyXa
zE60?<&14>GHb0z*l>V~vcHeSy_UDnB@M(u6&?fMv>X4WMg!i=zYW3@gZ6c9#phf%b
ztS+O2KjwkYyVfM_yZ4PPW!uHhb~k<Q-M`<V>)i6|#DESO-&HYcfWQ3NhwWFPGOQC+
zRy|Hmd}zuk{ww}6ef~=glmbIn{03bpIj=~|y!|UzvqQG$_yS7fQ+-8lM{*qWUK9qV
zSbXpOeD6pp*Zs`~uJl1H#SZjoK|5(=ZyB?d>Lii|3&b9lB9F)9s78&aL7SF_*JQ03
zCQA6H6dm$N3^=idGu93rw`~F_`cQEo97l)MN~LFeB6y-e6~qAF51CkbcQWXw?=uE+
z>zVKdW%cehwn5~~ro3s-r+$qkxS_zIr5Z8D^u$-o-V&`{BW>pct0A;9_6r=aK<X~X
z%YM)}8u;IrPBc&})sPb{E_flyaH)Qs?ez@he`f)JQj<dH4R9pNzGY!xqn5OuDxh+h
zBTzvr#-%{0-*@VCpEd)aEMMy<$5_Z}&xId0@<Cnq+&9gK391S1?#GiT%P1k<H}F(p
zhK-cTLcxk!*}m4tLIGQ|0jBigorT?XlJOJL=bk=*m0jml8%p%u*;z&DhCsYLREF|z
zJ-KxZ@;&g4P@KF<3T@2e-j0IhZr*VhvC8V*j~62p37p1norO@21za~fxKpwz*?Dh)
zo3<v;HYTq|Is;WB%#H4c>(2GDj2&VvG8A|z8%1i>I&cF%jY*?`JL)?~4`{X7a0XXn
z6EpcA?O+|W9{3eB;2_kKAy0`Bo&h{SMlU+@FZn+l<W3q{gD$RewBfM=5!s4UdE)c0
zx*LB{Eyo8l)m1g@l4ymYl5YqpZ_JkCy?gQOM=kxyIy?t-6Pp??03Otf?66r3=UB3+
zPaYqk-|>=8H>6nO9QEIc8`59WKlORqEBC=?PR3Awx}r^7W+OsTzd=-t#uMGE_oyNK
zZY!1ag&?{w!&F2v?@+K~GXcPY=~t>}p7+1SVHlV@0wyhd>nVj!NSEM~!S_#Jte4I0
zEWIn|v#>8(7w%xj=^rc?w%`ZquT<y2_ZV*_AkC&Q+{OmTo{{M2km@^Ko<Nj;JZiM?
z;AUxqZ|4o5@f44^hK$)r9L4XOoLme{Ap`Q2K^ycDLq%Is{J>*Pt+8}uI<c_ZkuXr@
z`K+3S!A}g<Pq_cgmY~Z{<AVomd>_nZ5hD~ch5?%`+|P9z)8GAVN-B^7!DZv_K#3Or
zmM*3i6SAvJuGifH<nAY!aEKR|w@sZHUljv075AGLO&k&*ybC*t3@n`xT}|5_c3gr`
zNz!ho;KUT8bn^%Kpv4f!sGR-6Tcft5vP`q8)|kA!y@Gw}{SqIwsf`W>vx#@iC?U6s
zr_#6~pWEX{+1GUrfX!PyfyRd>O0tH2TXGSNRcStvpx<X0^;wA*8*bf?duppQ?eqPi
z7NpvFv%)VU#Z!DC)-$rgn;io<nec)KRz%_j3^0Ar9iBU7#4@ft*ZGqaCPHV2F1_J3
zUo^&nIVO7>0Fl7A|8b@NRXEYFV|tgkpr)Gw<0epxaK`9Uu-)2d|100dix_pF2gxZv
zLEGHeECTKKS-EFuuCE@ySgV|lrZ?5KXA{8(`R4j)2{{;<P|rgnQV_Nn<Q^@x13dzi
z7yduOzB;PPwR!uYqy&`iR6-i0QxGr#K}u3eMH-|_DQS?F1{Fj?q&p;~rMtVk;kzF^
z?|H%ByVm!|S<AgW$n3diuDRx#xu3n-eiJ}R`D_BAP%mlfiH?5~7{P95zgZX~0${`C
zIH*@yIT4dhCgR?~VO5YR=`M{0_7{?EMg-FibWQRWdP%}>sYv@}4_Z{h^Xe}V+mCVQ
z;^piCH~tXHBgG7%V#|QZ%*F|h`^3VGANw=gT5vm-Kp5}fGBTT=DB*xIY%|Qy><588
zx<G`sA+UGS*p@1qa^un_#&<+>xqgCGS~uNTcuTJG`!&vw#x0^%+S_pUg{;`JZ>*kD
zVxo(Ss|Po0-Uz>)T{cP#rp!VX5b#8Xt-z<TE8RSzcPk~<+V#%hor0qPS3sE@*!kSR
zUIln~XLXyEsd-?T4_M!*B9{F8E8K#1kq~SNtj{_=1{e*faJ5YjZdu>4;&uZ674VN1
zjp0c3koJJT`}MOlU~$Gp3?Kfb+`JhcDQip|^&I+#H$Xgg0KNs(R7==XGp(PWJme_X
zWcPn*>W;!IHo2-lWpZ1@yB$_m_7}Q#VZDIXm``*=6{O(vA=?zr-gNGI*G`nPV~)<3
zL#;)xjGPa`dPT;C`$y-uWZhRLIx6^VwkiESk(>>+-F8@{_s?JSkD2ll!|Qyia4oW>
z81*UP&H5-N8*Z4#f}mVJbYutLnd7BwB1khn_{OtMg5+Yi5(&jRuJVJKBC7j|0iGM3
zrY%qtu7B=nv@Xz<yeJ<?U{v`ZYxEyJ9F~GU+wFR3qd<1UU<LXRmMY;@%6sk26T_H<
zV4d#ThqxN}NJdcikibSy*(s?*5b-;Q?Aw5tQylHS1O87aFac##%W;l%JAs3AhphZr
zp45DBGOI+4%O(w=qd6`puzvmNap#fPVKNFB0%O+`8+B)S0vR*sbeg7|dRb5&g*k>D
zYzDd4V@*Vu_oZp!MYPqaQ&ph0ci-ce8HML)TJ|SA+hk(6O6f{<jtNBCZy6<8lpu$z
zF_?Z2!UN*51`-`uVPPA{8OI|pgm0Z`-%QyAqK5Qx-emjX!-BEEwb9pV%W9#O&zzA!
zIR%ZYRN<Ed0_KE~Bpg6~RZm;NknhN)<ALik&^i+hQVI=RT@quPgk9pTaMD<S2xxC_
zZ~kV>Ey%1hztp@lyQWDDtek^w{XZ+>mgrR*tBwF0&9N$P#z1*n!eB{9T3jLQ(F<nY
zOJwB}WF3S#!G^#n*Or-w3~EuowcxwbWw=wMHMOWNE3MXzDh0##1#@^+8hAf-@?B@i
zLm9e>&dqPT{FDw@AcU8()}^}SM7eI6^`&5HB)h|%V`&0m_<)%zI^Zv-n8My(k4HNy
z3#C_{sj{vBI*<(}2npOkE%|0vb|v3C^humXvRRT%x!|FRjB_4mRQa3CQ!6aea$gfI
zh9YgSSF!oov8x^A$iA{B2wDW7?iAl+DLle%+8ycyL;|GAsvjG_h&A?T_81xfpHX|A
z96g{FW7HGF?myo8iJY;<so`2FHDFTn)<qHICYU#Um*YVPO3XsDJ40qQGmq9?Q2)mT
z^$CqX;*X4}G_c96f8t3qP$Q5H${@U*|B0m^OEbPGwDv&&=N!96&ESsFasHCF#%}35
zGCp_wwDKPpJ3BT6{wjMRkOFghYfYe=jSB^kWFC}eH$`>1vExSoqp0uH9Ra0KqOd?N
zqDHV%u=foUwpmJyS+--42h(jeOR1pSv$OS<28ZF_-aO7063@Wad8dDM>RpO$c8!q8
zU|I_^5AKm!toPtg^oCUw;Vo6L2h#64g=nL_>+#}&e$HknXJJn35DH)c6VcDgh5?1(
zEumym#_8MFId<$p1*~(m&ks4VjAU~la{hRi;gG<!@^&Fuo=Z`;kyx+oakxXoo&U0K
zY%=f!qz4?YLcMiQ{C3{0Rh;nNl^gk_Ekev|AY$k`kUC!+#%i2s!8pj4H;73HYDBG$
zWA~2?UpXy%q$f6H8(pa@;4JF^h@~6ISUb-tuJ)zhXe!37DQ0+z4REIX2z#Lrq5#_s
zyr!dpy(U6*^92hhjkB*VIv5)v>O&klSU&3r6*36@Yw8}KQ*;UV%@Nm?jS%;mTz}=}
zvQE>2r3tp-#}nu74ZCOVfV;NZfo27kH^658P2A6u^%^MSKkYz55A}-3k0fKTFju-M
zN*dDW|0XSm%6Og=fGmyL>%jpZZ7Ncm-Nqj%kn0EE9s}A7w7`v~=4{YCQ;8X2f$X0A
zVsZx%pZ9SEC;$+O&V*%Loz6I$IldS$q!45$R1P9XO0(aYIs4{eMMq>=DSh*P$zZgV
zTpBqL5)M#M;NkWm7IC0Y=nEaNTC*<VhyeJ3YK3mVyBD-#7xuV=B_Xd*H$YdyIqIC9
zfoT3Z5eGzHOtyWKUH#-G&9(-;DsGR>Dq%l0jODbc6Nt9`3lw#lhoA;F!lLbYpyfg>
zEG<)P!Hfh#vuu#-QF^vkS-HZLRJpk$7|(zYo~tri3kDe}A3bjp>%CM+y_2IiTsY?S
zJi%3InZy-)#gWJ{`}WH#iz?X$c^^5zn3rYcHZ)e=hl`h4N@M*?aN8mKrpsZTi0&8D
z`t&SGov~FRKqI}6b{w8zd{7YBd;g1ikJxI@lo4>k^}SVRu=C>coUR@LDserc145h9
z;%$7eviR@47)!J&Op7GIfLb<1Xum<jjz{o~2|xDtM|89TG_Nk)5J^JTk-Z~od~$OY
z?=0+t!6CtmPqT(}tjtuHK_2Eru7HYI*7s^lNLMU8>W<EZ$|6I5X;MGAWz(VwjmDH=
zgWlntQc5A1LA0t<-2qZ9m_lqQ$6axV?)z>?QGU&7o7hn)6d=sXtsZmzs;A4VLRx16
zW7jbgEzIu%fs!R}A=R~9y{rA&tHO<(H-Z4Q;5mq!cI1)@p=e9ns9v#lF2l{OTB$aX
zWG<lagDXhz3a+~gsSgSER)_1j`EltU1TU~y_6YvX3B94PRTTK1%<}L1YAA_{^KZ__
z)O*c;M}Y)-)x*7%BDq7w2a#B|ZSchn4z9S;eSrNTLZUv;%Sxq0W^X}nK&lwlS`gg}
z^QExDcgyK2NNgx=?VK8!J$!L|GLm|4kSAS9<*cHXMBTz=nil!A1o3t085qerRGKL*
z+l6M7x^o(CmsPZb+y}tiX@CZD=etQ4cmYPY{-5KnOjexiHuSQBA<JOJ=vBpMdsR7a
zyFf1)++I=Jlwb%CZSstU!;W?w6%-<lUt6}n4@UwZk-t<hpMbE>p;@{orLUhS@gnK!
z<!o3jv8M#R0u}=04-E0Od7YD76rUHD*#{65X^4vC_7&r`KP-z-HEW*2IS{>L+qSua
zkHw*a5cMqhrzYi-TP`h6AR}_}4Tb!VK$CcticrL9dJ}v?KsPE(H)+5}+TWk)djg<B
z*@+vikUpaZb%zXK0MCe*1ZYWNJ*3^RbwWrNf$$B>vjLUtXIL5(M?y|AEaD*Zk?V<f
z)9I_N`ZZ24DykFm8fML0JLhKi#rzj{)^PBifQgugoLUgl$rr#i!8nY@?l&nsUIO6Z
zag^`)Y*TWIf6sq2rJI;eAg(sH*pJg;SwBOw5ar1ePK<6XwTslu8`7AW1NXM-#|qgR
zZ(Y82F=j`2i5>VuEsgDUfQ1b+95a1x$3L5T-~K>G*%Tq-{vIey9!)nY^<aWFB7(@F
zjX(?&v~yo6L0OA}pZd9vK&S4trQ-<ih!p9a>CV7Y5HMN+uVGga>+uWfkV>RxbeUZ@
ziXy}slc?Fw{O<VuaLwXit)b~q@Mc@T7tq+>*To&eqc+CU$97wFhtg|j<y+#beXFmU
zgdGB{+8N=gD3Dx5E9S17uLwfpjZYYEFuV>+t4O|FFZjFm&;TSftX^qkgJg<V!HARY
zf%-;$)uz`asqVU4h0pV0h9jo-gz&<$#IA*FxCvmnpY~}Po`k(^5Y(awEm{j|B(8`t
zan)*^OJPSYvHl^f#vS<!FNk}7(6ycZ5Z8_{uB2GhO6k}dnf?B1lg4;xTYNt3&Ecj1
z#bFH?Km+kY0K^Sid>$!Ck`#ak>nBIrIu;G5?_)rz@J?281`}pS<KudkE~>5WV72+f
zw$%4AUwSJE!4w-N=%By^073ljCSCzHPxvR6Q=$@yoB{+Tpjs5(!Gc-({%ag)+^?6S
zGv86Wwq7}dAnbCAh=y6epfzh|yD(3fQu9N<)H~8aeIo+R&dCW11x2;PS0M7OAO?hc
z*XduI9a*kY_;JX9IxIKjsxa*%fGO_F)l|x$?8>}H92ye?cWigF*H9;)jblMoWhl*H
zgysG?rjYp!sV}&z_n(_5-ajy^j%y?UOu2*=Oe#1<Enm2N65XyLd`SmKLx}nq8E~JT
zqf?H_k(OH_SVjK55`zRmxRYPtXx)`UwBr@BfRxh>e&?wQ(U1PZ`m=KrU>-v5SK?DX
zfnZ){OR}^UTURE|x7zn!AqT#n@_X}#y=|x=6XgEtNbUiX6%8F&Lia)YC0jodi|;Y>
ziH4SsV#7WfavLU_XtdmsoXxRn?4R@5j!O+Lm_@s7bvnrw#z?>%E%RuOB*zjIEj)6k
zzLz^x@_Ff{N-=>^6C84Hx#h7hY`TUiLG=1x;A@+c-D5wRE1Nea4(Bi_!3Dd6mOA%K
zv3Skx#pIf0!gOk5D7?*`$b47dlGl(bSZ4RchJ#qBJY~XJh@{$r<X(Fldl$Hl9ULTY
z!sUebGe>9{!w@BQ+GT|C3k5q~|CR1x<V0{a$A0iMbTcfr{k^2T4HvlMlEm65`F8c7
z(D^sPqP)2nmVF^@@QOVaiK9sH4;>uarn{UYpI8oM(oDo>DD@N+6yb^0sPmQTnNMVF
zn!62?pIxg!X<}B%R9qI$8@w88z17<=H*DanCNb$;RAfJq*Pu2XCQ%#m-<d~J2IBhc
zi7GhmFLuYN@1dut4)CZMNU1F^*eEaIj|ZgTI23t=EGAV!{vHh(D$<g3FkL8IzlVmc
z<tr)gPgs1=F7{PjftFj*f@>FBd2F{D2CHnEy1X9~Z31;`)i0i#B64I>N0#a&M`>m0
z(^KD4!8CchiI-g>L9zLBD#U)0RzZbgnk|;`OXTr)ySlZXn-U=}psX=OkUlBaOJ60<
zOA7-0Sa0sx<G`u5REyz*+p>=MCR1_$pUql%WrTSG3i#IYuvG&AkOa-N!Ei@!1Leiv
zL7iBGS+)Gm>CrC31nslcPdAei<-K>ZCT>Q!<nE4Dk5zOQ5u`|oHfZ;}n3<dKrN5#s
z!De0=h~L!+?#UE;8mQYpQ*L<-dCh&Yh<ps*_4MZ-ZoV%iO*7Widz^Mde|gKpa94J9
z(npuHNpPlNCq4}Cb3HMbB^#a<5QAO1`oT9b*YU_w#aGU}OXt*#M^EK)`ho-!>UTAd
z5b!fO5=0$Ivc}33ll4AaK1TCKC2)+&S~f~|Awf?qus`y%*Q)aGW0apj(b0K8zSrdJ
zd;FgZbions-~yeP(lIMPE@J98pL@L@M?c+rq)ck#dDxXMj**qhDD>)p1$-*4rbpv!
z@r+JW3DIt~Wsl~qzvQ>-Ch=mbt*V5SShL$ANKM4#?KIep1^!5?B~IyD7@u;aMCi)`
z7a_>sNLc=m_E}uAuoQ4t+d8Z2R(qIZ*{Xb3nxMxX>_3?A9gi8E#yMh7hLy^Jm6*$r
zWYPy;K9xs3WTb`4sWLdo9V}DJ7}%&UMkx4b<E|43!wkDjzoxStr7Hc!$TI9R_G26w
ziBl0ngF{n~2@?!vTx997?;_XqYEQaoGCBPan<VXX?1)9yF@26;dvJFm5?lx_N=U%!
z`t4HJNq|qwH%_T=CS0p|_sRZea9wpTlM&O`7@_2UK>DpB432$M;xZ?88a5hq)WBG`
zlVJkLZRT6gy2x22LCg_Og4@>pAY2M=@L++#7USvJnWaBlk9~%QlA-B6RH=Chsg_+#
zu8aX-rt{Bg+IQC6A6AclxIER`-1J6Vw-Ecm*fbZZVGVD@?zLjpO^+1MmrC1@Zl22i
z(b?LW-<-63J$~{^-)JXg^FySV@xy<fC?Ldu^YJOG!f#(pam6(7Pyr(0xgd44oV0aB
zbFD<OJs)RZ%i=FSp75Q)pnK)}G0x-Ifd>tAA~9<bzU@CxVy_O8c0b}4>j+pXe<6#=
z!Nwk1>X97g%4SeY$HeZpx1wTXjpErT>WIgLX=4@nBy3ZzE&SSOVIm8l&EUI(C*j(+
zbo91}&<+XWFstT*h2^f<l?QRsob>~3QqMjT3fWLq-REOJSz6*<dsnK`6u%Y|7wUK0
zgq|zca@!vN=Z}W))Xy&@!1`th?^3a-+{_on)9<WU|2j(^GUER6=#R6)@@NsFLe!3B
z1a2ObWj45g<iH-QP<S+cAnipwW8W-O@`rPLWBTJSgqMH(^;#kS-u<4B#^AXQ`ZI(6
z$y7O?MWvyS5+^N5!a+8-sO76sbaZ8}?A>?v{gG4YfH-(e{z-rK`RT+pV~ZehiDz|V
zr}GXE$Y(>#cuQ~SZw=MdfZzi7Zc8G?RJm`YcP%2+3sJM~)Ij~YAum@@ygRsOzpCJ?
z;L_AT*L2hyiUM@_@$pjWZ)a}FtasG&7v6(D1E1fW_H@LR+;v3&8A2<u!of>zMTPd`
z_kNb$d>tGU<K16`{3uG0>i%BnL+eL_h+!Na1rP!1AmUT<UnMB>-$PyDdju2|8I6RA
zU?u+foIM2CxLYk_bh{SI%b|Pc&kF!QM*YYggB2>rlPH#(R}5>P9p8f7YOQnVMK&=o
z$MNy*4!!&MqzqT0c*Ja$7Vbvir%XI#dT?-qn)|w%CxIEyei!5WK5COGi&b4;1=0Iz
zMGe#OiU-1f8Yg&1xcunqyXO0R8YRm?bq~+r4JqZUXQ}=6we<{>g;K7%@M;uz21OP!
zex@i3BV%oSW+}W&>|Yq;jhA(ksPF=3V)TPr*c#zQIdE6GZh8zn2BGCY7bZSc5nMyP
zcwr)~15y65I@3p~h>>k^<+nwyH)LLX?lcnTZi)!T9A4$Ny6(1sQat<_|FaYB$546?
zetYtgcZm9wV(s9e1iu&#p4=}pE9OdR<c9jp-iGG~JOS5hXt=nZCFSl@JzJS#VEU13
z^+04m?jmlXRWW8>0e<c@b;Kud`*u76FpU4&a`ykR?K|T4#P8R-viL0$I#L;9Mv_h&
zneoqp(p!!-j4?#pPaG7(0#17HhCMus(W>Ub!y!1Op774)TXaklxk~%JpT6QH!M$d-
z`p!4m_=mIUdPUDKe+51NX=~hES9SkRJqEp%lGgV=0g8#czrbbe|8hOFDi8v2@pqtj
z`V>k>Du-{mIkheggmdX#BzlQ87*!mZUPt<(QpJyUg#vSZCNx%AwZMgLeyOoZmldX8
z^t{Y*%_jzIK-wV`Ig^{-H@HEq{+(4UL8|)X_NP<(;L=aYj6^G9t7T@nT%b1!4G;GW
z4tA8j|DYthii8pM!p7S#T4;p!9dMPZ`RM&82t|9lH-U)}8p28c!*3mQr<8j>PQF|@
zJCWuhpC?ah)Y%Yua-t;KQSf;|=b*953{I9P&tmu{fmF0c>!Z8zZNdx#7~DTX3Rcl<
zpGZBSXL@)#<Lnns0@_&TGYW~Nf;c}Dq!O@k@RyJ-Pl!;owrc<vS#1lIrx%JWqKY{A
z-|o^(av5gWWZHZ&NbthrlS+oR4Rdusx80)+v9@v%#?2SD{RC`#VFGAX88uF;AAFM^
zA##VxCo-RW^1p{~I74d^TC1u2B<y~YSNo!Qaj>I*Q){aye7$0%fV<-5$aQVoMbB)Z
zof@!tKiM%c_1ADNi3QPI&y4}}SAl$Ow{Ah@DU!gS#Gq&%6Nyv*Z7NEioK-?&Y9pC9
zM0D5ilX-E%qY$vEd;<Zc1&Eyo!*Yhy(9{-JvEMD<<KmDvRGzW%aj%T#Ew_RzT0KiM
zk{c6-zuDT4X&FeYa?Y-f$OBv-AD@`ow`!F>7Cu%1JCQ%XSg{`$o_+sIB?AepVLl2!
z+u_9a7-R@QCeA-P?Z82|t1$Yd{0&Crpc9Kcx*;kx`lxi$Bdw*|vNG~fTvZtVBYJd3
z4RD40*NGMvDgtpV=zNu*Ot<E@-1y)cl-SHJei#@!>`5Rss!u7>eAIgj4~Ti_==b5<
z;`pV}{jTGT&+->M+}y;s_jhGlK9<W@bB9n}>=2|NS>aq9U}oq99|4hDipKc_B|PiN
z_^tN{7yGlP_Ymy3dE$?dMWrepZ3+d(eBGFFp;E%nGSV$7ye>7W@sR1vrHdRn(G?8$
zo=b(WpGKoM@@<)jC3vtg;C%gtV-cy0fAFDT7j11Q{ShN)y+5T8iFV%Vd+>Dj6u^Yl
zO4X8b<-xxAzmH-GlY+3FzTaANGESRB>}cD9o_?6a399<fE&wTl&l3y{6wZs6X52BD
zAWdB}tAwi5#z>IKGcGtvw*zIyrblJ*4``*vZtXeVvqn%&>#`sM##l1ZQ5JjNPTIYV
z@u4f^hdGX|g;WR=x2?F!TZWKuV!ga)tfzxJ?9g~e$P}@lG0XCcHkk)Tb%UJmF35rH
z%utsl{5X;Qg<9;onafDs5uUbxQ6IkJiSHKU-hOUhsC!6X^U3Mg_h1^L>N>}=x0~D;
znn^>{d_sw<2^nE-7CmJ472fEn7gra@OSwt2rp0nQ*Jd+P1z+t0l~uwX>(20d(fTly
z3my~BhORz-2$TQVqskdtNadgu)J6;He(faYCmR>FN!U>oStaJcQDGv@W)8`21-8tb
zB;b3eR|c6@SEQL7XHiSSk51?gr;VMo=wZh&<k)XF+<DblOkAs}@nrgbpes1Zh2rbZ
z{!Ew`DwmxWf*ljvRq#j$$F-lphMu>hKr1z_nEm{Joq^}})qY@@VU5WkD6`U|KV#dn
z-1aW@(-?oI(}v<gs?W<!OpWY)jxyU#1C9b;hwBJFFBeCLw;U;_2Y))7`K77#<X8No
zxlL^fHlpMpPJ@doEjSiAk5O=0PH#af((>P?sHqMQL(}K-)cPquNUZo;=gD}5UAvne
z5lhZ=xNMx;S07!+jYwkZJCX*!zAEF!>ZY$kfkw-FNzqIUS2m0;t`II)KHIlaOzOXF
zW2c>&MfiX`q^72}@3<!lRarEl>~hadc|1JGPGo1k?4Kf`d0K#9WQfAQq%J_Mgi7+{
zCE1Wb7CNN&vPdXO4P#we-H%ujp(8!;^i;JTiE|WE_!R*MxWm|cHmLozUNI)igMknG
zXUpZbPUL;g*;qpxt&b=9T=3@T+fK@u_A2h1I+^*dVUhE*{h;YnwIpxQi?Ml1{on_k
z53ZDaxF)XO4c}XdjF$I&v2NVK%^-%55hA1*1iw?ims+FfA8mG8qoS@xc~Vr`AI)vG
zyXPd@PBr_!13Zt1WJ5TX+l6oG)u-2GI}|NQgvGa6)pJ$lQlg$rQf~E6wNuY9k4ekP
zQGHNUc#)CT-52@+AM!D0gf@{-#9iL=Kou&kDDQ4euD3o=Ley!}K}Eh_ONW9QE^wV(
zyz@QPOO^vSMCv;)kw#Fea!>f8*oQ-Njx<(Kt`-}ow~<i3N?~~ZW^KVGCEdzv4w?^j
zZ<!(}z8$cN-rMya^Ch$V37Mt68nEU4o`|8o_0=Y(uXYokclcwYJ*UH-mL2RK?Jqiy
z{Ty1;XWV~0iGw0eOOD}oERGONrHkeEy17j<_-^dVOZl5num7&D+NcZK2Q)diESjx5
ze_19%(H9L{7Sl77wg~24bR%zC8bbX?;!I}J+lb<k5_#qgD8D!MvszuPCQ#Umiz>q<
z&#gLMM3}wq=RYF8hqm+zA8(_gA+OMuR^TQ95vK3=!@4*74X%fT$1Y+n``OLwznRJK
zkLfqO5vi|Z1IHyojW{`1s?Lg>t^(&hsJx#K?dw0M2hMZT9O=71kK!wREUwptiVvYn
zkj=9}6{Akk2Q?xjG3?!Q)vJATW5#{7gb8HreKQ<XDqOsLq&?0-*V_@yyVrCna~k_s
zcAu%q(PWv&vpt7j?(`Pq#!GNsUvu>DT9EjqQW4;KIA|LZ`@vTxQp^*y_B6n1D*a{U
z^_W^J47a=d_|U;yL~5~GTuAbVf5Oaao!sa0G|~lSR_F`a51M<lqz$O}!gPn8$=Ag?
zR5uY&#NTyXDZy~NBj7Q2`@6YZz2U@rQKJ03mZnkq*{KKhv%dz(J@nP`i)*Z)<(<JO
z85S<yW(vu5&zBP{@g5nnQGFD;ls_8#t+lgWh<NHs_&ByyoOr|bg=IUDc};RH6XJ}&
zbv+P}mX;<sB>V+V7!7z*Odgu{Rz)257(%#%8=`D}FMnT!d(ba{;P<wow{s>&{Ph!w
zizls#QpFkMevk~@_-)B*0{b_W^;E#XT>Y<S4jA&;vIiRJtpwn(oAeA}W0tp{smf8Y
zS<EPL;;88x3+6sll}m_{U!>H_9~?J-#7?}ugHvUg+i;Y^3{LdFk%#U^zl8=4(yC83
zofNX|Cb$!PSHG~2$xeD3Q;N<dF=rYH!woqJ%bEa+VWn#!T5jqW9vRCR6uy5uaF3UZ
zN}G#UXgM^!6)zr1C*^gleIsp3VGAcRyU0l@8ciwLEYCKZxQNkMOuNHj?cK6f&em4e
zd#)BM$?=uJsWp7QR2S3pCKQ47Mk4rb26JVi5riLb^V*H;r7^w)|KsfH^fX~x=AE;4
z5$VepMHa$dK621(X^8S~T?#!pH)s6K9NJctl(bn)LyN<rdB9Y^(k!Q+zt)mEgPL4i
z)cZb>*<U@nH&Q>bE$&hXDeX&dxL*u+<f^T>0APSwpN0YtWEh<e0;%BX!WR2gCak|4
zV}+_7&E6l{S(=^uAYb4^nton5C)Eos2X^e}r!jP8SE>@p&jTj!N_j>q7)=X#MK!Q+
zUFjotBUe~E`MyD`wMXn%=lkKeuhh!&qVfb;9nR&j7BgjwvB#Bbg`$Q=uHM1T`DOl~
znmbvWk#qwo;3kzkcrKnv;x{NtN}Xcycgfc~J+t?c6$CmPoMM~iMFthK2gxURpb`m$
zSsFk8QKLCVeKpq*Nx8-!SC@8;cklT54+g8b`cXU>)<dkOzLniay*1yY*4xeKx|Z>k
zdvc&Brenx<uJU=%i#eUT#mA~Un}$z&Zc88MGD5f$Af{0Ph+TUKIenYO1#y(qYovs9
z0a=A;1ik*sJ4d1PDA--aC89*44h^A`cJB}}(nF(y_(<YN0EV?**ZPBDxsCHH8-uEH
zaUNBgstv-1A)RFNl+Q)pBuj&o8{CPBHbz*qbX>3bm}$4`+1D{Jf(oT&@=f*x3_Z^u
z=p5|~AXp%Ko-0$pD0MjlAKrXHeUH|%<l|E;H=dMo)rdl>cQ<PA5|<iB<Zn-+l0Fno
zgzjA%6jwnomwAo8h2qF1h-1@}#w&&!C#jj=(h%d{X2RO{G=>Tst&dxbeG6?$9|gwu
zctP|#Iy&#pU)rX4?{xcov>VeS$3_LkXd^U1^xc{m^*Do=GjhA|5iNMn;=uP#wHYG0
zpu-iJz=XQyrLm9bZs1Q+TGjc{uCsCe&PB?WBFPCdm#yD?=nX>A7j;kx$4!pV5ai3%
z{srejTgkt`BcPsk7IRnMn)l-l5&rgrm2T>-4f+%-&90k0v#8k!=KXW}l)%FoZvu1T
zdC}cjn!g(hv<bfq>0HSC6P2TTQ3bo$AVDUNJ%yLA;{e+ok)ieRpor&vGDl&Dq%W7|
z>oH#!R!?oTVYm&Ajro1pT#R;IosJfs*7jw&s{q}oNdlDvz%$JtG>?e_%yx+{l-oJS
zJ!?r`<okE0_T6e;NW1>!c8<6L{_gPh9xXS9dvf+^o+E1pqO<zeS?QsFoGzLjXWv1a
zlKb=Za}g6<jJas8SrEpud-?ReUGzqi&Otc?%lBmO*R@B8cnu#vg#S2t;=SH#c5*E{
z!~Su|+BFQ%@6Wf6(q0!KK)HxI_3=M*<M)L=yun71s=I!o5!8no^Aja?h<j?pgDPgN
zsCDAqz@pnpZ@bU#UYErRd8J6i1cLm-grGnfmtz~qx+w49VBT)Jft7bIGsjwH`^Y;^
z8STS+28^J@yh^<Y+Xlg#fo2)OAn3AoV{TiV=2;)FzWkKmF4I6KW?CSqQy_5r2>b&c
z4VqnNm3b|A5YNT|?s$=y_|m3FAYvi|u}+1mob+4_>o3#JyDbLI0pD60;{0XvM?;!k
zLjd`sQCYbJ84#_ARM2MD^S3#1p6Q1na8w?SB7NfwD{3$v3wg`#x+4_zk!xyc?6|r`
z2nwPU`rK&yl4G=1u|2yX_Z!~?$n*8?t)(2@9ePkICR#iZ$we$&W)n2G28BRYNpD+;
zXi<^N;*^P=`P<^T7*|YTr=lAAA<0HEd>NB#$hUH;fYLsne<T+ns6<5cv5Tl6<$=Yw
zR`gth)6|T)qm%lLJHRX8;BQ?iHMF;_Qk>imETIK&E$<3Gjum62s1$;XR<=4f8iU3t
zA7;WoKVT8mfSOx};AdhAb=S;2^q6`}z4BCio)HRkjB6oUY?>GDNv*7`&a#!=;o+pR
z<q~WaeWQz(jqtq()Wy8U`R(SAN^MV7L7G%=IApr)OTu>Yd`LgTm52`k;(PWiWFzUl
z;=o*rgN$OHheQ&I_Om_uK_N#7lKiQsn&W`SHcj|^ED2BbtiCkZKp;5*zGON9E}0&K
zOQxHWdFpOjD}116mMKR!>to7ysv-h_E@k?`(20jW$ot`(Qx-rs0Yb+>{VP$r74mY@
zFIw?e?q~CEQ;MGmjQ>dI0+0Q5liow#N|cgjD?bauiZEe_l40etq>%Adm5WaE=@Y4c
zX<QwhD_}0D$?tUIwbpB+B~Y-$JA1gIT5VT5HAS2oMI(bS?IWM(4APzoTr8@*kYQmD
zux~kyRTme^ebfVLntJ*sfhhN(`z2sTcQe^VpT*qKw+?iiH_YU9XJg*7U`XlGCsQ#n
zT_=UeG^bip2uX_hL=-bpA4yE|Yt#xGg@n8w3vG7zb@wr-?Lnfu_yE_QC=PMt&diON
zj^!wNn&FFGtP>{C@W@lRgte>wx&h7F@Bz}B!Nr(+vmid{Wi8I_2q(ansPo>MBI@|P
z2|JJwAt`R}nWerrRQ5Gc3}0Uq#xu3<Vy{h7Xh~D=+#Zq9#)OYFlisCi@%G)cbbY(k
z0=<d=1>OXGP0OfhKn<#yFxLfuwJ{-cG^?ucEa`9B!3$Mbh~NNXtFO))3aN7S1Aew~
zulkOGoIm#8Mupl(of{S7e>ha(OT<g!7ZoH%Qv62IJ-r1}3rQ!_DhxKl7BE{816*8f
zE1az~De0`85pLkK?%E^DDRaS`wW*&kO-y2TmKuKic+SY?x7VP8f1%*tC4&+wZ7|;5
zpsh@ez7J)PtknG|I|0WQ4{1KE`O6~e@}WoCF8yD!E8|-6N`-Dk!{+n=3UqExzLm$h
zPbfdty(UCHY=EQ67uqj4E!g&*6Zw*oO9t3~Fkr5Q1+H!%2OYY*dsF5&c>w0?{`_Ks
z;Tp3qaiRFUL>iYopaLfrhGWZ#`ET)Q#YmuVzTBiBR{<6Vr)Q%`=TO?OGU{2&vciyq
z{m>9~&dzVY%EoyhEn9i0J9P9K>xUd_{Q~ZwXZq963gUD`43g>N_oB9mdfE0*D?#7%
z-Vx{4k-_BE3#2s}-A%R<KCrPZF+;*LBWcGF(?&09pO@rR@)K7VP%m{O^iV{=9*1@s
z10A1Pno_v^otBy5Dy-QlIcd`-)xulwmrtlp5F1kFH#TB*ls=E9K0<=SN(yqCB3@#`
z<Jl-{01s?L4iY)N3fFP7nxA&F14O0=v;}L8Zp|~w`$M%v7Y`2)ax@7Ahb5;eP=6aT
z{SWFt<(E8s`&Yhs<*>o|Hcc3q_l=AFeKG#kLQX1IF3aoyn{+OAfC(Aygd}lX`XHR2
zbDHtD2pfl7zf$!$IwSQV97=kHLhFZQW+`6^w5sJYu`eb)J=7bx3xm>AORrbZ@Dmke
z&~l7urPh%A#=#HRe_Q_n2V|uOZ^vVZg>*p&#w0wRlBdx`wHk~OOU<<5x&kQTAM$6g
zPg>dIzZ;9z!@s&@_1e+`E)U>|!=`+)@q&I}NlC9y#+HStr_b>V(*-v87%J-?f^o3;
zR>G_Q5_zTn;R7P?$LDdvO11XHK<k>-*VuVI(Nq0tEpmkyLxdP^H(q~>r2`*WLeJhE
zG11g%2ZC(?-K&QL4a?D9!<;kfIH2zYe|4*!$W?loO5hl%y0xE^{ulQCj|qq9Zj$)W
z&h$=`sM0J7Cy|5pmx@nN(d}QiuN5>lmdPRnGez_T{lHPbfl`IGu&^L$`QTQ?K_->%
zTvj;@#r2D%&L+0f7qbL$9Cb$p)Ozeu#uucJRcQ?1J<24qU(LO?kuG%(c#xm;U^II-
z$O_@!%=0XHlNSnS$wPHFwgAfpj;-%f()1<>zknkIEk#Ta7OhLxKeLYo6&AWCj;AUE
z>iuu`dlwJldpa!+G=zmT@M|Al5dtPqGV!M!qyN7C*O`AxOJc|L8ah9346mVc2vd;}
zQi>)5j1~jKtwbTh;7`yA*NB3Xe`U`ax?_D#XMsYXrFkS+anye1rKdJf<W$F@=jbiC
z*J^j?vJbi<g8)+C@8om+MY5YrF7+)jkg9NRt5Z_E|L_(PD}XIsw%_BA&-2sgfm|~n
zk@-6E6?-)p*Io5p-2j@Upt-3B=Eie9!CP}|X>6P?TRTg!g%qG}p?`D$;EBkY6?bZ%
zBGKQi!jPz16#5-p&iU_Y<`LTne;q(`gX8%Dz*-7?03UjW8l8@t8Z)Ejl?=2%)nlfh
zJFhaL(S%K^*JATH&w*-8u<5+!t#R_kP-JI0V}bvi0|kCdp;X>KPJ-@vNCH&{s7{if
z5IUAEKq3l1GY_^u{zkGQRYF7d?nbhOllW)u&(42)f@h%p+!G@dec&)^HEasPxnV^3
zMt}6@aBeZ6h>N_!`8~;li8yj@nG`f^@o^{YoYEx8qs3{8yfj<$Xf^Dc;jOs{3AZ5|
z)p`&T@#PNh&Mm3?@&FxRs8Qwp|7D2~Pvf~IkLzjSyod~_mpDI@k?zDln7Kr*2V*A1
zRw<w;9<_b_b?0p0Xq+5IO#l)O4u|ViIIdm*!#}aQk~;2D)UZ=IAj+mz5MH}T30^@N
z#Eb8!eN+`~;{O=-FDVRf3)}sx-s!mislaik*G`__GkItE{-7wdb3k8tj`Y`S$k;mI
zyprrXn1FgKG0Bzz8_9?`o<$CG0>FiZ_frz49%@%mjk$`84{oOBoQc!JxV}-Hg5iv5
z02;pwXUCEH4R%rMBI4{uwqYJoat`vl8@jfNIS*buIJ(rc@BzZfTMv7z?M|dpc=4U#
z=Pgq@qO1DWAC0HdTd)8%$aVYx*W$t+?mCBGH*N$<dY%WC4QCKIJ-AZ@auE=bFf7*Y
zfSN~Za?llQK(gmLr@g*7*!MTSg<Pp}XC;8~jfW(vq4Hy=mi|8q#mqPBFL^kBh51n|
z;W@MGP0!1xvG87OLYSSBm7a5ZkQCbo^)E*2!bh12cY<8#J_gMevrqi|H5w))&WV(B
z(83a#IKVwE$EnO{h+kCnZT9G%h;e_BQneYb>*cd_O0{ulZcWKlYMIh*eaUY5FZ%rt
zt5TiL>z{S};%fy1(`&Z;1AVnl!%g$IkB0xathAv91Xbrk=&Phhk0r4AV1k^wWzDqo
z>O8_+cKsS)@&e0lXWRK}li&87setOrSYj+cug(Z0-+y&3S}eEhuy{{^2^|BC!lym{
zyUF_Bk-*u8ymMcSWu&;Q{vwOZaa5fjW-DJ-8W-PtA>(q3a5&Hw6c;q30Z5u=hr{iJ
z)iB_BpaUIi6+Q1jZSP?HV_S<Mrppdh`+2AVllEr|DQlaStuUOCW-iCrx=+m`&;q?i
zGHIC_GXcQmP3^OeJpU09#25O%QUo8uH7Gv2`8nJNruM8oF>$#enB^99U<YKBbXf%x
z7XVd9Wj3%8Z8kxkJ9+mRHRgVu_k|*#TQgE0cQe`tZ8$g+laK^#F(_Zum+s<1NJ-Q{
zx@ouE;|g+_5VdE1fGs#*nT_BpEqv!+RreN@WpYcWLI>_%rrnIT=sLe9?VT;Oy?Gq@
zrzwA)5PIH}*MA-JbSkH5=3-ILje;A~@*RqdRN3y@B}&Dy4v!hR4At%_wN!#5O1hM(
z{*n_q;c_FS-iiXGa%bDo7tX>$sLaY{HR+LjDd}H0Cll^pC@c36$D^9D0XyIS46skT
zXu-=ExUSyfnJof9QsfI-SW&)b0bh3vYRPtCK)BXGpIWO^S=0P*ujS+XgX-5%>{UD1
zGzXC+Xz6R{HDoXPXrRbBoUFL-QECKS&vtAH|5gWN1I_LgA)8yfBBJ;~<F&8Qf3Qq#
z7yI=ew#h(lgAR0BBSjR-F%&BlBdQ@4*LfZF{S+=D?hR-(iW~+u1O7VUL(kH$3gAW2
zpqavk|0|+P9Q77tm>15i{hc9Y>p&2FmHGrh<yBcVq}+4=Tx^1c{c}-_Ze9<TY*w}g
zfP(2!<y;&Oi%op|x0@Um&pR+|Z#+KJ;o1N)zKw3~h5elMYi)7uQs8^3wZ@KlD>ir5
zk_y;1Q`eH~fMml0MTV(Nwc74MV5v;Zuk77x?z3Sbk|XoXX$O6=P@sig`A7N>L9Uvt
zwgH|FAi&+4CtCd%p9$KdY%bw*7NU-!oCvI#Ie^Nl6hr5OVRH6WE@-#=8?Ou?w4wry
zu#Bg^Lhi}Z3~QmV2q`qsqDM$lP7~v|vwaSP_4V{{TAxr+MIZ2}MZn5B-<XTGPd107
z_SrS9fqmZi`(tQ|jzo~o(UId51uc=S_E_Oi@8gGF?_DS_W<9#w3&BM|zec~Z>QbK6
z5d23{Rua}5{CgZwESdR7QXYGnK1hE5X>H(AOGC8(=rPSsfe{c;fBo?1!a@c?!-~MZ
zwD6PXG>`@sR38fzts{O?_5m{=U0qyw<}>asCOO*~TBIuPq0(Ch*T1s-6C{*M^zog;
zj+bRVKO5R~x*`@_RW8a-A*=-sWumGpvi)(ZBy04?{Z0)gHbgDTsK(eTk17)aU(Xfw
z%*NtD`P=78lNoB&&{<{o;9Sa72vuP}Ik#SM$J*KV)mtEswe*@YAeG;JqRpj9aladI
zNSHy{*J6&m?dZ}Y>|%TS_n)5vBG$7LCu`x&DZ_6_ghRtnT6lZIkwrp+R;9!|3#2T&
z%?Tn>&uUoGbx4w_UPM+n^(`lT%HHAK1fwmFJ_rr!X?p@I>Z80t(L3D}qz#?SEt23M
zBUl??fn9!*GS{+)*=qD`uji=3dv=!4vjRolyjZ`t^dw#@A3-*i>;)VC_`J^+cV)$F
zzOB5vng9F?-~@h6t$n2Gf1E%ei}QsAn|~xe%0-N#uWe%p^Z9?Jw_R26zyGT<`7rtE
zjY|C<sx)ifaRSkb_vND+LY8IP>j+y^!OuZ+*1WA{G4kK$R9dHOQN=TzVR>p}NbhS8
zELsVzZlQ7*SX2qh{i8EgOU0Wq;G%*l4DS&CR^^rW?*HrpfavB8+T%^*mBS4Pb$;B^
z5b57)bL0V>G6(g~lfHmc6rQ~iC7a}iQR`b(!=pEN@^BQd(c8s94_FAY`yKM;U-ci~
zWKS&+eA^gBrAjI<S4=YFX!V}FUUo97g^y35Hy2N5H<cL&xg||-W~i2<6IuFwU+X~6
zaGe@?U|RourMd{vN35d{PuUVMVrM40%^FBb&+W=Tx6*^$5!dUZ86aDxmR<<m8f
zSHzdasBaMe#2c>j12!<hZmB2^x`FrbC&@ZZxvZ{eg}$+@Lyu!SUi%*%E%$uBqz2EI
z?)OD|gLzn7>VM`-U0q$?DGhQH60)Mt)Q30(1;13KR!VXZ-<=3oAa8H0u1nS}8i|kA
z`%9yWzKoQjmK&f1-CfW@-I}*8Y~I`jy@MU1wdUXGB97gu>@B$aR6Eqj>gJP1DlSfV
zpqTKj+$}L<G-Y2HwMr{H01Tn@LgNwr#c00a&E}(?8$8lSswS5N2c^}4FM{^r<_Umz
zDVPAN3%i+(o>3njq5eIrb3_rht-=B2#;@$8MQ_aMznz5BY#!<*ibVh+=m2GX7IRPE
z7|7H*JC3U&jd$;=o=|@3o8vkkdfp~T7u2@HcGGhq+6tDcHzg85Ay$cf(G1TQZJg^(
zdleb!fpi^WK%#wAFE*7xb<9NRx~T?pXOze+YB2L$tJq6=H+BO&W$|BOeL@Styvh`4
zANy}QpUmc%iFRRi4TbUs;-vi_6N#WP?r<*cA_l#^mvZIlTb?fhce}Z%<hX3c_`<)Q
zn--XuU|&nCS2zq0@KA_}-YN1%^>vh<Z5!*@eb~9}>jPM7NvR_Y$UmdiuI*9Y1r9`j
z0F|!tV>gpue9ee>0ex2qAhLQ?7<*U*ehTll&i!dP!1#EEJ5}UT>r)EZB^UaDk#X^D
zq2)u3;orDOu=;o-^2?z5<R&@fZuuS<7HR0`=(}@!60u=|b{4@;<Kqw66!Ee(PCUF&
zSmF<@)be2+vKgO{am8{^g2(UuhqI*^E}{FN8~b+x>xfd7ToD79vzbP_9_7)jm5k<f
z5P3F^alc;3I$k36wg}(#Gh)uI;u|Y^S4GR-PrurV`h{zD>K<F`?+r?&xvTAfn5D<2
zw9tW71O`OY-mZIn`yWf98kj9#Ju4u8Arhbq539bt)&j!8B1@&s*q+7Kmx_4v3ncJo
zIigO)S5iPmPY#*kI9uh30Db(j=`H1hmRC5Jm;xJQBS;TV{~zv6n#ZJXc`;-Kyy2u0
zvs|zd=ysm;*@OC*<MqMx|FhZ*`5o~umE^dXG?7FRe1V)es?)#o)|w1N!eNshG2*`~
zTD$f;LM(tvcwe#Xc#)nsMjij~%CC!kJa85cSr+JDot#o)?U!TPSroBAg^5Ua3U80y
zO}wbst|BH1&A+HHmtz~5Te9rPw1g(!(iCESTf8wlCBvpECqLpzHHxGY+4oCWC*)z_
zh@PQHxV6vJzS8W5uSQAM7C}a;LJLr}xVgA|U0tVDikzg*<hcI|b;Y`Ep<UU+KF%QL
zt?2VvC{X_XmzNN$yuL`x`t42s9?@a(U>3(D2>}}yIhixJwk+r(SEcom7Pq|jApS{P
zt{@eCC-R*xD(vKH^`UxUjgXB_^`SNg!8(71HAth>CHGyzGl~mMj(IjzG-*T#-0*pn
z5Kg&&q?Tek`4PO-JD1|R87fMh65K*@;u2jo%64OEPH(3Xu}lV1s9ng$ljWkU!{Z4N
zNYLG7cEZ;`$RLoW-#xF90{wLKNmL)DK4n(pJ~4UE8s2xHcNLA8vbgG^C{%2k7&~ui
zl8b)e(R*xC{(tdcoyh(ORDoMECD9EPo*EIQKq;-kySM!M@;sjeV!v9zp<Tr=HFwj2
zYFvcr%igJlLEHG_p1Esl2=WmIVM1Qf4a{7k%0e;|se1@)4;p9R8Eje1cKZ5<l3`0?
zFYK}3Wy(Q$3F5j8miqtd1;498c?ZHE&v3Mb8-+JnXG1-s!7F!cOn2@yiod+nuS2O@
z;U-t#K4-+9Xk#S4WB-ZhW6MuFS){4E_3hHRhkcJnk*J~DCG=6=%v>&{ns{iPc#~VS
zsPDe7{CZB6*;w=n9z#51g%K)NmdM6AkBZ7A&n)of=R*e-+6$mWi0Kv=VFAh_fl6+a
zOhw%zK7CMXZU-{#mS9{$bP_1j1qVL4imZ&*x1Gsr`-#XSflQzJ04MkM&$g*l*(nY~
zL-^kH+JG{%aer_!{u7!VktH?S(S*cowXc76mc~w@S0Dp8I=eEhr%HXT$7^j_l>BjQ
zH$_V(FU0lp97vVtHxei_MhgP7A!eL>N)LdeR1P0sZA-Mdlw)kb2gY24oZ7VvQ%mWB
z=q3dg^jr7+tcAX;D@clNS<p-^y>5++Zb`k1c3x(5r0U0F;+Y&&mRYC8ukE@=Mm5~x
zIz1#6Qj^QRdA;57(YLP@W2d8)lc#IP%`MsGd(|@gsoBm%#RrjLhv2(^F2H6TqK=Ck
zHwgOPbiWq5G2PWPX3)(vnr6q$k<nvc(icr2;oq7KPBaPrm0)qD(=bMdD>d(Kj0qxm
z6&-|1;>zu~7~S#}*q9~nW}iVjWfrZ6woA?Gpm;nrH2x`I2VWg`qol#EToi~k1~9U3
zGN`m1A13{5fGZEX^MT84zHeugBcCsB)&K)%TbF?2sCYH>C=Up&vi}ilIR8()4S^vK
zkQ`|ep4J1Xk{20h*VlUWmaO-BMzV=malUn#cT?E|4~Vgu>lRS|+zCju8;%PLPQEcC
z2%8p!`d_ChBq|UoZlNRi>L2kqy2SMtkJet)p%*<oHrer8nk649J-Y^rO1--{Vf%mk
zalEuJK11lYLK8>|!-%g}fTHwJN%Vgh$v<DfsolsB&SSg&WtFHldFJpgm2&SahuGdH
zOYG7C;h7LLP<)<=D8eR+c{>-LCdz9;#;VxM8kmm)f5hqE!UKC>B`5e>_oQy6PRY|O
zy(-WLV=;knXG%~U`5l(KWA!NFMqm#=%r<^HPR59OIaB^wN?SA52M*;fbaeRk8%%Hi
zhpEIL49Zj!8k{&2p7tVX@~mG$dNdpLabNNd`O+&Lmx}ua&N-q%YTdG75dX3jSCF#4
z)AHUxDr$a`li=xy%@Ri9Lv3}aUV`JAgpN5P@M#MY!Pkt@O~T$TlO~`W=rOXvx_i9K
zuBX6WGo6ea%!bS=LzBAu<dH9E;4FlYtCBT7sH6`PeC(&yTR!~DfX|SP&@NR{UI?*D
zW+l9ZX#4)mh(3!%q@M49u;NFHY&^394Lz55@a~9KlX3jb2at7_BUJpoOD~SHqt|O-
zW33<tbR)OS<2^|!fkc-Sd^NjAQts@gTQw)<5>p}U;*A5R{kA<<f6)60f7qqk-yeTM
zF5rOpy0`o-cnicya?V$^zh<M~<)N!y68mbaTE{H5?CCO&0G=F+S!}70?|U!=7xi71
z3<M!9iWU8eM7i`St9*e*k}{vfmUi82mS#q>wQ9`m8?S5Zz${_F>0uaX)Rbf$a1!H9
zwxUuKju%SMjh&oMAv<*oZVtgJhhKH!iF|IqyF|=|j@L_&)^`JcmhDo*A(LY8nsAAU
zh-lJ2=<7GL+QN#Xl<0AyRVQ_KBZ`Yo$A=n5;6`I65}P~7G31}kz(mP2*BnOWOF+K_
z@h|3ZYj-g8yisrF$s1sZYAv?ood2N<ui0$fPhX1i9&xRrSAcHYw*W>(62mv5*tL;e
ziD$Q>;@40aor;iv?Ar!8fam$#5i6VO8j4qrU9IU!i3^tG(y$Q|4(E&ZzNJ7CH*nLR
zLCXoOVb<&BPulgqGIm@NDLbtnf*Gr=ZT7n{ae)g39XQ^YCkQaEj53E0_QQU)|E#9)
zYr6`tk^c1o&>*q^&laMc`#U3jYMvI^r>4{uI?#*5n4BNH-Uk9Vdfueu1TPFf`~<i~
z>K?TCB*hVtM(v8%kz1>r4B=VL$+%KtL#@N1l&90uR~t3#8a|%D>WroJn7H-Q<D&Ib
zEMh+y2r~7i3Z#pShSA!AtY3tLQVw^45|8yl&!ox-MT|ORj~;GfwoGZ=Fij8pGN#g>
zoqa|b$Z!dbogv{)Fw=ORpg*<s2DfdS@8_fycbt33IQroe{@;N-0Vpl)WKH#;k$p6$
zL(AIcFfZa(lH186T3)v`&A8sX)!9&K&OL@yqOK<Q^SuRjg16%`3sj}?s`jM|-gK~k
zHCZTsaVGjtO<v?<8oO3gRWKV7Rt?$UneI4s{dpHr4&EX%oz^b#`tfT}tx}X%)W=V%
zuE;5qe3Vgw{3709xXlTYf_9;xPeYe-kJjQp#GE39yNU8r?utUZYSK~c%b~`aYLV`e
zBl+`hjLfnfWvWnLt<!56HNJ3(zgIxYO801vR?aUsM1GF+d{&WR6+lDn4K3lXulhao
zbDdbVr+ArlMS|49)|e4l4ZE7FHz2S?W51kjKlbE%v@*>+#hu324IN(}^nXk(G`%G>
z;A6Em<~FqI-A>_F_`-h_wK1dsr;Rf{c*8x?@sXq=X1wbGR;;M&^_T(|w-&rP1W3^k
zQ@Q*HNrS9r)ln(7?vPL^-RZ^77o6g%85<Z?^>;n35nh#=1lrB^9M5J>xgE=;R%8#M
zgY2q~0fkBGJ=vr9ulP!#C*~;qtii}L*FLh+@pmY>E4{(pvXb~=3%YqA9p(z4ujlfU
zF_mkPff?fH5a}GFQxf&K4FbvQDWbC)=QV@GWm*oNdQ*vCTu_x@w{Hvq!}HtZ?>f!V
z+*iUO$Z^bt|HuXrBF|hQZb|nTTlQ$5_<6AR(c)$<5&*o&RvftjtaH+uRd&lzk!y6_
z65Op-_n7>>V6ia2T$irGiv+PvYu2CsOobqzo7UwIbqxO|>}>z^-wDf4354~`j}Jl3
zR{LT!Yr&42`-lg;0NW`farbxs`ux`*uEAf??CYU}mIj*GHu)-v`Wa*?lrv{3)dcH5
zUy?}MBwWw#=yI9X1X?PyDC!ytJ2?7Dw8Q8IR!a*oL|*qmbQ|M4$&1I`STp7BMU0e1
zC^r$8A3zZj7?(0nL$6q*Gfz<S32wgHuD|x^n41(ksdyjFiIU+s>w5nq=83{SBpNE|
zt#rcz#1%f-@#zBk+nO<_XQ@LI-Y4=jTXs@xBjRU8$yV}@?aCUawYkPe;;4`yo0ZmD
z0?E3T9CsPHso&wh-@9B~zXfw$cKig;zBjIbD~ygIfA%{;Ph)6JKX7TGj}39Wr&D$o
z^Y~MNW}h{B^vF(HJb6`EU;d|qSxgkp@gK>CMo{XZe}AuKz`-6}{z^}08^7j?u6IM-
zKpm)3N<ga%@rxaM(7+LU=git;sPb{#KG7=bYY3XEf3~e57=*6Js)3jC@S~MWDg|_n
z+~{5EOEQgy-{ZfWUP`-KVN-i|D2MPcBZ9|;pS^R_8|PS#Bct(lTEB{;yKZ;W`0)wk
z_B$g`Xbou_WrC+vXT;{6eHE=<U&#vcw7Q(vCS<l374ro<!)fEq)vK~*V<)|ilNq*%
z@q#fyKzY7?!g9HyP?cH}gE6UHVjK*}|CVumD_S1tB26zsb5l<6K0p-v%HFkf!`P(Q
z>m;tHh@<1(!=ENaT!TIza!j8-+D>*VBT|tT3K7$<88{{5A02YjTp{S!VbMPwxPS6$
z$6i&NzF0jrz(Y1D+<u;R?%67_m&iQQ^fmKo&7G++uNm>S>yUWYC<UW>p>F*q7W0#n
z-e<R$9q{<DS0siOe$H3eVI$Rf5@#|s$a^B3^syzUjtdL2$5yrK9d)cv@IEbz2>kJe
zc|2F`+WhSn4A;Up39bk~SoF%a4l|&aETUHvhOjFg$$7gT*wx>Jsy-!Ax~qk+KYnb6
z;$SMn-B#|3#8yhBWebgFU61M`*E!!kpV`bkVW{d8`I2f2wU_Ucnhuxc*3G?bF$T(E
z`|+Cph_}V(BHfBHQPiM5zTEfu9lC@RavA>$p93312=d>+0weoM5j(LP(2wj_wKP_Y
z>hewTvfjkZ-Yp!e%<`O4DSejnhk?xXE-~aexP%M3?1`oR*<7sXFEX0g>a-Bdik#Xe
zLPK{81yo}#=0P<3X6TLkqboot>5Y_uoLJkWeQ$y*38jq#5dvO1=ys`NKDI_UG5dwj
z1v)eWg2(unPwRd%DRN89R@fsYGH=l!Hw<03lx@Ry^OBr5iyM8=AsURXK4j$Kgono8
z0`RCTpWr2$b3m8+TP;z`BWE{JyQ`03={ZK&<P3e?Du{%VMDp;Py1eGl?WMlvTd#90
znvd2Gj)^Hre){&raBvC`032cf7enUJ!Q}=9=-_z;1LPfhzO(7a6)iSE6!6bxtsu+Q
zc19t>XJ`!Ds9?O*fd}ux7ooe=>5a4y9p3+NW32#4L_0IrAu+$)&TAhGo(g(J%dl?-
zh9c})ABS=c)Ky|NBcx&}ny^~nxSgo5OJJi+2=4ZmA#|u0Q$Zanwi8)scEnndST5~1
zjK9oHkoIFj-+BHYTVEX(<<_<T%#hOE-QC@(2nGrW2ofSCAl)^zNQz1eDAH1jgd$x^
zgA&p$-3>FpJ)U#k?|kp~`(v(a9LKrbYp->$d);g8{Zvo?!mA=q3>kWVD|2!ryn|mo
z(c1Sc5W#HzXJ&WN>HIb#+rJ0r3-Mgh%ILy4wN&qKVoVZ($O;E%uB-=Nuk^oj)(CpT
z`oG&}r*MnmHVD*kYxBcBxn>gi)V6<WUt$r3+zoW0`8Xj@m_*IXml~UkS05Z+`g^fb
zjX3@G7M0l?*Y~Q?L%CoaH_#Wesej(F%EL#XCzo1wGj&Fi5havuNsm%8C5C?U%1|Fe
zKKq5Z(9WWBDvGy>{I(j=nFal4*%jWVhK%6}d^zldR-5}*8gsGSn&Rd@zN)E)dp0@j
z&-ch*MX&e`5&cC2i^2;cqiUN!BNw0D%EiBM@oB!Dv{GPl{t<KeFD{fS4E@gxrox)$
z!aqV|^c<}<C~1Op{RI*zy;%fX5!6HvqLfKKA3L+Kh5k9|^90TUfq8v#^BwN%N%fn3
z)ovpx?X+apu18NCRhjp9G>I&`yw{1Hm$1ZHg{qLEQZSKi8YpM3ReFI5Dw#3Efp!cS
zO<m{*R19e!HR1?zrn$4_blR&nIfV39;T@Gpvvk91{rp6H>dA6_;}X?b52RujK<>!&
z-^MnTVy@qU0$#U@G=2wTHqU8)(_497*N@fs+NtqxA$1uaF}~>uGUN8h0~@BpxBoCB
z6UJ8Y??hnyK4;men%MYxvSsS-jR+|(*Lm1qTZf0pTTtwwz5sseY$7$?diFs^{jE?R
z=wtytun#479i46rhYjk>^0!?vKXJcNztio@{`&nRhI-?uoPPS_6K|8o;dqtvpI8_<
zAR9myC(A!&VHGt?bWoG52Ob)*xMLvMr@JkW37E>mKe_tx56oLJx=-W$ZWw9;Gh@fe
zotw%bZU1*Y%#vuPcO;!6n&3BBJNjp6w$rF(C-wt4grQt0nH-W6Ybag<meh2%@JXv%
zWcJ$wPMVK?6ew?Q_@84&E|d@>Oc-4cn;(F!3uq9+=|gx?t&#b<R`=UlF*TF@yp`bT
zM{<MEU2W3J{6gnq&l!3C-n`rR$m!zeN)R=wKln_7>GVq@Vsj~Ko&jRUnY?vFVw9f>
z>fIE?y?H1=13gG1W?jrgcozrXf+XmOnm1F`nry><R^e4wQ<LnO%x2KF&hE;agnSlc
z%A8jEN@>@+w0aElV^A79UJ@rZU7Y`n|9H%dgp%#~w&*eNxBncb+Q(`dEnfk;YNlg}
zHP}(nZhasCRp#+!|KqU^0=Er4*n!8c5bM9Kc86ztq)!CKkYCC8UnYRfF7(kY<D)pP
zC*gdq`qY)t74vZms4BQR8aJ8t4_@4QARQ8y&>!u(OpRj9M)f$eZd1>|qy#$c&V+X|
zvd=h_P-!zQ38=IF#FsC_Db3H+0x)K`ZbFEy3-M=IO+l@kU2h=30;mWO$b5H%K<>g>
z5%7S5Q#`Z>U;_`RjU<9WJ+C^9O+vgz<LA(>4dS=ii~nMprGA0PXj-O2!R<Ldz1T$B
z1N>JU{~t@d8odP$F;E;#TA(da^Mw{nzD_0f{^JXx$$<+*0yD<3RRkDr4(9^{iqS(E
z>^=`i56XXf-QqdhzKscrxp1jjA*lLSN2>4zNIqcb=Dl##N3DbQ@vEbl`z*;?)wSFO
z3o|OzJ7?w81a90xdp9q>Z6k>`gq342%mb*eU%%c(wG~y56usDFMlv-Vn4?%4U=<dA
z=k1?~rGQVEBy3|qK6@jAG|<$_J=J9E8y-J<P!u_VWUy=uDLpyI{8zZOawL1dL_Lc4
z`tIeh(nj`pp)K)oTdLLm>!DIpwW=R;&ec!BrcEc>g$&U_3C0Bf;ygXnP;eUh9Ln2=
zg)zQAVmkhZ^LVS#f+<|)mrUJ>1dcuF(|h|<4D58Dxos!SAF17sgq0ARMUCDbJweN1
zELAXXw0QeRCA{FiF6IifjiE{TEV4jXueR++OzmWve^sPcu@Qp(J<%?sDaub%8qaEE
z4sy#|KQ7-<I7tZ(1&#ohyN9c#t=)n;UFf&G3^Z>mP};pBaBhwg1a>LC0!uKdJTa_(
zg7tWM90C})W$r;gF#G#vxaqPlhDA*!E;P%aM4VyI$uKp+(#<M!e}Z}vuj;q1yqYTQ
ztrFs`P`c&Hn9P#?vECiNLV^Fb#v~)es3Z(Bl{z)C2(e#f?cXv8jYWXXPxM(j9>wH3
z$v`wNj0Y|iZqZ~@LhGNoD%KXX-&xbR6xZui_9x>0IT+RS0K!B7HrRs!T~CU37}Szq
z@1A7<=8)ov(nSyccKXybOUCCgz`3r4)MRCo&k|k!UI!~r-=z;e@+D9}xd$9cE607P
z!r3{hX$-#|y!Qfamzm4C?KdlR*&V`2rvQeX&!QtnrFM{jNew(Gg*-@a@GZ#j)i{vI
zK%%@erpNtGk{ww~2Y*sDX7*yUEVkO2{XDprQx}&Q#_C}Z*XM|J-(13HJrEHzcC;u)
zY_`ZKn314L<o^L7O?Jujk>+3Nu2vp88sh>If7a)KOy8cEcJ3H4@F#3Wst((Gfne$|
zEXhjN(W}>S-?yRI``*QuQV)I-rOFaacB&e-Y<AK=hno=Hklnt21rRNKF<GvQ?V1{A
zU}Vg+o{7oe+|R_4Q>0oBiM3rfwc6=sZF&Nm_V=B}O}XgIZbcn`X$;F+33|4I+zn>q
z<-J1Kct+}l0?)H9nL$198CAer;U~`BOv`4e-KsoMx~%aQhjRF(O?Dx>RXa_)x9)?`
zZ@C7B4>K6&V5lEfQR3?NMQc<`2*gjtr^Z;_CZhhG*#kX9C%>iB?=XfW*F)Wj8<-3t
zQ=mtYN(e@A#fZ%ptF~f(`3XDLzwz&B`InMDw*?u=|H1)Ey7sE^vZyfC@SlD-IQ~hK
zZG4D6iliOCl)QlrTx4ftyu%mFTh%-oMT6|-N;<_ULp1c~Xs9W+3N!{Lh7>RpInsQ#
zw%^+Xo@P)3tC+GX?`w6GR3kqCiG~HbuA!<g*>~qeO|=Q!NLywi(sJ3#9845^G~VBI
zw5RT~${!r_?j47|B2qnkL^<*td5}<nY!L2{K8rB%q5B|^YtwnP9b;C-m31+Pxhyw9
zfDU%ah|Myq=`cR%%bwFJ7K)g`Dp}=37oSW@L{O^4kC|~ij~3X<JNj{Fbah~JO`L&B
zSfLCGkUmd~5_bDF`||ZJrLOUBrjH{3+hNQ$>cFXn$|XOg{Z#6h3_ebv*YRI+{o^oq
zt&D%jJOu!oMb)iqPiG<l#3hC_-@6r`0~NNiIsbN<3CL$yuH!GW0H`%GM=nQD*%pX?
z=1%Pto37tt2;ruH;6WDs>oHer6^R3|0IHt+;8qF&RtVTl2x4ybv~P-Bvh!c&KH0pD
z!j5f38d}3GRtQfX+-hGiAOB1#^7@1Zn(ce=(GEJGs3(GG>g-dcAup*#49L`qx*!`a
zQL5226^3YyZGQh9opH<>KT_JwHG74JvV!M;)$Wy~b(U+4HlWx(I%M4+P_(i9m(J(n
z4JnM=#{y>fI7f#zgZ$bvKteuDto_G5Vwc`c#h3@`yRA<JO~rIHP6P#vhXb?RV=N2@
z5PNP1W_w9~AtpefV`5S!mH^|p&J_>dfd@AV;tKZN65sL`C$>>AUZsf?|Ba)jI@^?i
z-y!XLX+>lFi2(V@zU#c*d&gtXe4*EwvlY45`Vm=IdW^!@Iv?)uR7N`ak?ov|+&3)J
zhTaEylS560mEOBfD&ov)T}pV_)-KbK9gt`OACssy;#40QT8fv3=dLh<5h@d_^^H=M
zFjiApyYy&;X9_kc-nSi@fQrDEtqP%>AC#=57x=UH{;xSMa*%icWZxv?p`+!PP6xoq
z5sl8j%yHy?6AiL)dWWR#jgec|e|X<yyHw#E5+jf?9-$oVfAKfSdP46rL5YW{m2`uF
zpZm<n{D>+XxCR(z7=6v&(@IO6EFWo!e+C(2$2T-u1gx8~&ISh~kDmk5@k1H4psD^k
z*olq^^?QAn7{T0l1^V413#@=fQ&<9hklvgkMo#(Mj|1B;S&GikMqxJ=RNL{)CJTOG
z%*To|Nuy*UOAZSpCz9cw><XHY0Whj`n<VQFzd(jqT2zI`56}czOzhc6FQD>BFsAue
z+69Sb)bP*L{AQso)BZz1#KgZw*c&J<h?gj#4=zqy84rnt0v8DS`h{YtG?x^o37BDV
z<bV~xMyIks$G}VeC)vDzN60!vgBwwiUy1OgV7Z<YJSs)S;<8R0cOTeddtl|Gc!I4T
z`gF8TlRP8pLpxThiOZDL$rt4_MGj8Rx&7=@K?>zF41)6ek<yK?V$rW7+n~3T@~D=t
zeoO!`);2whu~Zzq=|dMbj|mW4;{B@0>Zxl*COf<;6OWWbVZx4^4i>;IzFG+`=FpdA
zWu-wr{`><+&*s1zG+NjQD+nnE2!8FcGGbe+oBn>5RDkz?O_Kfj&q04TbAEJ~)J^q*
z+5^m5{*4yu3Y|l1dvo@c1opJp4E$TMe4vLjvHB0J)&}HjfaCb!7KJj<t~8~4V#|cB
zm9#k1^4x1A<qLS+{kZ(e5(yteYY%&R)@uULAUB_`)ND1e|Am3htLnk$sF|}F<tFFL
zjsieRCH94yVz+~hPoXiZ(0)rjLFB7alaS`2?nDf;S~2DZTTB8XT2eO?OMxt9sCsl+
zCE2>Rv%F6M>o=1kVV7zw^}Q%3tY7%yk4%v#fS08ZRk70GHe2sE`@Tu?CDGvkX;%GK
zVua=APJw@)F>1lE&`RFjp9};`H(*!nu`&}#Ch!7H0tGOsw60eohjxxEtF-6-7{CgS
zGG_F87Y@I(G<?^2f)4NSf&eL$h-+VR=lr``VTK;Sn1?_Ev=f%Zaq8(AC}awA68=6o
zzv1}#>%C>to8|Fm4~BQQ*G~N-Yg(cjq5x*TySy}q(<d)5qt=;OK&nNZDI+P&FJCBU
zUJ1#wC+49>nV}>}2rO!gHGV>4UTY*!)9d{`5GpkuU^FsEG`P6{DkcAliyct$sl1UA
zmVIqN9&_f$*bS)uD`lb6k7zw-sa}nyU!kyYHL-dkVMqCXabm0Jx19rRdtwEA|K%6q
zI8D3>_<);l4uQc(XI`N%l%k5w(E4x*AKDgXR>nV-;?XJOq7buPuvPR=pfJ=AMWR1L
z)xw#WADpxQ<rrJQF*4W0#fUM1q~PGy`25g%D{BCl0%+9W;LY&Ca^m&~a|>S#+cW1a
zL+0k~fHP@yee!w+C8l)w?e_d&BPu3sfqomDqfScN88SrPtAl)8<e{8}3s-RbeCoU$
z1FE<FvP}y;=wu4paBmhJskDF`%hRSien<v6E%U0_&fox5bXnVK>|PEb;9#lWw;Zwj
z+)T*NOaym)LwATwET(<JeHj*}38PrQkaLgx7kZK~K@&Z>z&ZNO6q^<11^<VHjT9If
zppSkibPTOtnXS8ALIdc)&uY$p0Mz2Jc^&<k&vo0(2Hu%JEH#k?<}$S225z2MevaU{
zjs$cp?0Wf;Ip)onkM65GMyWWGisS2_Zf46^8R)~F%!HZ0_8k%iKB0_UR}KSZi$$xO
zY0$|zI)c`OQE_gt3K?o3yPu61f<x}s>-SiGAGQSV&ws_RSXSSup@gX_-|vnWq=5-q
zP2pl)R(Lvs#1Uj7sAeV~d27lSZ{Yq6zATN}9CE~X8>8yB@0{z|oWt5f<}R7hSBC9J
z@B*>_>mASD2mw~%xkR0Mtv)Z+ER#@`Y*0e9>+GNy4}JMcr_q+6qb8_V9O6d=WRX)+
z<<-O>bkLPu$n|IU(e<&aU066S0&;m@5aP=N08}~QSfZk#UK3NWuMfykA_<TEDu><I
zor!BCH5sPs9hf3O>5d@mc0K5vX|fI89~LLw$p}XJzCZmnGuN+tP77f5&DOWzJ3`PA
zP?sc2m{8wGN)e?s<jtab8nA&EjiivsV?JXMsM_FlMiBL^#`q1W%KHg|VXt}cmy!d&
z?shoih~>)r0?76&@s6o1pns(fL~M_Sk>&)^-2c}E_^)pQmjG8rJY?EUp8t;wb+~Fk
z31pgzAC-=4Y3P#ec7Rc=L$A)n+5VFmr3o~{sLmScyicO@r;^o5g=AJe2lap>bo>Mp
z3KmCo#^%#(p;Wdj1-;-{^JrDsH>*g2ZWV9-irr{`Z0SyZ;)Rsp{TbVbGt|ggRD1RL
z3roMVnTmNG^Cny5uyc<e+s@^79smp}Wh~4vnqmnNaO`c#ko8=V6idZ$Ssm9HXRd}w
zm<EcAR2NC`Vxu5v8reO&fq4+S0{v-vfZ*Vp0-B`9(Y+i=Y8(>0?>oP~Rx|`B2MR3c
zuB?)cq)7ezFE-Aq05Lfhp{3=*!6tNsFnVeN<BU6bzQ0{wjJ^ydFE+1}S>r4OU9(k`
zcTtR<jDq5RZ{*H}pEnvod7K&J_N7<w|A<*+T%cheJ$-e#8JHzV0UQ-M`#>dHB_pp~
z2BsD*hCfJ8z8Kzh&cXM&93|DPxrRatqaj22>@`YZy{HkjH-VzP7JNZCW*$Tnc`X>B
zr^a`6D1{f8L;xqg9v`w(e({Y1s?Jt|LoVh%qHm$!C5lAQ?=q#27LddPWem_CR5X?)
zhn(^~FasAr+oR9#uP7nWm}?j@CaoxMC&=c8wi9WW38T_*#LG<GNt$`(KRVFy{}&y{
zB}Pm*2m$ej!Kw6*pO{(k0v5((_3$!}1MMa+D-|BvT?1|+%vh!tXcz$M6ygU?>fi(Z
zW5cG+-18>2zd%D5oGx>>GI-slK$pl-6m0nOdc~Q-dtnDs^_Y+N>bGHi<%5zTi2@k8
zVND~Hq*&7XF{t?4f%D`i%-QDx3Lty{=^ARhkOr3@m;}#IzlsZ*OI}t_w$^_V^!z&X
zzJCl3?IdqK+u&{5umweY>Ny>CAfC(PT1Gb>T!+r(G~C}CGZ^T)q<<REW0I&l(dr(g
zaCu97<Aqr*V~`KM-1s%|c#kE0vHJANuq{#if6rm=Kqqdi#^8>lqLOIeHj`(@`E&q1
zdPnz-v&{_9wOVC-p8bH_Wqbp1%$*-Hg<5~oYv3`5nT!V`ns^9q>CO`D{B@hp6)=Cx
z@}<8^fdOrY+sD!$8!|Pq1p9<yr71MhutPJF9bMwsd7=<SqO+R@q&PM4lyHzaTxPP7
zgFWSkr5Cj5Jn~cdR6XGAMYhJ>yJSMhy)SE+P0dU``CO@Oji7y_Ta7dhzfd|c*<+i=
zmXOg+NbDrao!be8ReTbocjLi4*7qFKLx4UZJ*i8oXsRbS6h8?frd>paA5Im(aHQ0<
zLAE>>i!aS^wW}z*k%sIx=o6;?`Z72^CB5I+*}?5vSxA#o{;HK;^J(t?G)dKcpn$hK
z=qq|Yg-9)vI`jT@X#O4jhyNHVHcy$PB_^sMck&vwGanV|iGO8~1((#(&4Kz1aMA~K
zEXahQ`(PA#7!4^x%?F=N$1crAQa%>Wy1GhbdH9$1<YwFh7lAYjM?qh(e72VgLo;l9
zb5Fu%kT(H@T8^X6oNM=Xj(6KoNPaX`-AQPOw^Bx8qpkKs`Qp>wu5-6If}us_I_Vdv
z_6gR;<rHpwl?DTN3?4DKNTDNCGaH`CAU5TP=hBTv*snygi&3SOo+EmQ<j+ju7pkV<
z#s&U?wF?+#7^{yHlhKTPt5VLY>G3P<YHG2_9S<;3b19Q;^3--nn(cVr0BU+U9%@kT
z*iorRy@M<Z8$0UTdK&!iqaROjRGk0JZtqWi?ZKG7E68LA4p#Xr&a3{Dp9QRZ-&T<W
zPkJw>8~v;AN;`&y`Y}g!wgVcVGd`|U%8{Q%{*{yP5fBR@xb=`kE9pnMuX^cwVXHf>
z!}IUSFc<$2*#&xslGnLAk)eoDjE!F;dOq?;3(m88*(Yu9os>}<9~&{wyNRtNE~!C!
z4&8}RHdKO`x*@3QwOpG7L}W;%epJUsga8tN+R?AM^xtL@Q1!hmH6DuaPE+M|UX^VP
z*dl_y)s}z75$iEi>Q~C&-<)p#wwG#MA!?Erxw8LR9Z+erPmW4NvLVz5zMng5C!Z`X
znuqwXIB-E`U0-4^qi(~XN5&m74mEG;@&y0)l`<1BmoCc?V4JrhFMOL~qPpFV0XBg<
zc}5D1B+*2s%4%Hkai^6$p^sw$?9}tJxD8zi>Ze}aU7yMWL?-88`Dv)FM)qHrln5K3
zCa`eQgY7?6NqUDg1<mS)L?kk&AK2?I!3jeT27^wy{IyvkEChmi?2GU9-O`InoSj*7
z<Q3%JaWJ)gFp4_WXD;PrC%Z8gwSU^r3RuoL(?#(ftl}-nhl}8G`R$7QGE{=O6XU0m
zt*Kwu4x1OBsz0qyjErpA$K;NLj0hIi;_#I{o|<p_ra#Ue$^*CDj@#h$fAQ6Qrcs%V
zHv|*TF-g+5?mOL|TPOXkSJ69s|N9C9UFC$KC?A9$XbOYa8h`rfs2D#H$$81HynMHS
ztl|wDjzlSD&F>i$hXwL6k999ea`I!`Cc1lcc6DUqZ_?F6{5JbBYgFH-6N~U>yFMQ=
zXOHf-Ji+S_SoTS%qhrXYLU8xhvb<z0G4mSyi9f2Id*H{&23>Jtg%1R<fR`O5g4UDL
zJF@q{!gQLJ4PVXFqS;M_voT`z!K5t-%udOpK#)?KuKLOKiYnU$T>g^&MRSMD7Ca04
z{>Z~|8eC3{YqjebqzKGVdl42a7N|{n(#Dh{F){I=kwYq3Jn(dlba_nH!S1C*9HuJa
z0$Y4^+g=H)ZWojXuiYtcwl@9MV*c|dV&?0C#G?$sIAO@)JL~&$Ykj2V#C_Jy6DA13
zv6ngx*A4I_hjPkT^7UY;<m*IvYDBI&pRZEpRP4c3_;rKX@3`{}EZ!Xu!wO}Th=LO;
zW#H7^xWalH8@c4tVSPUs-?ow4E+Xk$H}yj5f?|Ftc-CJ9#@mIYpWO-pp(Hd6Wuxm)
zIq%|XKJ22z^ZYgJl~%pfB0p4k==u3P;KQUx^8U6~ZZ&-1Wp#qUXs~SgO_TKbqvuO!
z!Yg~>cFQ}Ycm43G1aKT<tcy7B2Y5zb{iP$NXV$>iLJmHCH!>}?dg<J?w3+w3$cfpw
z47E2>{bS{{VK)z0)ata(h=XdRq}|l*&eyBIV&v6@%-0Lk{Rd?0n>dcLiv&`>FUo=Y
zu^nerjLP1v5_RKZB*6F~`}B?m2B`(Hknr$#s6~}qn7@Pk_9Z&|jIDI}$;E^g&g4Wd
z9=lMIA@X50xl>e5^@krnn-&awhhJ-W4UHUJ*L{-a5O7-4Nta{)@?*KU5R_XZ5Or55
zOdul<C6Xf~{>G6nEYonJ2<mwx|F%JaKF8iA=GZ|?rH+MpC|`~cX5`CDlq4sV-tEg6
z3BOr;pD4og%9U#beX!dddG~{#N#v%k>ilEs`q}yD*+kq!v2(p!xN%Q^9_kaek@3oy
z!hGP*<u>iV+?a49y8SetN=Zh+G9l}Baz@`CRas6LB$2nt-hF63%?H&53{NV3Fhwo(
zGAO0rKXK`P7KPOf!+D{O%+M(pFlXPy%H$QEq3R9=pN2#jbA3e-*42N7BtHH11Ab;+
zhZh%nS1$q;;K@ghm>g3hBp#x&26XnqI|Ox;$_<#{(;j)MkPm)J3+Mg%$?m7c+ZDfx
zWp7%ZW4E{!#p>sgVOIb-|6vgMg4!RGzk4~;b6{Q4nQFE2UNpy^ZnXuwBhS>FGu=GG
zrp|~HRp0MrQpM}IGT+<D)FxaW8~JFMp>$oM^b+45KUlKiz#)U58-nUm`bC8yr_!c!
zfv~r7B_?p)^xv2e&&|C}eQ5ew-TPwr;v)xKm7s6RIrdoT3u2PMvvmov(p_`ajsp-&
zgpZU|6k8PoKg}RT+7kcr>)3dmj_RpvEU&)nKG4G{`RQe6=Qy<P*+r5QUY*FQ(u<RY
zAb>p<sv?5<iM=MoPsZr8(G*n*C}4FH;lu>q>a$!R@-^n1Kn%0+H0QPnpFQ2glpcun
zj-Z)XCFZk_fkar3nuoIDUNaR1R;Aov7Q^HTv7jTcgW*Ed&tA}^;Bjzp<TH0BEtU!M
zaK*}c_0i!ssCCq)u9rx3Y4Dv={~lo<^x9296-6D@?{!k&AFWK=k>h#Ra+WZ&ArDI>
z!Mk6i(KA9B+udkq!vBLqBP4m}3nvt@6{E_(WLMO+_5rVA%Zm%5t50gBBhwwCz|ISg
z;!CI{QV-$Fb2F8HJ#49@ax08REsJ3O#I$26{hRGD7S9@XU%lLG%Xlyn2-kh1JKsi2
zZB$;}`oUm=#3QWqc%1~MWrt6SSOze*tPY-bMN5qfEK|0~DJry0@LW9YPKAZ+tjAT3
z;V-rQXv`ca5DXjULnGkNG#U;H4~DlN%gM9N6F3WUE$#cS`rI>M-sByQ#8rVeOVI4V
zE3Wgk6;n_xxB=H`^Y|!t$d{hSsIzuXjt0gX&o~%5mNF~#_{j?w&1-`bI5O-O92LYL
zV*;xrHizvVEfA|&mdMs*4|xeG`5uYtQbc@I4jl4^S2WOtrfYY!n>*lL3c(-^CH^m*
zu%#Mu6&<Xuc$ckuJdrap3O8PkNmD{tm!J_&UM7CflaP@&D)im8jKxs->pQ(TJoDX6
z-h|d>AJSYjMw4h7?xqo8EHSZD>3p6Vzm3WAMo<GvCq}<Y;R9Tg7{Ea=U)hMGt<vp#
z9azP}Fo5JAtNbn&T(5g5pg@bI<1ZC3uT7g0T<U5`U7Yt$<wm3#2Ru<lgb=$Pgwen+
zwGJ$dD_5ddx$3J?{o4|{a<+sKnfKVtbX#lRiQnVP^G2p>6Kq#Ln%H0R&*8yqtQVux
znenHj&}>G2xxzT2_arR_vHC);OEuRzn-H4yG9p=+FPB{9Mqxo(Z1G+?kai0Z1QmaH
z;$e(sWRi{z%_ffl^t$s2Kj-CJDUml*x;aHTOWN<SX0}*h3m4AnLV9XLY;fCboQ1c&
z6s@PDj1p<LRSD}le}hd_GkFS0Fr#1hv1T`BW5BXmJ{LcA^|gI!D%ckeFsEcJ>&EuH
zQW&nv{+p8O$%WTMzye<Wd7?s>zih+Y*#tJnT?o3jTNQ26fvd5kVrxKZl1~nhnYbOC
zf9$Yi@r2{0jYuQ;YUZYrrx@$P+ddlJS1tz3BK(z|Nu{p61e3~+xLb4*xV}25rcFvc
z(T%cZ8c9do@5#3}zi2Bv?Rr4aVr`a<>BT25n+fd!ZLCMe$SHd4AD&WncktWd@*dzd
zZSY9*JR;NbiAXm<`0}$*Q>mLi7=MFT!C6OvR|I+}?s8g9NwHj7ZEjlH>jU+tYzr;D
zKiGQtZFkll`GFhEpFD*)sv^J|L(s2Q@|@3=w7?;HaOL`IYsK~1`0xO8Xxea~PMdBI
z#72jbtrKms0oogqGvlv1nlUc4ln0g-7+7qHN&%Db6we*)W{C@epC!40!3J&X@-A9v
zx<Lyc{=~@#Hd)AkZU3a@s+{c?;+x?4EK(vu8w6=;uK0H8*n8ssoa6Uy_z+TPS`MC6
zu60%i9R&kdDOXUy^DIF<x&?7ns`67joqpI`d*VPJ<S9#GKs!Z_5E5tYZouQA>`M4L
znTPqF_c{!6(Mdpq>}n90wHPnD9|bQJUiKhCn4OCc-sKKW<c^S$%W$2u(VqJ<`RHi=
zQRx526f7mha9|37hSd&Wibwf4SrNc39=12pd_n+YsT!I{?Q<Fh+?PC9S?Xfzu+A=H
zAnFRuQ>6DYyh}6YpZ^zsQo*#Kzu<o&D#W0rrFDb*{db0ZVIAx+kG>;<=Xc|2f+QE_
z`$)c#OBXGg8!K5zHyS1hK3c9h`JL9O`|<JTGts(IPNl#jR{#*w%>E=lrH1{v_x#fH
z<#zbK(@+O(>SZus-0#_}hA2*fO!<Sl-TMI+%_?5q4FcZAcj}ZmRh-yvLE?PEot`v!
z`n-lLl7$PpIjTgyi8_=dyVkR^(-x-nX&Tiss^3_Ho2sKGtvuBKjSvi35Gm&=8WSG8
zBwiTmOEe~#hXWYpI~BaKy{v?G8ej*ey?*@|$$U<8+i2m!&bv`|M!!CirW?06F-Z{q
z;|LQhdVCe^>s$*%z!AbvH+t|QOzo9|2VV4zXX$ZLiU@7{WjNl+)kYd5L-N%0HyaEl
zZgi5fZ^Jb2_?$J6KFv7RoB7^|Q38XkrHy0p8;^MLTyUVL^(o#aaK3f?Hxv?HypZ^K
ze4&sw5M6X`+vBR3&2bIjvDU8EF-E~}@`b3eU7L+IVdSuQZ%(^-m$R)`&E?3<(yU38
z!PP^`YLrbc^8d5?pgMc>>TLs9{;ZyH?h07F7#&~QbZ;OWghN<$b!=}*1lV=_+gI7v
z?h!5|m6z0NQnY|{nnyG^8;!jjnEfYbu)r%AvFfoq+5tFR+2@^=6bY0S<9X*^y)qyX
zcjFF<5l=#WEGND5Lp9k+=l9=aWge##^}AzXG-5s?&q@mpN}&T;9H`4np}BU)A^TwX
z90n!rs83NLl4`;8Kqh#R01e)2QFpy#(>ke<*M~iOtf<nhS$Gt^&H`)yWcq`u3i$t)
zznJdJ5!`4kqU+ZM)1@C+n6`*gW~t|Bzay7Z*%JNC3QruMVuN~d&@ZCfh<*D(u>4uO
z$292WkN?HS-Yoh4v-xiVP4+az1mtsz3*Cu?EljsoGj5jsDJm{{LtKffqyApHE`C;x
zIBg0sAQC<8>t0;LDXd}Ya<=|aM!eS?l^O6PZW<BGmSU!_8~k()<d_eqw{3O!-q!Fc
z*klD}Kd8&M7~8Gn6#eNVtW;kud3C}G##8?Rs#1HF{N3?uF;s#_4ng%F#5Xx+wRzeo
zK{e$?f{;WOzfpN%Y|V(7v(f-&v7WIkYO~tdiU`fqe3P=}xvv$KB-EvNRayfg`=y4N
zbE*PfO><XVSmv+=jEHJ|_>*1jZMzt>h(bWrXPshLF^K`AL>)Q#?)?%34qiDf80}g#
z`g&5Uysh4f6wv<MoM)}GOxD<-62lw@5Fyz067S*#V@GW`3oGmD`9>Wjb{Z|=<v1Ql
z2#S&)kdhR3A99Gq?qAuFZF)`^NvR#$n)J^sKmfhX@z=>=?o2M1@6Tvb0zb1AmWIA%
z`*aQ;u;yCi9L%w1n|$W6`Wa88g;p$@<gTi96rYOfI4R;@4)W^TzBekyopMB2bUt#_
zA4X0gVKZB^u0vOjqKF&jp*QH<5(WuL5#iP7N)Y{W@qs%&J3ynG8CFrOj=cKv4I2tz
z1ew>Q-wvK^k)zY(uWIYZ*VzHWrv|f;ZEQU5$TRbH4}XPD1l4A@I#lRyg#WYGIIq-*
z9Pb*%cH@$fB{js{#KZr|CN!MFoT~zM91Z$pl43$f2iM=`P?6=q6SWcK69jzYGV3-i
zdz+#?-3>>w^)N`+t2Ntouz=sQXg5bwP>~EVpQs2S)=b{`8Nlu>cfz5QC2Dys6<+Qu
zL;0VH;1!-c1L+qwrRpIaXRlPb3{-|VRJxT@Xj9w*DH|Mk^ip02Vf=UImr;Nvhu1cT
zE+Ob^+-Xw0B72tVIgBb8D)^P2u1-yIqfJv)ou|td)f-VO-)grkF0}8L6dvj);HgV!
zPM0Jqvb^93awi~!Ah^lLKDEc<UqLTfN8`bj;S|PPRX~BlG>TL*qlvNTgbPD-SurTw
zW_yIfVyXv>XXdiLY=`>1h&F(o$-^PBenv~vgH`QagWC|ItGgJ7%!TS@D7IGmlXXt$
zBU>gb<vuI<2=MFr7QviXWD=d$;NaBDdpyr)P2L*7sqzb#F<w#`<of2G_T!B0^;`33
zl5q*kU&8-;ud7_JQiBc!!0tXR=e0EbMJr|)BW?+DJYO~U@Rz#Vf8+zF?tSTfbb;Wv
zg87b0TzKCvz5BT)y0ZPY%HtA&u_6!s5eGnW;|AzOep(r;16EG9u<}Ti!A_hhA;hDP
zE}p9{)%9Bef91vF9m=~ZMVLZc(oc=}O++c<98h;r=2fmzku!nRYBoWg^`Lf&_2F3(
z`>HY7dl*w;`<>Y6ctOMQ?391(CK4NE6p(;192~igr;~f7DONlRf|4pQ6pP_6t<T^R
zaV;|5UpXu^%?Kcb`P`%`{Mq_N&dVL$rNK(TgNiWmDj5XM9XI!3Be<*p0`PRKOb2M?
zKV0B(2}@sM|F?Z!N=vl>kC1JSkHwc)=YIQE<#HSwj%LfCP9@tb2DLy(y_I9Q%{@_}
zUB8Upza*5NIMaM@=WJC>7Em~mz{apl(`e|2%SDB_LDr8=AzU48dXeTGfwP(^DUe4d
zwD6%k@ZpKUEFTAS6C-7VkZS}Pu%M|R62NnG(~tOVTyb$DbB97$biZ<RZ+1hR^>$oq
zth8BMjj&=It#f@>CbZ~2aQEdzUU<w{6@?X3FeZhjecYz-i-ROznACp7<*~EtLAg0;
zoqds6fAmxXfLHbO<#Bcx&)z54&EZ1fTR(Iln-8y9D0f-NB|%!4RG{a1_i1*8%8nVY
zDl#nHbW=S9JL`MIjkkzYVT^4@l7*x`BT}q3(ZHfr>HnrmtY3>608cWCcwl2XM$0~o
zVem8VVMONY11AqOa6G23GxB7m0@ZjXQJ*DRj(S6Dkm@afuG$w3s?mih=0Aw3*tIlb
zS$9PX5BO56t?vhAw>r-o<~FfJXuC<=WLF<+sy%SHDba{`)2&h)d73F+Xtdy*iuI*`
zrunP-R>#NOt%%`rRBLm&GNgHj=6r{z9`%F$WG#YwcVcW1H+@%9e6K$U43SBUmFryb
zwnR$2`hD(6_N2@_yn-;sHE>hS^ueKYfT0oFqp7!L<_p_JG_nDy_vwO8hTNY{*544m
z!t=g7<gG&8HMs6?G4f}>7<eLj{qR(-y<E8pgM60C7&&rsE-?SpBdX`RIc}Wu^)a8c
zn`pA{c5&co(Vf_hdq%q&+x~V*I1l4`{n=0bzjAKWPLe4afp~u<fUm_0;JTu-&#Qoa
zY9io*ID&BATUgfUQvE0OLgL-YrrLUO{f%;))}bsylNt`5SIhEn1AdUvaPwiL2tT*n
ze1z*ARW-GTCzJ1aAD!(DaVPc}x3U}Xkq8%Bnj$rKOLT?Fixy`-@n0o%Y>E5m>hSH6
z0G%?GHz8ek)YhGE<!c7RX(fPaC*wmbmj@w2SedP+__`E%-apM=QdJ(0k5Q}Mp%_8Q
z+_~IV7Y`a-KU^CkSH-9E7l1fLi6F$DMDnx&f{YbM%=JYwUlV2G?htEP*^m2JW0^(-
zb-LK7TtLkXdT{{nAr@&Q>!nWvD6HM>WyoWqwQ|QBJSlYQ?=rrFy`TvD$lkKcsciMd
zF*|%<XY%p;j=7f^MpS;Z8M&7(ET`B)k2;&mc^IF+is*XsUhNYCBRYhCyxv_8UBOJZ
zS#(&x7X9#-eD_E~pU$H(jZFhOQhupTXMGp|;(5-)g=oYyHVSY#v~*NS+!>OH$w4t9
zCbUKH3ZTBx>*x^hcca5S!Nsuuc<dW{I@=gBniNVvZ6dqJ-(r5uIxZJ{=RP7Mk<k=@
z_#_shjjY6o<r=$%IuT`}k)oJ96o3BZ!24qFyB#3)!r8%OKs~ZHgKW4}SzoOwqGlG3
zXQB*d0?S6v$juny9s~m&2R`F>bUl_qiNKPcs`V)4I;e?Ef_^&x9!O$wh7bc**ZVnU
z^L%rxAMQNfJ1B$K2gZN`+R${31@hJOf&|ss<qcMJa|~+eKH;hK2d3FQeoegNCk84H
zmT@20hqruO!u*$H|3X5A`20wKf)L=k_dY0+7$spfkVc(w!v{om-aV{%CSIYi@$B>E
z!MFDg)D>crjPmnk^FDI)DSKqDr4sbfl6gGyKXR`NAnx`z?)O=1pfl`({akFfoK>4p
zJQn!Tmhbzqlj%L`m^rKLFT0-K`Gr|NMs~6OB3`rL?T?o7(vyrO7sBArbyn#G;x_(u
zR=15XLq9yDrS^&JdiDDuntYvjP{^q5BcELR2XP78@MOJgBE*CQ0pj{)PmNn*JY)*L
zr?v8amnUV9=0z~&kbLkgS7jX6C`EO$%+Y1k$-#K1BvZnN3mCJ~B@Ym02A#P@_@RgZ
ziRDMXIcLiRUPrGm`;t&-&Xw9`w@EwKhh`(UC2ugHu=9g<q!f~Shm3+3Zkx|F`)@aY
z=~u>Bi3n!<HG-$pa6tq94bnf-Y9~jPM$`ir;K|w{GHoRuf;irs`<Y_#@IMMmj(JYL
zR9u5efuGL$q6(2=I}8#RJ)Ct#I(N_Q8q8=R1%AIw<9*7}8<p~`o(O$`C?gh(e%3_a
zkkRg^>|(U_=?CWjqOZHa<vT(aNqVj{6eeqkhxQc}!!roXDYY;yw$Xnz_(S*b!UGM{
z*z)rh+PL+2cjpWe@d`3!7;Y1HPQSAl>o~E}td&PL%*EO}WepqWn<>UbunLWlEQJNX
zC|hv6CsB{D*Id?h?P?$vpHDBzck8hf7e?@dwTo@yLhG^5F}|^aQlY7Y<<+W<v>ZSy
zrk}lP8q>wi?E?XhUN_fR&e7!2{esKp^_7<FzO2-(rO;2LN-kP)ZACwD-#_xVc!n~*
zaoF(Geyhxgi3AaI#a>IG*vfSAkPGxF)=mj~Y5xworYCm==O5l&Gw4{t0*?&q|HyU7
z_qbglUzj@(P-{shkSMPG__4BAuHRzd)KvN?_xq=Xnc$~U+q99_t`exP?(x!fgG;sM
zEJaCy@?vod`Fac+;;CECO+kFA_u%6CiWE~~K4(*6+Gm*dpQEi;JmalD`msQ>Kh|0+
z6MR2v1+&~3u}Y34R^OtFotg0`7s&86QrKlje+fM8&|SvK{tbBc6KHijS$RAlL1>?T
zEdeX%<m?ut;(4of8eSnFPXMtL?rq3W*rD4$H)r!#))?^gxn4G-o`U_(t=DFy<Yy^b
zcw-&Kzd%-AF!v>rD7Dx{{a@K4?%F3r*t=h196w&RNOChdu-A)5c;>4c<fz!B?mxwC
z+R80E!uK|;>841=kkUAvzx#xZ?6LM?@_kZDEL?$aEwAc1GJ9iN0Dz9sGC%cvK8?oF
zkL3?G?rFXO87D|{6&<dNH}Z>HcF`hf6k-t6hQ=IXSZ@3#P1>L1T4Ba(Z-gdnkh{17
ziqs*-D`oS-w&vg=aFM(XE0(ky;bGrcaRvJ|?>f=8=<Jc0B}IY%EoO?1mGeUp8>|Oy
z6xsNx%d4T|W?N(QR3Wn)WF6LKx5?7)MEG{Hp_%6!#0{U$S8SCPOrHeV@-qf={t?-Z
z5C_YTJFu|PJO5%@VW-RlfNd?0J)M2anbM13ta++eg*;tipDp;Ss}b$BD<DCc1=&$N
z={t)bf82O<<ud`KRXI~y6F&TECr+oT?{t)|ragErjQX0@55-o?{Y~4a1MW=CN2HP?
zszLIVoqsaDwwd4~!B>9xO*g99H7>ZiI80sk?|CL7TE4sIEV1dIdr%-iwP~W8RvO5o
zd#p&yqxBe}!4oA>9_sph^o0wNZx|Qj9(aDlf8-UqgnO_tDNsqvymTW^ZjMJ8U}0yq
zR#v$zN{$|_T|R|=WM}3-X1HEgbZ1j~`!hKJWVZJT{dV*G4f&X?HSV(}FR@oLeKK#@
zTA2@dI!5nC5l&$2JIj>R*!O*kd0Hg!&~${BJ!L-$o&2`KS@Maoa@8>{W`?@R*@YU3
z$~M%-9$deJUs_$ML>?AgKjgA@Rmuxn)2gVEIlu19!{QY7{Il#Y`xuCDB4x;qADYM-
z?vr&jVw{WM4YC#e*-bh;`JghXJ=97~j_l0XV0Lwup_KA@%<XHIDYks3V-Xg%hPm&O
zanek`dAJ|r{u8)NZl!VwuF-&z3|*R*_t~E9HRFQaJJEWD$ASAeRtV*$d6VzdFqwF)
zcUycgdFQzQWTTE-<qk!I|Em2Xp{$<ziwQa6uA5<MY+K2QeG^gYFM<u7Phz$!gU@cu
zoQ;;tC^?8RefGwT@4F~fKb+}D9n)n6{)Pn{47s})A8;dIpRs58Sx{sJFS0V6u8%&!
zZ#wIFG;ncdc16WL9S6$cnO1j(8Kr}^BunAZsu5Od4O~oBC_FFkK32|S9$l=rQ!!O|
zDha{jgGPekiR=*~JkMR<jFvjOM}BzTy||P+^Y0Lil7fw;ho|2){eH74l85=m*E4g2
z9Ks25)x2?%1B)^hHc0-O$)}mB65C4IU&LFd*R|gNZ2Z+fR%iAyj$X4SaV!q64f(Q!
z(-^HlQBJ&AZEg7tYElIXZ8{+6pmm36hZ+la*0QkLvvVIzsXDHCBMT`7D{YcjdSQrI
zwT)WZ$h52!(cV@py#OJLX-`{*)p;D~7pBF;Bu{rUa*;mOz4y8S<?lh|5;!^D8ak|F
z-khF{ax<0)cUVsE#<O`&SK<Qj4sAU&#msxje(oji!#0c(`cIvsZkHaZa~*F%EG#@+
z16BJnpJ;4uN^8Y&rpZu?)Jo$th4XQEQhrFWn8her?lZ}88yyCu4ZJ$wD43_Z8mcai
zyg0~~x>BwbpbYZwVPk{!J*3k)Jqi9`;;SLSQ|Yy=xg4Hi^{WJocnQ`YB}cLk&bk5j
z=~p^{!1t|kud;buJ`8s@3gt8piX~N#njJPYQ)&9{>*uV#DrpXwQQ#ebyj}jXcK4(6
zhh9E0fZ^2<>S|%lE|;&eK&S0rRQU4>8=n^j@(hGO)H)?QVfsGA2Q%h&XCeK@x~$Wz
z`0b(D#_Efk)GYk(ADw(3M6v#hk>-kn2(|<foK6+#JNo)p52X)N=WxsO(YQKzH1wmd
zRNnpklGf+e*Wi_?+9oAQf{kbJ4(rtF3LS&D&8Aou8k!-+-$losueP@S+14YUJkR%A
z^7LWB3d1g<63nA_`4aEGPr6@;B`HIn5^BBnSeg6AzH;yi4)o3M5*&p2%e!iqxGbE)
zrSs2Tck18fzTxfNibsV{O+IwKWE%2KlMwe-DZ<?cMs#ZXFw7lJmHG6?eZktj00Hnp
zi+Dawbi`qyJ(XBsp`FS<ObVZ(itOlAG**WYXc=Yh3d&S?pM!}qEO62LI><s!tBJJ6
zrPtppZ@?S-I9d2GZd!~wIM$zucuJfgVaA_0l7K0elDR%IQc@gIy3bPcDSSZ~6$W~x
zHdwQ(j1U5F)~`zwAFgN5Hj^GVIk%ez?04{=AWIEhU7I~(gORisyGRqp5oV>uC-umK
zg{Re@T6z*X!`|{_p8FU3)uF!Ep}&ldc(BbQSpE<~<`EbIgeVQtbf3vgks&x~r6H&#
z9V#_IB;{u$O8vB_M7&CwXDNH4>U;Go(8kymb@YK8;5P7ZrKNs$oh_+~EwYSa89e0q
zKdm9AGrXn|j*;XRMP=HIx0e#daKlw&z@}z{cdW@ue+E^HB6kF|EKL!F9<Wq>lSq5-
zNV!)$i#M2st^!49p|Vv`GxxKwTtRhMEnXK-TVICdN%w+SzHjZrXUCcXwOh}uR_CUW
zFhm2q!b!hXDav9?()MriQ(WA%qlIaEm|d*mbe;D}Q*SJvX*^%(<xfY)x|iYY1#hdg
zn<Kc{E4$e#`!?X=wgzu%Bk_6FkNN&VSu?h~T|2kEXcpYiQR#g&jTbf6gBn}K8<L%<
z(bw|DeidBQBG+ZlIbcf6VC3Xc>2=s&?ux2l<$0il)$4$Q1IgXuL>Jwi^198CVC>uw
z{&1bQ=X+!6K4P5-G{(P0)vOE72uug#lXu3cR+UmZHe3>HE20SAI+e~kDPA-9S?l$t
z<4joLjN~d2bEM=<aJ*rb4+ZG-+16P{jcz(_H62Aye4;|j5^i;da9uJ_HP8Ay94{R>
zo{Xn%S2&2zO&-|(s2cA|j;xU0v2KnS)>|R!wU>y~=tB~G>%>PXqCzKfF{!VccV4vw
z(BK}Y>SVzx?mOXR9DYemd|7t9|94+&VekR0kQKp)=OQ4;u<u;!@gDDos38j}IEQ;V
z)FM%QNflW;ui+=d#&`4MuiFmi#1O2OMZ?q4aL*)F$uSm>6w$$6{z0=O^{(ML)(N<<
zGNTyYk7BEC!#r5SffPv*rPm92+w<x*9G~vBOEks+P7}Mj^~A{c6Y3t;n)YHTolj@-
ztiB78S8YMd+KsAvykm0Vzl&xWez>;>dQJXAYUmI)MYtK_p|mLsppInxD9cVGc$aiI
z<w^%F?(2{FSD&X^k({Oo6o$p#gWyaq9#+{;KSgZEw}*P0!K(YzXS2<%4la-1TJ{pu
z@3*P{X_-mjWqOLIQ6sR@5@W)r(u23R`<0qfJDITk7w&F=Jb0CmIkKy_+r|Bojeto4
zw?I%(Vq`}7lAD0pt;R2PKsLK!bW;{pr8zkX`5Fh5W9AGv3E35qT>J`sa;0hhzyd<#
zEEkXPsaU=ue@VtvtWaeLlj@{a{hrctoC8R#BC=P-Di2aCqfoo2u<-V_31)*RfjMgr
zzI$UQM}f`5h3d;$7hfJ8fsmiYPP2Ol>lUDyjP5<eU2_Hr%7^Nmh0YBq|AAu39ZDZi
zRjQo^ugt1YB8ne3-gs}Pw<&$OW(;O?nhQkYTnB%?Ai#vx%KaJ5c_fi~T(P17(ItdF
zzSa4-alpmkQ}!4Bd_VKHx9chT%8*EtOXF8kgwwFx#{SHxDIhbujm1qBTBh6A+_Aip
zf6QaIQRpvpl!~2LQ_Kc9%2i`lh>r4-eC)%tJc=d(x`1JK(~wf;dFJ2B?|_OvuB=f8
zU03Y}(D_e=9qwY>VO<mn^cA_%^VNNX0w@H&^UG%68Z}e}Ikd4@UP0V7hiOJ83P^)k
z|3#R~Xn#1Msg=vQ(f}@J<xbrN0=xy<GL}VzQ5(w`cSRrTEqvje77|X2o<mDq#EMWO
zrMsxl087B(FB(v+%D(;?h~!_HpRreNu^!CEejYqneb27zRz#BFgggw$R39!f5NeT=
zb~R6~s|2}AQizetoUVV;R;jC?xtI*S6$StLdOGJLUZN)(4%r(9vIdGtt02%}s|LMM
z%u<Hb{boA!rpcJ^sam+yo}q9y`q>o3%*t2D{+h7pXw`*RNP@aT=6PSoTN1<G;wBFR
zgIN`FgzQa8#^ocEfMLP{F*Xtd<F4A-wVT+X(B%L0k(jmr;N>0N-a7{8?MTB->E2=5
z;4@jeB^)S{3{h&&c;xF|rJR2*`!GE!<}=^GAZ7{t#j~~MzETz4d!h<@?sKV$@h?Q9
zWoSs_7+Ecim^}zbV93;!&1hPt6#dP)t!MU3Lg=V0GP{+!w)vD-iCU!nSRwx;t5cuY
z_J;SD(1*9wvl-ECpg*D+_PeK}PYrklI`VM9FoW{Fyb9emheu~0EW}d%SKb$?4NH8`
zj8jYscD<m(r4&<n1NCjJ>DAqPsECyvAH?uB?&I$4&KulRr7L4{#PZw?F|y7HmS#w&
z*EpF|gb+`|+Mv_v@&`L?G-85nGP=B6sdYXPnUr_rxfghB9OcO_B^c3LlRbA{V;1rA
z-EER;OHnD*1?6<`oN=uGnrIIy06s>a;^j~O{mDsKzCCWa!0%TO1&$MF{w`{QAqlEH
zY#0>oISQ1Xpw&juDfofS<snL8cZYf(_MNrJUUgr}7L1qdNAAyNHQ@OnJVuT<mxB_<
zgBJ<dtjK<%ypM@A20W|H`Z@m&$EY`07855F`IZijP(BXQkg}Gohmm?H*Hu=Ul<D-F
z4SmfdX7A(1CigL>&QS9^atn96b!l<oI~H!Zpvf>s%G`A#YTYAa-O<9!PPN5VA-J5Z
zNa|F4S<g^;az>f?{i({k=RuH#9jwr`&yb=?NswT_yw0*X<;7<{7ohvZYqlTT$6xKR
z1n(WoXPSzeR0Q_+n+5v$Q@6JApQ9GD$n*VV9~K|C%e!qe2we2dmp9=X(ab-4HODl@
zun;wMMO7w=?wNSnbC>R$2<JO=Whql?9tNcE0%a75{%&IAgw(YcwSRvJbu8gr`KHnb
z-YvSVr#3L8QY=r)I(!GkWm-$*lW&biL6RqUygB;tTR5>o!^sWDd?UdZT&CQ?kwC7`
zt=x#f*=lWD$!<E$R&K{=jcPfq=}%2T_b{cust!ve5jk#pN}Byxww7DjIR|&X{cH`s
zOA(R6<ZrZq0wWK5C(__H^YQrN)AKfIuj9{ny5EYzGxeqfVX5D|Fw2X`@aixpL*wpq
z=2Xez&97;{HbC_5YLd8f?kFV|>A{yfM%4upRnrZ=*Iq0z97W#cusnHYk(GL`*nzBi
zakV{r-`X5AO5^vTX{82UmdZP-5XCDA<;4>7$9tYysl+M5`k(T2drqoTO|&!UN%ZbK
z`Y|cc+djCcE8r+@IIHq)p2Uzr=Zd<Kan|6myLo{DB=(iDBUasyW1*AeI;u}!_}azl
zI_`v4u+JhF{bi~XC88rJTc?JsB4jgWRjGJRbs|REs=#35=Ap+3iU070P?OjItxlPF
zN3qCl$N0TgWmi?1mo)IGDy>?Z&Q^J0tmgLdr+mU2Beu)95rJOLPcBJK@KgFvj>ALf
z>OwD0UV)D79WAG_HaGG_77h*!(e4+Q&!=yc>1>J~_ZjP5yT$*U>;0$>vVEtd>5dkZ
zjxEHzO`cZmF#m-{R$sDzDnVEo|69K7nzd?hP#h43a5V3vqWbs~pJWYlPyDcc=FURC
zbC~3GBp%$_ouCXaz#6Vx`_jMD9MeDlA|<<%y1XI0e8vY$xj~VrvEf{9Iq)c?V_$7l
z7+dpBt@oI&z)1jn8pyUl<OP+9#kUmZ1#|{h1n+?^h-+L^XaW~OW*<V3{RfkBtQ?6`
zGAKu8@QVq&LL>qUBKbM<0}M%G(W~%d+C3`plB2LQzW?<W?02O!#vx_#DTLJ^+Vib3
z%uLrUqQ?}%hCmSS9uY^bQz{>#q@9!zi$89B&F(*7Mxur3+g^c`3j2CA<=;iU6!7mR
zPUyCtAh}i_)T)shwWq~0-{!cK9@TMvW6WZ4VI*~L?Nk9%%q1Qq;o1AwrQY)6JvTOt
z9$LOCapkE1yQnGPRuD+AaVL=zu`wiMNg=7>9d7xzgI}~w%G;h}h~1CYw|r2rCkzHB
zxzK}?0m27Gy7DK7IOypn^uSa9lrmY_3*{)cZc~eO1)iE7&F;^QsVPCFl_pTvyTa?w
z26d`sg;L|cEzE=$0N#tVCTj?AB0wI0$3NN08}vD@E7)BYziqMcB4IvPwBKG~`}<HD
zU_IsyQrG}hWt99sXeTu&-ul|-?HrE<_M`rhO-%{JnQ7Cd^UzNaipc6#8P=AVxwY*@
z$x`!%LA#D3Gqe{3R^c+<;)RXA*@zJ25TKXy@;m9=y+S=WHbZ~N|6}VbprZV`^#_nr
zX^;jH2|>CW3sewLx<N#`y9N{yl@clGl5Xj4kZy(^LKu3ep$3Nk;rHEd-Fv_PU5f?G
znm5jS&fd>{_CC)!ug=}TPaIe$xqLzg5gc#N$xSAKXJzNt5o;CfEc%PwuwX1P0q@;T
zvl5KB|3UsPDZvfw>p#l$fYLmFYACQG`03NTyKEW7pEkx8-T@Px#yr+0FEwI+)6;Bn
zA{%F|8^W=2ZVbQYFwK1GmWR#p=igd@?dyqxeO1}eMOwJY`4(S`|IGb0pb+G}xCP-n
zXdboOsKRuAosvS~H%<~6l|%kjeQrPBQr%y;H58D+*>Jl41XM2RlJ2N<2c9h8e9IuM
z*+kkqD4D6?MJMGi+>(!rSJU|QF?R2JkNajU<l%E-wSi|k%*Bm2`5ka6mz^EQT%;Ip
zYK-6e41>-;`Jhk}Cx7q9lQ$EgYeg!499P6%6lXB}+n;=toi^+|&+%I2_Sp5r4YI|8
z|GOUuKJfx|`k&ITH}11+M3ruRi<g~$mGEI$V%B(Agu$|Md$40F@`E4mxP8gbZ+=k=
zihIWJT;`Cf3o>SzLmH6n@6{t8?~cObsr`#g3w~*~EriX-+A}wtK4fnY*F&P3z3oD~
zeEm;|m?uq%TeMSs3ukA^>}-O5lg7SmGQ`xwu+`dRZ$fhWYbJNN<W>A=qi@pI;Oc{F
z4s@D@bM>(X+LHQTS)#SV3+H6uXiXeAwN7rNhvwgZQK6DAR=_h-fA_ilKgO0I8=ow|
zPhQ!NcEuT}Kn=>Jr<u!$%#~Bu*hxSknrB9-<>mw9%DZg8hs^bQKN|Bpug`n#x1vjZ
zmOY2{*Y5dGGn3jU5qb9+ynA>~R2{4Q-srsYm9FeB1C@whv+1<W*GQqWKX64_>da(c
ztpDlDD<!vL<|<RdJ1Q5X#trA>cYFn~T5awu`kNWIEItYZl`<pGBbFK-Oo8I8bKe;y
zMBdlW0$BhtL<Gd{-Oc6Rtb+8b9^t$iBNb8DD8!C-CcpcTXX3%XjQtPUuEFpb&>;H~
z)Cv+b+zaErB1V&*!Giy<r+)gz3|H$uK0mM0^XL5!xPRb$pVMeP+L-6N3-T4P{n<T3
zod|M5MU=cf7pvgTAtEJUb=FMYA^z5Ww#4Zw)x=)v2?_njKN52MeCQbq#9Mh5MK|B4
z;ITi&DR|^A+6;V(lPtL%I#)pnp6{;j3b}!PIYhP(ao76rH<O(rNIJ=n?QcMyQzR3C
z<<SqtXeu6mZdg~Ej}72)V*`Sr#XI&eE{Io9RT|afarpCb8A?k77?{;&==<=6Bk&V9
z7NWFz|8J^%|6Gp@1eA6Dan^tPEXh3x`g`b_b)hl~`S(v9q`L9s0io}mFGr|HC2SHn
zE%i_l8MX@V5<pP{xMnnNvwYPwxm@$X!|Mq?raKhZv&}zGFQWQ^PR&V@0K$3XwiW5>
zVsy%}ZGrh5=#L4NQHQo1!<&P^q<!geFkh*~%kEmN#zMp*%)_{QB~!urPg}5JcuR*9
z-_lfJkIbC_0Bhe5#J^K3(msWJE4IgmjNj>S)rYLHod#sbkcxC|7GhIQoXO8<<fucc
zh;j9z)n+%;(zdxfL8#!SA8F_;J;ZWW#gl&!&F`u}V(>@i^Z)S88)Jb4Ewb#v>cQ8{
zcNLV@{Re@#`Fi#}b?_3@4Q!S@liokg?y=+9|MSK4^eo0=e`CE{;O(FJFY##BQa2`I
z=p|N{+!_BNP=nqp0iul4`7Kne?R8#qFdDyCm4b5><3d*9E&F(q2iqreH(f5%uE-Hg
zxJ!G(8zs5%^vh?L(M-2mvKt<9>T}(`2MPMudWDbLK<owR&r_FIOUYa<$&&Zeh$w&1
z0r|@&Wxzz!1GO*a1TOtZ4eYg!$wwV=kA4`K@Sk;i)M4qdTb$c6eg8j9_qJNUL)+&H
zn@}Z6^2>7mIU-|QgOAnOSD#MS^h^@A(uueFNu0W1Qnq`$g*~UP6Vm;T)yM-kYDFKD
z(W+G%IRuGsjVn7w9IYDc7Te{$l$b0^<8X%0{xIc(v8rvb=8x1a$uR@s<wI1+-XWR(
zL#4eDo%gh!Ovo!4s>6?bf=$dskw6fl*5>f`TzJ<5%*azH=G`c+6Sz0-n*$93Or*O;
zaaZw(@r+|$8XqaU&oAnCe&@PlxxTU3TW!X^yXKBkRGv?eO}AKsNdi034p!0*S4XMW
z?(cUXz>q4U%R|Zs62?sb%Wu~cR3IYEBT{zDAP-5J@e;Hids?MDx{)S4LI_d&@plY#
zFg-FWAKUgDOc$54#_#q^LK01;x&lbz%1sta%GN_;fcaH}Kv&+=(%iONc|md76`(bG
zJM|9^wQ~f^zat%Rp4Owg*xy+;*|4|&)b-RTvusHEdogtX>1N&-HofTSt=)8ck4|mP
z&0!kTk+s}2@jV&ROD>VR%2o<S06%h)^Uu2D>mMw>g0V<hFCF|@BKNvP$aEx?t}n&c
zhXM3;9^7J^#CS1M+bBRYgKq`>yLvj_je>|AYb?j1`4iC8QoMD5=wIzpM6yru-+FKh
z`lvmDHm$lJ7t}~92V9k*D2WDiN4qBm6KSa{7Ui`B6RnTMe#w^qwylnB`a*j!Xsk`n
zX&0II^SpJI1{5IsF@I&Y;}38|F-KIgUT0pQmDf54&xJZ>j*l6fQ@$thgD|K`hm5D^
z-!H&?8MN^s0jCMcrumS0>OigDkvEaknOrT|o4%YeHyv+!Y()nM8gZT0;wBU0a^+hq
zy!J&r`Ebr$kISNclTiEi;G+_zJ~=X}z$J<}AjkX{gZLLH{bYIy5&R<0+u1tzyesSG
z3xwCfjuW6f?FwNXR|BWGLn^0om5YfRe&mxq7@9*=PQKeN{a26oue#bjB%^{Cq_CCV
zN>?`R))=#Y$l$!~Z$i0{D);KL4wy!Dl$1&Gc7#}tFUhwIN7#23&#`5nhSSa)C`mcS
zs!m(EU@4>v$wK@YJ(KT}F6e@*q7;&?cmB%Fu0VLS6lXR|1CMANSeoM``1>YXbryOH
z2pkpXUgA~p3Fkkrm)Me$b{*nJq5f`Br#{}<l#8s|(|+iQpt@F?RBJ1n8=Y20Y=KQt
zo8nv|f@WPv<i4QfRJQj{JDkk+x_un1rQMwek>F8J;6e;8S0}Q^DwkL}YZq9-wRfgK
z!AhCQKL>m7EJYi_zFQ8~3Q#297QLN&;f`&Y2bm@toG-x+J^b`0FCh29iyX*bDm$E_
z#Z0hVAPT5M(@FbCy#-3t32C5t1fcfuW0uIW%56L4V%C-HN5y0IA+0vX^DP;LyQIs*
zWrsRd*7TzGvk}Xq&Zyu2yWR+u<`-w+p4@FYsFYglt4oJAR25^<SMMmU6-g%}<Gx1|
zgTkaq<qUD0G|qSgb<A8>Y;thv_<L@5j1L2fs7_Imvn2QPPI#b>bvadVcyh2BCpM&m
zBdguJGFg&isLtKf-b`J{9Vz!AOH{wi=Za8RR0Ib?c@vjm(D>towN&AJ1AeX7Gd;LI
zOm+lSdrk-AhL#$YGm36`d|;$1fnMl6zoAt)`+;i9eNpfEr}O>oB<#Y<`4DqaeW&Hn
zTfg4WLIV0$%wWykWMs){hmEe4Pi_Sl$YxL4F9i16&UXi@akizKA<96DZ9N#CdOZ^X
z{4UJB!pJW8N%x?KXK}G#u}%HV=<G_%RP=mt$C^~C=~blA;=w7T0?7yY-nT05w@V&d
zH1k;`@#L<IkoKjXX{6Isshe>QGH0tM{M(DRe4=_&H-zsGH^GjI;^RO4gY9)ZKAJmD
z7uYwjO@k4e)<TA<)jY|S@x?1Cgm0JCORd}O!GfQ_%mV6Y53XZ3zvH@dh3%OfNrh@;
znId?b$$6!;U&#`@omdjC1cRz`#W>b32d~;xn|0PPn&1Yx*A47MBo7wv*U1LUA~gK1
zp2&Mht*ud+?ySjNSCWGd<I>bPA?vbnF)!H$CF<IH1{4uK8+9sf)r_;ueCJ89MhOln
zeMMO1XTrMK*t)?Nelw#wh`;+|gLEgo9ns-(1lt3Rzs0&A8E0(OhYA#zBpa4se|%i#
zJWs4sR2A4~4p*tJwbRE7e(HL<K*5+;c!J(^N!}iClE3@&7I5}Z<-C@&jHg|z-<r<O
z{@e+@#JGfF_OAB2nBk`1R%B7XnU5Vhq=fv(Xg)euHRD|S=X*~EG*Ungzd;10D1C_0
z_uS}<*h3x1&`nqw@)$F0ghv#;Us-j)1Pd7Ze|zE1E&REo;^k52b*wvprM^8<L@pLt
z$-T{ny=aW99=J&4-6THXvx{q$oM!G@_H%?sMF7xK){({uxmU7Soc=^p^FtqxDZq|+
z*_`nqv?&~~sN}L`Jx8OYY<-9ri5mH>TdH#0Ere{w{gwf?R$(q!kZQ$$qL{yyd2Z6`
zdf{qWZtV%6v<=(<zGHX`9Mpw`Uw_J!^Ti(mGMkm|R}L;soMg^fA2-G-jmM0oEbt$i
z<F+u_WInIpO5C{4C`Ek_?l{L`!r{h##4Aj-%w;bAAA>ueu3fK3AjEq$_GPv<Tk$u~
z+p#wQyI6&wJEgXRImo4*5mhVcJGE91fY{@0oC{>;6(+kIn;%Gc1hJS8G6(_*<zGx;
zLF6?j!<aO&M735wXmPdh%oL~tfvGO3wzfNvu~F(17$uXYpj}CDH$lEoonfPSh{gUF
z?3z*~`AAErbMNa*%dF-Fvy0--i&It{UpmQ4i-TJ2t2Y(#dh+6@YV7314VZ4;R5Gcw
zrmvBfwYJ_Wvz-tHFL=oS_%UfymD!L%=R}xSYGih8xvV0Wv6Cmu2dAZal|;DDvOod-
z`Vv3Xg|Hy{9*kWBdo-MsH<LV$KV>FX5873s5uDg1!B5iFz`ZRD_UmrSPhc&tEs<os
zAp}1OyW;nEzY6g>HvPo`9}!Bj;!a(-5Jy(wn?A%TAD`ZP_U0wKt?2g0$LUYqUNJHl
zHl}NEx$Q;`%4!?`NJt3-o}8AKhl~5n{2H|GmEAC3jnOHy$Is8-QqwdH22hh$*gy^`
zwO+A*s=xtOpqmbTP$wV^QFvsUR~IOHUs?}=-mu2^Ko&TP`xCy*B2V9@0XU|JumMf|
zW|otjuEt5~DZ}7?#efTOqvwiw3AV#0G=jo}Q()7wuu4O$N9lk5y!l$T%Y^SYFz6rA
z&ao(Y|IGuH6gN$Os3Dp=nlX^kC*ngl^<7>8B5oKG>_9K!L{=cS`+4BA;Wa2Y4NwzY
z_xBuc33e)9%cNm2853;@O2oA?_)Xp?6rB{9sCdL4wenY2yQUWH;n`FyI)?JP71B3e
zl36eyDYc8H%TxXg5IHhY`_mm_>aFVCCvTk<a#Ak~SE$5+x|1uW74?l-CD{cBVms|c
zAWH9U+Pz>V30H+dm7c3~gBZ|4P4N1)W+1r6$Z+mu_Z<L9#s5H3@$rU(9l^T2A{d%P
zqWbUAKM21*{U(F2x}@-Pb0%-gz^K-qL#r76^-zWB`hsrxQae)^&ykac-Cc=zH*RLE
z4`Nb=|Dcoi=zpOT4dOn;cCLzfS^{?yZSLdkQ?kA5)IvGa)CcLRZQ86eiiy>1dEd@E
zE+(8_8-xQwmMaF5@25X1Tx9=*I1YbH#634Re`L$g&5#3tBCv?pn(DC3l>m8uMIiOX
z0%8EwXQC@VvI=}FC+Gk*Xr)eR{rMu*<gXct+3;fPDXNCCFzTv6%SP(rFOs+(NOPdl
zrG$X6{9JP;c%rxvQXfpzxlRIay&RGy1Yl5xVrY!L@@pp~35DJa#3ShvLN?|Vd(xv<
zo>tyZDz(JBRspPZne=Njo1Nlh^1thFyzuHYDp|D?n%^m{3p|N%@fnY(*4k<WY^J~F
zZHbXZ@3R=v%9jW2-^os{D<g9L`IDDcPEbCm$5hxE%OK;z7TO<Xvpt5N;zJkv0kPj*
zD|4j@VVVhzH{#IH`~<X_Bys&6W-CT-kR^cbgQB4xf_qzazu?d0%-3h@OqZ1|?(*u!
zL<~k2j$hwj%?Ep;_wgTrymzoJ-V?O%hH~mBLkf6j`^oJ<uqJfvS!%IH%%gD~IQR7N
z0Y!w#Hbq3+n03{;0FV<dm%V1)Z=Wr3*GX-3dQgQq7P;1@8TlTuNV_5lq@Cf7H0X}Z
z)BPPMaS=p>k)0~YiW6?xKbrQPHMy28-KxmN&G<aZMA(v~L!wD#;*zg|^=H7CD60@F
zY<qkVEQ+&z{K(cV2YcAh0dKQ+w;z9<ZYB#9kM}+{RK;%yMGt?*ct<>V$g8eByGk8v
zGLY>Lfegm^Uaze;LIzywep2kp3~GPouF`bAA2xf;x~0{0PJJ+YGPOk+uoSs3ZsM<X
zdDXJ$C~o}b@@>-&U-)J5LO>KT*3{HEHZUgZ2T|H;g$wUh;dc!j_n+!KO;TVp(~q68
z#f>Z2bo}dlb`30$QpDner=9G1u-Q^KW<iJ5bbyIq`vduOwe>lUWWVC3UjQqEI?ch-
zYXhw7#nHCb3X3R5qK)OX-H4X0B}hO`hcIddFfY*V?ARO&UZcqe5Gfn{uTS%3nVb(p
zN(bFb2JMW>H<<rYQC_pEn1|N3*01^aN(w)t5_T33MS`1Ql|xdq#oR^@0VH6pW1NOz
z*Vu4RGwj?+MEtgjM>vNex}f1V9aT*J;A37@lo#-Y$LaEJuMBgr)nHCV8eA;oU$JsA
zT5_)2(o?TzxF5S!DteiVXcf+<L!|}Sa1ytPEv2i=uK~v8;HJ~sG8Lq5wy=Dqse~+q
z?YT<do2x58K?x#4kw@hg^S#>4nImOAQ!aay5KXG*FZHx?7{}|56P4MuwYvy{?iK1(
z;}C_-G%Hoexl7h}c^pf)R;v2jTvMF)^Sxuaz2CmQYFl`cg9Ydf)lJ;TZ5dKA3U$Tm
z^LE`;-666FH`T$OU*pP^;=`5U#Wq9~N56Qaq&VuWmCTZ&ASRXG^!G9-NNJ-8h~r>O
z5{<Rm$A865ZrZ`kL*4u)+#26-Qj&(SK{Vj4qSK7Sr%iLQgS!JvvL7649CeW=6K=^G
zoRrtGrkXq7+m(ToV2yw*fc@#?cDt!xr8LyMbq7bMV*HzV-4hvhWN5+9;S3+*n$I*G
zuujM8OI85w5V#yQ)!{&!StW@n$Q<5KkUqFu_~W9^05el!{147t_S;ul`uLoyf~+Bm
z(fyjgoXG5Rra+OeP@?_Ea-agbH`ot9(pwPqH}-gQtC}#xq6HiT((|`dxsl*3)y6|Q
zs8pqT<KV+o^-V-oZ=YBWW_Sadyn_trHu9kjL^dg*5|B;B#TiNTu2?5B(@rTZ7IL2S
zeY+Ly`eV>ho#VyBArls~AQLV6p3&K^P*+4^N*8-jP=~?}qt2(@f0&FkHm{?5^&_^K
zNCys+wy_9oeS|4UWtTz_DUe2U-h|0qC_`kUr{E!&KgX0|Te5N8d*aPD%R89*8GrXe
zex(P@H${<zUJEvsG3dqmx!*9s5{?HJ#`r}V^6R276LPg!KPok@@60ZFieTT7<vU=N
zZMA2r3RuS=jw8`b8x!YttHnC?9cQQDoHYDQEe&&AeRuIWixt_2@}Va=7b{>2m?u)e
z?>+g<2plQkT+84?ob<+{cvsFDFH+#^=IZXk2ZFl6NzXx4Vq_^Ak=qp!J>yQCTI-3c
zs4BU<{zCCSyT#pgNqTVHrW>mnxzpmhKO?zSyo8QLJvBFM=jm#)v8?faT|P7{aY^7$
z5BKPL62;ADn<^t9u1z&u-W`;zyC&>4WOP|&jYZ7?_954Lfqh(XzV>`PZmuK_YbJ%r
z<V2-v-MNACqIV}raD*`gVsQM<s={#C%{|!kWynkWcI(RIuHgbZToaEOu&Vx^fT)Aq
z7dGzdyBL*jgSXC~&qW3$YH`%u9IIoR>8p01s3e*efv~-$b_qMDt=Ks%uDZ2;=`<WS
zJ}F|dT9*uD3%J853^oMpeqr4Mk<W}Ot0;Utj|ZOl;}Es0S26y)i5WO<suFqQKDj1h
zt!zwX6ZWSrrledZ`XyUz$#i(f-`iiFzGaZv_yUNXjje-)UG@-SV&eTd!-?|uAF*K*
ziI@-1?@w-dt{&n}z4L$&_R!iHtuzyFh87yQ=`%>}+(_HHbU*EQ_E5j_m7!J9P7Nfj
zGEgrOvc2uH?xKRK7QG=nD<CNO+U)0Y!^dS}IbTbEUYz0Y3Ogkc$%Z+4Bh`$RghX}-
zH||Cm4!5Grp_7~J>-PHAQXEn?N-g4uU&_4Q-zudXPfu|fB%w@zx}?`-tC;EgxRh+~
zIJMlcYwn}jI-i*k8R!|HpS0O_Jng`pfJYiMDd;coYKJXk?40+m?wdAt5yxm&GRo>Z
z6h}2m5EI;R`A8s7u~L<WJ1gkG&ud&^4w4R#RD`A;N?{Jfi3{$_J^YGl8x?nGys_Bk
zC<Yiiwd|Grikm-(&#HE7OGr|LN*rGps%^eKc&S#k%j`vH4yZCQfk5mD9R51pz!{PW
z0*dL*Zmn{G*`Y_3$pR@lbjTvu!LirDRaf5Xj9E!o>u@CN_?7=fnD*XE>#NPHp<}sB
z=)x1eFfe;Zb21i}ybGh<J*LBUIK4c{d$z0^Z0B^cXUceEu@tQU@*_f&&4qJ6G4sQu
z@RBMWvlkWkO$(-htsd|o2`mf#iL<+1m_6JS^gC(Us+1yoKJ~$>e)<|7lU;3%wdelG
zB*tM*O8G^$z^@fY&zeCw#ujsAH|KI<`1}HG0Vc$r4qcK_K1&B`o;CB-Dg&)cfgcEH
zI;?G{YbHqN@DlM;8uJRQLtqDr0a~zjX?zD3k8VEM-*r(nYgaWsw)S!6%aiQue56mr
z4ta*L!GgF2Imr}Yht^_)Ep`Yw)IF$77H<AIt!{ZWwByXFW?ux^^%<>CAyK;@{MTJ3
zLCknO+Mk|Jo*|O(`!~m^Uvh9W5X~+hC{Cq1zma?IKl5TG?rbp5k8JL}Q6z{Gg$B*)
zW($<^<u2l^+|*xtXrEvBAMZ->=1ak^#AiLq{lt29f6vWt9oKuD#Ld^=pQ0Go$zZ25
z6E2IJ5;!KWFY7EW)7~~Dd)mpHksI(WfHHDH>bA0lQL|i^grJ}h<%dU?(##P<tWInF
z@ni1?m(VH5lTV+cVv_r&54EQamr^+6a2$TSk42qm#Ke+$b9_YUAD4Q!tF+7o_6tV*
zjdmsf@um=(Y@nv|33h)=9_udGISWM&Uxl}F&X~6K6paW}R5Ce*_E1}gXrkg>C%gSz
zota2cqurYcZ;^_CTOay=RvXaj?bJ8~XqM1k1@tkT5UF93Q%vnY<xkOL7vi)e>;@kk
zIN!^7E3r%8(!qDfRG99?&>yf7E15Y)vjO(Yi<0urgObFf&U@rP`sJWXDzC&&Fy&4|
z;y$wtlHJ|qO!!1uH9DRBXWRreq`A^-mOfb966@_5tMrAt8=7U2Wxt+gZ3oVpF42T_
zamj5-)SemCleJ}-(?^?5JZ{_NKJ4M+bUvm1;!E0HF|9-^<;6r_wQbt_aI4Ez5nY&%
z!rk62&ky&p_!6SpVKXYt)Wv}v4rA=^-UN5xo>$6$i{oZ*^x-#O+wL=LO^51^UmAmk
z4PB>sw>)W5-yPNjY~lxmPi9J{<{_+@AFp0|u1qq<7Eb+=_Lmd<47!c;stToxw>7-J
zfmBq4tKXTJkEp_y*H5(xvA9&8NzBei(pltgG*z6$yH@a}L*=6GNS!dP{#`NE;YnFF
zI4kUa^u*^}FT1J9xZqqxY3R@L=!D7pe*M9nQb$+G%P2ouy5bu-RmZF8W;xL*BdR{J
z$Q}y`;!mED&mmI;F?6nlA&pB%q-z_SE}o3dp3;A_LqcxBuclQ`(fB(wzVCD9A*JYS
z+?Nnb+U0|*bAL-0jHZm-X}?PFiOIQ5PW8ZtrPyZ|>)It;5m)Q5lKm1{X8!G7jJ3>_
zE71{r&|$%o92>eN1z%Duxgw{griQ|{uhz@#z8)B)vTjAgE;~@#H8o({D^<8hjbZnv
zQ*bg=k|(~cy4j*BZqZn>;{Eu5neSDOoR;?m5sCEktEfb;)i}BC&dwmYY6o){D60d*
zQg<^nOiXs;Wr+;;X_r{DRb?_}yf|nqf=#iK_ZZI{FS%UqGhY&-)=5kH4lVXAg-LPo
z!=3r?FJ$vC&MwSEJ?x3g@r95({wvGNZG8TFGRN)?17#_8r-yvdwiYqW-;1;%Biz*P
zcY;oSyEWb$LDhSiD#~6%<q9QbbIgt=1!AcijZb0|=_OpN-6xm$)BGL`g>~ol=4nDa
zufB;%JRma>e4SL<W)IOhSXb&rvAtucW`^i}#ty61>QqY$Y5z*l|Eut6@S1ltIfe>a
zOXAnyD<|@P=uqN4dbj<dVdXTJu(<odLm!fJ&MVB@1?N>L3&~q1LH7gcWr`o%1AQZ;
zY3UxjLVmk~t3X10?zsI|_ck7D4tR6-NeQs-cSq_n%nyb2crv?&vP*Mm0=C53e^z_)
zm|&ijXCX}7RZ<2NLig3FIc4~lnb`R;`;DWbcJQH%ZX!;F%*e7RL}Ws2>*XIB*;Hxf
zWFrTU#3_9~iyEgb;;8ozt8TvMGib7($TXd(V>GDoW#o6*vT})a-tP^2dFU*BBNwbL
zT%F-5I7tN#TwugUHK5-R3+@l$e8}~F{B+uq=|n-d*_@<%$5zp2c5cL(N4J)+S%~^W
z0y93*tD=$LCL5B(OsI12xsl@o8NbNsTUxIV#$_t=>9EHaoRU)_J11^7((xJ+RY`_(
zIakQ3;2XTAD=ER7f7?FUs8!-t5gb<G^KUJ{&~}l-B8oIycDK^RAyq<hH<^V^B+yB{
zsp1^!TCuyjx>~4L{iGJD|4ftUwS`0dv+gbm`nWXZYM(2o!K8BL77a0oYX#Hs@z7xn
zN$W9G`Bk6E_Fu1FC#dA2U}6;#f7?Iy0~fgCiHzphrOv)*-XNk*H1)+*d0dPs<<6^>
z^}04%>pDJ0KlXx|IMjap!w0W*adVq6)Z)H#aO-mm3GK->amPFQFhLaR(i(~0eEn9?
zlnVOXZF8Hgz{o?@=Nw&`Tk}bP0`Vi|b?r%N=1Jv=OdgD$M#@X}gw@R2je%hQ-VaD=
zB$rsccs$+e5r3DK4yp$;QE}>f_X;&hzs54YaLQbdWs;Mn9s?P6E@`O#jH*gNSi~KV
zz%7JQ8FW_m&eEw*mVqZA6R((=?TvKu&NbG_#Lg$3ymt-0b$?Mkn~=l2C7zIMGTcGf
z6?rsMB(85XhDO377SEB**DfUI?fMJ3ANI257z1<JyD8I?o7f%AB9j=tscr>*GK5^?
zW7I#43oqJmIkj1JQsV1_VU88?PVF?;X59yM%oCd3jx|1?S5y}AbQ3Mt%XtT-Qy=eD
z7u!XX{_d{oyjVoYbprQ)gqcl-KAh%)S8(=bc_=n|rqEkF!>x@kwbu&!SgzG9bVaj7
zB8L{3$DB*8?wiTX?p;C6F^^iSoA!zDuC|7vRcty=uKH9mA4;vn2R6kct5*;u7Xc2?
z75avQdE{OQb5mQ1|G61-Zyq^(7Iu|4(s0Lb{A;>{&z@WJ?ofll`R_Nko#HlyA>#|e
zBp>1^*VGFj{9Nl0g-j+pr|5R0fSHEFXf}4q+Yq7f;I|rE;?+ELy`=m?={G80Mp&QV
zeiJ)=ZKR>siT^}=_Ru?gAJyFQ$EjQ#M8Wt&Z3!0)7qG`)7Vm`KFB_<&NDgTs1N+aN
z+1R6c=EOy<m~2G1HL_J-s;I9aI3dFE%Kb?WOc{rN^A02ECHvbo2aFqHOT>1Tx6eR1
z$(dqH6j@c@KkLD`RuGd2;^d!Sv>`FZM$9OQ_Bdm|0YC+G8{V=m_;AA&hmrly)_C<Y
zZyQ?^e#*#L*-H?P5JD7}x@U^@X*po^x3lPeepp`pilIpR$+z$@3*f}I^ImGxV)44Q
z(J^_na&}nw;ipcEUzk^Nc+v`$!&)uh?PiGd8<oC{UpTns;m82_czNl#UL$uH_w%Iv
zcs@8@a*La7&M$$j^fqXjHn-RVqTH`NR-UgCl&peSx`11Q_dvleb7@AI#0n>l#4RoR
zVD@Iq)FIKAZ)=eejXPAnXkOOtfw%DVs9u|gGV%pCAv=t)XPs=|65StIp{Mu;Yaz9L
z+Y2RqBbcA%jv}Btmio^MLK6ky)&xSge9-+1=WDCfTu-Vb&bMa(E~Eo5dmt27`mR&K
z{HjA%SnPaO|HQ7ISm6CK!^M!%8aP=iwKJbCcgL=})F(1DwJt#2g3k#6Zv*?lN@N(b
zv(A5GMHNZwKGdMf`<9KEx69fb6*z>IOOm+sO80aA6ILI%y2yM4RYcq-wAki6URi1A
z&2F5v1Dy|CWKb>9Z)06ZccQ5<V(6V$?bquj`JI?v;P9@9SQ%v@VHPsllSkr?c!~fq
z_OB6xi$x#^z=Lxek^!2-CkUOv-qond_MRDomw-_zn@~Z@DI&MleGX>ANPBz7D<uIH
zAbSCs`ZLe{++s9YU4`Vm!n}0Xmj4ySKqH=x3?|2&$I;2jw10=9VWhsGmZKxjPPHwc
z*Df03*iqT;dpHYkD{8wuX?U!<4BY>4p1HBDlpCKxR_=Vw3A%TfdJrOa5iY<Y+j|JW
zrTzN4$U)|zv@t2qOQe5>VNi>$@)we3@S1_ca`;tMFF=&~S$&7SbNJQMa)Haen<6I~
z6-W776|P*F4vdHx<BQvXMPRCZe83$?-B1tN8n$X(9vG!_c-iPUEHE4h7-|o_eL4)5
z7M--p?B5iDtB;J9?~$auqJ^RY1P1^%2_u8)70)`E`=5khj^(a$D+=3rkt=AqOMwA}
z#JI{ATh;w1igWLp<d#dW&a@2-3{L+p>g6!2Q`w9%`nTO$t^Xw}QxaC*hL?ON+&16c
zF*{Y@JK?J<&@5``-j2imvpzA-lo@TWCQobQ@iBU*Jux4CUzEg8<@?5xhsrFoSyrrP
z`zOuav;JrtLk!BJ>14-2D0d?9Vn?jxa3;e43;eWIYitO!XgG6;Ow}FEG;2JPEYu0w
zABjeAOj<#7-1mf(6&Qo8A}e=se<r`PPvd%_V<&ebH2G<*Y-*BAbpg#y;qZ*mQ7#<$
zRFTMNO3RTLO92@S)o;tW6qrkYSfXi?q)$)&!)9Oq=%4+O6gd(b{*TVw9Gzc!XKk!7
zvpqQUsXKv<-3<8#zWBh(p>oK%|AIA6uV|^imYYF*x$jKrQLo_C8zZB^+7Oty<9GyM
z*IGk{b#(o$nNWiU=fDH!S)vf_KzpaXTxRe`SBB~AZupb#i+wpC+OV!;zG*u<3dOC7
z@5{>++&lD2$jZ=u+i*0V<D8g$t>SmBoC4v-Rj8kd{SBq(%4KM1_;H{)eX69-*Ncz$
zq+Iyx8Se~!$b=@<d%hyPnQ69COJOhdysET%fRQJz$h>gCNe!N|z(?gHGBsmF_F5pu
zNPW+<zCa@@<};ITLgR|04C^i9t6L0`Ye+|Z07b8LbV7&n4#8&!p$nXDbpPbJ?7)I-
zx!au76MLgaS(g-yHciH{jc#)O5B^x6e>?H){nKBy*=ZiqxO3<1ZfvHk#WiTN;-@;4
z`fX34!#yfU3J&9~x6z~wNX4+Oxm&x#0{-`yJ06rc9qB@&f4*5gNxDSlZ6dpKfY<vL
zr=o<c{_%IBB2o0{h{bP7^lw?&D6g}i)0Cz^uTzCOI%Y6XzgU;m>tv^Oq*B?>uXzUD
z^iB2o+9$X~_<2&9q`R$`w{ePuM@-@NoL-}YTN6hrD&fT!>JK*phCVRZJ?LXLaPxkC
zSm1vV#C&nV;i@YW0s`npgEO9-?+*3Fd8&UW_tAX^RmO0@|NU)elSn29I{k(fUj|Hg
zol$!RrTh(3?Ppo?$AdlvEZa&nzeGYDUHYUl#X-QHl$V$H;xJRi*V%+<esTzbcr|xA
z$PKp$fNLqhC0n_hFC^sL&?3zCh8->HvzE;!*l@2^^u^hHtfs7kP2<&QS>*&+mvI<~
zyk-wW&?|ifxOBMo`U^~nzlV8(F=pe$cdH(*nO*iN27WPE?d0UNbmcckTQVGVQD*0|
zDpGPe#C)9<_>4w57S(brA@wg1J;MHIRyoXojjA{9;BkIM;T5b|>iStj2_!?owe?hJ
z3g@)<w6D+>*Dk(P&|JEiwXv;7#`wHg%iCkT8d2$_CGLnO@2A%)g4p@MVnbc8=!Ntf
zTe;z9q9u(7ev|ID-|V{};V9cD%Tp<XBxej0EQh6%Bj{>b^*>b(Pnp4W#bw>^=CI#x
z1$<?UBG}n<lK_f7Of9X@rY_j<@w!kt8)O{ce8sEEtm}YfV!i04yo%R*OjI~VI{e*{
z@yPlfjtA^F^&&JBk8x(1Cb$vOH`+L|Y5`Wj$E3^SFp}VU`)c0TeZduqhq!#iW34bK
z@R)$*6Dj!hbcGdb(IsO}V=%7*Ka>dNrl&S$GjtPry2)3#%W)C~$0Vo{7q)^iXDwk~
zYSwSelRg31{Sm#GvIcPsl7KLfx&CZ+_nx(8dZpLgxz`dn;SD_+FuSOC5Gz3VpU&{D
zH#mR(odnPpP&D68>jc;pLiM&}W2WAaoFM?z_JPY(t+A_RlB;LU6!bAx3b@QGe2jYf
zuK>>13buHJ2o6*;!Qsd&lpuZpYasC<{!q47$r-R4MDhk}4D2@HR3|dwa@IS6**Eo$
z8NQa@;D?;5!y+V@+U8Su5E0homDJpH5<XFN?znX?Cm0Gs04@DyU;GhGD7)379l@wL
z`eX0&&!}=6%IvHN<iN0hVz4Y`C&GBi2Y$}p?Oo*r{e#H0H}29f8bnQ}%7HQS=*R)d
zsN?%liyMP917gklL{-GQFNXUC8cwb-UEL0irXrWY5zXl4voMFB!D*P)A>FZR{l*&s
z0{8>%Zq^qT0G)Fsnmc@RpBfgr@wN2dICSLfjF=R^jYVWm@_?Yp7^RkGE;(pdDMPv5
z*|;A~)#qoDD&`zc_U~b%V<v>83K8b}t}VzRD~8{Xhh-ie8TF!#hnAvnY-p%_3rB?k
zgI*eYVl1>g!%}~EwmmBAy`$Un-KE|dbuoO)2PD@5jmL#1M+3cm{NNC8Tf=_*t+i3a
z9xSxhFGFEyHeXf|Hs&^9>y6Ym_c%9=J2@N)FQM_YPMqM+3b*!LeB|xTw=(v`hSuxy
zc^2Y2Ctp7z_O{hmMqU=sl3DuH6H7J*o;0Vluj_Yn%ZS}?Nt9KboSrit%=IEeyii+}
zLa!XXiR_xD{@DsagtsNJh}@jWP;l?wDry$0M>X>g(EYvmKJ<F^ea1^wueI+x2S<??
z+cC_0NcdGOtJ(Qsj&bA5IR8tMdfBZ32Y-yZcg@w9^?C7?AROtYQte@NoCD{U%RYr6
z4dO2rq>^Z)N(Zr9hGSf?hH)JVW=-W!jxrmBN$jA`MK~>gY|#Acm6l3OfQ4%kD)C!~
zJeS+9p*F#w#BYviGU)lL5@Lw`sZ_>Mw##oBNoZN=I3&9N%Y{CXhD8AMWGNbHN$HSM
zA#wWk%Ua!s0+}X4mvkxMz43fyTj?$v)1<NoR7V?DX)6usp;noAF<ez_?6GiK0xt!B
zv*nspi>@mw=;P{XiHf+13PxtQn42Bk-XKvR!OC!E?_3r7Zh{*f2htoO9NEGsb0N#|
zb+bX36J(0|(vO)x-jl{R_qY+l9E7cwRMTookjqo^kxR08GhJT&;A>q{S9<4C(lq&#
zN7-~?3W14<^xDM+POiT~6rTSl7(C424AEV}QXz5u^($Y!ylsf=b@b|X#DJ0#orN*E
zH)GPw*2Qo!@7DSqNQS#ZVO+Xcquka&!!D!vnn>EHi`^B510dRzcv|qmRLllz{6Zy<
zKW3ufB|%O05Wd^*htCL|q7hv%FG#Me09I7bQ<aM%J^TQ&4?g_s!s{=i81Mo*ozx$|
z5K*iC1-<F=L|J+n*g}Q7C<Fr0?SFORudbuBUZ@(Gi~FA=AOS`o{jXzAu+*D3$JVy%
zFNisUl}h9|qPnKz`ZMuM-~KpkudmA;mhTNy`1syyLJ6{-t9OYa0lr*n_orJlRZh&D
z2Fy%<LDsao9YC!fQ47$zMepnwBUsV|xDyV3Ux0R=lz2vA_U=H~UL-Pn4%iI6v=kf#
zP1ePn3{%INa*1h5`gVuXK7lv+(VwfcrhG^;`v+&iuP<GS*e%pg8@M8HBdL>_j-S8K
zEDVZ_^Spm@ZbSLY>6q=8W+1Yd4o+V>qWOrI4ZNt434=Sp&_1`jvjJb0JN1>#eYC)L
zTq*{!Zr*TXf>=BJ^m&s#x9^v26yR+~TQ^GC-3T$0?aqC1AK9DSy994djDDJJ%Eedh
zv!1WP1ty)EosQN=ywRSNckYy#Ar`z7{Wa}_KMDAbdwvdM=zako6V3Vh)$dOY;n>Es
z&E4`f-g|P*kbt95<!qHyr6D7nctJbS2M?^)y2pfc>+OZ=j~V21#;{EIX?_YhI5n0;
z{O7ZNNpDC}w;Bn(b?D~3$BJ@>)$kh+zUwe?9B$#JixnPh>KLUk?R$*C_o~c`QHMO2
zL?WUgrRm(Zs5r>Fy=~qhq;$K5R2h$ljaFc2{1!hCFHOLYzjnkp@|vSJZ|D1t9>dkz
zn&<jP{${-=qomYWHKivfZ!0KidTDKK-RS#pnVD_0qO*P?p{gN#$o%XKx59G%!>dFO
z=cQ$;1*@^3Tht|53A>HFGVvl7EOET}qYf>O;8Ab23@@3{3b_kv7vl-M9rrvZVZds^
zpO-VAKj#Uhm5OIm(#9!8wvhR%oWnK_X73?r{uN6<k!I{iLiTW@i(Z#)EWOGJmVd)%
zVF&e$vJLB<X2#j4v`X^piC1<+(D{lCo~0YT+Uy{P+;jKcIdUvc@6Daah#<~ILmX9&
zk4Q>PMr}MD?HqP|u#D!zR5BkM$LgB%$s3x2WtAB{M~xxu^K(8tTwLE^Mm}NN+uK|u
zvusMS!^MX6-e=DnU|AfyOesh7{0srf^~X!o#oP|n8~r~@w9JI*UKdPUKSOmwW%`6v
z@|1t6z4!f;1Cq4v?#mee620;dJ?a+vuQDe#9Z&Y|OG@4eK+#tVI3L}BELhD39a8h+
zI9_~WHmpY}6ip6ixG9DzuvXg#3%vVDot2e!n@KWz5Jy@6F9Ykpjb2!m9MaUnL}}hv
zn)ZfB>lP~?nW2VTV6h{yRT5QzmyX)iCBH}RVSD4|cq4r@{cRPJRl48bqLu~LI)H!X
z66!$Y6~?nHHgSK_xiAL&pmYE>&OFflZd|Pxrpx$wEJroR{|XaBJd{Iw8&9vwwr6vq
zVCy1tZ}HJXrh(b?iOm{kkuS%|viAi9;**jLypOhrFgS`5(6)&1WVy!$6Z?BhtTP_l
z;YKC?YbOg8Uid=qdDJj|M^i6kH-suiT|@4aq!|X=hcXC}MXc@AI8V&EI3t_d8|Jfx
z%(_&vpKTE{NIGK&>{B$Sd8D#bAdgsNIWBb%QS8OIxN?UFTEYM66G<Z)gE8BR%C$Z-
z8(5L!A-ZF`DQnj5*a}g%Po{sqSSc+1k&Gu5D=D{FkpJ!0gO^`iyg6atW1uU7?18br
zWiB__Zan1cQPBQ=u8g&KSx`Tmr!-tpzVpd{Ma_b->s{$Qy+P*49(XrpWC%5%mRBx2
zJNv<ALCJ5cG4_VW#)87leDNFW%OzSP{)+@v_VCWhoq8I<{*a!r_b$i<zd0G{cz!Fq
z;P9lo$bFg9l!?(*8{JaN+5_YY$Hn@zP1=O8UQsxS>~{NJ<jQo77ru=5vDtQw737Fn
z_=hUmuWOA*YGcfwCiRH+<A`MksDz&^`2G0t=1=dSX$9;Z_>V@^nV}JVn`Lh%Oi~y6
z|C!4Dmqd~Pwhz5>=a|*<?KcnAjKlB4bNbT?&LNa49AV`d<WYq8?AsGI21(9sClWRw
z_wkZkue*rK!xbPSJP$<<+1zEqQ<iS<I*ota61{E%$$fLI6Xb86m&k8jfZ>&JS-b6j
z)@M9yU8$+E1%gV;2b==U2~7b=5`ckAyxSJAU7VMObqtoW81ks;Iy>sX&!O4oTjB4_
zWqedmcxK%N+~+h_;j>l9_x)23w8rKLnqKu)4?OY4?&$1X*<E^JyZr=o<bwwS!39}a
z<~2T^<jkoisPk!;JNv*c&AL_1f=`S9^6tAQ4x&UEa{t3d;*_ftI*UK?cZq(4fIYbi
z%hH>+RR~xW^*6WMb;kpQ2XEH*hB=B6XuWcSu4|Y1dSH<@nP-hXsr_6iWkZdfMl_?t
zhn03dh4`tw`j_pqtUg~0cl~fIRXXhNYX%`=&1G$xmzg%M>!{6%kh4Ps?2N^bF@l_Y
z-*Vwj=E$Fg%ixWJM-Hx%jMqi|mFzO}EnZQF>7FF75G;PWu!>{f2>t4IP9C0>i=e(<
z$24#zVZDoLyockS-RS7(PSZ)_9zjB-t?J8{bih_3<Y+q<{DQG+$b3Wk`ybxB$F%o;
zO!PiGJI<p2IYW^QoRzN`;z6Qnzi?A?Z54E$>FY?rtErk`UxBd(!{D&fq%n)ZsFai!
zAzF<5G@)))MBG1ILa$SoYls;+eGWPO(L0(ub;hajQ9jQaHZ>gO$?@q&R+-GNM9aBf
zPFfm0mY+)HbtF2^mf+j1q)s8ujSCwe3<6;f`Fc^3M<jz_n@*jo9KNnlg5HUsAsUEx
z6oVTs#Lo(Q{4LFTXy|Pt|4TPe=iWTGEdHUAvyxn8xPjU*0sYgi5T0p>Ch@E`^Ef|3
zhyEa^>gma=uz`m~coSWN#%(%5x<;d+_R||K>spq?^VhvNY-$$c<*_vq+=wQT^1UjF
zEo#m5l3K7Iizmxu=WI0yR$+GDuHl1(#1{UtI&`l<P9?wRnRO9e#D++D?6hZk=}Wq8
ze60`W@HuAsop3U>KlWU8=*Hr1Bl;TkdGtK~o)R|KO?!&|kx=+IKehC|5Ap3W&sCbj
zaCU4g{m@t`W{i0JM<Y%g?MO8wPiOJ0k~WOg8&^x&-5!$5m3^1D_v}LwMgDy@EHiiI
zM%;iIn=P#8jXwF4OUAZeNP?yb12&u{2G3DjR<l)h^9=POzs5GyVq`Z4QW9cS-oE+$
z4@l(V3*2YR89zf)Q&Rqjk6(36XlU?dlKzrjQPID-zr0MI!PKFqVPLQ!0#-t~)g?`^
z{O>rb2Kk=#U`c*dhW*o-gpBPEYX%XP{)oUAC%?Mkw;qE=htU!_q6HtOPVFth>*68z
zQ)HHo_y=iY$b6}yjMPD%Jl*u@r>lANyRJ#`Qy&`lZ_5po%Goo)P^y@?xWlzXhvl6e
zLykj=!T-Fm&TCrNq@FLUAwCw#O!6-za^8PRUA0wsm<1*XNfciP1EU&G7=bLcmYP3m
z#|^-sAvN{(U&q?TEymkde6Z9~lMEbK(qxbC0mNQUYn-@=A#cM`qnaG@c>3<${VSC5
zRcB`i^_Dp%1Jm=rM~PCDwzrRP@YQ>#akd=%H*bj4Lo#_?g!piucnu&|?$gPEpy_sx
z2P@nz$SZZi0YXFd`E`z)Hz}g9uHIe%0>){J2Qr=%k0Y;eL{*<|{BF@`^sPhM>s1&!
z-R)%85Q?6KJMYfbdi(ReKKYL*{f(>h4x;q%HNlFx=P-3~SMXWc;cLz^w%S42{--ig
zUAnJxG&&tSsbgQ|216VPa+P{Q>JUeF2dzYG9<JiafGNjwdOTNE<KB?b5$Y`Mre^pK
z#osKMmZ=t**7mlx(*Xx4E6bwGf212}xuP+Ty0Z#B?>sef^>$=K*;eu&+>86YZ2og7
z?u+o?H*Ztnw#&p)8;O3}H)2?eUA2(=NfNskcL%>_y;N%ZNvm0cmBwo;2Z^v}T*XWn
z-d8kK(ELd_K5%(y%_=M$ZG5?@jbg&4yRA@Vi&7{kI`iU}V2f#2^kq<qij3@xwsKjQ
zv%GIJY2Riktd#&}J-^f*#toOl<h#NXU%t~2h5!i5>Vu7LjkVsUmk6hCt;QO*6t;!e
z2D@!le@{-%?6>Ibb^E(YJ?<&9`Qv{Bx%_K0_Qgo9RGF_HKkqhTrzR#iA}B#(xc58;
z*^zCy^l((1d(-d*i-FuN`ZZa7i02vvVrp|oT;`L@d-H{+&o8vKN`MtdjsP5wUS&^*
z#Y&t(yqAx6X2BC#SL$8I7%r~j$s_i$C?Ui|0c>NWyt#b?eZ<^#`qh}!^^)BW|Mp6O
zxeeDVA)CR+cto@VG2D-o(QkQ??%Ux#@7}It?;Nd9rve)M+x1NE8na(~{U&jEM+mx1
zU8qx;Vw8Ft`>v#9Y<xNOxXHlQzqpKaNX60Zj}D(5_eV7WngjNq?>mq;hUL3w$_(7w
zDuB&bB04tKY5Nm1V$k@vw=_F@_$7YCHLB(1ZHOBCTz2t<C+|JUdLz=2aTB0;M#6mv
z<<L_zVMi&sm;n+8LEe7Y21{JDTiC5b^TT%iPk(bV1hg&{qdlDfJ+f4r-f+Zl7XH*Y
zgzz6T;e`Pjl~lf!9w9-XiB>K=TvYXQy<Io#7mZ;1c@memKaUm>7yk(}_D>eF7##1r
zkfX;)0CHThHB1zcmS$219Zt+1m=$=x{Vq#!{+wvma%R~O^u!Rg(3-k|LEEgI<ROSx
z$|<6=YYm472SA|oD=m#QfLlAzv;Gz0<rs>Q|2A@d&FH6?L(pi0CjM<aoH2`jv$Jm{
zST2FN0H~*@C45IM2qGg%hBsV2g&jghEZ+gz@Xp*Ec6OZi;GZNmH%!W-{hBv{mT93>
zW{ZJ=#U0!{$uTaqln4wCXAv1-khhzvU<84(*nrUbySWI>?c20#oj=Q>=>J~QCA`$^
zEtI$g8uz!cn3+4mVY;f%8s0Eb$b*I8)%3p16`%m$fuLK=Lal!t7Bs&@)W&HmU#mLW
z3(_xtJd@UFled^am^Rsl-dcNaBxs$vFdZCZc^^QXcu>!cuL6tZ6nDb%Brg($Zd6$R
zMh1z?1h}}*&+bt{W?D+N*pH+H>FoC0L*paE1oz5UL1<_=-z-3pW8a~U<80M4f?|Qt
zw78sAU@1(Ot(@2%ombw|-`h3c9@X)SQX?zt=-icm>4a6n10y)^bM&mF+AqA3kzAqv
zn3?lR<&{$Rd^<&@o|%YYORbWy&2-9$QIuDXowin?0lxh6KaAJo_2o5%B|J}Rg<}A+
z*wUKmx;Yw^(ugN$HW_!ru(@Zml77o~cKq`{4mz%}SV`Y7T|ore^lo70)eT%+3OesN
z01E4<p1Z)S+!>>J|E&dxZ#H=Vp{0#?-5Q|=y+4R&kd~YKb9<ZN@#9@J4UN$Jis<!q
z9cO3f2M=D8LFL}iLZyVb6MatZaiO^S2L@K$pVN4GoyElRNJzvaRzH66Qsp&M$QRE5
zU>V@{z`O1w4@!sD7?p4c9$=lcv2ybG31&Qg`$lkNr0l0M``fq7KTw{h_JOS}fK~|#
zm2<ta;ivH=WmJ0kGGV|jHqKby)%77rZQofS^onwVz>Yz?jRea~UHV}r-(yoAfiLO8
zK7aXw|0_#BH7>E*y5y5@EJQ7fOLOvUbX7i_0o4iyLB-HpORwr1mWhG_J7@!!AvYCu
z94WbXFbLvWOZJ^8{6kE5c=)rdHxIT9)YP88alZMQ%G-BlM)jJ9m9k@{<x*$iF~VG;
zrY`o_DUeCd-kir7unwsl@cE9IbJX7^Xd62SUMd#C@{fg+q_FANridY8iNS)tfBnb*
z@!<0$r=PuH>#V*u%;#sykEz`uW-3V%q2RSyxVZa$#+V;e+*+kBh(WG`+}vEf!y=Hz
zJh-~fN@I#<J<8nByzl$Ze@vzzUu$Kr&4<sQ{Td>zLe42&WIj#XWRb@iH2iglZjAP~
zc>jKBcS+akdEti8+Q?;QlkHqXGT>grtCvQ(8eEeOa|$`UGP=#C-0InbYssR9(F%2^
ziiC5wBGMWfl33as{`B;$hQu3>W?J}z>+81{>3jSWNi*01CA6FMmoM;GSTVg|C1#NB
z`aaY^BW2G8$lSZ7460BX5hh?lyNXW*oDP%=j4aV44CW)tR3JfcZbMKuK`lVe{qFS7
z{<Y%*ByhdT<+Ev8C~U~~NNs)DQUOX11!u3~Md>p~z5w(FX_wYe*l|K=t4SKjPP8I8
z?%yY)pil%9k}IMTR64G+_2J4{4sd<0)}O%O^sABCW{8Mre|_&!-E2l_*U*DGQ0yss
zEErHUJJ7g)PDC@9_-b|$u<%(Axw`@nXaj!zqLg&qOz+PG=RH>zmb1_e2Wj4Ca51IW
zVn9GYKI@xmJW11p{EUei0J)?%y(3lt(CO(l%@cZ%482@RF~@*JS!>}c(+EecU;>iV
z>_`hT>B5xq&{z{)|Gr#2<Nl-wa6M{Xqt}zQCpm#JFp2+RS00}aoZo(P5l<oSY5Sw3
zLeggxtw-bal_D>)gA!rF=`ZW;LV$?u(j8fkrff~VEB>1{HdF*Z01<8?7*C)p(7l0W
zV3s=?su4;{HbHWEO!U+RN_PHSt~bOMp1SJgx-%n!N6es8)cYrQ;Y6nsvbPsWah>8A
z){}5nI$V)KZr%zJ_gtrm${Ac6$hNC-+_#RwGO?VJ(W}@^yV#VyfZiX_tEx^=$Q(HU
zaYFh_IBq|YH7K{Vfl%8pTP6i!pjP(I<p$~TuAD8(o7wnUwHbO+e5sry9d&woV*z>m
zRj~Op`#<DY#7T7V9vFFBcv&!ye&awpv}&VG%C7EuM1oahJfpvV0X<bPX?sohU7^j?
z;MncC%GB|3;Y2Kx^4OhgyESA|om~xFu$`(%UMrHkKGkyFa5qSC8T?nx<R`J@@(rYQ
z;8Rc4PJJz%=XFq#y~t&*ezMDN-TxE}ck8^*iG=@>Ah^1)!$eAeOWbw3*BA8v=z0sV
zD!O)mcnC=WK}s4Vq)R$Q8l|KJ1eB2OZUqEELb_8#TImh}kuG7=9g>^w_^<5~?|aU7
zzPa|L!<t!n_wQaa(__AUMwL>vwLG6?9Jw}y?oMEdLoE~mJO<WBqaZ%KC*+9?>f9#Z
zs~xSlLJwb_Us!VX9-vq}JAWSe)(Eprw`%8SdSh^`DK)nxGBo3Ph)_O#dW{p6YY?c|
zFn9HAUO^JJ&`4EeQ2sF(k6Lq*)8p(`+&ifFC&3+D051(Y#h;x3pXG?WYPjkO9U(fv
zu}DgKj*uBZiM5|<)MkAKUjl=OU~_8F@1X`tAbrc-qcp)63JA+L2AmBX4nw^km8sIM
z;#e=u-2F!aD%Nt%g3y8U`{0q#`{m8<g4sbS4H^J83@Iu3f7icF#wW0<;_P`kM#{pv
zEX-Kk{pdFgFZ_nh*$wwqZ%B(tEY<vI?q86ZfIwtoq98CLaSK(h?r>9pdVolOs8P;v
z1-5*balm9`l~Nz4K^bP7F`ibfoR>2y0(Us?^?+76b-LR-+uUX4I$7G@AmkT7E|9#E
zQl3Sa+xz$LbG#y(isou?{J&?@O}d?{u0J(;e%$)FGZVHs0dOk-R7n<VjQ~G2aHdv!
zZK^={Z>_{{%Rkr5$-$A{|3U&G{ezY+znz6A8!p5tg^v(A?KAtVY4?)X&aua|Qy+o;
z1Qx_TqPv4vV>-nFF+NG&qgVCxR;dT5*;nTYgz+v8G{;-I3sluI5C~F<J!~*d1|cCL
z_x+_TpnsV+U-Bf?I15Gf>ACXQes^A}+@=5JdAf^_7JvjeEt%ggxYbCbL`-}~?5E`<
z!lBk_b|44TXEQvj9Ca-Zd|AHAhMGRjS|hU=vAn#@(s(C<L$7Vv)CxFUuff80b#-YX
z3unY!yPkyQK)ZtrONy#i_lUCSdM?>v60BOq+Q)B9Z=R$+yz8Hxo!$A;68(d$aV2t#
zhoNt7Lqg6KJpwqeB7m^+dSLPR(HY$!XFx3X!p!<U##HJH<Hssxf*U-+(QTMrDse3;
zqP)Ot4cvX^A(WeBVKUn!yEQZuSey(;gqlQfFAV5t&tbI%-lF<&jU=bpjnLRrkWolL
zGzMS*^V|F{ARQo)h_E~W?_#jzu>c(%HSm~!16L0`1lJl&ee_4MDk$6sP6NUZ1%{#i
zK-_DG&W_JYDa92&QoGsN?c=xFtJjMFU<6mFB@eVH-Ak2Jz)C!?v&Mm7cGKU>UuXkZ
zApfDYCIzxJz?LpmGEg!zGoz3KWEX)1IIVH!Cv0m_{z)LJ-8E#_3jk_leLV??&wfWQ
zXWW`>1pmn@@`2B~*#KXLK;d1e|7O^GKvK!P!s-O6MOan0))NJg=<wX+&JyDjZOe{=
zBS^o-J*YJ!JnMPSv7)&fr|5SxNYJA|NYomZMgA;rpz<E1D^)CzQk4aalfTCoWj&<K
zT&5d@_|Lv2dOp@ea2sSLR>Y`9L-^30ZR&N4VZau3b@!_w*9{KV1L8J9_6JJ_$v~Mt
zG0~{#gNcjz^_1C8Z1e#<sqbQKPmJ=&vyq45i*B*nm;`&D=-VLEpRiD*`S{{lE%<9Y
z2}~gF-;+`Ovxn5k52cAr9azMY+41bSITycUQ({Hnh;=oDU|V~*hdo;#0++M+HwtG}
zr4RsH=vrD+QS4<RMs)uf!8c=eApQ29lG+(A#yf)9Cw8}55?v$rFX_3u><3)Bj2^1%
z>t|oqgY_OCcQ5ps1a2GH{e6f0<WAa-0-jR1Y~l3C52|q4oN2et^fDekJgWAngao^z
z8m+?n!i*8Uy+w+p`IhPZG=JHEZx#o*fVj0TA|I&4E=GWs6IGO_=VMQEn{-_P=u;f6
zBzxm2u+<TOhzX_oZAM(bgdx!tYJ^WY(v&FY;UVM(m-%YH=jiQyRqMeTE2E_42vB>p
zfH&Wk`c9Ijnw&U=(+n_^%gUX&lAb7r<PMp?|KPpbi!@(GWSFC#Px{d0A)vN9eAcdV
zhHZ1SQqOMx0DHWCfP(ONOYBb0kUZeQU29kzK-3?Su>*c;3)S2lGJjZ!1wCa1{PiLn
z3<Yp-&pPj#f}$e$AoQ)`G0$a8IRIIQJeU^iJ)s9%TJi07qCGGMIv*G4eV+kAw&VR%
zejqCLq>%7`8~}HY-yhJT6|ph;pRT%F(r+%=iYBxL_us}d@|nho$dh&C6-ZhhmU3Qk
z%&}Cv0r5&h$irK;gzYjP0c5`C8yqrz##f!t=jiFKos+yGGrqz3ezrMoIqZ5_b~cxd
z2|H$bN>fzsZ(YfDVxJ=7hbi84-F>ykcH&unc_U&|ADv+cwIpCCFh^db9+tX5UxqB>
z{EIybkGn-V^&1p{hsof*Zw=GDXTVEKi|Kz-?^p07BPs4F$e6`Z`P=c^<PiSifUM74
znM|+YE>|_fc!6x2rq5-S(u64?(R-f{ip^{+K-dY0e&&7oFw;@;bq`3Z0SABdLZb*o
zhQ$V(fA(%F;wdOKg1F@k%r-I4N0hBFch;{#Z0nZ4<~9@HbtzF=q)hh`i*PiaUmXa3
zXJ^8nt3U^EXqoUT89<VFSw;O7+>}SXz6z}OGb1b>&~$~yB@1bHLhU9|N>;#QRIxJe
z>PU;#-ij}X0(ioJQ8o=%Q<kOnq)ooo`<?q-fHZtg@iaazuq0K<9%a^;%e~b^O1q!o
z)dksN#17-xcjmJ1Z<)Ob!x$wJ9EAizNc{f_xdMmG5h@UPBVAc-od~Anvl3Wnynp~E
z!1kgk9{lw&HZ{8eq?Nu}4IqKYP7XL($fYwzU^6KQf(Y(jL;;To;jZ|96*(C%8`Zl<
zunz)CYoHHu0;OA~QTzsGAG7IKyai1;-1x@siz{?7Bb=aHVe#cQ7q;rucuJV7UOP79
zHQ}08{833sGFq;<hNV;A%ZRKH!iI49#E4I*MZ19liH%PVww^1qNf>@y4B|b|wUBo^
zaCo41fzvNR%xFE;lu~inz4lazwCd#&|1qWDcOU|ob-p8($%SuV&+EJqVi7Q);J0G%
z<2nxo40vkwH!?8@#z0#W)i)udj*~1(UoG|yFWE0z9Q|GewEp~<BhGehNyMscM|0`>
zX<s*{D-bj=Rx;H)+OnzN>>C5BD#*((_RrWCo@u=Pqu>@XF`*8nR&y3P)4}K*wT~LQ
zlGX~iA7!3Tv;U-_mxv>;RnYHKo_{s=7-U`@8Slr3J;$p}PHPFDrkC1(R;w5F$V83!
z8-oyi9C1{RS{9EvcXyQaq7ZO?q;z;UoXz*0n3a_?xx|y-Cd%(;?|i&VrFfi{V)734
zBffV~MP}G115BE;Yzb!V{%A7y2t>hL&66L+l01*!{=~v&6j;Os8xp?^M-MHpy;4n3
z;1u5*jzZw~A<3Z;?{ff34s6iycAI!_YNJ0<;TW&!Bn3#)MGl!eAJg$C=6PXH8pD0v
z|G@pn^3a38JDf<sAWLDW8U7`+{6I75l)K&q&Lr5Bm?a@L<zo8%(>+2$LSe5xvR+_e
z5uiDU&ncCwN4%&(Qn2jtjtdizmJrKmNEL(D02%N(K%tuc7h+B*6_S9+wa^BB;r#EN
zHyLE;{+^G|mLyhP2;;u2M0(H$y5mZ>o2qJLe|}Q@xRAH|q!u(TeE+}U>~AM0o<vBQ
zZ`3Oz=+5{`fvA$uE%H2I;mFZIRQdUTSE*}*RPzMz)}9p&|D-;U!q}q-3F*ny$<2CF
zT)nZuKDP#zB|YxHLC4P7xlP<1q|?(#kMOg|v)^*hNk6Rg8{h%$;0n&9nM{(JxA@LG
zPt2m>PM~l=`M-C67{lR5EXb1gb<^;}$0QZ<!HY{o9kDg~4M-66P1XwKyVyQ`(g={X
zQnfv0`Tyx&6U`qyPb9H=fTbZCGC;>#D(yQ8);Bz4R#n-|c5lhh^Gh73SI<d}cLp|C
zTlW9n#i63<SE}uSC#iHtr(jG?M_<;}mV1x6R=VRg0e%8412{%8HXeC1zPC6dBu-E}
zJvA$>`r#Q5cVY%desX-O@u&ZBkQr*8z+LK*GFQ^6$cm{nlj7fIt2^$8$q#fh35f-N
zs<4h$FIQ0P;l2^zo4QPl1&78=!oFBaj`tj6-da?8oQkq9K6nYpm+lJlinz{yx?&Dy
zSR+OB`R|ecLwjKN#FNhxO1{a|wsQWWSV>4!*u}}hz}Xy_+VIM8KlEo8C!<KIydpRX
zkXV>*_T20YxINAomPz8&HHu_43uKCiCa$s*{+>;NVn4U~|2V=+EiX<0PkddZKGaQn
z!xNr9%tKkg!_JVatEkBL1@Wu=QvpYv3>3u1TB^laFtd-SeICjgy+`3Y)N@k%XNsf$
z$LK3>yk=fP=C!54E6rrZNa6kdvR0DCLlPVTf2st;o_SR-x;b>f&CkRWqQOz%1Cker
z$^3g1>}hV_7?korMW=F&#Sizomi~<9=y{c=p6C^zw~_)lMn40=MUe8}WAt?6`L#g;
zr21D&1w*lccmBu3|NOC90D}g3?x)R$XuX!ca9`C;TX49S`!~5azVyOKgd6d<m#iW~
zVRVi&bpN*g_sP+|#`aV<*r`J_BHfe1d~z_jF=S31DZ=vibxo#RKkx9DlFw+rdhPcx
z)!KeUO!B`E&*uflHm0s9l1lfJwO(gx6yK-ii$vc`0<tfUm>4+t<i$b;=s_`0rSe&2
zOffe3|JBY=Vcnm03S}RLN1#WR{rt%;YsW?RC!eW$`-dZsQ`mdupV?1xsy$xbhq3>i
z>I5RVXsVi4Rc3hzJ<J{=lUL-Vsh3>Yav=aWv@5YO8Om6iA(0iguAZ)f`6F5bRlq+6
z#F~|H6SpDOS&_UaIrq=ih|$h&H6pI0{xo7^Vx$e@3E#<g=wGRm`MU<F)}X&t8K((c
zcw4$J>Q?VVdRk0)guGrL8r+Kx3+a)}9n-3t_@-a|pDG~<;l)*DKz}%4d>PwdR<i)g
z%KljR&kc9*6CS-+4A3pq{=uKHN&MHq{xrr@HmaqyA_lp5-nR@-e`O(m7Yt1LK0c`M
z4OGafK9`C4U%fO|@dP7f{vkom*P16}!-$549w2luP#NGm)LO5j{zo6fWiTx*8OZ$8
zlj58&((E`EILm5M$S^xp*t+PErx?J<qcSoK^A3Pnp-rWw;|Rzm;4`&6=nDr+@=&X_
zwc7oZ>$)}xsO`UJn=WxY*-bHxGI&};`_ypTaCji4ISRaZ>#NHYZeb_PZv07)md&Z<
zdZ=!xWb<`^#Y6#)hlj`V%8G*seJlWL>PNs!B*cFo<Fo5kX2}iA@_Cj9wo3z?KwU=%
zRnlmlPq)glExvfls`0W41nb}e!4ZwFN0Cjva!nl{Eh}sN*nyAd1!`)&f1%!8v)<%`
zqA>l!6Z9HCiMLa<S+NNT0zY{KFMNXTNd2PjDNXMF<+<|XM`f)oCT^1q7+NBiMZxG&
zyj4U&e@9jS(vj&=aw%ev2^=r-fu&L-MeL=qe4N)$tsztl8^^4$9(@<s-mcp`Hv*FY
zcq|x1mT4h>W%_HMe(irbfD=v6#uRK!J5Ss194*GQnQ|%fYyh``yBDU<uqzGTREy1N
zzWoLg8uJ@tfu=p$lWF1)w{S~rpT>rUgcKcn`H0)nfxj?rH=wm7@gjkWFZZHND-C@0
z2ng;vxLAEhpAlE55^=jm-W0I@VZt-&*`#8Z@%=kpJcr&84Nh#;EcJYbUCq+Q7;2^N
z3{B7c)(OH@@Y`U48l2Zd9n<U=+Z9$Edidl#-z|BJ3rE5dgq)h&!C-y!E;p|l4F~~9
zp<T^*c~*M!#c`5K%nLLXI6hvZ+niCnnejBG+Hv)XWbxYbj6b}B;5*v(u&hVOEoEgq
zxwL)z*c;>Hg1LJ#IYa8Is{SV>Vz;lX>6d<}sQY&L!VLuP%Xv7=&%bQBv|9U^(-3PA
z5dWj5@XaHT<(D~IIS7rjvgYWS_Q1Axv632DEk;Z@yF)2%4FF%?f2tV-zMDasU+vTT
zK(P`O8ObRw-lS;$Yr8FSPh_PO)gPOf<K@-6KClNX6)bS(kU8XpGSYN~eov@73^V4l
z<Mnr$mBuFhuOXmkjC!X8hb1QN*E<RA9b(djqeFRflBQFLhFgtPKUW`$gXO{+X-@2z
z&uW|a>VU0Vtn8seO>M~dB=!5(g`9~>FHW#K<mVUkxT=AXsWBt2uYNa=WW&!=K~IaD
zYlbWP;>C>cX73J`l^Rlh?}yyn-yr=4=cN1*GcND;7?}37gmwukkMSx+!w=>8>njY~
znYwVmXlyz)fxreAuHZBfx9{TTB#D{|FD#rOSvT1^IAEgVQknfq97qzjLCaIgDBiCj
z26A8XOAb0+YrcMrd6|w2QA^8}+Yf2qrntPvs$HC$nc1@HAu25V4on&#G37ir;ADKg
zksP`ic})sd24LjEq9l6#0e}JSE%Bx2_Gszc@&}Q!#{mhCW2|;A)tfF5Moc!uy$O&o
z2Fy5J>!sqsAt3<}NPb@X-PgS-&8oGyEbQ#2%MUnL`}H!Ph=5tiM(j)F42|nk^_)-C
z%YJivp)qr?dqmy}?v6r22`;lfQw$9aEv|YxUr7ThwUCzXb>me*i;Gl<HF@XDAI++b
zyp85BBh$fV_$?Gs#p+~M5h=6S#}=Q=H5d$&3v_NhUK0eCD+MM&R9(1oqg|vQFvslo
z4u`t$94F;xPmfbgzh+<c;y2N&u;;hQ#gi#TT$v@j3oN}RbP+DyU+PTMkc=KeJ-DNY
zki!KYSn*s4P$~fV3+*ylj1j*AY$%mbGIMrdc=HBaD7p1QTdL|F?;5m<#s*}i`|DG{
z#b6!xsZY!hq7DR**Q5JTu?GNMv3EEHPl-Xpr;%Q~rlddf{ABzN#~pHm=SpV0;#Mpt
z8~D6VC{^S8_G@w*+_sU7hL<h6_jNuCxn2g2I%<1wOU&7Wmvb=>)B=s;)5!r8Q(<~U
zXGF$V%S2}&9xbgINV`XMIEuzmrd~xlwaH&a+*oZg@~VqXJy<zL>W;`MIZ7E)%fED8
zM3PH%S&Fr_!S#w$Og(#=Dz-B660#Pns;z@Vr@k&$0q3LYtf}o?q*es0lA!nTR;?xF
z6j&j$;ByS<#Z2<9LdG>fcEGcn!ospb)X!xfnopJ71!_I6e<?oe-p$!N5r0RjvfHB|
zU0|<2lYEEFwR53%+>xr{S90ZMQOS$dK10O9qTQwl1wuBKS5cuMl;=B~*USSy{BRp|
zA4`+J=rxPcq+no>KI(|v?X9S!WWy1eV?`(jlNlAln`@%X?uC{0#v8;}mEa?~puP#2
zo}N~OVILz)_8k2lAtEP#?Us=c7l)6JpWi#e6M0NoZ!bb$F?^)bv2A&Flb0}MwS^kI
zX}wvuv3_M*8&NEH<9mf}%tcCJ%jvbbf5?~duZ<(CM#F{%3~S6sRgEp$fl7X-Tl@ny
zkTH@skgZi1C;R>uc7lcoRMdYb6Ijxv4Kv((tQ>9IQK~Ht5XNyZWCQF8c%9t6jS67k
zK(?E8fQXPVDlyUIXf}RD+<yKJ*uik-W<E}t@;F#iUqvZrBz!&v(AU%Vk{Kx4&owoH
zVF?^g^DVSs8TO72w8?BT_f^%1s%^~7;)lndsp`n9tCtOvYH<5kR5lQeE?;HstER@g
zgoTIaeEljvAxA_`w$^(^kfxmX#0#i>M<=Jal~GHV?tPotG8|C)kZouDThHo+?)A3c
z`R(=fbqX=pRKP!lF4iD0F{juNhA8+}ofuN5D!ocIAweLRV9o7!2l0XECW*anatsHr
z5t#)F7$G5!j-dq8fc<HCd6h6<0*{q4J&b*=6-aKjdj8<%QMa*}#I=UdT6}!GZgJ!a
z*)kB5yHvgzK!={5o<_&U7Nr(m98rHTDAg|U0X(9+4gCE5@p@U0)7_74o7o$w!GL$2
zK=08p&thTqKptvpq@TwFHJ%0AM5sg{WkAK<1!kf9C`q?iYiw^F;u5?6*h7?;w`W7_
zmGKhA&Ow`8!~!6dPE2$(CLn2Ph6M0`<4XLjZ-IB07cYv#EM0J66GPq$U3{b4Q?#*h
zam=0YMz00j>VzDZe;+?-KgelC2I+>phxRkLn3`ldVAlh93fa5SHb65Vk>PiK4`e@i
zn54Kg{x(P{*50Cjn)A&hy8p=M0aO|$CT$CMkGd1djsnszrY2^{4{$g^k_@1JKRPAU
zSB=+eb<|pFv7I+A-;7=~Zl7_?3qloaaA1gRn(}g1inlKUT<&PAtG{wf33@k^U*U&_
zdwm<Bhg3fiku$LOTs)vflC<b8J7n}0hNhd^rZ%nspzze$`9t55JmP^T4H(iq(6`I0
zt1K|^^k2W2Pf7VNpf9b{JK4pSVZM!2h}MLxM>k3VVdFIBC;!<C@O^MVR?CB<Diz(w
z+dFP8V<+hKJ+niLc$yJ)17jvt9i4Vyt{q&w_EGNj;8|W@!u)`MRIsUZ9Gs589%#NG
z(OeUy03uo*Y+zt88)GW8j-DClYsjI~K5WWbRP|I%?OPwj#kETYNcnrjE^|L|MVFhO
zzkfk|pdY~E0@?yj<8_Xsx_{*}KKJRd!Y$U3p6lo=+ow?iJ>T?oT4ItwXJ^iDaN*do
zg5w`|HPGGnp$>$><<ae&`|>;Rc6iPDka|z<eM5D61A9AO=2B14``i;3msF5YvephH
zRR$gLl0%(^U*x`wVBxn0LP^Y~|F$rt7Dn2#$k1c&QYZ{n1jfY6mII%6mqu9kdH?U<
zq}e&fHN?(oK!S?j;rDcRqgkW-#~XHN>kovA-2yuopz(4yke(@F<m5E87~DTPSd-m-
znu3&SdZD3z4eA$K;GhMR`2a;o!BHBdRaiKLp!DnWo2|yR1mo99J6C?ai)|v*I^Hk)
z&$t@3nmc)YpH86<Kw{%gqAl*Cq`1bUT;qxS{AjO@t?iY^fBbL_?tbx{A>UD3Te-X7
zS6qySqNcjbt$dB)Bj52yS+Pnl-9}xCkMss-hR4c@j%R&+FPbv!b!G)(x<2IRTYUKN
z;gz#Bg@D~`uL5*@c!&%c_${$t_9a|v8Ibc_yZAKOeAqnvQfL=dO)lop!*#pufke<9
ze}8)?r9+ptx;{qjc$j{18*ujz(eA%{Cu>w~M=u(=iSvW>J?V_uo?X*nb&a~#$76j8
zKPpr@<lS_yo2R~8)6?F)*Qf!HtZi+xt4pa9I1(00Zmw|lQcrO?UU0;e)<P{b5eMXR
zbxg9cw~&#nZ9G<BA;kW}?%4xNd$0#f!Y_t5vsE9&4teP4>g@$c_yr~<k?+@v>OzXf
z?}>GX#T5mRWSUQgKF;1WOB^&WpFEw+0CzA;I5kW7A04?kJG(A4p4?E3^ow7gGkt_U
z#1{=AbB&7UP1+v5UU001pgF%?x&2DDf)m!!CNSxLeomX8z94_CE|oAtwlOgwgqA~F
zymqbxevJzJ++RH-@x{yFbVNTmp}zbmx(8k=bBuSp+f7YwjuH=}n3<uA6f4N&)7lB5
z(AV#b)i91JBm35Tid|z^^V#s+qSuKZ^^&lUA`;+5Q`)0NCBG=R_|0{IgfNdSjn)?#
zcsYGhHZ^B)mJ{se`rUNI27KU>6Fe93bIH!yI{xHQvit`>zwA!x+h{A8;2FS6-rBhF
zD?HIe*9LW0H@9+6A80>tC8#qauxBM2CUZXY_$FNC=3J=hGOl#7$MB3rluAVzc^8~n
z_9pvXp#;boxcT_Jh#$`I@x|wCI4u)Jd-sxbbxa`(l?Kv3J+ga+nyK;J_e3J2^L2({
zENcf^@VmR|ojIn%b5{er7{P7aFf#10FpGhXeALVW8FuZvzDs&1?L|lrFuM>`QPuR(
zj91L?^JV^A-eTu>QgnGfTo*8Wwtv}tY1KRV?ma4v|0mc3baZru(y;6)&pcr~Kln8q
zd+B<S;Ci<^WBJ>syZ(1$p6we`dmO$Mjc`YDx3{M;eC-Qv>XaY-i{ANG?QTsM)HS+#
zoXwHMVMjlYRQUg;v;!D>LTM0U0bW`4r0icQR&xG_)@{?m%mvVgjLT44hQly9Uj`LR
z(aSKyZsa>qQ;qvQzY~dpdBn1bU;e)9L5CF*!kjk}r1~HbvGN{e_k~HQ{0RIGa&wBm
z&3ayl0g(#iPX|7c?cMX6+2fn8m}h>TPip{Gd|uez5H^Z0@D4OVG;|QdLS;n-1+T|p
z0JV6aOUm}onm6)Z>Iz?ccGn`8Pr5gcIz)Z_<|5^&8folKBAg66+m{KUpTke0^@f(-
z`}r+)HkXyLl&aB(yMZYUx#yZ3ocpT|F+Xj0aWQPWzV_{PTR;e5(~^F2k-Aj{M2Bqe
z>WVA*3hBZ7Zce|ILid{hycLHZ%{w*9)aCG#>kRlS2M6YrlcblV@6@#R8K7KSlt@v}
zN7wb++cswnw3ThX@GFU)@4u<-nxEO`U{Z)hqO|zkXndi$IJ&EX<gcH^sF{kCKhUwa
z)_U43A}AP@8%w|YNkdDk6QcpU`8vEo%Sc6~lx_YGAD(bF(^c<oQIp29qGg<K^X}iw
z&CEO%OxJ)t$S(=w5yHc}joZb;qAM?pEos3P{*>jpIg;dakK9WS(St2)%v&_j??bdR
zzMa~WIs0qFYa&2^pMA1j;s^GEAJ)?S6t1fgb38re%s>|Oyow2jo>UIxSEc+euerz=
zXcOj6+N~$N^39zj0j&Pd&o+%v6Z+h<vt!#!xj7^xD%$J5{qgGR>eEygJ>X8}8y`0}
zZ37jCn62&YRydxCScDN*2)G`5)703QwhMQ2bBht@oVh4(Zq68Sk32XZrZ@RKC7<v+
zv_s>9{HCtHzMgr`3G^mg+m!(I@<-2ysni{~7f_t&r?Tnk&3;;I-`?I1+{8v%FAZOe
z*&@3o@AD$I%R_MDB8?+BICy`uc|F>CE9t{aCnw&8IqJ3ZhohUhQ?^{B?R_Z%PM$L+
z7vKL;U~OC<_H!N}{p31R^zKnd$n$cZ26EJYCJSaAON=GCD*gG}w|g0W4$Mm;SNGn%
zOw^Mg^#3o};JST3@ULo#ck!_#|5>U(Ylbfc+6VXczQ?#l^RMbeoM2=@CWu>BrT?z{
z?-~cHLOh7(o#_6q{BK`U4<OJ#={q6(E)B>aWr8vAPV}v~B?Enm<5wLEL4Hi%$Kthp
zp9BmAhqW1e;A|IP{lvqieLleOjOWVw?VGE>HJFjn%}?XD1ulrjnN->cZq_9csn5l6
zp?E#<S0JD+|8E~z5Pe|OWlkm5zPzyln_4gHTWPhVpw6TOB~I7SM>p0M5(zu&HqK99
zACG&gK^r8`;LpnF3H;wQrc@W59>Cof4&AZO&;DvQ8})xR8&h<yB2|Fw>>1b@r@KWM
zHcOs+rEiI2pb_z!@!Q7j^%ZL)H<9%-zK>AD=z5Cj5%r(&Rp{)$)&@9tXEFuXBaHdi
zF<hmm^K*OIUImA*@<;_0^~H#<YE5|J3q2q8E0-|N<z@PDuAd!g-SsypB`H+qT-_G$
zouvD~aXP5I*!}b`w<#1z%pVFd(GmKCg*E)N(L72&>X(NPGqYGRJn7}{mJ1r_Sm=Ku
zKlVGYbD$*ej=#d#4N5E%WW&KpoV`4|+khvAb@~Ts1^K0i|7*sX-_BLV88s3oUgVO9
zD@s-COpbkYL9_ernjRmwyu@-hD9egh0EtxiHnB@%GkYnC5;=bBYlFSGh832-LicJg
zu0O1h8lnmjNd4UVolIPC-7ObWdghiq#7U`gZBZotkTfW?^7mNm&?kZq>YFN0qvMOZ
zek9mZ%H2ee1h+~~9&Ekb&CG<uQ^Pm+|8no6RsQEdr!Ba!92KfnJ%>I^6Z1R9JWG4_
z_ONisgS#oJ4r`!!DTr4_WFVCL(Q<A<_Y?X%^`F6e7skWNhL#7ggCE~Zvuazge^iL1
zbR|Ob2XI)XfAn7>KpSYHycSDy^^2JLgOb5-l16(EMb61s`8vMi#r1UJ*{N=aN9V;N
z<z8Yh-YPbE2GE#?E8P>7c!O&F4PyYFu6UVheOFji67U8bUg;oIYi^T4XkvL0xZ9*$
zq)v)J#sTH9{uV-I=?4%dEj=&&J!kg!x9Ps=57=J`RgMM=2as&vHPDH7@@qV0X>l%=
zSlYAp<W9*<`>gS(CSFp0H5sr=DZH`*4zt6U8!?N)LlFq<{)KZg)LAc3u9u)@vzOKJ
zT`T9W`8iAeGe7xnw~S6I;21BS&3=$SoK`m^B#=@@Pbxx}qcfpPsOzY_%Ne;0_X+oX
zp)hT#r|^4j?^WwgTTANKViP*<uk}7f2X?=?bOx(3&(2dnUD<v6>KOG$dI-~{og_Na
z@v{HX7@t&;xjrs$rcSe9yk9oT=hVTZWkT<6-r~wNmt)SVMDUq>r8JRcZQ0fxdd-VK
zn&QK-PC}DcdPBkiyOdmVnh&V9;L9tb6t}k$4i9)r>2DeqS6=7)h5a=n6V)#sbQZq9
zYnF2U>5<+LnQLf92jxIuq3K?G>&u$?3kQ4BcbjH+K+$t%d5kXdSihvDLlZ5v&-l6O
zg_ZVFJ<T!RGfmb*?B|2L<v8ITVM=Wun<aMPtJ@UBxWP)gIEm(sKcwR#^G#mz%WsOg
zK25k5Q2v80hqet~KCQ7u`{t*5DwKVN@-o8Q{Mt+zeE8Oc@S~3(ba5@2A51G}v9yPd
z`?Y?J^N4HNUNqn7j%fRFzrkNuFoUFaZP)Cw*K5=!-4mysD3B71(q4DAGkU(RUch@7
z+9YvpgyB;@^*eFgWJ*=)=eJrxHjEba9==@T-pmd7<da3kx>t8^Z{7b|oi^&^941bh
z;4`QbSc!EdVt{&e)~L+p!jL(#BvV>rYkX2MD0Q?SLc*`T%&kP;S&D4Uh4sq8`_cI7
z;yaS7a!~<9h9fZbVfI=G+FG^RTV^`c$1U^TTNG-H#(7{$__>$@x#4maZ^M=pDE~hH
z{?uaWrK3s}GS_psi$z*fe;0ej^Xac%N^as`y->`{YgUf&x}<4LX=v#wM};5hu#YQo
zPQ?CPlr`%dk}5h$U~O#?mkLIIE>U{&gFlsu6R0j947B3|&mH00Xo}Y!=WeJI>xUR|
zeubFgh5CL<mfyCmE~FQ$N|hr?&Kc4Z5L>CFY)zy4@M~?+4m`J0pXv()D6EA<Z=>I$
z$q9Mzw1(M6RPnAph04Z1=eCOEcrji)ME>jT8O|?Zwnvgy&UC7QRT*6bg0~-AIcLvo
zysvG^!JrQ`Q7V4)MXN0K>#L{lO(u7qWzQyN@SW|yq2DR9sa>Bvd}Y)h?2<>qS9gis
zVlPN|;0a6$1|^!(B-um!q@q32@Ue}@D>V-Y(~=qoCYsRxXh&xD_0<qXwJRpm8=5N$
zwaaT@C_+Pq15<{7<UDNc*!vXm_xZx-iaiQ}!op3`d!wxxi=@O@L0{_&Q{mE0(S^{5
zCZlM;5`kmOQa$eLrB1p(YzC9{9aDncA0T7WCec)~{$h_cXn62mf3DNvRzqZT4K^iO
zxo^qHQb)r~Fi|kc>d_^ZB(%Rtfp#BuKe%<PkO;d=^4+$uNFM5*wots@=-SxW-c<M>
zMHTh^;~vFFWh5u*y56;rl0GnEtoQ%th(GP2rn>evUbFQ|G*ho;%thA1GGtmT22Rfk
z;<ZwRyl~xouBd9nQWU69#zd$WBSZ#JpzGa@6cBFuY<**;t;J|DA#t@K7WjpRp4>U6
z)Tn1pr58LoFPYMjR*CuvkVO80f<AN56WGPGjSJEjwIqjd(<|>_xzjmKSYJa%{o8A?
zz&1J7-%3~MGBG>lJL$8sjjh2w_YFuBur74}XpK*&CY}NADIGYKYLA?xe}EbF@`4xE
zKUvRth*<ImPwgE<^Z!0qs6pz!r_y2(ybyfzb`L&#F94iGe?z^T7~q_*gv~v@sKE)o
zE1ZT8fe=hA=tTUq=i85xSd;tE-4`?pB(B?9comE!h{?!mD}u?8y?8S@?+=JpKN@q0
z97z`iYyiW1R)+b*Wkyrs&w(f3WVO$I1aDLQTnn`qOg(VjpFw`889R*S+?sygkhl(K
zARUjKpL-0<%EHpSH4iG_Sb;PW!Fs#lC52j;?_+K!Y4-E*4}az~ez*fDl^g#5r4-=;
zqYU#>lGk?9{e6{JJC(18#c%qm#anEu=fdsMZ*bGkXTl(V@CLif^RCwpHz;@uwIl`|
ztE<G|L%r^|?V2xW{dJH|r}7Njx3;`{`Q>DPEZEoW{x)uYQ;<t^a~5#(4*U-d!XyF>
zCC=EcH#;LUOCH7TD&M?fe1?>`@m;yDT*=t+QSqGQ$gZQp2_}^ME+K2oPSV)1%gud-
z1&J9MQ>f9r`0e1Jjv{ACtR(;DwakcEc{p$u^(i>6#M?960^VGuRy})y^dR>a-C$Yt
z>4CPM&jaeCY@hGg!6HZe*|)5-1KVB(J`M)Tgd0B2e8%nn$3&TE9VJ*td~q<(m)Gv;
z8WF6B9i{k454pLbjGv%0LrKFXbJQ)HC~5AmKgr=Yh!5s}*=yh)4}zTwrR$lB+Tpq^
zsrXPbPzS4b9vtuTU4E->{A6rSwex0sgJHbH;Jas^3|p)Z%Z*Tm$=x=*2(251L_c4@
z$+gWx*=esi6!-o7wIP@UDhN8ut7n4pd{5|-HOQt<X3+Nz<kBGseEMbK4g7{wvIuI}
zKCb8HFG;BOm~*3+er${l9$0c%-4a4H1HKm3+TBg&d4c9|Tvfk2v8KJdhIbQ+XtH3V
zuIN|@yi*I>N}Ud^t$CJ`YEJdy@l1;pVx2e8hzCXM&?>v`IXRFt&+{@M)N<U?+nR1u
z%JP`N*CS!iQ{WhNxxEpQ9d{58GFZK5ie=K6TMQ+VN~dJ?Q=kAJcz$QS#0vS+Mg!b_
z)NdNMCO>m{T{7HU{bfJQ2>Qb5Q=TaZ%02v?DU|&UNZ6ARD{kaL>X0~pAZTi3aJ=~&
z5BM!93}!66#*0_#6Y(l#3W`Xl_MS)>(9O}3+-^sQ<Jo{xkCfG05CiUa7uH-^%|TK1
zkiO1`>2(lgi+$J+B|96)xI7}*X@tK)Ou0)Fa#gnNB5?yk_fVGUm#0XwEX<y-Gpyb$
zjyO_c?{<?b%mbl=4C^;Vsr(l2)q3)z=u_%Qj{GJAH$Rlkn_hfG=2k)wMHdw{A_uFW
zDeab3;#`Q8|E&3D#rW-mN%?2A@z{@UX7Ongipn_EfZ4*N_5#w#^)<51D07+U;ynRw
zkUi<`_KFeF@j2$7Yg-e-lh=HDLh0LH?oMva%gufW0~<A>ShdeN=Olghq{>P9^E#h<
zl`R#%e>CbR$Rv~iOHxXnTP+(BwZ&GY(SqJd(R!cmy*^z%gU|O)IDvOYzo-G6fwas4
z<v2}kyY)<ofuj8zPE$vG{~;1r%DXA%eD#_9!kJ?egIsl?g+2%ChJq}c{36#&64c+5
z%GaXzsc+8ijM*d=Z(=~&7pp^Dby$`CXq7{6w8~jmaXA&i0QlvtQr2sTjc%`x1%`b#
z@W#UlJM*x~C*X|J2rZ2j8J|-)*U9(fqQEkB!F}fX9V7UD^sXTMq=@~vykF~jMV<TJ
zZG`6!CL8-!f5lLIH3aLU^;!r$lDku<pEQJqiwi_;5yX>s)StvYfKZgZzOzWS;a%TC
zdTmzrKo_d2a#`H6am(^EBCW6YA|<0zVuj!}2cmU#UMt%(M@L@KSS@xw7hb2!BVoJe
z-aH~AT}=1GK3d<(bbk3us5Z#85FHp1-9B6M56TrErql%L-X^ng?2OsC)-G~V0tWE@
zLGbmn9hFNCtNA^WogGWQ`XMui9ANk-&=K?hEKg+Zs=eNkqW*LBDu#aJl$*iQ2+k;F
zG4?SmlD=8-n{7rk!FXT8sD<cbr;i5)fSw~`84LD;?~IJ7A0LR${h2#qn8^Y4`m$lu
zY6!u~rPxinbNX+@e?$CbY4<~k{k<;GfjC%5A<1JfGb$4L`_mw;8F-<s2E&8T7B09?
zCVB7mNB|z-&wq&EfB%8%@Ww`;%agWdMOG*S=xF!dV2O_5VJwaW%>}?5U+h#F2>nZ&
z&%~QNu0;})lUuK^#nXL{O&j(%Ql7(|#A6Df*h%4v<QId<(}ScGs^L?B_-~Wb$?r8^
zU*XZ0T<TR%#AqR#f$uw!o0GnHV>yi*-ilP*6%IIKNh>qfKQPL@LhF%{1zRqOonp(^
z)CumdPThzw1;qA$!W8FG-*p1v+jP!}X@a5_Ldry$haSX=*GQ6s&2GzQNmYpqe{68)
zeZ4d75Ft9qeX00_TZ}hlJJ+_`L`05|6FRv<EXv;FzZQkazq9YLga;uBrzQlsy1Kp!
z{DtRxXs?ST$So9ZH|HhMpDGrdadnB@<O9Dlw^lc{uviI!L`6m0OEbK+X0IDh#QaA`
zkLY%`hk#LDni9rvbFIzf^UCBG%p|MM@-@fQguUkR+%}8jUw@$wMPKWcE2g+kfkIV@
z3e?dW9LoR{-Ew<cvgUCoae5jV8ro`(7b8>V-%c}mF1VV0xAoTH<zRRDjhN=Vy+nkF
z^NR0BVw%oXtd6p@I5D1WDw<7+jnBz&eI)_!Q)#bUX0!ReV6U8UviNS-1FzT9!D2jY
z^!7@IA5;BU#@^Bh=ia3vhR{9pVsY~#(a-o&u{{od#0Q!`BQfj%z;NL9cCQ^>5B)?x
zJ_CXOkmetS`WFW=X+n&lo#pS-W@d`go$RALG+SF+k-VF>!B<J6Ojw~@>>PP3bi9XV
z0wAgMFtRwy*Bvts##>*%`Ted6_%;-$=$`YWjkZDaoAU(*a2?oZ{~v50G%fe;_`FHL
zLz2go|5+>-G(J2+3>$WGVy&HC)b&SRFDP3qWWYOiyK~qX+Nk<_SBJ>wiLKBs-0aF@
zV8YwpBM^R7z<aQ^GVG{Xp#IQQ=cOVBt)iSR3alaZ#ili|0mS*MLOgMPXNmVc0XJaN
z-S}^<h6poNgJ|FMFBPF21BpHbNRq7KxD3Y*e->YD7Juzvc6pYA^DS+3VpSI#;T%}g
zQvb5m4N}*wdDxC{27-p49bAl%!hwhnO=R+8+B}$KOW`JQ16-VHpkAzyP_!?9KeSlO
zYMntpU*~I{_?U|d_9lZts4nM6HD%lYbeW5i<!B=#!xBLNFX`PY9u4m1UNB4Kd%gTF
zR6R26j#PG+%yq{cO*-%=EUbwt1H!)SbQK|UO;D(^@Vr3zTK5_al$n$1^_fRJNP=SN
zX>QRxi$&-~fZ)t`J^2hi0RO#YrtUp|5932dl81~;8cX~SKd|Mv8X?8aJiFKEdYSB(
zPteS0RHxypk_Ad}?)Lzh&Eyu!;;wBEtIr{E&*!jaM#2<Ia#qIVDRpEM>2h(<`9i@~
z8Ny1mJ`0n!YUl1&<Zfa@zuppNmfy3!Q1Z2=35;5z)4W<IiKL<~oqKR~ib1<P`DACm
z)T%qhF+$$THB08T+|qBX4KxzoCWT7`-(hoJapzh6bk48i53g&L*<*ANsW8*-7RuHD
zMjb;P;^_d86z!)(RVcl8nGrHx$@uZ$(AAFOdF$x45E#4J;bg5AH0$vC9IK^!M?rr(
z<MGnZP#P#a;ywYFXU4EXi!~|@@I|U|^GyuO);=Zw5?Lo5t}rbUz<`H4Fduu=R=hRA
zBFXPFqwPB8#S4CHZwHUNOq9f+?Ub?PZc6`TT6RCc#Tk?K)8MC+k)ImZG6VP)K>7D^
zm_Jpn_`L=EZkg>C(Sj0F*BC)nK};PN8>~u{15iwan%TwtVRTDbP|hS#A0VBI)PD?c
z79^U~r3GP;xKf!vwKebM0EWao9QVr)YjaYA@1t*oG+dsV98L!5qkJu}Le@rK9pq|2
z9Zkg1%|Ri{xl305YqiyB8JRPqSQ3y&O*~)M|J<#CtMrpC%A^^4V-zc6|HHfS!*zbT
zN{eg3xB;EQhTLaLf)p&LCkzz0rlRox*V#S+EM|La_=TSQ@8}9LrogCI_7rDs72vZ*
zqg!vr7T=B0W3@PlkjcfXi3mn++_ob~*uM-bedRqJ)njTqtl_4T?P^aIe!mA;xLcWB
zw~A|Qvnr?w{Xb;?r7j5lnRq8KBo(eJlf@kM(2IvK!(XBl47mUfT(G=hV-ex4ud&jy
za3b*UW3d5x!Bu$?6qCuuXOg`L{_z#5c!;^$;|{S`M4bQnAL=m$5QlLI!Gx0PcZI`k
zBwfO~A}yjXN9aHL;WHD8j|qi!86tZLV6#Eb{KgjSG0?BYPTd;pZPc$n#)SRYczoi#
z-uVbi1y*72qbi<!O}f775P3&kD&jt547;8R&A+yaL(Lp|6VFXfCYPWl!j-T`p;ngK
zyaql#i)LiHMsEp-AXxW-7;tBC7sCgk&sg?K#Qr;dHdvCMD-aMd;a#kjn4~ASjFw9{
z1a#S{097j#kyV@DtPb&kNoQ605fh~)X+p>?K+neR(sB6qNxZ+Hc7Kqwt>vtosYU4D
zmt!^f`xer;r7Na!wfmr@YtIG4k=JV?8d|0d>*W_^E}r!7$Hg=~xwS3NU}7;%Gf4>K
zx+IU4aX{!c8rFH5kSGQXp|G?dp_Cv+e2~#^t_NWf0Pjp^FA0`W<{0k7e-UGF_`pc?
z(^q<36agY9{_ARF+E1s;D%Y50MSY8pQe2*W`BYvrWa;?G%3hMMDt&}PEsH=*Zu}jM
z?LT_~K9T7KkIhRK(nIXF74HQa<gg_ZI)k@UE)X&9f0MpNYdwPFTd7xJ7iMuQEk?^X
zzF&Bp*`MKP-Q_hkz!P{@a*MS2c&@H5eaN*(gh_S84dtjU%$(}(t;|;156`y_W-T4$
z6eRH`i_;shC4t)%D^s;-%ipoAUv<}~nk9ePkOTgBusLCqIjqY`@oJ`f`9kJrvE)gG
z>eVQb<~oVtz3s_QTjE{v+pT)V6O<@kXK6Hngdd-*a+Z}|A7qZwRoqzf)(^7G(5Ekf
zX-1nzd>Q>Mo$}lo#q#|QL8T1R&j<Gb03P*93dx-(rV%>C*zetvDpZT|+wYheq_aF<
zRZTbb3U)~mvtTfCUNQW<j|X*&FsY3Q1fOU9>`1eJvv!Atq{Bx+<JLI$Hw9qbFlC}O
z3-5Io^cDYNuT!o={gwATN1mVnR#p_a?CIYv&-GP13XZcvErcU))wrHL=Bei<(|_-M
zLElUYp*T~V<2QoYh5jAEnwnOv%)qF{D7-Tge1AReQNOpMPE3jSbtRw96}?5BXWIxS
zj_Ad&R6yn`z#8PLWx;NlX@r1rNd9l*pjuO?6l(^&*r&>Si~UHIwkYBE3%^k7O1Z$<
zy6YV`;j=}<i@<XC5WR7m_Mjq3cNfm#yIFiT%lCd`_W3V7_ACbzBFh=Hhn~SS(9`}z
zpN~8H-Ogey`hSEqS57x2k1e3mBiq5ob4VcNRA5?+y`s4x_R&R;9?pp4#*)_O&1*Ge
z7J;lbniXo==h+}Dz`YtYwiq<ya#-(UV@AG8^zG>N+m!pn0;e+)7Qe^?2d2IzPVGf)
zzr>{N$fQ9YWKrZTWZGbKK>sBS)RY$Rs6sYo$sfSg{h_U7Nf$T{7-Y7C$t}w?F&;S+
z*N!c00NDW}@{fW1fjmg|(R4T{ZE&*nJ#iXk_<bvUr16*RN48lFZDb4(47dP~bKJ5=
ze}B-QS3n;0)PU5H2^{yM3iy7IIHqJOY2m<x7_6&b6&((97_xmz%G^mNKCTs2N+QF7
zp=ih=drfsD_*t+hy?4wPIM1v~?H?!w?rgWif=))k#>HeWzkZ4o-?;8u^2a(z?qz~I
zeO%XRzqWq>sGizH*zlwBH72q>>+to+#`|e{TW4w1%vp|EdJe1>T%~+Y54G8s?+N@1
zRX1~h+M=DK=jg)&x9cI?ek80GJqE7}Uk{{xX-rgHdv|x8cKj8p|5%=<P@T-j)j-`f
z$uL`#r`b@^hNiOLNx>{Rg8m~v$#k8`RW~X2YxMedNRdcqHpO%y#u(rV22OiwglyMZ
zW3uq`Fg#z8Jw%-!iw6lBL=x$C|Jkz0Wqn@ISdt4`mdj_C+{5pj>DTl`kpvS}>ba;I
zwjlAA?OQ#*qdf72{q3^iq1}*xh@e<reQ3FtC;1ET;_HmVEG@W9BQ4#<xtY%{++8hc
z{_`CeWAhDDxOWAz3d}b3j#PwFQ^CzE)cJO^w<+yFR{}3hfxzEKAl50yJ%a{Hk<}W?
zF7Lo<`I6E;#q<CQOYXNqIXxOF{T%BUd9`}NoNM5m?saBU;d;z?b%H0s{@BKNU(1-c
z99u{CdC%|4Pu7C^gX9M{GI{@{(KGE|uE`d5v13aXw<1;cW5)GIeE#V23x^}SzzxlG
zJGZ&MuxRFO!R$Rmk%b8*OB$tR8kd;@RF&NB6Iy`$f!IHv-lzmQiXbX#cu*|HUF@^I
zz30AOYgW~%s@-mu@i6w1`ua)+Q=ha+wo7S58%Rz4%KPvv&0bLd7d+w3s9&hGrPYKb
zk!`fS4V8^jqP#Pk?N^_d6JK_lY6R{_4>aG^yQ;43fL|*}vzG)+i91{x8`tr<0Y=h}
z(7Q^IhpO}hIzojUeB}xKb=%N>)!_iIW%23aBE?5!7N|!!P>Ajkg!LjDTrkHWFN3W4
z>Q}CYRf<$0V%CAiOMa@0z8+FCK8mwyoILUcds4ic4Iv7uck?Ic;P<t>JZxr04Dz3&
z_Md8GmgqEdYoW&Y898%uu@HLhmf&@FYD&QP+S{I{NCh8*VqRTFY$I9sTXl70Tiau>
zRfX=3V9UF<TM$N&luotH{Az#6<=R+;LBnxB)2@t-fV+E0AA9NLn)H++$sZ0@D}eNm
zY!;Z<HBUP^XImwF_i%lO)q^zWw8o}{io5h7EKSE^MuACbq%T7vLp(eFim&C`2C+(T
zdvi9<Z+A};+B?9^9*rK|)2B>CT+k2}(fvW`NIuB_9P(V|$NR|AlJkdDdgK<-B~I$K
zbUFPrPv}w-07x)WN!ODgAO3C=DW3n)je%N|o&jf}e(bw37L7{_HaS+$7byn%&G;Vr
z1^mJ5W4Fcf<uyOXEp;`YI316i&89lnb+`m^uB?04EYI(Kyc6wLmX!1J^SR2-XA_5<
z(PgO=Hi**v-W(Y5<B?q!;BlypisU2`XKFU`egT68Wg5cdx<3TkQ`#xNizn*uKV1~w
z<k1ITVye22%;iZbiPa)%YT<!{;B<5NM%x9oVKn%tOW!*~u_K;z@6|~6ot5gn^3L>*
zg_jt~$5f&>!EU>!b~paPen%8dHR@rVz6V~Hi+gJ;1x*5TH>~IAomm#}RwX}g>SphK
zhJ|mYm5_fj_-@%Y4F5LOVw`|@d(6N!KH}QpVYrcduRpd*<A+Ya6RhN4l!-|%T7u@T
zks>e8Z(S}NNf^)UwA@u`4rNL|yYK6};Gqwv4jNf$MHI<pxZ{^LUtmI+IrY?$qSweA
zqDSZrhZ|nw6BA-(#ZUf)FbbR4FC!yw+)avZmX;*ck<Ai6==tl4n)Aw`W{%PPd^kFe
zmiz-Y#6^Mczk>AzVzY}R@NZ)^Co>GTv_>IoRK4{8Te6(y`cp^xGfku)N|Jz~Y$^9&
zR5C8?F2DY+oU9L{GRDdBb`X<s$&saaox;~#dT)HHza|Ge=7z8k=QjncR{i#{r)!+W
zSh<rO7SRCj=J(``Ld>y>7{Tyu_GiWHB6cTf=Nms`p3vG(D!5!T1V-sU2!yQf+GQ%!
zLwx5r&mn%?(x1p*i`qhszBt3`F3@RXU35&5#swSbuqDHN?|*|*b>6kD<U(xDCH&^9
z4wd(S`0O2E4;Wvp;zIM`ZW2MC8_^;AM!$!$km7z(V<C03=Z0yZ6z%V)cik7)wUHn@
zpWS=s!KeU2Uo-3klnzrWbU)P|KnlTVNg~H~KYUMuj}>GzXaCAv8V~wX^6W8d({b+>
zGS&5{lf74<!fH?lQLVazkxnp)fd>gRD8dz5eRC-UwJ`03X{?-dk!XIg`9(FM#rT)k
z%YfBFUC0s>anf1P{h{h5kDkK<Ol2u6Lo}4tbaWqe*)GEuzr6fle`(fx69w!oM1dN_
zsb??dIZs<7seU+dHoOhT3BIhUt-aN7xNr5R&<lQZ>y7{5BpU^8PIdvY#M!#B`*MPc
zRGvWhfJ5!H`*nx*-aMXPsN3uXhCwMFbmunO9s;4JzWn{N;q*dc;m4M~7F>m~OBYIJ
zKzdMg!-U=PkqF59vrH)Uahtp}RN#VZj`QkPrjP+-o87mlzzpRu%sc#XT{?30t%p|a
z*9<MKZ7J>8+44i@yX7r93>oj91{JB_MmtvW*$}M643@fep={$3g!Q1R`WdbZ+9Ta0
ztU<@|q`VY5TcYS<_9+3q^KT!&M@LrPEGlTfQNf^{Ksaoi&{T&|ObB$?jwvZu1W}~Q
znZj{mU7i@V>D5_X;lRbag&9>Ryih6w_K>-nkO%MHhZ>v2uv(-*;I{M~h-#!np?}>G
z8P&}U>+jz?=+NbUSHiq~9TIeLaZQTkUik<G0;+l*$R;XH1(wfN*BnX+k-ugo`~Ifb
zW#JlFDpMp<+~B?Q`i#YIbC*;ZhE1V-Q)vD<$h-M#hB4I(6NihArYPyY>rX}ZPqE$i
zCnS(S1IEI<2EN-UXF~Uv7#sF~1j|*$DIj(gbV$EP-i3?%@~yky?1i}vi~D(9Fd|Sh
z*sMF=Qx=?^^K-E;CHd&kwClwTDLJesvJqa7m!0+P7TBd!bMq#6x7f}PZzWE9Zw~JU
z3*l)72h)yklOs^*y+IW!8BG_;rlW26!uQe)G^pX|IAia~?^;{K(58iVpz#Cm>w%Z6
zKT;dEGcFIg&Gkg~5ZHYu$0aeed!7Pc%4qVS*8OGUzP<vp?@U{Bu#cLnjOHQs&t|jY
ztIy&S&KeTQ91|KWD$jY|9Pw_!^f|<0h9ju};c_Ah%n)|mUaf!#hGfm_HE8CFO;R@Y
zwBkAcN)>SzY9>7rGlW^o7lk^tf{azQRN>CrPXCIQkvjK;dv05T;q7&!dWNvF%l_GO
z&#FMU`VHHFi{huj&QxzrS=Ka-wRrW&aKd2koA|16#-uyZa{KI1ZspD7GJ{6@%FEuj
z&@VE6X(V&Ga$CyqHr6lX22!I(&tu(`vzy$=T2=Q%d{H02{B@$7)8Iq^;6ycnhQJ>S
zL=QK|hInjAR)cSozl9#w2iBGfBGr^DA?ZZ@4%ZUhJ1kVKHV6RRbM2Xr#u-ZF((JW|
zqr+$hLFs+Pskbr@b>_c7sQzhbFN&rp9u!)(+sOzeC_=t!T49kly12lU$G=Ykskt{a
z&>C_4-tzzB>n*^de7o+^XGTy4B&4N98Y$_L?v`!^3F+<_5d<U!1eI>2l@0|-1*A)m
zk_PF{Irsej-+SKgf4=uS*X1=A4l~a%ckI3PT5I1AZ*WrPh_53QeAXNS$o3o`Cw|x|
zzIk){@fi@7h1`$ROk!4#&H(_$qHBP_i5dSql~0C6l?Ar7StdR$Y8fYBb9yc@v#Qof
z#`GmNn0&N`;_i;K-*PnvoTz60ra~1nuB*NQmnmEXK%=g!<EpT{*ksP^90&@Mx~`fg
zGOQ9X2V{z!8mBF82;?y2+=10P^-WmEwB-f6<4SWJ@3hHtUXc57NAbF_TS>28`Mg*K
z%C-m_RF=B-ZnvNeo`=D(G@dPIg4&tVS?Kt+qW5fA-3}or#9rN-T6e*19~E!wVCrj<
zx+|1tr(gIG$8zgEXP-UosW&<lj3NHch>fqVP7&vsa~V&v($q}$)CK0abSI3^!x9l$
zfXgF}3&`xoE%XpqlUBTDmAx47a$Qf7g=>~WqX>BAa}V4afWiM}bjZaZ^efa_zt)6b
zy=*(VF(ZNX4g6d(!Q`T4DQ#6p2ib?G4DvNHVM(To151P%)EI{?sRVxvt=!8D(h9q&
z+jO}qIS;k?Tw<1%O=k~#EaXdkjVsT9HScW~V%|Y-;-IT0{Xx$_0x)HSEvQ7znu+15
zn2EV7;t|1>IK?KA+-Lnzye6B}q!akW7+IeCH)&8?w1a}&KroJ;L#^Kk@cMXjYv#)5
z(z~Md+4~#-lUZm$3J9o%0xxFp|B(=ZfU?^?G5c*cV=$TSJycp$+zE*Cco*ZiN5_<x
zdo{Ul!w<meV(!OO{j**veLytY-Q}XW1yuuCrgnO#3#}8IUvIFMmY3gvteyH6jOVUt
z&@ts!@TvA~+&HU)<7Y_@7*9%m;KmHGVoAPafsVZR*2iUGLUBDAcRR6K!Q&`if9_MC
zyK0U6e4BDGTLO%%uC=5IK8HBF8&gg*gp5z@V3WcPaxlg39FoQSANG|BDpn7%HZRvm
z1M46D36qCyUY~h48+heqR3{tFl;s=T_$x&9cPHt5)OCXhFPz|TXZi5V(aHBy<()e-
z_YX`^sy~t<9p9K{v{7rTM`1)u2+$NV@-^`PDAbW~bOhvK*u81r$iuPVRGv)~BPmiH
zAc1v<f2c!1Cityt&WJ~<lrdfE=C>Cf$(&Z!;?wFJ{h4{a=~I_;Ye&c9Px@=lX6>Pv
zx*m}|FGJ>8w$0X5{i(h2x3T22&BL+a>5gvni=6fv(*Jpjo=NvD-7n}1Wsc)7RIpKV
z)_g#J$cI_sQ9O>E=N=?#BF0IO2NMa>c-Hjq-<!ZfR0#EXS8s{$i}*f15AWistGo@>
zkBdfs-jI)`d;nsH3=47B-`|8x1=cXA#NO)=7n>+w(A#Th>YmOKZp_A~=0=(W14#n^
zY)!1hk*as;#)P!?l5%RiAI8!r3E9Ojub~h8>1)*FVbfKSvG!N{0+&G&AB;p?KIYKe
zkXf|diM^aYy1p|iU<-rH<^)E|CNy=Y;kmwqP^<%c;y;ypBq8Q}u`~NqlKHv7OE$g0
z_Z1%-tEyg>Z<}3?2=27Ib79$c&4O^@;d#;%*RZ*Hk_A$Y>C6|jvgwvj2mRgNzDJC`
z@K%4WBlzm{&e@JkHi4J-$&y~~&D^_YnHus5F_4Rk3-sk1Fm3O%T(75|{0OGS3+EB6
zL!wifO@GGA-sS!cape?1^_Bc!#F9+JG0G*fYnP9P9EgpPddGcPsxWw^Dlrnx+mbUw
zW3O<tV?NevNDrJVl01=x{BSrSK-;p4+3js##=`Y~;r1h1Y(75T_WPhL{QS=sO=%8e
z)#t@{)qgN-?uA+b`FHSXkg*AG12Yxgee%hHUK`Qi=;Qi47vjyXh!HxNXkqBd=l*#s
z%)hKmnH-<b#OXt+QUb7BzsC%@!Znku%B;x%$zuo=cWv1YPY;UKzB<pg8pVH*b$*U(
z@;tL+mEy)Ddx~~uu<D9xX=!!LyKnJN>;-w^&sJ=A`s<3r-%jiXjqx|@|Ke~{lRd54
zb)H!2ZZV&UIw|qrmHO!!pczO_J9fO7cz!QnobS~D|4ndJ*`p)CCKyOw4L$@;o58#~
zDSjYAmoeGMLLW>Km`?!10EknTe?dq|$#|rMp6(youRfHh-OlOLPsI-{&k6<K?fyKN
zdojKBZFcq%&H0bq{SSc}SKD%8r|p>*&!1za^cK4S)554=QDsBJKc0uWxhn$ErY24M
zDRe0E5lbZ}C+`9gCTqy+NpLVN*VQ$D1LIoYTp$5D7&!=~x%dn0%><)b25m(_CHt}h
zb<kqrU;=7Wf=8F9yuYt&oFORa`a2O?3kD@BIjtaCC^s-P>^&D(ep`x>C9Don2n^;`
z{kWQ`I3CCWvW!((L31omN)md%@xCm%s&WfHVM@p4cqIh0jm2se_=H^<NN)r=<r5<v
zZYW3WuV=9So$@4n>_33#`mo-wnU9`J|Di8eQ$bj=w^eSp@c~PvHxV$hwJo&Op`OO3
z01^1b%vPGjriaCQ;^WB)o@JTbq3~J+ty8JOBb?_~jqI2vlw&Q6o#W#_$dD7(p_B}b
zB;0t9MfQEuc~UII&7`rE6gb@p*D>eyz@m*KMHbk?)}l#}FI9?YO=LX>9<VhPxa7~g
z26wRzm=$`ZK@q-}@=7YeL@*-G{??w>4Bew*>Q)8)i#=C0iAP_j;^NAW8J8^gcxX+x
z$TIFbEiN`nUFJU}$mGLYJm}&H$R1l%ZX$VWs$I1GUhZn1e&bfkAB-$sdPwaKtVn_$
zy7B)}WEVBWUIJi;)|}DCgeOn6ir|^=(z@z)zR-gG*A5atZ0_qx5TC$D7$nnfSr4}P
zcSrF}3Z4Dq>+@e$XsC(KF55uTFV)K)o?h@+_`36mrDeRm#fR$FE$N!}<<D$q!gVu2
zbtb+-kDTJoSHWlbtbU2x|BAW`N<<u^MD}b*XMKD~sJheyCRBY}mk?IOFIVHs-85vk
zmlbHiUX1M$1^65y<Y>;%ZMNUCCm{ywIu91!O?+~G=1o=1i<K}^os@nkdYcBqN;xO~
zwiK_qOIPR#SGk&&_~D`EoU504DXy-wY!glRx#s4Akd-0p?@yhd+w7^_MB@9SR+cX>
zy_CO50BJBK;73b2tF!76=<7%}xdNPTISXv<H2?v05M{VN;5|bdzY6P|^yTE(Q|M3i
z)fe&1=Zqr<jJkI9$5<X|$1IE#+zA-wW4m--<bLEx)m5kl2UD|<*mVzBTm<lN;v)U}
zZP;9mIV|go_~&!FknE1uIv#4djW(p7f$o44By=L6H6~j5{0w|7A+p>6wiZS556>uB
z;PcN8PE2HjU{BKxGo3{jT9gtvwZt;iLZuZ-$fUCg#4>({4*dEx6E;UHw0{Cj4D0R!
zf^{xF2JhG+|6*im!iso=vILwY^XqaAZC)zdBw{|%9pEdkroeeP?%<X`7EzqB&H}R~
z>ME|2aU>px0aP+sW%k#cOCJUzO5`#v&<5*ncG`Nc9?3KP1qjsEpyygB?~ZYZ9j`5d
zVzS9_V+5X97>f5&=(|gLt1dJ1CmcBsmDx?DDa`RG={9oajr^Ls`ExEMHQe2AIk+T(
z-Tc0vc-|~2MBHn5OaWU<#(WZ`ZopRH8$hiFkT|WGv?&U1S3Zza?0<9FG_h#yUF%yf
zB2GKpQ)x@$XIXwG#36*arw<Upx-mU*7o}FWGe34))_Ug8guaeNBzdc$-^ULi`$P*8
zt%T!NWcdb|8qmwv-C=}gfPl9DUwXSCl(9mk0M)K-X|6kH#(*IY6x8%}#MYl8rh}%V
zi<$+(N&*EjU_xK<-uAyr24ZP~BIL(Qhy)Te3*~d_*5k;w*L>?oJqnmGma>CF54S*b
z(ZYZts*@axzNj$<4yhadf_Lz$Hg@tD6FuQJzq-olI`rq6{4;wKsKS#4=v&UVpJyjj
zTK0q=E75M?n(?JJyExOJ>e~h~)0m7pHlxeM$^`$4VQ$(GO7Cktnhus<GM9yFH5`}-
zkWNp{I@dzvcaTOqNM$Y^SaAniYvT(!ldW_a-GK+ijfGl6!jb#sh$K%VmxlJ}-YwFA
zA?uD#f%}{_cU?d6w~-mi+#W)CDFyVCIm(+jk=5#sKbP{Iz+e+$)*2I!Db6rNUuve6
zo+4a7E1?*5=v8!t=ZY)o>hyi-5k2%}+Ft=<el`dRk7rf?r%nxp?>+<ez#@KOON=ae
zQlys@gvXg(pih8IF~-fG<uGyL&)T0Nw)1n&a&=K6MtW7RZ4H7Vz3j)`J4ih#sMb)B
z2uqR+z1X-ri+U2LHu)(Irm;&kA2|AC4`iQnWdLITi&`}&klhS6wBg#{Bj~w@L|%MR
zVjEF(@?gBP9Yq-_Csk~j0giUsxh^*I>0jE|i{r`<Y613~;l>Xs2leIF8j&ZF1a6yJ
zs<26?H_zTHkRpv<64?QO+dXj~?&5+ty22@1M-L%Yarr>jXB!F<@kExL&pFNRaFQ*(
zByR)F@eJx^YSM*<bRzWgIW~lE#Yc)7AH6Kj5FS13&;A+=^L(jt2P_&+0Gw|az0@W}
zI$BFP)EfT=OYh;o1w2C>$y_3!H`~3W8_`+(V``cJ{nd(x{sPg#(*B>-cvG}mKD?4^
z4?g%uemWE^$p@(jjCm~tdEgsWm|}$6n{k+lH>rA&5((Gi&Zi15*zw%0X19Aw(%!Jq
zHWq^O&E4^G#}Usix-S#Tmz^#b0gma`k6{jK_UGMOy<fvKN?jFmuLSk|Im4VF#aq8%
ztb27dXN1V~L}LYvCrzHbFCY(QVkE~aTmb!t_-bDjfcp0~M{bbIof;6e)>CD4=ctM+
z2C_D$h}kMMa&v63NoK%qC1fx&EM&xHFZVET$(K1r4WaaAt>ok;LU(`DJT(Tkj!?&_
z3f*a-;(e1tU+=k(9C@M>HOH$M2KZp0EHwLjPaF7N|7}Tl#tDUu;|;+z%c`XKnSPIr
zaaWQvLMn6cL$?wwQY7w;s1S(CINZo4>JC!630ohXatV>r?1N=Vx=8Saz;-20UgNLA
zW*pBk_R24Q%}x^bAxWe9_|Ed&dh{r%M}NP&(bss4i<*y1EnC8=_*Gg4dZBZc#fx$G
zrJ}wClv(O+oJ7Yz*32d9zYrV;q{O}a>^%73QY@C_)lG`-2>|(kV4=$wQ=0YE7Sj_L
zNhnPux8}v{&R5Z@>lhfVjW74~{zjUl%In5`uVDqAik#2>fLAEUxegN9Ki%Xl+90Xb
z1+V45axbDzQ<#~D1OLVlcXdd?8xnBc9A5|Om_>WrAq9lwrx;eCv(^7wXX}S+I;%W@
zD%4gUK&iS$V%HtKr&Fe@XnYp1Res=e8EKPc_xz`yaf)#a2x{*QpbbX=O=Q_%Yiewe
zA*N!)=a2kYiSEhp+Lfd!q*vrtE801EeJN`8P9NJl`pwi$^+?AX_%Ck>r{4liX^#Ps
zAxhWHZ2p+@PC@;El3DkIFbCCJ=#|7c*E05a2mjvEIQ@ihgzP@o8%S&lK1y^4*%bke
zk^?=dv?|*-09Wn4y)A{I+~Rj^fK@aFE0HBK2lXO!!!5`UU(wqr2S8^X^OhHEd%-0Y
zbCR9|st*t}+9RS-;MXQw<`E9wwltnMZ~&T;&SgP;kRKlu`})cnK)`cc+h{HLAUOvl
z?f~og?*j8j$RUOl`3hGHnzF=vV(tWYnX&E;zFd_7NXF#xKkiB(mG21vsu+-nTY%ni
z05mcX4N87_>Oe-|Pj{NhgBX@VH6!@_2whDbDn62y;7zOi#vV<~n=$_y;p9&W-0c2r
z7V3&^3*5}*ILMv{R0@6tIPL+8)ihaCe`J7_y<dqdTIIc?jk`*b?1Q5VImM4zpu$f|
z7)D4+WpviT9LMh!Khge|7vR@msWDkGq%bikRQnpxXJETzgYD-j6O~g+lxONWM}=Nu
zGlJ~eW8N~)^kh%n4=qDi`#K#;oNTomE*e77?};tTd9G8W=rCRe^1tZtwKhl|*pl*w
z|EDxSdn*27X5FB8Nlozucf-{f4tr;cGw7LWT7Ih1jkaQa!XU<&AJu{hIlYv3COZDM
z7LWPFm>wqdDe^e7j2uCJ2fe|57b|Wac&d}C*9#MmW9zi&)LW`l>)`&K={xf1NJA=a
zNu*Gx)%P=}YqvR<T9mqUM|}OY)QuH07Jf4qAGjvgNW+e9<PZ3cue^LQmJvEXrFvc?
zh~8;o40CX9J$M&Rt6H@&Jz?b-@pIsE5k(sShks=c|H}G56<5KKE?;zMmXnVm@e8p1
zjKKEGVc90toTlv^`+62i<(qbRDfKiJS0)M=fJn{kpJA%ymVoAjm&(pWU3pb9jxLh9
z-ru(*jMd(3NJv5D3?#^l>l>hg68iTrIbdXs_TMvu1menH!(DE^ohWcovj2X1v=dC{
zxon=J+^XuPWKV!Of1Bba>5y0>a06g((O|$P)d2_cF}t5mr;fph*Z$}G%t+Dp#}4d+
z?3m>uN%2g}KiMBO5PpjPzM1$_^E&;Q>ePE-?kUc9X#!I#V=R-qdI)dTvq65-^OKhZ
z`3VE5LCRma0BVg2z-nC+j(rBN475Op>Rv}lOj!L3(yN;~z&d>-P}DV%O<_*PIR9`1
zjbWRk8?)s`@wjrld=ND<QAN~7#1mUY<J%>a1b0nTcWoA2hY#$+Q#3^%=#Y-%<5UcB
ze~t!&dUliwE_LYTdessW0TFl8a6#!b01;|W{X725V$6f8+pJ#`5-6!Q{2>tu+?ZRn
zTnad?-&8TODhJ)0I%B*_nDroK95Z9VMT{)LkC0d_#)G3^Ap$p}kK{y5TMp%yYQ-wk
zoJ$mDcpB^D#wBDYy_Eq(lBe%%7*@vB^R8@)?H(pjTIIIw{a9yB!-y_7VG3Q6KdE*R
zcU^xsLFDEAXD%0X>j*N6-D7}tHz0&9VYX^akf|-dZx&Bu7FaMm5xPh}QKQ>lMIM_x
zgq5y31W4e=1K?ZsYLIZ_6{cNyvL^FmiE83E!SqL3C^O2V=JRYuU~zaI;(8aj5P9}B
z@{P&5a>z<h9oUjFTIBxE%vjW+a~9}5;j4d~&@7OKHQ>JGZDuj&!<aMrl^`>q7gbO9
zD?=3NN|;YlJ*(Ex!e<&&wI1zg@^J8KK3i?MSS@CZnSRMEorA<kP4(x_b*1K5{p_{0
z{cN}2Q9V3ddemm2?McCf;^E(*5<P6i?6`Y`ILE`ZafpVoq1T%zy9W&@QvGy=xO~r>
z3-Zvx!{Cz8c!OBpllb@0?`T4#ahq5qOV1QXh5^jh1>5cCykykV8ytR3r!4~2YYym<
zP%Xl8Aipym0!aCwXLpb8tJo5Jq>YukzIekpsvxd0rM@_67kz0z^ec2CmLiJpQOviy
z_o3VqCBaYdLK{(K=p1bZ5C4CMz>N%fi~-j)xUricpE+bd=W1hZk76{!;Wp)be)xtT
zio=q;(1O{z{eV}tZ$wtZfGx}?WqL>;%M7T6u~HsZzd?)B3qoDI<)$xY&C%@gN3p?$
zLL_2)_AIY})lQs*hnY?aMRO@CJ>B$}R$rYytdu^sFy8(Zp_`FVIflvah%0Jkl9Th!
zKN$xIbmc;d+*cdc(nT8O0wPJ29u|XFP5$?@kM_DF`1ZaIxIaN+r7%y-H*No}EW3uw
zmFwz*P;=$O<LVSEc=}8(IZ|!0O(3;<++rzncj}KpM+2SG_4Amv$=njuR9WhvMmca$
z=Hvg{L1_#nduu#<0OjV-f{e2NX;Z+zZ*gQfK|XGOJ2C-VvKGe3ARft7Bc9q>W}VoT
z)jQJRm*bTdX4X<dp7_Faq-{#xD)&uI4DhhtrQUg;NV_ij{Ro9E)9k~=*C}?B$nEiS
z;jSI8*^E<pdi~!qvdJXZdO#>5LQ*GOMiC*mNb#%X3+W(S&Z7K=`?)}qEkjJ^)X}~L
zxYBmKEZbGJ6pPAKPWu&KbUF6Eiv#A*Mt)y^p0~kT_SZG!0!ywRan)^aCqN!ue^siX
zL&qI78Uxmz|1yYD>7xT+wyy`t5lFz>sZw&JaPA50R?+RgQg~&KKYT2Z7fnnZtg(Gi
zn0O3|ePH9Gj>LF^jZlOsDmvvA+eKzxvJuz#J-toD-kr&3J|)C9-&lYNGY~MEMEDQr
zEi7fqmp-$tkvHS2^ggIBq+1DPAQn?(ZT+#gP8xSVMd9^*NZc50v}*x-;3E}TN4m$N
zYJu#W>YHtm5Z$KGcxgmy$0k%jhz!vr!pPzd&J%EwWytEM(Z*#d8zB35(?sszl<h;8
z-XLG?>w-@;3|Mi`Y0OD7iS7g!?;TAROQf472ixT`K<S#4X>Ld6k6~+%*#6~g|8EE$
zA-M-vx384Rtpb#I<BKyEn87(e#P$64XQ-6&T^tEgB()M>{#G@>J`TLXLrz}Hx@d<}
z!Uqq>Efcw-n|&$J?|mjxm&cfrCpu4=|Ke!*j&bN+nJRPp{_sSRvwmy+dijOrh-aBW
zyHwc%!90yam_Syo_jJZ2hSB{Fd7%109wv8*7eaVuNd{s{2v#V8zTAPmtHvz?{0gNV
zFtTdP!i#aeig57^;mY)y`NnY(qUn+clXmioaVZ%U!(|E`nGaA@ZT2er152S(YoX)B
zcbx++20&s53`lo>c_t|D)c#%G8N-SMoPhSPcAs4f?()zQz`5ZS1^_yzs;5aY=JNpl
zl-C2OxW@H<KIEXm0Of86<O0le`mC}1Z3B{{92{jqgs7LbKPJW=unuD0)Gjmc@I<{^
z`#$##u9uzQIJySP?ItrS*czvssI|1Z2t^4#iKUq>hgqp8Z%aWDFIG!nuiM7z?uqjE
z_2qharT<h)BJ}s&<ZHlv7N8-f>1PZb%KVKcT&eHtf)=t*s?_7XLk6pUSZKui+w;hx
zQV$K@I#K^@JTllTBr{XF|Fw3i{$8&{jF5cUP?(-}Dd@0B1N-?kI7Z>WE%=yHc|<Fv
zAwm*DORAp}z(FLtn)1^zSgmL`4~5}RRmkYKFqR~mD-lk3?*E{$8=N%ov2KiK9T;Q1
zDl)lX<X?XFvo1KHUVr*K9Yh_z`Fu80buELGiIR))y~FME6F2c?Zf5QUO~q@cK9Frg
z5_XQ1wY9z<$s&Zeipm}(#rY0BS_qp7)M*}=3RugGq0-<jyY_Vc?8$Yn@T~=Qt1W^B
z(JD}7EKh*cA{<;Ic9m6X#g!V21Wu%!KB9?R#Q7PTLu3l0EpieH$w7p#Vj?big_m5v
z?+*}za}6TyAc;y`e4Wst?B`brB=(4q9dpd<tTw*#qCK7Wo-Bf~Zv&{PG^}-ukLoSR
zInIQVL^3`gZg6hOD~r6EMcnu;UgmOA4bFh-EUs0$c7OErb!szK>k!E(?t>);Xu|P0
zdIH|O*neP9_ltMRsT4Ai9I<tRSEj?`<3l~v&NKx!!n!_W?$`;~FXc71i~A+?t^fGz
zbczN!qDNyE%O)4HdmZLEu1g_ZYyss)QM=cj&Y7FnJbRH&D8ui{ri6yKN}F3ZBRQRR
z-5K)86*=0vNdqcNPYHXPVp$h>^gZ8S1^sGFi62qAhdDpw3B~Eb<W;Km5*Z-OJmpp&
zL=lfj7LS8uS)EMoT)fuiU)#HNR-r~@CnjI0DPC6ho2OkSvZLq~$ASq#kOkoIGnBN1
z#zED8FVL-r%Hp?$l_}#ST#z&3!Jsufd{HU=<@~)`?<9AHhT$$E?6CQnSq{)Z&f+Mh
zx(#|E>~Lf6!z-;EOo@>t!Z>Jpew_`r6Fi?Cy-XXg2$ch$8wrQyCfav1F9ej-j3u~>
z+hzoYDkJ3n7MXt?hb8^^4#(epUDkw;7$&Yv!Cz#(e-tJnk8VD7`{@!bkUm`d(DAtu
zi-~X$>9A37io)X-l*84J4(7@xj$nyl-L-_p`!#UB!snRp*v}cwf(ddM+#1TCV1m^Y
zXMxiii`aQ1ki|nd2pqY;sPDu0nX)M=JC~4COUSOJc*ZONY_%i;oz1_9NJR<%zwV4@
z%wOfBSWtX_$e-;o$MP5+nO}5}-cGbfo0k7WW9~m~-C!Jaq2lg|112b+ucW$uw`0Uj
zZl2mZqZ^H$Y=5?#<`E({_Kr$1o+xy|<8_fs9&|IGX2nU~JM2674e^V3|8=yPT476F
zEi_IkH7+e~5KEX2_4Sx;SM4@e{2VyIZ_#Oy%75gAZZ?hG>ieN4L=}4$3ru$z>Ypfz
z?8I8SaR-15dtWwECmJz9vRU32JdkP<_cmTz;St7@i6lW$7`ZMcsQaSdB1!95e*MmY
zJh0zk+?llS=!ifQSNHeb+Log41aruTU-}JiDlBDkciEniHJth5Z0Ug->z>vJ7wsvZ
zB&K?yjM0Dn{5wg2hUtXL94cQ{gI0JWG3O~j)aaIF@1c)bUJD(G`IT?!Xk6UE%bB0~
zTY21$`#sY5x1#u6ue6$)ykt{5t!OXxWIf1w>eVNe(sOo7HFM7&<C&^CvUR9D=mE{I
zYSn&>@bJx7cXDJKZQPnZ*?#Lsy`o#H*0P0>zd;%!N}%bo)K7$igdgEa5sH#Fc@%>z
zks=6YK9H&I((7CZFR!XhCzf2Rs-Jo0b`RTm{eWvG2W!DAE!)_!TOAD{`3jT*>^m`s
zG7)ISj~m7y>rNE;ub<Iv@a;<(CV&BS20rsGQetG=B)^}rAI$cMfee{Q4CXMQl;kZq
z(O`4Zt$$jLk(B6-Lrk#_k=4gyW4H8YsZk%EC2kL!yQ9D1XS^&1cF~6>h1^tlZ_g|H
zS-3$<D>0IhZhFy5<fgUn7pVxsA4gp|i{-aeu^Ns*lMXTXayfv!>b(EG27^$O^hE*I
zMiHul1T*UaPRwv-Zse7qV}hg7KG*e;)tQZJ@1kR!6ZQq29!d*@{Quk&U%kiOz^o0L
z20Q?Q29E_KNNObvU``o9NS5DFRL73Q$f_QXE=I}sPydw5V4MQ>+e+%f)wRWunvNc;
zbn1_GOmjs0-Pv57&w^Hy@IkAcPPCPoxCgly%hA1bttWq`gC9erWFN6z`0;g-znYyU
zJl0Rr<42^+XAmIu3I{H!Km{pa;uxQ#G7K^xSo#YY5|R5;$e}+2OA%7+H8<5F?tfd%
zmCIo-n6YWTOza}#K!xrp9QXcrYx=)VPxzlFDFD1)8v#)@U}DTGRzuY!n$SuecI7DQ
zo|K|M_4<UnUj`_wz)?Rh3~37{0^gY&wKe|fZ00z^NO`)x=A37i_F#mI>7&Pcm8&K;
zGR&Oz^q>&ON5$t{WWEMi!!=jRC)XYAV10h>_-B1`4o{_*jsF1{VJ!SL50_D2v%tMP
zgS^I%tR$ryj7x`F6tH?vS*V9_@IwQ}=m(R*52k-CO%PU39#%8iEcsgN_X&*jNZ6O6
zgRn80QO)_EZU6s@E_zTc`QLTStnrA}r}fV+h_PO|D%q>DL&mp{4*{tPDtiVQoj_jS
z8MC^2`I+T69lD(Eh;0}B$gR)iYSflF(}1!WLQ^)km1KXdB$G`nJ`2}Nqnj{jHsI2t
z9Q4@q8GF6?z(_yA8OX-yHe#20k8W4_vq)!@63ieVujhFx`-x>&G4GM9mgAjRduk%H
zNmJ=%myai@@gtHG)q@`{dlbD|*7N!7X^5oNna+rj9~rX*9Z9kVmEC#Os}XsGF952+
z==;F;hik}SiaFs&ivg@Ya6|+4J&E&w-+ra+5bj5Is8<eFzrs0lV%b>}rDAlyXG9mG
zcvu9148jbUl}LHf4;K{3AMp(HoeQ}f>=UL6%ngkrs_(2W&Z)JfJuOPc!VOcoa+@}c
zWf8y9Wu-}9H}H)GPgvJ#l@ZPM3V&*RSlJZw<Vj{*+z++|7nTL@cz9*~cY9y!hDQc{
zuJ`3iTHUm`ojP=7Q~X*G!nn^y44=5R<BU8+HNA)*QRTsW@(?j;9Z6_M^n)?0@;Zb0
zMUguWA$JDG=bbgnSf>&-lPK<wmr<n1<e%hc%m~So6*Y7x(7&SS|BR@hL6qO`*61tT
zq9d;&PcN;1awsNX3F}3;<Mzv0fdG+RFpZ6pDq6c(l)%c)8Hw&KV*+~7!bWQ|3#32D
z_n8f7ex{SR+R;rH51{Fv<w@|$`;lmT34A!utSP5Hy$x{`eUG7fI2qO6X1U1xUF`Wd
z)W@6<(VX;zDy((=hr?Xn$x3UB%0l;2n(USYE2JVL;21^p#;%O}V;lF^9O19$z>5~V
zal372pgHZduBme2<(uI+0{R4e*gJocCpzqdw;7*QV?`IvfOer@97J3fIjA!6ZwK11
zTNw7a8jn`BVBblzR1yEbN!9L<()KPOT0H>K%5F<;Bpt&7RaAf2dv8bemYQi&@Pq)1
z)C}Wh$UO&#t?Znc&;gyr`e8eH-w9&7o1me*Iuy-1$6=EoDX!%E;oS1qBvR<Yg%RCE
z0{rwpH^Qtsab{2hv;N|OZf0k5sGgm;$>J}EO+n74HToCHUuIS2E}M_bml*telb7h2
z4QrpNQ2gw(Q^a$JBj|ZxeXzT9FhV+VN&1(FC;f9Lf23Yw;by&=#E)<<e#H2b07G4n
zVl88JWHpW2E6pysZu7j+f>6`pp3xgS_w`*Hu4G50qWBWVw&pL=j<WW0syUab`_{cf
zn^D>cNMaJXY|A$o^CP*OL&x>Ry~bfJWH`EX4R8-fX@Vp9zt#m?SV|HhbRE8SFcv0Q
zw`un;!ol==FqPM>FU1fnVJ7SP%9r`enWDzmJg|2$mg0)=c<JkTwfeneeCLp;eO8)g
zgy8J{!aq;QEo<SxgdBdi4-Vs<lhzLMetA*8M^bI);3NL5O+V26wAq^?cqgN6PK0@H
zqF?E<#*!-7k+z%JxqJ7=G*7_qg7$7_1>V8@@25=yrssR$cQyk+w`=iK|FbirjefWJ
z(a(jWctjZmWn-5<xc(bLq$oKPOp!o0*Yi{7lNq~f`p*){t)VqRBuKbSEQ5%egOrF@
zeCvkUwT)~kuI=C5_2p3Rmco&aa4<-(RYs>bRT?zph;fO%>jW7fVVP5tsGrIla-SNq
zJK5el1~opq7vabAslU9=uk7y%qbPc)lr`~T1_p2@S;qPLO%`K#W4=mjz+E3r9Sm#i
zmYm^=_)B-2-WJyht?^pba>m!#ttFergh*lyqW>Bx7p+H~F9jF6j352;M0SxF8zJ(T
zrMgxz8KN>f&J7O2xpGfk8*UmZaQ_q26Fu=##fPUJ$#rhMYdFAnJ<A(5;CK79R3%PB
zlzGpvkS5b}eXp(`aam^nIISNMFrMFSlm2mTeR#2oMrNa-U{7xDw%KjY`J;Kl*`hw%
z5#gbH@7!P~qN@XAa<k)AtX9P?uLzvhJyqD62%9$am{RkP?_;34w5GXk{cwA)`g3KZ
z^mVYj2dm*nQ#G+4Gy5X?gd+Oao450fd>W4JxKMhsONGRtukQtR{jLOS?)ThGPoQ#+
zEs|yQIuRo)fV??unjs};)E&nWOJ8n^Ald&0T#8_LupwdawTU(Xh7@s*8C=r@&XlJj
zsc%JJX&n(Mq5u3$UllSlolAi7d>a4v)%F#Nw!)FLB#^lauXJ`InmOn9h^@%dwQrxW
z!!g6ZyJum0#~hDyKI+;xU`Qg0>(<Jy+|KPsJMX*5#H&toyh$@pR14oJeY?Jt+j;PH
z?Y-I+>h{IVwIO(M9M>(fUGVmb@aR(`N2!wWSN(e=9-9+`Dfgi8Xn%5^73@|6C795H
z2t8PRvqZL!hi%(TeeV5Q!|TbgVKUMu^wYR9S0J!^brkUH9V@*(D@q`$Z!1AMyV<GY
zwBa~=o>vjtS7{*JE$T4Qd0Drss{7)q9b+ZHqf8o%34z;z2fVTp;~AV=ro18UfZ<6p
zR%!U{KA-L16V&e1PsMUgKgK(kU;2Z-R|bf633oP>()nzcsh%bC&$m>UMGo43p3u~x
z0rC_lV=te8E3C+5wsXEs;C!WaP;^VGE(mvPvBY*{YERzs+XMx>S&6DozDbw;@<TH`
zjz1;Yasl}Utx?~61NiIXuTf+-SZ}WGy|sXu<8q2!qXy~GFRF2SFP_p9TEVZ^JY+Cf
zP?H-NKmw-VP~Cq}urBOdm?KMycPD06jALRyP5V3EYZi!?lST<5#K;}#AbnwZD~v3p
zM#cE^sv*`>r-f!Ng!$<kBe6O<1?Gv45{pLdw~622Zxb~PuTqrmA$$UZq{ooNn2QV7
z85nfkN%vtYH6+B=kWn3u#4TMIAs8|Y+EEoq`6HY-1*z~HVW5aHu6mO+G3foDfpm^*
z>>n-CaLxE&FjyH6I4jEc`q$`!9`f{I?nL9cy&Y(>#BR=A6wD+W_ce^8B}8_<tPAiV
za%x_d(eh2Y4|yI3z=|G*W$|HV^KDCgs(<<QOzrR|IALvBY9fzvYmt48+*oR}h}yYY
zpm}K0P<KA!4ocLbqa^9OKYw%RM0;;eGliM5#CEVkw2ydO@zt#Dq<d}b)DTZ?$T3(}
zYK=qSN^_<7fd{FY54I(r|9&}49NI(NLxgPe(tQ9;C_;n-v`>%cib_r`KKD1X`<I6i
zkbdS6#`!f31RBe>w9>k}ytnXU2`jfNSI6^?=X~C5{BUCxs4Jm5+*I;-Pqg-Mwa)9y
zSE08T#B$%B$3si0k9Ga^ZSrkSBY!^rX~nF(A4i83Lg$m6;V5~)_~a`@%<!ZZ>LYM|
zPhW|=-A5Ec$Z{ywwh8Vp?G$9Oub~QA>!IF&z4^Jmxv>j%b`dW7a)0Za-v1ms4yf#-
zKvpf*XfpTc3U^Wg^eP6%64SJnIj5=%^BWQe0~m@!y~u8xY4B~@mDxys%XUb3x2FG9
zg(o27|N7*9DmXK8{6T+U!y)3|wIe+E(5@T2Zi-oNkmqYiIfAUQP;4#zILFxu=L!rS
zg}0$o0R%n?d>&sd*7QyLub{z2+y@k1ml6|Cfo#{1Ob1is<GYD)d>B;&%}6}^tYY&=
zABwH`ba~6+?95o@L8wahU`Uhr(Qld9VUncBtYftm2`A=HHF6w<Vc`<y@JC|5djpGe
z<{vnf15v~6wM%=K!5c~e<sU7qT&Y!4j!IeG^k!<d72i&nqzGzcRxL6O8xH8Oq#tbn
z%e`{zkDAa3j0g1asPC<xT}kc)Z|62Qzjl0SDIQOXBufEFh;<1;h>XESwEq3Cz}FU2
z7r??6=VlFk7RcJGhE(fd{Fposs$r(T<>xL*&us$N(!n8|JyD!rDAWA}MGi}BGhK25
z12COE)xlj!a~ww_1=4Sn8To5XdEiyYe4g_yu^a&OnQV9v33z?up_7M(?~v%C916Vx
zjmb@(ZApa3fEZ_0jZy`clo-d6qWc;AsET(`8UsvGjQ16l5)0LEEH4kD{;if&;fJ~S
zK>yc6@9jG8{(R$7V~aWU#_o-u3&Sk^0GYZ4SF-sF1H@QAioI*ej}YW!9rffA=2I5<
zj<fU9BP%Tz!a9AjoNnu~sSU!n_X7sxj&Xv+lMVtv2u){VB3=ytn9Ag}7RZE^p*i{M
z=>3d_qc0-oy)QQG9S01jmv;{>G%lOO5+u=Mn&yYjxvKkXJ%1bA0N*|Q`x=8TEI<lg
z`RN|)9rgbgrxZO5=LS%v(iLAuMU>oNQXYjKO2I+Vsu$bO@zH}4T`|8EO60f*#!Prn
z#7?2N2-n#onlwG82JtgXE@kgPYka%PvF}B#>#bRJA;aa&*%<InKO2ETiKZ9VXB@X5
zI9S>~XHHM)p#n*Qk3)nkQ3U5JL-e%L0|zFaEw!A9HU<shsN)cfG@}7?44SI2XLEY2
z<ju_Q6eG)d1gE*i9<3r{I2xOd?Iu>L2s9c_%MGnAo=>%}Ah&2U=a0`HZ)=l<^=T<W
zG!ykAZ&~m?H!glvnq7+KC9LWR88po|Pz0D0VrYqWtORx86TQoR?GR$C?30M}rPr*E
zDSTH?l=AX14f{C-q4l+u`|WN&D7?GypKS7<)*t>loI9BV+8WZK98|Q!djbwRhh%z#
zSdwdbDl2c4`I2R~^QM{4j0cMLS2*1f5qmk_9Q7iM8vXm~zu^zZuC=YOr5x`pne!<?
zU7s=LePA#alcfZRfdcXA%wtS%%hpthT=v?GfAwvk|8mY?^f&qBV2keI`1_FyI-Xgg
z0g=SLRyhCi0)Td&#^4t1U9vEY`7uNIv8jmjkE64shZhx(K|aPXS1o5AO8>Ax8NC|Z
zj~`cLltTC6O(7vNj<E8btbY>HkiK%sM1nP;B6OGNP4N4Mq#l2_Epl~@c(7tF|MQ9g
z-4nk~vOjfYsp-P(O7H3-dz&;LoDT`Ez8wD?p4wEHN$KhCjbCPkAL#ywh4hNtY*tMl
z^}JLSvKu)-9Uow3(V<L2F7JbdAYkGBYNEuEc7PY!{Hcv4DNMG1NTX+(XQtNHnAovF
zGd(^ygt@)55uA9dbEIo#3)iUv$NZLgW+t(i`r>GidhLMirW>5P;LqHBe^+2s${8BU
zw+^(^j|!fx%RSt|3b7TiV}v#tVIvPK^Ds(rEh;$VuGc4sz|@{%{l}^O2zTkbtAS`0
z;u|+;#4YNgcr``!YM8tgY>t;W(`)HR_dFQp_U?#?DD0G?pK%b#=7}dnE_hsMFhRcr
zVuTmZ;4Zo*&`OU4ArfQ2_A!p^;`SdLS$-nqiukWOL(Z=8$*(lE60~Q9o}ZF~8^```
zglxKx-%Kh-WjJH))EIy>j*`U8KC0!3DZYWH-tlwB%6T(X@MyJ>aDQN>a6m+g@4f~H
zboa+=hWXG7SG9cWHVuP9)?L5+{XUc4doaasa`BLZgCb;o%NZRl|6A(*Mb#=)T`M$N
z%Q9MvrISpcv%)POEp?k~=joHDIO5u7hQ+8*p_WFufh4jUH~<mPwny+_y%oOwmJy?d
z175@N!4CDK_G3LH1|lCHL*k~xi=ti=BhE2p2vlNLb50HM!*(@~?T)S$<yMt*rrQ{#
zt(Vu1I$5`!ou6Ge75aRrZ~CI%vTCt&vUOzj!_q5?A<+TL-H3VO^z_j^tejep4+b{j
zlP^wf(u{%$F@{_S2RXj>KUTd>>KE{7f<@u_Eg^D3&>Ia~m=qxa0S2h*|E?W+!10;V
z_Lfx#IxASCz&Lm_`(YS&b94A?gPO<P@uk@Z;Bip2E^=X6yh!yU7012gDq(mT2VNP+
z&2;e(q)5zF6bTX12~1n2;`6It4@i*r*+FzyGN?`54NEkbRkmn+HBe!wmeZcp8k$-o
z;h+O@Xn%)!o$y8d)3KoanNg{|YS%#54|}t#<~U@jsFcXxnHSatlP3}g$q-wUQPywH
z23(gjO^phft|7KwOLvfQ_Vgqwt%MIN3D=qBu1SpA|Mv-0yn|$))hvc{-vobe3_o@a
zBet$GRLpUYB}R&c^l~kITDCjSc>AYxcOK;zcL1JFv-xgj*M`0;t(MQKmCgS2@V)TH
z6AsDlw7s?ilu5YUDu68vJ~D4UDA-K<8hzt?*u;5J8#UC}N80XQH*E&)Zq!HmKD)j;
z@MkVG>aWgiYg5&pcHM2)(ll+~(9*-2Aw)y7eGuF7JKpd2Fnx8iN9wN=Gw#)<=e|+1
zWFfXXB9F&{A3F(5MOAHv8_n*@63AL=f`+({7^RU|rLf_S%u@kULS);Ay9mkG%>Oyh
zKZftJxF(Y#!Qo55PQg)%t@#`qK*IL<X4)?!pf2p?f|?GU4%MA4TxRj}UGbH*>2yE6
z11+WN*sVM^REyG>Pqr_?K9s$2&+4Ym7mSf2euj(V)f|nQ6$h@t4^;^QhG9m}#-pz8
zk3V+hO>6COf^UAqpyE&4O7!hBF;Dw*y{)%h;e!2My7bGcsXXOi_(g!!yEE}WILuE=
zUBfuE?uJcCYB+z-q?969=1ppB=>2SZ?b!jV!DNgmka+}q*CIe4j+MlDjqOZ}ki_N;
z!FXaR1Lqd~XH&NSQ=Gi+$&H7an;ScSop~BTu_6|%F!C2&=Pa<dD+Ea^bgz=Vc`D}>
zP=859m`vQ9(T{7HGi|LQv@#&*et4<*LFV~cH^vhT5r5*`Sn@9YW1d>SRs&%IM-;0m
zG_HOP=C~)HUH9nDY|2;e>UzW6yGT%II0thU>ok>qq~H2%-D5&P>shs`BeKbb!v18q
zSS*=sH~KZP_2>)%V4bUf;QN*BV+#C}6CWR+_>0Z-oY;F_r88#YX82?uPzpG`0rXxn
z5x<4+#6*t2?TEjRX!nD!IG#86N@Y9U)CjC1lOl+D(X5NKNGPknU0Qd_o}}@~kpRGX
zzkenk=RZZ^I1?DlA>RNoQeA_a0}2yHQrHu-xnn3>Vkx^vAX+=A4^^G#w@&SJg?*bJ
z`80nm&RE<!W%DZ#<gTnwBt(KOaj&TF4G76k{pG27qOGu6_r}_ZZ!tiTuW}Na+84uX
zj0wiydt1%j3OkOh`TmI2n^rZC&EBtUAJMv{xYa_L*JJs5_3lZXAmiMD2~1I!@$!B|
z>T(%_DuYwRLr|}iSM$DT{%oANc~hDqaZ?rYN@Z_xnv5J?&7}K)YsUDbtoTN6$v(Tr
zbtIy-Zv(7AVhvITh?0^J`Ro6#N#DbF_csJIAR3y?wsk~-F%sKRax59t2w3u}Pj9D&
zkQ*GL847V;vu5g&QuyxD5-~G#q0d<{CYO0l9;!USM|4GcAes!&B;ci%lf)entZDtm
zwy5_`u*T1ELvI74%bo#BW9()1WiJUbadY^hTl+#IXO{eN8Rv9Qv*>T5UcH0@Qx9Xp
zwOSns^9ns%Z4&OrhekQp^v7xIwK+__OXgol&GT#H0_$5!*8Jax?6By}czYgC-sC&r
z`P7b4bIuT9qx|vUTUuP4dq7o|(bJvo>cV~d@WsWy_P5eSBelE<d1o04z9^~sh6M+w
z<-PH5LWC6IondC_+|kb<e_($2mJ6i_J$3<E`9F+M2qY%j(ocjew9$`)yI4t7;1=~z
zz3QRr8hi|0vBD<#m!-N5&Pb48Jmyhn!7X8T-g0t4g$1j-G0s6ars6lOB+R=f*%}MP
z)-tDMQ8~0SDla^~Hf%{?o(X~x(pn8lzN9o4SJa1AbWvp^ml7egp`@|3)Mv5@7G0@~
z(;G8RJ@djZ{P+=pUG!t8M%VUwRW3|k-Ob;O1KG=!BgY!{Ee88*dmD^}Zhg3ODz;dz
zh?zBb6S&AO6m(#+1Op_jf-fD$va!=yRQV535AS4v8-Vv8<*$%yhY3pY3Dl4x->S6Q
z$(okE$#5@#h{t=tScv)l$0T0rBO|1owv1?v>P;1c39UrS*hl4o&Cljet_-Lj6{*{t
z+u6=el<6Zh)hULs({B|h<W9heKUUa%2-&|K<l%L41Cn0A`g$<4v(P?w`Kff(f!00S
zed^`c21oGTr?#wE`8@9kk#7#Yp6Q_wB*;>1ZevKjK8}0)QNkb~vFP>=u}Gd%Tj}Ic
z(@q3EEp+FM7+=Pa-fP=0O`iU3Wv%Pewn<G>l^kjjm(n=N=m}HBgBduV2`*c?RgHAi
za(GGZSNxLxTi^6mNNpgf`AcI~*wYZ7uC<<`4=JJ();S5O&DdXTM76wP%~{=Y@s%V)
zd>-vG!j_3&EU&U*wf5CKMDHb<|Flv_@$vC<(A$Yg19~W2n+f=EjQL$RB%<}q^zi3a
zmj6`L_$QJd!p#9=A?QJ2q&-RB3F6|w%$MDq#BMD7vX(miZT^z;RdNWq8QwDlX!ZS|
zf7OjaH$AR;#*EdfiU5S~JZ83?N{>ZsnXJ8fU>HZ{Xo*sFbh%8+@u^XyY#=EX=Gnw^
z!c2YrB7Vb`n61JiNnadmi?<0fcmn#ppaK+shjbK$X;j{Zr9L4cZsMuUB9llmzeW(-
zr7G|5oQ1!;?2Y~{kUe@co-PBw%^UTu<WM-84a!V@#NHIN7gkJ!oE~B*?<aIQ@4XOD
zKw^M<QOZDiT(Hc?7<w7GBSd}1>;P8pE&V6lezv!}OUDLrRXAZ|w`$o?fpoz)&JF(Q
ztPqqyCU{R>o{|Of8n2D}4~lFgrF9E_Ju3sJYkdNX=d??(h0&Mk$z~C_>pA|pbuD*&
zWmNVu8jU3N2an#doKDid0z>raZ6M$kwjZ(iUxR#?W2RbOh1uk!a)cv<E$UyM|C7O5
zu&3AZ`y1J)+02QIVw&mc=jvI#X_B(C*QV)=m4+5i-2!5Mh^9x?jO;5Dct3XI^)YA~
zqEUfsXJCZvb<g2<7^>)WI|Vs?7-MMcL#URD>+$w5qA=XpnMx9a@qOxBx&gGL$j*rl
z$pqQzyU2EEL-4P-2EY>6z!@XD<Tou=+c9ZHX_dc7y;=z#54US18BI0nk7mO9^L#-c
zKCW_eoQdmG>ar3vPB$C4<9)giC(#j%Iutx@XXctea=iautTPz(S5QbI*d(H*zPUqm
z=Zf_88?9!anfKQhkHT)!USC%oW-=F&4i5JhgUV%Rugd)T&f=@H(g}}>i`|10R5a?M
zzhXBEU*grTo?_Bhx{KsGu?4gzCuEMNm&?<KnYUhfk`Hb0lxNC#x3Fyrw*<_*_=TyB
zd#t!e2b-LXhx+jTi{Sk2(;J@COt54w4A)$Z=B47Xb-Yu=k(~tHe)^p}!~#8;scYjE
zxt==bw_ESLEidg>CPS8>pK-P(dL3qZ`>tU*n>&`BN`x*XVzIvES9(oU0Z|P|6+xvo
zM_~S>v1>jo(hD5eh_abtsDmofVmEg>?W*xWR}X7lT$Qs}&!8sV%6RH_nwy!-yE03T
z-R5o*orl=I8s#c;L1pZbPB<maM6(*gOXl03NFo>+0(Ssmw77jN!f{s4rT+S>f{xaA
zeL#{c`8k9CTak@oNF~L6Yj+a5>&3*gX|*~mEjUbUS=E0Km`akdoQa%NQ^k<tyLk!1
zW$2SFcW$2q256IHF8CyniiUde{QTzPxp4DA)f^n0J^urT9Ne@qF7<<HmqPG0{KXRt
z)X|7}A?kXSmivvjo8L|7^e~E4Rh<KZqDgPf`hvM$c7CKJ@rdB|Vz|T^!K?R-CZ?wC
z8!ihMJ74iDoGGnKh*~axn!_r?hG{QPWiEG_Th!;u&Lvu|aZ2&Xsx3!scW8R1Vl`T9
zUj+H_T&-Tcy#M?6Gt~W!>uZ`f22>{}f6unJx54e5VmCJ_Wi2lfj>!<MU9T{nc<nNw
zr}7^egn0PA_VqG0I=<(?H8&%8o?FKiutDvb6f&9*ZgC5>yuALU=CLkrJCa-u9r^_N
z95s?unAPQ!*wAg-%$;qY?Czl6%#c=BHA!6g#7*e$pG{Y*gVzJh*fD>JN8I}&33@gb
zEaIQ^qb~`Axa6ABo7&>HCkrPu)BVncHW7%Ka;j5f%GXx(x)@&MwS$dmU$WLp+_E*_
zIZqmP1+<q`0b+jGynUYI(MUx`)$PuACK}RDH7ve!Ru~NVs}F+xJoBz~VV$3bhQ=j0
zI7Rn|x4W;|n8lwh5{U_;pERmd8Of#neU3NS0u;XcmI6wKJnViXUShS^Nd9DG!fwT_
z7&;UN;MNd1_dcdTrI{E>_)nV@p>fu)sO<|O5q0>Js9w}by7|KH8o72=@9Btn3t*E6
zGQTS0e4|DEIhp)D)d{+<B~JIk!SBp1oQBepy*{17p!ukjE%NlV&bXlKJ6@MCNK!wO
z&@}MAq42v>^-_NU*Fg7|J1rNF`uqDot^Dd3m_zZ-UW{eV&rEiK+woo>DA3LyAJ-N^
z&0oH>@1XV>gN{oi{<H)iQ>qT!g+Y2vIH;?Ux%n^VSBRF=dCQJJw|38K_j1hxLTRs;
zWC9NN$o`l4rq{o=!fqX@DgpCtZ}VAoGeXKfPTDd?(lPSMBsp@J7(H*`RJJu9pTTl=
z@f(ASM+?g(q#%hU2u|;a&Rv<!nzZ(BUmq^!W3_tCVEf&s0dzcADL3+2Bc579b~vf#
zMKub%waiRL=n(BX@zm@HoY$6L3o*hJM{ls=$Uk1G#p1=#SLq{oQ1g9Gq9tm4`7ibt
zyHyNuM8=GP1Wahziubm03Xvi2ZF@!@%DX(m0cnb@v{oeV;U)e`51g2I?$f_MqNxqm
zWmhurn(XW7({oo9nMv`M&Mop)Ec^c8@I5=fc@kYjp<GLbtaq`MmuB7<58)2{=XfUk
z<YJ{)^^*e>O4kTYoXJ0H;(x_cMDatu=VuV^3P-g5-ns`fC_KGx+Ogy!?^*!o7N)}_
z&N~$#WK=Kv<vf@bunrWu5tplRk6O<<8KJBicY<6Z-gg<ie|EU0vM4j<6$ZG)D2;t~
z^n>A0TDtkXMDQUj;fJ;de$gOrtC5%W>yAZP!d~lJ$v^QNw*JDP>(hyf%1VbY<wAu4
zB*n}XTag0pJM+);1Ht~7kQ`=~w<RSylvLTZ*ixy;Q$q7CLFe{=x5FUlO2)|J@OJy=
zbl1sTAnmR2?t~Nc9$%S$SymtH^POIB<LsbhlM?(9J;&z_5-ndFeiAvkZD*!Vi!x|%
z)&G*H^Y->_Q|rHS4-Sr#-7hV#(9oJDNDKzTRiGojh=LdgjQ^ONua;cC?_Tt~mzoqe
zK$Slvu_==hgzMb<4rTz3mjAftH5$ozMFFVr|3d+ATi{uAP=$1L)k?(&izrZm%QT&H
z$w0Ah2>=JEdEUwJLn4QCZNjkkJE!|~+mO1>l!fWXjXIOpH5c0brBOYNcC|x*;c_HA
zATpSIfU0Tii)_a3dOZF6HeeQc8qB6wiHV|4=y_LJPO(32NW756EOP?@AOEo^hT@B<
zN6OvtjSE(j??XMA5v!af&CxUw<{ErCmrWw<;`R-OL-|Gx_WFhwhrh2#XEmM(CNsQO
z|1SRp^T~Y`$xn{|n*7D|lb|SC)WFW(uavUM<DLBA<9#(jkHr!4)U-~0bMJgqkke3f
z%k`ptwHKa68#g}6j6mXInKqj`RayT;O`T)DyX6$?!w_q8z(|<)+y(Xa4(%?u6bJ~I
zkdHv^?g?3$56U~ZeZu(y;%=B26AYO{Eo1hLlRQYJK3z0#k+!KIY}{Kvw8TcVhKJt@
zxcp_`d@$?0x8f)fvcLlWhLtLK`mOu4^A_!*0{EnstC3Z7064(EHu--Ddkd(lzHSe6
zgEUA;3P^W{fOLa&BPk^<t+b?oNJ>aINC`-%bV?k$kq$+=`z^fp8~1zfe*gQ%;EaK1
zpS_QJvDTV%{$lRQTPhH^y}iES%Z84zIOn8`wlp+<IyrIi^>O!3ria!C_BKv2Lwc_N
zWaM;Or$ccrck_#js|7<>A=$2K&p|KB{rz*z3TQl6RX;~{hKh(2k<%2-*vg6UhMPnY
z`kjl~8XK$Oy_&Kp!9dD*F|GP6z`^@SKgJSjp2$O38bAsraJxUD6YyvR{<FkN4m~+g
zIR4jLlKyBv)5ASAcy;h_GpyusiN&}Ot>SnW%No@S3!Q}KeT{-q%W+}}H~DOHZ4wkM
z6F_%=pF|+=?yD&J{R1ZsULj@OH@K?s=Gkv174Jv!S!W!-X01JiUY4?NdHQWKoYco&
zB~qbeR~$7EO=$1)QMW5Dn^t}d+76xg-W}%)uZej6;b%vK^_xU_w=wK}S=?+xT$Jpe
zLO}?xX>fF2lict6T>5?+!4u2vS1ng0BG)&T9Qx$?VQJ}Ue`B=hZI|q?8IQf&Yq#^I
z9F_9d6%Qbvt9;l&Lp3t^TU*KG?^l8inP85oYIW>BgL8CqOYmui88vrpbz(rqwqAsL
zH@{Ut=QGjHlfj3jrDdRtmG6g)+ry||yxA^c7T2dycfCJOEL$$AQ;WADzsgFN_wAfu
zjjs}tUq9a5Bs^bM5$SZI3Vn5maBvQ%3<E3}FXbZHYw49Wp|JUaO;}l}gJWupymOP!
zE-Wh6(gR)<tZo;tgwOUue=?*FS@t-ccge+}$)giS8^Q^c*1(+DDrlVlG^@NTv!;u~
z6vTnBZ%ksVWWfZk!=js#2|pvWOAMXu(-v+#j&3_w?gPNf;$hQ~qUs!lJ(;^yEJ<`h
zBF<ftPEu2TeQMP?9sHc3@(cpMoS{0a`=l-#r=V(L7;q_K^$*rruLmv;qtpgR2{f5s
zAK1<wo$DAqL+!DD^mzxNdtsfOOp6LisAamsK-KbFzPa9<7k#v7pWU!pGuO@}6eK;I
z($C$uc!H-w=vF&L1EB`E*r=%y2<EyN=HWF4_pa?H-tg6~icyPe`9(d)X$i90;5~Zp
zEfkNiri&oomxf@RmYoQBySul7m@Ig|oQ{xUefLN5&u7^05^r4;dZ7EDU)Rte!$8`B
z<#P>JT3R|L`oe~8e`3n8uKs%$xu}P~sP`fK?18oSMZ<%;qvf7wLh`xfS3@wLFwvV6
z^GjIET|au$)zM<!owuuxzmfMo=gVsc`tD<w`}EHnd|6#%W5`THK*lv}FDpa0v!8F_
zd?!N$xs?f_#eE{OaK_yGc#}Poj0Y6t5>`kcTjO<!0<d~YeUH8fUQkZrwU@iQ-xw|n
zFnKAnm-{9vqPFVPKvmK@JZZGyIA+kt3%lb%&yf<h9HmVL<{m8Y^z-X0UvG9p)ajXp
zjL+|~91-qr$rn42TW%$FVKZM`GWGXl7QYgL^TLT9sOq<WwHf)$44GMXYoAIN-yxu(
zx0)%IJ^`s3@kjYN+m~tO9%A*deD1x^C#mR<2#J_+{J!k`5RpU^)bA|ci(Ye=cP1=h
zJP$M75&cyuj(w;e=HVOC^R&N``2BW9t@#j(y(YZV<q#o}qM@Jwt@hozvtyiJyogsP
z?or&MXnGtS<spz|<0Y3f8oVSRc*Gk*LNI6ZbFr-9`?qQGJ0F++sL(=>)4RFGME$3h
z!XnMSkX=#GCJ4nc^cKTExx+{LbV;9>-vzoj&7eiOG2d*y-6Qy{So5`qCWd}EQYk0T
z3~C5{Y+&&6i*L=VikxBx1nOitQu@UCriSM3Iv-4sqa`LAws&+qz{HFi<yUz49{|J7
zoVaUd73hnepM^H0*P)suNyLc+YSf74$5;aNh9Fy}hv4XLnhypYOr-KU`d_f#BWTo2
zPwwA|*SesWN}2Q@k|Vsd5F#=#hF3Mm6t{b5sRdcoK!f;x^@k4g?=-(%s$lz>J_58@
z8?)(z=lZuam$TZTsxZbqRHQ$O8+E52?{0s;yg^tpMPwDrZyMcQ`5CHRvt_=YDpr~N
zel+R5wIFJKMril6IDAhJ>T6kD+i~Da=1vr_*LK4Nl`H#|S4MWTlbe?$d^E+gT!N$9
zg5+ZF_a45~Lp0&~e;Q0m2JF!yFseVi%kAhaHNuQ6n#%|9n?)fj!-14gH58|hpdG{f
zPbl+sG}RrbM$yq)kHWSw;E4Q&a6-DfEjBql2!ej#y&nacCQ<9s3dl5tw^HBal!Oyx
zCQ%NY;UXAsEXI@A=?MzZFKnfp7&|)Ar{#kax(UqZj4kKd5R6l+Aw%I-ogzf5(rXeo
za+CSDn(B~+yjYAc0t`j#g+E#`A^<FOE97}v{2AF}4NCg|RI2@P%c~K#F;vck{UF;z
z7iFvBzljg~5c>9D>ho-OA*mc+eY#XFtv^}Van0+&Ss$fmt{5+E9{ex@)R?_>I*zyy
z>%`Dij%&s`=h}1A)=BS*vSiyji_933iI3tE>F!KxF@7qP2)3U{{&74C!k{W{xPo%o
ztQwh2-jGZKOw;MQ5dR?7<01P@$vv4lD}X5`EgxJi9b6W9M%Jhy3jn5J$le%mWgXqZ
z3<-g%DUz!C)Vg!+Yl|W>FHXncRli<3%y%)+0x<JYgcz&7)<wJAz*P)UWzZ;$-JCOb
zw2PWCrgYjBoqKabnn1WeZPgj%(HTYa`U?scsL_2VG)R9?-=rwKkldh}G_BUfF4FCu
zd=7s|kQX`Uk#XIFCH@p0+;*i#e;fV6A`C2q@B<##K`!Iso!f^ye0y&x4yt-tAzMns
z?ReyWy750?B7D3D5Wy^PkD-Mo{<4AN7Ib4W;Q%|BS4M5+snXVg)9JUGm>tP7Qb29B
z!yq~1FvZ}6v%;*f`zGyzup|zc3XA9W$Tpx$op<Vr!j$UoD8+<)f8ZOc@7GOzdQS5V
zSILyQo$2@^YutnaM3AhI<3c-PZDBW>jl2?5qJ1Tu*j9y8bj_b!|NS#XG~@Y4^`5Wg
z?K3F=0+8k5vJsTe7|Wkugy9$3&1VRn)TK8I^q0YpH^dM*({So$1|o`U2F|xfy|~AX
zasC4u_$oy6;>Bm^4Je-N)Cx+L0V?tZacSwA_g<4=q9a*c+JM%oCsjP;kJ&*C-s5<d
z!3gR8w6T3QG5QoOjXQEAKClWR9mEE!pWPQJv+ka*-d9dYVzme=0_eJeagWjDDzhD-
zj!n6_h7=2$mU%<!W4U^KYzaZ0ccG_wD$<oh4`|?eE#m}U7E-;Z_^p!1#pE;Hw28-m
zdgdbgHB5p#`?+E4tgB6<Z(8Hb72nb9*|WCNw}ecoZc5muy{vQY?-3{v3I79<*JXB(
zwrN4L^IpTxOg&&jN>Bc!1pr$Ynpiz)>o-oQD}el6rO2DD1*>H-(8@*!eYjbd91q<G
zg9N}n8Wbv!4Jqdq7ZYSl3o+ZtQl52*9$b&)&-%J1+BE8@MM6T)ikhm`7=aX)5^3i(
zoP#;vRk>`>jK_Edj}5Dpc9sNuG>qYGle&U<KmmCY>(~BxHD=8cEgYJ=&Y4hkFL{3-
z5<!_sTOnMov$qH%Rxq51ke)w!PRW7q#Gi^dqx1a);-mk_RkukLT{F``>}+LY@EjiP
z2$>Vr=n>RNCBkSCJn(i!hy_3JI`^G{;G&Tzbx{UZMVN-fH~S3R&rSeY;GzAoq8I10
zmWZr%LkxE0Os;Y?u@cty8d_SY8dDpwKpzLkj~}GG5J7@({Aq5&ReOdNCX<~m-mHqT
zV9a~IIKPezF$y!a*FCkg7am18`gzVqvp;-yO}SBB_DmDFTJ{U4?MHbtt>Mo1Db9Yq
zr=sqR962}f$pbphYUw?b_^T&hdI-j1VASJ>l~m7fLvd|a9(S3dJfW*9uAb|;qT=g&
zm@Adj*sJ&}%?h5k0Vky3QGFhXN;H(aMD-s?ZDTboIHEa~*5AsYX)OyY#Pb<jCfpxP
z%)~hfSQRq3bG>TJ`Jer@R$fl;qO?mWAYr1!IeGL}ka!R)Y^ecY@AX`&lNBk@N(}(E
z4nEqw8-;7|Q}R^pW4U%hi?4rZIXC<7(j<1C2HqO>g^|S9+zkxW1C;Sy6L0)pqQdn-
zJy!+LDC(LbAF@}iYcueo2LKGDIc~>5;uCog0qMHPOOzG<oU_!-u~e}}PXAt!zGTm=
zx3pQ`=*yQBjNe9Sz1boE;rpZ&_l*#~h-+tQ7<1mRlCyf=@v_>HYcz#T;QUGi;Xf^7
zO}aaI)K;lODj<}}DwhU(EKtr^V~C)&g21j0&*99nxJmEq?XO+(;0Y3+rv({e<|q-6
z3wq-D)iBJ_$zmkOLE{2vV}}j{ZyA{Gh-72djOrh$?uNY!U<hhw`x&tHo5jBx-)#gj
zbXX)sS3OJ`72uZ2F7P>}J%}R<iRS?!6c{Cl?@dZyF^^lwv90;Q)+tz%7U(O|6c`Ry
zFR!JJiSj1R5Y$B9PmZr^f9a8%jQbwtVSP79ttqFM+BSYtK4x^&%*H#XQitgl=l&%5
zOl};$9x-+PpZ?+n-vQqRI*qyVBCFa)fs7_N^C=R?E6~lsZ72lnRkLrDF%%ok3*no-
z`?j`Lk=O~)3t-r8r5%Coc|Hil@gI1mtYSMO<29WX2o%K-NJl3+;18n^C`MA_8jhYl
zLRkX0EJfv?wq=HIBE0VB$rIXlvXYUeZWrrJSj}V?rN_SJv$#%WSYPjYy0-ZU?Vzr{
z0b5w6aMX|Dw*nB8ZPhi%Us>dgM@S4}R>#N5l+1R2_Doa957Aee6-h6^a#ncu5^-s8
zM;P$>`TvR6x1ok$?4?JDOa67xxK4*6l$;1@0{xI+OQ<rq!JZfUGUnp2I^5+P7XyRE
ziFa4*rF+;S0<z#O2Tg*isIttlZ^1t=lz_D8@44U_06c4~xC5$MfR+RyWG4O<7YTS`
z>5p%5n8U97^(pjb;)JIpth8rL`|28x+b26c9|fKwc(S5?{qv)7%fjJMnr{NlYjK13
zS8`xT-S=iZVP&k8DlJxVA^bE8I)dy+`WhN1QExC_He1{sb}n;1Q80g^Q0V&IAz~(D
zVlX`A6$V+bNY~mWD&17<a2b6T`|4s~kOh`{igq?xFYAgsu3y03JvBq~zc+N1N?HCx
zm5-26OI`cS1y3aIrY^i{EG<N>n$)4146jObmZ>u@zL$yxG&*l08i%uMR@S3Y*)KN_
zqIMs9&ziI@&e9*$M#_1QiUh07_8j!hIeE_u1h-U0F0<R^oY!fEfL|>RoQg4htx39!
z^m_K4wuwYM1c!WT-(mP}CwAVSZyf@6x0T)o^x;jUTv^g~(o=Q!nxNyM3-IOs?R7n%
z-{OG9T^>Rv9oS2muP`=2(u2j>;H;Vp|IHhYK^p$YI};UbQ#?K6-nFF<tk}N>8Y?#S
zcWdxc%Ja{@xn@53g7B5A>Or0~X|SX0I~ot>vtKp8?zImB3azti70DF8Lx+=R>6Q(o
zGP(|zN`7Y$u7r&LtbfE+##2jmvJ=3$ZqB9lH<Ru>q|>^6bRum}NnZ;M#Qm3$`G0So
z)~5w|_hb49-)}Y!(wxgtouje_o(wbz6HH^Pz9=9|JcgYQ=NZWs+as3A4!8?fy=V8@
z-1mU70B1pj?;DbR-2`AMP+A^idmyqizB&emc#=O<MUYNi@r$vqg=osFs2#4Q%2LLA
zr-5k0!*eg#Qy{7DO8D+_f3YcQi>lw+_g`=qj&<)b&^wd_Up<Ydh%N>MRd0cA$^~&r
zo)gYp6If4U!F`0vn0rUCzQUO9B>ccNhw)3%8(qvF<b^<GYNZ{^VV7|G=W)|(|8HXh
z1SqQ^Cr0jbp>!OZIeS5%2%&p#HmrOEtw)-|JErJG;z%t-GZku|Zn@~NY2GAYE%<3Z
z0r-t))U^k;)c0up0paTV!D*W~c>+>JkN>Sq$*_oYUe9<6=blCj*)hTuyzNXvsFKbE
z*)o?b8RF6*+vO(jh-g28aZeq(!&^-6lA5Jz)5k^+hk$sNwE0g;PXchcR5$=*!NAf{
zy0tguCz#il0}mJmIHn|w>@`#dWb}IF;bjv9O%wdXoV(!vJsEOauY|$6XMrO2xp9_2
zuCL`;RV2}y0O$<|+_M@_8Y(EN=#gI@P3An|Ap&J^TL(eUPvWCJ4455y9+2J&FM8$x
zdDbFuy$JeOi(Q1-+%lvjY|NXx1;OlSM$F`lZG`<*Q&}4ZW6%2~bu#m!`9LaM%&o^k
z_ra5+erU}oAt_g>L@j?dkYsW_!M<r}I?omx*j%V<Q@xnr+*5_<;hs}E{BLT0Y(OpI
zUS46j`C<m1BZ(OzpYtm!Q42?bAI59lKV(B91mI0eP;=o!;F}oX+>j{l4(4M*Z`Rh`
zm$&ZRUN&zc*6UX2dh`;LZFzl(s+m})wcj7nn};K+3~A%Q)EJW;X=4;jIQ`cCHtAEr
zkF?<P7O=dhE4J~7_gkXP>n$ReEd7>9@D0Z>2f*Yacl0;1$ZB9y11a2O&uK=x>n|Y3
zk^s_6sL~Q5!;kY*Uo+x_V>m+;8kq(dyn5M77<+F*uQ<FHc+@i@K}h#&%9*n+jci>d
ziRI^}rmS#YMXdT%pTykn)Q(Xr%En!kO6jxSj<|_a;<?s5ZzNvXoUMMG69*aO{iY5m
z;Flm-Gv#)dyVdIUi`db3L*zRal6AJE!UgHQguUDg_AgEJItwVVP;Rv7e^|L2(SPH8
zS7wD2=W9%pUeZn=zx){V<e2?+79cN$k=O<3Cx=Cv12EHYO9V)owUZ87s0qAFxVRq|
zJYA_CeLp3S`|=^lK?774Oiq5LXRRpL(z9tZF*BUya<2wY!?gu`$_QU&=xq=y1A!}0
zKb!F<ORDN-4^OMlMKeNaQSi}yEe3Fj_sWz<DoPuvSVyjph75VJ7(81E>`$ZC44c#j
zJ<JznJCCGdi$;gNU~3{fyf1`=a_`P|Prt0K9JJxcp#&7r2D;J}q&9Ymx;-r};d<}V
z|6bqcf{u^o6F|rb>hla)bB*YLqOtBjh*6VyitO%^7@=5tLJxQjC+7o(`{rZel4%5f
zIN>@}L^Z*g9Eh3sP8LwMZ}5(ASNq!sA{)j6wRTDNyZO)>PUOEHf|&yu+cuI2L{?(-
zp9SO>dgep-76Rf^L5C`W`)BAquFe6<?NcXufo|;)o?kMxZGq`v8V%Z+IyxcCXI;XG
z+dt64$J4?`uy)t94bA%6>;NIon-dNdD6)hM58qFH-G~yE;Vej?P4wgVAM&}#DrwU4
z(^M7loB;q*;o3a7JXZVTWx*Vy_@bV;HYRZ<`i_Y5!{+;;uA!TTiIq)nn;D%aPv~6j
zXM6)Lnwuo}9Iz486xIklCO(S70l9|(!v7{p2Z>b}p|_Fl^6;R)dgd%a*N1r2R!R*>
zew7RfAf<dQLASc(o?n`_c-=?%tAjDWlk9jB3UsGhksC@kPKMUzU^Y$6jC`ri($Yxf
zEqUnh*0t%$+f2j$^c=H+zI2T}nay$HhKDbY6+Q0x6<{p@SIvC7Yw{f1ZxUs^#!3&e
zd2*$A%fB+rf0m`skB#GpERASff1hWmp|(?H)^t)Cb4KE#BCJG(ou24?ok}`;wfLg*
zNZM**BlOVaX10LR02ePz9pBe^{*@T^V1NjZZ*7O><vg2PX~dA~Z#w4wnrkX$Hq#JI
zX?bj^chUO0@ys_|{~!+?`>Mta=kE9>h8|LZl~y1u6}XV=d6DW}iHz60hAXHF=6r=|
z+*^m-l}-MjP}lGKm<SNiWqNhr+az{ynXOWE#OLa8OL8!)ev<;z$#8bHxv^|mclYpY
zrSBKBmN9|fV&J$P_+*BTIDnvcAF~6o9q>*``pVxj0);o%E?A^~qr^i5e!MlT;Hz_n
z-i4Qv<{~bwVzdT6T`lcsKoP5F?+xu1|ACR|JY6Q)&oOvd^XE#A2?>VUFo@d3Lx&w+
z`7Y-9x4Xqi8aaE%4>m!pqeJ$iC$c>ElG<A`kdwt7*GZ^Okc*EaFQ>M=SV`SOAFD6Y
z!(g1boMdSE5KH3w6i#pujs_(=a-Zee`5(vXU>pc0reWBA2eNQhsFEhL9rxw(C>x%F
z4+c=pa_&*Ny9ZYm&o%6YRTk?bV8Jpu_e_o3u)1Q%Kjs;Jj<v>;SNH;jgLyYpZX^bg
zea7>Puet-GXw8qjT8Pg!iWVePn!1l(66e9ID&FGHiaHNz(i|@GnSA=3eTXeM=_0+<
z(Gke9NQoexDrRE2=@rs)Y#CitW7A=5lOag^=g1;cmDwXu_V(-}#fME~tO^y3`&H1n
zKEY#A^G*ltk7L_FO;oY>hAS^;^{;s0D2a=@GwKR5Q5q-=`QG{l<OKPTa~@sL(?L(R
z;nd&~=iuLrdq8Ps<N`f#<CAevl}uIzC)~4Fn5MnGYx;}x1XYue{qAmtcgy_zf~4)k
zOyD7U0HA`$ZeZd_Sffgshl$xKp^Dj(3iOD}Lu9Xjs&U3Q37$g(Ub*zi3l<3Re*N=~
zxW7r(l@>eBbPW?KCuUoU8Yt~=j*_SBZK+vbIb@Fwq)smHL^mviwch?(h|MrcSHKgT
zboi?=4V~LY?^~ptQ@ebPEmgvhzs~pWl&R;xba#2&p?OM^w=UESE$*ukCB3Vhbn_qR
z&b-bHD3au{uK`{f5O#0ATA!$%x6b`*S2KuHIrulrP%`HluHV)0G@w=XB+Vkk%|pek
zG0leSkb|5E1H*id2kfbUs(+LI%^Uyp86^z1OI>9E@eP_3u;5sI<^0@eC;DA@27W&?
z7s6Wu9Lh?eT3JOGVTY$3p}P%jtxQQ4{Q}{GQv?iYGU}STZ26szLawu{>HvAMh~kDD
zoBd&UHMaJzbY7W`+wvb*)S{$K>!Z*E+%ZwKhV1%BMcmL+-moTxTJVJ0E5NVr_DmLr
zO2KEnqf>adOvBqQr&F7!_2N-@U=G4{IYRpt>epSh32UB$7qP0-v59(?Jrva`^eD}L
zXZwFEN!p|@@UZ?zB?RWeBv6hXSA2lx&0<(+;i^vqK^OQu#`h)~C?D4$qy)E-ma4$r
zUk~T!g?nopfN5n!_`CmY-V+SAJ&AIFCNU!9F~*JDa_3yaJp4xDCAR<-aqr^jHVn}{
zEF%VKL>J3QT@_m;T7e$>{=ij{(feT*JK;W&-mlTm1bpILJh5=4sFhv$?y`GV3OHWK
z*_<p+=z7>;R+rM?Mbf+}9z8Am=@J0v1^;{ERhu0s35?l?EQBxG`@Xz9p75IX`Nc(V
zF4*(b6KJx>j~mVSWHz4$6yPK6twvye-f7QhyrI6FSMnf-0r+L*3iL2!_UcPLqX?yx
zee_QIl<Yj`tMf3Sa(jKs*HDf>T=X0OG|obrDss-kwl|*b`<VgcCILo&F^K<cOt$VW
z2!fg#8<`oQ)sVg_=+$9VsAxPbQZ-L74v=2Dph$L8AboZn;jRr*?r4~AL{1BSdpuxg
zVr)$aj>K(X%M6$llyDZXa9X`~vf4TLiq<-!bpW0%v?B^kpehk`THkr=wXYD<^ac(`
zliX;9m4T$DHNEq<J$&i+LqgH_ywQ0yKV50AJc53IbT#w1`Z7-1+V{5Rd?G{d`XhP8
zVr4?XS3Clbk~vgTGI}XrZ7cE0B+D|?633{a!iQG0K*X&(wufnyNWhMoJ&Cee-`jk?
zIV5LS$hjU*rw}?z<-NIW0L+my5%SCMJ=Sz>?(3Uj^C^opRElgv7s?!~=2SW`r>Xbq
zCGX_mA0cG?1uy<v#J-g6{qf(dCS&1hg`g<&qeV21K@}^uCA^m$AjewR*y7pPl2U(W
z07DV3(@w;NG}5vqdp1uuOFy;tQ`joQKob1pk`TlaBu-P*d}s6e;*ya#NO2kHm2#L@
z?j5U7@1mk{vpiX`i(%Qyj3ZiTX@yk~OO+1&+XG1x%NF+PcL{M*Y%+yR=q7YSiN)u(
zmLPr29_yTqL#^2V&C-Zp9A{w5-%|c5lQ(mstK;U~U^DkAaD&+{eZ&Y@`XnwWI92vX
zUa*#jn+D2AH%@)x>nbX!Y-T=`mwps~Cz3FBW9k~%;-X&ro@DAd7zf|~YaCvKk|352
zDjS98aE*R{4?vz0Rh`~bgHjx?(M)@Z#1;d{7l1@>B@_Nz|F_89B&B24bIw;7pg`>W
zKpR61&75wLI$5P%y+$(DgG7ez`r~{j(8L1ilVo<$^|H%{^NXeg6swH}_@5OGwg=ky
z<gA&!XKJeD*K${%O;ReY3~IKotlIfe5?$~r>zfXK#&BeX22IBN?+!-x#s^Jv?Yj_R
zY#s9BD>0kWK?b;>)yy6VJ2B=6n`U;*C|&%Xf#B;NcyS><c`Y=<G_?skkf*M<)hBcU
zkJ%-ffcn?nc;D;K)R2d56!QsD9*jqP|G!9w|Mv5<{m6I!H)Y!(fePh)a^jf!O!f~2
zYOxpAEC!%oq_ZldGAla4h*UoI>lQv{`;%#DkG_LzU+;!9OFzGrG$*mwj)~VTjFBQi
z#2b`V(FtmT%yMA>>r!Jb{DAAI&xr9`nE<sjYJI^JRf1^pchzi1nk*MBSMSIfi5Rkc
zIabHWM)ITHG)9dN%CS{~Ls(J-em@pMLTCv-z5h5MjFXhWjEQ(KqiqV;pI+4N9cPet
z6xXnqj@$0!=q(NgB=j%KjiVVahOH7fek8?eQ6vliOJ1`052enVMn{u$3ri*o<iTlj
zM71&BUT?lQw+B`}l-<Ah_CM^%Gui3z`+u$<S#Bmg6K?!b1Py@aLwaE_DG-5zEjWS_
zBM-rNF@`*C>}8cw-P%uSs}x6|(hh5;6}=ydBrp`g9Hx<C=BSo-VZ8b9(d9-iaEXlf
zwaWVFr$=N-tklJ{M{KVHLr_a<;)Z7*6&f=K*$gpXo&hWAyGexO?I>6hGc30`Sbzt4
z<l9T{xz5?7&yA`&ue)QSdo=xpe!Od%&W@L`dRwm{Fl94W%S+tu^$V;T{I0=?`n5e&
z&Lm}QsU1dFjZiV#&5cbAkf7&08qq2RXpZd=CMtsXII#AB#Qnc5X#d}E%$lwa$*iIR
zt*|L3P$~qE;sv)8i2-ds@Z4^t9%R35a)sa5zq_=%9uvJ&NKPozqq%vxU5B2={qlIw
zA<K6JD~J=yW8^^|CI#q@UXPC+G}!>p@#3%BMLdz4?|0DxyrRWK;!wO)eo{4Qn1$x#
zOn;obDK`|PD^px32=pUgv!CzDNi-&lCDdOd4ytoi4QH$HqX)_MbP-0%v&yWa)x(i^
zUF&5Y+v;=s)Q+*d>yDi7`K7`2sVMqSwK~bLeD?evx-8CPFc2rtg<%@o3&3>8OXu$n
zpYn;u+oXHN;=o0b79Q+7{%KY&h9o!$YWn|Ih^hIn5Yzw2uP-)?6wW<#RVo;Ivzt$w
z*-a2MOYA?27XW@t`Tc$Z`^%t1HW2OClutCgKD(DE{>r$M9yOZ-1swm5_~JF4C!t%W
z4rcC=mOi(hAKD>1D^$687tx4`F5hZ%pTT64zL)1n0WZc^KSax2Q{mS)3c2^zZ_>U!
zvmDe(6%?`vOZ=QhGaG@bSekI=!JwtIiTOb^V?3xmXLZF6i+*zY=y(oIRQAhw-0Y+h
zMJ3ud(u=v*=p7Oy!#R~H4XG~aE^$|BYVsd&5!CqG!xvr64q#c+uXV|QcV>%&_S+IO
ztFz7Rti5ZbW?3(L^@rI{%qXmL@d_{NMahB0m+fy!{GS^+Jk{3(_zD@>DEx49O~_5h
zt8_?+|9da4pTMTb(;BN_2*cEhAL??(z6oo*-##|OkxO_8{K(3%zz;-&-a1*X^=8O@
z7{uz^E<=XTx~1|Oz+}Wz!|*2H+GSUAQ>b<8he^YY<rioG-+$uX#wo?G>A6`+lw`*m
zR!!3X-B$13-Wb!`sb?}WZZiENg<R)(18PivmDY@9*0_jM=yNefcvX2@ra~$;_ongF
zjHFj+y#r^~%rTu!dkA0bc#EC7uj<5j8%GQlncIERem*Py#h?Fp<?=fB&t9bb1}~T@
z#Ed1PWkcspeUb?ca?*{LiI!AtYY}*lt@bs~E^`1J_okP<1VtnZ%{736Dd?Uk{BK_o
z0^z!b(Es?$GAzRMP+RBb^wr?pJzYN$_?6$#uoO2Amw?(VbCy_c5W)~IuL^0)gFt}`
z@|TFx$5?vZFKlW`z-TRAPB|p7Li(V;49}`KY@Qc<hO-XO&(s==dIMYYv!fpTZ}rMM
zvUPG?za(y`i-zJpH%?Tn7Wl(8Wsmd9SvZu<1%6=zA;9UN2ki(B@gQGci6UArH9V|p
z8gRK*oPQ)Xf4t1aV<HhyyeOl5E25Ck2p2@%s5Jhevg&<*yr0BeuSoIvYCdf<y<uTZ
zY8L#JvRHIUveqwP-*GjIy6Rps869bDJLn~m5S(7?G8`Nd9K;4Ddi-}Gy*EC%oi38G
z4WCRTa?wO%cNj9JB0x6yqzMNPCisa#M5XpEKioU~sm|5HkKRFsJ|j~5s91buC^5dm
zy@!maNuUb^`Ty^N{r)|k0)kb7r>P(oRJ_lsc&`DT&q8E?neE#a^>c>x&F`rLivhLR
zoq>2?C<T>)_GdW%aG{ax-XDTX!fPS}i+U!dwl}vDCq^}p5CbFBV;G{<4`$qZO&gv?
zI+yf}xQ`MkqM^W_=&7#w$l`}!R+ss90m%!?i-2#_+x%zpz63>uegpA-LFvV*{O{F|
zaA?xKR6MU>iXYcAb<It+jm%G^a;UvU{`mJNr@AH6+Ly62Ukced&jv(O5aUnC7sbqI
zTvztk2GzzLEjxW8XfNqU#o%XJta+ob3(t3oEk(h$H^|(@<Q)~MyBQk)J$Ef-7$v}6
z;Qt<&E{s;^d)_vIlb#(jf)#jcJG!xvBH%!IJ;J>znPBq7L8iD2!i)7??@SrN2fkeJ
zb_Xyu26lt47+F98H=V6}bVpWvmy6n}&J8K_{T-9{HkA_bp6b1EzSWODzOa1kcH*TI
zS^QJ%(lV)}1?hDV^HT1IS{waLiyGhGiaW3^@l&%68n#mTl1Xew#F#ozReb4Ov1bdF
zT1G6M|7@%6d*qXWf?u()AvLj?X7RCcj%5C&(aP!Nqbb7t?68=lX5903)MFhoLbjV!
zZAu)e9IC2sq)r4P<ZCr+8$knmi|U(I5-`evv681DriMr;5@MyW-pn*Zm(oA-{YQY!
z4|^ep@(6+O|4tK2t{Yog2<_lJJzaHmAc4~?r_RTxMB|evG6SEgpg$RlGQes6<nnFR
zR#7qZRr?lBEDWd?ZUj6*vx|&HWx(~iysy5i>KUEOdAkRT0?(ABfaIjaHSq}if;J#f
zpA+7Ly<pRqKtpmkIaH`pFOxY!C>zp|9tNr0WEw&ZulKJO*z0;tMFBEG97A|h?%*Hd
zEQGc)Y^JPA=xPf7df~%9%c<`h`?&Ks%6682D{WkP__}FK)aUC;ekJBO`T{5J8P$k8
z9mcciB!hio%A(cAtC<_Lo*D&%8S-y-NWexi8pI2dg+}e_&oX4_fE0i<gVIE~JS+SH
zX8KxM2i=>@((h5HOUV63=H&4<!gt#@&;hH)xvk}-Wtl1CuI%pNZONYP%u(-v<>r#u
zZU^0ye+N5evi0u44&1(@s(ZKK0JdMK5L`ixbXLt@2>BI;=`?9)YdfZ=1>dmwex}mq
zSNAy^$~y@BCY1o-&Y6c8EPsr_XQF}OJ!rkOMq2u>$OR4bcY(J+Yc)V+(7Mkpaw%Av
zR7$m)9Xa-x*;;JmTK81$?%LF-90bv{2IXc5XX6mYwJ6{e`ks3|#(xvUgkn2b`oW6R
zJ@ML>d03vwC$aT)EGxD-+D;0yPw5;nqcdXW^y{I%x0BAUnIGk!1W+8}SWG{h?t~$B
z&07A5Xiv9kYtpz()!v$?5ega7x_En_v5+YFl+9UlY+}1^K9q~HcRK<O;UM*Iu4(Yn
zaP{u`Ml#!fzcbsJoc9+6oQ}}HoF#(<6F*wO_jz=|5HizHx#L-p;(3tr_%ZVM0So}$
zqacG9U~7_`(=mttrhSM7&3315jhAIP4285wiv}yfF$_}PLn2=}3tktZi3#HRDZ*>h
z0pv#~@}6ydE)F^teUsBMz%`<Y76~gOKyba*^(A;&tGT}1{-p{QNCDSlu)ZG82+>dJ
zvKbbBHkUPLE1mQrM|)Kx!{a_JF{+>Q)WdecI&zONV!ND6Y5Ej2wkU#;4-!mm(tGr%
zUaMX|Bi6T#Gz+6hM`N_hTOTUN2B5LXyeP}NmwHT&>4Y?)Hnew}faC(5RW^8IbkJ$O
zHKep!BnlgCcpGIsv}!EB-L%L)h%T0tusHD+u7#1CPt~K-AfRS%{ELkT#zOReFJ@n>
zm0aT@EG;ZN`D5$#ft=<LVd>Y5c`!6Dr@&Pmfhv|qi<ZX&p9k;}ew3~iwo5R-taT*k
z3ZBB9m-ybeUfzLbS5PMCIs=Gpa1c<bL8GLv>h-8q^|DoGOjYN|)-xt?RM1-uE)p2w
z=;vht2S}d-xat|U0(B2<%%40elNsEWd-(bc19)%p7~GHmZUS5veF0b1sZ*t0UR3x-
ziG#jLXPgHwN)halP@hF7m#ofu&F_M4ZcyvZ0&AZb>cPIFk@vD@d$=;l6(nsC)8;)s
zQqE70(H(f}Y<Ymb+V$x-hSc**YJUte7~#h3#EKIW6opjQzQ%bK*~<7Y5M?Y9B8(LL
z;}{*p!E+Fc0^t}S>mC%?Ifd((5!FZ~DsqQpJw?pa+0XI)8NwDw!Ya_1yK|oJdrJsa
zC-_3c*_Ao{OEPy&SRWBZK{urS3F5YIv;jE96cCpB96`uXJ&1{4t8PGt$85ZSZzONE
zYEZt#S2||Av^t)0Sf(UKv$)~cD8;u;tJnSV3VWkyi?&7vzgURFU74f&^ZPc9pI3*P
zVf+Vi4EVMujPaZEm`}f-v#1|9dA;>7u9O-aqK9#U1_siWccJCJQs^HM)NC6DFDebt
zDcwp<<HoXu&OD_kT$&vwo8<=U<DGADX)+xR#q7jF6@Mfh7+@iAKJjS3h^r(yc2ERR
z)W0|!WYpI7e{*=>C#!cqaQr?^tEEGlGb=<jU^k(-rvv$F{lS=&2!!PB^y2wd$AJMU
za>)b(vN(?fj)VSM<cOI(@bRqa^iU9!SRue#Z$~i1vL`hK1!>MM(j^Q$=C^fyMHH*2
zs&?@blGbaMQxDU{s@v0DW~t3NX|CMfmL7Ixh-Jj@$QnJr4JuI=vUJk;edMHY1Rbp|
z!_`hD)HOe2z0zT-@>9W<GLLgnPG8=)h-}kDJpEz+>zYv7zCFpna&dWKqsNwDTltZp
z1sy_v;hGDgPS<r6y?^aEQe5wn*v2*m|AxlsMKXoWza)pNK;hu{|Em1K&hvu_n!#uV
zU1X&=Oi?AR(SSv<we?<Z`h9CS0k9Uz%G(uDdT%j-UJb}hO^uz9CA*=xFW53HCK&pF
zZU!{MArsW~U+Nuny#NOcGFL+Hl+MN_?mj!)3r&~j&Xy3+LI)+JS^WxXmp}b9j@bJv
zbrH7+2cW25Zx2PnBxv(;BIDz#Y3P9a`9z|wSj1qd^zyz<-@;F590?C{bo0_UDIdqM
zGe=!1WRQjA(_*hQUuo~g|F}_ILn064YcvO0IGNem3pND<f11;%X(e&>BBsy{%E~A2
z3RfE@GveiEC#T@+Tc}Z1>c#G1X<*rOkA_%C|EJ@UN~Lu5p$hPl5u8>F{~@P4LRjki
zg&2uz$q2WlGI$pzZf6NZP7xB;_hpP<);e@a=r+u^DIMaYQ~`Md)$-jj>@J4Rh0eIT
z4PlA+a-(U>XkKo!5cK+}kV%57dO*w@b%BzgS0DOB{Y?+cNC7mD$T~uVQX<y>$*mq<
z72AABK%v-A)Cdwd14$9{LaEEpi<#R`qf9JE2c|ocz{#!`*;sE)$v~3joZCZXceQ6<
zX6tHiJsv%~TS)|~&yJ%=Pj*Hy-X+zqXUs3jnoeDqKdRxVRopXK+<Cxz0ZZvT5?7Q6
z%W|X{v6IuBr<A~uOv*UXQ`_~n1?@He#mfjihY0@7%bGv4Qizyo{x$*iKDO9+VNl=q
zK%m56Ma<IqDY@8Aa38!&jU=}dHFgc(Pjb@Fp4e_BEr@|5c>P{PdT6Gdcz~#ksb*EY
zeG-S~r(SdqhnyHYr?JYvNx?;V4j!v;6XF{Z$|{25vi>{B*S2wGvE+?EsCjhgu4GXM
zE-Er!6x@cb4^YMFEsTGFcl>#F-R$5@7=1G`?nI;h(DR*IhWwEXnhBd}b(~;XECq^_
zr^ZfhEp<e7qS3C<^89IDVBsRHiIUOf3Uos6JnCW0LQ{QqdK%Sf$*^tkN6&jw|GYuI
zG8r_<xLWk+vM`<sTQw`1rT?J!&vS)!&8QSoOg8{b+OHYuU`P@8((gkz>qi{iSnH1d
zzmi?_R)SD`zZ1}pi&_%0mn?4zSzZSnHoj13)-Y(+=m0I}b97)|2LKV>ysYD8l%tdL
z`@4+qXEx4j4TtYqe%xTwuSm_iP;ZbeypT?v;?4=Z%1tEtg=xv~DNcr3{i!n^<EPON
zq@j2-!4ne`uQe77f5NRd_GdwOO?;tG9YYnN^@f2vk=Hb6h$;IdLEouvM+`Ya;|00h
zHh#8zpZqA#wIcVp(SPzc-07A7XY2i3zMEIoeeKpHg(a0+uS;u`xmP5zKDW#bA#A$C
z{Ya90F<1QgvO@3JsPKmdc=Q5yHL~@HII4l6^QXSTtHw8z@isCVU7<DGJyTmnuLJuj
zl@UEXJPNmk<Om2*93NhWh>JQTCR#;*CUz_oe{(IDp1w6_q3)Z$)|Z_#x@Y_Np~X)1
z-rbEKts<XMgpHDISYI>iD}v_<P?at+oG*9H_6!}>!8XM=cb^0Ua&a|jc{<q6g6C-|
zJrbNCy?$JkHH&z9g3cUf2ody31^`jd+)bfxH6uv#R!1ScOEM{<9TsVj-{$5fKE&bc
zu1*5!q2u^nIVmPfDegXs{sPx3yDcuHb7I=L)yawmEtTk^%Y-X~H&#YG8KH0!=Y*bI
zIhNd~5oX<bB+%!87U_`iPbGLY@2pA9*KN^IxWXk-Ai*TM5V;IurPiR;6Z$R7KTKph
zxPI%)_~(dR7aJcLzsb&}SUJuZvieRfB0*0*pTGJ!%@#T^SEe>qrhS}2Cwy{9fF3J_
zrF4@qJX)NY+fJZWzO41_Peby1G<m)pawe^kxNnyEJvYs)Cxgc_cZgE>2T$RCov8mF
z{Tvw`Y8}mEuEE)$aJiv(_9a#*)OokIOz*eKcb?N9ZRRDL38Ny?VHJE2RpW%mjC=Jq
ze`+x|N~+V{O$u&OJ5>z-AS-Ex3KvZ?i{3@-Xu+;=VvbqKnyiVx9Ed*f8z|sFf{;}(
zph@0YKN7p!;rn5=Bq~|h61{<<#~~U<?y?81n{%Y;&1)RZUCReDM2n>t9Hx#-wqPu$
zDha}gNY7mdLwZO|!X0poG8|m+p?xN_eSvG{sB4lL`Q_pWJP8R};HKk4`?iQxnHJ4E
zvb&7``qH6W<l)Dv8g?b*<T!njHIfAy+NoaGD;{`Sk;y~1dMP)0J`(9WYpyB3ki4Cf
z@$8i(tsoVOS#(To`C;|={O8|MiHo`9ga@p}PSVknFp_%ZbMfa(VgsVSym_yv$R|C<
z`^da%tKi|1Evx;nAU#AEWb@&5rz|?Bi+~)z0@I0<t}iNG-_zQ@=W~q|d#d>n&l9{E
zuO^i`soW!a!=rC|{l#{=`wj!*%4sKpNQF2dojI!q_Ei^>B#t?Q875V(OBpXA21^uZ
zzC4)2Jko5Iv?ork{kU241GL6@8`BY+fFq=bW%_z15GN-v9WPS`x%;!QdlgwHI1t{l
z#!=p324>!Iv(#xG1mzEg!b4wQo~Z=-ii-qERttbyePa8;Pbo;pjw9~*i?XD)agX>8
z7U628qQWueo$tzS`ipxODZfe<re4PdrH8^L<3}zwg`x+hNO}F7Q=|ASHI89RJREjZ
z`K7e&#?hR(QXNtEiP#r9a|V{w#Am8AE)q|E)vKJCjRb!tJ7{}pdzLi%6=Ak!_eJ5H
zSIi6S7|ql*d{WKA%^#iPrA6kR91U_epb^#0Sy>8G$bn)+-sWQ?mDA{yY!lKuZm2gL
z%?xtf?}Uu)avs)=Y+%{7M)3Luj|jj)Fc_>DzV&+92?s(`Cl*Ae6q<|WI8|@2eDbNa
zQWy?aYbFhyJF@zfoAb$pW6md+Fa62(#VwJ|C#>ViffM5+D@FVW?O(WJXn08=LaF6+
zoMv)(a7zKg?;b)v)#A`nR&psCq}2BNE#yE2edQx+2<7nCUYJqmu(#ha7$tc)^|em5
zu4K=x@_Utl|5aAE&z90=&V*M|?U}D>{*#5yW7P@u!G|uys^76yQ#w6V^D|&i3-UUj
zdVAVXo;<4!Wa9N+<H->W+tkKiOhy@Iiuh_W!Z49HfoSk%yjiAy`}c{23ff7C{@^23
zGM@R})5OGCwIUX?;8VpWMU%@R<>JRW=5H*^w`d--6Qp&_ST4>`!6d3@E7c~WQ*uq7
z{GX$D_ZzO&;Fidm{{`eH-YbWi^oo>GPE3G};!#A~+D5s3go(ieKW6)IA`}RZ`=-&S
za{vd<4+*(jyA)cgv?Ie6Z0CWVnaP>X#<Yg>_&-Jug&$usVuYGnl%P!Tyf9;~_}~m!
zD{j9rpDM}iM1bFoPokYnp2zLU*Z1Q{6EbIx6DV7oP9w~LDY^U&wPR^dWq06P?Mt(t
zuq!^(djp9HGh&iVn3B>gj88PK_iRl#H9MTq5-Y;$GbdKK8Y+nvC=11KfBk@+TupP0
z<Y-^Dn|w?jE;gl6Pea{|6)F^*P-r3Bi#7XWRj%xKAv~cv4f7JbX}RNkSXLE;GRDhQ
z^Z0YY*l6?A){toybn!WrNvH|UHnH`>=FEpbr<J|v*@q%YwX5B%&{PuBLz}xmD!Dsf
zTtZm<$B4Voe+(8@3rK!5^G<RI#@I=@2>g_kY1owXQZ!veE8ZAXgh6wJRFLCfhy#Z5
ze0urH^2Z!@H9t$j1oyg?)}6=9&799TYc{AMN9F*_xpFEfl`;2e8Yk|4KAhMiI2}}I
z^R@NBoH+|Ww=_?HPaq~_xx>`$+L!y1MI1?(-UIPK^Tt1~Mqr`Mu&jeN*PiYb(NpWU
z%AIUbYxLscDR0c-$s3cj7y_qE%K&;>zI20$*-t7}wJlE>X&zcAwT>PKycGXVV5o^k
zuZ&eG+yXj;BqSs>4Ec|SdY0@I<-tD*4i%+)XOr)$?LmWy8>;PVMK$s}U1z6e+Z@ll
z5#pfHx|~(i6v5S~#f#}}>43izU=)V^2rQ*dK<juIpzGP$eK*wwQE)Sb!?m{IKJcrK
z_#0oV;P_^*A8T(TKvi{hRM5bB6f=~W7>y38HX%V8kD}hUO0Mvu7$D3cQ-+sZahf`=
z>|Vn)Cr@|WATlFdV9Vxj8ajmKjJcp3Qtq<r987eQ?GBL}cP@2KH;_m1b+|WlEMKri
z^%>%f(UoIB-JE7h#-|jzaF7C}G2^u@GIV++t{pY2gp<Vbl{g~4?UT<Q;h5IP@;uD^
zJE1=2CF)O+uVshc_^9iov{r4Ww!YS!e%UA!&c|V{>E0@4T-~7S9NhX<%YncJ6Q6nx
z;nl<9G_v(KhHmS|d*w-rYt!;{vXU_Zs+-6fXXAwe6};LhMPKB{_F13Ft%Zi{?eG+|
z3AluPW6QyCSm2@ilER{mdu|aLamW16BV~(t`wPym{u-x(KL%b?v3I&Us0b3vLV-Nk
z(AY@Zk87~Z`d@~#J=;IYMKucFTRM^@IUk#568Ub~Nl&eCzV`Exk0@8vVie2L*&@qQ
zj^NSx`H+xEvtUTn?!d~bpv%<pNSdy<w;Lw;Vp5N++s46_13|Bw?8ZUgcUo_*iuWpe
zj}P+8wY+bw9^7AkTMk!-kd#RObfv9<e3hM=XfZS%0wpdqL`D<(Rc>HzRBIcmd2m18
zE#$AZ`<CdeMRs?_RgOlAyaUh_-tY1fAz7a!d$+%x$!6k}r^Am3>McU{iswl!>N9tH
zd+hy-2En^ZMJ%{jSxUMPUVx70IJfihtDw~%)kpr?_+yQe1@!n4vGKo^mBqQ-CinE+
zU^{<~>(;lG6cB+O)7bnSpGN3sgSCdnmbs)`y7XP;V?K?mWFd+k&#r~bgOZvBnUm_o
z#KbMauoW`za?qWh^PfV_ga9I>;ar0Pxm@H3K&ny#lvGa$KSHW&&-Tk1Oh0j)lEMiY
zoS2L+weRSX-13%(uxHpWABAk6|C!^t{?*2G`_!T{|Lo!U@hz9gcZW{;93*dN2h@y6
zw&hr_Fho{-sav`|*5z2W2jD1+_mrP#1Q==L;``IRZylc)i7d1)(w#bbO$Mt4qGP>y
z=U(-=eXN9`+s(|q#sv||Kg)xM!p&-spm7Rgo^!V`D04)K&VAROQODjaApda?O&&`6
zR~-06?*IYp)~wj%iih2|Z1pHly<bs{kjd2_CZdg4^}ujlLPk@q-wJs*-7Zd6F3@kJ
z7zqZST9sMQeF_;lhFTvG_;-!xHk3mF6NtGQdV|fMc(YG_<b>s;GX@iq-n8^^a&lI)
zv9(?9h~tyo@ew@mg9tFT-FG6+_Gd}<mgyaQKX@&Q^sJlj+1_kb*Dl^YFl|D}5DlOD
z=}qphx;A@7SNX8)`vDo=TSps7j{lI5+my75zJvD9iJ^IBsMYjID;0!S3fF3wLLN2w
zfQYA#vtp@rL6^BXnQOWK!0!5_kM4H+07=BRDilUuvU((Idwx_4UV&QPr^fgh@AS`W
zlhO8WF2LXCdWRT%OnVw>X2U4s^$IxKo5#EzTuX+46kPbgO4v`9q>T$=z=vB3=l9oD
zfUo@gY=a3hZdip>13`p~W{q!Cg1Wz_Z8QG7ERkw(SqiaWt?$j9y-8~$5`s-@h3|aQ
z{5V1P?g5$6i=hx@MKoW15Pj9|_IPm*s&t@S7|SaTuUMN0bPVZnQ*>YUcDCjcOsZs{
zXmP?X7Cah$d@iR$$DB!u4z{zLJY}vqCqLkftH%cw6%_;Xtx|<0F_NdxjarBx1P<<&
z0Eh1Mm6a9v11WHO8!9>+_IQgbUq+wjaZfe7_$Z6$+p7zOhJ~R+tp|Omk&%(;8KNOY
z8y_?J8D2Q<uB{yte-#uJl@;;*FgErgdZo{HPDD_!Ltpfc6?iV#YRN_2Z=TG57xfto
zQ2}yz@}^tNwQxNba?Gem$IIXN&h<ig>jDfy!tW3x2@ifxoK$gvUWd=WylV1%8{Cn@
zoapG}1jm`)+SO%lc(?udfnOj!5@bvAH@Ewn3Ud!kVqP;Nf@sQFQJ=F7acE#da(EPS
za7-`Z#3G?qJAITW-T)9eJKhD7P#<B=r}M5(f*nt3cR6fR@ceLwx7ocWq6MrOqn_IR
zse^>`{#e5EZSd-kRm$!mkqT<*^J2e0uqLQdyWdr5S5X4avvJ0%rBkXCw(IU~dT{p8
zUdZ5Jc|-<Vg}1}K2EXfEnGvG-<lD8?q7Jz`K7oej)U}q4im^fQQNErn9Awg<+Othj
zg!u;Uz#L20T=zCv+ty@8`giHcT#q!pzYcn2aaAV!_1fYl;y2m}MtE3IyWtbO8W+s@
zIm%7XBKb8_(7|pJDJxjw_xMQKsjXQ&Q+jjq>t83;L^kED4XlAkBX7S@lFA4Q@)ym~
z`ILJKES0n_oi!@%SpWF4q8}UZed*+=;}P9ipj5+6GcDuU-OrwJ9lauRmk7=N2+ij2
zBZkf@rDuw5ot;uGI!{0xCb`=teBeg`IllU1eXtjrMC;9cidXhBZMj4A8o%uBIN`iD
z!`qMDJ^~J!|4DJXQ-Za>2YRA7e7~U_tq2IuUP&|Z3CL(Z61?8lCvUZJGx4xPC%-vR
zfc%_JXnoFejFv!`%fdHEcZc1L?r&X#k)!hWXH)i8W$$j8y$@%mo{5Tv^bmGN`JUP~
zoo;xYpY&u<vofF0c#*FTX50~odTdI9EAJ7)Es=;`@!YOQoPEsXOn<&y&9~TL>(GqM
zpEEfh5&}AcTwM8r))SYYkI;!52ahEJ^d}kf?}k%SE85x8d;$k%Ewu0LiCXskg6!w@
zg~I{p-{uEvA%%ky2VAe`^vRd<_pUKTz0S-!aSPGzPKf^FoFs=BD4!%m<4Hd+CwfnW
zEJEBiDGnxLpnKi#o(DOEIbq7)mBt;tf8gw4$p;f_WVgKH#!CsX+JoB7x%0VBOb`}a
zPTcU{=^pa$?2Xzjr1Pv!#^Emx%yBeqb%G0Ey|@9}dgr+X5v+z^Xkq=p`$g;cOH%GD
zRP`%|UO3~N2HmI3pX<^qN~^TfLdp!Rf2us5*9|8$9uBKGrdwxTQhKW`JTxmP+RFRP
zoMqZvXd&UiiaylNh`1?E;-wsQS?;HJjc1x;y+7pE;-5ykJSHu2?(^c(<PVk9lF?Rv
zix1h@Xxerz(Ty;!m(_Aj??@TOGNydIYFxW?;A3(eObKF@AIdX-u~#NYtl>`#z>vi)
zMJ2v)SD(|O!qw~F=h&9?vd;vC*?u20$nNmBj(ZHw%C+#AX|(bc+!V=@<&#v7A@!mb
z{=WKpN`7O*XIl0~U$5m|!o;1KDY5%S(5)~b%d?3hbe1HWu!y@9kS9_=``Zp=R4Id$
zcpLje?4tfA>xgUNACoTd4PL$kBC$>^-(&RqU8TGy*8Q2tLuk5ox~)s<tKIJX+=Pcv
zg86mq*j~AKT>Fap5ayS?TxK_lSn0XDwSB#(YpesBj@+%YHQi$WJdawWNTA1sk>4FC
zun<iyA0Qrdkl$nzmGg0(R-rHeVA*H?QV>*>r^vpo8MoV*1n4+nQ5i#~ul_LJo|Irw
zSdJ%O?K^rCx7@+XAZX5upy`0Th4FTA6&)TT6H0HdER@bQN4%eZF?~;=rC3ql2v{??
zJ)=cW@=pv{ko)l)q%$(1;(ep2dmxGl8F-L3r!?&syzkbI@trSnns0nAuITg2nEdob
z=Qby1_{Zldd3KI|Pv{~#Zd+a%7#L9GY&2e84G`-$p4`d9WoDCU=R)!E-uV9yVQ&Ey
zWwf>pKQn}MNl8d|3n+r5bW3*%(k0y`(%ndibax6fG^l`dNeM`YbkF~A-t+$7S>HP6
ze5_e0Iy!6Z=iYZ*u{RjC+41qQQL>Tr*d_G6@b_=_1ZX{vX`?^xLSE^doBr79x?^CH
z{<BZ2D*(^-!gLtcb+Vlfu70O@={+B+Kf&lLteHR5vCHapIL&u8GQ-RGE0bZNjn}bj
zup8oku?0{GH}!b0bYJI?C<yt#^26^xsbtPM=so&HZ{niTJ(&}laVJnT93g@6a~E(L
zNiCCww3(=QU;*QaP}ipTPTT%z#K$Z5<Pp3)Iz}Ra*4@LoYl8`!vBKXGx?RmaGZW=j
zkF!xdh%Y>dq7ULBF-@XVP5c&g30~Rf&XZdM`-MO-KEyu`mqku;kSY)_COA%#x?doi
z;$z-STmdsR0a|xkKwv?EpOKh=m<X2(#U<w?P*LQ4bK0Vs<oH78s@0O(q@)Kwqu$*G
z>xEyzpFaPR*1?bC=&Amdzs}B_6N__Bi;5J6kb$D(o{Jx!gT87rj0ILJ<2ZXckJUsE
zY;2&s<)6W)9+7Ouau|pGTCj!%L?8$27%uhBA2VWMmLK_i)k!z(H`S`TWLJ2t0LxTr
zHaP68v=HS!H>JUR{8;_n)abj{`&TM&2$3ZdI|4bFOF5q3I~rjD!2mqKYwgp@OW6Nv
z0fcY2mIFRC2V9}&yvjlmWBib-#JLiJi--=m8G3ZtwR<Qw{AUFW-u_Yl7!Us|bjG4I
zCx8D~gL}L~#JT9-KLNL>bhtU<Bk|&M)uPuF3+=?W3o0V;$xry^ag0Y-X>>Y9J`pHu
zf}Qt&OvmD`3i*FM@q@;3g$D#&eEGe5cz+$otxwqpQ=kKu?^kfSb@x1PLR20;VJ6^O
zA(R#zTq_!JaR-Wd>T95Y>Lk07&xtS)I7-!R+)37_vUHCpdOOC&eQpI6@|m_x@I6tm
zz1)k!cjCc+=qPUY7UTZbdx-WwRD|1Ok6g{m>VXH0ECoqScgRq^)$QaiX+qoY?(X<v
zBEtX$*eedG9vMj(`8gp{msk!2-r41XJ<Xt@1C?dW{_%00HQFpIprNJ)f%ZoM+zjZl
z;m81n0bzSAbB<luUnjb78C!pF2blfX>f5TryubqU_uGL%aKy~0U(L!u`juV(`=A2F
z!}3Rqu%Yq8FG99mi!a$aGiVk_GeqGp6x@CJH{miWlr7C$VKe*E@U_=J4`t{{CAmq1
zhK5WhM$AXpO_$iseD%9e{V5&=A>%*^?7Ef!u`l|Cs6dnccMH|z#H{kQ=_rVnENz0t
zqlBHqwBqrxCQWQ$WM1=!ke>0~wNu|mp)8i!FW2+D1XvPEOgG+&M1|*)&R*?I<0%OY
z-mAJyqaU}SaKkeL6$^9Mq>CJV%{|oWkS^Chto&=zx|1nQzt6@*BKn;MyeH0Gu*DV~
zx3@=w6C?NYFxs7hHy?$lpL7_zdwJ<b-zt1#m#`%*kn(h+wRhH1Hru&^{+7UkRO8Cb
zVJRPD;QV;R%~?suroANN-hs}Zew8n(@`DwNz3vOg@Vq8_tKbP1pJAXoX6*Dx#JGJ7
z$q4`Zl7LYHutUv$0|WA=nK-nzljMU|!nmTabLF3vwp16_A9zqL+Jd9ki5Y;G!Xn1c
zTh-Zn1G`fR?WPzR9ev2cP@Cr;lP1(D!23bq2mOu#2$CP{@o4QmJ#^rE?vJOK?~gXC
zAwWGQ+vSu@?rL+uC1zqNpa1d5N6-D?i@Xxuud_=7haz|Rmp*HcPdo)%RUtp`FR$z?
zDjXqzQHNj;?Dlfe7Qh4ikIz3|E@V6Y&5A={0+B$?w8$%p-2T08*1%ohXc%#cU9_2+
z@SV!cCKdRun*Pua+dE5bT=u>axiJH8WR-dNy!ba7B{swnk{GSGG)RH3^Id@SVXFT>
zc2y^Rm;GV4e*8W<e>41>M$7Bp4`K-KCk<0-0&wu>zCM(<3^P;9@1|$Lfiuav5e+!`
zI54;o_t`QIob*dEfOUKlFSJ@_MKFdt!&inZN#kAwU%L0jJz^7yuJm?ZUg;go$Mztx
zZ{c<9+t<Z(7}asI?GM)H{X+m|br7W4=vd$-{*}|XGV+xOd>g55!z!$3|I)KNrj-NN
z_bHbI%H_ZZiIp$-;D`LCjSC&51NY5<RKer7#?R!?<>iAjV|$3@O-53?e?fu*$!_&)
zifgyx9kGB(HLjQ~#S9Pi^*`e}+*0jJorP|9dS{J%<A3}=E01X99sgpX8q~!Ip$t*)
zPo%>RdENh8Jpb}Ak>dk{K0#CyJuxmp`drlNIcs&hKN)r;gU#y_J*VndE~WU$d#45P
zFMh{9Rf(Eq;&L6S{Y9Ej4Ay<g_s4jConF9jZCxpozZ=L_3Yl^!3cd%~4nK9<&3DyD
zJL@&G?h$;3EGZdnUzCwDTA$ECjf|%*zH;I+=5oO|k5}lcsjCaRWN5=fzmVoG^w({c
z#ero&q?vC2s*5Wgh2hV0MoFOzsH+a+=Zy3)@w+m}WkLMkHR|ykL=O}?cL{5BHwW+<
zAuH!OD58Fw9uN7G%VCjAderZ{@5SYb@nLt(F%)(=Rm=?rcD^&x!#D>17EUD!i-Gy_
zgIos+I+*;j%^DU*m+nYmw@0Hu;O#2D|M|hdrMoZL`>68EndT)KZo*2yN*~PE>)E)q
z4PPThJ4w61?k5TZ5a55;i)$3{XqU?!VgP~b-Kb&$_rJAsf1h^@aD!K7KV;Kr;Y<MV
zJ>4d`ybJLE@JOZTh|BS-wj$(uVAPR>maO?`H%??=@>2o?PJ>?#0U3$%R+%i(hN)i<
zlmtIE@Ei$p27qY0+-rcDselb&2HOaHv@zySIoym*w4QZOx_&qi`U=L~4(ZM;NC*qQ
zmKX_%3dKhcgMWA({-K9Hg@#1jAe;!2m)hSz0kCchXuO2T2t-J=|9S(IbcvDyd8j2=
zBln`o7i!KlVP`2MeciwJ6<KYzDX<Uzz!QxaES~8$k<%~KOS3*Ing2FZShvQ^IG#R-
zV}5Oc7d0(l>Cv730#m0Zyf0w$T!4KpF`c*X$dij7uaVj;q8r&VMlj-RUPPUkzeOX^
z@(f;_-ymvQwrvUlylo_R8nf=Jk`jbsCP($S8Z{1Q)4Gi-vq^!k4kVlJz;<@$(rbv1
zbjMY`Mu4g(()7#0yJLBbiKHlj2Z#_qI!2^t`VUTyVijGEmI;QT;iz1O_?DIiml+p(
z0-yD8!>$#CF_L34G+7Pge0Ub$_Dy_i#3K2gQ*KAJMqHQPL!`d4Cg-Xp&$yN;?e<|;
zDoAwOi9-lBYmh5oWwwTxe&C9rN7t_fYTC;?o9jA1EYQW(d~N!Wab@x8Qx4c0n>siX
zfkoZa&72&_Xfe=T?(TRr$}QX+y|%_i`cQ~ja*zQXoKH?(w|y4{k{FLC6drozYEfiB
zw$Or|)6w9>+;$*(%rV#8{{16`?^%OyHR#o!MVE6yfH}LT>hGmLk=UpVb5;=hl{Dch
zH{*%~kOEFFE_%qx!O8HRzt&)I^<Mwsw8QcE%gfbtVQSzPQTmeZ{(8#q_<EZK1b|u)
zPSEeRT+U#PnL<eS11l>L5cs_G1K~yW4{{LeOG-D)9mtz|Qi%busR#B~117f^03!nw
zkP^Y5A(Q4Km6$yoC<^JByOJ7R*Z`3Y9?r;`<v1&DWE!%tK^c4!Gg)~CfZGTISepS%
zw3KPn<hm%8OoyCNfO2uT7GMISF=;Pvd89cH<efH3>UH^J=S?~Rngpu@41+5(l)DCo
zO`e&z<@Q{vI;QRGYCKIcYD-R2Cfd(%J_;4I8>KbTo|4OJhweNn*@jea0FAm<)5;A?
zuOI&%9hh12Z|8p$l~k`ZNn|H=rdD&VK5@RAw79KkvCf1PnBwm2uT_uOzTmOg>1=3o
z_`)&mR?gVmgPzqlee|9;NdcV4TI`hf4l`HX+7j@t%5p96YP_~9>x(azc$fO$`gpC2
zAO(Wdqxz#aL^q~HLJ*Yt=YC^ePc~RLI#g6wS2cCIF)B<^hFmx5KQY?#EQfTA9K06$
zn&E~#cZt|(wEPF#Xln%$*_Ycwu$~{?7}LgkzqMgESW*3d0Asp;OR=?KgHUG@84wTW
z<-oS8BZZKnQeg*SqTruiIk`^4PS&=z@WgX*4VckH$UrOu9U#0iyH<e$g=GMDnjBHG
zBxh3SM}<XZaC;}(9Bna{&jVuWsy4og(GKJ8bPL%bzQfEcNde{&*SX&<)Z)!}KCPb>
zH*Q-X>rM<*Lc)K>emA5XD7<ag^XBUm&&pY^2JG0br(ILRDwiA^)LZ<E0Jx<PVV}Cn
zu*8Xx^>o$mh>Xd;3XdH9Fl4~S?RIBw`%TrhZS3}+lCcwz*`g)D`Ylil3((Q`htQCf
z-el+qME@P&P0!-#ZfQYfAaZOmOpR?i8EDpM%-{WP;gsaFxfR>#vngjJ-m>>Z;ZQgs
zA|gWWd!$-*+-`r1;^?eXJV<I(QktUz8QXOx={>Vw(0#pZD@fgD<^Jt@euLy0q3K`(
zWpiIJfb=)Gm;g5x0}+>m*h_pFR!$I1#@~D?`|43p6dpi|13z?LJFdGJ3&_mQ&F(sM
z4#9i`mwAoXf<~Y7`qQTDes>GnOJ|}x8NdW8FBogb2yz-H@)*9ark(-p9|P`?0~aZn
z$Ev)M0+W2#<POEH+bce?L&cQtQOk8>o~kLB_bZPKqZCJu8KS&*Pi!kE_dk}a+nE_i
zBI-O7u^s2(Dc!uh{7!AeTY3m$j2#V<8{>>ZA!cjKwG9a_4cePlLfj3x<Fq<^P~lP7
zVnbBadyv%q^mHTAZCl|1fd4(a)PT-aG;cF${5H|~mESYWwQ)haKmGWAnMF**yPW~a
zDLnkOfmd@DXa)`2_e|^weH>ZXY6Cp{xl8<2kLzss=`P%+quF8a_-_0d8H-l6Dg{I4
ze>Z#ic=%rwv4@i-^Vn&}nr5v9fUEz;6brz~Aq6Vz|3N2xe&C5mx%HTUmAN_H*8r&s
zixeQclB*Mb`#3%^6hz4-qNVVo!tgLISDas7FTOfzp+H0N4VQY2XZ}Xkm(V$f&RRhV
zvJI{<O{yfo7(YyJ3x(_9ImH7j+@iO;Pk>MBwlbtx<8L)NlO*^E%dU-N)oRCj3#^&w
zkZcR}Gr*g*U<zuP(~%BX+o1%7n=QmVx=%l=-e)se9%oBiN6N2$PJQk+T{T+$2nE)i
z*x8hSMMkA@*}T^(pTtU)b8$mF^;k$$sKb3vInD(vKm8khD4bkeY_S}b3E7I-+8uK0
zEd5;$jplPTv853xAd*v*!$qBBM^WgJIP(Z#${9AdG5bvCr^Y89xS}8`6i{9|x0#k~
zAhcn0b@k=N@2{`OyP~t%pJg_>IVRvgempU(R_QP2)3mE){A>#^J_fNs{$IG`G6>v~
z#^g0nVgM22Ff96nmyqaLK#z}}AoFPxk3<&PgpWdudF#V>heMAOxJ5G^;VCT{j@Sxq
zI3_)mn}%Rnoxm75Fr&Z~1=yGexT_1O8P#;$8y_LAA;8DGRpUcog<gdbhLf-TVI|8@
zeA#j18A}0u?W&lJqf)!Ox&q_)HSMMBwe<K%(=*cI7b)9yOi@EfMA8>i&j-#2pSOCR
zZ3%Y7PZ<9WLB%${K2yQ~!PQ)qq3ijI6x*-a*NWa6l|@U`r8;c=1?M;Clf31`tJ+G(
zfmHfMe<rtb&RxvO!#-##iWrN**LuLMPmk9d>HKB2HCbCN-PeeGZzF~8`LvOlzxxxj
z=v`0I6xrQ!av?h##>K`WX+H_x(Ub_m$6I{G)bGs9@?~6#>ZmdrlcYj<oBmukTc#uv
zRba1ld;k}i>OU{=uuYd}2OfBi!7EOv7)z;1GaiJQsTa%`cxHI!_-F>C390}j_mRUp
z1SD_4S_Zx;PEQyJ|3K4ED~nc(0XAoniKu+pfvjmz_*+dNU0V&r`)2=s=jeesNWiVz
zBa4X%Ha22Qo%#q{S|l>1vX54a<PU*7jf`mMKoC*{DhsQ1Vxm0t*2(U@FTFC51=bfL
zjh3tV#^c@sf6>!mn2nxm!ii_UbmUaCkD=lm8d}BqQjdhUGL>;a03VvJh?fx?$D7gv
zyM*PR3+|PBYl;x}kvSpbW%HlfqFg@mJBYrpFZWb=xWF@$X9myO<QjSx1@Br1oo97?
z&=aD}yv^|CS%Z?kLVJGC^IN6K_0_^`!!j8Ui`QtuFo*BD%p53Ok`^(M)V5pf%nLik
z2Q`f;U6(OvpWJf^lm`@NODUcmtV(+je-T<Y7(a=ATbZ!r9si7-n}_F2yKwZ&qB25P
zsbNWf_7XPoa^lZrE=0^y<KMx(cGH;P<VN{=WSxeAXm5_rf<+94Uh1jbo50@p@n&z1
z4A55Nsl;I<%2}1mO31~-VR_3@PJ_5PnBtLAG=C`)Y5xjSl2jD~DM^ysk`U<hqri_g
zWIkQjZvyXtK)XWYci>j_LP;<=bIojEtu7#!2A<oMKU?|ImDIt?c6voG7q|UbLx;|0
z@mgH^h1}KEWWLFw!XwY0n45e+%WuY95>U-Xu7t*i324t-rFkbLSIRnGYi2gCt2sN$
zbln-Ed>hk+IjT_BN1gC~%FUkkh2aBV(M{4yUv7IzAGQ6eInW<EJ3KMBHYI9R#1PM=
zdOZ54w&@tEoQ0G$N@B89Z(?JHKkdin-mHjrMb0HMx6I$OR)LK!R4A@stsmXg{KCVY
zY;nD1X|c?oYdqGg9P_nJP`ic7iIelNek%uuMCTh06Gkw3C%xKUShKEMsiaynBs=7=
zyEWF|k3~HBkCM9>z=RG>2N(ErECbHH@xzqbl7P+jGhR7#Ii4_35fJH&2i8skboj1w
zx4+3$2iKe(&Y|BC&HXABEH2=306a^ed8vOXr*;2%9hJ`NnE-wSGW`7q!9X4y^dK3v
zXv2lHV>GdR<T{spPT<wIZ%3F@G$wSHGuVI?^CUxi^916fJ=xR_kf$XqtXEj@nDTF{
zD|CEo<o8%-@H;K&wGrxRE)3L=h_|d)+zZ_qD3wng-&nRg`&=RuLEiKk)jU(9A*dGC
zE#F7vzcy|!ULO&A0_t2?DHp8`mTNNJoBq^Tx=$k^v0pZ};=w)wB?CL1#!BAm0PiA&
zb%NF(2}DXVas`JY?H(>Q13EZl4AQTqvzK3NHoW8!t_@G7Utwkg7op~WN=z<cbp092
zo_!Yg3wyBNDqBdSu&_`R$r|{ac`$URsuJoB)5JJx7+SE&tH_j}ShmK`E{t+2!nn&F
zn=%p#E1bUw9D~B6c1vKIIT#HYKHQJNFAfZ~27%ZZ#BTZGf7bEMR-^%{(eHKu_=CCy
zN&+Flp`|$O1|Nyd6fWQ;-n;C#*?#%^`+}2?Z+iNtJ`cnUqCYL5eL{;|w-Ol$3o&w9
zr7lGpe4J|w5o1WPA_JaUScDIKbIk*HM@6i>2Pz<5eeasd$DAhTR?(!^z9Qr3D#k<y
z!9HMrN&-*&SWT5Mi>92~+$Yz0y`vY9E%(RL_9R2-Yn{%*07^Dcm#X%xqcqMY`;oa1
zhO~PXRsHv<lcoa>K3$d-Bu=&^QQ>cz6a#@JIFrtAccRPA`oOSn*JreY&3-U7B?4&*
zupy5Y%@JoO=yYGAmwXET2|HIMiK!`@;J0t-83sGs!nN5qv+7Zi12-60Ro54Z?y=vu
za9(nfiIuyH^0Y-@IV95hj1`)VmHy6<>MCo$zOV8cDmb$G$oQeW(VT5tO2PK8JBI2r
zkT5^fYhaHxUqhe{ln(!w6<5RsDjq@jFSRiMqO%$-;HmgXG5~kYr^U9CpcYdCOKd0-
z+M|x6mNN+4?)f7lJP6<rhZ_Lijb&!$(sa4B9B_D}W2EcY8dIUg_R0YY(5(W<oNA}d
zukMNyl?fqvnVrD_WIzQ9gdgxsPN8A2U~fMI%LV{fRytkQz*ayu;Y<o9jB+a)o~QU_
z(}-jqad59(+Tdzd$RA--$X%W`-|)nGTfDq9<1}{&M+)I)me`ca?l#^vmhXMz;~WC4
zY@0T<7;lt{agB^RC2GgNK~v4+u^>_psD4!aJqGDS{O_USv)DzB$Lv0-nKPm!7^Ywf
zlB;z?69B_oOZoh?GhLBQ$JX?7#Mt`|T$OJHu*2T`6ei2M#c{NK*AyQyw!7w+5^C!l
z0)kltoC%#zO=sojTgPuKiVwO#3{vq958Evnglsx>kg4m*|6SWylVJqt;6iNxr)7L`
z+CmLL3<T;Rz?3W0MS>j?Sa6?9x`qeh8mBia(@!9m2RE=j#2vzy1YBr15%Of-%2Ljg
z07S=O^Dk+waw3Pg$Ko*DT3J%F=*vtzP~epOm{tS(9+b%NQ&t0k8`L#~_bE19v!X!D
z9!rGxoTVEe$Pd)$?)hDGJShdWFP!t|?t*V_Dl;O!D;LuHepO+l&;E6`|32bd#ME)J
zXJuLHp`KE)S9|Av1Cn*B0c$@;L8n=xY>IAs<d{U6fSgQOQ`-yyLwSyE>5|QsH~$Ih
z@VAToQ|6EL6XwjVbYQ|F7eT!XGkhqQ?eu;5skCY#j!!o=D`A$sGPF9+E1G`==qPD@
z)maY9R6gD7EGbRd(%u&_Wo=h!$gFDBn;$8^sZ#qpr_8amm8@15>_)Y1d~nF>Su?Z#
zmrGZ&Zj1Kj;^!pd&J6sr(Yza}fcGOBrw;yG(ZzZQz|oPBqn)X8aFWat0_PT%&n6cu
zf`H-xN&&r^g33BAUdw~zMj{CKYDB_LtkC0kd2{GTW$f!k4u(4$+T~iazdy&$A?)q~
zG3P?A%TDas!5IpL^wOH584%Kvh^s}@F#MH5E75|BLIHj>9h`@6*!Ps1&jdy+TwlW-
zaFF?qxZfQjLSAs#xB)-W)29{OXi=<~c0>4igG#aUVjPG@D=M$@3V*RzPcRi$F>2-N
z$zt%^>U6E$?T!UkmQ3#$+y8F)m8NGy1f<R&WQV4{7&eT?xaKXX={ex)xU1_CTGf4X
z78VkAxayQhGBh%3@>}9w^i7em8bU`O9oVdC`Wo?}bt84ctE&2I;KU!RR>YCOV!Cf<
zppL+=<L7#s_13AoQ`$Dfb-POF*(1zHn5?(Zh}gBHMe8Vc4K5CM;S?^_Cme4vtUOFH
zz^tw=I^~GgvS+%6u(9#D9sN&Qyyu`6&-ZL61qVonp#r?60?8T_ED<vDzd^DWAB_jc
zfIid-j@vweUf=i23A`iCXPImI_NM*Nm&Ebw+4K7Yp=GJ(peM4360mAYUv(G6$GPm1
zlE5?Toe6~#-D#^i*QtQ;Og;_p!y?h`VIrR07YAb41|B&BEAPFo4}5q9M=VwZoIv=d
z@$^p1_U98}dTgZ*$aY1?OXG2l$?WnJHASRA+oh3Wit-Hw-fdBpV`Ryu@$;$kRxQ18
z<r$0w-fV@48FUUJT6r6(!cW=bCw4Qj*|{CvayhZ+OpJn>I0&`G@a+gGSzj!gT&e{w
zcYWBwV}hr#N)1yU^vF-&^Y+J{^$eH18m~&Q5ib+VzOF80jk#VUFX-*uW_2V_MNN)~
z*e(hWd-v@5J*>)o;6F>b>n$NBFOgq~iaKHd2XnN8geJO-EHsoP@r35GXcP~1lS+!6
zK;oy04Ujn;qaJvFS(!^>d;d2$d?V$|_NaQ1Fwc^=6heCHgC7-2ee|Z+>-T##dN+Vq
zuC&Eido17@F!92Mt6dh8K+nzaxHU^KO`OgVkgv;N%;KTrXkm*fnMH>z@7r#-C$vEI
zH7YaZ>omZ<9;Hk)TFLq}V-VS>vCFYhPiB}|$2@Tg6vK{)=U+9<fCSR7N+h89wwFYv
z;k~_~eQu-e=$4I(J_j%>^P!>mV0Oyg1_JjUW8Y^bI1I4)DV;P_{BbVzkd1F{ZU~>~
zv67-|nVu5$#E8i4Q%9MqGp)nojroP=T{bo%*w#!1FI=W|ws>Ks_%96)+x7IC#wb%$
z_vwwn8?c53T_0LT|EREcyx{7pwg2Y{zebnsL3ag$TA+-iIupv5B~*qDBsmYtMKIG4
z(*j<yJUHO`g5xOn%7^dUp%yS_<cIXUd}oZfAv<MjgdvtLcm&VUfJnr1^He`x17)UQ
z2v<H>6h$yt`e|t5w?tpk5MMAQRbT_QQ;=606H*UJVmm0XgA6%Y27*-{#sIC+0D%IQ
z{#AiAYcF!S3^;vmUUyHqlhXqp2l?FZm^vl3qam27K|}VF;7#qedhH%<JW~~~eL5=e
z+U)%sFK>;ft;I^D%l4}tdJ)hHVrvi~;`FKWw4%+u=oPF-6tY$xPU3FMF}>IV89E4T
zWRR|CRijbF)Y}F9WntssQRKZ2LCv@{rI?b8?h`O?2rl7nCwv;4nVHtp$Xg`0<w)Lk
zZ8%d>ZA9UmIG5KM?(Oa68_b75>;8)3M*(l$>HeJ}_xUa=@Pqm4ABtRgz@!KY6s<wW
zo$<lphcrrp01d#p6h3M(sL3Rs0gwZi1CHO__K5mZv6Yke&77bAxcnG!E3)K=XzrVN
z`0jZaf}3SSS3U=g`~D$tImAi;kP8Pvm;}Oz!|fJT6o3)bQHBIeQJe4rHBXWEHmFS+
zR3Dcw>b(o8(0T;WlGwk@X2kyXO>UOmeLcl>)Ss6*;Y43yK=w5m8A~CY;0-=OJMWkd
znNt3g*R$P<JMAjVDtq&otq5<RW`SjfOe)r0!TSq27Z+DnTkcQGYUSAL>3+r2^4n_>
z4T~Scq^3*tu6txEXs@)Q$?Y9wl$f}MYiHAZy5)?FF-B{<^MiG0+=}xj55It#YiW-`
zKb1phimB??Z@-E6pP1S;BksW-j>k=nPfQGC?F0T>Zk5FNX$h>v@=F3H!9cx+fuuYE
z2waC_Qb>wGISC|x9tM414ea|R09CEuNO8NpyXcHVoG&BZy_urD&-@TbT>s>PNj>y`
zwE&zSk;Gw-4Cv7k;;1>D!ZCS39H!Kh2FfiCPzMDLL*UXZVhW9aDnkQ1C;+Q%IPpi%
z4{qg10H{o7i153BQG)d@961Ef++fsyf<lYt9pR6K?R4Z6HH=$YNZ?}lpezwB)r{Y|
zUi)%?sAc_(hgXA&d=>6$+aguyO)`cC*X%1%p(#JE&%-*WRO)n#Y>Jl*n2-HIFTwkX
z?8-(aCVE8`b`W=MYRo3tT{vnNN=j`Yzq4;V&DG=c;t=L6c-!Q`J$wqr=8zMI#0T<Y
zG$L^CXO+4c2jtFx^ZDI>X@)B(FN?SL_ORZ)dpGMLiKk-83Ya|i(0~FVQnIPBk3qNu
zg`WN?!KgTaEH*rF6gzDK$M!K$^J^!l(~>%G$}a5t19l?KP7q8l2~O(-pw^t3nusJJ
z*0>9%sKyF~yMTQ*1jJOm7~KA`=UHBcXvU4d06Vpz-~J#5pSy+VxunJha5SGdw3i>=
zdq}87@3J5l$VKK;e~Fj-`!-FhTaS+QxAn814*VOjOAW45jGwY8=A^%94)m2obsRK$
zh-!)K?yrp~$LV*<oGpN0ANzG&X_3v;Q$rrRz&L3^?-+988EVNd909p;p|t|d<0n4i
ztz?a*)75Bl$5+yTDpCzgE9^!psawq=%T0(N8$_r}m*w9PR(RcDLcl(^<G(H7V?Z?u
zYKIK;wHN?_1kZ+$$DPsT<RlH&6XHF4KakRc5lJD*y%O}@`s3VN8(YLT@nsU@rG9e9
z4s77^ufFI2_>)5mcKr}?+C;1g9Ep=6v{wd?#H{ySf{fZYSmSFP36eDoNC5V@`w4QC
zt&JN@(6n$`U`|m05tCSPPENTw2q;d*^9;R(P*~_!V-8LVqv(epWHy$2+PpD!Ds5vV
z<1^XXG7FWLKky^WTk>WK!2rO?;UU-zr{pg-oZCzno83>za<iW`r099O+n{fIBEIaB
zH<oG*xGyP-ETaKh<uHLgy%Vjb33J}4<hN#KZC7P!i7*n7S3CbN9;|xzRby)oIJm^|
z<DmDCC=D-79%4c`210Kza))BdKX-Rc7qx`Yhl0I!*m+|3w*KYbe#T!F#I1MFVb;aP
zs{1_tQ9C|13iaPHkSzTx+gFGIlt@9Qkpc@F5#Uw^^~=ZaxE&agg0u7HC#+(@j{T<n
zEgqcd2B9i~2C_ZRaN4JEc>24n-%Er`uU=fjKXijQfZuYpbRzGEJ1)7Nj1={wwpU22
z2<}q7m;&(}w4)2p@t&>H=;_iT?SYW1+wOcs`i@-GJ+DA@?x7b$4A}DYUg^kGJMMNi
zT9gdR&~hxswbKaO>t~kL8DWcYSZo=h0#Rj}?-GL4z<p>Mj|wy+VdUs(JikAzo&Tqw
zNJ!-62hj|m*s>&EG$Zd@t{5x2<EtePQTe+!EKqsS><1b;{s)1t(QQAfCIm9G$IAEt
zHab8K`$4PiMc+$GpA&)?MNI~h9PhifYs{A?MF8Zg*AFvm;3U>05^$k(<0QCubYl=6
zhJ<H^4;me!X*i7_@N%-iGde)w%Y%8z8&4G}5Hl9b0rrEM+9=?s1|f=g>CNLm(sB2)
z8CeBj**IITdwJ7oJVhA6RwFss`j%NyHuk^(@xxgeLW1#Hj_LY<D=Anth0uCYwYvIF
zCs7f&LC$xWc|C?CFsi)e)ydX;Qm@@2AX@Huw|5#Yh2WV=A->Z#dOy`rj|&oae{FA6
zmCS!{`zkD-`Fx#Scz)KgEIh=fGd0$<aVOu{M+Wv;YnDVF&4lT%@0PjrH0%@G_3Wh{
zx|=L!Y=Bd6NH{YF;Zy#<{bQ_(va_#*3ck<7`Z@6g?EI@7+HRWjmaP)W%3V4^v0Qbs
z#}-f>ekw7tjsb9MlpvUBv#B4{O&}@>dS##_;`9_^@Xg?f)h$p9j)v^JR@rR&Ot+@4
zE$9IqGxxISSiL|4T&Y*y(-7bg-X)v8DWDGm;Gv<e2JF)idLX_;Yaga}hBy@y!v;i}
znOp9jAt|(6hZOOTXUQ#@k|Vn!0WPcDvF}|A#ueWUQrG*|Rr0xfp1-(t;6koC6I52*
z-=&_<vdszO6I(R;`*nr>M!=zJA1Q|AAA`SlGKj2qZNDJ~Ek;Du^;@DvdYPP(2#ypf
zMB#5*%c9gams~-O2@qtl*=`4$8W5LsF4<9`AxqY<yVlg9WzEr-tJJI-&XgXOG)$AJ
zuwE7pFZ2AWvcqZPrjrp~R@kZUQcAj@eq`e4nIoE!o*t&HCn{jdaA6GwawX{A0(+i+
zx{o;jsQCS>uW+~x1tdM!$^fT}zyd)<CNw}1G;m2hbp|6Alof{IV_dJCw5__#nm*4G
zYJ)utoS=)pdM)?<%FXZy7x-bxYk(u<YxF`woa)kwRDv&3V3daCc;@^A93}~(@!#o%
zP{C`ApuoT|GH`%mD{7Z1kxh=wE};2CP=md-%27QE3j`qNk^bhDl0UE`c<5o*ZN}nn
z`utn2uhawwAFE+VjBC<Q8>zD7gp_>>U4xHl2{RS#MD}Wetkldxx!Ydb%dKjZ5TDNu
zhimGX878GOuyJGn?0upFt2K&cUVh4cx<;?E)2dnixew&58se|DSR?L*zFBgMnj=$1
zxE4ENqSkg^*KHggf_$`do10&gp3)dYTBLJ*<RhO(CXHQ|Imv9bN}QEX9RYruc`Qk#
zcFTVy5I<<?AC_9mJ@(b+u9t|#8e$|0gw|hl|I^#LVs=0I;$MuwvlWkzswqG=ly3ca
zV36u*8U+4>A4rdklI=t3^@2`F#<BroqTo`>LFR+V0{7?dMdTpzKpvGZA6CK|-sa2R
zD`qukNNI}>D)1N_Dfz)E2$&8IyrDrcGV1zNDFW>EQkzUGYw3>8q5)-11U~7E=4}ul
z#T6>ia546N$aSrR$6UN|i7U=>u-safCw2;DuO?MkH(eqn!Goo>9_h|V#e~FGq3A4t
ziQ-TMn4BmcgFe(BvL;=w9f@;2J^G#CkOH=I5@Lqag=%pyJ2Y>#_#YI|L;Cv~56<kv
z+<HGu?_yXc68w1=-6m?htH<3o)Vp(M_^dYb=NwZ?G2L|2$uD_YY=z~C>y$ehPpzHg
zZ(nqC(syNGAX~w+sFBgL{_@?D5fzZL4p#FCGa!C0hWnpu*pe=K_OB+ohru13G(lMD
zswW9--2cSJzd6<hxHZFp=qOqFR|HUqH5q_)b9dzR%Smvbd*9<Zw1$XxKWo)>e)XgU
z{~RQYm<gaC3wlY^G9w2IssNLY$=pn`DZowxlRJYEfq@<ARLqN^r5}FH-BRyq#>jSK
zmr%a1Ne)=K=^QvTo~yo+-9ZHu!(Y(`nW)@q6Fz&h6d_BEjXJ!*7BH}TOigp_Cu;OU
ze2id4s!D-~_xwIE_T~c`O=n-S*WU)UH$ByJd=edjuP!j$e(s0|MxC7aFXw{>W|_IR
zeT&^UHnY-tuK3)~Y_(0%*=nT7Uk~X;;qvJ;s-l)(t`8$+cO<&oM_G&#j+x+veVD2`
zb0jb4qUmdCYO3XKk9IY%E2Ao#A)fdUF^VFyFT3el<Pto!#dtTjn22T#-i*d-%-u7o
zQwYRQ-I|-3k+~PXJ?0`uTxfxcop$_x>Qn%dlj6>QJsiMlUmCHE5~xNSLTOtP|LjB%
zNHzmCQD~P|$O&S2{?(6g+Od5IC4qze!yeP-uER4>iX0qAU|gtE00nH`1lqLKKg>Im
zH$OA1o?XAzAA46;mtQ@--ky_8|3Z8b2pnitQ~~l@d#q_2%^k{|f1JpZxtE7zUWbLS
z>g8uPxQf!*D|TMnPP(+!7n;~<FF*HAIA~asyqnv`2fNCsv$Jb!Fvq$re4Ff<tU1%L
zO)PmDJ_fI8#4?#i>W3u6-cj;tB9+A=Jpz+%4cK228rW(*EyiREJ8NnJWgazmX3eFC
zTaYz9@1M1c<!B${HG~bDYDZeV@EDeP+H|f*wTL2;?z^8-=47fr;H&%LF$f{h%9F8(
z_Rp*u7<Hw-{O{cDRY2aSWNIc!aJPUXAn0s|gAzO`2{bT1+kQC-*v%GGL!APau|D>o
zR!2z!{j@Yk3247xeGG*^;3tX5gXs7!4{f>{8o0Z?&7P1NU`+pd=FkzJAiMoBP)WFD
zhZNb0WlCNhE0v9bEu4W6St>D1Lq9@*eTNu$#k~-Z=Q+#%92_V?3xrGn-52J*Hopz)
zA-xnWF4ml~yLOPP^Q9l3LSN6SQlg?%{qi{ER_`&IItpOwI*stJR@0phQRLHYYzwGG
z4kGMO#9kO_Ro_ofZ4QuU1jR&jKp`=Zhmwk$*{}s04-X!0tjsAWQvQaKBl3clRH1ub
zT5n+J9i~!%%%K^Sqq2BxQ7_jyk!g&S>FOJr0@x#fl82=8uXU>o7qJd8#o*?Dy*~(0
z*JqjhQ{wP{Hwe+w=zyoczY!7e2RAP2p>3UgiAF@70haVokfJ9vk2f2m1+cDskJ=27
zfy^IbRCMf|oFlc4<3JuJO>Q+BP^d#F$Aj96H=Hgf|8`l;`E8;aJ}_N|@F*$5Cm82$
zAp}=A^%DlT!p@r(@81Ltzw&&Zi8Z}b2424S0t?*upkY=(!-AshS@%8A9Yh^l*AbEV
zof(<9g72m2FT44)yiwfRVLr#65=-qvclEf7A^H!(^Vj#2NPOOEK~0GxB}CR^v0sEz
zM1GopvOA)qQ7*m!$_x1zwX#%YRsJjjt;4H64a14^oo$T^k6|=VKf~RH+u%qyu9rrS
zzd!P<``w?-fl}|rNWE+Aw;`nfuY2q#FSN=2z-UbzmGD&taE+7I{|$K83$7!%>3?3w
zOYH~haX|KaD-^&Y{<6*oq$hfUxFGF-Aw;Yh(_IJ>I3NRB;$!1tYaE~TI5c<dc0vPb
z2WV)HWaWI(foKwd8uCe=)hINe@!=4G{=_6n#IVq_mNSX|ki|c0LGHg-1BRq*7GKS(
z!y9#GY||$>03B9NLTN$HGrQbVv7%yPA{7oBp2(lX3}df`6+OS9qdzUqDnz!I&<l<H
zth_E)JsBYv>}`Dk-b=9W#?h|F;sBPVYj<O4VEx2eKG!zZ-OqBZj!u`pi2|<3e%l#C
z+kzTNTy84Dsj|D~c6*7z!$Z$pExpGo6O(P2NwzpY<~5@a5}A=pmEU@`PP!75_batf
zRu$dN9W~DQWBmi(;Nhp+zpvHtJn*yH89AIJM~o8NERM{AhQql3+EI;xGP3&CwL~;H
zbwsj)tSnO%E$|qM%hDeNc2nm!s~6rT9s(xMbxrE$Zq(jwA0HDu&!V(ULUI3y1SU{Z
z*h9Hzkp@h7K=Fu#GT#5#;b%#K%wQKDjHA`3au9F411vy;(9e3MK{m}tlh!a@P!#z2
z<%=DvzsdzI*SE$hy1us^nO4L5Sy<KILz3x#t18j4F(qh^4_c@VvTb)#8D}OZr$n9~
zGBN*TWbL#!&(FuVt4hIWXyCYp$jGbH<viW+_E#C-+dD;Lx|(+zw3@8QW`C;Vk|>3=
zs2n7#u-GFW@80pmAZ5RW4+dpO+1jctO^LMgo`{OrKw|fimF%5;8WA48{VDlWz(D7d
zaZski(sEkR^e71`0yH0|r-R3!N~9~lonZz&vmP@4wdUAl1A)XO+Q^^>98@+EK6Zfs
zkuyLZF@*Uq1u|!_6?16d@}pu<S~wM%U1_*?sPE+J84lLcs^-4FtCz7jxV13Hu90a@
zJ1w?PI80D~s{GG*$ehp!t|$N`TJSTHkr^JSsX{yukOOmIS0Z0tlroCSId8h)Afa*A
ztHG7koamQXSo%5+Xb4(o6kCph`thWj+)`d7K=@ctm@?P1lHq-dRkV#;EGS^-cV6XA
z%m-itVB)4D!wSOupqB~nC}qv2{y7gz*=;v`B8+@5Twmg8WmAp10t#+Q#FMoe<<9)4
z>dU8I<m7hjT;G-a0@Y8~s1ib@*5r`jsMzz-LYr@IQDHIOG+&DSVIussvwyAj^`exB
z*=dO@)&3q@?#3K^{q<S^&uXYR+r-u{in#XHq#AL7@sGsX1x`EIC7)Hz-TVFBxH6l{
z!O`IvlYncWI5-}3{?}lh(hCak223~uLhWJ;0HVjw-0eTJ0;<eVv7D%2%#SM<UaRh{
zs{%Eq9zM9_y9+u-MgxhaDDU5+{`kRe=52{S%Cvdp>+*Dz@z3AWEA|}W+`fs;de3WL
z)KQE8QMOKz_xrpLfA{bfrcG|)`p}FFsUO2nYToK}9UlumpKh*g?|3v2gzb<<?w?Cy
zAb^|`l?uB5p$~fMH>|N0pDOeo)er)y(!lh@nqMOABw_q66z;CpRVyy$hzi6crzC-A
z8szLLw0)DjiZ%ofsoAZzEv4cRF2P-OZ;4M)_Y)ntOEqw@lV{4be?yciyOz@7U8wX*
zajt5-{Ti9bNc=;HdJUD@3W*>rASQn%CmlUqApBIc(!7#6*Jxq;&4IL3vs?XvVx=r^
z5!;l!GkD-jy!Lo{rq0$D4|@3Z=;9F4?}bSH<)$=ZEqv@Sz2omAjs8kg^10tYSh}}Y
zLt#qIRC~g6Rm2`=YWXR+8I1oQn*kcg@>2g{GrXY$Wb<?dIYAnG(0RrD4M_EYgx{sG
zQ40m9&Uxjme{0C_8Ho;0mHALh*j1s$4-Qi9_L|T+6uP2KtcPo<Cx6fuy(8h_uUGwP
zCcf@?yhK}MnZ_;r4!#$RUyrGfuFq}aZ~a7}pTB~1rndDSy1?aOGS}R_;na2bmzEHX
znixGKPD;TBz>ppIK>MQt41JJRMD+G*V#B4q)qp^u`vVBv0yjw1qlxeb_&jF7=Rt^r
z?2~%W%VI30^#sFu=3t+BmR-^s%*MaCCe45Q=uk<l3xG#ObyDs6m!0ZW5n)fDqs`hC
zC^1bjpH)m#X-3KJ7p5A_l{KP|D#!V_=XMGNxUJ<)d!~^PW64KO`pYWZ@z)u4?Ek_c
zIrkW*6n;8<S<K;msrAlvapb$9o&7<>;*6GUvA6$uJp#nWz{dC0c4_<4o^V(UqMhr%
z_Hm6`E4d<or!O{eKm?f7;+TM^@XSE+mgDk9AA!o|_9@i*q3Hd6L%WKO-kooPsoK*u
zU%%pfamGenV<k@0s;Oy-F6<*>=cqJsc5W?8P1UMtkQHffX@G_}6G_v}O&@<F)6$-<
ztvx4LSZL?Y`cb2A?<DjI?b;XZ>dxX}%fZd=U<GK6P=L`E3a5lskOQ0oXaL1xYZ=OH
z3<O@cX(Q#s6*Nj+O2Q)M$B7$Tm#x&H<&itSZp_hb-IpXKrs3=nB^h|u7V|!X@E4Bu
za-5s!S@$w2IBR7^m6aCx2(5do6x`J3-pTLJMMtCPxHQX`^%_l;2n&BR8&(L==O0gu
zDnNW{NIaRN+#T_n`hmQ_Egw}=N#yrZ$bQR;Y{xQ3$?_kBL3fg;{PKA*6A2AdLF{$W
zl#K72cb|i&U-+sc6+Gxacz9CEGB%Cud4A}G^l{tWF8hI}Q0z&Q{?iX{@FVy7U#0T(
zjYy!q6GXeC?GCmC!7DnD#0Yp~)B+>5fp|Jl7==Z<e$lh}w|n2|H{2$~dL|Ss1a|iO
zW+#2b&z~Ea`K>Wbzc4bf-$$9AeqP(w7SuR}T~SqO?q*NPR&J}KYshxr(bOg`Qr{HO
z*hr$Y>=|?xlQui+88J+vKRZ9)2Nn;-c18-qmE6%aslf-g8;BUOp#*B*eBRf_2a3Q$
zy(&I22g4+fG48F$ks!sm&qx;&cq~%b)W+Og0B*zdQ$1HcgcDmKnj}U9#wP;=)wDGQ
zu=VEW?%}RT(c9zdp92k+HiGD|fv6Vv1!35D{%+El4G*Pd<0#{J<<vcM)n(&_hw)jF
z#7?ozl)RAex3l%9i=12g&GK~7wu>;q(kwusy->PwS3*S8sKU|X)Dzh)2d0<HxBND@
zq1~c;`j4^#|J!om7b(S(3PbY4r|oeUa?2(&Z;C+xJtD$dASG2_|Ma=7Hs}F3kO7~E
z=s%vv>|gMF{((xBzX6N)bVS!w%_4;(xrlnq`>(Z^4TWn`|HsYnKS!OVSBe6v5`vsG
zERmqP9puh^`GT#u!&Tw9uz^Q$-?2ftrB)P?RuT$h68ge|(5!cBRAnWlUFU3f6u8p9
ztx6h~?U~ONM2hb^8l{>VJ35e(hLFpLpyhoS;6Hr|)_^$N&w*6n!0XEgrRf)s>;s+Y
z1#9$)wNC(M`f={$K$s<9!h$x53N@G$%LCoipg6B|E;wILanobM7X1_o9FL(<JW{48
z+wMGcgrz9Uu5_EW*l~iyxWh+sP%CHD+G?+k)7#0Pfc{6i@$!dKFkc7%Yy<j72b>*i
z6-Ql6aI+8@e9CpZd%9TK*|7{l_oNG&+_vg?yW_0yc@^$-wHs~pY%(+SBp9C@Zt+Ag
zkQp!UzY+pPYF~f-vSx8Hzy;X%i?tMp_1Rkod-p;*mICenr%0>6QmQL&xVr^4_IE;I
z4^;r&-Pa`&u_n4~zEgX@{Em);lI#D#N&h^q&t`ub0fu6vw@w07L+e-*$P0Cq03QJ@
z3)sgb;vtPnb&=!)NJdm&9k^a8lYDwEgv0)*MyF!-MOJMy3^&P|N~pbkc5bfkV1(1X
zsk)(~<GoVh;r>DV;ojas_uKh_rF)U{VM`r$Eeai+m4-PGA6s$r!9TjjLq`SwX9PV>
zSSU3$3s?g{znmHk%9a~Y@(um%27T(DHT%4JdR@U$Z*mzBPzi{IC<KjFYGwB>>^cc{
zfF^qxP)4Q<LRTMDR83>bYNRztK|jPeBt}cy%C#7QyVHOJobITm;Nu{NbrKu3g64hZ
zQh`fZWEx|@fEg=o@dMakQKq4Gc9aFxcpsI{Uz|xJJ%>Uv-CwgR(tvdTaN&lnmT3fN
zK{zBmrN!V*7ufM3cU9y4aGig0J|ayvfs=SsDgD@0_hm$BL|;{biNgSwaAqzKEepC*
zK=pL5b;tb}SIJQn>v`~<T+#!L+$&i<{Z+TZyFT5cBwb)@Z}w9R;)d=YRl^*Jhrr#V
zp9lQw=->GL`}ZOmlX5^+&bo%(2sscuaZG|9P+iH#%g2`t7DvAGM}8&Zx#-~e$w43+
zXLcWlf&vfEs)+*r)iG%97Eyn(q!e2))A2`p?(ioDk3>!z9ZCD|DNQ?Ba-T!#UoExx
zK2mA~!Y|usv&dYSBVV(PM2Att+Ai}NE>3Ke2Of6@vU(m06EG%3NN9fEb419}V=OTp
zORatiXBuQ_39&2iT4oyc!WMY-s@GHwqe;R)r^_VXNIx;svi^xyIktN{HfQ@|hvLT~
zX^-yJZbm%?LR;8@$H&(JiNKG-m+Rx`Xc=#_foR5Yotn2bR>NjvnUvvxfqSHmd!$=P
zpj{QB9kX407mvrh^r_RJZ3<<BZiR31lT?767}?YCX{awmz+QO@_G0(bx|d{#IQR;^
zgCKtuk(5USXq2H`G2S@6fT|YdMueJ)UpqP)kexcFOw$=~HadT8E;eZVPV;3-f4_{o
zy1I%`SY<gC1FnZUCz3FlaBJIF#~b%i&>ErC5ML$JiUn$?AGH}b6V!*4k^S7KTv2^z
z)h6vy{)>##V*`EorlFHc91nR6MZWsA;u>NVyp-*?7BadRLEs&-?NtrqFP-ln`B(e(
zMApbc2m-e&bil*u*VHM9lxhB`kfFifB0)%z(!yz;V$%`h&=8<$RHAITx30LnTy0n|
zsn?OG{RvGP!%F&0kBr@qp(yZ*@Ar}FH6kVMNep8;mSuXhW%}^A&m23k!2a_V1LYRO
zs<K7|ZID>$-8)hP+As~;X)%Ct7rYlbg+7nXg%03<?w<!$&6%8-m9nC+Q^bSu$%O>k
z$6b@`vf}{WG*4opeJ!%cKxaz)2Eod2o)$_@a8c>M;7^^{NY^)tgQv?L!~ObcwHljj
z`y|sig4?=s->wO0DU>(Kg5}i6cv&7IP{Pk#-+HjH97~t2bxVv1En?zFS}5lAJsFbo
z67H61yBFPLPU~7a7g7B9C&y^nifVUbRsj!L98cbObo?@)1w3xMg-9G4k8C2^r6*E>
z{$l#rRH>ylb+jdn9cWJo%tnKEJJ(hM>*_<~5YjkWVsx6PIN-1ZGUwFmxYR2r-G_g>
zch9=_-Mcm#dbVA=O`Cg6>p=qu+q8k_|7rocOdGo#YP&6KWrKg(1@*lR17A~iEQm#i
zTKUn&`IVZvl^TV^4VU><_x6=D`COtSFZ|<2VA{gNM#abd2<nUAeP1jf%*{OZ3_zUA
z6N-)T*|WE(w1CBxHVdHpy3_W)i^Co%KkOma!DXC+-Ppqq&&zUN*HTjtFKf(t{WhC$
z`<|+BGa<vl__?*hwb?nnU6(|1`_7<hK11E461OqVG$y@Pc3IoJd{ldzALJxPOxrAi
zZSi2apQz!4orViiEb~J!NxtC1KK=@;7fv++;jI~kLHnb}*J6$ALMNUDNvwOQQ>f30
zF-&d!nm1=oUP2xb4VV!Gf{QI#O~E}sC4p{ryG#b&Sfu!GLzXn<xS9%LRr8S?1Aa}M
z_bUcicR)4~WC3rcXOEVo54GZ^Z#>3C#XG(F2K~9~*0bi^vvv;Ocahr{r^IQYz!9)>
z7f=w8S5qyz^~mbD^=+=#*xx*dgKyh)OG7dFx%s+<9+BULN05L=P|MxoNx1#?1F+7D
zLajXm)gTVcv1(%n$mQTh$kg8nj-IPzmeK%GC=dhoNZ0(EvzTz3?)$)<mjzcN3^SqP
z^Jzam_a8DeKM_RJXdXLZl3aIz+L?Y{`_}0&CMfx88r`$vF`g2(!;Kw3KB~>cR*SoH
z(JlW{-(2a=vft0I+>z<rXg_bV5Ka2d<ZQGlW^MG<X?rov7K|D29|foeuOdN;8EmmM
zXrIUXwd!h~)a^>kOQX&zd+OH5I^`kEzlzeBO=W-Nk>wCW52g-ZLUXZOnk*vZyLZF^
z@0n%{My5uG`v*7r>O6L+*yzc0GUv#3#wtWvdGmQz5|BTxXu`IlC6=ZolXyh|x}+rN
zDI}R!WCjmk!*@R{Z-&h52F>h#7+B*(e?{_(^WBrQi8tN464!^{Hf5`wQ+jhrjH(~`
z=T=XiPkdB`$H@wWTgiT7z)wLovA<D~0~pCM#N_VfphwIvjG#wdoqT}oyD6B-JA2?K
zF7X#4^e}y$SSSt5_>3Y`vv+b_E~@toqjjd@8`EMw$};s<K_j)cAhGMXf4pWZ-FF@J
z4>iy#B2kr(<0w<G_Cza6S|d^^#ViIIE8E(qc`v&DIEH8n>KZ#b`=iu4S*;ATYVCTt
zPsBE;yZStuT^=j-_hmv0rbc_xSdA2h4xU@{aF1mKc##9NCf9_6YC4qspLz2g#TPBW
zofVRWF2)m}#ss|o?JNhN(!6b{Lta;ZVJ|jO*m#y$i<Vf+4Zh4)sq;SvYM_uF(NP@H
zZC!L9UUY4qr1WN!h{TZ?#T7>n>^sPAy!YLRl;H9ep}O^_3ihu)eFA}L+>u~V6XT?w
z$bpt11~XYEvyJmy-<_gs6@ow(G+mr4gEnPg$L|guu6H$~42Vo)rZ+~`gi6`@e0*VD
z*4z73p@aqCHGn>^S30xj{wBcgt|<!Bl~UwTP?n1X!;1TZq)s=q;e6+=?7Sm2Tg_t1
zyn|jX@yWKAe6w8g%wO+($Gb%jUs^R?$m5Td<^FA@@f3`W66e47H2%InwYNje;lvnT
zFOKRJEZ6d~!qf1GQf8YIl-F~Y*ZR);m*8>lQ;7#CTC)$#LfqT#Ry=%a1Yp5QzRG7O
zSYTZeC&YwCzwQkC@)!2(KPFazern{EzCI~^$e=|iDwJE-0f`kI&J6CyAy4E89n!zD
zXn$o(=plY+C{Q$%TeM3C)6EMIi@ae7+B{1wxkPjlU_VVN$c2UC2B}RMGgJF%@ewiy
z_=EBM>?unnf}{gKu<)1d|Hs!`Kt;KC?ZX4o9STZ!r=&Cp(jhr?NlSMQf(l4CNJ>a|
z=g=L}(hbtxG2hL3&b!|KdcSj?wG?#Lnw#MlJFb20Ya<$oB-$~6^rMO4z|3&Ste{QT
z&O?pr(t+c&!5}+eRXyyUS6C(jyy}BXgL`Zf&@b3_FNOI;p?%PMsROhD1KJ++Y;LR4
zEA+mtxuZcRjj2?Pn|4TEpkIUjPP+0fTaVG%HkNZ`PR5a!fl&L!MZC$jg{Ijb4sEx>
zjL!Uu{h@VZE8iALpwPpDg#OWdPb|{0WFuqT1|b>K+>$^udV7aN7Fe?UNc-S4bj$lP
z5@5K2om3Qv2JW|Vc>=agNBG~@mn&jS2IR&JH;*PJj^~d&tr8AW@K<*1b3o0(=gf)C
zWoq+4(4(TNfiH>jkB%b$;g7wVi49QO#i8V%@I*4OAMxNa%4qKFP}GGE&u#|F&~G15
zZhdLn|GcHyC`*8h;nYha^m`QCvNLLc%=sDJMdI`E{5=g~AbfkUMU=LHC@Th#cRb{P
z3B-eiE1w%Op^RluS5oz+pnHj;ka1%mLt5a1eMs62^ozacS=H{mQCvmJR0(L`)i9QR
zB!iS`exzzf)*ss)ai}JrJ0_Z5Vorm;;2~}9K~NnntSYvdYI|F+HS_mvc-KL0%7df1
zDwm43xt*G=P#79q<V5(6Eaq!HiHkGLrvrv@M&#cE8vvBt|0V7r7~U|<!z*tA36<dZ
zQ=LyoO;T0S3^E}a(Y;FC(0Pr-hKooT=`SxC9rh(U_-hf35kSY_|0B)+hh5{~1{VVX
zhoR;OBcTw1nGx1<u6N^ldMDZOiRmUWSk6|I**W@bkY-&2zP$2Qd1In)`}GTW4t-kC
zV)QL<X3GH7ZU(OSW7DRxn<yx$M(%~wyg`Kz{c6lxB5<|!w)?z_E{Ki_*P$YRcive2
zy*Fl?AJW1o*6a(@v})qG=t%NGC0Ue(`65DiYe<HsLSjU&JQkxCt<I<PG!jOqUS7v0
zPfeY?alGAqkLt$eH|2$Y+)Au1iU+D6KS~Obe06hF{CkbAHT0lKJ+Qz}2o&8Vz{GPJ
z&>iaEQO$o&RS)Y|RuJ|_<Bb~^ZTPKm*$)i}m3pV|;GH-fLS(d?Y325g`tdjjuz+BP
ziU>6!SD)X5`kclGWd`WVElkJ9TI%bvl=K<}^Mh$&coh!XkB%WI;|t;UgHEc4P8S(T
zit&Z8*Q|&};(bP=DH>9s()yg;cmrK{zj|i<{XxRYH{!R;ldO7wbo=4jC>-X~fGZ~+
zyUJWBok~TAF`kyYg+*T}NV|cZe@Xh5WZtC6uo??D(q$Z~%QEGqtF9#07mKgcbPlHI
zZ@rFTPNqur-`m^!l%68{h`adOBL1>PTYfJgqXuY=04qM!fet=|Q)?^fbauX3DrK`R
z^y@_a+frc#?CQ^qT|*(jl&ytt|Kt)DveG~w>EQ%l_y>3ZF2Sr)PY;+Ih%inI#~|Bg
zIrZJ&6_0~Nl7&c;Mz0VB0}<yS%7KBRzq6dY!m|9{4+v+RhDF(MS-0brdZJ|q;5iH~
z^nsITdp9Zv_XowD4K&{mwL>&2>njmS|1$*zX%Q1381?lY=9uTu_@$1G7{*#vjwDZ0
zt{KZRxN;RNe)FH<TUeIYY-{YWB{BRiDI|<jzKy>U&J6QBh?-#*I<8w{3pcn@p*I@r
zY`u?RCfhC!w1vr@M*d0I&V3lh`SW;P4b7IO`L(Qw`xT3hXVW!AWNz=lxv|^BC}3ji
z<?cy3FpZ6ZXf-5qsfIKhW)G~1BlADT66nC>%+-1@J7^*tks?Dbt_U>I&;L4=22QQt
zQX8Jmbezb?i6^sJWLc5N2vi{h8Y?Fsa{!Gwl%tM2n?#H4@bIm%lcB~JJ<_bcWE_O5
ztK#{;VvBHjZBY8St`^b*A5})^UwO}r@`_(t1vG$vdrN?SyAF>I|Lf=y%VqJWxCutc
z@8jSkZdZf$83hlQssxQZj4Jr3QAWcPt$8o5G&9riwp>;3QRKVfnL9KZVtaDW1H5TZ
zyQtb0THd6+mAyS14{3*hU=`$&w_T<!{=JP$^9~oxpej<b^~w6LNy+1D42e5`?wxUP
zIBj-{zi>XC8J9r@gXOVn7!nY|)=|lTVnF-!|C4b2l{vhs`y&aejR8Kn4J$~QGB}S9
zzI>8QEx~+T$6xlifTps5W?YXXc`_V9f%eJ$o1rp<wn=g$<nbY-35Q|YyyUt?Nw-5f
zVO9j$^ngrOw`j5`X|jG)Udv0q<y$Lbftie344$&Tkp3P@tve8}yjcBMY!6Frf6s<4
z&Hv1s;h8)|xV}3Q9h3&7&$9=*q=tQ^1SQJ3ABrw$!PZg`!8rcCRM??o0qa6#x0m_3
zmEV>3ESCqW+!piA^0-%gvJ#O}0}JnCE53hxJ5L~|<<x(-6*%6SyyYDW(Fv+<?X84g
zE2-o$&aTZ&Q^&3tdYd*$6e8NXf0ydx=~%iez}fYOLThqyuPSTAy0XK#;_CiZiJm)1
zIOI?H?~1w-n>(S>$&QbUY0?~w`r8<d2i(A_a`M*~t1DVyg@WC;Ic;!H91Q&#^Zo3)
z13>l?pXu2;Ud4}i)~e3iEC=fYYY*LWmj-M<?>{CG1Zik(nt0`ea2|1k>ZomcjWko^
zdhx(o%TKxYGpL3nO=49`Ae1I`coc*hsS>v5uzjoJp=>UR-ZUsj)4rtz7CYOR#tii(
zrbdWp!GVRs?GT;@Fx3-vaG(a(^$|_F@_x{41<N9{W)pxA62^Xe4Cz*0OJ;Ou#j~Tg
z`E4$9AY?XAYg93%I|d@cfmu)hZMnkjUtx3NcDC_46%-|;l<2RuZ-q5wZZ%?p-+eth
z;`;2m{{htjqKsE&!>R)rn6KA7ozlQL9q*E(j^?+Ce+>7+{W3uyi@+v`AZa7H!cf<o
z%2r}nzqJF?*}A<Y>h3r&ppSWp5h%c(x5in_Vtamnd)ioH8#Ny+JkAK&A9g}jP_~}a
zgymL_U(TO}IP~VMTO`Fs<aP2(0|y#sQO$cDd_d%CjjO=hiluc**Yv)Aq@ML(W4C%K
z;6x`Q?5l%*zV;*m7a?Xwtq#b*AHRb)A4kn$W`d(dWhg;q;3^0;Rwe8P)_403w>cMe
zHBh4=tL&>B9N3zc3Aey&RGmsE0b<4W)rBcSLBNq3HqJK%d0h#>GhDwN%_=O1<MRpp
z!~bYKGO~g!<YMQEQf>*Circ;c45??q2mvc<vQy4hk|mSTx)Od)6f5QC$09@GKPR@-
z@43bmr@7SwtU|dfejR$^BY6%t?rzr>4)t%+B=3cUmVeIO{`{t(#;R=GZkBQLeu2WM
zo3f3FEP_Sj+v%KnQ-|2dV7G)#v^<WJ&4#B9thewZQ;6BH*J#<%&oz&ivDJu_p~;Mx
zF%_0ty*snxj*in*n=%?t8SY0_PlK^IJGPr^u@)aDd&_3lU)NBwe>W5=svxqA=gbHz
zvhkoeTBBUa!CWB0k5;6OmZhb^1yjOJ^uJUMVZbP5_<3>i8ha+&Ll?j28>L?1u?-es
zD8-A&gw?g^nCnoDeyD=LCk43#2wxwthO%sd`pN|8nq=q%tu(Of+Ee@I2o%ij8kGpl
z@W()FAxokd_e;rNduqZNIs)-V_+M9*>ak2Q#R%x(H+&mvP4Y6PeFCr3xd?F8%r9%T
z_=E)GYD-cC_wJhYSWwDcz#39v<TbXCJ6a&iw{R}oo^g-8<A}Iu(!DEBE*9Qa-Xq0D
z5HFXv4Z`J#oYii9{Ms`Q4>T)N!u6@_?~|?_L2vc%AGDyMWe*e3H9m3?sS0pcfEy{)
z3+6cGti|Vca#knWwkPU^-uR3QWQBKLRQ3pxFPh)nei+2|gNyBk1N|1|09wf(iJSt!
zSF_}z8SU<n<IvVqL%q4Sb>*LhkC&HC*yXJ?%QJUwcr+kc&?Wxg3Gjb%y)a!D=BF&*
z4q@d7t12zXrU>MmOyl&bR1V&Jf^W({S)F87on+?&hRyU#bF4Kpzbd?Th-J3JP1cG@
z^w$L$D9U(<<tyz+Gx?17rMJwRDg=;R5@zRV&v9_|Y0Q1q>5C~y3u>F)W=0IWO6hBG
zc_CzM7_S(mO%87i<+Fm^g%Hz@Bv!!*G5THn3xCRpVS<QJx!9u`NCwm5X49I=;qpx_
zbse0(EBS@50UJRML9sQ2K0pzP71W}{7l!;Z-C+K}D_%}{@^+D|*s{sSLZ=DofI~MP
z@98$bXI>zSpEizQu6Gfm7O;f~e*+F7Ck^P;x0+$!`#t5yXIffXeVdZ^`@>f!E+#~>
zY~k!an`}y<d;x37qJG4KHiAhWZzA*Xxj>-A`AF#9c-=`=od^g-@*?8oh8=?3&9$R6
zV%X}84Z9AX;i#+Eyl4QPcs<Ss4Py5_^FBuG*o21OQ0o~QQpb<1ot~P%zm`~i3DDeD
zJmI?6hV`?m(2MF}*HTm7u=^71!p|QBI@j;-vkuSj_0Y7mW<dUfgYwVOdiezfrDNpX
zs}KI!$4Y^w<=Oze`VfHvQl)8-uKafBrxAKi`H_-wdumTA;}^p+M-K>f$VVp1=mbfl
z@39+tG-SPDoFUrOL9?9*=2&<h(!||@bC&VHZKUX4y`_8gEJIE`1j<dw4oSbi;X92C
zjM_9h$t(Y;2t2SofL0f{T~m-WRIw7_nYw#5Rgeg~;xsAJB=nCtDgiJu>OGcH3O>E3
z!G+$qkA-UfSfhVu+kpe)?PD<-ClFtR<%-maS1X%b2x5m0@Mb0wZu_Ri0??A~(#cY~
zq;rCPU<=ps_N5pX6fIiW{b9~d>LN>DU|N9$>#;sX-Z?3KQVjS7(L%;K`zg~5brdly
zh|~+!HlK;(d_KL#qZ%^y9JazGuW7iUqE{y`+q5Y&CM^?o#GN;F@O`%q>xlw=V3_8;
zI_b=4R(rHR7$A7Opoam2EBuOxn?N)nm)&Jc-8)veNU@}_JwrbXP*S>Kk1n(|lHKp3
zslKtXXDfnC^!j8TMDyzUOW8vAz%5qmLraFH@8RPo)a9GU(c_adZ6QxLwf3vsMLvfs
zWM~`T<4w@@U70VTw--KWg&um3`FK;4v9<?1|D?OjkI<P&mZ28UpO7%|x;=8ahp+YF
z?fp8RLFaA{8EB==s9V(Ufyd`;9`;r1s1=Sa{?p)kua<!?DFjw?w06O_v}-vJObPw}
zrO9?<z~I(6{}P0i6WIz0&^P{SDTlbh4*cOZf&mGeVLABW)b?h^@S7Nr4<xp;Y?>b-
zTki`(oTL#2FeimGgz+sN*Siqq%h>Cw%1Jct!5aF`ZuukKLWT{R*JiUx43JWm$BkX6
ztrptZ&-3v6A{_sz(@1;W2LOQuvST?kvF`|K=Ag{y(h^7_iMl6fbtd9s6pTil)Dqi-
zC;gw)$D#+O>$a=_UPT!gCn{L-x%ZKJ!tgFsvk#x)>hkvPaGecqlQ;7+*uQ8nw03*>
z9iU+Q)x`MR?`@aEtMi80Z6{MdbJRTPhEjvN)g8NxjMs@wW@&-Khv^%hL!&IzBq$U~
z&9jgM`MnXpNps)XIVLgdXL3M*<sp$uGd7)4?0jFYKHO`zYnU=JT^7mWZV0Yq&bYI+
zy?7I56E+WzD)!aH)|tEv_J?)jOggwb_WFc<sk=&f8w6tB6TI$+!jM1!D?`-|6&M2+
z!tS@p7J=4#y{f$2KJrLu@Nh_6F4*F6ej-0K1V}7%52jpq&y&kd`7K|Q!T*rCafYog
z1|>}tx08ph$S>cMm6n!*fWTpOA`t|t<MW4H-vTPSez$<m_@*E^oLGav$@O(kF36?f
z;X0@c7OH-bs9<bygabOpHiQv=?%)Kq(X*SMtn}vrx_Q_4iO@g=-kFnHYPkH?r_r?e
zS-ec-vGh|Z!b^u2fqu;%ZV~rmA=Vj&ch~(p+G!4I&UdMXdJ=u)Tvfi`y3Yhwe{Nki
zG&V{ou`t};JRi;`hhva$vqQ{eX3-d61$z$Z0`4N<O`vBL4P3^)9K6GXAN6u&0mA(l
zf_WGT@aLyIOwe@W*h3o6U$+*aGF9>?&FzN`sC<`vJOnSf(nuk0)3D|`c4Ik#>x-vz
zW9m@=EwgXXSHPwKapT65t5B5fd|iwtmaH!HH6TjkoXdJ%&w8I~t9XA9Y9j7m6MFHZ
z(M+8l1&Q-_S*i!QG!taTg5GoGwsFt-w0pMyx4m?hu$;okf!#sp(WT49ce^u9xnf)U
z{q~O>fi_Oh-qG7&Ymzl3=3_F5<8+Db<e0fsIZIZVHt7|ZtJJI7F4#G!d8hU;{p~7z
z9tW4(6QLKr&0bfSLLR494f<RCJB+Q@@l7~gLVw-mHX~N(At2SwrU^LhC$rEGm>|)N
z?#Ttb){8Xq_5(~1$lz|3{Uj7{=tK8thpms!KKDKZAO|0xfKkYepvUos8gNurLJeDV
z4b+aOn(W2gE!iL=qJHZ<4h0xbN8uNXeFDty>LR1lvbOHI|IEyc$2#HB+SBn_f?lC!
zozPH?Av_++FZUF=FSkAYeX<hEcXfQLr`IPXO`^NjfT2(~1f6!ge^K-P!s9Ss3FLNh
z3nywIB&c<9W<x%@6|swu`TZu%P>(9b)Z*^A<9!-P-T6*WU;mSq$DImyq#xqS#RU(*
zaRcNLXVpOj5upI)qnGdjoj?|(DJvG*6~_6+u!QzxY&zT@y@!8@NG*xy=fIl%bf0lg
zQkNjJV{;Xi#@Pv@>>&@GLFp|3b95PA=s+$`l}E}{A7yX&Vj#oa87#2sOTFb&Wm&lT
zwMK1Zqli^;F<yGik#jiQDgroUwB?%7Mxfhe{cQpKQ$e!nBV2Ds=IfkawX%Gcw0uk$
zaty_<kM$>Wbl}NW*Y=;!<fgn83^DmM4WpjpvIIub$8~;ld#1-SH?<c=={f@v5*{%2
zHpRYedHWo_gx*TG#42tz7ft-;y1T>k8wJW*?Jp~L3{T8y`rDKl-dKoSDmpQz-D%ln
zs_Z)K+cFiZm|IpYqNQ!~*%EcL`;n>7rfyl{%-}PB&tan0vxkh;JJFaqGqRV(*CTtP
zy`nx3JRmXdgf2oL_ycy_$lMQ6ncn<()83aH*ix|0VvmjJz1d9#AH)^=sQC&70Ic}j
z&q4ksCm0#9Q+Ee9w}_0^8!~f3O^^(Jnc>a!9*XqZ@88p_-oV>5MwYKHv5hPFK{7VT
zJ!>RnLO0LLmL6~;B9)J?4DZ;S0#M!$QO6Ig<U1(9JABRuYKoGc*}JWCy=T(&uA@6!
z|1l3(oRH$V?HLh2b^ZciET&z?S*ZL*7d+Q|o`Vk{RyVaE@)S9tN`Lbckve<%83X_x
zf`tA)X&@GPvB7YJd!s<Wp~Rqc)7<b`$eE7BvB|e-o1#_yd@eF4w>D!V%O4mb&@h7`
zk|xF$3upl$WXL9T8%m#!s<Ofg5h<4ALBIsMjB$7e@Uvorf{&<N#ZrUXg#Ml)fgh?*
zB<)@k0VzJ$uhDg9cnn*nW%J^v8VJkWq<s;=@%3}hWjp##ZHW+Hq3<y|9T6$dKTgH$
zW_bjJR;lS3q^>vqlsLZKMe7duRn0>n-iP4?5$-=r@@qgj=+K!dv#s_sU`{8N1I7Zk
zZ?v>lA_gvjFRnCgWi#TL;7V3+k0_N-*#xD8#?U<q?H76D0D$OEn5+BtOfU9T?z#)p
zyw0QWwEU>rDZg;(sd9)-xH#9hbqJpSvoJS!75nm)qt<g<p|qsZTW<!u&Sl@7`K0f<
z@F2kWuAmz>=n{D1vu^`}&LX8=!%sm2KZnlA19{7r_>0BUWwo8K$?>xdU^{)E!S3gj
z%c~p1GoTM}evg;Ppd5ls!^f?wANsQ$WuhKoGjii)4n6@uyzmKjJ^Yr1#dc-e-q*jW
z3`UZesP&69>7)j73zslmds1{ozU~dXqyrU59G4g__YT~$8NkMLfuM&Dj$h&zk^caK
zjm=>N0Kh+e9j))qL|B=cdJz^OqXx&YrM!n=^cK~!CE8#4YQn=^_zSHKn)6R}ZP38b
zOVw)!t`K*vScfk$W<O?L*mfBTC3n;^>$Ad&0Z`iZ!cgg?2G*kw8hG~BGcDuJy97Dl
z@pCY18H&3?S1)plvP31@Q^Aq93NyqK0r?JzzZeUkNCG5-&pv*V@ZwS;T=DURiA<b9
zG^>R2MNq{L5`IvsqoPZ(7IG1hs7pupkH_<7BwrGyql0=V7l&In;=qpIlDIX>Aes%D
zE3^G$eXxk&)#K`FsMq?#Q3kyy86cA@3~gN;CXdHB<*#aKK%V$faClV0R8deFNr7Tg
z?=nwhSo(a~g-;~Gy|LCt^n+&%gqe*9Hsi|%*Z`{M5ysBC%jYKmn5HnwN}aH>OO~Py
z7H3Ikfn5PnqR^7j4GcLTx^O$CSm}3~fx;;J`o?+nZbf%4rlbk#lW!SfEnRDmRpxA}
z{}zkC<0<NUCJZ<Uq)5@^j*VghA@(>!=3vhuw&JxwKr=T_yU6P(4H(elD-_cIiWRuo
zAcpibV@IoJks|3`zz-}fD~s+w{Z;%iE9D>2T$3pHUmIamo!cpBZ7#fqlpy<@+2#g`
zd~JK0l`zI|LS(*EMICYu>V8pEBJz(;9`=EO^h1=1O4Ac!ms6s7nzxQPl}|;wXi2nC
z4GjqGQ}KOxmf*Ck0*E^y0L*UM9pC$1ci^bq?`(UjRBPr4Kx|ONI8(yOT6O-13-B&o
zd7Wld>p>Wx0=|eWNYD7rFb2>4oygXaTDhKKOvHi&(TEFRdz7-V51f|8@;ITa&HngZ
z9#f*lJL8UndhVvT4<G^x1p=C;d+de)mX|i%@-wn-VD*PmW4f&Qq$nYffiIYQX-|OH
z0XmD74{P<t(0a5I(V3Lmz((qTs-X8PBA6CX2F<bpwjlhJC?Ni1f^V6*4#|x6AM>pz
zb4Q!m|0;fZMM%Jw0`$Zr`KFnvNMl4TA}q5SSn}N9j~YskDy?y1K$4<(pM#mTnc=3X
z3GWvbJv<))WwayvpDS4MYswpHDD>94e!K~gVO<E8@+0P35LWiETwUMZ2iMA<DphcQ
z04|J0(0E#4EgPL`3ML5Xx-Ya(R4Uiq?=$0{I#WSUndLpcBDrv#->8jej%c^H$Mc`6
z{_gYgVi}i{WT1rmS>UYngB>=O>(_Kc@;@dq?){W&6$Wk8`r9+lE2=>dV2-r=m+>Tz
zA77|r0+-m^o)<#=s%or=OW38Jic9I@Wud|rFHThG^#w1SpCM~mlUkw5pXQ$mO%`tc
z;g?v4eP33}crtHw`~U$tYUJ1zVyM0R1^P2f<=`KWoCG7BhmX^=3W#VwT0pzjXtjto
zvql1bIv5a1Q`P;Yj7_6W|DF|Yp0e&D74RH6Cu6)p?lWq~l0<z_RkE{q_;MN;km<-g
zPN4(ICm$ZX%6im{HGaiGi>G}9^s!mvArzMC;4HqpBWYQ5RO}j@#1RZo4~%v*S!D!p
zJ0}OF_JNQvldmJ6&&10Kh|rP|GUN(dednULCuAh43b%g{g#1~7HZcm#t(ng<F3Nh_
z+aJ$25yItj=5dro=C|s{WhEo%QESTq`fm7!i$+}YMs?@zrjm6wnYBe-gU9eJiV;Qf
z(=3{Le0*${#Km>9mWE!c--j@0CPlITI*CZL63#dWDOC-(ZaMJ*HVd1}wj?lgc-^OE
z{1+w&fgDO(wghf3y#@c9`1}|CM7pK#K;}<NSAmeqWpTV}4xFhRoQOP%Q@({hu~HUz
zYR4VV^zzS1itR)Si8>*2>fc&XTWAQk6?V2xM|D_X1T3?3r|eqvkJg*yq3|lLeHleB
zjWE4HyeLC2Vgu4@>325n*x#H1HDO1Ha+`6tKb3mpS;Z+^yE+w8(=1X|d)Q)$FThmd
z5H4t!_2VuC1&WwWw-Y0#@@}^+pYc|ss}@d;{>-~Gjq6G6=zNpCJ1;4_v0gIGM$r{=
z+|%oQ8uBMq9K8*A2trG1>vCQS>azKP*aIrAu09FZcSWUJxdRuAlJW1NDR#K&V0ZUB
z{3kqT;sBGf1njg0fZ~PIYXbTA@@BNjgj;q@GtI1XMas#!&V4ba)%F{E$V4z~i+kmN
zqc$u&9YZHC0|I|wN&CptG*R1X@qVeY!yg^V1dI?DBtXKWimt19cX*U9Re#NmU)T!U
zFqFOdEpxBk7!7G)I+>AqtY82U>u=0_3m@oxCcA^>YXi0><qspEjCZ#j(2&2<RcFn;
zIh@~ReUp1t`fwK})hMrGW8Zw)HL@jQ(3%vq)Am`0B3On41v(!J=ErF2jsU&_|CZqh
zmZ3mNTnzcZjg~n4=6sv@{2f2b<>_(@8(&NX!#;r^RXc@*2oxyyp#(0W1RC5b0lHAD
zVj!T26RU`{-|{(GP}99$S=E~Ftw*cfRe5UQqKWitf-f_hY!JT4&MzNW(1NDk`;{qW
zKr0&6{1mgVP&HeXxzWl7Cr)opWWX2gcN7fEiu3LI<%>q)E|4&<X51cRX52r>9>{OR
z7YL9TLAK`1=6N-)d)=23Ro`07g~nw|!~lFncWDXWaoP^t%kDf>yX|mVsNd}217sXW
zi(m0BrzgVW?Jw0H_c0?~B7E#{%E#I<X@{ptNa!u^MORLsd44`h|F&HureJuEPA&8{
zIaCJJHnaxw%_5qWmNf3AMVU@wMe2;$D6{1lR?Kh>YixlZ%BF+bthZZ3CAo&SHHK-|
z%>B?W-`sMYTGIwZX%RE=0{zVrx!da}SExJy?-Y}L15)f47dyyQZMAWp(tc=G*vT?1
zaP!g$3f@M-RX)Eckq$$qBdG?<GY-<07cctTU5Q<Yd*ywIIr&k?i-`>Xt;JpD)2?(4
z@?oG+2gN~WT6O!*S3BgDDotE+yIjs9bZVY0)?}0{T!4UB;ea9^YJ-DRO}AfO*I5}m
z%<~PXFZSSy<b~baxcDre%d9uQDGFw+LTQ2C>Qv3XOt5rRas{e9FCHRbvLICs+<!uF
zO&MrG%Awn?@W1{9OV|+3$+UgchGzqNDv*3QKKwdasW!Ao5!yEA3g46!e_r$)GHrb_
zqwr{TAQ5tT8fgaidm{6P3*VA7S~bo`mlNokwGisA{n(aN$fxmYsV?d?7vv8@tSjJ+
zit2i#lm<WH+_Yg~pooHlicnrx5;$w5>07=8jO2y)@#4VmO2b1%ut!pSvja&fc`?Om
z3|raEn!7WEGR!XJ>B3zPQLF?`F<?Y+ocefW?)Bkx*@_w5*%h?Uxi4nwgWn3_k@fi<
zs;w+E?Z=H&)j$j@&%l-2$6$7SXBX915>F*ZB_?L0LFNv8!U`k&)iAmB5;xm8o0-|Y
zE1|kI%lkLh89^Z_XWT$%FEK0@lw<UdRmt9$>cqd^!5>$9EUADrspQ+N;TS^d62G!6
zE%vQUbYe(~u)e2+6CQJU@cKkLu5#U9BEsBls0}g)g58>Pd?GY4+D&r#C)dN)ld+2o
zIax0LVzg;-+R)C%zswr%E=KT~g<wl_rSi?dGG$t@>Fxv~jp=)U3j|!<+G%$U@)dUp
z77}=^0dFu6)8<r4OzEe}EA5nyT2-N>84_L3QVZXwD_jIt`Mvjs5l<dzg@l~r%-mdR
zGbz#t{a#-!7r+5X-1}=62%K1b_;y!1)lh4oG)R>a8<7@L?f>EcsZ!5`;?9%Z#+Ucj
zfIW;#gy-9@JH({7<KBZM%^%L`utk!W0+yERNeO|1<CtK{oQGTGr4Dq@q^^mPRbl4K
zkQg9{&<g_yI7$D=m*9*e@Tbq)1~UI~$s}2-a@Fz{p*SX(i0}|aM$-=#_#5ux9}3RV
zGnfekYop&wVu6(2(Bkxn7p+aaR90QSsCy&h6~d6t>~F02K>ut#B<BfvK-!4`MH}EK
zeAGgL#`<7!#S;A{USRAaYT!oZOd;B}&=DR>nD^>uT=aco{KxMhM3VdUvCq`w!9}Nn
zRhHS<&mm|og-fgN#(Li;L$TKc-4zTa^6!9B)O$tx*z)*3{Ki}V>PS|w^Y6tuX+Q_v
zYspxpOI)R^x#sNKic3a`mqiIxI`E;i5x^1$qRL#*Z-Eb;Khk4?`}r;etm9wjGSTJM
zO;j|<RuI1m+>2(7E@PF?%yb<D(K>C!I$;e0!dK^2SVr`ujEx5@;ta^Z5hVX_NAN31
zi0Sz}THBm;o42l2b5r_PQMZZ1DpdqJwd9l<c;+36OCAD0AJ-bAUJb|;e0lsmF*01=
zb`G4;Ypx_$xOY+@bu9P*5%L7?y`*%#uES}+MFB6M92Y)i`<vBmiXKfTI_zDPQdiKW
zCo&xFgf1CNQ%;kRD9<-AOAYyJBt&q>xBzxbD|B#+#Ikh}g^j?ooc+OEO?&fEQE*r)
z9W3`Q+W}0v=^Ho=PZMlSwwvSoWiOM*>EOdYbqW3zxss{18)<=L@x73}6ncp=R_@hN
z&cNKHc}G3zV&4!@C7iW7_%$L8c<tg&Gg?M-v=Cpd<(e#wrruPFnt(%h%-Y^uXWgpZ
zL-8^$nR8&ZXa!#V`*O_yF*kP;Fmm!qHVe<c1o3-MLZ_NO0d%%+r7Z;j1Jr=z<@W`5
ztUF(If)8tsA*yE@bfD%@=8@;8Qwb6qa}DGTip;}FBI!7d*?|~Ee0)0b>Kry+Wy7QH
z0ERct$}v61g;Ryny$00>wWQ=pjAG0bybm#`8(+(jD73~-&$`_#DQxt3s5Z#=iTnd7
z6r1;Nf6vhiu6kOn_`Q6&aA^tLKa-Z>&nlk!TtVs&7JTz<-KH|#rZ`mvpGuhD;?#Xo
zx>}suZ8i(?4@tINNEu&U?G5D@9++C}D&KEx;LMyFCa`LS+|;e@DuLLB*swn?N&v3&
zJ$(xPEuP(C`9{<T<|yVkCUtr}ikgSRj5$8ij-HX-dsL;FfREzqFyguJe|Hcz81kU+
zsbjV94s&sx-YMD&uPTANMzTqR>Or%Bv-ukHvp#)HS;Mhz^~uy^F!b_N`H#%wq9$Cv
zYp{p$^SwF8A+Qun(<!)8p0JzvP^cr-A2H>;neg4t(KK)9K;)c&QM@~REpan_Htvvu
z^;aFU8O-DlS-D*#&zW<@*8w&Op{}^pbT%^q!smy;7ydOH2ynz?7m&a-4x9LSIINwz
zF21G68myh=hYBUJoVC&;2MSQx1ZLpUXP4L+ye|H6*?HF1?yloNUpVr^ji^<`t_i-o
z=@>Nui12Uwme!?d(DZ%mjylla<2j`8{sQO-_&k)aE>rW??%~Z$)`f*=i4>|?<_UzS
zr03sl8V?dJ$n(c9O%U6g&p+`T#^_dBSjor_ju}v91wO##*PLB+*!io=iE3_=+rXET
zI&0!O^8^Owsxl`d-<7aGrpP{<PUesa)K)8h0HudYa|)Jp%cg7jzW$M5Tm!nGl?2Q`
z1{|D0o^Hjc<GlViNaA~)jGUC^9SRg0KrLGnuad&t_*cpRz=5|V3V6wzL4xLC9LGc{
z<cND%AIy_@3RTmd6kf3R%a$z)Ssg&@5L4~?N*_sD7Tnu7GJX1L!#$Z%1IJPT9OUAq
z$`!Z%9I)(r3j{YaJ01?;_=v8R%o7;qzZ!HNfB;9^B@l9H6xr*oD+KRI)@x#l>anu^
zqhdR=VjGG6UhZf{=H8VGmOx@6eQKYIXhbcb&+ik5TtBF^<GnO*0~4;Bc3*Y&R?kq$
zr%l|VFjsr~F!X`D@V7TT6>j(0745q{zIny&U5coy9a`zVQN?%J8ZZNGox3ka!SA-q
zjg`SX)`;I%=QH@sc77iG7_P*#;TQ(zpuvZixJsR3po#&UWs-#~&7?HFK&-4q?slYg
zfk%2cnRdy4Vu+4#GQffPMfL#qF5jk%1wa>}K_krlqRBdNVA}2da4Y6pYbz?iJTQj(
z1f}M7>tOfj@~-H*$+5i2t!11bzzuc7^@94l+TcyZ5|M;zPtg-Fg?#B;F&RK@cn6r*
z?xlI_N~Uzk!FQc(e<8SR^}Q*%>r|Sv`Y?aV#+x&rQZGt7vK22bgfZs9k)9IfDR746
z2$M+%g~=ebn;vDw{;u6Yi`>1eS!;H)qNongeuBnx|8e+!S4Bq^$aKmFC}tMbQj}(@
zGz67R9K!alGY}{c@&BnUgFlD}US$u5!wiqZk-?~4l^sSTD`v~3J)>}VLGd6E4T-tl
z(|e2t6>kH?^P8j*-q!1~mNWa=0>2SCN^JiOD+LbH?_TN8RRR=V!-))IUT{%=%A`8l
zlMnvQi&(LfP^h5OpXc`~UTV**8f%B|TC(iXUa9Bka=NBlBkMMpqEV_f@F8;z>vA%<
zMEP8XJ}uCcb^6xkvnp$ZMQuwxtRIg|k!Ag)Q~AfTU~!R1o$g1DKjDSsDS%&{T;VMa
ztlN(%Y&CqDOZ*8S{{hv#(t?n!|N8s(QXsBaon+;LQaQJef#X^oB2Cl3PLshrAp_F<
zCZ_ed*C`0TOiKVCvfB@xrvjyDkUPxoeo6;ugHOmu+9X+zsL8<#L2<iYUi%S~+fAxd
zADs(Xq-2HHpZ24e*(5|@Z9o^6^)O%4-ckL7f++aiG1h_83!_8{F-9jVEVxMQ0*~U|
zqq?0#cN1<amq(%+H;ooD<aj*)3`^E)huF?SwKm!Gpib-Fp}3#BbpBJDicdWsVYJz7
zu&rV$vK=7uX@s71CE`>l*?^YNdR+fYq6%a_4r?4iS9PBI-kzx&W={GcZTyMd=|Nhu
z_pbD?{M)iBII*u~_8Gi3@pKG?#Z!TwF(Yqpm}`Vnd68Y3kPDT$`*QGrR7DRR8U7hW
z+0)6-ja{Ynj(ck3aN?5>vfVkI^#|ONiUL?uEN*2%qh_W$qD+3jYJtXP=R?XeP2!94
zgZMcIw%?NVCU{<7b5@EqKKD4rM*dX4xT_v4T=ttkR?^LpZJC4e;l&UHzWV+}gJq<|
z2pBoSZa7rrr$B`Q*s^R*<E3En1)s!$h^1j(NuK|9a}POX;J`vne^f!!@@;Off8mma
zf%f%o3)o?Hfk1znT>QJMOFIG|Y~Co^VWe-<eSho&-vOi?B+1%x|5+<mr?+-Zvls=4
ze;g23GIjkmmv{s!UVP-wR}XmqQG0T)(MT?O6R*!Hq!F58H+xIb^@qbOVMMWL<PvJA
zS*WqOyYxcKRpda&ktb`03FBq~0#Vknsdnoqn|&inhDx2dg@cL6DO!cl)cy0;F$92w
z!5^;2n$wHTR2KQ-3MJ^{%ohGVY-aFE^bbccI@!-s0*xfm-tgHL#zRVIji@Q>*9#Ke
z14~Y+Z}=>$u?ijrP1F26x^Hdfmu`=y^9772*&lV^zganHT=;cR@gDId`j@t;Y9n=`
zpefE@SF!Vu()!bSKKmlwCV56CdPZ(HtCm<q;(6$*akccp*UXuja(Etj4gb$_E>)4`
z99Fu?_9e}GW)Sj8x53k?ql+Pmei@tk8w<kEEI$p{3jOq+HjRLothS6;(7056jK^jN
z;=O+-4e<^m=Kjm(%A^vEt|;c=;5sV+-;xG;6J<Mx9iKs#Cr{oh!wmknYwSP#YKAyM
zf9y+-W+-df!%P!`Q2%!MYH5O7$%esIRvF|*8or#Y0ZqL1O!?>R8FNuIM*A4-G0l!V
zQ229!G9eJcYGioy<-Q4?om3I!dKHRwFI?A5g#}MVRxFM58g2~L3K*43OYt3VC3xXp
zIK}h|%X}JvVrH$*D2GW*0+FexX8yr%YQS-tX|280|IMJHt6}y<_J-Tft1E$Jdhg+a
z_ccF&;H@*Zw~#p!2xR-)HK&44WM0m7^Grp`0|9L3N^NzMPflzEY_arVCb$G?JlKes
z=&xXvMk&;SpEbQ8?cJLv;%mFqO*Pj4w$KEb96u$Q?`c8H%Uie#)iIE?(6$#AWmL+Z
zCwZUmiGkcZ|3JFpm!J62o1$vXsA<l|<rduy@$t|CS2~?E#|nn=kX21kBWdX;==N7>
zNnZMu$1ME*u*UgnJY9}(DN~7y<unDp1I(aL-IlhuFKggvCo?B_8^S-&mq*d-G9Ojj
z*SZ<<NleUar7nh@dWra!vJ;)(9{*`afBw06x0ep^sk9BOr)A0aJMlGS^D6kAK|L@&
zfbD2R^>?GxN|uif^8dD8yrt~UL^N8xE@lCV{ytQHtRehV{7p0lazS{4?W#IYsNMXF
z>Tp=wZSw?7ztRZ+;R-_?Cgu48aM7!HD?!a<s}wV!b6UybrZccBnnyi*+a^}NNCCBT
z%=T)npkvJFR7p@S0lJ%2)?<VC!+~?$AO#sJpReA5tyCC2K9UtVC!#LQZ%UxIztXn!
z=XgVMGxOjZn>*jine|Bu=1|urWQ7Hiw>Stto)_!kUk*AI4BThKm9myxx>E@R_Q0n8
z>u>f24?c<zjpI!=xcr<7L>wwc(4C=rYOjuHlpWIT=Kg@Is#_Z*0CzRh@vD^72xzYo
z&rpt+4F=rC0t&jAvfgJ}7KtOm@--Zs(<*8ZsU~uSRO|h+wI)Wtf^Lqlri~Wl4kh_H
zhL>q)@4c)*1kNsnvgMM^7%x|ny1k(t?YydD1gDeth<fN{O1DJD9?aH)18UVfeakk4
z#D(RG1P&v(ULecCcLY#ZBO#8O642<G6%cN#i;4iSGDExVt{sP3<Il-+?Fapkx#bW`
z?7w)1K!Egj8|?o*oNIJ(IR55Z7<Ws40IY%WLH0KKz9?@t;K+KLhe=&&jV>FPWr(%Y
zycS@7zuJ|Qq{0)Yd$Ul3(xP<Lw!}P`*eYG{B7I)u`ZB8p2Rn$kv?RY4!AH-U^d)JV
z0PBMj%PC-HzeYN0!xdrd=XH6EmuA`OcN3TmJIR|N9yj##CYqN;M?NdHJUS57((`Qo
z9lrLchMB+@9vsx^Fq_6fJj6lv()br~1<+8n(=YWBJ1ptm1<tPy*;8cEVIBzeg&@50
zwm`REy(@xxv!`UZvl)B-Lt60ke<*$ca`E>?tY^rWZhz|d`w!t!MLh@){ufT)1?^)(
z$^f71XYzh%50D$9)dC$kG)&XFYE?`olTpkSnk3`3f&`vV?(DR?LxrB&$*S~6zG}?h
zL2dL8<v){a)o&=wiIwdL(RUXgN?c{24S8O!b;`8nfr!SC^+H7vzSfe@D6UpK1+$S1
zYOm|wv2G@$j(=DT)95OeYO7q|x~bXTGqbS2v1DZw@~I8O=EEaZgzuH0B-tl7F;@))
zGpJwuu1M;>-+v7>LZ57m$$u<8Xmc@=5Px|X&I#D2z;_44ZE<3D$+jOSUN@1tbk0};
z*v-~|JLvC8fog&aZ_q^c5^W~lT7=mR9}~R8EUlt|2p`Zdhwu`f@8QvGXm#wGt+-s>
zn(N94W=@>Gar2{2BsA#%gusQo4QebXD{B=Ih5Tx>tD$Y%w2lrhRqXF3RdFgE=2BTR
z-u4oh{I16He<Lo&!3e;18n~0;PDQp4Z){$i?5ngjYxwi9D3;Q3P1!0UHy~-SYfv<B
z2LUZk_2B0rG6=*)^Waq7PbY1kC$dQ@pW6Ih*f8sI{J{h#>9&ur-Tq>p2HHJuH+cu3
zFJ=_IcQBThFW=vJ<Anb>fo%WRMIa9(@CUeKOaPw$3Bem)MfQa6_33DGuW1Xn<I7b$
zwrc>;e*BDLp}y#5nLQNLG~TAY^b-&ZXPyiHp(Gb}OXOd}T|`HW1OV;^iFtc7o<S<_
zY073e?KLdstEo25>TIvvb?HY@cs-4upL8&EJdc?sEGbScq8Y}9xzEbfYJBT^7isVD
zlopch<iJLFtzOJA*St7Li;?X)**Wv{x%I&ck$D+ylz9loIlTh}wF6vUM||K8NR|z^
zw%Nk#sy9XX26o;2Q6s+|;F97h6|!YhwS;8d%h`gnW_NV?$_(f&CjBen`<Ht#88i-G
zPK^5J+m<?^UuPU7n*x-W>M1mi3fN@|O&w;-mz5@Z`6Yc!DB1v>4%5|ys+0D6Y3I-9
zlo^H<S6EEfOC<pDyo-7@-7sS--o}0QV+)oh0BNkMSbV$_s?o{ATkkEt*s7bh3vm9e
z;a@qF!F(_}rhc(eu&{e2D^;}oLW|5;>6YwkCTQLNiniqKoKmIH{?~(WVT6`6^p>dQ
zNC3*3iqw^~05k?X^zE+o(hF_EC$dv_8*mqKOL2GtaYWa}zC&9MSP2it8@6VRA@hCs
zc{YO6K&pTB-!^}YAHXluzO}Jp6T>^aT(f@;uo1dd0B&OV;W;rskl9CG#H6CqRwj`-
zq5o1B;yp)ea}aA_5~f{ldWA@dp4j3_Jg9U+mopuZULWiW4Ysw1^rF>lX59P=Q>d&l
zBB-*W$%>Ak`;3kByEckKQ|~5W+q9w5wtwlK@0E)2K}yiw8=rdbiEl-hC%s-)P9j5$
zQ1jKHpZLldRt~UPCK0`(L-Uw`sP3&@Ec3i-QfSY*%iB8d%z=}zKUf)q;mM4w=ibOb
z8kLlx-?LPU#XN`EoRsudK>R>Y8dV#_ZEdVP*|}}!{$)}^7SzgdUYF+P<D%b-$NhMO
z`B#bYZ-1^Ar@UwM)Z71el=i)s1HniTH%X>w9+)7#7U_DE=PDzy8)EQXNWm<~aFxRj
z0D*vFs)K!dM9X654<!|#QSN$v5?;Oi%C4&->C5~o(SXI~=R>;K51v14DcR#XfDb<O
zbH%X{_jIQ2q9|wnAaONUu;(s58-dee^<*QNfca<T@-5T<Z~?%bJSSwkG|@d~IxxB*
z?bRPOIVZ=am?8^uiSs^0L>nT;QBKPa%uN}6dzfs8$Q*oCVGTR9EJJK{`sh5Pc@<5$
zoeSr9CO=eq@1RkuU;VN%#)JWnF`6+<l@_e=uz27As1s0;pcr|ZDqjeNj6^fn{2Usu
z=`K`zNCj`zMy4gmQ(b3^FpC#-3lal<L{#Rf=JIzq>+oKrB=9dWiN9X>VM*GF=RYiI
zl%ORI!cx1hV1t=ke}=2Mdr21h^ZB9Z)JnUOS3dsp3Kf(BkB|8oJLLj#-u9us`ODqg
zmlUJeN6W>r%TE=SPG76VO1Cu$MnL$gn2s1eciN9F1s}*UjpGep6CD(hrV_mXcm3f4
z7Hlkl^o*I0Pk*vDxx}_^Hq5w=BW1~D^^tzi<N6~i5U>{Sv|wiNnI5p0Z4yMbaD4M9
zXD{IaH(>n+64I#;-AlEl7ZnOkaEpiHy6?etC24FV``B0SUS+*Gtw>R(U3KHHsAvpN
zmc^{)yTn1~fl_YMWOSYnN==>73s}^cESKq9#O0gob@fx|v~M9aepLg);4AFE8tngG
z7`A~t*Z)U$<9UfG4t&(03mecYD1>e5aD5;e#QF%RaKxkg&Qp(n*!mhYtY^<WL5wA2
zfW6kK4_AA9OviZrAIQH;<~0Fn|5d5kZ-60eDJ%>0GSY2WuukEhS_4S|E-FHMUhF3H
zq<}`xjWED~TtWoWAmD%_k#tBw-)KC-w3e-nPbTaEN2%s}&&3TUSKh+`4Dnh;=}pcR
z$62E8@#1_iWhbo>wi(jxV^!|-B)TSCdJ^|5@GQK7fkpZ3cL+f?B9_fw3a3}R=*|Zc
zpd!)L*;3XZcRu=_EwIIwl+KW4<)%v8a!both=Ym@b)9B;7L)YJK`i@Ap1;e*N#c;X
zgL3Bk8L)Ji<vPaEvY2#cKi(+GlI_dGb4+#eSSaBbVNHP56oC>b|9?Gd<PT_KrkTzs
zz1vP4Uv{MyZ1Mey2ca(#xnJFOFqi;f4%_-r)mz6u@KK>sK_YN@9|jdhqvjmxvfn$r
zjSKG%@b_qJ`H-)7XOq;R@#LAoq;Cy%E8i1K2IQLoE7ci}KqmTKlKbW7C|P578z>8F
zWy98;_Q4!~4aQ#S&AXBrA5`2FOuEAa`O%{dUkes0vRwqreR#Z`-6M0<P_Xl6g#%7|
zwla4;U&Ysg8{3ce`zG$X$cu+?K;W8$H4OOh_K_`viD@X1R}Fr@NWZ!We0ZCLX+9O<
zxGu*w-0oxf6~IdXP9{MhqDk#liV^ROTU6LP6&4x3V3)HwNt&>!T+E!<>WCGN{EyB;
z!G&dx*<<0fb#U59DUDI>G>^YO0S&%^PaxUfp&kO^=7hlisy&c@8_6Pv%Rh5v1Mvx`
z$v3=@^UbD$p}2XJcIZ#NVjH{Y(uGO}1nT4|e>`5gu#xp#A3tMab_Zku_Uv$tOFdu6
zbB%}acRaSK)M*16B3(6v{!V7U0v}elG-bv6Ix_h%ADn|0zec|l-jaj2pQZvV47ToG
z(^Hr-xP8X|TeJ%p@O;qqL9l<xl2x46qkh@LS3+NEuYoqNx^=(vVH&@b3-CKG@C3FO
zYh|y1q8A&1ln}`~8lX98J8<;iQ}1fP@Q3chX%TZeo<4Py??M@0yDi(#EC5ADkIHS|
z2k-{xg%hqe+mAU%J3T-~fq(MVlN12}iI8Xt0uA@Ybj(0LQg)T@Qvq84ggZ~{4ZIPr
z=b5QC3NJNoh>@T9D*)<L@DbuVXS#RHIqgBZAzFV-zx52qvuZuLNa>+8DR_4C+Sd5&
z_GhA7xo))|mm@mm6aETd0msmXJ9m59hKa{+ben+CQ!CQ{2Lh1V=EQ)@uZ^O<k;X{T
zE((4XI%#0G%x+T9Zg2Ygg&t5Tu*#jjv4Tq^w5V_9FI&MN>^9YVu53*v*y(xlavS(h
z>We4pe^IEjp1#3~oZq50F7WDyiDaZB-L+<qv&KQB$V8wqqw8WyV|Y7bMdo=?x|Wb&
zAg7)f3oYwML&4;W{vXvX2hk(7GqUN@eWE@$^b`F@3I`XSRP9E~_?<0Lwy)dY;V_q4
z-)OP)#TUBme>_|TRB`}c0<1Q;@`QCcFYUt>maHV-{OAQ-!No$eM%%Zy{<P|j&D*&(
z1zWD-EP_r+%puS>q5fd&<GY;s!>-FMGI#@7EbA?;iiX-i4;qY=+36Vo3^xX9=WX3V
zx*@*0Z}46}39OnMzwn+H0A^?!?`~2h5X`K&HoUNUk-mxNFiR5rMFPl&JRFYRnE&Md
zz4W^qU@#%b+w=_pG$vC!b5uZ$<zQGCNDA^>7kfSp>_T_Ob&TcRF3yN}umVbEl5D32
z?i=2BWu>*8d|;nRvEEj|kpsj6o)kZR1J~pKh5(JB1_&$o!l+^~5J@g;<bmPC0Mefb
z3P34~yJ7vY*(0E65FMB-38;>vg`yAE^C!|Qc6;Ii4LrXrHOn~+Z|}O3X&%|wSI%x7
zVUNAnv!hGxLF6J|XZCvk8Vfx_v4H^Wp;#H85%2_H%$vuJ6P9<A*M<k#jFwh?V{_Nq
zn)S_z&PPr9tTBFr=A=({FdVH!!g_u|sntIy{gQaVd%(Jj9sRS2Se?C_AqmOfoAR5I
zn}M*i-NC41=e@-qF{3y=l&gmRPlVGesrlydF1#`HwCa*Q^`#oGveeA`qjF7ix3}L3
zk4^l@y>#pMrfnD3+`W(QXITKa^!L&NFoDc!j-Z+lus|H5Rbf%1WdkQ$yzSlDzrl;|
zc;o#C4<)IHc8Xdo*ujbfKra3y{6mQEym`3+h>=%K=m54aVH7IywG+^-v1?Mhuys!<
zu(c_^#C(?>!A`k|P=A;(9p?+4_>`s1d}fwceJ~{wIi1B=f_!(LS#`vYv3f6qWBuQ@
zDAEpb1z9kyUlbBB%$r67L!lk}o%`vOKKGMT(KePEyiVBkSBNNk`pW4VNygm*q%%#h
zY-J=(D|4z8=s+V$+_vBsWnLSF-P@ncjy@8S5Jot<dVX5(z-@gvfOK1koLOwnEHs><
z`Q6pQFkt7qSMT`+B!ITWiz(XH>u!4u;cehy$I_5<t)z5=F71k7=yfQp=+H5l{C;IS
z>AOzb)6auELJXNv+o-<f<$?7VyPjTxKF&Zp$98BjR!v#vat^FeuXvMPz2e>iay#NA
z3mdNNAKiZm$QqFEr+;H@lz43WH3Nz}p_L>-_;W3<J|P>rsWi7=T0b|~_0HzxqO(||
z>$7;*clpAelb+lM!6oCS5uK0b#QO=4OveJNfHmYQc)$N}=0gO;U+i>SK;u)sQ*#3=
z;Bypw8#&^Zr35eC&wtM@baw2&PT<)C?x8LCQ_}VXc)WOB#X?1RdtSy?YR)-Oo%16K
zgBs@ovjiO?WoNssdxu>GCC{2hdw8i~I<cgX;0NV&R(A)HVw$KN8?H4siGRObUg)$4
znSyS2h?#SQSqLfWSaG_-_DOiXb`{iQSTheT(V+W1=;ILs3F+$TS~Cj>c8m?<iinJK
zbaf4>Te`(OT<}E9c-S{w?ZhS%FB9x)@mBt82cI@;>3-AR!OQF0-X62hD*EzY3w|*J
z`P!f8d_6aFxc0PV7LZFm{()^kMe|GYj#Tr_&+~N1DLstdz)v6)c!8hPPC;=Ry=`3r
zZcu)Y7VcVf5dPRoHovr?sIIEk<?3{uU=IYSORrQ41{q+E1uM-o?3qivV{B&QQ#$Rm
zM`TjFvsVn`b28iimVIOY^Sx_Fszw)jc5sR6p7~pquABnbFSgLV_iS&Zg!sNC@rE9E
zN$od`|GGia@+84Ttf*?>i+gaea>U$`R2Ult;2*H=lKKJInV7%-?8#OAd|S2Kz+dbJ
zNX1ZoP%Td`2}aPVTU=TmGqv&6n%cdee^+w9m$&Qj>qCs==X<|>+dZJ7j|)^G-Zqs3
zT#mN@el|49W@>6n+z=+fM|tt^U_F<twS<#@=~<1tsAoT}Gu&nS<v(S%av+BNzp&9c
z*&>RVdv(n{I-T>cJNr72`W;oA5uqoZ*}#Gyg{VSEY}h*^UhvA5#~`HWxj$@2^nvGb
z%l^^uukC@rC;<ZVF2c&}>?@J01{kvYVRL{*MswHH=9g-N<xRwNWrfwJO-h8^EIT;)
z0G+rQz$?3_@Is^OR}dJx<Ms&ivFEc*%}iwEo>QCLE5Y82sTXwg+eH8!zZ-GnTQ?J&
zhnpXq#o9~eQlaXIp81<-rMZz1q$zIt8xkQUKCUU+PaiDs#YW|9i03+XH@}Cyo0pp~
zjV8C07yE8W^__BA{p5X$srA90*KFeT|Hs%@M^(Xn+aB;B-6`E54bolGEhXI`9TL(=
zH;QzNw6t_L2ndo=0@Bjm@b>wB@BZ_~{qB8Z91M_i@a(<TnrqIv_BL?BtyBCVOpiuQ
zzNe$Zba1%6ppf7QSa=)4nJ`yUaJnt%KLO$2Mkd02S_bC&Q@xvX-4Cd}%^lvMCbARc
zE{K?HX3jppX?v22p;Wr%LSpmw?&GXzTcw#b-1YK1Q%3|JAwl5%EaZFk&d{;dS2TV|
zm9VO<8c{S!)33!Nn8l<)c-oL@=2>g?&f1e5(w)e<2NkLc7k3(o#iyFsfga&tlJfZK
z=;-G_g!Jd&>?dD{s{i|%=8bv%xeynw_>!mMYT;zjaYyz~{Pw3gjhFH*Tj(uOyR>6H
zTNlZpN(GR+HL(Xfa5KbeL%^--F)YJH4E*7NKY}_oR8Ae7s$wI{7Vzfv;TmM;P<@bF
zd69GN23y=c4?^Iy2f^}iA5XRJdUe)^=D*wU01dbs2rx8aIQo0?8PMfAIDsJb0+_;r
z+9~#U+R?Y*)DiC);D_1qa4zC|no*gAurj@Y@Iw`qFHth`X8-qB^ldOmYm`DFS=fG_
zn*P<}h{W79i@aee6ezVVeZS8H$iq?DGPvyc!SJW;8@k)*(3{c}e4WDq(^thU%f=4T
z+Y0r(9@xlF5$m1y4!2Et(TXORd+4f~xqtm_HAwFPz%(LEa{Q2tvcNfXl^^TKJMXn_
zsD~*&F2z{q8wdYIs}JTM2F|`%S(LTw=BY=^T=&-rB$Yj)dDD3CUJCg?fTnU`RkCxp
z?^M-l)gxxc`$I;yFfc5rp7G7PvKY+{&SoH@SMZ6rROinCui9TUL&(DdNk`}5-9yg%
zEw`&Su{+ee8Eet#<@;bUDGnlS8^HuKy!TKOKui3;-S)N!6T9s^vbf<BfF)A_maOWh
z$%2&UpC8J^GF1Q%nNbR2pJW~6E?De})YTWGvi(K`wm1j=Tgz&~BIV$qC~x_x`&Ehu
z>k{Sdci3A+1C7G$f3B{Ga_;jxx<P?5andoSg9Kc9K4RYeK9o-i=r|R66apaRxz<@0
zEF)J#T3b8U*9|6l;4_dr&GH^F{#xy8i(sUbva)3S9D*h+9#m;%NEWP`se?m7!QKvw
zALudd?J)(s{mc5=%Ah^E{tOShGTu^^?Jb!YIfZ%S2EkN_pHaHB2%2U`IOx3q08}{%
zwsUH1{)Rk|0L9EvFmrLVTsdrMC?{z`_R|K_7BKi&ln7(qB&nv|{)Pt5hL6^fO`j53
z@)CbF798Oz$ylwLuWqlIKCP1kKDZHZdX6K(FL0z-5k7oE-)_1#UuH=bi3D179!h5>
z<w}F->Fc}w$9u7(y=z+k-4{810gn_p15SRMwO4)Y%j(Vw3GdJUC9>k@qtmtFoqqyD
z`R9@acF1)5HmyuNaIg;CTm-KHtRF78`e=RFx=d11$@3sPG^_zX<cf|;h1EzELQ4xL
zDYvb-1PL<y4o~uTLf_FNh4uFzdPVINme&V0bY+BPmlYqrvR$`{#n9^4vkceR$C~~)
z_06^}e|}@j{UTlD@Uj(Acz;uiIjeuonR@SX8aa^fw->|5A=*q8LdWJEHd0|PqRCfo
zSJPwx#mIqzS=eYY>=kVnywKo01q90H5SealgMfSXE|W9Kf{7XAz{|x`!bP`B<4%*a
zKTDpXROM2r?>?P0B||%J4+HSlYMu`c6mhU+bf*~K8NY(7QcoJwqDxzusKD0G($=5F
z6_2&)GjeA4k#p>KrH;~Ngfz6dY<%po4IXw3U#e+}omFw>F1E<M-l@^*7?Zg~h>UDS
z%*j>>EOU4?h~e92ZOoRDG^c;o(|0PRrZnbxHZRvlv*JceR?cJ}vb_J)F13T%EPvV}
z%&f3>V53NZi{NQE-QEqqU{Ih?Sm11Jupic-wFaX_iuz!o-TI5+!GgrW0_63{q3?n_
zvFlv1#$$!V2Mq~^GNM^~H!jird@6xhB=X0HdrF>t9gD8;^ljK9ROGr!5)1XKr?sf5
zyGLzr`O@^LeL9T{bL%046-xZL+kXcR(I??4M^(c`@FB7EsNNXl@bT>Z3x~de*}>uB
zSn`Ya8Df9>@+%L`6cR8>!7+2Zn5D=DXI|-u(@?(B*l^qTB-8y;vbR6C^XQEkdGH{r
zs?(@}1k3TWH?<3x8Qixd^<faj$@zDh<=Z$U9%4HQ^k%wT>Db7jd`N*C8ra4G?!;gj
zAI^#fj)#pO+Gn0{Bo3_{t=@t~lk7~%)nv-m9Ld*Y67Nh2?Aq>I?YX4FX87w3F=`iv
zc8taU{=K|%vwIk*S5DW!`b`^7cOOodi9n47uX9a49VM`71G-6eK9FT7e{woY%aO@z
z`_JbHNJqyq+Juek&0HjwIKc6Hjd|(DP;9&33{{4URD##iwF(^{Tj>eNV#f&I1%FRr
z5-JaLfo9}HPeYlE8(bDb1?WQVeq8P*Di)b6e-UiJr8PH2yKuw8JdC3=AKwbnWT_;h
zsqI3dQboZ~gho31E}vKJ@=CV94ex%&bJS#jg>2#Alr#24ZDfndFYc6aeP}B|qdL%x
z?N!E<=Dt&=kx{=Z)5~UpPl~#)pXY17BQKE@B*s%?O1NbuK&kUfQGAJanpP1NxXU0`
z#msx|Yv}3FOTsBU_>$@8@477c{!TLd!wmnx7rgM=VnI~Xww7KrB)5*WuLBI3;*!Fw
z8h*Wk;~<XxfFIZqfW)`>mdNvQGoC2%yUWUa#__>WyeB7}9O85^0VD$~GMl&XXz+hl
znWrn(b}cXe{+ANut7yYle8{6vUG<}JL#UwMRel~5wYl9cGSf733dvdcJS%k`N6p+`
zDMXG|osB@87N>Ey0udI7ok9Ax@Fq<L-9m@HXixJAJr|D=<p$P|Zl4fQ<aCpH-ob(G
z@Y{bEjP8aC!a3&#K*282VZ)qdy0JyB8wDdRSdi$XD2Y6^<^l*&q{Gs#Vngw+H@wXY
z-ZJgd3F8u*DgG8Q?Pze$?{B2qE@;XUM$u>-hzIf_+-fyQm!X27Py?2sjlW<76Y_To
zV$EK`;8=&l(gpNlq&tqp&epbjHy7rG-&V6_27(BqY-hWt{G>!FDhKoKIr9BrT26wR
z`0%QoaPt!pMMf`(ZNS<?GM)$88igi|MJsVVja3K^71*fotEa%lD8siegt+eDO+e3C
zDi<VrQ@Xc2>gpV*T4FRfF*By)gbuErICk9ox89xT<6FNsQ0~phOzp~#7Y)w<Nb~Lw
zq32o<B6-gd2O@bqq37~F;oZ$_Kq*y<>MZ?pI%N3E<wr)?x8GflsZwSP<!TO6<;XkO
zWum$%TrJ$i*uB1Gq2k7B<dD^t_mNzBBqsqsewRZ-L)-nI_rwaJrMo%#_!gVAdvNeu
zRyqt7YSoCjy;F_vvr5ei^5)PlS`k-1Y#GUnbxCatcp+K;FzO{V_7AtKxTPp2;Au%j
z|6*<o{nvz0odh9bm{7}T<>ymG32YxPg%nraH$pod#Y`sdxZli}n>R47b1@R2G@j}N
z^eXc$h0=bYEjv+oSv7a3SJ`HKcQ-4?UZl>3j~y$0v=Xd3oowhfx;o$Sc(=uXg)EyO
zZ(XIqR*nln9o(w9TA&$w53<8nPJrr<LiUt;R!F@DT%+i5-38H@PF(f!{((1q@v~9s
z&a5-m1@sB&ui78h>V>e5yiCT4fdwd6+jd149OzXCjuYtGcNTBU4I0~cFK_*o^~Fx?
zkzkgtfm+X+bN5$1aL{pgwMD49b;z()r51?*{I@IFT7~=v?>w8e>;Nr6o*gsh>UQ;W
zY5Hfu8hPD|-{4c&xEAVL?ZQUwyGGU*D~xYxdVJTDamUNt6XfYZoCf#c1ohyU`r4z=
zx51fq5We|bH&(1&%1M_KwBQ&H9uj4;)EdT?sZp|>Rw!7=SIz#1`COt6s9OO<(w$QK
z%gy_LE*q&<VjTh&xP#2tf?Z1jojL?w?Wp@Ag4*cOXyEvXdD_<~9#ib`+R%i<+vTtg
zbM5j{ENZu+h3v512L&87<8?mmIX>xzN)%&scfM-9^0rZpEk%tDp9(K#+MD79QCn(u
zx>Sj-I8};_W17vI%+)~5uco42q{y`0#}4QAF}-p=_WFT=-<!N2%Tzw{i!IzAI=%Ru
z2l*vb1sP>!z&dK=r2pu7Uuz%QW@h@Myzx~rBO4?;hbBj0ww}r6;#NWG)ZBawq0@j3
zvt9hX%QYUv#9KxpI^gX%{0e~tPf#?u>S=EJicH<HnzD2Lyw|pkm>xES$BN>q7W6>~
zKfL>94fnD6-bDU%vQQr+7tLO<6XN5=9-4VywP_CKC5){Ovp--uwVlI>KJE#vy9rDj
z)ar`UXZ5E_#|5<AU}Ss!VKjQT0qr$=HnC&*DGK4st6|0zg+^CPA_f)TkawXqR!NrC
zy2n2v<B#X8mxJUIwDZ`CNDkX?k=w8Cd_G0>&7=7yX~g0(h;|pWcL~C&Rr0OwH;DD7
zP5LpWL@8U(ROa0KdkY4kCXt)cXI1aY=a$>hvf0nXhbp9=$uxR!M0c!KA9-V;-!y!a
zEx3L|&7CmQXpat8(p2a6C4CA_dR~mZLE(K|@zAdONMp0IFlq1fFiUZgE!NMa>Ome`
zbhT0TgTL<C^8L<DPEb(pv5xw&PTo~#Mo=ckP$^5VdbU(G=7wpqAi5<W4t&HXFM6U#
z|H3Q}((O;t{h)=-t}NX}yy-Oef;%xLNUH>8@1m`O%!+=Cl3)-#&8k}q<$A0{`PANb
zpR_X>q(*Zw!D>yGgs!zkqxfN8daZZuLu>7~<X!HwOK|}Yr>q=AZTy!#8|kB4;$o<<
z^8RqSrC$6i^v2Jh_7C#cPs4+jwT&CeJ^-o#u6=qD?fV8!w$A|%_&%@GQA}8!_*I>l
zw3TA7$eRm*3~6$)wgAP657oMSml;YY34V`h9q&^6Pm$vJ-NO+K`#8^x+}S4tug0+l
zAQ<`~>uj&%J)>;3yr+K{7Bd(Zm6mVbAio8%diu&-6+ygcIQFq=W0r{6>d@>aKJK3A
z8|0U8F}?H8wKwFNxQoTS<fX`tnk1NH`?6*5D>jye)H;fycb@v+@?VOjQ=n?Ol&V&H
zB1cH_8txjuVp;znU!*=_4IXMtn>vYl_;zKIY{8(G&r(?LpJ-5pgP_!<t#P@P#OQmv
zkfd0Ee*1j07X7!FYFt@@6n$2OegLywc>&LhQg%(8hitXaR$B7zrPR4{6i<vdmR&k(
zM4p|p{qk=X@mC_2Oi2B>VuPHSqa0Y2f4IgiBxOOHSjEB<B#$b9+|w3oSN374s`pcf
z2`AEp8D3ElF29g4I+YXJ2$fNJ^GnWJNXA@^-K>c)DKz6b1RH(-Z=L_~9Tqp!XtKyP
zyb)&q0DTwfA5#wnxJ@irgzGB7Sry@7p;~}a7ZSLjXG!Q|VVxwo1YlFF{56^|1|plG
zh1n-M>0gIWa+u+whr$#1!qQ59Xglhm(O0FxM_kp^m%k{H8Q+D=0oUsAuD?(vCyvDs
z5ouV-L(F-voe!=OY51cW;7wX!hRwXe1@*0oI-JoDK&{hjIY=vr@O6xZ*y!RzXn<DT
ze9T5F>PtcD!SJvZ@Ictsc1fM4q-`%w(t@uU8T!No{S-T%`=IO@#uW!u#?x@t?oYl?
zLH(W6Y<0|1`}CDM!+<(~<k}ma5Z~fa-MI1Gylyt)N(1Vb_0Ca^Nprl|Lssn&x=V&O
zBPiIrHuaWI_wn)3F+M!Zs&eiXTmt1se&_vBuhoKC5B6Kxfp#=Kh&|XVjoZiE01v}9
z%YWc-+(o_?oSGT+V?I}DdBD|SeS$1%0JqrF(m$U($GmH?28$90t>w(}C|lVGU3YF~
zPtz<cHw7g$8iebbg_YSF*k6;_clfvbtuKi^1een3T&%kC&&HNrZ^e|$7k@4P_IB<f
z9FnT9BECh>(SjFh@;g=?y$<(X7A-kLVw#;#V>!Nfi{I$P9Y5ByAs?xn_pN*(pBIEw
z2Z;9$adaXne$+bG8>0YN+9ne|Hza_D>B=d>iTb;kNK|Kc#(zIoXE)by>fo;ri0~t)
z9<v%IU96uRe^x0CJcRZX6(d67iExLy)*|%h<CVCOFCwsP3%rdZ^rX2%j;rO7t|#<D
z&FPz%ep|c(7dUeE_P}Wpy?XOsUI0d`O-@eHwu0j3hg8Qpm0yQFgIJZj1D{_-K)>Xs
zMafdG#0HI#NqHqI4EPF0nu$icmPBBR-QmEp$D!DkIupTB%kn)sBE}+0?HgpUS&~yy
zjt9gZo`8P<YXV^q%2_Z|A1ROy4KuNRqq5Z%o_Pbu$aj?pl(mSEiDY|mLP7%58K-?E
zacN*l+s8UCU@cd57sim4^@(h@zYwVwb0oZO&i?k~yElniNz-jdWUS5EV*qh_4vG&G
zq)_Ae-9E)w?$!#Gu-`hP=*{{tvAM=|1s!xJ*MA(|1XQTbm+?jK{!^lg=^ND@gx`Ln
zSipw#^>1RzEfHMW{EWBi(5Qp|NYtE?3SdP9^j>IQwsZ3OZ)Nj+gSw%%axnnaqfcMW
z;z}$~;m51BJDC<m^y8-L&U-CaTzF?RylT+F7=3vEs>GgX`kQA(MR}OX8>Gw@>i2Sl
zq0Cr_*yugW;+Z(dmW>m9HOxshp#8BYK>hL&S!u|cgFcx?nY&?X5&1(PMeENQ>6Y@r
zLOtAC*WoYd#moEe=S+H!APwfzQY}GqCLlcos+T#vBia8<0RNka0K9LtEYqwnY|a5{
z0VzT%e?pukA*c^8P>4x}y5?P<HUCO*1pDsI@iv}O5iZULQo%ZmHS@&O3~h1Rgz34z
z;6eiXWIC3#<b>fbABL@5wz4pDi?#?@O1UEj*1T@ZF+nBxGtB;o2^LoSJ6-Q*&b!<7
zA|N;o8u@oz^(}#W3cD1VVtm<j7$6mzH_sl|DA-~B;5ZgZq!(!l8#)aBp^j154L$ud
zmSjI%s#P@8T@~vVRjQ;q(mmg0yS*U|Wud1Sj+}v>wOQRejnDsWUgUDmaj3s}6hj}4
zPXqn${R0H_zqW(76#n(m&m{zl$^W%540u30_a#yNxw*@!c<Fvt(w1dR{WzdwAlTFt
zs?nab^WdYJ{_#+ToK!l<#7ldTl`7NQO{V-&Jxzw-m0c)t>Ac0yJ@$H<hrU0^{P57P
z4_Y(XMOq{cX+r|w=anp)acHh&PLXk5T~r&W%&=h$><fJf@+k;QeoqewX+4r~98@Kv
z+|tFNC8j3CS*U(CzC6)JllVIdm1zg2ePM11N5iw)S14y$6i>m$A{u$pjskG`KOm9L
zq@pRPZ>YnN=eWN`e_6`wu|-H>m8{Vau$dyJTvx<KMObkW<e>l9^M&v2ed=4BgJPn5
z8cC?IqqGzp(zV7QZK4|UG>7duNVl-e(J_G9!5$GA`3w|p7`D7W@90J6TMV+RXu=0^
zd2l}}#fXQZ`#i;N+FvCcRW|z_?9&fd0|B`PFz`MKzO?G%<Fe%55DXTuE4X1bjO3vB
z-fu0|lL{viG&K1MON&q6dgukw<u`4NIr8Xp2o-GKcvj&8?80xaK5$v~%I>+3{mdgq
zr1Cj0;5F_8bcu;etBc@G1hcwAqjgAXat#*yK2efsV*YE+Hs?d=lo>apKp$n2VuBB5
zf;TUmc1tU#8n09mFIE*_`>XjUNW9&)GR??tL7uIWZMXoraZg1$81C!5mcwGbZC4X{
z$H3&<caG&`Hi;YV9{D^-SBnSJE<C!w2hErbb|&k#4a#e#N<C(YD<{815_Lb!ls&m%
z&Nxpg(F<q}MlLoy^UJZaj)?uTe=?T_y|ZI+C(HuO1$2EAO3w<_{82tuXNx%-?Y8b-
zI=kITx(@mfUf}^UMeQSgoNb<r=#T}fj3}wfpQbB+8Dj*We5`ifKVRf}{hWvX<C-f4
zE^l;!mBie0`i&Pyf}XQKzC8oI2CV(NtT-PmcxCbeA!A;{5!e%Y!Nuc9UW=(|nNLz!
zyBQUAZ~aN~zzdS$uT6xSf@)zpK>`DUY+3VXzKdgEPxSVbiJXF^Q1Yfh(-Zj?t#@U>
zww@fR;Is<=a9-&Ni|Ps?iq7SS3sUm?1-Gl+p0SmFl0#_lPt+uZXmQF2173YxxM^Ef
zkfUMc9pxI{b?yeGQ!+2G)|wsciI+}?ZCAU-@hhw0*<DhYBC%582XMhZqgV5O>alN(
ziYg9nAw)kfz7-w?>>3gA3U#&oSSRTABjt+sPo3CPvom`>mbm|P6N*7QZF#sR{<+<-
zefAdKx{%K}JS?oRWv>LH8(XsTI`d|aBvaH4&MgYT#y!kX?ny<My%~W)5Snlv8Y&YR
zO6Z@8*7#Y%PR0N<gFG~hq9VuFwgTuux)=mHF--{W`{$B*NEPB?y29!W{_ScI9m?`H
zHmqU09EtoFc?N8=Gou@)34?`Qn+lXU8i3TAy%@#)o-jseyGx%qOhl3c&V40ybVjHV
zbZrtw>!;g}RdiodXZyQye6xCS!)M=vKZu1P3kT6|K_z`4y87%Q{kb|hp6uV7?^$?C
zbg-MX^uNC&dE;kujLmZ^RbA4)^|}Q)-1ad;qeM;7Hc9d2r>J*$HE;0To_&fsAD$R~
zgXj7TuV$EW!;P_0zg>fE`reQ(W5}_+RaYEze<cY{jSfwk(k0-LAX}2Kz)=WDs|`(*
zK1qyFd*T8!|D}3_2`lE>pH|GeJG)vUacs8_J8-G`^of4E<tzU7_Vf?aPy&Q3()=B?
z>D#|kIB-s>t&eQK7K9pR^iXxiEQ`SPI<FwWL6TRVGg<?^h%k|zjRtJ10dMFBQ&C!K
zfe4#ZrrHlw<Y2qqu%VfIn-R!lnd&D8$EuBtm|H|FYkrz{h_E37JvP{^R7pzW`4c8q
zt{C?^zc~J0RQv(#Ss>3yW#orfC(jz~>&f<CtY21KXXYiB@t4z|R$Qho@_j-6gd)IF
zq|tajvka>#XHy1CwLQb^9q53oVo>!DQx&_%01{8mF`yk+Ctof984K`-2T9Gydj}mf
zmIh72F?N-7Ww*b54qr*<bKY&RtAgiwX}m1H<lk|>i3aPjLGhZh7oSyW)f+qOWm#PC
z;;l{}0Vy>v^>s0F&>QL~KrlAun>o)>A2s1rg<Yq9924h!5#Pz{?NJXdvkM>Cu^FDY
za$T0wpRO+F;O^Z2>-XjbxEWj%p|kcy*)B^x$8ktlnAPDgH@G7+<ABkNQ()T|AT;)i
zx2rr1?Xvk@@Rri~tS<3tENz&Gbak!w)_7%IcG<+zvLOG^v|8|J{dC~?Jb-QGPZGB9
zdAEzw4;Ba{!UE;d`;?~ja&>mQ<$HH@WqUMgN*W~4!uDA_**o<6p2g<-*x0d^YMM&0
z>ER&c0T=EDf33|;QlrfoM7wmBa}dR&d=Gt(@Z)m$Lly7sTYdNZd>=;Vn*DMFmW>w<
zKaNIj8H>U}h&EzZ!A}%8L@+bB>AKw__?{t0EKZ!mVBugY<uO!O5TT_9onAizjvf=d
zaCv>!07>V2g=iYtWy$4fY+ui2Oxd{hP&w}36UX@ootytXe_#Wb5LW2JeKQu2Wb#Rg
zz{Wrb7Y=pK@)OECC_G&2$#-Pfhe0#9uA*ELiU3$x-=i)<uhZDe<1R#F$|NP~woFN?
z6p515@HvaF$Of_Q45!w3RKf}~%Yqm=+V_{gg+lq3y*m1<%^A8ZT&rtp;H!1DeeQcB
z<BygatT}~V#7m0CCna%(g$uYZ_+RXJGU7)A#(^;@DmBBf)8{a&8&{RI4{$d0H*6T4
zJ8x(E4cYKrj?KhiG({Yl5OU6}4mJ;8!(1udkBhV{tMmx%(r3+L$yP&O!?qfqBL@X_
zCPYD0WjpuiOpZU;7(myPH-{?V=$=;<lTPi&OVtJxqj(q?TK_1hOXQz1B8ikknt#c<
zUh{mLN6?0FsB}%PGn_d^S2y+5!S;Mcj^Quu$2Kp1B+wVK6hgdXF$l*nB`SZ`8DbZw
zzU~}ZH<&$?0B93j9aK}o|J4e$U)q)5fw#9uqAC?0lmxHL7AJK<p@KjV)u0{a9mW}X
zimQ1VZ79Yo=6>=9zQ7F5+}zc`ZPXN21n$}?Yj)n2b0v)7uBF>yto`<(=x=h<ah_E6
zoc=0V*|f<){%#$q)ktj5g8_rQ6&>`GFfd8V@66nO^S7h%xL?R+zpkOj(GzF~Iu{w?
zKTW#P`R-6)448A%A|w8ZTt5x^%St7#u%Fng^$69P!tl{uP=Z8E?UzWi#oX?HbO3(`
zxVIkLzCjKOs*VPl<W9#HvOR1#dW%WW0&#xFd0*Vhj*ZS!m#B)%DHpPabloaME=%(*
znpjDB#N+->Uy-`{I89#jTCB5aZu;Cn!uvBWI(iZy-m7$(R-1E{qHYfYkW@uZamanI
zTm~5mf4UuEsXW{!8Y&`@`|VpO%P}V@c>N9KGpTFg;HwN%qaH{*y;ozgNf_Pa_)gKY
z<EFzYDu5XH)rN$0b@rlQhL|cxV`@LZ(h^~;<3z=Q1Ty}2lqYY$>~L(YWzw(C@`DZO
zScfmXLLK?g6c;Qsg?-NU^)|>Mt=GS;z3%2_ccGoSnGi@XE|gs8gqSOhr2@nCsH<ps
zmI=Ogjx;Xo3W_tQsSNQw$YH1|rYmEaMGX`)AYF8By{U*>X-ZLDS;FinMJ~{St0LY}
zB7g;^V~f+H4>oDgw+lWU%Fw>QzxM1(Q2!N!0lDFgO>^|P_<Z06^AHoxGO=QFDFT^(
zt*voW`4_2lO6EHS1Oxs67=ZNlcI+x|cpxaT`1ti3GmL<7IUT*6`e^iG62*cExdyb3
zuZr5sS$%FwQmSh-!j?A0RmWKCX3H}9k2$Mq-h;l<wTBBN^vZTu_zewYvCKAu-NYUM
zR!WMDWJ;t_0&}u&>gx~fD%;904)eOyYvwBxWWC=#YgoEynXh?aeFMl*wGqqoA2nmF
z3@bJJl_;Iu*!h`|#+6?N;@HGU5ivp?yfX{tqYFcaS{A=r%@V?_n0v|i`2_R;0fFqy
z{e{ON-;Q?0C75SqKuxTOK6$90o@!k&FEwphy<^&f1&#Mr73=M2)pEFIfo$feeNY5D
zY%69v=y{bU*(wbdw)kVtqvR}vJ}}#Z5CfH>cvDMXTcQ43luf66mI50+XcW&xK{UAO
zjqL^1?Q?Z}NFo$2Wir-;GGb%H@~TyILO%E8ZtZR3%K42tQ&NH)*0{}EHO5cQ0!v>=
zB$`5KKXiZWds@_kkTQwTFdXb9jM1=w8o!{Qmiehnsrh@JCQJA3ad)$YEC*KD!Ulrp
zr>}$NobuHw<(dG7ntLVaXV8wb&1w27nzFB7z8@wC=3xocWO3T{;~F9=T(3<)8o)j)
z*M4A48!_QT0AyvSWi%(($nyAXLPQuRAaH!7Bd+H{4R3$D+d2%`Ckwr#F;%sp%yD5G
znXVL)30jsXCMNy}dbX5g`+vlVfbAZ><p)Ac(K~*~%7yVg0Xw;$U&=(#IlM`pZtp90
z((t97t_?WeY>^vYuWlDFUpU{p>&Mkoryr6mS-r=eDiVxo;-F)|9V07y?a~f{f&?la
zJ{ioAEmXgAD|Y{fgd_E<du7%xNjHZ+tmdh<9X<UGXwB5rbVLZtYcj8c4P3AL{df|T
zz@Ijxu!=ZmfKl0Y&S`;L>watHMt616;>P3RVpP(F3QDJi?Ym&eRbRuFNu7Xcoxtiz
z!m=f(UNJFIM;Ak5U8MN%Hp&pZhz+k}<3kC`WT)W=++2jt^7ppzgd*9Xru`$u{X>b5
z{{-v<Kzr_urL<-D-|V~}<ww`K;*#;;WO)|k{4M2%M*vLgxZ9A2>E~eUa{~wxBi}Et
z_`?it4(&PQw{s8K_D&N5KsQmoad?QR*TM&Fm!?2UCj;*Rh!U~exhyqyThrP(Q!YJ#
zL#t{)2#H?(gL-^d`D32qRv0|%hjG8z+4?5q8L+P(c09s_JaXTo=XfX<mbq$-FF^=4
zuHFcZd%8gK)R3$a5&Zm~AYBFX2&r9PX*w)`U?ao4JLUxJJ07aQ`iqjnfxadwyZSbI
z<z5rx&nlP<KDpOu?s3VTp-s>V7FrHF8jk9hN#L~DIvup~Y8UjEJI_wITjIy7j$5-D
zaEbW%2p?t=BSJd26gcQ|`a<l96=hz8AvPZIduXT8uPd%D<xQK@ZdXR=bR{1|OH?A}
zvzQL}ARq942*h-ojM598Qi;FUvoKFQs;t(If!;goIgpjqe4cv_jk;E{tihG1%IF%I
z61FE`He2P;kcX$w$3NEfjn#T*dGCwyoEomE2fcE@xFIK<$J_EA@L7@`&#vEo{H9aM
z&oY&~!Bu?mJnrc|(yd==f^vh!>cX1|X}l4M-}PfZ?U^uYyF!MJ`*9%v%L2_36jp8~
z^rsbZlJseTeI}BCZ3X;HpUwRFm`?e(`gGPK{;cs5aA!KND@QR(pkGw^Y(ZY$4hA5t
z`f;Iv(&(lj_kyzDpAz|B-iAA`{=q*Z6%M%+yL&r}^Iq0iD3ZPX9&U>reeGAI>d|V^
zBOJtl+{8R^=n3S@<TK&xI~TktivaPB&*THk0tk?+8!^I8d^v2imq$~mPWIbW#nTzb
z-OPvfHxH`9w>M9jN3i3N{B&e(;d4O;b?A4-16et1@<-!($M5kcQ4sFv?Arg%*#(Q8
z!iQoxrwI!2I-d5-`}u75g7u@ypWs)^(@=59)x!uK3>%`uuYAaNS_MCt^Ik6l|Mf8+
zL=G-tG_i9HePw7XzGu_9fffQE_}iw7aQPt+h7(oWuh?tmW~9?{-a}GHH+F5_qVeiy
z4-<-inQ(Ag-q|SG*n8ULz`mUGcfeX8Yk{)S{qzbiijFqI@;hmc5^sZq^X}&H^OWHT
z29L|D@oGK^)Ie_TsXRR`uF}_acW4#ZLeerd0n<%$Gb|EiZ70de_KlnAJy-XK6bSLm
z@SrozmtEGKY>CH%95!vSH=h1LbiP~)0D69?Yc(WmCJ=<kQIVJkIH?S%wgIu4T#=w!
zNs5NMHiaZ5xq<?Fx%8^;@_NZHUb9zLKwDdzgMaWTc-jGq0Ayxn%dcNQ9rxnOGT*za
zOqbr5-anjN`<C;qFjr<m{^^R<h0n$(`JGp^Q<anToO-MVEKOAqax(Pr-A4y$*O0tD
z2bk<ySg!RIl_F#14GeYhzmb7EPHn}+6djHCS9R&|$}7c5HL=M`{(jDTJ)9H@m8n~Q
z*FT$hX%$+2Zzl`75KwUp+D7^dqDROsS5BJ@R@~_7O4~iE(pVeceu#V+wnxKs<`gOr
z7bXoc$_HMVf$mJ4sI+%1X@d&nO>b=n+V-2}xyXZT{b8z(`K`qZghARj)lOpAXWqHm
zr9k1~6r}FG`b8Te{KnxO3n>IJ5kTrP;O7egvU(hoN6FxyZfejS0a7aDzCBFjG(wk%
zARigL1d^Az3C1xcK^zUZp1A2zo#4%zzcq8YscDFwnyq%pIk6GYJGBuO6AjVeJUF&Z
zYr<UhHwpC3ry{&K=eqcwm>=5xmuxb#*QKST@L}S2iE2m1IpnMB)x~4z@Wvcynw~?l
zcS+vc*yDJwX^h&Qo<K-QMc=&MIlejG6I-ruSbO{K*!SgBhQ1o$uT+Bi@Yl|o9?);&
z`*6O{Z4p<OsWHB1_+$z&8vFgO$jC^^-}>vbvdI;cFFbHnYAk=!QhtZbnGGb4QOME~
zFHl0_oO`hp8FuY?9`A=5R!}V6Z`--}qfS%809I4t4G(C4Z~}o;MTe@!s|pWUiS9qX
zS)f?!QSES&hkTV`OBoo7Z--OmZr>5KTPvc3^y8EW&dAnoH2Ip!E_nLB6Rwkh>}_5Z
zd-#4no_Y#bm9fT*rx?*+;^u1>`On`6iVWCj>W2ry<Jyq*AYbzG$n%qI#j@)^4n|Dt
zlV9jCAx!_EM-Gp=w{Ftx<Xg^!@iJp#kL1H8c#b=5gaB?=0`b0DgNZ6*Xk|0wuq(?`
z6vQZh6o`RbqbVw2^f?{t_(ua8Nox;-UxAg7q8xt&_I58)cHsatl+e<4_@h3)+{wQ`
zXZZqy5uJL*{4bb+rVYXX_=m22$-^<15kZMsTYJTbkIJ|{ku-PqjD;bQaotU>ca8t;
zHu>V)NyCT%Gk&)lv;ET#yavzKGkygsNUv>obpPhlVo9?=lgY{}Gp|C_E>kC=;^nQ^
z#v_prs;H#S<}NL@g|@h&AGs^z_;PBXorMnBe%0=iCr;Pa)eo8<vWtueGnsnE!PN`2
z{?bUheW0CuZ0ngXrsVpIw&K!D`I+k12*H;>AJRqgRLXmR9wn0nr&5NFv&s)tHNaT(
zOl|o5RFRjKB6_yzX&)e&jW<K)8_qo?&X)0Bmoix1DNvUm1GreIi4W3Ez7g_&)t2kS
zO^9OXG>rrgAanJDqV`>YPPfOG5uXWsIpn@P+LNt?Y;B^XBA}gVIMSxvRlPUGqd?HJ
zwd-_pewipZd@okmk^Yf@WM}IcF)>rs7Ca>+rmFF3cGqd`XMk|<s~msyhJ_Z?H=WbE
zc5uzSGbn+Oqcc>eP8<4i!AdmOqYck32xQ{~1qP(z+C6ae+L~5<d~c@TWZs-`PwW6C
z7eBL&BQP;3O0?aEw374@5@bTe%*>qd-P(D*paBa-)(*U+!GZN!Q$Tj7wQ&wyAUeFs
zH2hnKk+N_6u4k;e`)rUvg>qOJgijxo;zHm$ZR-C3R>46L0u96zyCnzU%0UtC=t`)F
zV}zbn%I#WMrS*|c+B^{*xX!MgBL#{TqVP4tCsaTdhg`w$aZ4!wY+w4_moREDP66`+
z+z)OxE(RcmMPdJtW(|7vl0GfO)(Aa*A=-;2$mh_H2w;~&`mF@ok6wR=QUHx<mYWl*
zBp59HzB5nia;1L3KOA-Imf37R04tv1XkqyQ|8nUPsnNjY<yWC7U}I?eZLquSxzbq<
zD-N&^liI7nEmZz@C$;GJkN*CXl`iMskpSZcDlA|bpkNCJJl>)XZn#GD{b}6kZvhgx
znTH1)TmVw~OA#Q%R~1inTe(vcM+OOuAb>avxLbRP6-jGlO$ak?9Dq_2@pA2`*-ve>
zj8l}iY4sP_Dn#Tf0C`j4{PHFc!XGUB1CWo^c>^x-`2xu_PGe01L?<Kg=cMn_J~c1B
zi%Z<z{T6ba=ntEiY#!A~0S`sUSF`cId76xz&vUv!@A2wnuKvQjfh9;_u&j*HfGdrP
z;Ct??UEW`){XK9YzD9sx#Xf4@O%8q19;PKY9LY$qMd<PnE+I#UYuLe1kBW_+|A^uv
z`+3)Ued2j4dVfU#Z~Db?bEb*T&1`kp^-7hH4pnoGu8Q=kyTEFdp6U4Cg$g!;;{qfv
z5i&CUB3(5`V2W8fJ?6QIEt!9?%RI+Grl#3Jn%G|!Cnip3Lk{$Q^5*rMYF(FyZp+4{
z7M*)U2)hIIqT#dkDda$=I&#&HEBZK6KU6?s^)!omq};rQVQV-@>jR~*Q9!I5cboxR
z_@$~}_&{817=Zm@p1&V)y41eZ-}f=oz&hmPUblgxyI}^CnqLqI=%TazKj1;`gRo%z
z@~3D)$QOt%*(K;7q=c*0Ay7!R4XLVV0Gg_>C)!x+75yf`6eMs;5Uxrv&en2`QT6>m
zjvtw7n{#W}!kW~wmUb2}v-Ka3C^|_}+p$52N413?zYBRC<T$MXoU;aqua~^C`hgQ7
z5Kl3fLE(H6_+W}>+~WUn<mDoO_uy~$1Qx$oN?>n7pqLUp_U1lRrvF=`FlG0&JfF(2
zZ|ck~)<q=_@|Ae6`Jg2i0Q5iqWBGw02AG3trgV?oXYb`F1-dVjY3UH6BShz`ncJhz
zC-J7<3PDd09sBr<bNYLGVHBqD`P49Dl0p^R9E{>G%s6;&WF0cL6+X5FZXab#QS^HB
ztARh7?Ra>R9dO_d)S)W?XaH@Nr#6_c%b42{5Q2wK;e%YDfqZR%(Xiwp2A(rQT4TND
zH7%|SRy9#_qWrqsYrJR#;nNXjn6h-cf4TNSHoGt9@eGPVN-4H>*NW1l^i*2-Y04;g
z0wYiR(gE3`nHj5V26I!3SI6~C@MQ$$=1GTkULQJJvpPS&fGZFQGO^f-%m?_os7|Qf
z$5zJ=r}TsJei#&7jS^WFjl%VOCTetFZ@XQ9d*LMjIgW&T&?&ah$r1QOa&Si{cL&DS
z0BGQ>dMzyYWT_Yki-iQv2HT9s12FN{mQ3@M2}pD?k?SU$*9o!8u$~tvkqhrNOVj{U
zw!iz^18{6Q?A5vH#(RSg?~O2f;a|^+5sv<-B2v~hpd5>&%YO#AwaCHW7aO<LSf~h{
z<k%j5q@&|@XCRQfJ7l$ws+Czp#<c8zWJ!3R;Gm;x%>jOQ{kF*YKDL3HAbQPOtb<Gh
z5py*x1EXivd0&OMDpn3_sBqZWXP2hc^)8s$*e{^Ho+WW;=5<g-tYmeBuJF&F)!M*a
zOG6xOZfR+$bFpmu_3Kwk(nzWtc6&Ra|Cy{Q9>f2DvDM$UVvCzvOUJ>YZ7N;pq>(3?
zn>zN{0E}y6cEI4UU4=l*Ze>Tlgw1RA|MCLB@a%5oBb~32Sk0WhGK7WT1X$2;`Mr)f
zU``>swsR}%O}>4&#!Q9jo4X{%K6DXCbf{!`!}8^FPLBdW%C5-4Pe^<q?Pn7tu-$R@
zOTGrtq*`s~R`!AbEtDDv$NpN+9{+9$cpcS$zxC6oh8v|$ilADV^G$A;-3bBU6WCj1
z!md`Tq*vSq^y-^y5OIhWdI?@xDE$HQkl4tc@VigSec%+M3t{>C`o}N7QhNhGcBbt>
zHRDDbkO%6Qcb!=GqXIx{W@Y~+G`aX?hI)Dq?<mvVpGfFefB01!c+`ufjv1M-Yjhvy
zy6=r|QFPdA<w(Tp0nMuHFy~6Gmv*%>0PLfz=Uf>X*@)qEu#&G!DFswGH8JZ2kBA{%
zSnmg@R*W+Du|w0{<CY~DPWYOWp>7>0Q?N7GZgY{X%a2t18;Rgm;1RJzW)Fb`=ZlWY
zz5_>2v6etOnsZhc28&7O`d?#ji?)K?aeYphlSGH$Meau=rKGejG$AnzI56_0<F==#
zQLs}Q7(Km?RtNr}BK<DT*$RQP!TaBx4c{PgQc`~WliHaSpH@$DiIgIVQxK(1Vo7YN
zC!6Nnk;A!zfcwdSHySv7A)ubh$RYr-A3Ttrg4gLP0wwNqrIT|ogmFdDwmz%l@jjoC
z;3NYjaMt)y@$51lSiWJ8BA%)9f4U-IqyzcJ89?hlVI=+t`Cab~*mU%_9&RaK(&F@e
z|BgayCIDjwVV)vj_wO2sfv5g}XYBhx@#`xFnx=G**xf2cgfw;CSnpaCc=10e9d{yJ
zJKPGPq!GGM-r<Slp)?B?gR%!yuSHlZ^Ap>&T(bX7twYt%j0RjRmZuz@Y5i5saMXVG
zJ(s*{*hHVmu&@?AZnGH%OC^n_<C4o9+Wl!~T2)OHx4bvnWO(-DGb*58-h?jIU)d+g
zbs}OL&w~qEoUw3gp3C)}up;yV0{UTiPdRZ8P!1l$IQCYkUioHUA{jsDL4b-2xQa$E
zf20e7gQDrni4yn5MZWhxv8e!U4%jnTk>CH`qw<0+D`eUpYz9eDOkmeyk$I&fhC6!U
zqFWBrlhTbBO?)z<WOFr(IRr!}&s`4qq<!B=k(icZU)+NH!fiNU#vR;45cGOycK*P}
z!75fXmo^|+Z$DN^N~-n}h@&>#ug3v3?d8k)+kfi`;0>Vf<^CKj-(kb}wOz9D<9zi0
zIZIq1!fa@)m=gIs=6buO0e;P*a|x;pz|X_M*8%~!2WIa8Se+676cF=Zjrs4Fqd`m`
z4;se<PxGJ6jK_aG;&>?Uq-oR_-{Q_iAMRGF<{L0opaiORXy8K1>ND&F{O^`KzoUrW
zM0^z%es?mdXSo9G(y*rwxZizob=1SYTYuX_@erp`5@A*y!7lnp&bR0+yL1A|TBu%m
z53pS8@KtC~#cOcJ14R?K%l;$&kt+1TyQbm6lV8>+^7uEP0*5Zh(FXNI0K|j!0n&Mb
z0zHRlc|XJ&Z2rELAA%gzldBV2a56>7f7@%-S%chaEhq+@-&zkbwaIi84OQEAN0n3I
zYLdF+J@5>0kz+XilBt(EuJj(6xolr#t5>#Km>mBaswL3y^5%g4^Rxnw(#?hU;Bgbq
z_EdB7Y|h6qGk=e~1D?uZWGdq*P<bqXyJxVF#Aq38EZ;b&*($$`Y{<CX+as-mq)4PD
ze{lcf_%0ZI7Y33HBfbLCyNT~L{Dtc;wp%#Rs8pj&Ql#PGoX|d)Y~6I={KWDimDd@g
zO5dj;$yhwOHUR=F*ASFo^V6sOH?nj<bp;MVzE<Ee1x~T5#ww&+4ZB1n50ZwSAeWt~
zuvy#>SioZdds7sPfX52STf{-1o1F*DFQ`cFTsTnyNqQ6PDWcf^L6pvAu@DkR!I+kS
zQ`s2#jeqQQm+J#9sW@MP{{qql3?2L%)j9f*tEa48m!GIV_@#R~Ds=p#6VEDaPq7i0
z@UolQB%r6gt+9%JJy@X5w22L1%=urWD_`W3CQ@A*U!>59bX`7P`hlZy#`i&#-wUX_
zS2@DMWnhvV(BqO{J&)mNA|kbz<rJ&z21(`2o8~Fv-1r-GeC9FXiQ(ZD=MW;(6UrnN
z6KCgd^;v2hVXh@12Fc&p&b|G%cS(A!bNs_8ei(HxX5!4*6OhIs1qa(hpGd%zcGsQs
zr4l9H$Sw)quZp~%qF(~7y=t#B%2oioeD?`n3_WGKVK-#}`QmHYrAwMA8IHlMuB25?
zB!VX-?HyScxOTFG_9>-?T6M&SpGV+sKjH%~5Aa!mUw^8Z^mqt~43wGWi#ME(jqmR!
zSp{&E(v4Trc23h*{py|f;7dzS4IPlsyCZgg3V0J%)-8==B#>x8(rL{9ll*(2+M*AL
z(a=Rs;3)xSJs?F4tW2w4i5##lzt}!Ek>o}HApSIb8YN3F9Ju{}<^|SyoRJ6ABq`85
z>6KK>*+(I8LH)}9$b+FLFkoQdVYhYwb(=()AWx!$j~+VQZhtXElo~7?6R&J$s)AfO
zIhS-AVddleiyAb^th2T0tm7r_;8}^t*AE6uF9+hr_Tj_nx<Qj`UkCy9+NuaYVYm=*
zOM$?l1{|IrhZfy^rvFj#sDS3^%SQNK6m!u-2pH4RcIgf1sHvRiK09>CGS1(<woudB
zIaLl?mIS>*|K2;yPMWc{7%<`lOKv|h+alQ8?=WT!F2&SXZ9Sfo$qo1;{cmZ_SLAuz
z8N2334g3#Q(uVA4o5{F5sN=Set$=OU2*MjaNyCe}W&!!5CJi*j)Y{)IKMm7aym(fl
zP?c)j;Bepmy+Gssq}dVyeEO5(`9k7hnrumpFVK&Z&Uf)qbyetfW?2br{UE~y)J@AL
ze|-o~U$4J-j#smzKxcBlHEOMK#7{a%>zQqn?wK&4|0O!8Xz?z4FvD~0B+w?9)uyf{
zcCxU}vISpqp<w<})q>VpkG%J~2|Duhm10|m=8r6`-;psElJ?Td7bgp7vC-cg-XiKO
z>sYD0uhg&W(K>Ku;TB`<Eu4-LuQomWI1X%m)In%K0+o3!d1gq|KMo-T<7I^mgSOyy
z`6mUE2=S9axwFB~uhGH~n;Ko;K>Y~Az(~^4i62-RwrmRccp4cNJn_!8ph?@{Nn5)i
zBYq$Z0g-Cx7rzUzc7t;Pf2pZer?Ucw;a?*fGt(nIJT^}-@d&2kfR~p55H)EQ_BtVm
z4Lxx2lgJr!@BsCAS(qcxq1S<L!8)lknofxcH3fu>AT>D6y(C87DMY2bT*Q-=jRkDC
z*ZSnBh(HMF`s7=`YhFjB3``YZQ^$h6JfieNqH<1GJu4z)KAoS#@y!FNMmc2NW@if@
zSjlR(fP|z5F{bQl^hJSih~($?i3!@kIY<BZeoq)GstwR}x_r(_XL`)DYyR@9=^9s!
z7<rIyx;UFMaHLeouT(61j4r=1TXHpv-Z)<yDgtAD@+W??<y$3X*~P|2WY)D~-~3;9
zt~tI*ezcM{`$9(V)P?%H6;bN*%ZS+XA!3Q(2UePi*!o;T{PoK%6h|ktH`L7sje8iY
zzy2znwO7++3Jvr&`nFH>DAsLU_{{mJ8teoNO<=hPJaS0IS(-(v6#ul(Q8~-C$Iq}t
z2FR2$QHgTzlKL6yY;Oq&DAcW|oO~kjs9RxG97Vn35JcfPq6!`n`CubVCBdHL!wq)<
zpw?BM3ofzYu1!{@&sP=_AX^;qlht)3R&)GPf{U47s^j&T+xPiBFlt!~2A}qKd?vUH
zU)N=Wu^0^!3^?JqkP7%c2=FmlJvsNW_RhrM2={V!sKs<+#{FChztR|40S_2QCLe0Z
z)Av*c?Ofl29^mNlP&UZF{O_o=HUP{#p~$s!q?wF2%H=6eSoK9MtQOx2CC2n@c~B{T
zOQAi0eqo$zy1zE4s4wGu{}U?RjHH{Wh-FIya2}_iLzy21HBC@-6!fW9EUw6|gM_Ds
z>H0SZ_UkDOt{2w=H&)$Os~;hPiBAA&XInrFM!e`ZMsat*JAL?>8hqdMm$`X!64mh`
z?(~Z}RBVoCsKLVo4(XadX#a6=f>|_z{1SS!r)}g{1}a3{Hx6`P>Z0daE0;%sB1B}l
z|Ml;40u&RA)cEc6-#(xd$mF#@*Q3jpGcnUf{P30>R}uQ9kd}>EyDY>rk@G{V)vm&%
z$W3Kcm+6P(ME`gaU{;XkMr&BYxQKv=&R#Igu&}X6mZ-Vk*Y0})j|K=~{;x9?@deLh
z%He>ATYmxCQ1$TDRZIS1#>TL$f}9&j9%iag@ejIswfFYD!<Fq#x347x8Oi?D5DO+l
zC&u?EN^3(&bZ#9e8vM-PbK%GD6+8V_Ic_!}TLOwS)!wCpPm4G|M)pMb&u56x8-ChC
zS{ds-ERw<AAM@EU-m0g)%F_gIO%|gjCy|f7Ej*HHpH5V0lZ^-=u?QlcJ;&ka;|4<p
zHKt^|ug2d}XstSod|K2}WR6SzMcG`@#+!Umh4W!^0J()4{zPazz6RSY2(6!$>GI5$
z43@NvP0c^i^#U5!oLT_*H~^8VS86|8_@^qJwb9wJYG3*mbZHj_SqwXVY=i&^E!i2=
zBM~PR<`3}V(UsNH71H+hgMGsIi`ca$Os&I~tTltk{pr!H-wYrXFCcIwX~F|CQ_zYL
z29vXd>B*;<*FH5%D986Iw8?>dnSo0=fpdxvOCL@<w?hBZ=iTkW13U$Mw9#D;>cHE}
z`g)m{8VusB$(bA;Srp{JPe-Ep^UY2E+Hy5jVmZ8NOsD#19H*gfRC^{zi)}P9@n+B8
zwdJp0bXZuJ;9exehKqeQ>r!;SvzqUBUu?$}9c-RAg<(E;3ix0DH=vH0MF1JiI7^BS
z53V9oT2S$R3*XjUo9ql|i<zfp+OTOMrKd0KD<}=Rpl3;QbD7UbSVZBit%(B=6=eNR
z!pf;aOJ6ew$=9Lkq;a7QI`E5NcYij&&9P+1iGzzLF_SRA6`Ub}Hvv}UrqI1fzT!pi
zr^1R-;)`9o`QEKBWdtK-YTf4R_Lfe_i+)P=rtlgv;Kx%c_ky7}kZcBkB&2y-+Wg=S
zpf|rgHjr;jI8#l=|Jr#BM59KpxX=RL1%MH-#vvZ+E&J7i4)y4tmsD0_qa>uI<Z#si
zMG1HzJ*RRx7WLgz0VjssDmsogbKW`A``m2siFRKD`ea-`_otnUxO%49GsU@CBmVU!
zoxhVFzV8$~zip?`b+*?KaiTojAay7>EPDZ08y~nRY0@PT)dcT%>c@<)kcv){<MMuC
z`?lekN(TCiL^ne*|JxuyH%;GB!;C}EHiP?UZ?jx=sX_avoWob#=}HYh!x5nGCzW44
zLx#kr1MPe#w6n?CDks)5KCTukatMYPL#S&6kMiR?w$=XUS*8CQfnMHR68yz`O0G03
zbHdmJ7*`24lY(vxSAqt>iK)`L_A7fdrOyUTv^TH1w^+VWRG-3@GZ|79-&Zp6SElB}
zQ#P?xKqgRpUk1;ESHG_VA9gSLE9Gm89&&NIaqpjQvmQ%*Ey!lF&MhPg9ogWuoQZ2>
z;Nr*LPjyDAxLV#9k+Dl16*e}+)$NrQML><~1mjw!(FsPAiK>7HqfY}y^dQb^QUK^c
zA7!@cmF2#v2Y@KR2v2VXz*=<yZ3B!TfyP6cI|le*!l%QA{b-091)F#3mLfnCP32@C
ztaYXWn{UHJgzbxKil;7Mh>0ze<h@aT*=`ygM?!~t3f|~tLy`k|iy1o0uL6Z1qd+1z
ziASQ!9{=Xse$3o)_=N1nuSjrOK~DYU9*H{e?<6Wh`*{Ua%27`9Sytn29(lotnVF;B
z&vSD*%g+*GfP#mC2S&xlya_&Rs-<W3G!^?i<l#?Tcc$v==Tz9&CGg=q3gTU8te*gg
zc`)e?H@^B-%U*o>|8w0+KM!HnS`^HvB$5c$IiAvn{ftp^J@kQ_AIYk8txa#xfg?Kd
zPN3&S37pd;1;kJs9dnEzO@xijf_Ws=xACo3Aa)5sK5<RJ${CKjqA#0vh*Uu1@dY^I
z79cl_GIWCcXVq%C`2$e`gA3mfEtv5GtNC9eFmirCE{{g3NlE{0D8}5L-pe!Tk;RQ?
z_00_7`?RAlm`{R%*zaH{Lt7ingn}Wr4`W|=+eCqj2lj^Rl|0R%kr>~S;Kc`b(g93}
z2o@GlR$y)CU!nt_4@e}+l}$=qalpR|xQTsHEyF@!7)+Hjs+HJuqa82d(}t%vH)R=l
z4#tY8uwy~kzZdB3>CUV%zf9)FE>orkRI1sK1^uBl8v}KQ=4eFBP!zv(pioPQA`O?4
z%^p&iWEFy5i>Ic~mbX;az2O{6QZU4L$Kl$b4CRM)q31<=vO+;-Z>o3>HQX3^z(I1{
zC~@^=DVO?gaQ)oPu^0RSmcWPp?K$s9(As}C{K^6*e$_@B*a{z~K+dR=g@Wn;oF5V4
zLbsVUI)j#z<92$U1xQZ$H<dTHH4o(D`^&;$y}g^6Ae*l5TJL`#!Wgw>|A4~a=i-7F
z`u{V1R@=cZqD((b4JQWvZ=ngusYIZO0fRDLq!`6X#8*pfM0HR3%Xz_rWuye_h_?d%
z?E)Ek*@_2AmL6hDA4+@=T*DF=><A2;eFB6+@MnOI%jV!a7SP*dFykkiHg0fh%6%-g
zT=X1{`1Q+(V#44-kL5f^e2JrXf}5aKN-9$a4by~vp@+9`!iF&zBl9Hw1OJDyw~VT)
z>;8u6?k;IiNeL<G5|Ebe?nb)1OF%>#q`ReCy1To(LF!#z|L6YnjyuM1;4#KIu-9I5
z{%WpGNyUx*_;@tqZ1;&4nE~$e$JSz3uDPj`a$LxF^{Kv+w*J%j<;r#?au&*BxY5B{
ztC({-6Oq9t%!MnCv+0{)V&A+Nze9-dO3oW)IN-G1ZtF7)ym4QnKQL)ibjXy)z3uhE
zP=A!3Q7BN)(WH5x!4@miBI?-ich{UfN$@lganc1rXC+>R*+T{y(Z6$_yAo^m;82@i
zf8zmQP63SF3(}GLfk5dFM)@Y*SX?F<&_2MR8aVMn+exK*MOE4u!n8N(Ot%m=e;YD2
zvFR*LBIHxNN@P)&Oj{Eqja#`wt$ssu&S;|yg`k0yuzVpzGwbS#2V71u?iVa<Cq}V=
z@q<bVJ8vexVq`=Z$}}%@P{*ZH)KXpi3&ZAvg?UiJK%+T@od9$Har)1B*x5uBY?IhO
z%*?#4Krepttq+jPu{<rGO??LS<EC_ip8<{kP1wl(5h;t!LQn%2_{gug<;atzV2*kA
zOP}NWTHObYs_-kGwAzE%+BwFb(_3H1oAV{{17^m?pJ)s*@0LpE!%e=P*L__vr$nm#
zT2o(TZ6K*yYE&4mUt$l<bdB8p`4{I?nWm(U=~tG(M;+JMuy3HVgW+0l7t6$KK(Bz(
zgR(Ge+T=L*H%z$5!|^FGu%`c$;I@R|rZhQ;wl--bEk~_;PF5DwA#6KHt#sF*{eWMc
zPcSaU-BzsJuVvxphpu(V8N<JD!(0u1s+tfI%yL<OgvG-VCo{ou2S^tTEJucIqtYjq
znjq)BHUT1LSi`=XbfnxYBf9GnXcs)5%xD4JebAQQV<hyhIZcbDS}~O|0+81=-rG<A
zi7R(l8?btMa&+y`ec;Sz9oJKuY#1Gjlo#_&QL~VPnG4gyKXcEl5lcz0SIWZ9aG~e2
z8ZT2f29^*QlhPK5R-)Ov^zFg1a;2TO9g=-(p*&qWW`zX}bgAduL#Q=vmlx8i^L{=F
z<O!i|5V!je*>Mw}N{+%LS_3c>`Jw9I%i=LAb~nh7f$1yK5J$OE!IWzns}OJ+gkeOs
z0S9h~`1DGN_i;8_p({)?Ec!o8gVJeraly#6c0(o;ZQ~*qM#TSKrtS0+_krgH4;Kr(
z5m*}15NsgujO#&wF;*JLcX&vGKx$E99skm@^-_JiG8~nvo_?a*u)5`)c+&F0o|BgL
zWI6d{J}vp1tz@o^%!k7FjD?z|4%89pXJ8(o<zwffGzNR_*SkdlEI~||SP5S}mbWdh
zH^Q*=v0h_~`nzZF?p`g-ttMI>wS*<~`x6S?X$kDMy1V)5XZO8*p~ZTq&|RE_kL>fZ
zFKd~HWrJHb=omyFbNq@h{dk}J^MYLsbJuejPLGw%0r%y|^^-I9$A_w94lmY9lOlIJ
z?A;CgMM^Uz+5}`+0w)!&SNwbNOS_O|$+nvotd2j@vTnOmlX-2I{#4gxrd{MUltQS9
zg{GnZd4rE+x4;)0KK1UPbdGOKS~(H97RrvdUV&u6%3Gu{!jm>)(i`3+0QH7g(c|-2
z8eRhHQw!P0tT9W@Ol3lSwhvhehgk{xTuq-5;;Mzvw=H)Y9kL*z2Kt(+g$rs{Om$Pp
zeV{QBgm+g=A-<ABVnF_42&DZb!M{YozD`@?8A!Vn_zgYmIsicsYF)o_zxYp~aGZyJ
z;C{<EUHjEnH`T*2^C=;hyWvAkRl#o;uydWpZ+K}46rm-K3HJ>62o#SfM-5*`S&!DH
zy0c5?++;pbQq_!)EZshsGz}^L;yTXxKDg;QrYVs|C*oP+uVA|E6uE`Ps6>a%`W`Nh
z^@HVsJ1kj7QHoU*MQIfRdhp@yQgJaowa>Y!4%EAsb!;td?cpaB6nE?IR~&D){}d*B
z6~{KP2wZaYjo{Q86A;9+^EU8L^uURJl=^i<8Y-v6H5V^j&eCOL->L6Jv4%<+FD>L*
z(z)JhW%1CW0!`b3OUri~1X(;*prXgZL(Z>|rNY#;9VUov;XwLge|_~WB`v1WY;oNH
zU$gFUi^NF6=J~-K({mRyT0xZX=wbfS$loAWtx||eUX8cdPQoSjld&Gh90g{fetn}n
zQQE4b6WoFX@oPo4=tQPH18oVaBm1$Q)g}A2i1K!FO+)e+ySDs6vl%*sdy$GCBw*Rc
z3T0wH)%;!m{Zf~2ZPQ!6T19D|-Uqly0XiO=Y;HlqxoV=caX;qUE``u}Y6+8#kfs&)
zM~awEiIRq)6FVV-ltO$t!83RRj3QTq49hha%5Im1smcAwtwJHFDMHDiVn6(c1($?W
z%NZ#6_N~5`Vfz9ZzmUEM>uV)-fiPsQC+W5)WFqB<h;p5**jA1R=8TbS6(%auFu5IU
z#hiJsLRYLP3*!kX$M~9q>B4W0THRC;ntDu{Fb*^+6~+W+!ZH%pRx|_AN!kg_oTl`z
zj&fA&d+E><sO-%ohIMd9lp)#B8z=oGZ3CpU{e+8Bz*@*WmBb#9^Qcf_MqJ{R=Rcvb
z*4`uQgg|nP+L_<Df%655&RPWoU^?mc;*Yp*`}b0jeUl!Eq4l2cvo$*U<Dit{9-vT|
zY>)(H{QXWAnumL3iR7-t=7wayqt;0l@5<&x8*qeZ@dRk`K-YGH=loH+YPZhMO5~Y#
zuhG6?C#Y#;XCQpu4Rpg-G_oAp;w_S6b+zah&LGk271=C|5I6RdUZg&Lzw=c3IW0f-
zV9oJix2}d%H?Z<Ji=sNW!lS@%NWC3w2FBZEvH&NuC=H>{ylt~K8&3Cjo&|!GL?3G(
z8<(k<&9hf+vS(XA5W3hez)xCJq)1V1p?4V6h~&N#EaniRQxqwEclMkjvX|h%-IuEo
z_(&nqL)1;hGDVN`qn0kgfse9d_+|Je&uqF_e&DJ?bDn!VK!<o=6br35Vis1RRI{(`
zyhpncCfQG#9D$G$LK1;86k-c43z6w7x(kBLFGNPNEJV(%Z4rYfaB~Q{a_xynjHhUf
zZE7BK?73jvwCQXSPP|IJ`G5dVMO=<%rF1u3q8S7(o=(cDbg4sY#f<XNw=0Ms1xvYY
zv$6~;B|m-Hs5&phtjT0U{Ic9{Tt9d2w!FTH<>B`<bT7#4$s)5>!Uah?JFo84ToSAL
zUZmm99gNg9eikLPa+|aG_9x2OBbi9V<PnpUVbk%%kuwS$uDtgl8=S~`TBNOomfVn$
zE6R=*FjIBoW<6ihV2vKtn@1=5nrMuK4fY|8mPF-tDZJ366smLprgj3NsRuS$G=P89
z@h$#gGyZ4mgp_jng54~+DtuX9r&8wccU7{7qfRiH(k1HdyfFb*OklslE7GT@bDb}p
zzbmf#7Wc_CQ;}e;%HxDDDTUoqxv!h(j`!JPbi1wqH&}98w@E>Sfg}iQR2AbbK3(;K
z?oJlh)M|YGv!FwgngMP-ng&Age`NvGakCaQTW?Q=q1N+}Fny_EFhwC8LdIb5`$NF4
z1f@4-EHGv4f}+wJ15$#Vmqdxhxnqsm^&u$6xg}VUfArz}OMaLlQ;ZRVpLmckQyS#5
zImH^H%@-lslm*YGab=jb?O1WzIE`XlGdp&8aVrDk6<2Rv!;Z(+^NqNP&z+S6&>|KP
zUI$Kzrdb_zlE}FCj5wUdxZp=haJXEZ6{h7>?w>cGij}L*jvY<yUQ6ZX+~jZ!?!GeY
zbxcPH42h&2dG<biFw;s$wNpPVp@#7J^=Nax+mA15BD-x}KKk6W*Ua*}?Ps?05|ZPm
z48P$aKJ;M==gdxps5zS{utO@VX%_lC%biw`wH<tO$f3m&UK+$OjqNb>m}Nr~I3HR%
zZ@mcEYz!?1-}OzI!9+Y3H!_C|!s^xi7IZ$IBY`L69sg-(_p>1$*)mX&9cO#F=v>C}
z_tl!yz5ayec-idOZtR(G(0(mwfhT-1O$K9@B5!qV(>JY6y-DHbE*&fSY+@{FtCSA?
z_*a^4Pes5wAp8&OFjGjhrja_3%T~WK(p*%vSYbuG&NKBEsnp#mclT;hhB`YeamSHR
z5!$Si(X6vn(&M%9muJIr-Sg5Y=L#Q#K#KS6<56N1t<)Fq!L>Gfoaziua>(+%6tcaz
zboHL9+VrlTUUT{#p_XNNzv8SPDTskIFfN9_f$`Af<>b_(3-Mephc^PzOj3of-$$cC
zP=g1Cfe_eZn2_W_8*){*uid-UD!EPCd6|>ktjt004-2nGdY2?6LN}ACxWWHYwB-&y
z_ucaL@wvl3$`Ky^l?E~qu7v|ru7+*v_N$EfpY?unG_f{HiFZpaKkkUTXdqH@oPS)S
zd9>D<5Qq-2>$sYCJ34`nPGxDSy^-ldP=|<qYg7fg6&JVCk_S_<1OJ{7?Ra(*<UX^K
zk-_jlMpS!hM3%~SLrTk-<r31ZL*GbntGAFJe}5g)wAhDtKl@gdVLH78VaO4MU@(0F
z{OAz7SO--JR3fT>pol~XnJ5Gn0(yuHQu`o9l<3wCvS|vQvkL{p!!d0+>|qK(0V|AU
z?q1FcniiuBUgf_pY_-M>Bv30nGW{rOJ%1bK_As3VOQA&WLuzruEx<%Ai!es>Iq^DA
zyrac$ULC*d^lEZjTI3_rkEWmKC5gJ3)YZc;R{^I9lOv>^@6K`lA!&1W3)`toP6Fqj
zq?{jY_e?m3h?|SDe)~>8@*YtI=EU7JH%>S&;B~_KkdG%tXLQ3mjlGkR;Vjw2$|gqP
z<QzKQ6sfL)Y6H_l7>;V}el;kiEMJWVUS-@l^Qp{Oi}flG`M0<V`2%B?i~xvIrbtss
zF3ZsjYD={nGd`A8pNNraLD><;3A&o&?uq==pzFv?vDT&+y&^(}T4`_Dt)v^)fORNz
z&W*?-#c~LP11<8j7oRw#!PoE5w#6pn=>zlUoGb^EEV-}Te&A{g{k_`VJ=>qOv|5`_
z*=Z^M0=|C({?_fZ>#Pjc4bwQ1I3>@_UNs=?b2FaXd@9uvudZ8Z{oTm|PD6^;(4kub
z@NWs~ovP^?{kt>#xt=|}u#S~V(ndAg^=x^tZ?P?ef1+=Q9*gC12-a~3Hpo&bTT!Mn
zi6rUiUXBR}^d2(m78+oR{JG9nW$IB0sB2^|p_ky5{NCZniTe4#`O*#{P=+FgHCBvZ
zFTQ>;+WE?D;YRC$Bn@@0EzK1{5JHXp#dhdEGX&p5YR_;v$gNL&L+VwEH`Ao$=0;77
z%B|D(8t-p5QJTCr;HH<|pYJ&VUBBfO%K}N_1VB&x^<)i7L=9iy#^qsTo8ZARxknLV
z#StMDqB#`el`b4PyC1_@nY>05{q6CvJVrxc<zaS2z}jaNk*XY5jJ2VTTT{a0iCK^7
zn<PSH6N2w82azU@8f1kQrw0RGkIUnLRt!FeC=v4+o}*rtZbn+U4mlB^w+-y+fWB)U
zry`W`N{5^bTnY;9b;oH9p)1EMvf*!DI~vbF#M4k4)pl3fR1pI+=tLpDVu=2$VgI}4
z%}|V{nW)6;c4*CBRG$?3d2!J<p;?leK#U?qgeB=CFV@E>Ix4Kl?C*m)34>Hg1DW3k
zsYnoV0FuL%`}>#Q2fHjBvKK8Fe4-R;Q#-qm+RrJ={Xf=9=Ka>Y6-4#Q7P#fJaW*e_
zQa(DOTZ_T7b8-rbUWnSMB&^M+V~-g&OIL${2>adBdE=05M06~U3a-jj)J$nDt0t<M
zY&;TwXP2meMde*Lw>IPKQ5DVs!#vSLa<vfw!RL~_&%X)Guu&r4!Uf|%TmK4rRfzoI
z<YZ`f|3P&%%S~@B!G|#nb+zpe+A=@=>7`R$_&d$C6}(mFhQX1iO{6WcKFX52g^6wo
zEc5*Ilu@Iz$9+s4s|YUo+|lo(KMmgR9?cm$1js3$Yv)`kx;mS6evZR__^2_*SQb{%
zER%?>TD+yaI_kEh0-=LuKF7!eXq&6H_s<Q<EjD#(L&QL6{X0HLc1zsvs2r}Ttx-Pc
ztGFE1ju%ffUzX6Ak&=&Eb~{3xbKqKLP#Q!dNMqXkNa?bvXv&`sZ_Eiezn~F~%Fgs8
z?E;h+!ap8DE8lSI_}cI6b0C5smOsM(t9$>h20{-P5E;)lH3Y@T)GRK2=~>C6M`8|P
z2lx-J<wj$a&(OU&I-YTm=~=3Dzu%+oSRWtU04KZR@vtQH+GDThdRKAKN|~B|r83JC
z(0-D5eDTqELmC`L>3#P+{RmrPVmNVduwy@xH*uDia{KHdOJ35IxA-9)-Mu0?4P!Jd
zt#|F<0IBljcCsO(<1u6u5<*oKoc2AMcQN&PzDL(S6qI#c0_&&|n&FX+ROp`V#rThe
zytqwStg!anMw*ZjG0LGIHxT{^zuPM*z?r|)X6e;ow|{#7-G;d7!$$2${&Bk9!rXp5
z3K|r9dZXE1i<_CUxI~XdA2pGLs0AQ$DEs%viuje`5D8H*z8t@O9#SxTJu8#b-WXMV
zF4g7~%MljJeYdtH0hzHVpd9A?il4P^)kc_RmWn96wbIa$SgL_H!Qn}Y@%3o{V9$z`
za8BWkw^}C#tH1H-B8yp>WgpC(=b7NfSv8Ygo=z)dw0>1sz{jlYZN%w?`LRffWIHcE
zxWx<Jy%qjjK?DB*X_!CODDUk;{@-gmYz=<u8FWer#K4e_yxkXVw0Vx$`jy|orZ+S>
zh(H7|`ns=xtAkc)hw?sLn4LY}V)UiaqC8<RXWDFSdJwr8=nkh$qxSrJS+V`4+Vl4I
z3mFWdjx0Kl%J;==r^&Yc9y`vial>2k=Hms!aY6TR0nR?5gBB^OhaLLaTrM|i{PD1p
zmWC28d1bBwWLL4FxhGF9se)=rjOkTgxPOjmQFxGXSYNTzVY7zeFv&h}<$frbB_f~=
zN9OmT@hlAAoKqLfa%`A+-ou(i9`PKZ@m!pIn~jn#fG?yUC1QC+xrQoRr|=dJa9fI`
z13?!}2~q5L$KA}?;Ca1}c{ANZ*D}h!6`akY@%&l5M{q?$gR^5pr@+@EkCoHR$r9!S
zWl#$+Eoz@8U(eq<Ep~aAGe0bEWBCGNTgqJ@u~$nB$a)#$tB^1FfNBChnP^}y<tiy=
z0hkW>hC^Yf!24AY9REX<-^WU_$A+`VMr#bv8S`*i+kB65rp^f~v=9iHt`(d>PBLPE
zj2QQmt&Wze3>6Q;O2FVXbbm)^CDFs-!}1Md%zP*|{Jlg^yq%ghc+0-o<b6l~kWy+n
zWzNY3&!vk?#F(O06&LT^ERLmLx0f{k>qZTb8GUIYndtkA6o2Qz>gB3w9J-b3==|M3
zT}ENnVQyC99}S=(P`*Qsz#rB-(;GPy;Cv#O&`xFHL)m8nKPJ^&ZzO&_&9|+?TZZ;l
z(~gY|YxI4lpOn`>v-7x%Za%3J{w!j@LUeXkEf&dnOu`1b$aT3ccz=tX+Nyr`qFk(v
zIIf8>oB{*P`!9IYAagGDu;SB;80a+r1$Iql;GUNkjhUMA{ZGpGS3EaMUtfl2rcBHK
zs6j&9&6|qzj+efM=zVZ-3|^0R@eVq3x~s#P?rEIEPdT^JgiCxME*>IYKJDAD*ERAD
z;oj03i5M5D&=m>55Q|($(;<sQd&83lm%s?O-kXFI!P0kvIqbr~XY9{{0-Fxf)=uA;
zWR^jk>8=Jwn|c#!h5W|38-uJ^erSi|PFpK*z9Ri-+Hx4I2?Bg4_zIK|AcORoR*k)h
zVv8wH9E|6#nPr~gCcA3CS^!F!nbI3jl}Szpfha}GXuf#8kmk8_ik0>oC13<9e;Bp6
zA2L@9y-*E0ND02W1Fo$XJ!28QK@_<`2{~dsI#wXil{(nMyrnJf8_QlT=2Z|mw*u&m
zOAjoK$RpoLfi6YqhmbD7C(KF|LSOCre319u1yZ+cWF(~Jo|A9Yk;_lel?@OzVT^x?
zXa5FE>A$lf%u~-Yo@3=0UwNA%ZTrQKmNdHbF_o;<CrCd#bZ>MQxpF5AR^agrnrRfy
zayL=-XKW;`eEu8Iec0)6E|M9*a&8Ml;>lr2>B1t(xm~0mKg^3QbG`RT0Wy|D7~VNT
z)9A1QYz*y^|598}*zb^K==W&il<_f-#FycO8xDQaEjs+wuJ*s?$RlI}LxyQhf9j;(
zuw;7dec>tK)O@3y()aC9Vyie5=f^uS%ey8fM2{-JV_k3PYXR@ztv1hSAj37^c6!i5
z-YpHEgz$ZMNZz7?eB#yci^e<@;bPA{o0Bw@vkIEm1Nw~+$9-e1BQ=I!*Fo^|hQD-`
zH?h<w@n5^&#n>7^B?1&=1fCBl3ZMp^c|gTV);Qi)_E#fa(uP11#T@ggLBWdp>x+tv
zC%c7T!sxXK>$`l6jHiMHRh(UlidU9Qv9h~#hfoJiegD|mRn=SPZAOT2UP=RB(n!07
zb7yAt5?#4-3sSB${CFi+Z%BBQ=Sol~;iO2hiWq;q7)K(h_LnKpGAPm{C`iMEXlF7#
z4TG7<h^CSJTQL~KKWr&7YFfLYHYi1yy=infTnqt3J9tkm$d@w|pf-yjNO8HHs8n4v
zTP>7tuarp+zM?ocv)Az*ar0^7pKyN_yes^lx<r?u2Y!t8E3oT>zu*JpKJxvfpp@$2
z@~%~=JgQ^w=J1wfnPY_DX4j6K)#)Kt-HUj3(cao$Id`l0RENo`$0e=PwhnLPw<b-!
zSVYk#l3-9%_w!&5<=ZvX&TTn=i^_<bAM)5he?{vy3B3{`v3!*O*f>|GGJkoE1Xc02
zZlh`NvT!yc$k1%o68y?>cGkYqi0b!W^?LEfMmWrrW0mjyb5~3o)7CoHwH-tCxrpj(
z*4ihW^>AGM7#w|+ovd?X3P)o*13CTG)b?)_(Y-(3JQtyCBAX-l;J}_OijeWI+>UII
z`;nbmRr{ZsW)Pl7*uJ{kOU7pQKIcTirt!>?ls$R4dKaj=>eIH-T0wbPXlXwv&5!j?
zNyC~#oycr`9vPS2Ud3Hf)Pk$Trg;vpqoA6SD4Y^6T8M7utW1!H>`LJ+u73S5`JrtL
z>2Fyvx2I3HL5IICG5fyc!xpLqNV5iYq|QVYk04Ldz`JIL>RHO6CXS%mzC(;>gb7oN
zP-)?rKXHPbD^jIMGNXvEIPLxAev)uPjw=T=W2%(K<sR-JX*`pFSJSL7;niku!n?c(
zK|N@!ma1jh7eyM)AYI<KM2PdwNBk?iO2fxYh5(V~{tgI=iCXAs3z6U(Fsb!t%exhK
zXtA}}W@YWi0j1f<0F?)|PNQZ%H!G?p6HV!K%hMq~1=qKZ7~iEY2L%mU^cg7h{}V6_
zF`Xf5o!*HZ{#@`GN9vw;;hLzb5aj?T$f7WisAmQLDi{M%9MloeLJP)AK++>Xr8FEU
z4?yW@Z1K0E<7;T)Ul8vj(`k%~6=)uZO_^T!%6jA$nU6zEE9L6u-RNu+X6Cs*eeU%m
zm}BC1+yc5&L724%bc~F$(Vz@aKw4A`tM;7v_tqo#g)FZ&)b{<EW&$MeyI11S=$K(e
z!nH9LSn#vLClE|h=#NdeOv!Q>U4{_aeK`ZYo5F~c#cP#>YqiA3@PE`i5F>}QhhO*#
zu0=3)4Dh)9LYAxuz}7{EPlt0(dvCQ^>}rv9R$3U?c7S}Rn9_w`g!24TV)J%_njg3K
ze2*&}9i7V6hdHob7v_vilmBtik@@+S4gGmHN&N9rxAd+jiRbZf*8TB<p3nO{7wzQ&
zpOJs*njyj6)9njJ`-}U=4}?}0TU!sku-UlGKWw*zIq$DVbxOZP{=P)n9rh#Y`Utf{
zjKcapc=m|T>ubkN7HLcx`_Nk==Llq^WE&F>^<teMrJp*jXR?V|v)}bO=H!`h^d>a*
zSr)RczNzxyS=k&x{SopN|0zwSovTn#y>*acnOrXgYwj||<a9XC(&@K<+8!~<Pu&P{
zI*XfvJ%_8F8C8w1A6bkkmQM83;ChRX0J$9$pb1M>LsB3me8rwFZH@3Kg==OalSRY*
zRE!A!gqF&2TR<nrPs7A1(;)AwU>c;MFUXVLTs@1)14<0iJPBa339NiyD`5Z%K+&k{
ztl}-|{<5%ytU2>Mr`KprT|Uf&^NN1m*%k99WW1mPKdDqR*MqnWxm_ni%Sw!#m--(U
z0prJCyeo{YMNM|{uh%xhgCX62fW+W;W;b_TiJZ{z=OQT9y9qIGv2of!DqrDa`E)91
zdBY41{F7y=x-Gc4_)2jv(jBVI%wxQjXXW7^I5wvTBWf>rj$OX(nAqiGO3dm-yw{6l
zmoJ+dx1Jd<Pyu~@?G{D|H=-axN+SRAY^M=}m}>6BgpgIFV1`j<DC^u!MPk7D)S;mV
z;H7&4kHNRCP~Y8O032nTP6StgC~;uQvs)`o-6I-zy*G%dL-74qrwu*gUMlt5PW7&D
zE&lo6Sf6b?84sUJ2G-=lalDyjHtH!=W}g0#N8aA}yL!C#^&#tTY+CaXxZLpZKJ0mU
zoC!d8*19vB4M5lZb$;H8-{x-B!Q3{nnbWc;*)E3`z~*l|bSj$FQ2!#}!vWbY)vHaU
zU$Lp)DlzmCs;p|QRE`xJF;9g6K++^Qq_^~N;G30rtq2eh+wSiGK0;t+;Z)5RF3QlS
zYJQP)Cd+8LKhC+vV-(+xW=J=yb}bt1GI3_Ivi9QNlM76pHw&5E2_8Q39eqWxyc)2$
z9yENi`?Me>hxt|B_Mq<k0R#Ety5oaAcWN0#0@HVRuDn@`Gpt%qU^kjg<0134y@p6u
z1MvzZ&^q^F7WwNG8DyV5u)k=c?$zQEIN?pv*W2no8)i=yQ0yUReIFDmXAz-P6nQ(F
zGi$NrVPhL!Nstseb=L4y@Y&c^n;#J6!rtYN^af%H9rm$)j9syWJ}{loz+U|Cq&MU#
z4nkV_8*^}E?&L9E;=x|ME^@m>vR_*tlhGT>5(I{AP6h~MdZczkHruy&Pxn;794t-!
z%pb44U~=dn;W)CbZ@hSvZQRs5;w7m{c!xCUaQ$avpYGwu%P|LFzPL+ht3Oc}GiSvQ
zG-^d_#i%q7yE0CfA5Pz|-<V;uD~<CTtuuA|aYTE`95o%fu9vJgl={E^dwVc!SbCBA
zj8{~h#9ZKbzm{36&*tK9r9E6(IA1L+X`+9=XQ78&^<iN=@xGq(_j&mJ<q)Yo2Hn&3
z3qkwqkPbqI^FK>%m1SjRv9`KP^A95~91IzBg4X`aGi6D^O6-i^nPlf95CD{~%ODe>
zoe^}%4xT&_V*TbTUD7e`M*<`(fVMZValcrw8LaO~GxgA-u72eX^3-@UnlqNE+UhHW
zX?&*jDqvy_Jl0sOoj6djEMse>Y*wB=DQ?s#EA}8Wc3*EwGwxF^U~_Sjd6@}^7^q_U
zQ<|?kZ4#xZyd0jN2Rpsq81ZnGFdZF->c8h+t7!m=rp6mH=8z*;L4f7=U9kW|%he*K
z@G-L)oG=Eq6m_=!yJft_VV;Aj!@5<SBr@6-RFTF2*&Mi>mA{?yPZ}*Cpw2Gc_0J!S
z9!W!^6Eee7o;(81HYo@{wHx31p0LM-{steGsX`z>Bs0q2dU|T%^_6dS#f20G$`7c)
z|AYQ@6a}m2bZ;Q>x7>I&6}P2K4@`k)b<|{<kG9&FDh+Kb<j(=eUHlbj?6nSrxt`t=
zQZ?U)v$V@8l18L$ioZ$4@75mH_HTNfv~RWYhyga9tzEtznQYzCPy`YAc(hpyqeqdl
zdCe6r0>QeBmrtJhF-N1}hV8{Uzsm^mOMQSMe+=kr0A6N{bS4$F|Ip8rL(2@0hb?&c
zTcW}y<;6W>gLp7t7q~8}s%&}{jE&P8B5fnZJWB^RnSU_wt5#K=2+$xtisN+ke#G>&
z!}#6QR8rDpdrphveIE!OW3uq$o6pO$%jNO*YAvDf%T=wlKFykw&UfU3@g&QqbP1|r
zAO7A_D%7z1-FTf0@z|V}@~wr-Wi;mOtT%vQ?$xINIt4(tyoA%6U1Wl*h0lwvT*m<?
zHL)_e<CgEoij=cd2y}eNuIG?0tkSF{4;bIc|0W0(u~L@K`%SKBqBmNF%lg1iltuaC
zxGl5LqQ1|~e;S3q+KU^k=}3nH)Oi4KZd`JK*i)gND&K$Y`h0~Tn*tA{4{%3>c(87<
z5dzNySeT;zafQbW*lAjkG?{&?kjig>8kwVzCI1%BZFu&uJ_W%w0F*(%_s<$V<p;jd
zlMSkr{)P2X0|<cN0b9?LC&26tQt1HKH0hT|4U1fRMbuwy^nR<@Y7635JWk>MJzIj{
z_Fvuz+*5PgWrIaTPXgGiL3Hqwonx&^>n9uqI89Qb@V=b|JZyx(rjY-sEGe7dR33k@
zeGLJ6@7~B4;&JDgQmcZRIk8F5ok2tcC`_i(=+gC36w6{`_?@vQ1`;kTdzH7S?#KPs
zpa%iC5B`xYkMsWi+AFQ!XEKdes$m|fSs9l6I-d^+K@AfuASrQ)=h85>aUUeoIH+F9
z5+lmaa(#JQ-m2Nyb}yH{8FJe8ks~>s;a58PpS>$JNO|jVgrxbNbLEBeC!FNIMhWx@
zd3Z`6<d7BG8?BNO4--Jpw0?62Q?^cQpX(lg+br)KUj1vL(`y#bFE}0W4;0PS#NFj}
zVI>}uP-m;HEbC9!yW+5GJ};d^pCI_hapm_)Xdz+(P=FJ3cX7ywMFy*8j`N0rzr4od
zvfj%}7I)cPh*ELWP8Y6r!q?2K?yGHcsr0eaqTYSM^m1G$Y$Xd1rsbuM?clI?#`_O0
z^zd|yH@f_Zm$QUd3m6#%c{{B$g{**bI}~1RJ@{D?m*N&dyys*ZP^0}a+fh)z(&%N<
zN9GUu*_~(*TONGIVvG_mA}B1IBCt2Q5_zPn=2MtwaQ0uwLp03Qel4F@@*2*mL?<dD
z&KnUaWmVYSFs=7~Ea=vO$&6wyhcIab2@;jPshvU_+z2!0(~l4b@smDnxBCy}qSP1&
zkH85JBo{X8lrg(Ukg<#N{3Y`LUjMbru@2!eePKGg^qPIohI(u<b9J)DT8$4&0p{LO
z!d*ZbWlXZYUI0JXoVpX+Z5psj3(oO;YephWS`drWL@DB-mEZW&;ebp&fHbj@G_>`&
zRp1OTb)(P8$redsQ(QO6pcIZ8xt%(;2vguiFaJvGn4ZQpc)4o|dbq0^9ziboR@m=f
zRNmhHm2hb>@zi$bvP1CIp$O)_5Yf?E_iATWz8|0Jt3_v(881t^b=$wIzH=7D6ETWY
zQu3fg();@FsuOfPfK|Vw6f|0f-okf;S<{p&alK7`>Og2`L~oMNvaMEjJoG00%{rQ-
z>luB%S|HoR1OZfM&y)6{$C5z``X{CkcC4w5WN$1FGysNc&hIbe_={{li=T>9TJ3n`
zqZUf=QDvar8oe25AUDR0W39eg`e4)6xT(Kep@Y^ybJB?8$Ze+dTayewWEzMyemcdF
z0Cq4n!7F7!#7rWGOuxUr1FH<=8o;j_*%-~g+aOc;Ah?&p(gvUcCp?oGA!6M7^i*Jd
zSkX*6<J2g}G0<JeV^iWC6kvb8oPCxL6wwE}O*=ac*ABnjiw&Us>;(QN!6uWC5#!|k
zjxi4uD$vx*dzrEqOD-FW+)0y-+zpXMfM%&b-HE>1CcMt6`Dt7CsLjj2xVX5m!TnQ=
zetwt{L&wAUxrFDs*Aa@~Gi&W+2^EW}N4bvkQJ>GhvH&`I-`|WZ_kJ7l)5{8wixK(N
z{7aB&ScQ7$u+xGwm$;wD?dSiW0TB*1LbXnTwWJFe#W8=>85n5%*sI{_3f9ttqWOu^
z_r=xs@&F-aH>1rMJZTp+jt8^R0H3D?-`hG8%l_6?(m!V*@et1ps2i4I1gjR=a~!$n
z0<ASeeXZ<0RwYnpe}vB)Gb+zvspQJF-%T7=FS6y$9aQBr5ryv^ItI`_|M?Jn!VcVZ
z!PPr7b7ylkR+Ir5qD9gZr20+rMH@9><rC=XNmU*fe^w?+CW`V*OH57qlRn38DvkdY
z8#kD9L2i~F5a2pg+Vayl{wRZh2NGU6j3r$07Ti*e>zT!V>d$A5k3a~{{yt2B6)DIx
z4XAkaiv{C5GsdxkND0wRw&}0HU;`NvlblyzdlThiN;QxwR+{8pLag@=4@Y346!tg@
zj>7W+%>dw+)QePe!rYTv+f26%TYg7%M3~Mek$?H1MvIK{(z+Pnx0U-Tx#SN5|AEtR
zp;Sy$WKCSa#%MG&J72GS2Ta<=v9>PJaNvG=XW1S|h;flLap5%cNG<=Ty*d!?8{u^s
znHNGFg<5lwr2`2az=;jd3QyAU*puu^;U;#b4$i$=h5S2P`izm4?~q&@RuB+<KCFy<
zmoe$k5Z*V*m;x_Lf#A-P{4}x1z`l=#qEyMhwa!G{!4dtj>LjQ-n9&1PjuGeChHkyw
z9nci@#EuM{w~snMx@})qF#*aV{10V$T@`Hy|7fuoqsx!H=3^anrfN(O^IpM<aO3VO
znKWdF%cu;6y_F=ggZC(ok~fUi-yG@O6E|7$RjvhetvK?rEWC7E$R%v)tG0)e508VZ
zuh^<=ALp^dA=rPaA^zGlZetr5p1=1Ae-n_ic4Q6I0bZXhQM&Zh`InmlI)zuJnqCX6
zC`0=_yZG8)moq>jsz0Eq`|x6OO9Jffh>?QqRt>uKEeY<1b^}7s75bh6ry`D#*4x^f
z<>Su`B!I@WTst4(y{3Lm2RtEyFL)qi^Eceb6T5joNd>&RBdfHbG_j*9k4)thdB*q#
zZvkVxS}Gmt7f_-m_QAP@yF*JOZlVL7u~tA)Y>-^=1<3-)f5K2qOu8E{e~wz<`(K{6
zs{hk1P~pn|BW3Euf!Xs5(V^<8wE=PN;|>ft$lzq?Eb(84oa$y>?IVvgxI&y=c!q+^
z0?>Y}!gYfvS9`V58j49(aeYCI4y~9N08c>R3)Qen-CqGGjmsGi0%H8-Ii;T;?X&Tt
z3~>fRyU7cRTalkqWw4<fu4Wxly4t{9Q)OuRwcDdu*FdAdz~{R(cE8nd@C;C{a9y&%
z^A#No+vB^i5~?M{wuPI`v}JPsIrR0M90YGitS%oZth)e)u+c>G$0VMJ@-J?lhHo}1
z8zN0rkUm7y-Do+HxTj#;YsLoi$cws<b(`<S5B<#jX;7oLWInU*bWe_J$>B`eNHU=p
z%zU2A&O`IZ`?&$Jy#&H@y;&F1Oae8NxIWr>RM%{lCf{d9{KFhK>&AZAt7lloH}|b|
z{M_wzA-}QlKX`nJKkZ7{@*ET4!uTCwjrr36Ril<}2<`)k%IuUF(UZc%z(~~0VsW!>
z@z8zC@H6oJzN2ug;3^sZs6_&j7Qj_t*9++)cra5J;6!A8kb!9yN+o%Vffk5~{Bc)m
z>r#j;+i<(3tvv9-R0nz8{`w-`G9$n<P3Z2&&_C%iH6b-!^1<2UEO*s{kJHoe&$IXM
zdHxBR{NJtcA9HbPBye*<f$|^?n>$&MQ*Cm+a&3JzgX0_a=4B>%kjt>qY?gb6FuG_1
z53#-4h_Gn~N@EBXsQG3p^l#2n*QabRGnQ4E7`~+kSTYI%j?b0rvFH53tY#t8LT0Og
z=W7rVR6iEV3CvYG&QKQAmuC{36O?p1Xf6kwvzc%30uMu>F3!z&2E9Qss{-w>ec0BQ
zU!5lWLn%F&n_W+Po{-5pyS7VT39KxmZUh9p<L3`w<NT{!D5Q7p4xl`Litm|i<ZWfa
zJMY%|?WhU+cjcFzNZe8Y6#;}qUR-yuQ6>YsH+w(%@Y=wxSf!^w%itJk#|?*w9cp{}
z`35y%RAnLQ5UOHfWeDngeD4F5ywUC;qepY6cDtdaV^*kzL(Nn3$n`;&Obh(25Ko-{
zo?4hMr!Sy>KvD-V062Ja?#_{e6pLt|=@dcWK#)>VPD4$R@%eO}SJEyCnCyMsKM3_3
zLZu2}l0~6`eFJ1vfb<3_Py=S5N*7?p<FGUmF+n2%1{T__afPPVo88MkYQ@lx27m2A
zNp^rFPoBJJmY7?)tp$3mVob8~z}TaHnd6I$I@eC?i;C{I*Z*KQ-+!P!B}9XWnSaDq
z*DGOcpkICb2js=72>_7`gA~ux6c$iHO;w1Qf$dsTSjHdo^=JUUhkpuO2ElNGMn|@b
zayJ7Z|AS2+Zc{kmo-c3TQ@7bT*1eyX`Af9wG$nE!{+cVQ|ClQ{MF^&JXS9QMq7m=z
z95K`l<bSbY%zx&ppsuuz+zjIgZ!4s{(;{ilc?HkUceOt5pKRFXz5e@QQP#8OFuC#R
zA0^$xlrC~*<z_9OPk?^`eQ4=+qz<3#2<}9i9CHQbrFFYY^MiMDJ$`pNdgtHLuo`Y~
zmzI#|<fCGIhA)GrdwBV`jJ(EEnQ5_`sW>g$oSO~g8VhDv3Zh#G;W)R$dySul9mPYB
zHQwXMtr`@=yExT4$2ufEIO5cx1Ka1K@0r}Z8BeTA+!hijWGTdp)wLZP46=`_*uFq%
z7{l)d`?|&gJAw5TTnh)--C)%L!Td#1Hsh_HqF1q*Te<1xI8mcqE(~lJ4Z7i>y(USH
z<Y1|?jH5+LB=tJ4YhWnL8U}+<Ro8(qFO~=|R)CHrWRHC%%6hM4`KUK3r7_$MgX-cM
zWF0R%8uXyRhf9+*kk`QZHnik93G&qq@)@paRR8lDb80R#`k&O;@ag8S+W7C+&A8j}
zRy73OvgJj9Hh=b<w3`p%Tb;xl_p-%JDeypW<8vqXi{CX^@en721n#_gH1bXnH-t^W
z@9p=H-$`Ac8}MJ>;M@!&S`lx!mV|AT54>xQ4LbX%0Fgm@Pm6WZvWwRIFcgh$+t+Z|
z{IJw|){0)2=6V>0ddgo71jBjj=C<Q*A5Y8lhb8;x%e(D**~geRwVjpQetisE>*cmo
z%AtYAdKV~c^;;l$|E>Qm>|p{?M$1VHB+o_6Yp1`l(lrL=i256$<)C|8@wz)W09pW;
zp$1W((Ye(e)F!Dygk+;?M!|-iW$O!)wtZ{TJ9Cg}`mXp`*J7ss<nU|Zh^`gC1R+_C
zD>##x>wezGNysz1vm+gcxlRl)a!~1hkxT&VoQqp=t!8yy`>h-Hyab-vrme|KV=3H}
z6!aF>@kIDMuuF2FxjX&dogS~^L;$;lscCm*RkbrE$o7-0^~TNaGw6^uF~M%K5#tYf
zrb^>#=B3`e2mqe_W1s!!P#}71=`^^#2JWxRYsx?4Xk1^@L40!aX5_fH`+bEsFm$Tx
z6(X7&<8#*;`4JuxLhx!g=IrJprRUX9*vo18%v<%F^N#n0_1kK1j&_jwd$rtdfpAN9
z?1pD^sv1-3Y8&Bo64GSTT)*AkG)i*RHmXi>H!|6CaR&AvSa#K&S&wIrByIGxm${4e
zV|>WwHvG<z5KLa4=#9_k5;Jcn?lyjuJj^I{ent+m_P}kTQg_*~6v8?ZBs~!ZJna@c
z$;qW7TTHJ(w8<Iv(i*=qDA3Atyf54!uGpWsyPD^`cMJ|}l1{4%nPp(EWF?G_K6=*@
zgTMk&!iC%SnS`EA3ks2q;S<wp4L_w4b&dDLS8#FZY>P3>AUXkZYf{N*Hu?A>jUK0`
zEbBJvs=?(RCuEcR;~0lfx9-o=v~wi&eC3z!*wb4uQ2PJpVFTqJ#KHd^*A)S=_rc*2
zY;)%Zd>z?`SJc^vsp#(X%nM(LoUSwuYcX4*T$}rW$;y<N-0%dTkj#QdG`GVRi*&--
zINNJbvZR-9V|3Ne_sA>iAUu5r8_rtmGZxMc@lP5?*NccA?Pde&Gv>gb%X&7>lV6b?
z-=Ce1E+NxHn%-QV<<CA}3e-Kh?utR2o`#%_>%(NEcAph;MGN$Oy_1gnjeo%Km*H|k
z(;ud*f2<l&?gb1O+Xs0<4?bK1{Xp$Sc4r#%B-pK5VO#OIv^cZ;5@S09gmM*Ptr;6u
z?2Tb{ezAM-b{d~-o*SA&^6a^g^C(`VCw_F%0J0O8g2xQcj+SE1WI>i9L$*TcQW)2V
zW0$px#>`m_pqUA|n6$lICNnUIKP>IKXrh9YELbP@;>4ixc-fz0)-xdHx#sM8`ou@O
z#OEEI>~ok&7*?x&dUcp^346EX4P<f<DN{Ro_TYPo78q?E-)(UE$eJKXzJ&UZ<cR^<
z2inuWv0C1#8{1zeoMfsnZ6=(Q)aXr`PtB%Neg8Cy)a2B_bv(*I`*)&AzEwcgSM1ZP
z=9cYbk5vIL>#iK=7Y(Sh<JU6{Kv4u;2L3}?zZcnYrQ&IT_3IU{*2niN-UgbktFDVN
zXpevEkPg%t=yI^k5I(iXy&sx{JS)gLKYj%KQce=eCzj^Cfi>zy(eyl#DaIB>jF%(n
zd`L>aSD`1pI9kLO8wgPo81#qi_CNY~IwQHlLJa4YF>SX<sHehF!EgrC{U1{=2MDLs
z4#`kIjuF8OqV|;hSsUyRWjb!_X+B!NOqQP1VAf(!geeu7)8bs>`>=!tc5m-MzB7{<
z24Dmb^#{U%Yzi@6&MS-D^^v08@CFhPF9Eni%Nc!-xU}6E3-$ZS6+=6ajuJb4K_&=H
zMS-CYw%~`(90z{%kZGsCJLP2mhJ(I!C+tF)1B68W4qGWQ3G9omFIISN4K_Pw(m1}X
z5(6z-;J+`7ow~8#wddGJUJ_mNjtceC%*nNM#2SPmwWYbv@g8%sFf#*S$1Djnl%piq
zvv;-eJCAGwME4VQuLvqOZF~1eock$%{pN8#NAvYuxJyQLDW6ZvW@kuKHLhO-^=fl(
zRjH75JV)j&4aDlg`Q|bJ{9Fi|n*i`r85l2<ZNF8SF|WGQNb2PjSDE3fSFYGBFj&>@
zjjKmg$V62yfHqD5OR;S4C3IJ_3QCAjng;KOFSs*_+%Ch0uQjt=l8{d>b-L1xV~g1^
zg1jG<eTOYzADSi-+a?z*NnZ}zdI9kU`Bs33_GB#&{7L>AN21WB3xR)~XJwt@37@|y
z+T%Zm2fb=sJgN(c4)>DAdH_`d1LGd$Hb~G^+GW#`2eC76DpgmeRIaMzLOt#yp#&8Q
zuN&MSn5a@O)T*hYr2{8{h<g3;2Dvwmh=?#yf05aL8)E9Jh2V{G$a+`%y;rP!8e%zF
zTY6oDnqYY^8&mmv{oMcrM08pZq4#~MV{ptZ^k+7RRqw`M7ttPgnXkxBTfTkK!u9lY
zI}F1;wQaLu`7>Syf67}e*S$sw`AY)HyHsjzGv|#refYYI;{VZYU3PBI($US+-<0WU
zYJXisL*uk^M0;?Ne<3T^z+3y*6jAb$ltsjUp+wB+^*OwhZRiIfXC%Fs9eef#Qy+Z}
zm$HLq<+<~URhGmV_r-5fCJTjzx6EXB?|wD`vHmmuAP%egucP$DdfYW``g5MI@1lBV
z@VbM~I#p68SEFFnWY7Rl0zpY7srt6NyvYI)CVl!s>em)m8mL;SH$pC&V4N)81`0pl
z3m|Op|45D`^B3HHpwuN3hJiqOEOVevu^*4Jc&=KY(ogaHhLs@kz>xmo%Mi)|y~VD9
zDyLCRK<s;GW;!EK{Xg+X^tKK^wK2_-$o-Rcg#GXH6IN*AY(FR+P1qT;wcear9IG=X
za_!#P@z*ye52Uc<K0YS<L%6E;JY8t+CO|yud7MiNFs-bb?Edkp=u&~cD7|VLc@5A1
z_}m>cN+a}m-WR}}>+MN%zM&}wp_|5KZx$|eAR$cF*G0tCo>H_<uk2}(u~(gRcfXrg
zxcHZ<0*-zA+$2ffELnyuSS0T|xzjq$o$nS?{o_i~*@vB1!zG&RVN3i&vkao3<afTZ
z-_%Xo9?sXtHc`|DIgT$E`hWA~77c+qO<{o219cH7lF6dTQ4<JZ60q?raOaf(+`#{h
zvT7PI7rFlkQ6uZD_JU4-E9_``W)H?v0E3oiEaiNtQZH?{ssM0Gn3p7A@}y%u9fhYB
z5$T_P4N4b?OT(4I_QE^#QEN=mPf158C5y5ZN;GpFcUe_{@QX0h_y!QzL8$}L6MfS|
zqhn7*^mv;WC*@j}+Fw$x$u&*=cmAR6smPR#Pd&Sre5!=2KPI>?RAzZpbzj_i2h$G+
zhVLI_|9bQl|47{a2!g=C|93&w;VMFz2oS$xQ{7$tIcq__72`{XqcE_oz=R`+8xFKM
zGbNzMOlBg9$p=w_@F7tm5(pm_7{oo*%Zsx95X?~&;z>6k(`2Ab8mNdtt&U+dam)<w
zN$xfMYR+DS3owMJKV~<TJ$P;OdB1<tZyIK;+=cH>Z!yRveZjRJ;%PVw-G>WtZFGXX
zRWa~9iY{`srD7w9BACw*MNyT=!WJ)BkhD$$^TZX=k3C4OEc{DhuyC%QMNW`P6KdmZ
z&-~i8usM*SEUFs|f))X315%604I%`f2g2dj@Gc}qnjJLsUVELWfrBXB`Zsll4w0i!
z*V;R7K*bz=C!v~LC}va09ZY3Qta&mUF}De8=;V2C@QYz!jl5lDk$V=y>2mD#ywv6E
z9I4B8qRX1!xGaCTaamFV_v>gKcL53Pqn!+eq11CP-<?iFcL!7z#7+Ti9V?1_w{Hy+
z(Oe5jRA~}2q_btSv7<(nZS+CHMItOIP0HS$)R~@BJo32Or|*fBk-$)bx18Sg?m(`F
z(jX0rd-bJ%$}|#4!~w4@8f_~xTx=|jmeQ|pX=VdVE_}%cX*GmG3DmTOK#)Q5Wrisq
zL~oe^fE+d&Jux<1EzC8kjW{smqjOXQLET4u;;F^zMNR6}gmEU)6gK%@cgr+lTm`ti
zD~LvzDATf@i&F;)<hmcJg5*R0=aKzK;>-{4?c717qGN5JE32@_L5zG_o-lV1>V#+W
zwQ{Qz-{&`Sr4~dr6o7FMF=)_i_27}n{+%g+J_WIS59!7Ueyt$>PKF}Aobq!~j+%Am
zj9J$5zVC^Py?0L0x<g-GXhg6<e2@unQqr>J857ma)w3|rn(^|1s^%0f%#uV_%byb~
znHLxOH$Yi)_#R03AgBZ`iFmHRPI1SCP4=p}|NgCzu9n~ylZ=GQ+>@NjUh<;l)1b#o
z3pGYy=PyMb_hXXzqbg;G%Qel?_u?4_%)evB3EpI*K#4hjD5MME5~I>K)(jILD1k|-
z7hEb(A;&EoZ&SEVEC#0snisetw6lc2fp+`i=!jfizo&UU7s-uQ<<IfiFeZRgE}+qw
z1WY^66VZ!N8LRlJXkLy!3^So>eiLf^tvC9SN-KN(V1jEY$?#Mj8iZIud^KhgL=lm|
za+VGtL=A8?F2m;y*46WqT?yeL$9`h(qu%w|1(jZ5Xh&~M-R7x9yjHC;u8_rUn;=jM
z<x29Vt;Nk*mxDr1$$<~RA&?hxFh5cEOcJR(&Q~$k`19+pV>xu8-dSmf1B%blNobaG
z%9{NjjEfLG);W8JpTcAK!o@mbOliPbZSRl6s+6#zdXRPf9y!`SGjy;^0Ky##zJ8R#
zRBEYhPcq74F%2vJ4YOp&&>s^WTbYK`s{qMh`R|bFOhFXCUS30-Hd(m*y)G079ggfn
zbs~i4T=(=NM>R6Yzk*+2Qpc$%(v><I;0%Dz44BaMR3Jz{AY(LqVyn;i6@GVe;c4+;
z1#1X7PpljU=5P}2l?@oe#1l(xjyQ<z7I?vq1h)4Z6GxDk11aAT_?Bc2v)usFk?$);
zWm6yxQmiA=BAm5ok-2Cg4WrjiESw{pC7w8LJ_8Clt$YvV2poHB6K}@Z#Rkf57o?6(
zs*H^#+b+Vl;M?a9lH>?s=OjGVsZUxvHVqgbY?>Mljm2h~E#j5Wxmtjk?RZLDKiFjZ
z8_O1Zv5~v&Z09Lr$86YgxG0p>)yjNrO%y$E5lWfCz%J(?=7fE>?kp09>fJ%f8~mO6
z<ko1V5^?LU<I+>4#!1n)NgtUKfpVhz=Pr{oRFu87ayBN!5C~wgpG@t*kV)4;`XitH
zrN@PXM2>Rt#+`haFs;XFZ?v62iHAMp?EMB$3XU%)ea?MF^c=7}Z;}6NAAjUh;{e%i
zm6mX=1E-+&`^*^kAYpbK?YXZGgq3H<<y)iq4fs&Sxmdo}u;e|49k)EWo{(S``5u)?
z9)yiSwg7C)q&lPRuDo))*BIUmk)v_ZN5=~uKRzF3ST=xu0;UBVPcN4Y^tJlHW;2TG
zdB`KEbpnI^qHp1%VXb9yG2!HlAxT0b>B(HG$D>W6R!bJ8DiLy4c<Q%v<v}hS>_hyO
z)v{SIt_w0QGp%c;J05T1{1tBhaP@SuD20oS?1DN8YM|M)C2|b&vNd0Uq1>9>-8X#h
zGfan+$A`T?L+Y&$W{dKgCQyE7JO8~&lEMF(I-GwUv5;r4P%a-o0M|Gv%pafjL#CcC
z_tC<^`kCV*^%mdJ4TO`{=hVMbD(r7=e;QgsgGe$B=)Ww4y7k|Z!5ZiK3L?$Bf>DGM
z+JTSjQ7Q>IL`HsLf@*;i>Hcaa>W2+KU>1K=O)NA&g6RT~hInJNtE(k%v9c`PNe2Bu
ziJjgezh2o=ec`d`_~2ICM}mC@M-gwPKe0GgwECPK)wJU|7Ge|)A>D%&8}=R~&5(O8
z8$qz#2y1w2H&Y-|r3HN38h5GSsHa+ZWuVPbl7vdr!GeH;!8*Z~;wx!5kcxgqr0hNM
zjoeCOc~SXU+jI#{Kz7)t6hJ1g@WiMX)q>~6twWHa-~{IQe;I6kbp0hmKL+F<=bT_^
z)~G>>;o?_B_=8)o$g(L;=sMklI`7{GfLNgG`NiXxgZr?)gX0mR#6@Nv=M*PuO8Xj%
z>4wrV8>gkPH{=*QlxS>o=Mxn_&A(4Rrc*_{n{${P>z<p5PkAg^p~i|N$Nj|6yc&l+
zvr$RgA(-NN$-N(cY3pHiSkg@H!~Jvp76wpwRd+PyH-cb(by4euGMTd<sF)yTJ`pzc
zvuJhutc03hRjj-=Q_+CAiqL0N%pY^aaQKU+8K=cN;v+78CE@(a_ESXR9Civ^Iavqh
z-OJce_IGCYwKg;e@dk#~KIII>1IXX*GRi?Ie)PdIS{q`OP*U^T?W@G?4|$$0`fE~2
z^R~Gl!1&w!4>uhCMI4M$$y-SH77mN;i&Fe)q~t}_e#R84?~-}8(`Z)H+(Dq(but#e
zfW+|+PCEP_04Ut^g2=J3!AdG!tJQ&&JJfpb@8R$$>8NDkLusMyAwm38A^cOr-cOr_
zhc-n|I~k*jAeoPR%89f_p!4w`SNH#8?5%^ce7Ej#5JWlzX$cjiyE_yRP!JG7=@w}a
zkd_c>kd_t+1q7tKL0Y7{q~oDGejDHOet-X*b3X6PGmbOH@Z9%x?O1!QwP`SlEJfU}
z9|)XacFB-bmZYIQm_iHn;YnO!+iM@SpK!j2O*Xt3zN2P$K2R+o23c3G<x{loni#}c
za47&F5ONQY8O;VWg{_Urx6mRI?-nba-j2fZ%b2zgk-rZ7AS-`7yOnk9CaWUc3bnGn
zm<eBg*|M_ZplIA{>w;o0lHF@?dxs-^Ws6WF6DFtES(kclqWhk{Lzh5q1A;^@F8ddG
zQTWy4Xx7|rdZ9CxBQ7bNY2T(CrM%Jrku#KF<0_5h^?*zG7_k;1*Ijom21LaFT>ny2
zuNBi*J^|Uloyzi?es~FH$U@fJTS6NymK$V#AZA*5V4l%-Dk^F8@s*kaU2_xXKsMLT
z3X7H_dxzh(xmf}7TbLDUXliNb-;^Kl5Itlel1};z(Rrr$E&bv3sv|1G|K$R>19=Vu
zYG|Oyfj$CA+@Sa{Q20i@MDSvE)e%JM%^LVCbDiR{eHv)Qkti)ECrdGJpn3!p77I~_
zF#PGqCRqQ}D``0PE9VvozdhT>hotMPgujIPKV&kR?XzWzLec%|=K5*Xn)Z2l{@tBK
zK7N3!D9+C{VgV1X8st5$NbF75&Idj_u8So&t5n!K!U!DzDkA%!DpaB$f(%BL?Y)@s
z9#%cj^^;^BdIn?U%#Z&PoD<r;IAG-)2@=hXU&y~tp)HXWYH20@Qk(pp@W^wBp(Zrf
zl<T*TW0kfq(#2;Vd~U6xJ}2<JSY<?-sY2+?&R?EkO`R?)2@o-EANYILBg8M!ko103
zZnq<9QIV<z!e>%07PJ$S9<!fauDwiAq`DggcjP~Nn6$O&ducbL#}4Th>%H{Ln@+YP
z<o1)N#PWsrRpDT=&=Inh%Y{-fo|~@1)Lp|)@R-G7Ve~aGF<YtKqajdUNb&h=2po8h
zxFYyuf2?)w`gC8EP#YX_e^}Kl9Q_^mJ9mUK@C(n2Jcb^diWdQQaw?f}DiwvC5ri0s
zn!~9FG!dBzlP*hPa;d+Oki*I~-%KqXi%v!pd=RiDKsTB?Otx2Mjd`H(jrfzuV-5me
zbav6kW*et=*sr35uM=y{OjzG(z$y4EyUU~X0aME2(s=lvZMOPZ4hAbyh9ph5H><7B
z4+ewtg7op2{PZ)1K_5i=W~gS0V$F`1yxzcpMN6^B(qfVO-sdoqLM>hFh{wjM{TitP
zgOZHH^Aoc&Fj1+S^j+&hiJm}$_O<phO*eI#(6{$?xhHO?;I*mnKZc6AvRS<iwZ4pH
zm`*tLjwwE@MQ7Xh2f29)2lM^r1$Zhc1M^Pf7dqoYQ6&p-$h?AAs}QwKDQ8>OHg8zt
z$SL_7$M4c1&72pKUmi_+0#EJIqY@G3xr4WL!!QiHp4#n#a5?y3#n!!n!DH)KX_4G(
z+U=B8r!G?I(o%f)PBd)dYwWw1OielWAWhbj0~JXN)=6jZ&O7x^*E=p=M=BN;O=Q9e
zXT&*b3OZEKW+(HSGw7cA?A+Y)X}0x+NG_RGZj1B_T_dEM&29dSbbC^QIJ+OzeZ}Yo
zZ*`7rpZ9c-**U#Zf6kmQ7$h$#5){7n2HprhPRkG%lr9T65``E8{&b=UyN3N=*=mce
z)HpJ>?d)t#>ddiyRs)EXvR+4Ze940P&$Y@$P(=KiXqOn{l}WmlEco6qoXeHOZq;%o
zN0np%?eMpu4s)#D?{QFIsJrBY@G`I>>!~AGO8eX&<(gspP&Dmo*Sjedc`ukGb4q8<
zUtYIrrDQu6Gtamw^^U`VoEv0Pty+k_wfB>JxhD6G?hD;Bd=!U+E3na7H;h{KhkV?%
zmhrO`@ejJ1GtQ7lY5eQ&4m~QCq!c)|8;w0)c#MV<DYibJ!aIGle8}N_lue5gu7AFc
zxV+)9e|bSg<w-j2aoV=hd%0-sd3`+Ibn!J6xtHgq(xrFZ#ftcovdfdQ-mOm0vkiw7
ztFkb+v|#v{<oI;vygpkAt4-XzwC<gfuy#xxU7aan_rT0)3R$}0e>5y!jfQl#%3s%3
zceaUC%8lo7(y80DxJ8r1I-}%q#DBCpNN|=mqB1OxmRhdCUCuydTWC^VNR0RTJ;m$o
z@F5a1FVyYr^x$o0YWxoJ?$r>kApQIh3$CJrFFo{&vkuqji_Y%71`h(E2q{1p_@d(z
zBAl$}7)vJhpJ6`47Rsv_SH<ec2qcR){9fn4-YB0YFd0jqgl@o@8O5Q0+E_DIv}DfX
zC6zfocCU;S*%}|3>dk{9N-{44QtRpYrPgc3t8F!NRE>wiHe=eqUbC2~nX>obH)WRv
zvYqJp<@Di02sHMwzx}?3?@j|cjG$H*xI&lWLenKlT=H(gAFd##F`^9!eh}WCc!GH1
zN^<k`KGW0pyZ6?VC{FPeYLC<Wzn(Z&-EC4T!q9!|H&wuIcp@51BX<2Kl97hz*{1Mv
zu;bZYY+bA8#coQYne8>Ci@Cb9+px5*YgmK_iPweM<1Ersf+ty~Y`D$y!oHz7Vcp*0
zTT5)+k*V8pkY_7Gw>sf9l4F&-+d)h0FLFz>k}4#x9C&LpyD9avdkwRDv(qVcE%~0O
zH@*~IKU>cCDEwXGfsHnEw0c5?SJHlvU|oBipB%A%lw(D$ttHAeaq!k-vCY(N|EEo)
zom=hsyc6lpdT{U2&Pl{9{lbyk<@q709f`20_$%={DB(0>x9Qyry4qU^xeU(V#^^si
znBrn#LKX^>qW5>H2u@|ku3DfRG{69JfD#pq6=%$7DS|u~%dadgIekbK4(ewwO!ovU
zJ3o5_E=bv~Y%{67P*V@2iP7V#$O-*^cs3e~Y{n_{>uva?YwS8Pw~?3(u8&A^PC8VI
zYQ_F@-Eq=)$UzGz%~o?U7sH)^)oy0Me%PA%Q|ZtiZ<yJbvR1XxT&O9&o9<*XFNy+G
zI<`koDt-%cweu94V}Wvt%!`^#h4fYHfMt8H0N(S93+{uGu%=TlWn)@(0xp#Mz4|X-
zFmQkR8hI>>pK{FzNsQo@!n3PKJF|L1e!10qi5b%1XkEpRFIl1DX@q2s!<X$qeAbD;
zwSjl^JU?`1+kYtrsiwNJ)zk^Q-t%~pdAS=GN#ag)OWpbG>$6eaGwl4S4&^-F?NJi(
zmYlL5jF=%9D;CJ&7dzDIm9=3FNR&1thtAoLOQ+p-H=cym?HtUu+(l9DIMSd<x!9VE
zKxQy@o4(i<-t&id<W=Qtgd{I0Htl&SiY81&{oCUK8jYlzOZ5Q;A!)Rrv1C5`dj=DJ
zW?OYO3oE47rZ89Zyhgg|HahY8?zkp1=epdH)PCsj9<oppZoC<>=6_gpY1JAO(lK;%
z^v;IMZLR#fl}c$3WsoFU8so@kIeyO8H_=u~Qmf^Sx#i=He!uGIP}8vv(^XQ7-a3la
z=kUKMe!vB$Vs{`KiY)19VN=J(Y574iYePK4>Xsn}9~9<80j*ej{~M!pKTe97xZx6Y
z#0PB1+`cb67Si?7Tbsqz&4kpd)5Bwf5WBW&srK~L*1BGwqgvN$GK#oEUg3P=F1mqu
zIP%YIra?5Z(>Vpm7f2Fm8Vz`2ml#%7weQ4<n(!`ntRvXfk&wPBQl+?W(|yY8QADwE
z;A}M&Ke?H5xzPKR;n_o+`pcuR%lfN-cJnLcdub~1lN?=$cr>~!(%<>6A)Pglid}Z5
zpdej@)g9&kB<Vy#isko}U^r+e_u`*+a}Dz!Gdk_&pEhu?Eh(DMuRPybU5r33@7*mD
z6MH^9Ey9JAL78HGd33wHkB)oZ-u=A$>OF2BUz{R1|Fr%8_vvx7VttUl^*oiw*Q3SA
z^v;;p312C``=1`$v>!fYk6p5=t0iUYLh8EryPO<{xb-HE%)@TEuLv@4Ju+2u-*lR=
z{0T~_jP4X1p^~?0jCD9i9yc)KsrEb0mb&1&IMp}czmlBKkrNwY(Uad+KKkUGe$eC~
z=34kOZmntQ02En~Aw^@<wWd3S8$F1S$C_$7jxTwbj0JL+Y=mpD4tdQif#nap0PeCS
zZcUBuCj%W}u6rjF$Ul|#87#^r0`$Tx53VKpbJCq{o;KRou{(O!H|P@e<OgEbQTSVv
zXvL{WF)DveaYB`pLm~6RUfXvSyx5b~os$*6xDM|xi(|AWYrI%S`08C=rJm-L^OoM3
z9W>;t^m1{LvPl6;8>>vMw{|ZND3I{sR(-NWx>nzrue5bv{EWiwVm@Ww`f}Vlm0$Q5
zHTJgW`TAu;*u^Tz(YmbelQ4?lds|JHyVl!Fp63c@$DYT+YTx#ihL9#Q=rbvpuc`{L
z*BF}9&s(DUfB9);r;AR}K_u}*MJ?%_nzVOiIJ;I)t!pg9d;dTk@hkTkaJQebM*DtD
z3*dRNPi`<9XXc1Iy!IgmQAK8dg@+cQ-=Ej%TA)6!?qAZ&`jLW4+wr+;@mT=sUAfi+
z)z!l3SCSszP^J-qo3W2G^@YP|9*lZ%(4if@AZd6fh*!mZW|sS{<qi>-C@4BUr!5an
zccvdQl_%+7S8dcx++8ccBNV=+P@i2!TWF*?;Be=9#)Mb86BEy7+!VxI^?tHyHgUTZ
z7Pwv4rtqaMIKIpHtVkuzOXK9yXZ<l$ut<4?sL|f(V0Kd)s5<NwW!;V^C{;LjyNm9P
z16fMzs$3JAyy&u=c0Uw-PgxhaJLR_9-IcPNjs^RCox(hNw$np;WdBQoe`TPEz4d~+
z={csj!+U#D2X%%8G*BBsbiP9{nR{j;@?&((x^?XkNeeJrE>=RJAh-aTjQnXYSUwM1
z1t!m*7<@3_w&iPL0obG__yN=DBm5viY|Qh-#+N_O5;)dN)52E{cPJ~#?9q>#upWPV
zz!U0x?_l=0pWq_l6*}R_c%sDfHfKtIXAKoft~XSpt@ApXDh6_)Fj8yE$sZID98lyg
zIrboVQiUax^rmv_^RRh+YLV6cIk~<2-(JWC`aLb(uHLDbK(G-|v@6SyFEQsnQDCvD
zP$+ugH%-yJ5@B+3{^I9is(M`J>DFKErApyFw`7_DOu{Fj#mXJn0%8L*CsHTdbfpS~
zC9d<9I@TjqLAi>ID=F4cStFBq-J^f-4-e7C;_+++CtgT?pnjPst9bmQ%(N&9J>I0W
zMD|?X!io?ouV_|ELxO$z>#=8NH&giy(|DGuEunw?y4{|^rLf`T&iSB%h7|YRP2tE5
z)CQ)^fisK6#~98&3emh1Xg*J{m?}Ir=K}Q0aH?7YGz92f675`fJ>GR>b3C$=6A|;s
z>XmWqvi;EZj?usAkjdfGo8<wM>{~MME@7S{Yv{T)=Y0Qs9$MO5`nIXf$Y;QXEYNg}
zW#wNyQSR7(U00jPUY}Y5_=yA~f0s5x<l_umx9oQ+R=!UxCB-76-7EqoIT%|i6zDS~
zbX|Odw=cp&Ovxqj*Co+t0x%%gu?=Cf1<Gput@)e&mj7S&A6})n%DCTigi9gvWJ|dG
zf3k#}ColXm*brQtg;ZRNE@qQ4<Lf1#7>w-A)R?nlJI&N{V35VIfVEsgE*zihE+=+(
z3T4Zj=K-g%IEu}vjz3)lOQZiE6*A}Fx7!hT-p-hcT}<w7MW&K9Dv~>;>oyGd@1com
zatU>;DJ^S9a1Q%V&OMlWhe3+f2GY8xU98imxmB4@ohWa%_CLpen_MCm)fI^uU*xsa
zLlqjjf7psJ7^xyzGyC<BExKVi|B0<j?mL~=?}is%uEbY=SPP;B{KSQI+hWU|d%d(Q
z`S@tdWAK|IJihVVCZmFeFJ-JOk$J-};N3s(;k%bieBR*ERh~Y+q?O8WUKC7&?g+Ji
zv+qwNB9hl=BrSL0sqsTd>$WjurTTsHw`jA(^_fWj{WeL=U*)9++3g&g@;^6zW^n`Z
z3|cYp?jgl#c766(kvnS=r=(HfAsxSj$2aL5ou=!<O>t|6Zl}|Iss0KcNFKjh=)~hp
z?rnaAYK}Dm<HCUL(oE`@tuy98Ylxwm%-)RqqrNo0(!2HtRt4o#+^ON+vj!v570O7{
z)0TC`#-t7}4iyv3IIbm)RdcAmC0;Wk$d7z1NNTrr&zz&##r19P<F5od6gQn;u}V9B
zt|95%Z@~{Szb<Kw4{QYU3<4<VCrwcJ4I7A<7j_F?CV~X*C3lqh!c9e&gg=M9+Q3hP
zlQ<N5b?$kH{MH{}fj>w>3$RqnhYHz_ks+j#4|dqizhnYGA$hUP=FQPIgv1T1SwUIR
z7z}TGA8d)6gm+Ms;lybXg+T)|p%LWI+Z0mbEVmYfE#ZAs{B-(2`sw6~KbIzsr96gv
z%+!&f8&oQiwbPRKNZ-lpdySgOvL#6h>N-EDCy^4=^*U4Y&*__?>NdY6A5Ya}^>Qa5
zGlA3JSs*m0Z(htR){T1bV|l~#mj&)pH7Yvhb;!}5?|g_J`Es^2Xa*v<(wK@;1vuan
z!G2U3^gh}S1m2`;QEOVJBFB;>kmgtHNJi1b>57dQRkWp+`OV~Z1ayCyDzD|w4QSTG
zttB)>ZM{Ke1xB*qaxkjqGAk8r{uMPtD=d}2d|MQ-sv*86$CkJ?c-nqChVRz8iflv{
z`@TJE*cbkltq6&~ob&(~P9S{XTXoMC(5`i37=As!m2@*g&$rzpsM&FJ_z;bmE(F6{
zkB|%Lk>Uqz3269io{B)ves%o*o<!O_b}l3gZ|4m{dMPGL{W)WG!7q<8^}d|xduKk&
zxwDMbxOC7<cQd#vapG&VJeZs=mt?TVJMxlu1*fYsrB7SUeMA`YEMqP#l%EoAAMg3=
zJdom>zZbcE@%qjkcT|LmMW4Kbw+8Xx#x=A_v<30|ScG3Za3@;~9Ke<c{&{2eI7?2h
zI8pM7X~jY^t8Bw~aL4bRB^VKbj@iC!DdDWk;=!BXw%7RuNEt&Fr<8y69)-;$^x>^*
z=(oM2_2Um^a+|_;+pMp#=ViLZV0@DCxF0&jS&0WfWpY?zL->M#N*OK=hR<%?i}m|L
zFa`o}mAS4oyj{xnn~zkc|EQj<r^57T>>1Jx_R!d=OK{3s3!BQBeRKU+t~wp{a|5UK
zlPc-k^V?&xi`0_%bK%Hx22w^yfkC`JL30Eof1BrmzkT#8_XuP;{N^T>`bKO*^Y~ij
zoZqhoARB_pmoCYyk{k#0W>n|Z(^hFw?5X1xG~nW^nRn-w(&QS3I=ko3bu4FT2#O3w
zb`T3;^50+ko+?Xezz9l9P~b;=$DymEMxXntCx_Xak?+3deh^e40$*JI{PCeA^a)JK
z&2ek_QFJ9AXxnIqXJ+vk-yYgX{^WuwtVVEW^rtRfuyqhod4qeOHmz%~%kaSOQhlt^
zN#%RP-ToQ<LvUNdl8G5#NgC~BzoqnDE7bm%r6gnj-Gmp2(`?|i<nYlZY1B^aiZQ}=
z>7puim&cH6p_hO3N~>z065z9v!|eXXiYCynheA2yU0d*HUfzOwwOtk;mHD5ZnXjO`
z=WnN<qB^(W;?hOxl$Qzjag#gf^Cp2yi~`@NTD}^`Voc}QG7rUanfP9?eCx-49Y2Ew
zi5ruE!*c;*%hYlQK36=5LClYR_kM2^twv)Sw0!?_cui7-PMuZrZ95+5tT~s9<2uh0
z09~>%v2R#9xLav-u=Q;ZjnW(M$IcMvrSFo#ZF(Pfc0=x~EQzYBM%zF8G3A`<Wa3>k
z_mqqeTQO7rMA!a9(7-fHRlTj_)Bi=#)h+2%;^7bRZ&b}>Z5xCU<w;W^p#)fMHhVfD
zW(-2z2b2ykW?U?yi0=>ioNN=IHrzBq`WT1*pV2c^{U_o**Ah#5Psh1Zce(h6{18rQ
zA1Ur7*f1H{F>g=@W#F@H7nsO!wBF#zlu>^0_Gc5y2$u*;*?dOuj=+{3$31~!m$^1d
zhnMBGq@RChepEv(#LOZ0I)8$7d`o=yG_yY!nhQb=#ZKcvONZ}b{x<Ql)l4Ee>b%fn
zQi9m0<G3x}xvJ61_H%f*WDZyNgc!L4t@t48WcofE+>|H&6i@tJzgHZEL;qM}hp{hD
z7N~j~fcHDbR7qkt=06!$vbJhbGgav4?PLOGeXQu1v#k|^7JmD6+3&V6gcCl<McuN&
zpvd>Bwa>an)zIma0?FD(P(I+VOZ-EDflo+3N<DZm--T~~QuwI+@c`z07fZE#npY}2
zYzOp}d2@cDXu$I=`W5jsR~J)+5T2pA?{ghmdoJyz8TRc0V;K%Q!Ro!PWYU-uF`5rq
z%~f7o6Y}b&o;vqsfc+sWfIk|zUGVyM08y7h%z)9mN4<^iN%@KF5{$!5Zx-L~+2<T%
zL%ImSDe6d1V;I1^`(ArH_y;@(cmh4Qtr!+$G$w7UV>Po5vuGL54h4#J92YWyB!*hu
z5Uo3GHE>mxOn#0Zg5L=Y<|XMLheMH3Y|c$NwEGHU3}l$m6J9o69X?{u?9{GB(V)xF
z{6hip0pr_CA0-Mxdi}GOwnz>HN>%%{U_V2^&<=ykVM5#T^~(8f$&^YX7+2$QXh!E7
zw$J?dF5M$sjV19aQu$4X$g@kMXkl`i%dR8KK#9#M`}8O)bX&QFDr`Z!Y2Qk#sOz~m
z4HfrWldpzF;`5L$X+2Q^bOR;7mi1{(mtzapA|Z2gV_&?x8h=X+*{lf*OHBFcF6VID
znvd$A-_#wdJLkAWSwarv`+3ohdC>}xN6d!4*&kvYOMjSRJQYOfOfFm_=L9{{ln1L1
zWa{4A5;a<_W+T%1gAz3=GBqk_!)ss-bY~q8-oZPSzfoH#V(go~6}NENrz8@*HZVA*
zK0h<(X|8C(scE&#H)Y2vc;OhwYw+wu^aBn0%0HE1AF4<{is+mQRPSKMW8yuQm=AS9
zo(dN9J=2Gx8uaoL!GejS+EB3`9$>im2ozQDB}ZYiy!sKZ0u$~tKKpcG{5a##?;S=g
z)K9EbF<87cx<sV?*4{vz0ecR;uKhS}q!>Cf1q)VH^I@KxTO)Z(FU74&8}3g3nPs*?
zCqh^Yi}8ZkTGAL3cH}|iO^+J)Ap0$ub=5&?Fa(<91xjY|YWrTLl&Ce^c2A9{JC42I
z#|>=>p?DgQzYBp6;vnUaz1cH*c+&zKRst4F;VG-YBnf|PtjtOr%jRAQo<S(&8MZlX
zY8^PFlLwax538Q~t7OV@#gv==-VAzDgqz<PW>OLeB_z-{eh?;o5e-Yh#9h5EhmVT#
zPf@&?g`P0Fo&3h@#f#E15B-;!wdaqhzYo73UTA8MASaJrnQC4|E$a_@;BbynY}{Q}
z6{kWiUtt;PuNezP!6k;b@nXCuR9#Ivr;m(Jx($E5g6Hvws*NkS;$p(XjUuE$`R6r@
zeF4e|O@^mt+cpaV&L43o$Lv6UB+N`8T2TuD0B}bzI)HK%3NS=%%vJ3qbF4obsQc&C
z_)}r!5=%XJL~ti4{5XY)+tpK6VX@kX%X@L_6WwNoRna@(`h;}&x@1(B?6S`pjQG5G
zCH0f~{UhtP_6Ri4Q2=yGUvoQM^7)U$c}ALjCu~W4U%|%^un7K3M})r{7w6U2ao!&1
z9>q29vQeSw5t*z&a)<fSl#}$k>BYt;lrWB-qziuy`zUzO-0`swZ(+zp1ZLe!DW4)X
zLc$cV6X~$TwRWSNE6d2bPxs0FdfEeStl|9dl|D;8{9b<j;KS#&o=zd^#!%IcoR0kI
z*Q7-${GshrYM(GkvV|7Q6g~cG2r3bRux9Z4b9Ag}v7nMky3ORbt#jF2RoC0xXbaSb
zm71cU;La>XYly&-_!j>dhj)L`p{64^>S1f5wcMk@UNb2Hd>H|J9rNjnE!#5|TOy)X
zF11SPvH@EH)Yl*4??>N`W{a}8Sv}}A_$OQ>)OaKVd1ModE|z%%Z<>Fo3;mcrjAXMd
zLox$4MKqWT`3yRsl`!)kQt{pMTRMM@@R*->vAhB-j9p-Eop*4M&^BmR(618%y)qd7
zV#dSL6T8_9!|ylp$HRti+-F$Wfu2SoC1=_S+?@?a5<FS+TyQYsks(blUdvF=dk?*J
zMweIQUDlg@s1Si6LiNpim>W^7U)0LrH)mb{2N*!IOPY#+o{5!FUuALDk@0bTUn*9H
zV%U)Pg-(*#smvI6te&|@u=Z*>y7zU(uLOG-RJssfc6)mhKRshRVuS)GZCK-8m?4?t
zE2OF5>nI!=b7_Hg9CUuBhNZN7Is3N`QXZFmc!<_&D|fWHrx0Evuv|<dKA7fsU)YiY
z28>W)WQy_wjtr$T45WqYGC8OHp;H)MXiKdc8Bn;d0)L>KxT*)6Nrp9G6qcFE0AVyz
z5g4uM!&Y~|fRDES?lRWgegk8oBR{YN0MOd2AjE2ezYg{YrlF4o@ZUiw=8SD?De$)t
zLdj}^H5VVi#v{Fl>DZl_cSFp-h(+oA65U%5?VnnVI6qE0QdM@uo_3&`iBd;4-RkQB
zOJ1<|UpzP^$4z-3z}Jg}&86`@ipDX7meZF_%!_`aC83BZ)cv;a+(We>I-Z<oP(qO6
zxMULr0*mZt1{XBP94i~tNf->meezUIT<c><iEMx5ww2q&L`Y2Cl?o+10}#pc_+ig=
z8tQYM4k%Kl2_-noCb{CibK^m-{`sU>nfacfg4F+V0fHeh*=Y1WXB(`+*p|a)@<XQg
zxeb%+*$eR8Nw%jxOGX0x4tl<yN^b;Q^1UTr`z=k}h-^R$`R$t%p@(}g{#Y&OA!G{y
z3%2ZNdNVZ>Fm~dhj`JjGqN?mh`_BIU&_zv07aN!_w8DL$v7a&Nl1%5hlhQ8lfshYi
zEgDA<d((V)_K(TR|AX<taZu6YuPFI?1|=@1NgPZ@_P@S%bC-2<vuGNs3>BQv1ZDhk
zA>Sr!<`di-vbkwC=U3v*e?t1L<!0kM*vCu?ORS(on^Z@M&~uPyp={btL(}p+F!0Ly
zncDy9)WR@Co5G8K{`mamv$E;uV{v=)HnDaIFpxeXvy#J<nR$)42(Fjo@K&^QJ?CO>
zncF+J9)3-VQ~5E}9k}f9V89Ivp3QLl4VRGXS9T0{-a(zCWlHrw!W+OF0od!B;HUgB
zbENF!eD5Or3)3`0DxE7myj^sRZ@GA;Ao=bx-lU*9=?_BI-vKQdisCZa2u?|S7O8(K
z5Q~%nV01<$Ea<=Fc+^kP)ngGC#k0Fn@nv+-3<>@p`*Bsx$809$^0z4@*AtdXS*C8h
zcV3*scl$MM$rT~Cc+&4_8u<#&TO#EvSnJc^d5>PNM8kJ{CHg9A`6Fvs^?FhT?!S-v
zXsn=|pwg)=UBODptv<T`BC-%Qbn0uVooC4!FT^Pu?1O^WgE<h10MJ?HTeA_Y*{VFp
z(#=vQZ#b;7NqReDd;H)K=cJKi+2YW{(Veq74k7;S3CD7=FZRP49H9_0f9vSOQULd%
zt7vbtoW>SB(e|f7=lgp=zFXHec%Gc+Z`Ga6ro_*PpI<yzXxpu;yKL%d^ZyUssV`{<
zX&4Io4ednfQ@*NvQBxJwZ;v!0r{2q_Z7nY;wIK0i$vRULwX&%b7?hdFl#|&jKS1OM
z@@M$|aLU|6|0IwXcVCPRw}!XcF?zeJWp+kVvkeqIka^+liY$qJF?a-#>1hW^{l2g=
zqoUk{Ipv>w3elH_Nq=b*k~;!1`qXHtBixe?FERI+%k~Vn!-3~u+<tl~&^(_ZyNokJ
zfu4`Rr81rBOmF;5U~hL`-f?^lisO)ccCyDb#r|TR<1^lC4OX^NIeZPToZz?^bcwP(
zC5JNSLo2`|X##@{sU>${kIT{ltZxDQ0!ArKsYOz>{gRHKrJ0f&0k}f8HakhIbnTK)
z1MkQ%^~Vf^F1+L-t4$->QMM*dkHnsw(yL`o8$(?C3!N;VEK&gWe)kQj>eamb-vfCc
z9zs3Sk^A`Mth>`fxy9GcWNhT3BmNE8w+$@H8dt7suC!Tc(%0lteFD_`JfQFp8Mlp=
zYIYo>sE7rR5CyI({qh`2b-~hBk7^4u0$;a+n*H9)sWz0&D|OUQ3UZ?9ZO(CFhU6GT
zNE~Ts<@qa1f;It4l&Gs?8H*f8!bq51eIEL|C4)LlGk53hulsK){f{bwMCjiy?UL0P
zwv>}&ELNPU-S8RmcB!b|euE>#3Y`gr!R3;Kk72u9#pWd|2FN9i=pd{BPZ%SfcUnv+
z{`-_|{^oE10e$CTx&=n;(EWnG1uimtip`(x#g;Du<sB@a^`DC<{D|soT6>Y0cEnj|
z5yJxY5z*he@n1M`!^7<lL4Q%Z{{irdYkwl$LpRXGenge;PO0<O&*RPR5ArVzH$DZ@
zrKynWaSAGTEHwZlfFyb7+fMqpE!G61>(MWyMBX8lw#WDhJJF*4=@L$v@9Y6q%u{PD
z7;gnov}@nC9S>%7w(#L4pZQ2Fk-;&=EUnSC2+Y*du{8@_pvYzad4IpZA2b~^-5L`t
zaeJRF9W$sSpUvr@xtHT;7mJ@C=8V72W3BjQ^6P3QG_D!&2%_2G4KhomD?0nt4iRoV
zu&srp5Q;Y_AUZU&@LU#D1_hsbhddD>jt&X?ey7((kRM1tZErJ7=~`ocjE~v?gKKF0
z|AiX;doWHTy8T{`b!Y=0=MSm_#Mq5N0|Kg8Jg8~!-*?HLeAwRhT2pbQjc}wd@aRt*
z?W0K3=6)H%wfO~2f?h339cL=fOzw7`C!svyDa)x*6wqZ#XK-Nt3{jpwzU)hNMU<SS
z2K_CQE%gs@6yQV=ah*r5n3gM{aNPfRJ-eJW<dveFIK9(XM=?^bRnp7s;$4ve(?@37
zf^q$K6E)@pc;9D^t81G@2Hq#Y^>uO#0ahF^2}qjS=y+4ep%UW@BIGy3{VS-sC5wmx
zeE;=rCE#%CXeL@R3ipY%U&mTgxw*3T=>PmUn$zic>#&z6?b1{t7!L1I=RD)gKqcI&
z2$IgZzjrN4h~9gI&U*4zwL{6$Co*VU)QjxXO#$cyvWYZTOt{-`S54@REGTpiYe%w>
zow<n-2&QN3V-FSQ5{x!kcSkvVUvjjbLe>x|Qrp@baIvo9q}%g;_Ta6?Z;?hi+>6i3
z>f5u&`{Y<?Nkcu~^M}o)a=0Y3_!Pv361bL&^#(K{p=Z)pH@S#yOqXH$Sy+A5NhVH5
z;oBXR)lX%^I`@#qM_v0rT!UwuCRDy1yRJmH{hZwvV(1CCOu8Ck-hLXjjbtG<j#6(U
zq!#bB(4_P)uRu$EWIa8C1h_sVT>+<Z{a-IQVE+mFC_Q-dgwS#Me=(Ux)6=|XZ}yuS
zF&cQj?b!WgShJ+28rkd#7MTy6l+bERw{vwARXc{tI!0b^u8#S8T}`Sp1Z?(OBm#-a
z%UOj3Rg{6O5UVVDcF&5N%Ut}fi#|_BCd#S|Yi#~T9OQgjLYZvO4v0~r<LoE_jtp1`
zUVW5IBOYhM>LwGa`H$2ydm66!Jliaw2wjiK(m${cl300l;qm|K>*jwk$Nnv*Pouu@
z9a(@fP{~OC*~h#(n(tX%U(~V(Z1I~j<5WbF$A17-NijlW;bQ3sdbLSA+^nXegCgMK
zNig;+2@0yr&$Mv<#yC*exLz&!XDJSgrO+B>%Y<c0c%6e`LMh_Mo}oR7ZsipTqG#Q%
z7ZGrL&_ic5oRmzi7koH;lKTp!q(nTcV;o`IbaQ$h)``%1%Iy?R`NBe|L+e{$!oSSp
zJLNu1A`KYpm-+Uu$fSFI;E0m;lzdhw;XL?blG#I?r{9O)seEtSZ&BV^n<B{=Iy=1t
zR?BPZzh{Et|8geOIH~fhDT_IA_j~5V-l#+wb@GZ$4K5I>KD%}5oF8$-Bd|BPU6SK%
z%7)8My>|&Vili_pEfOs6seUbv6)ZHK{@Wkw&mIdl;0=VGp#6AIrU^V9*?XjtoC!^I
z)3G9%nsWL`xDSZmDxUm8yVoI>A`8Ah?Rx(0(OO5NadDpC82sIYutp1sp~3nTUv}8L
zdNXsCZdw-Tj4I!!$Ky7=A)Y*`a$Py+m7nk0X&h7`F!9meD|zC78o7EpO#LCj6VBVs
zXIGO3J(RzV!oO0$za^nb=5`u=+-Ip8`7l<7QT{W^ZMFKqRshpuVpz^?g7Re5*@S&A
z`Z<T-YLakda}x2jT6`$1uO<eGr$ZjZ0DKHAMfG*j_d_wC9XrZeq{(>Y_XcJ<sZlH7
zRznxILaRdRbrqs6EYj<vE`Ghv9~!k*44Uq}BNf5JQ`<4o+p4{bFzKR&N&YLR0G-|M
zoKrFCNu>MG1wb*Ho5}5at`F+*YR{bdZP!~}GPeCeZ(zO^EW|t@Ki{}63Mtc+Z+Or2
zc{*Oa+ly$78g=PCEjT}b5xdp-NM`vtrqdtqBQOhH53P&?)@7@`f&hv9+i(8&`@lE5
z`5;5%5ud$_Z&PZ4b$Rh=K<4gQo9H_u#cg0+D#ZjGA9nF3exd}7)CKM;+)YqpSF>G?
z^?IkW^OVUB|GD~kJe0hSx!hvYk)f3dCS5C}kA|SQh)=XackoNj&<{}5LoNz~XH=mq
zVG<Fti%;;xJZGiFy8w&=F!6_B_ujrrycZnG<RrWqyX(-(+_|mv873OUp<wJjYtAE)
z{vyK7t;`P&KFlO5SQ8ZIkCa1fXo5KpX}O0j93%jiX>z&RBez8fj|DNskoq(pT0t9^
z+~~7Pr-o{ezQsNN+N56VQ^zr`-=4ArsFHF0kU2>S{%htOiK>ds9lB1)AGs5q`N!&h
z!d1;>JiJVJ^=$B-eF^d@x`u1TT}(a+);7S33m13m{lL7ivsHltS4Cy}o<UlRrai4E
zDJ0u-N7bEnJI=WX(w^I!6|K$E2m0pnuaJa@Mb<QVk!#qfr7pG_&sU?lSm@i*Q}6_F
z{bKY;H~TsI+FYCs6=&-EBq~};^=mPFtYDI_zv-Aa7OY<u0^8#bt%+t%Z^P8kqWgak
zYb#ZeQ#fsDu!}INcOHH-ZXtIdICiV1VXj3#()?z_=YqO{>8GfY_=Hd_ank;4g#2%L
zx2T0U^pUx`r^HHA>*<u)YVIG=z44dws=Ujl4!Zo13~R-Cb772erO(fDc@WF7wFrXJ
z7&h85D4e5KAbQiK2&9nd)}VpwUr_@tjA+419ZpVB^Ge*>UE;v2DmsTR{pqN-NlX;l
z4A<iDm+I7%v}CX6>9kj8f2Rm{T#(6cu5td>r&DeG&#<U^7|PL3?X+j{06m#l*^g;|
z@cRr`6Cl(~&DH?3YXLu9dc$C5w?jDD>i(!g=Tt{gB|>*6*=>!)<9^q`*R%ToM*U?S
z{EM#oAIfjb?XfmV0&T0E#r@Dz?nk1;od$B4nh_lgc%IwR808i|{<>d^Z%c|iOV;ET
z*g{XaTufRQ|2{35!9aQ&+F$^Nz*Sc(zo@S$wLiPbT<oRGCFgJxz{xo)*lwOh0Y{dc
zizi@^2UGcFp0z{zlcKLYFe-sde<Vp_s55f7C+8C`9^6;p4^F8yL)Ri3YSq+#3vCx_
zTytpr(meCrYGt~!3R{Sk!N>(1CwX2E%C`1iHKbZ~d)o)+Nok?m0_7XCqpOd^lgH`F
z0~_^4Qz}@2vb^63iN?g}BO@qw0RaKk3yfa#+<Tnwp}}=bwnud2*VK~EeIzk}AgJ7q
z1JwWkeIRK)RG%xadN4Gtor&hIZ+i;^pau88&GSDzNPT(Mx_nwj#iQz-O_OW#tA+SY
zaW_wBsbDqt?}>q}&Vje6fs|5CF82=5=4$NG=NQwlowoMhK3b+*oKvnVLP}L<0y)mq
zlj=5n+y|vQEHJ1})oe=aF#Q3|V0H|#sqV%{7)<yn))fT55{vW$JRh185S4lHADN|?
ze?<@ZjhZ#-r(af6LYl#YWZg>Hs339|5knTWbM7Vwnvh=<!1%yT8p8(T{|rUE^r`pU
zRal5=26dri(W+?#)_h*Yi8rVH8w%)G1UA0AiZk=P6|fhvAfx&uN8NTI792qgEJ)xc
ztP?M_E`^|_f9QI9p^fbd(=sW>{w94<m;yEQ3Ext5p}?JH1fFVuoU-!<^o?L>3PQ~t
z)!U#?Qf~v>qR-EAK2Kh5xpoPi$3~ZB%!WKF^>n(6KG*-3uJFHu_J2#1!B^po-|Iu9
z`o;|m^WhCzj`F;Tk}iDX`B^cS$2_;=uGZo#<JQ)#pZNEZsovl72bhAV5IMO*fYNz$
zdLCjspf`}ifW|A<d*Xgc^%*pGE|Uf0R~Ama3jmE)B)g7#Bb=@Vo!MpjzbskzKSAc{
zOAUIGj+-DiWC*RJij~*!!nl0QJRgq4_hC(D)vuEzo|{TPg5CViYy8*j0FX!>m&#M~
z9$l8;<gdbB5E<gs=bN=ciybg5dkjB-{OCD$m!0du;lb%$(XkNnV4=0vrNP%M%RH;V
zMcWq=aJCJ0vL=EP2_<1#f85iq1&9K_z6~#WI6evECB<=lNfry_72O}W@r=HA73`P~
zf4!!@@hsS*j27LS^(x$@ttD93KW8p~#ZNb1)wx~c{1YjW{ofFeIPn%fW>8`n5GGgn
zwij6{O%#rxC|`~3+a#&tFGoK`p+0-~R-mZSXrD#8U@}WZv$=n6|1HK3z1Nw2la{>7
zKaH|3*^KN9G)-csUi!bmsmFj;1`xoSp@UA-o~z}>0G7tS$oC(n6ZewW$DdpRCLB1V
z9)HCJUsOXYcY7~{lkMIUjFj;@PV2fD*n9ka|3xG#(%@UG#q+}`?D{I~D$DFYbBG0P
zw5D@5uXvU}ocF#^=V+()kA++BnC%NR=Y(<ZWRZni?>Qe25;VTsYF$!GT!p+yWlUJQ
z#tVZe>`F_B9(%%_tk?j}fCLWxSc;-;h}y>HK6&^{!<RK-14b7FsD!_!FAx70BYKDM
zJk_Pk$b$_HR9r|)|CY4i8}-4s#!~8g`xJFS>wvkjO7|;T!!3d4rYIu%@8ftUEP208
z{b{~5M$K(cBm*aV>uuQc&FMBtPtqjeniY8Q*h1q6^xK0bTRz=flVc%5Fp%PE-|Ojm
z4>beC!mP>jZ0d<`B3)Xa+MsX*Iu3AeGz3c3Gw1&jTpq&QB2HevX!xaJUi@LI$Q{yW
zF#}dpRoa}3F3e<Jk{I$bh*eiDCiy%(I@VZCv)zu)*&J!+I{|}Sye)BYM=*efCE$>?
zTP$GD00vA1qNR|5&jAT7R!9f7CN(+YCLCk`4@U`@Rt5^r(|3%whe=*iUK@ywqxqnO
z{onEH0OO}E&P=`1>%Q8?$YYL)w5D>Hi-|(5O82pfLMA<AO!l7yt1sI>DhLr8YkIzj
zip#4*NkySo^cL2mriGK~l_dhu4$Fn_!XE5Dcuh;hrIu@&dSwEjYvvQ{G5h5Qqwq<W
z+Cs_0a5)aUar=Ve==oQJi_xLH<POkW0&EeX&AF?*O6BDge~8UTFDtwuT*bVzvi^I)
zh9p{YlFopBCY<nMd_zGz*}m<q&qHbd6B-?lH@<o&wxd0d;XZ~Znc42?1n}n@6~s|0
zGl%r=q;A@?pE1YCe<upsx~?jqk~Dqk_60Ta%<m;fdk`yb1SX!VW3$o2>)td6O<5O*
z;{P-bk?a1BU9U}Q_>DBIiROl7u(U%@;PLK+)upn>#;w+zp$hTs1k0^rsT94N56gXG
znMkG>w4C*S!dw?j=xJah5W!;_G6g6l)4+c=Qt@tre0o%`^@b*lcAs`wBAnxWl|S1j
z>Ab;v#cvK@V5<tH{LksjAX|WEX#3|s>awPXt-YBM+J)U$pA*?x_Q_+g>ucpOy0YTF
znsBG2J<Vg8$RGJwd$`fG%~~dSWL+2eCt`H8E;oE!Z@b5};&$)g)1x2b+C(<oi#CGf
z61Lx@YqZ|O!GXl|M3n=nKY$3}YnTIX`LON8uNQ}{POK4e3f(GO&;p$Rg3g-;o%kPS
z^%^8V3vZ%Pau@y(GGeTo`Ivss1jb|rIML0$RcnJgnd7#?xZ7K|1W*GHd)fD0<?-<%
zuD?8TawkGiUKg>qRepFVTtN-FJ(#Z4MG+7>Ihr34ub%%jg4(Um$|5;Q04r%sgcnOa
zWBOI2iI|VNB{0{BCu8YQlv%J`)zNr6uSggvY{PZG8|9Qn9+^~gzPWVQtGQvQ5BbVZ
zG=QX)GP!~(c4dkP7I{TCayS*f8(#sMj}N41P_99)t(|^btP3Kwh+B270m#|GzY$QI
zcP*-(o~HZ*L67E(fq~J6or+C@=+4xUANG4Ud-0{0=GdxIXbV_}^BR@sc%vk!w7jyl
zLVwcu)Hr9k^8+?)?ZhKti^9YzC;NNR@*WYG&OpIx<6bznM%ag{hI#ks;-Kh#X5>YP
zP!!jBV=fIRu)eWhFe|!@YjJOXCG}d|llypTt<B_jt><>K-!R3;RK)bR0t=*r8wu<a
zPp7Azk84cWaIV9Cda3-vnRANkXh|{47r=3WMhzs=&)JpmF&<KH6e&J(fOi*5h1<b!
zdPpdV-z@eI?|KBy?h^~m(4U#oMB}2W^ne=L8*4FKcZs8!Cf{7vX?}<<o)^F!#LfG2
zf5dR7!rD^sr3o+*uS4HB6y^$GCf6q~7=QvYuO?CvHA;;8KyP4_k83eTpJ!dtwlYa2
zV-O6OqcKeRNZxBVgo7FthJBz;?;`c;Jg_sYp<ISi0Jv=x9Cg?^MAL$6jo*+*R;;aO
zdz!U|T8F~2v>4!?z;{j!Z*R2U^no>kC;QzmZuujk4qcMJ+qq{Bpuhj}i%@yh^*s%G
z=`qp8#r^+IM1kfjC;2ex{DFvjX@$9tg|~IT!2Nhf1GJga;MQjbFJ4_1E4S_mG~XSc
z(N{XqbEHdC+7js8K^J?+a&vB8@4379Qp5fjhgqJmsBF3l>?QIxc}K8le*+4bS@Yrw
z#<CA?LMV0j3kD5|iv+X(pgH%rLri<xL!#V6vPp)k!iB$r>`bD%>Vu(S+>A<TFKTp?
z5$a~3Lx58A>FxpJzMFA3()v1sw9YNUTEoG<h5QoDJc<0mdMn#GpiQ<|SXHt@6oTC<
zI*h$68-n^g%Z&&O8W@wpf=h#uCXj462O!?;TXvoJ;@jtxB~2%wdmlL;tNkAy%_F6x
zVc0;q+ID&asZf~S-BhuC^6`PCc@Hc1+hZbnL*Uj<-4GCQvfauU2fOXV@9*Zz?>~JK
z>O8hSj#T}(EJZA6;klOXzrZn4eFeUCW@_~C1YD~&fnW~~6p`DCEs@UqJI>a_KQKF|
z{3HEt>vl7wRV%^Cw;;Y+Jmg(VbF#6hk{_g&+*9<44#j3Tqwo#J?29n(&X)9N@mCut
za@7Gh-?UugqxkiTg@a<F;APS-BF%t+sRFrAd2i~xh+*h$P=VMYhPyWn-;(O_Kizo)
zis}O(qlr)HUIa|0hi*GB+@eogP1;a8D&g1Y7K^7*W&f!%;e<9*sYq`Sk|qS8wLLf`
zMT@D=&Hvf36z_Jh^o+a+6eab7><*)_t#UUQa>BPng}E%a5ofsR@c5XLpt{rk;T}!8
z?Wvo&`YqQW_%@o~l74w{%E)&a6xg2g=QkNd4xqx!6jv#;$37PuQe{H^R;|699;V=G
zz1}(UDN4|aox$FXmt4XzSDW+@(y`2|#Ht!#h(OKfl69%;RB&{dtl7G*TA7dT9UiJQ
zi}3vK^#TB00gw1nISbDN>YStfjr}yDo?earNpA+7KG=_mGcybr7Q^i=c@($D*SEHc
zD=@-EeMo)Sd=alGbb1(v^F^K1rX5kbG}W!K9R0jwsn4394iU5@v<tn}#`;k%Ioxt&
zo-A=v)%UEPOTlQ`;I9EoU_gjM`i2imL{N2TDB=P}MOpJa&rJ!}U+M1n8EvFR=aOsJ
znfp(%qA@iEHp*4LH4X~m!=p8)Pw-qnpK9&6!*~Y<m(6##Grqr#K{o3Zt2qs#K{p`z
zC-M*K>-9?Z8JnN9hkD)`DSv3gwtls~b;fEm(l8HLzvnX)=;ZGrU^rM48gYkdZ@rL>
zV+kk`Q`ZF&Cl1bo)SVNT-X<;yRExc--@wI)3__t@%O70`|B7{LLUDz_*WMuf5a}V=
z!xARv=gAcxhAJ%g6!(`!F;J`4H{1-rvsWOS@e2O3+}!-6$qNl*PV`&1Hwk&q#-$Df
zrxEoq38d|B+Smii0}y@;ep!l+4Zm5e7)Dr<eYse-YOGbboO+1a@9@lVhyH)L0KX0G
zrmlTfsJ)_+Y*mmPt~dzR{Jf_MWq1FD2fv|y!#j0LnR-GAMCqPsp4R*I2SIB=vyChg
z?jPIq!<#6m{mmW<?e@mqtR;zh%0&(5;l@9nm|MnCZKtW>@dP;*o>B#qBwP=fEOFn>
zndj#b2SE!p>*zv&o@JXYFg{*Rs@m8*_im}F*&vPA^S6b;NIcAD7Mz!FiYTrS@LZ7V
zP>$&-q7(WK1?!Qr30?MCwpZ)f?guz}b7W<3B56Ot`_?iy)zjvUoUNL`N$%j}c;+7U
zY|_^t$cOg#yH%0<F5*_N`yN$2^?^EFO(fvztDWCJpNtXp@H{HUsdtZknM5<_6t&H_
zww+<>VFA=A+_mGz*B|^1Klm9kEbKy~4}wCNdOKgLb9VDQYZo^X^an0ov<#5BRLBZD
z-3}3J!umfk>QeGl3g7)-PFS;QecVl#)oL4iGuGv=MV3Ilgp@BjRU6ZwFWMHjrl21B
zm~6q8Xii@~Pkqe6o3UMT)4DIv)c^tLwv2bgE3|Ggy#^#Tm`9U6O`z26SbN!=+V8#o
z;D%*t=~lAZ)F-dXajG{tq2qA>0UysF)LMB1<b@;?_sxT;8EG=val+oxm^u5p-XAGN
z8d3WK>!mc}eXP~f(CqZwrh@NgQ^SWj$^y_r$8n=W3UJA?CPhVKh8JY-RBD0HF5YPN
ziHpQ=mD2b+J^I|d*FP0Z$(S&5mrXkzHLarm+kc8C7Z1LuKNN;TSYVn#P2ue<FV}~{
z0ktwEI%2~um()w?_-GAAQmN14fy1NRu@KAlT3}<G*jyT9Bk4SiOSs^HC!Jp?k;elY
z5x^QQRfjQMGv^78I6&5;MlK5)K^2re>)$KJi*QOq5}y5{^W7H3UcaEyqw`tUmf$G8
zIe1)%=1vQl$G%Kg7aLq|W*l8e$o-%NR^KJFYV~H!i&~2arjJ9YigYrRs9x%O)7*Ri
zk6)Dh{g?3LgN~|~ceg$wV56CI7N7W7W(8~B8*UTBj}bJ<H}Q%@4<t*}yg>$0w)@Bu
z30O2vR==Rf=UB$N;;F};=(XN@D1T4<Pkd05y*nB(e4s4_9X}|bU}O%}oWmVI(2Lpo
zQ$WcC=@8uV)G(XIIM)VDz|=-~8#CT>rP4uk)UieE1nGUpdhqCJs!dJb59clzxA!SK
z%)h3#chA1nx>5&~C@f^VmySX7a{ZH6(I!^m??nJ-PyhLSGG#`EKiU(ci6T-ME)|au
zSUiCx-(l)Y%!sI=NEga0BrVv^*~D6s@b+hQw*LuOv?=YI#ahPslfI*R(_go3Vu7`m
z-cwq(D+&%fGZTd`n<9Bpwm`(h+BE81Y&q&jzDgRlbixz$exda{EI%O+e!|^2oR-+z
zWWGx?{6}1<2|>#)>fP7Bg4h%bKOskO^=>6bId=2;PDOV2Ano+G4Wg-M44aF%^gQn9
zhsPYhJ}SHsy<F?bO09apEQzo5k7|-54P}|Pl+J>rH^&i#X5hjQ)|_>jY&2ASYVnxw
zCh8g`MU(UP&<7{P8z3oz979fqP@t>|v7bN22Zc9~tGk8c)vLa|V3~6ZBlCB9)Or)D
zLXbf?x`1e<9uS3ekJ6RO-1t;1zOA_ss^0aS{hgPw0Pu=7NpG;pU5o-Ji)-rLZ6gGp
zKV>7f@#SOr<XTVVoxM#2PGELH7-vI+iEU$Qi4_kT4DW!;b)|js*etGsYg4~Jrf4h|
z7()2$ISsm$IUrD$&uS%z@*JHOhW{JKlbWJ~AuOE+Pug2L+rd-nYyT4d*Davv7kqj9
z6ZYmxNukY72BX3-Q0A5Q3w>Yss8~t-r2b^}{O8_>TVo$}nI%Pdb?W+O<BRa7gD*UR
zVh^)(^kb*~9QIoZuy=K%Wu)(0Hy9te3Jz;Slo`N8VJn~N>23LhtiedUbkLtu9Q!g?
zU*7g;tiOqy#9zy>Y#X;i$r`!+%jHroY&<7=N$HJkQu??{RCPx>_Z^w-lOL!kQ#0xv
z2kMyD8J@fWmeQd|vXUu{aNlQ$3X@BEopRzb-$?N^<NWDc8zKni*6~cku3Dd3T9mE3
z&q3GSdvW2JyFYd}o)~R+R6hSWYx+!>a;Y}D_u+pQPfEIVWgAG<NtlL`u)4n?C8A%Y
zf1ftK@{ljSb<m7sVe`Q!=s5dl{TQ{{0;X=5#()#*T@`|!g`Yd&eu9a{f`7=R;`1Gn
z=u18*QK$yCJ?G*FOjK>W=zjivGM4j$bL?CxzM!C4LsjOR!Jx94IL+;8vfl)q+eih$
zGgjiXq&{JXVPLI5m9ure`6R#lOBpB}EHjK|`3heqWk<`~mz@T6ihAN%xvE(SN1oAE
zC>1x)mbUUw8+o1umt}M;L>w2^VxiA(tFOqUtBiKk3}&kV$wGg`QpuBVy%ZooUe@R1
z`l;RxEYe3TZ5OBVz$FDqDRqU%?xm-n_-Rne>`XUU@SL2WG3Alfxn7`^aw8n-Y<L2|
z#zWxgavwEzgq-oV?&W6PJmO;evZ>-eI?{*MerHFU52iQ#8HkvXkn+W^`Ha4UzrS_;
z^C7lG&?HXeV1-)Zf6*nO(xz5x=jG#-!HPeUCk3~-G~o&CQAdrvc<`0({0oJo+&dw9
zw^p^M+r4u1@r|ctfnR4yU^C$_P0%*tZ=u3hl+5D+z39vzInnL`ZC{yJ6Q2Zus0X(j
zlr=yFA=tZaYho{%&NcT(E(A0&OO2U|r_&`)FDq4Y_|i1<fKT02Fg&$Vp|0PxpQh0m
zj?MP;!e-cg^?jo9$*wA^ZFZ$QZZ?U?4dMnVv~fNG+-+x*yxErFvG{Z5;fHxV-fNSH
z$18`ZdX@cm3up=hgxWvyOt*iGIyt97_l}c5o00uaSb?j1w$DDhFN=g!chZg6X0H?W
z+UW90x!4&l5EL;h6*^iEN@-lRnLlozz1YXg?^`+8UYizcy0U<X>fm*#yz=f)O5+~0
zz1KgpOMOX+v~?gC(0jSF^ox8woA-q(iZb}&+!wzz#TNAVD$xF)b)D#QD1i)Nrb9wc
zlv;3rDS54?^+#zuxbWGSqf1b)$a!?57P70ip9RRy!OR9EUs8x~9yee~4c{&q^etL8
zHL{W8RbVdOlv*N@Us6B60~o~}Sjz;-?tkDiz{g-iVpM1P^ecUy5pA?75n%CxD*H(<
z*!{t*+ZGy#vKgT-gp5a`?^f!7C`@X99)B9RZ^fG-7G*Ty7<^3Mt98ly71V#N<y`j(
zoyoq`zPGfcoZFsDB3qi>Fut!Fg2vq$;Fy2|#f?d;?ao`*O@q5sFh{BiM?Q*Rj&7gN
zuRW_nMtc5y_^4q?{9V(EPt!_Mow#R^?&SgAvg0W{ZuT_ZvCVyit9`cb3)A?E)16iF
z3q7J2>9;+1n(7*y-2%#F<tf{X``s^A_%B0sFXpYc=h-jyU+v=QH6gK3*EE{B`Sl%P
zPMDnm@^6u_rCc@PvD;lXb5v-w<XN6Xp)JNWVdf@gF)te%b`bF|n-m+8uHfF~xt;&#
zlOjz0FAEO*X7|vZz@yaxKbyA~e?Gl<rRDPR(wygtvMOVI#ps2K7w8P3dIYV_5<6>j
zAGEI;*9}6hOZE6I1kb9oyN$QKziYn9??E#!mkex}k|wnVU$##rl$FIicdE5sfM!LC
zv~uMShZ-_%lEaPP4#PM~QbIh)m{O8n_?RChgktwLzSs-<PG~(zdb^eVHu?W!?5m@y
zY`1SWT>{cbha%D_-3=lFN_PrKcQ;ZZB_h%--Q8W%Ai3%8l#YELJimL#{o{AecgA3R
zV}Izz&HKL3T64`g*IJe{lLA_&0>d8tCzh#)cSc&}A27cg&)g?FOuDBGD}DI*#^d#@
z$F4w2<fLZRd$==uG`glIq!y~5YW%&JWo=^Yg<STTrAcFP!K&i$O2y<LbsqS*`T0BO
z;jw6AhS*C&6txnntwpg+&2}tSnKn%$*Eb^?LwR9@uI3+kd?POFz-?)2+Mi-$%o3uw
zFt#=us7O{|(7-`lvM%t`d|j*SmP7$&kfrQ*=Y4LHH_lna{?&R}!3Xq2Yj|AW64xXm
z-x+NjpOc)!mC;x4h(g6sAk*lQ;Ou$&m$aN33Aoe2k1#@%w#k~$ha!(6VV;zRby%={
zQXjbHs&Lb=_q{6J2lw|q!uMdn4mS+r;Rn&g4uvN_$AD+!g+0c!Zs?bUbG>gyu9?3e
zDL%cw3+T|A_gTCf+!unAIUJtxI@@qgMXVpZ#fpr0XH$N9&ru8h#5M77xUUb5Wa{=_
zaZWA@*bM!*B)11djR!IIMG)@7%%$c@C>Hd@7zimXaE7Y4TYt`cHsk_3M5ij)JfS7A
zRMwy6p~Bfd<&u`+V<GQZJZN$AG?=MzABoeAwq|kDroO(IqdY>^hdR#5uoN~)m)Rnc
zn(P*}Od4bv+Vy5@{&<@RWNtA3o1O@foq@ojw7DJ)43W)K508~Z^0cOO)(rP^(3lWi
zR`)V*(Ue~uBJ<SQ4pHs-mNC)WYViZ9UJ=7(YPS}q9Byt`PMBsLObS*of&CKZfpF%5
zqL*43UEl*ta0FfD;L1pv(`RW4crl4RCEjtvBD`nLz(7+;KeVzhrLz{M1kAM855y%#
z%28KzpX;VnN7(%=zp$7<JTk;`cFwl`F68<6<NhiLB)C7)##7qtkhg`Y=d&^bL~&d7
zSonUb1s?J~UZDB*96JcTwF;9T-<-DjrUQln-9Mh)DWig5WSH^@@O3Ybvd=c$c)^!C
z=mm$_C0`s;k{LEMxmet^xWa}Gyi*}r7n^&{O?Lr)Dy}uLi{P(c?vtA=qy_|J{=d7G
z;CZ8Yp<wq)6g~>nglq{^kw`?r(p*>zm25`+X*wPG2ISgBK=uuOTR|XHgB@>NZYmmH
z0M>pNw$~d3%UhACGuIMkOR}t-87e|s<|ntDzxJ6u`i=>$!g$)O>!+L*)PE4<)FEV>
z*tAcl`u$tnhCqmW-E>iVJm+o!;oAE=3ojq8$wGBb;Gx)LV-|%G$^|(|hy%AzbBcLu
z*xr#7j};4;<Icg5?U!Mlz?HUM&!)tzxn$rexiPNud~BQ&DHr*6#Dq*BUTu^APkMNV
zjuPBy*y`}{pZdmW4z1CR9Ww_f+bZ;giI@4=@N(BqA!^ExSs4v9Y7A;7MA#ESpZZpT
zuKX)Sr<^(5h`?uYQA!nk=?nN9wqsWkk2|eI;g1L+S6A^GZ(>?{rdsaec!Y%f`Wpgk
zz{|_Y3vYiLFIY~m@o6r1!X?OG<jq&}E#0Y}r@@Nmau8n;w$CNtwd>(14Z{Rq^Ibqo
zTdMcr^UEQ<TNlsuL}A3m+3wS4S0Zqz5ZE7>Q0HQ@Y)8L85}eE{NDuZeQ%5q2GERrc
zDo^#qx*km-{BaaC5s(ayqqLM<sT`J@*X8sP8@&-5;h0!^-~GZM;Ncr&Q2ma7#3NW*
z2t^)BH#BGqr?Mu=%Za%72G=_UKYfCf7G++>!x|uOCB_vi#uB?zZMOG#0Ua~x1LvFk
zE&+*tS#agw)Hv}AfDMGXu`DIO(OmDqnF3#6JqY+7n5k;ZAJm_BO14*NTiW2|M|chu
zI9E6<Q2AAA$y2(HeQxPeJ4JD%zI+^z>N3LB?(A6+fmv}k=Ou9Na@jUqF<$@fc&hEA
z12y4ixj#P)SupZs!c{9KpTj-3LLgyn=6kvGb0n~Y%O*PTSCz&n@51khM~>#>paZ*~
z$X7Xwf^W0jLt82%7yop=#VEbEm0<(weFu(i7z+hW3Dt<;M~ZU^8zN+%^NFiQ&}Yv}
z1$UVsaU=GOqNnD%dRYs~BXm%t&C4g$-PT48S?UTS%2nRw;pL5Y^L`4EMzQb@J9$E0
zh{ip6V(_-M>^pYXpMRYUd%jl|Yu=*BpH(^NzwP#}$*Q}ucoh+{pc!iaZe}<LwW?*U
zUYaq&*+_j2HVT*Wuy$mkym7U)DJv1wDR|el()dU|(c)*jS+I@%U?mzDI&h|fk;Fw*
zomf>yL5hyZ4wHLne`Cyn+~izk<LBL=0aikN`Y=Bks|Zest4?!@6}EFtS<Sdqn2q16
zD+ehV$r+vb1fO{<`nmILuFCFGf&dow`DiY;ooi`i%qneC64`23ADX;;L}1IXou^~S
zYKM3d8D*+HhjF4886~+htayrK^MJo~`5r4G66>1Mqc$>Ne%~V6vt!zdlUny(xL{n>
zrY0G>ID=}YF3Y)0>pOThXU%mY=A-GfD{r+GKb6P6Ro%PH5T|rPikVM@KQaiMhAqAj
zx_&xoFWcfze%shcPq{0NO7zjeNk$^S8H!nRdmT3?@O`c+HD_+vXmrqsxxFKPjq1Fa
zFO^&LF)PYb$crDSxW1VIoNba<U$7=Wky>1p(#@&&2OC~ffj)mkJ158VarCz5=yNf;
zEDXBYfp7eY<DSK0UVI;LtuzE4jIIUe3dSqLbkvuj5_(8W-iaMtY605$$=gW{5**0M
z-Ji_MAgNH4V%;Y<W!tXsjBn66EY{PZwdB^HYQ)43r}Do<y{Q_>d)xaI_o&V*sxTKE
z46p?!?OhQ~Dr4LJ`EpTBGw^j?qkCWVOHV`RB?S^B=#s^oCR?F;Frnr@*)~hquq7+c
z<1oDr%G);RWt`p|f^MU)Y<3T&*LLFNSX{Fo>{<_ozj%KhdGx1`hUAP-x6u_YTE>sn
zYnxQ3`EH-mz{Q1#RX)Pb)fE!29A4sm)^NFJy4b!c43oY*j`Rug^}%@FBhAAX8xC7+
z5o*=4@j}wOU71>PzOe;&xuc1EujYyr5A0q%klla%<|;`MZ92CdAE$UQz(iG*lw-<f
zlBxF7#Y~KQ6H=Pcod55h)dS5ZVPU5J#SV*-)K(+KZ=D1O=whbTEB?%TLrZj4@N^f;
zJ&sJTr&%hE;%@YchLeCgMGYs@CJ_Z811E(AM5%w>CQdMt^8baX8LA6T+bM0o0q!7?
zG{Uq_ix8HlmA4)?MPH<<5F5JS>Lj2Y?XO;d{b{!pJ_?d^AhqrVY9!uRrF(61#Of7v
zhcl`WnBYFF@YwoIM|`%Ca)Une=xI*TvtU7Qmxh@*ZZ*b^)jzHE+Y$l^oo#JG_ZvAr
zk#%+amq)?E;oOUt0?y8}ITLOuxhfWyttbnvb93aki9V-^I?b@V7G&MV*7=4=c5WAx
zmg|Dl)?ne=kBx_3lpPO$>)`O7+S$cfpQCs+oLlJOXS%{}gd+|;H+y(^cv?qCalEg`
zVWHsrKN1@PxEC%3gsw*y+re7}yen-rw_SXjnshv`$MsrE?suNEfq%p2EY8P;0p-HF
zkicxD1qlqdZ`nLKFUkxFqy;MyWP0#itFr>;zIJ|1?8(?IoQ+&t+>5WAFdyc<{X96j
zFH?##Tt&Z8-m5lzpG<XuL14d;J3^xL(}8LUQ|>lpef(o#N%?cgnStnuP9eNN<iM~v
zo@bSigFn@D5F!;4o+!L6xI?w{siSQPU=9i8-;<>%NBI=EgQ-k{=Z06)!vh9-(v?Y@
zQG0$dB|hWEw%R&BrP9TIS|B>-liz*khG6`Xwq1*QubM<>Wf>JLBs9;4SH;|IzZEDW
z`AR^LBB0p@ZlEV!xGa05GE;;})tA7{_aG;=DJZtpK+Q$K0=#!GbY7EGk*FXFcnf&f
ze&Jk2CQNzrZfG-YsyIWt_w8LHN&|?^b3H@yq&Cf09+xgK;JVt?gHdd39JE?iqZaW-
zVl}`YO?mHQW_|tmtzQK{?89$!%tjvGZS>X>pF58w9xUBR%9dl&mH=>T*tP~;k5`cJ
z(V4;fmmE@Wa3dlkk5;<SDm9hV`0`cU$@UI2bqhMuxWRuh_Jty`3}z~gtPijj+;<r-
zFMD9LLRWpm=}k?7<6LQFiipc1j~j}l7QN17(cYIK^Lrk8#nvA!TDp~cg?`6Zl&J!@
z()Q<ctyBw^KqZ=$NIz}!E7tdU71Tv0ucd>2am9dq9L0nwgbczZAvx!q4^v{UeYqx+
zNMnY7|AEPS$c|W18DeTLW2L@ccxf~Uh$Srl7!cXD_*CRCn91Hhqd5D?R<qgoxN+Z&
z|GM<Z;-<lZpqJZFuudtAd8K|N(6#rj-4K>0tC0!~9(1x8wo2wow+=>G`9RRg$N<2s
zI+vxo#{1U8bLuth2%W)AXICoScWt{TLlTPnHDGPE6tR=ZZ&@T6RpqD<<=nV1B_T>5
zKE1=oCKX5y4lYMkC0^JhRd5e4H+}A74jP*xAh$~>ixQdC16!+ggbA2f!6?BxaF_cw
zu-uy;i?F*ALvX1(4Uu#kdHi%+f*#IoJJCHct8NlV$#|Z-TEd+VNAXfxm_Kp1rY6j@
z*zsDR-LlnX@lI=CaK7!-l=1Sw1%?j(N&T0_7*-+|C6ma?)C3G-YTxnIb-!H<YR!RW
z*KfN~Z?fI3BZ&fc<J{ly4AER2pKm(c=+BoLwG5_@Hm0bi?oeTKs<53=3l@1QA$1E2
zdB&?9dhMaMhTCGkFS{O_y0m;9*--F|M@m`Yz>53bi#1^V0JVP9Yr30_ujMq5=gVa}
zJS|S?YKJ_46(N^_yl2Dtk4WOYS7B3nyPcW1z1?s^5F=Rb>KrKz9Ky2j4#8*w`#h|Z
zD*X$g_|zWp-ToS4nMQ5L4evUI0=1QBdPj4-EE-O(!O7^bnQ+;>5+{@FA3e9P&@QjH
zRMYr95mpFP^tz@i!JRrfLkD{)4VO{Rq3r^7C>Mk`pC)P_5SwFZFn|ZQOT#{&!9`cs
z{p!EU<M}7EB~TA`=7U{4(-{_H^gG|la|yv_>FyAQc)w0`akO?!bI^2w-&TZ*HH6ms
zkO6-)2;Kut*6*SPhIiR3Efk>4@JbOvK}oq<<Gl-exOemfv&94a(_n=I`jWm4QIB-+
zv~|@{S>zpx=TU%7#`|IsF9v$p9=~wPYtj)zE`+KvUr-@*GUhkmjE8o%ss`Oy8F0;c
zd)!ukoiL=Z4@HI!lI&nEUl-c1n>sh{iZRPH3LI$g&~Kp-B5b235ByL`tX8We-<^Mp
z<ua&}PH>`Xv{qdnPQRdJz1%dod>Esh5oo3n+8g4Q#iXkA>n^ha&&<EwgERjFJz!W>
z{yC%VisG%6)kX)jrv!5SZudweqfqBH{>9y(pUqzrQoXcd=aT71kW54}=)PE;Ec;05
zhj?LcN6gPI&Xwz^OV>HhjU!_)`avjoUe&?e0RN8_kh;U?f=bk=;>@3WAIz)bMe7r9
zOTgb)VObSp?FNwpc(TP&5Q5k-Z<RRl^83bzag0_SgKo-UyUTDrnAO7_qQX%y^s&MA
zx$XIzesaI@fp92Vq<T065f}zXL=gT+fD(4;^J!GSyRVO3H;GKVL~9?%S6W)y^>lFY
zA=?!eS);<+mV^h8Q*0ZfYu&TSM_{M(Tj5<x`}}#kw|_trE4NBZdG+Wa#ffE(wjM9T
zVO`8B`J{jk8Lu92$AuD_s|Vq;V(FwE%}Z^Ort8Klwc?W(ZUJ4-R8L8u$~~2I^aJKG
zKdK)yA01`!@Zg$Sz0O3c|A{5$p~(wty>`cFbt4M)Fyvp`SW<_&<Rb^Gz!fvSP^28)
z;ZZSExKH-cIhTO((w-fIs|fD-z&ozf=cp?azW<ooiX)%XygFbmSv__j0CkOkH-j`y
zeB0+qr=pvQz)wh(AF#3Yq|_yLl~t#?$kp}c5!DJ><5!ktPSnGWqOOJ*%7>IpO8I<U
zoqiC-AEi*gDt)%~bnAD4>%FpnGF-(9Um?jP4rU<ALd|@k6EsZM_&y#HOlBKS38BWx
zV}~ijC!173Qyim`&{6!Anj++H6slwwW1asdx8FJUctV$L3I-1e$NOgZc%>^I;t5cO
zUobWi2xvxDP6&Zwc{xa1Hn8)<)lJx+H=ajR3!TaQFt|W5(3jZ5^MnebARloY$m;pz
zA?|`B3UGWG)S5bRhz3U?^L-w`|LhBHn>r8SGFa%(3(p-T7@AGvvD@vh63<8AJybFI
z3XCW&>{g^Bu20eHBp&-R)HR!S8__@h1bl3~!gonsDHhs7!KMnGk4xyO<IIn@+Hf_)
zcc!gGo(WN4uu$x>W2N8+tBXD!3pnrkb*o0GVT-2XyYOfC#Y0u_aPZpvDT>)m6?fX1
z1^ANF)pOAg-xewRewYXQeZsrkW?Cr)ITGiJhU$I?YSB`q5@GybFF?TsAG{)wz|Dnp
z4vpf*=CLmy0l@zVQIITs8W~6g)+8d)`YS$lJnO>sj=z}Z^L79tn4!^mmX3xVrmnE(
zPv4s}uKvnOe~_ZN+G|Iw-G2#$TF)w%(UNz}XH3Xa7y=nc6z82=&Td3n-*?2AbE}bA
z7y9nRkiPK#a!FnEu>L-JyG?Uw<->(YYIe)nE3dV|aI1#L3y8pVPpmFWLhT}d5U(hN
zwc9`d-igHp;r3Tx+ZcU}T)X8gnX6vGJ4vA!u-mu8S?R|xXMVUD4axpcOkxOmGxYv6
zaq$-J0hbIVFSeNq-w+Dj%+wsk4|~ELdMx%FEo1wTtlJZuX(CWwwvt{}>3QH~8$JOM
z6h1iEtj5LmB5u<Jl0vo$-s$rIFBk6)^p@8yiCN|4-I10;*$|E>@0W=lz$vTuaRCUs
ziVUiy^RwN3$2eG6SnrA^k8NQ4rhmcjRU#}qaq+qE74O4ilIpq6uV#*r@S2Vq&!RQ8
z+TCeZ8|+*%Q<g=w3DkdC*zv(-SmNG^-lSq0YHc`fDS2C&Y|+%$hR@5d>SU09Z8kI5
zk+4)2yS^kBA#7^fGT3&CK2)4Y5HkSpNr1Fe-t^^0L8Y|E98a+LG}!{(p|rt&#6qpC
z%tW$66-+tb%2Qmh!I-$KxzhxdBB3;Dt9)$g5sWNLsClzT=8ZK4NkY!+$DN$w@KOGu
zRB$}t0nq+7yruuQP`79gukxh-iH++Eq~WQaD=t+cBDS6)miTp{fM#aI#`_eq45ajH
zn>ja)&Ai{d#KX){7UJzpIl+?^pF2)Z1Np2LC}w0JxJ`5O_?<^-tCltmq4TOnW?l2~
zoqbC)csNfP#k%%ymCyzX5*2$LA2Tx=yet%F8BNn<`Xk7dDsN<`%XM-UaL-J?&S$0~
z1wxAWvowh;F|PQeOHaP(kIR=wkO^}F%Bx<}qvi{*M{qu+jOWfSvwv|9IE|&X^xHVT
zXYM*?4RtL6nRhySl`de$w&$T7NUMGpT*vXlx2B**aY<7&YddAW-Cw+?eRzaoQg6uw
zD1-r!5`Bu>0}7dKCA3RU0ry&8z55fKhX7DmqD77S;_vOgY48c@2zVd>GG>;R?5~d)
zTTbjex5QJ$$`m^vLc4QKL&@+VCU7Y@3HQsgV+S~6mMLa6yv=;?57s4CXdd7>zK<r^
zE%=_YZ~B&lILPW$ZecR<0fCOfqv$1wH@{ps<*_<whLXIkKhRm{8@UoHdwQvroavzx
zQph`}rP*=v&0*hB6sw<vDCNgjSIgC?2HQei{Mnj7uHMx$uSN$^munm3_|(Iznoo1X
z;_{~)X#TY(|A?wqu1Ats9GU9^^-5B0y4-YdZI6{9d@*-nIS(x3*hd4uYweqo9%qBm
zGf(T7Ry(q>4_H;m!6MbLd;8=LDQ)#iLE)GvDn7@dSn2ADRW>qIu_6xr`#ePZP{OZp
zhFb!4%IIL=O_3DAp!t(+S26%j&h?tKJG~Rdx#B-*=S#jw6(6ZVs%nRX|3a<lK**C3
zJmFcio~(D+CR2T$#HF^#m90$(@V4{i^%}fwP2g&#xJ;+N{!Q}Yy_aYy`N8UzEhQ-I
zFS}S59@4VsI^&{flWNc3z`aJBDw?S)%@xygoq$QViu@~^!TbL7Vo2qdeEIV7v1Sp@
zp%3gih#$9`){^?c4;AU`KGy@Z*39m)x!>^Fu7e>^x*{YdI(wcKEOtF0>tWc<=JfoG
zXq~bs__?FY)IzX2)`xUNxY0F#<p=6;W&;2&ohyPY83G*z;6}gV&M2dU==a@;bnF-r
zz|hY#1FaW5hsVn^Ms^n!jabfFnDkloDU`Bu9cf0iQl~JM52MdKeK5_Xy>u4i3)7CL
z>|Cl)&mJ*A`4+clUTU2v5a9}~zSfhbdUKLQ6_ObI&k3EfPR~p&8`Iv^P#BNQWSlOg
zgjh;QmB?DOsVkCsXd}5D-ki!obZmklsxT=u^fYWV`H2{jR*){rM0Y_`$Q$kOA%7cz
z=L2g6YO-by?d*wfvjO-j<2N4CqmJ>@ZJ3?+en4O(u{c--c;V(~+C^W^I5AR$G)1jG
zX`gu9K4g9_HR-A!!J;*j&r!1tIc1fGe)3PxgUCvKQYWy-MYK{TQ4{-<jr0f-E`{Kn
zh~X!K3cyzBjJ7S$+yi4omyE}7;OzQv0F{~AtR1LhhL+YYANK^K@CfnwFV-Lh&xf0F
zU^UERHVh(xuT*Z|Rlw$vQ3kBK{@#77&g?9c%|QIfLMEpikd~rUkNx{9{Vcg6341y|
zUZnqEU0J(C?UO*~O2k{XeH8AF=UhMv&TBsgI{wQizx$s753AV(oy2ez9bm^xt*4{k
zW(PG3yYDmLznrhq%LKO&u;cTDS>tTEnoe_d)+Mjr!;ZMph&D%M?^b<Sn;*%@Yo$4B
z>gfia#(o><ZL!6`C_WZ`b+uhab!umujneYGA}Sli-wr_7{R2UiD0#4X+)Kw~F6hM|
z+N4d!&}r<Q&LDfR`Iy<ZR~6BY+l;;BwEy~s5UUt&!bd(4LxG}*%Ej7Ghtj(3F(Dzw
zp+>RZeX=R1EQU*`K1H#K9V`zW%O&@)mi@^j&L5lb$K0~6It!tZJzQ!%?G7&zCdNjr
z^1I-(4AaG|f{C7vI#*22y8tq#$=Pbf%Y_F7=q-K99%&Sv2&{9v+Ntig11|8Yz9yB7
z(!j<Ao1fpGSU^ZXL?A(=wPqsund`Az#JP)|C%piy?;+!^tr4T#+<+6+Cf^WlpXV<j
z5N^rma=?q#aI<Hb+K<L8<W`IpV}SRU<%qjkZWD5bLgxw7t{h3cBPk~_QRc9Ql@AqY
za07KK+-awBjG2%_Wx|!2gpQ30vf)>v%@+4-ymXtG9$6r0TG)C)1uL8Qgz2{jdQ=dL
zCs&lc_&hH2GW8M`2xp_HV02c{7Z;J%MD<%6$J5=SH|U}IfDH2c#{*_fG4Z`r#06Z*
zV_U@Sm%(O!hb+dw?gS`OWZPZ+I^4em({_pP5m;laBl`V3n@Y#V2(yT^Y~O2Yk78(6
z&HQZ41Xfu=n~Fy9@3r#5aC4{)M#)9BFpB?Mz$7*1go<tK3R|x%(*x>AJd!cM8k5?`
zHs5G0O-Fp=>x`FuUNzKztlV0hF1poQ>xXbIkIUj){gI;dZ~e}&1uIT{jT+Gsjs4Gk
z{ixRgfPN2nZPT4#hp;Sy8Y||#W;7Q16gU(?Y#N}$nEaB+ed1oH`9w4JxO+jbSl3V9
z$X~9|Z+t^6o9EhVd+FlxMsuP&%(00yF3d`#Ap9P^dPrafWpaVHg7p<qm+1<6&j2lH
zaMue{v>_6mT%>51>N*)Oz+MY{p-!)=e>T)@@eC9p{{O`#jfcrWB5;wzO?;fhb98b#
zhypZCMJro7Vh9P_x^djhv*F4V*SZNugWnZn;41zs6I(5qyEYXo?J8wRlY1HZ99!){
zvMJ9JVfUbG{dGl#|5C?AelbfzeEChm__vojHSnX>c8-jlW5+yuggxO&{Ow76%!Q=q
zeitZrT8fOAMuKV}QJrMKL+4!EOFO=^f?eQ{qFIiK#*WwYCa+4h$Uq=SuM>rvHfYcQ
zyQBS8KYWtQ@PjT(6)6+f?w4NpGo(CUz17wn_C1e$lT%^6kG6bAUOCwRX`|BoFtq8S
zwodjL72}r45!o9e<BhIEl!Ow1(ws#85vA1xa4Gi0xN&lbraz$kbc_^cGpvHB-Jvc!
zHEM!_=eh&docRD~*?8i39T~bIAn%iKS;GCGsq~djVwZz-)4mgMFGY+T4^X5+4L^}X
zy_yqZV(u+lC!M4D^AePwlWNSgHKEcOY&(O~HW*e;c<<6Dj5vr>^3S$7I%(gjPg>E|
zfM^l@7PHvIQdze5=lhVLb|7>K;yU48x+4MU*FMzQOlwjD+<@qa=TQ;QTPGN~y_5MA
z3N*xB84<x!sX7Ua$no((W_(mIyY*afLnTkK;UfjKE`6VpRTYgZf%U?p5bY%D+Lft+
zHy6Rw!C&t}_DY`AF)&s9=`iiPm1X&4uLJUz>v1=rsP%vQ&p78iN()!ehqd+-l7hnL
z0M=KoqHk7K?EukkLJM}_3OX0GV6BT`x$h4SjFL!#S_=rU;~P5*8?sFcVac6Oh!{PA
zKLxF@B&90pTZr=X^6mq%oHGs(trB@8sOd+`ajV{Fx=Q&QxF-2;Iq=Vg1O}SVrrBV?
z*(^y7B?A>W6z<i=5SU(1MSv#!7|@>J>h_wBff4tLFCGEGb=l6{T{A@fO=5xgi*afS
zisW$)4vP;09yHzGS#2}-ReI7Va#Li5QT`;TfSdJ>?8uvMtKQja3Z<uRH{j-33H+XI
z^Yt-<m581*-=TOlQ>9<gZ{9V=_C=y$_6XXCdCz<Q$km{pyP64FoyPC!-Hr!pxfX^k
z-HWp`Mf4R|^R4Vx6OC6f7zC*=8eaKM$u*`V>7g##ILJsCJ>2=P@|A@Wbn%@aV^9dH
zOVP8<-?o^s&CzBC8*o`UUo1Ph;a~=pEp7l>v9ye<-rbh)x2$CEv)MN_7Rs`&u0Ck}
zVfMt17Ho-JKp_XSe6`=`9?Rf^1bbecSm86cP6Mwi{FLTQ?$dhVi%kddl023C`vyYf
zI}xfobQM3RVz21ig3|=L^zrSbP@NyCGgmHtT+=tnwkgn|c&ZRJP~G6mA)>VcCVwfz
zQwrs8(et+q7H9YR>$uRzwle#3N0W>a$^EOgp^sWE-m{I5@Uuw4OPWRk2?4S|=rWiB
zEW(!};?b_5KfY4RSJp@`UGQ$dF4?<JAxU~?^SJewXf;ltav_{gI+8J8im&Pi2@n;4
zj#f)k9q`UniYvC>vEfKH7rHZU;6&5-thd#kI#{LST5cGpSr?2r30zz~Y-ZUF@+x#r
z1P+R9?Q_jfb8JBD1RFTj4_7%Hy&Fezzgh2b>PWFC;;b!3CFSN{xf4Hy;AN|AHXRHg
zdK%+xtS>kV)f``aZn{g&`Te|+b;tK8-o*q>2}9AJsu<znGITE7!&Tp}?4q{ZgllD%
z8Eo|hBQ71K{jXQWm3N!zu~7Bf8e8%sWYFHYRNkN<sgJl@kT_y7Wi5dZ+#~es?t4dP
z%{R=)YNph2KQO~cun!U#y_iM$E9>|=`+wyj>I)?Y$-mOo(#{#2NM^4sGuc)}Fj0D8
zS*T&^9Kpfx3`kXA8N^mqLC%B?Z%CYq7w#XLQGMcFZpCn(kn4{N+Y&xbhfMUwFCUlW
zDh_R0ub(A9kCTtY|5}CoI&@d8>6s^Nkbj8$qGY<UvBw$fFpswP8}FwRfyoTksoj|C
zPjx{Ro<k@(^EmlV%de(_wb-OI)osV>z+|6)orwQY;r@+!dVKQo5TCFEK7NMToWD?h
zni*@)io0P#9MG!v+sb-X3lGN>e10H_MnhG0$R0gv>_OyroNe#(yz6<xf!_v7->+qt
zohmjlm4|DjDusZfd$Crwj?tR?3Xtibf3&^aI<b#eop}TBUmgtG0`fLB^V_*S&L&TW
zR<x79%Ti-kwcA<^>oF3gC)rP~7SboF-g6dolo-i_GoU&&90Ijzao^7*IDbST@O}9n
z59xLR0*+1YZ(cKmDy`xDmqU65cQZ3yEJTdLY6{u8e3#~4=MURM&_vMb{Qs(t|5lES
zixagPF=+#Ep+5{A2p;L^uk$;=|JiS^SM;#Z5=4qWn~JQmYC7Iw-oaH92henyg^9_O
zwX)@H4<6gjBzRz+fAt0NF;qq{dddA-{gaa^;?5wdTr^>&AK&i<d%b3&O=4Z(PsQCJ
z`;P8)p>v)9&@>b4uVrUfYn2F~qVzr`xfJvU657<st!5S4y4by{u2%LB;aHyzt?1?m
zD^i<P&C;zEgNPG0No(QMUH5PowKugeiBMyXAon_8W5V<(^xmxtUnvXU{rFC(U=xs-
z7CT;Hwr|4;wii(lMYVyV2PE|W5zhaO-lwa}2S37Y1ji%8B@tlo<1MM0w=NKc&L#%S
zYBqOOjDLxF)R_4Nv(lmt%W0UE0lnWg=OfOMlhN^?X%{+=$hdtIOp|eBfG<KL-T(x*
zTr`pm?Fth}dO=Y?a@jNY6j!lCLsBR?<@)wzA{UO3)f@Ljj)D(BWAA;Ikhl3Vq8*5~
ztBr1>8mvUY=(DGV&BpsAXk717tFN13+QG5Ukk)XmE^1AWd)POTbk66_STqv$1qOz&
zMc2H~7ZCiZbpIu>{EtP$_MH$g3_J+Wf4`CbLkLhfh@y>+jvLFrNv2wknB&Z%UVpI`
z=3#LTLnsJxGFE!=4Wq-<ZNHi%D&#jU^of1d%SIL(m*~-$bfmVaKm%q`;OnboSe588
z7K-T}^Y>ixisf_p(06<EN1J&{Y7=-PbdKljX(%G(Z);yee`3)Per`QH2JSQ$Q;%X2
zZWb#oK1@Iku1h|{9i1LX_4r*S#qeH_&xcK3<#i|0nl}X?vaXMeCq5@rUJ*AUDTm#S
z#Xm!%zc_U@!z=FT+F5eQ>_ZctbyH#F0{)e%zm?QK9qsZhTtXC`z8PkFY@@G)p{r?M
zchjTHsdZKTOVq9pSdGDQlK}vvq=h2I@+A-E3M=obN4z69P?{;s6d2_xG>0|)HMzlT
z1CN5Gug?sYXA+kU1av$n12snw-IyBO1a!CzC99D=`~$d|1%8gMEhR@QQsn5^0D@Dr
z!8!Z%*ZvXJ(y_vyAL{hr_eKI_do6iNneozsGhUxM8Mx{^g)BeRxT)jJKxNiuIr|Af
zakJNGb;@B6B(Q_0=Bzfk2lTCkzX5<{zx%u5^$wjck%8a^lExes_pLQ$7R_1q%L=g~
z;ZQgkulB1FEIH>!GjZm0_>uPW<LbiG<pa&^5}F&DKHNxkKk|=Y(j7bc-(2}W8S>xo
zgsiMnoCvlfhAqkhq;S*b$~Z^JV5{~!Rw976A!@sE2z+M@E74oMJ1ykimwVOjF-1G5
zEAG*kpLX!Pq5_o5f@G;9-Ib!eV}9v}Mh4UI+!*DIqjT`55tudhivO(Y*y?MGOS!-O
zmHi$V+#;L2nzX^ME(-iW)&+1mgGg0lJc`rnuRex+{{{dUFr1Wrtj>t)qoRla1C+61
zJwf(B&%**V1gNdVxDbj}{jA2>?L0=n>rj~hbsqmTVbsxb66F0^IR;{W34iL4xLBaR
zM1@G;U`s#7LcH-dV?)iiqzPg#BsltTO2c}Sq8B+obdh8!h+b9W|J)wsKv>=HLx<b;
z6?;Ed+5>Tl`CkRo-6Xha##xd$)s^-4FFxIhDx(Z^=i{H|5@H;Acs^#uSOIcBs3roe
z#^K^6#%qL+%W<uWy+2yVRmnB(4~NuhWO-94tULEw#cK_()66Pj05yS;f+AXpz0S`1
zSl7eady?lA9;FOw4#@Pq>MnB03eE0cUvaZNt2fV?^&r5K`M!+Aq8oFXYhOmnDC+eC
zM{TCsZ<L(42>?Gh+2CU8k0nxTylZQ$f3RDTH?vPVti6BH+ew1xrIi~S25e5?Zi9&s
z;D&>Q1&&KJdFHwqd!pn>%fwy7L@v#fur>oHF^2aFoHbG2wj$cyY-m52Fk!_z%Gl=B
z$doSkd;4TAveJYXsq}U>A2AhDWvF7zmP+}+xOhOHQ^lD9rFhBV3X}~|Om^y-Ge1CF
z0;U-tVf>G9@oylUs~e6-V4$ec79jJz6M<8Yg#Mx)W2cUZVovLmt0WTOWC8ajAdfBP
zN2P2p$RSJXX}#FWK%HztFyk=68EZ%(8*g3M_^6&U3okUiU4-G)`-wJ-AeKKT-U|t7
zw(`Q&Z+(itpVXC^pxIZU|Ca3-xq)hv10o{Nl?=3AX*IXT7E@alFFc<FrrF=J2s`T;
zw!&)SMao;~-I{s6ax|fiG;qhC(HXjqJTIW8r<8*~!~Lcb07(d@1Az|#7(yV1R5H*4
zal{W`O#$5Ge4Xt=%`V&$p%_*89eJql0_hm?pZwF;B`16fO43xCsu}NIP^Zd+E;PRa
zmDULcaC1h?m6tCr%QEc58YXJbE>eIy758s>^iPq$_s*Xw>Z(`|VuIV=ewC~00jyrY
zqk=n1j2{1pYfzO*AdV)EVu7y&xG%~xb}SIg*`WXuvJ4hzFp4w0&vX)Hsw7d7kzfEa
z`tL+#G@!sgia}g01vVCj_q61~c&os8T>X|G^aHKEXSPgqE_}jWEZ|^E2<j?O(NJp=
znjp(|ndh##GqEy&2B*?86TjCjz!UQb*q$mro{nvP38Vp!XWBaw1KoLvk(NNf^#DCg
zD*N|*u_^;_I$tOw$p8AlOop~X^L3o^a7%oZ{7w1zq5Fq4*kwbwTMb6eX|P~kg@FG(
z^CijvW%g+RRY)Ace--ZL;|*hX^|Ch23BYBDD1@K0aR3So2zU)XsW6ym)`}f~vnaBU
z!pB@cdbG|z2=Y748h#c(F@Z(S)JJKTedXCod46jD(r#=qq9vyVu!G8Utv;MS&U{oP
z|09pvs5h0sq(h9-(u2}pzrR=iI1JmeLxYik3eTe3eF*5>AUTTBVYWa~8oK;u19#OJ
z2!lcQH{T(8AEu#f(4BA20`Z)@bCe@sj~wJ}UfT41eDmI_lp9Qt<1Uq*mT_PQY4P>n
z8t@;|qJ8;vJS?v9zUvB%8|x1{Da$w3cIKvO8<`%q8cTfFYaFy-!=)iLL<)sk`<Gn&
zYI!e&5}xn!4)&AiHQGwP<B;9vw@uefO@G;Ru;i>Y-=OKxyQCi@^7KT*j~h&VmmJ~N
zB}f4yPZ<bXPJ|q`@c}DdtLc{CGeugX<R#h2_l2*ARkl^$W9j+%!hZ2h!&@TUjmIn=
zuIeiSduUjI?it%WH~1(jbfleeUJIf_;eQhy>K@pHI=5VSvc1qmt+Wf^R1D?JO|?kn
z4gq-~TMmr*@i#d;2|QEj;FGP}8@V~%<}lAu`E+KF1Kic^TB2K37PjiiAZ&V7bPfC*
zY_9XgG)ItaGzP{cg68$vKbuwn_>A|^AT~A?T>%~h9G>dBdxi#RYyHRI@eL9Stp{Uw
zVe_>R_g*hujFMor_VX+0fgtIeO}DaHpCp}czVkZ`MHN;%gKY!>75ZJYd&6W;yo3Pr
z3`_#)7kX;m519t-zsWQx`yaJhZ<MN$lD-4A6(DLr+8{874pl(Sfm;b&JLJqE&uxdC
z)zD`1rj)LGpwDO`0f`1sMIdrDvVi6EWMHA(cfvLGSJwK=b@&*=*@}#h*tSs)U1Dc_
zaaqwwY>+NecWo6`eCKJX2rT}U4TkR-C-nzwN9Rq920w%ADND^7lJAM7KpA#DgjCWW
z=3CREvuG9lmJWn?aK4{dcvOvzyy~|h`AOh=Ors+mGLw#hw%@o&%63}8mG(;+Z|!(`
zXgPY{@<wxYN7!~0dB>|}eja~qE%&r-^^Zu24uV?Aqj?j;D=^z-j^n?9@f5{;M3!WL
z&<3_VaB8zw(K^L&1U#7hr9Ofgp*<DPSE8AD-&~RX#bOl7VMxYb`=Xi8oiF*m6Rn%+
zPXAP801e3^jfL$e8Dtp4AAtQ!1dyxNF>i8kX3%M$gc$&X)ZoNBX2Q~%d9qs8hbM%o
z_g3J5q+C%QSEdIETv7zW#U|iutA`rnqJgjhKqocGrNB5=Zm{c-1oRYc?8EA^!iVTu
ztg@i9&RbkD_L<5!=M~&KkqNv#S+H2Fc>eDj^2t2p->E|@4nKbib3L=57Km2QPD^wA
zzg_@$>+!%IJYT-5?XmBTWu*59u{UmJ;x({%T*PDhzf$ltRM?jtr%Q^<?M2G_d#Mv@
zI39uj-R-E0^*aTZf)q^Y>!a4IYnF5c{UM-nr-;5>i_BJ2N2V(fsTtTELIP>LB0*4~
zAqWE#&8h5)34TyPg4K}sYIs2yd^m3SC-kZ462QpWUyte8<Ug;JK4q@#v1SBR|LiE~
zmn1+WqP*c;I5&O$IIiq>{IOf{V2SeY#q%-1nBYF5CPb&j2|w>UO!L7QRjfU<BgsA<
zb8hAig)X-xd^FnIpO8h6y_$<X=M9C(ec!4V)fUEJS#G?@3Ze{~=+@wD0CuqhcXInC
z3_=CZojW0o!KHg8PMYnPhLRNFKiT3+$GxW?pbMe5;$I7MZ%6fu0YViSC!=KX2u9Rj
zVOwJG9S3@j$3I-`MuKIg@etVsA0E1praOdNO4!kXdgImBCihotwAN+O|J93qY)@r3
zWecmrQdo<KCU8}gWSM9`Jf@D5$87X*6U74kJLJuNz#LSp3bY-dj|RTBkrGNi&=ZL4
zX3^7+?55JdAtZhkx;DblEV@^n@BkcnnvAS`psCM9wY$ZQNDe<59-#~~K)Qe-%xLDL
zgDAsf>jxLmIEwYni)eY50B~*=4MB4407wJp7+{~KHyb;4_VN%@zS|+{XYy*<i9XI8
zK}3SP?DW1mw)lb?8C@7unp<h``a`OD>Mv%4)M2$4fD`FA9Y8AqDvG~M_X_w3Y+I8c
z(WmLMwC^8@FicY6J_71P#yfIYFk&e6zJn9>vNU#PmM+SJJ&%;z9(o!Z#!(PM74q?)
zImzni>rZaNJHBj(J)7sEH17?(Cj800&uQ4U7X4i{0<Utu`du7aaW6Z7i4^9bhky+x
z=MNf}fXq6w`2{PNm`sAsuIjt@s3KyKl+zm5Iv;2S@!B{Oozp54Nf$2YJgb+&I520&
z&fYsQPm-k;c9h?EoB3@QfT*4YA&SreiTnK;RwCb6zCMJN4L9S}?)*Qg6D}G#v(qU{
zii`xn)0j5?W68<QpoRy$hxJak=}$vlE3M|z^6-gQg)65h1(15=Iy?i#>piRQB*omQ
z73zE{zde7TWSRa^??ZKdqJjy~w*E*l7+IV4qu<bI(0x5#7wE0P=;o@U3y?f*4f94h
zfaba1(c@G{ALXNyb!Nr-AP|vA_ey>B>FjSuC@A&SDT;KNQwwtgLS+b|c${_r1Oo`@
zucFP=41!C<D+|dyZh+$V>+8zc_x9D7vXHSV|61lDjJp1aWeu{Nm^~Ykgu!KA=lk%}
z-fn8G<tX~IH^K^<W`WxIXbwC*@lKa>FSLaNH25OX{C`mVGu=v*r=U)zgmO(Z0g_W^
zJC0>S5%@Tu&xQ&o?}05A<_@sI{W?mV#5FZQ1PQob8o2=iSa~15|2<VB3*{xFDoNIA
zX!=Dw%|k@%{9q<-8nzPCTR4<7)Zd%^o~^`Mx8D%<6g1^TTY2zCi05~9M6U!gP*k8?
z5H!b!el~!Q+PK5131xYzTsmLz#f40bl#Hxz8~R(f2J*)wXtSEf1Ufu)^RmxE(_U#;
z7m%mOfAcQl67bFZ8}_6$^xP5W$j|9Euo~32!547=x=|4nyc_uNTr;;HaQ%#!^H<&#
zG&o>c?gT6;TN`U)MPtH{ItEU!B>^HQVMI@Kf^b;C?V%NR^-^Hcs8U9zw2K4d<ga@G
z+IqT2156plEP1m{XkXl4F^CUMh{nEsBg>dl_`%jCCV<=P><$p!%2(2*zFbc$;l0e(
z6?1jHnMx#cU=%S)_aibyjVY%Bn#3tkgx#|wn|x-99V)LHJVZOrf7DO>-~PN)@$RMk
z1eVrjM+GZqrKslu*$7zqOzR;(6ml9eO1=#z58>xilb~Nz-U1JC)SK`r7RNP@$Ea^P
zDz>VHE&O?gYhSevjhjy{IlHFS8Y6?IO*l|tj(rlws>K2&!7ReYk4e&i;XcVL<dmXK
z6V)QecaX2QwCZA{=F4Tt9bOp0mTs4JNep`XwfnczTlYT*f@5CFL4Mt~@3ri@!{~}2
z+K$KSj%dP<GV1&gMYlRYY$itgPpvU+bdmf1h`nFbFG)WEf?xGRJ187`mi=DaAgeJ(
z-dzIxoAK-!$;8+IA$SI<K5K~bbhe9mjM-C1s@MAH>TwW@R`7W@2LNj~{U(YUA*L8m
z*%NU-6;O9ltFA4}E1f~?PPMbi7s0PuC-LgfJs@*|(WS(~6*`zGLG#|Ig}IW#c}C|!
zOw=M{E9NcB*xu}Oct&ASZ9)gpaekn1&Y@)H;#st!b9DACwt`VtL6kjJjMb2d;NfEa
zh$l60<P#~5qtEuni4O!XI7F!_L5MX;3hv~eugk+gdxac4&w7kzB}V?5;s77T<+J$u
z+`xoXOn}iBw*Y{g>;KUji0HwT!qUwf6T@2D_cXzJ0{kkW!1f6AuF$PZ2e^I09uZy_
z0){{V0I1f+;?yn)%AZJxt3iE0KKK6OwO<qXEA`H~#d3a`^hnB{O({`vC5YIx%?F=6
z&p8_Kvp}tPG`##WkZ25Aynq!HXbbAP%KFE3_@OfRpafkgLR_0PraZl-Iw(?q$ee+4
z8^3rh9YFa+g72V#dyiQ0<;EyYEVjcOG{tYVkE>8bu9RyexNryFIW-5IEfab^!8%NC
zp4|O@l02C+TeMt~K9fa>{J3-X(LbN)o=O#wcnNsT*fPB!f>QwYzUXL}{!Rq_7beYH
zi{`&urx=Z_pt*pCG6rbPMqAzysG;*0=?iO18Rn1`<R30*7_0XKA2yY25~1K}DyJs!
z1tj*&@BQJs-HjKMt)LlnabLVbwHx$-sMCMB;|ey;g9(fy23oApLN%UciZ%ce+cjGo
zI3>TUan#($<8`vpUA=3~b@N!IIzhkD4Ab5xizJfX9OX@=ga!%UGdN)OND`Tg?yMen
z4v7*FGilg7XrwFW|D0;h6_G!6m3^4H#IOzr?HbYUW(^9F;|Sw*Gv553nT$2HnkC<2
zKK}+JgS8I+UQJ-vy*5MOzR7;~#lFLpy9xe5P050JI2B9gtC(Fsr^~XBTvkh0O0R3G
ztf^x}TUUbzSGJ&&hsQ>PwRXFk_QCelC@~9j4qC0GzKgV#t7K2vk*nxI4;5%81L(N>
z-avG?Dw`!~Sl0AlQrN+txT{tey>^G}&BS-xltKOy=ZNRXGPkE+uA|4TntCD?7^xhH
z7^vPxFGr4Ix-#eCqCCG-524aU`{&puXq?k>spkw@Q3C_B4V{j}pn!mdi=@Pjb~m2T
zEz<4;4Oas{->P%(J)r$ej)&$GiLCDH1S9}q$(w~LKW|loN}er|X?nw275-Ygxfwe4
zAs>~hm~wlYQ)FA1|6DVi0q{z|mk!uuV1B07R23`H=>o-~fDglV%vD1XGAKBJj;19X
z$q#suCH~~58k0F+;JsJ<;NP)>Z%wLrmB}BQacFfe45CgDn08vz5pa%J;_$m&NVHU9
zQyT7qIgWB_Vc^fnYwk90DZ6+G*~BD=)9c-lMDO8e&21&?<?@&l$Wv3A>O?f`GLKpD
z{+3JsIXc?6lqwoWVCfn&Y&w)$%>rT^$n|N0L1Y%3`9Qqxefo7?woN`;4_Kc8!4@|^
zs9dEO?EBm{^QNCp2`J=VHP7EX7={z=mR}v4escbhEU6aW;=J2~b!={H7u~4AYy^&c
zwr8=&{mB_adEe8qP(=UxqUKd6n+CM)s5;-8uCc~PVW;mcuizh|!nkEX$I6~6)S2P5
z-7TG2k7qb@l33@ivV(ic$sLfE)Qtorb+FE7`)FwXl36*gc7OXF4|A^Kf4#Z2Z2tIU
z0={y5Oxe3Q`(rkXGOI~{``G~(!<M6g0n3tqSOD)Y>Th`VPdF$+IBi6p`r(k^pn|n*
zi9l0!FQpgL*(1J@vr8^2hw;x*<4w)ZdV9(7+iR!4wfnohql%9cb%PTR*rt>Z=V)$W
zuF0>C(}Ldk6?gqG^P#HV&2azpGAU|MjIA^}>QlxLd{>DR0UD$f&0t(5J6(8dZVT|}
zQN_u>b<~z6#`6Vnu^+=8T$Efjuwu>uuwqfKwY{XM7jqxF%QX#%>jzafvv4}C*z@hJ
zAIHAX^k=AfAV0SJ+aq;6pDg#VBztiswEMiNTE01Z6lFrr@_Ar-`>NJ6J>wvspdNIy
zyFHI2zz()e5znGZy6Lcwxp5OHN2?$_C7Si^9@2S57vJZa!ledQa&~xYUE=s(A)Aox
zbcjiZf+o1PQN<pJ>@WU{$Ls3^6-DBEuP`sb)_-?`4iK#~lY;%T-i0NabcBzlfKfI@
zy;~;`I4L#jct(wO)^Pz31&-3n@>Z+W*X(VEmmyP$Lm5778twUZ2*~rZ(>)(5G=ro*
zG@dzJ(rgysCRV)!-Ez_LPfgBmGd`@3SRnVgu6!_gkLEgYw=E{t(0>|hY%d%s$&GFF
zBj8mZ_19F()YGAg_#kp>pR(+Yr<>d21xKF8G*dCFU$q`vjkZ5&eiS^>d$dWR3a4R#
zTDQU20riepX@u-43VO+RV3KiTu;e2@4fz+%_MaL(QMugA<(5*W7b<!|1q|W=P@GKb
ziS=G=9RG<%1-3olqOpodb~E7j^!jP2Pxk(}?_7<U&^<p6VBqS+4z2R;TqJ6CY6Y&(
z50e*qhE=9d!WXfotnH|_c5N`-p-e1j@FOWpfJg=F#!Rknftm!o)m{W+%6HO@=wBG&
zV&Vo?5|P4kR)*s7o1w^617s4?m%s_U&#F54mIhLl^Yy*Z&n1#)?G&@0E+(Vba2P>%
z2M^EB$KFIwo<fGlalTCPCMq91N0WIR^Ut0o%XG}Dqu$xpyBkK^nR!7B3DDM^(FL>X
z%YF~03V_b~j+Mr}$@NyZ_s5+Bvq=%+Ok|Ro?-RDz11*2%%$fm*6&-JVvVq&@Nz2aN
zu(9|KJO>Jp;(0YXA_`Q+FYO>|1z_MzTbAD8(3NqhWHiOH<CD{RW@5+Psd8*UK7yVb
zS?Wc=g)vy6uGDW=qO_Pk@xq$>cJ%#{ZZUGLl3=TRbFU02Dv_3C2U<M%`DAjm3}?k*
zVPEA)|3yMs-RAd;YSTf6m8`V&vQIJ+gTFnc68(bo&*7je<BdAL$C1b<pwa?{|DhrD
z2vbI4CthXq8O=K|egiNgU`PPyX9Yf>vX9jZ^<XG&&AbGlN6YT2NI0K9pIgLQ^zA>`
zuCuC{Aht-E;W&*CnIhWX&VY#*Q0<>3sPGiZ1G@!KH9GrcfhptnFG(569a2FTI>{`j
zmF-u&2doK4y)PRz&-0Z(y8$i7HHqTuK__D%*HdM9p;9a&rAfqwj2v2aBAq5)mfBC~
z0yYWa^#en^jQmy}^@KS2<l=RG#gZ|otyn|9ErnVlEOqQpfsX=pecDYA?8DW?fSX=(
zrT<L_zRdoZWR2CO-0aI!W}yo{DoEtv5kQ1IeXl`0#pE^YbbszyHs__AY=;nNSZ4~g
zEJlt01<CII<Vc4NG2`GRR^@JhD(5@Va~90ExHw;=jV9il7jPD4j;>vw90=GnwTb4j
zp9vOg7Kx{Gi59=4!Vh(^5l(HGERC=%p1x3zbtb5C&%AMoS-r7mj4ddgo}1t2AD(I3
z#Xb`}O#6?`50<0x!sB^sFE+{_hBmzT0}#2I?qeHeS#WPaUw2y6VA^2C_`xa7l^n8m
zlRfQ?Y!6=V(-<X{Hw5MJDJ@s-XJhECSn=9VH1*aeBl%a>MSvY5#U2CbTtF7>{FMQp
z@!=W35#Z(kg#!?#9{CIE#;*+mXQL0$2Y2VDuoheMXW;5M-F8zcMF&V8xDrN`K)uU%
zeOE?4uZD^t->`BadyN#^A0?MTzq2I01+Z39%<!01^Q<w%=>`A9@daIQ3j-5+Edz^C
zYbVZM8(=bb;jt!at3G|u!-SiVEE0kExTVC!I}2ht|4$yb+FuS~Tc+x`1xMqlcX;<Z
zEihV$$WM-?ej6C%N-S@)&imR0_Q|CgrUdb|8~hArg0%$7<hKPp@4wus@kZ1Wd8`|)
zj_Y$WNV&2JyGB*m=mOtg=&J7uoo^Dnt+Ba9a(4dI<yt2@t-z524=J?aJ33IfZ$9L_
zT@_voP|iEN_ww}oQqpuv+lluP(poMN&f0Q^;OYrn#DRuSY<xCZk1t?1EQG4~m))s%
z1QIXb>K$OG7A@@_-V(DYq}{07P<?uM2h-<of`_Ydi}!F(KUWA0Bx2pJnZigRRNp^R
ze>Fe4qr7_rJ5q1~ul1`uy05?dr(P&TEk_23PM(83Lv-tP!uqcXAK*j-W^hn<$PPOw
z0spAQqI6<GNA<P{uxr$-tW5eou}Bx$8tbt;LvPn=ciw)9;`2TDS=;yu8T;29pcNOX
z>vKT^S96`|`W*7`&9mE!QXAsRGMq%~DYl283=_pJJ{9>{)TpXYIEZWoyASLZ^ZqCy
zBX825oyjt)M&G!B(E~Gq&40FhEaYe*7toj*79nAbGNrp5412bSAFR2U^Y<RF!Hu3p
zZH=hxfDJFW)zrPyh20e0E(AR4Y~{{ERgzPX5kq_Ji!Tcq7pr=U@w9SeoC;aHv~249
ze4(L|abH&RY~kihJ;#{0x6hZSC5;W5uNmDap_|%MUTw0k5-KVZjt3lu9k6`!p782=
z?|VU7m3-U~er9;~uOlXz?Ml6j7js#pr<kvy?2&i=Hs!!0=<2w5j}CV^bhBx!4E{*y
ze&w;Mn%eO|n2mwGl&-gp>d($*q6G;dz1H1B&oA*;l8{yp$~zQ=mP<nSYiT&hV)9<=
z%#fc`OGlxcpPH^u%gSb)o=3^;>1j!0z=iNVYxC{3#8uVQ;(e{y(vvT$0`)e+u0qW$
z7b$-1x2qK;zl33jN3T7P`r-&~-WI%C4&Bu4SRE!~8qUyWguFR!%h5A5b9A3SRAiQc
zsA4~K#wiK@|DAE&e>>w4wZ8qj^@93qu#e+8*v{<p3tj4AP^S_t^LZR|`cJKY5-kYs
zS@u;ek}Q>XYY&9CwV_hpC$yMY2;6qXr)#nszsS?3E_)K7NuhVawAvuLA3>QDo>6gq
zbQh2F$3g;4|D@8{ga3}3HUy*X3fFe5_LSF3D$&1Z`D)N(KDKi<?YkA6dWQ1YpWT`8
zVNocKuleT2jlN>PT5p3jryk20Z!Ur93ul&7_30Jrkcjm#BVoMGz_oIG-&Lhk*RybJ
z2!zt-nDhR6Ve>~qG;OSGT-^2nY1bx<_sjEC5AwPs2!zM}mPzRLPr+Lxed*!HLN^yR
zrL#${d)o+!8%hbGKZc2prpHl6Cb<1Cgs!o{<QIhh!`NGZRoyjf<D2f5-qO+y(w!2b
zpwitE(w)*si<C5oh;(;@AV`Tw!=?nJyWv~g=Q;oL{@?FC&-t!v<E6NX-&(U~?z!il
zS$i@CW952^83$(~cD--2jjqqoo37+uHsn2AZcJHJ;J()hmRU+5U6zvxmQZMjLLKFh
z+I`U&5YR+<$1%`t#~I$2EsP#O6S8jPRhaSQrQ|72><Y|CGKgkX31XP@hhCfbS8<ZH
z*dK9HMc>$R37H3uMS)Fd9P*e~9ko)JioYhdC&x?9sk%JrfX3*;>M!3jA0!jA$_3xL
zm5Z|f{EW!AaYVC0Y_Vd=hu2puR{BK0?U+Nz>D-g6O;|L%vrRo3_pzy+=Vw;NR+GNC
z%~~>j0;uG)5$EH{!dLTks#FwHjGWYJZ1M=^$NOXj0kU<EQ{I$&k(j=$n;#vxJQ{UJ
zHfHRkC0sK;-rur3IQirSO^o8h&!p7n`>88)T%&QFk-4yl+)0=c1Gzq`E?=5DyMO*W
zoyc>!agzICGX$b-V9<O14m-ea&qeI?7{M1TQXn&A#2shZf%+E9EYYRk(&f*a+bf>a
zLb3za?nAHIknV05Jv^_|g0;ueatwK3(<!&Q3%82d)LplNl0D!<j+-n@!L~;QZLzyb
zAzW+m91<x<7$@n1pTHa^Dd~eBDr3^UxU%nI<@no<>-#1)Rlp^rD}fmTOV76#a;qbS
z?Eh@eHuJTif|7RUU!7`|=nY603!2$EQw8{+(ww$m(B4+vIZU0U2%2!~B0z}7tDISW
zjNiXGUtCIDyV1U!U%csScRH54ibd}bU-U=iOx8Xl*JoGnbYF-&Ja9v-NXs_byGpae
zRp)Fon>DHrXy_4HQn<3(Ib*6+YuH)6{fglwM>Zn~&DLg`b9cVGhlwJWS2{0wkCgE*
zQ;>h+B-Nrfu`2D@ictORNK|6q2<yNa-K702$lgJ|R%17<PF;B9bFj1YUD(Y}LVeF?
z2-e>zVO7%v7?&oazjO7qWf(hOV_gikQuARrRX7y3$07S*7s(1OJd7&$Nd_%6v>PYS
zAHbaQ>wVBAQe67tb_jV}shLC>xjz^f)m2Q7I?3smy+igX*A*iPB47>I<2p&E<q+>!
z!zgQKoQj3$t8lmY|60w_yqDBx4o$X;$vlf45X#UPJqxB$))zqB|GI9}H@d<9g>fBr
zgeIszypFg0b=@$0VwWAOBdt-s<#w2fj4HkJiu#TeH>FSp(sn%KLq?JLWi=X_z>Ee#
zSIqNVEz(L*iwf#lJC(MofFCt^;DvK5-oSS_yj}De=a|=iIrY-f9rO#ZjhW-KQA!Ta
z-L-li0pW0uC_Yq|pg^W9ADp<|*|@$ei9p3HZ{j`wW9pK!vgHFS+zuNTM9B4P{BN3y
zjSjG>RWaP#6M8aLO<$jF{ssTLs6%&&^HmkGL(tg`oCWaq{$dB)w*6}%m<VLp^7}n5
z<tu~bPqrf<(T-bI0tyYDD6@Wdz6ev>BjxKissi=-vqoqB{B3HG@3+EdhC&oZOb`#=
z_KbK%p@HFB0t<6zy)D6`o3{|VwNn<(zsBMj$C+em4{W73{=$y#12ZyIhs|6)o%_&k
z>*?;tnd;;=8P7(^%Q(*1t!3Z5(i-wgw%oO6#1Zr{D0nVgIM%u4+GWE_zj_3JvwSUL
zeK*jOp{7q`CoNR2EXoHx{_XeF_@&ck(D9FwB;(ZX$U13P4o|1&jJH(lc&UO|>DiXG
z_$kx{Z{IC`vv<6f7fNkOkIH)W@QL`+8{c;A#fz014Kcw%j-;!(Eob8rrAcF`*44K*
zZ|0k389oFInbj(SKwFi-WV*z!%VU05Cfqs*5s3SdRz|^nTU=NjGP!|;M!r~F+jpYB
zRtMY=9qq}7Y7fTN@46MU@5-64F@>(@$y-iO`_|4RZ`K9ji>|Hl5&>c*inhPecC$hK
z{?lc1izmzg{t^9T2npY3KWQKhQHn012b^Jg=+gdB<+$h8{0PCCC)ndW2S@0Yp{I+%
z?xrg0)$JkUYSdtavlu*tADlOmv!mTz5-?h=Zk?_i&(TqN{hq+$ggA&?_J&n6V1>${
z%z8;C4VMrF4qab+FOHbIJYpCZt-Co|d{S7wg-o-P?XqW4-3Xq7>FkMGKRwA4p6UQ(
z+IBU_?&>YeJxtiSoJ#!@CzCu)gsI{sHi|byK-y4R_*~6KuDP`{Z){1)I{6`~{Kd#~
z_Nt}mCQVq?tO?Ki0ZFC{^yryVl?T5cicAfWlzh^JISC1{BfM8~gmohb2{5zhzCX~?
zRiHHr@|UkSnI6x)#U<SS{z6O=+q&+yEZjHibM=$AzGUw$a4ZYWQ^_)4FFs30U&Q5Y
zCGC5HlVkfO#LT(UL$lZtF^n$#jDkKwB_Yd{t3e3~uQ4?Ed);jVw^xrwt^yujT2f!M
zj+lZPhx54_C#TuLA!Tw_i#}P|vk-UosP#2<gSEE0v~Q^t+4HB3s$<LK8R9ln^SwU)
zO?OP39-OvdY~4+F;-7PK8Ct)8K91&CrH|-}4E7QNDV)99|E3ZkpId<$J{W9eL^9|T
z`($V(6HkC7aMKla?{;NzEzK3cc?`r($BUcS2})wO-x{5>e-k5tZF=F^;tvU&-3tFz
zs2KHMT7bbF4kFB`H3`wC@cnZ>w1lBwkcc(;<|{?Ex|;*i@KHYQFkpTocP<SX-5_WL
z4=v4bpWWtSv|P{lY}_a74$t;`ap2V&Y<9jsUM?^fmwj`k*K)H!N?h)@znMZtl}{Bo
zg#FWdPF-RmxHikDWbGMq#RPo*9y3Lpw<YBClb37J24f%%`m&712+ds>(xN|Co8$sU
z@z-c;Ycus;3hx-)1lF6Q_n{NkW#`j56ZB8F2kQy+nIS3jxDJ&@FilSbHSK6d$0f-5
ze&hEnm8ikByEyrviZqT#he>{rXO-y7WBBjfFFjJGGGwbw8yj`o;xc!TU;@Hus!zU|
zsDBI`wCtYRzjx`Qz%9-b)%cS9owLPYtaQPH=oO}`v0Q8iA={5>HQulc8tt|H7SAm7
zFiJ`PJg9iQ23D}{L5r`dX5-!a7l=RfEq+<D<y-|UJO8S}57Y~#StURZ)8n-T(272(
z%t*E6@(Y^hCd|j8?R+mG%%$JF>Jh^<`Sl|6{{S-0L?1|n*DT|7awCyifisZ8dxCwK
zJyK;#PLx0Xs4suNF=O;)&3;n``jsBn6h&`E-lF3#eLjp!vHe%0M2`iUBV5IF4=6}+
zJ6_gyS=Rk{!01N7@eP&!no5vefyj>0$uCqNgA*D!Z~D61G<4edbE-Vq=~YF^)6Sd;
zGw;v=N1}8WXLT__Yp7lT^$rOZSReu4@<Q8Ba{;`ap|G<CaKK<Sx?|H4qu<Rc&7Oz$
zq7b*e%7sMBDH-CY2zHB9e(solKvm7?q>wY#-Mze0VZ4;%Vebc3mmK=-`q>kj6#0U(
zWp)FBEZVW+O1J@uGJBTPecuEXeiE4e=H`q4%nvN0`j`2E@++0|RDs=>WNIwGZDZB&
zk)?n1S&CcO&{E+ntws*NNs}znz9&$PqE?KfnMjTs<u;xs9Yc8P1H1&xO=NQD)huTD
zI6|gwln|*+k*81qsxc#NvP?}H2lrM?gktZ`EJtz`v?x4&QIF?{t25N(2RS~@Wo1o6
zbo>aG1YwA`QjDt@X1-<|N*bbJArXce`()GjqIi(~Z*jqIj|XY8^#V0pgANj2VxPpB
zz0wWa9qz<Qd2(oS?2c1=ETmr-=5)OZ@qRvLKcX>%Z50^%An4PVKuvaXZ(WwGC%(DA
z`<^qf4lCrR)zZ!P-g=4ujycofKpb^7ESh**bEC$oEWiGq@T=zHaOU{NZFYnH-?f_(
zutJ;zh2H-<H!h~n9mP0OBRev)?GZhCP{VU!MpCOw{_pfE1<$1=>Kit%3fg>hCzPLE
z?xo=<cxI~g<kRji(O~QP>3p0Bnkwf;te;=t-HeY_%$?j2@Z}=G070_bj+-tKMlnD?
z99og5E6qwW@2pckjxkhanQ8t(N2Ny-d$WhUYjJquyfr#3C!Q@=<1@@fnBdfBsYbUm
z6fr%Ea%SZC;mK4K>P-b%%u`Nw6JK-8`TM~_?j=OyN377ab?%m-tU^loj7S@+9Xsj9
zr0~umS)(4<ugc}soGO=nk_RS2118gz7k<X|@B4DxkIv9Ef3^#Lh%$J7v#!SGm7xve
zw)(}U?BT(FBvb(7E-B)KDAu1}e}4$m#n`~x+xCjty^B=2|F;t1_n*eE&;Q!^HRj2$
z0?8VAxz>of3=Uq;DGSaqbyj)6z9<z=ZoMrTNC*Zk8lOUbKX@o3;UJ5&^I*xN?dego
z0lKHS<Fp<6l^;5qFS@rl_;X(*6DEUjF8(Uy#xTU!l)7yQ*?>=5ba2<V%b#n`9S!&<
z@H%EYSzB@wrcF2agzwGRihvMDNu_9igT#k{`w?qyE4)EyS}hW$yJ6#uF<KUj!2XS^
z>(hAmo)axJQp)ORMQ#?q?Z%%hTmic8z;pG<Fo*z*>=;u;1wc+TMKC469+Rr@p4dH2
zbuvrBWm(mNGtnsV*l^7rs$dYW^27V83^J4i^NQ(kYL{;;<KFkZi3*<SG-(((6#ZJk
z8D@55;(K-D7}}vXsF^+XEW>1~^s|0k0ePzH-4lJAzpKRmF-^{Yf#|5sbXqXI86^N_
ztg1u`gbG1E)I4PT)ii^~>OJ&=zB4pe^E1JI!{kZNEIR1v&L4)9>PE!}w2EPSi&yBe
zr)DQ;p?6r1;+2m_J{sl1?0ndY0Ty1Mx}a=2xEAIl^7)kP$IF@s5|zA5fej*Uob<2Q
z_4BypD(~JaNnjUFXx_Gp;i6>-R33kxto8qutyvn{w;8CG-;I58M_&hfC-W{~@bnjE
zbuE828Vq<=`d}i;HqzKPhpjv2f?pIrnmjD!8f(7)b9jIjJ+BsftH(B(PbKe1I={XD
zHO`jlhSAbkdzG6*qqG~kee2QrM}shlTF-?BGH)W>Qn_9<sKBRH{1PX|#iGY$2p*Rn
zdRHDFK!DKryUDo%99Pg(1T65shY0dh4c!X_oB)#TK=bjZi>S}8Skm~&Tkk9ps9qYA
z<V<dM9GLB-rh^M(bhz4GDR#pAc7Xx8QgG<I`-Gw&`^;6OeFK1porAsGqS`)9HV8|$
z^+OTco;CyeP!+0w9A!cdb&<B;4YJ^+*d)mVag}x##?H=96As!`JXAQHpZKH-NzT&8
zZGwl)Ia8iK?#quKVKJUEzmZSNYZ(Ed17y%br2-6|PMXVVDW`OtxN0OQIRj%97b&rd
zV-sUggbg>5(P@c_&2O`WMcT-~n9aJMZETT;0jH?V5P?jJx+ujpO!!<Qg@)5`V7c5L
z@rFocgHosC!@+XX$aY%w^Xs|!j#lSd=Y7#bk6f@?gny4*{2x~fN%x?rXKxisQnDN>
znS=mtUA5*cAeU5e8%B&q_T}Eh=Kg)WAvCVVd62f+otl-}T}f{xa4*odH%-YZ5QM&Y
zyVo)wd%*6m(1Whsq(?uQe<hQoY*95l>7|Q6y#a9+oZ_b}6Z=A$+?3Idy7u5TTD}2u
zY0P<MYa*xzaz|K&Hn8HQs_BkUM3{^}ndWhXi{1#ceySD?2?iZ>-(JY}yGbqh%WFI|
z<DZlS`(=BX{lFUz#3GY^xsHZ{C^gTE@HRj$#+4M*9zXpS{rEe#*bK6SV|gMV<1qPj
z;^^B2fVEJ`pRsj`^Frf4qZZnf8g3HYEcR_I5^|lrkewQNKgBHVi-nsV&RG4bWAXGA
zw+{Kf8m_u0TRvC0(%z?5S?6kV;hnE7<F<sDy#kLO@BY@<{m1B`$fgpwdyGN}9AH7e
zu~Ws`r;-C{&r%zd!nQpbk98X0$E908lr?_Ko;6XN{rU=yrgSQ?Z{FZCJ#n3Av3JOP
z@R0Js{W!YLaDu21eCA;)S5asMg)JLfe|RuhKVzQM_|-`jvFyPYT9WNCqc2?_IhqKu
zYfgP5F(+iWi?|eKC8EaMN7i#;_k!XcyW<J2RV#!s{!Wf`k3s<lH9{_*?B@X)U&MNc
z|Kpq4`pb=TI&>1UABRFk_~jNK>r%hg*P-#=@1{#XLFV`NjNW~!_W$CsDth8M!$7`{
z0_Nk6slFdOV<V1w{%(9u8C<|55gntN3lNZ)4|gIAe_dunXx8Y+{e;3mg+ZR<oh9<m
zCf|;gFI{tVBo=Sp=y-2>)_i<h2>Q2$1_FX}CXs>{T2>Z0mY4I3g(%H)5NI{oWN%i`
zFT`eVGZJzmn<SZtql_y8uwRAWSHO$Q!oab_q4gD=)W%iNBFju{x_{S9fK02LUwU~9
z$RvQ8{hj&3T$f8aVlAkiDd0L|g$o}IM{2;)6Y)Qxr!gA@p*&I_Vrb&{_<IoEhVsa(
zA(L;x@zr_fY0^%L!KpvC=iqHhV$akJz|YT8$|&Tq*%w#aG)Wrsyh@c|XnAqj8a)EF
zzPqSt0!@or_>|<RWw>(Dj60W1;ZT@Guk(eA^)Kqm`=3ujZBV<BRvf2Cl=c8<0w7_~
z-+!G?gdZa=-y3iEXi3ID8s|wTh-JT4#zgHqN`8jRR-fEaf%pd?!A7S3^g%m0K)!-{
zks}J5dPM;F6OG<TI<fp+Rn!Kwtp2+vC;vLHiXsk+7CweG;@5bzPT&KLN_3Io)BGbl
zNz|(^j>r4tHQAf8T78fvQMBB6Hr5c>g=@xUv6mi6Fa~ZhF>ch0?X~(L-uEXt#V)5y
zRm&M0Dvl<puBbivdS`egD9yb=k2=CtgJhXyg3WtQg-Y*HW5(<0x@>2F^yYSf02?Pd
z9~@hdUkG`hV~3$J#w$hO;UbGop!ft~<u;pD?Ap(&T4Eo^&?VxdtVc+M5i`{nKvug=
z@zk;hBa<v}yhXyfrzBC!$6xF44XM$ho34}nj9N=CvSXC4_*-6J3?3KA4F3}ks-N-B
zdl{PMus{=_bVyz!0`Mq4#yNfza&cMW8+pe=IVM7VGgH;VF*?HIdO6+a1L53a!!s6U
zQ+uK6R#O#sM%Aaa<CejFn;m&E=E#-ex*U*90ZJKvE;<Awub)OnBj{k+oK9W2E}O!6
zrUdI=wbu4!OdE&zzN*}{FaN}^ok}|Cf+md3iRSpxkIV>9Z}g#k&*~I5oiz1ZUl0p~
zRHiHPWUtaBT<h?Rb3E>`vEl^TD#xj%ZKTqp%b07E%3i&lN~}=yGa1I2@1^oDOmgL<
zL)ZK#FZI{>_NbI+m`)I-m$tWo0Z%6JW&9l;4{~yFn%MZ(<?c+W{z^uVI#N0$IM*L;
z`spOPJz8E<W@REq5%hCo>R^w+>0sOjp@AUN>Z(&Q2-dwUi-^>kPew%+K4Bd+vKFFL
z*tg^`16+K(k|RjB$f%&@KBBrOn90P0{R~1=H&C?<^3F4HUf)@sxU$#6Q{OCIJ+Sj`
zRH+qEnMMH@-5pE>lev9t#TiHGe(Rus4+;mv`9xtqM+Ug;x4sbq(XsJgtwtCf{}GJ-
znL^Ou$ufi}HrE48Izxam42{Xgu&vyRY@DdtEv28oWCLJpQaSCZq2#9I`m}H8o^u>S
zFS{NE2lSi@GZLwoHX)Wu#wvqlFYy^#ca{-g>jT>Y0FE(V`j}H4^{wgM<LPZg#y%_j
zI5=vz{XN*2_x&9TEaPWz_hQXbdbP_eVV272Pil|nGjTMWoWlX}UB6cVwapDYD@n?x
z=8;h8Do^_mZ&$eGND_~xVc-#gH2%robLIZyIsI#{9I2pvFG8`r?Gf7fm5(CKeahC*
zkX9?N-iIu4g-<)xNR9zkJR{1Th;P+dt6P;+p;y9fee#gYfiH7wd=m2>|Ar#}>oQZ8
zM*qiKak;gw89U_%4b{f3)`Y-;fVlsZlX=X&igL&5vV!@UU1OW2QcQmM2o2$}iS=|;
z;?9Z?XB2Fd9nGPlaxNz8CzTH%WBOKq%qG%k7bp&`e2VUF$O`TqlwG-3%o0MEo-G*E
zd!~%1%kNFK`8;xc+obedn32l>3m-Y^pK$PBgA{v5#+J9KJ&3IC<bwTOYw<ettfs#K
zXbbQvKxT?~*`3=zd?zG=P)pn9o|Q}-pT$a7m$2NG7;1D|E;Jy&e2XXBSb<z#-L}}S
zd2R9*spoW)WuX1li>=snPyUdc$!D)8tYwVO91XIGfW!9xh?i^1B@xwGQvh+Dw%gdD
zQfSbQomyS`lYahK7Ix^Jp4$6igP_g1r+Cwf9we-MbLL&=wP5FpdgoZ_-7V;{E@9iL
zyp9=UjPp;a(qGnj{xTG~g5ojQu(_XBA57JmSCzpd8k<|28hDLbkH+Opj`KP>Nl2t%
zy$VNSY$d>rB2Eaz3nLcaw#0I!xF0Qolt(M6`J4@aE%b|)3NqElBP%lRs2Mo@!d!Wv
z2~OwkvB8o*npPA9ngerhc|g>7k@Lyqbm5|5#~qwDy5Uf6N%~n0Fg8`-o7zyeXqYTi
ztp>+LpLAXmV^kBXLnGkl1IkE$aHZ*6U$&&hxyXRNS%Hnkx!*2?|4(L`f?6m*_H+i<
zGPv^Np>J*8xb@h$aKr_<Frz{t$ZSE?;8j|U5H;t$KqUt`Q1-bWm#pGLQH#pZzzyJe
z2_v6r!qZ+6s>1vtuMm0$<cMF6s+_o{qSvM3?!T;79d%0|Ux|h4M-HF*gZLB-VySB*
zK!*J=WL59(Mzgmoqd!H%PZ7v*ABR(r1b!sJt;@cX`cf5)dWsQ53}2x%QXeM4OIVM)
zi;x&sRx{F)OZLl;ygA67(7(l2AY6bk7SHki<r09r13(^tA)qfu?Z_)iw7<Mj9)CB&
zy5uGTtI!2dmivb!>V<$6+0Wo{OK@jFEA`Ta(0gWa<<V!ia(rYz-n`xXRC3a%Rt-1?
z*OtpG+ICW_8SmT|<ut@m?~DW+=r*8}u>P+m(9F1w=?>v?V)6PgH`AA$4(me4MI-i6
z@LwJ0{R@uVvG3Ur1m3@X<Oia*_#fc1sY>$XB&(|$$*OKOcsc<K-Ze86eE4rH(4Si*
zmcQrxaQQq&&a=Ma(l|Q)@CR>E{2Tev35ii>FZHfhl|NczXJ2uhQR$`EFYc7#6P^I%
zU=423Tqqu6MbM7%<VOa0Rop=K{MHlAy!!Ca$C4`!g)Qz>omlN;fG4l??udhf!fw&p
zc=7%Rop$6g<)-IiYMjm+la8a!!qKm)^!cdXRbA8th-K^FJ9;Y0D(O>rMlX$@^lxp4
z|3)wTb!PajHI32<L5=Fg;L*e2g<TUz+B*~i%$U=|YKoCk(qnJq@09q5UX|SCQmiD>
zZ}BEiyci&nmX30aR9kH%r?+fQxyZ)sgdryK;Y+WbTs?4QXtn58k7&Mzk4;Df!atR<
z!*z!2iY$bU7j5R7dut{-@GzjF_5Hi~%{?q>{m;-uCm~Q|!hHUw6~%U~y|zGSeDQ0&
zN7jrg=g;mld4x}Hn*OI%!QtPB&AO!4v4e~e{{J1Z{|3D9l2MESdjRN4csC*`))1?M
z1z#EuuaMK%2%rGPZJ&KHDFOhddo@ZF?*niwRK4l-1$-|2;<^#4JJC~y!T<ou>zt8e
z#E{A(=YMv(ckE;{`g?3rJUXk4mYMV&h-zEOOEL%{zEr@)xYnJe7_E0Bfa5PvGjEB#
znzF%}<>NC^x=138&*S>J$Lv+Z05;4?cCEdBR@^~gYjLm6bi^{$?a2P3J7wJ~c=rw?
z`44^e-%YRoc0P=CAX%D+*3Z66u}I^~iDTP%L6g9et-x^k1^U-K>g%qp7&}1{)CF>K
zO59UHqULG9nHesMkg$>bB91`5(bi<|HmTL*xJY{=4-OW1RRYrN?V_&^VPKCt%h!)t
z_HS-=Ulu@A9Zld6@==G@k%+Ad+ED@xfLL1#WwjU<*UCRMG%H>_P{dev{;&|9>B~t<
zr+#pEGn@Kw2hSyS&hoCEz;EY4MrqsNUW@eE9kR+l8(#%GMD&GNZ2u=@Oz=?j?@&`o
zK8u;OrR7j0r8|A_vz+C_s5b?qoaQsL0%2R)uZqSzKTj{H!jZtfY37r|!_!syf?)tq
zF_7eAfYNG_wrlrI^Y|jp^76;WjVId)mfu+c4e+MgdUoWvQ{60XSerqcXJus1$;8yP
zY1cm6h^j)p?rp#lGg@Lwcp8{8%pa=2dOy`Q>|<8*z0;lhBZ^TEGUhvf&o)BKNkN`!
z3_3Nykf#4{@WlUZcVJL4fUBsrVzFO^p-C^YGpmy2DdWmm#MSUvL7A>>c0;v`18waX
z6<86+g<bg|M)6oQa=lwz8wkLK6Je?{?1~#8hd&mO;2X232Gj{4NYR^nF&Ez-=BKO#
zQjO_znqQ2l=3O9;npEZ#+M=)Ik88hU83ncpDhAt@gUNhBeF`5dYAT-JPVZEhd7GA%
z?aW@!QtDIvINTW9w|*8um^afnv9ZMSInJb0p-)_zKX?Ue`C??d=q8ox=4wGzhM>~Q
zsPzJm*oS~BX~MD0W?9uDi01d7A)bFTME|!EWyKUf@c!U7_IvCtvyF+0L_Dyi9InM)
zARt^lyXe-#6VYi^KRz8XR^I9SAdHbOi9(wm6t6^^qC}UXMw1R+Z|K2aQdruuA8T<Y
zzKI+(?{Vur(^wWM63Sb`Kh~wsTjJJ;6ap_(Xt-Q77nc!Zx`IRsi-T<chj<mH1eM-|
zK?b(um=KwY_un4ktv+br1~mpK2^*-Qp%Yu(J;VYIw(=2vnw%L@7_z#lHWRp8f-48|
zgS|Lc=O_Qp(Qw^~=DTZG-O~6G4k?NHz=bl}=r~otlL+Wff~9WvKu$wOOOgpa9rpw5
zi<^DG+~}159>AMz9l1{ou8@dx(Q#lzAR>K_yc6d&T0z2BqMA0xo_>yvkc~I}{2Ka|
zj91Bj=&-<Ih4L+%;hvpbYLx6|gxMFu@VTsxJbE1kOBLe*Xx}?w+(wSqC_aQMUyz$7
zoUG@ac)}S17V6%vZ57+G8s4%uiof=<MRd_Ta8WMjno3NqXXG}SyJ%PE10+=t%AdgX
z--8tXEj!~xMVQL}H7MvODxdPc@8yHIY8B`_1jODk4co;uJJ#4hN%U;V5LeB>X@bCM
zbLkFhDOxU?Y|^Lr&i(7W{p&9MSi(Y?oMhOH=YIZ9<h0?w0>QqV!7_%BKBovdx_*o5
z{`D&Ss+addpx12>@cLfFzg&r&fh!1gC#6exgfjN1ra={&@CbR+71JyCT-Xa?%=)>n
zc#@3JbEE0u+8=C0bzOVz-6fJ|Y5CZ`co9)4x5NizfXrM%HXhyjV!X(#ad7g$ehcgi
zu<?+k*9V^mb+8ox#>**mK?lju^4Qah*5~X&01}y3V*!FH*fmr5p~hu(&Bzmhh7pfT
zQCWOaK3Ng<jtp&lt0AvoIz5AK^t5}2jqHaqxJBlKUbNvdhRlZ95tFzNDw#ObS-7g*
zr)3N~Y-o)RjxNxr`NhVtyD$*+l_4nu!73Q&Jt!M~FTpE>5HU{)p|b&Eq$(wrNknZu
z@G)T|dv@Ws4MOO{*%b}MJQjqd4-mYRV7B-2{5mrVRAV0?f+^iqY>}0yRIiMQ0b!#3
zXY~C)9x~C#VB=U&49-DQ+)M5fBA*C9@j(-(L@Lv-LU`q~Xz3HNlGjTww-@|~7zkP1
z_u4S<#E<WZQE_Qvd95BHiilo0-rdB(2H4K-r8JVqNuHASTfA`zHfx0XpH?p}DM~gW
zd1oSc(E=g@PvV@Rtj(Lt(rPs|Bei!zYcYDh+2PBCmX`BQZM{^1Zs)TnZPB*nttd!H
z^m*p&{=+I<ZIQ+0ZRAW(+-XvV_}N)}IkkGXKkNV~lxwJ=_2^CJ?G+KJU?!`&0#0cJ
z@3#`ct`*lBeMHt(<zqLz6sxMAgMj`7tcAAD&mY(1;JAVW7-Uad3zQUOeIU328uX!G
z^4CE@F(Jb(z>yQIZKN_qC~Q7I5GugmYyWaGab=&pX2i>gDNY+sHnQ@g2>1H-?8<T0
z{%mEpnYybv;11b4Q~I7?BX)>BsuyjP9b@omwYcYXWjicZl&Zt;>;}W3^#TFgn;xzN
zj0?CXYQMW_!#ou~dBaTVqSNC=Wf(w)Cw|Spdv{{yc~DSK@EEfqoUbC37pCC_6*`yj
zKO2>}-mD}gzzvln&}j*qZoj)Pc698|K%|r*<n*y6CY*X9d_5}wDWQRxEZ7MFshh9i
zZZdA=)<`mJZ`PYY8J+ulJXN62<J!T!Nb2maCn5_>BBlQyZQ`$-ZtW`|3!h=)hOY~=
zPqU)U*Rr9Se}8#>F~TK7m#_?`$=^5h-sBM5?=WlFDq92x(b%mvkces6c(QD((l+H@
z`_)eN!SCWd*sy2-Ql#9QyQ_A++%apAKGCi^H*9`1lBP>AmCrB54{X0&+oMf*#KXfA
z^`L+v;Jka>bEC5mXmb}(z}Hc}I!C$P4=+6EryuFGu7Tx-X9da8$$Okhg+hD}zoyV6
zJaSs?S6U6#@6H27N!-Fx;hUg2cTq%Jo7}gW|D^@+#t6%2K#JHI6SnB6UyOt8r?I$Z
z?etxjK=Wl2$tcr;7I$Puw~C^?+eT1JsSNHTr6;e?VdtyG!P!fzEek>@;LUT!ttVS|
zYjh88Jnp}+FlA`E$x5H)XaqG<(x3+IP4%edR=o$wI}g2jHGW~~MV#x4yl#m{0atJg
zIZ%bm(e;)YOq%U2_&CkG)ysl4d~bVdYVL^`+9EX0nKA@}b+&`gg2goj?>We)o<{&r
z&sW%7(bS~dcG~dky`CfZ!j-12SA87yb5U|)u|e^&0*TUAid^7WmbDzB>U*t$kr%qK
zm0lemUsj-3xXwKkSP0mwKD6s;iSOR2zoD4auO<~6$!~W+_Boxy0Y9L)tcifD^;)38
zyiROouTnB<QdG;xk8ihik3fz{c&b~ce+T0;uN3~{5cu@kf3O+Ymt#QPe)d!)rwlL!
z*M2RV=9CIG%d2PLSl4S;<naWqdtL8`*P8(IFyYl1sJ`%w?E{W%+K!}t-dhqpLEHH?
z8+z|sok&k;ocN^}_>AHC;8q^wo((}DpXp|COQ1PjB&ne%5n<%LY~Mrb56@W8Wy(zP
z%ZjV1r&UpTvJ@FJzYxjmcx_J=g`pS&3QRfI=FxLIWNKW^V>*7XO(kbjpJTRGA^y$2
zT&E|Y*H!OT$tbfvM}c$#h^i(}GBvr1#+*J<AMrUKpGAYA{*p~1sNBK=&(uFxv$x(D
z0*Z-W%w^PuA1Et6*=8Dt1b<)1FtZn}z60_+xs`XZt)(H0A_%EUx$z@QTe5w?GApe{
z=2O%4q&U;%8K7SVx!U0tJ?jtvnN}q!4n=Hgx&(#~w+9nfbHqkFRA`@xw+*fsm*LU7
zGVz%iFr2F|0lZWh1_*f))mAF|Zi5V(KTOr{5kF$k@I4)Iz*j@x?{fx@V(z3m+_9I~
zr^4rK2-r$1H~EmM@X15O_!Z9*l0zZCCM>XQcw+lxygHSuOxXk7%lj+uZC`ah7Mu?b
zr}9VD(yv5Qj=_+SKuZ!0Jy0njg@uNITJq5!g7SaNB4`jAvT~Ql7ZiW>QYs|{quPP_
z`>vbnM?$Pb*;QxA!ayj{`O<?H8oL}jOC1P~fGygc;qIMQ|9XWkv$2=XGfu4EN0$TQ
zZXi%5CRWEk`Vg-i5GF^5AdPQB7#J!;C8Ozk({bAle8uug+%5g^F;UM>GU^iU%^umd
zJDQ!Q=r=}NuexP-E6C@2tRGBc&hXg@a4wdrW_bj}aO&q{RZXv|6VOfNxD4~5HjWB2
z7wiM~Kxrdx_!I%C7EC?`U_T?O<}TUD(bo=AFATRk&Dh@BC6jYF<5u-X%9EyMN2Rwc
z{N;4$$rMX%tLQMv4JZw5UH!0e8+olO$n`6&?u!XF2-4Co<@z0Tsn~%4Lb>i5mL9Vw
zFN^mY*iKMxhme-H+wZQgC_g+apbF4IzDCgZ+2H^Ws;#SG=H^BmCwYqqOnu?zifQe8
zj;#-3S?j5g&&R74s=z#mtMGio<?nQ-t<p0yFQpjxS#7^w>jwIo{#9i3AR(lExHoVa
zxgP?Smgq@~c3Yb;6GZslq1Ul19^6gmqGij`W-Bt&DtF}f%>r9H7`Sa;8Lck_ws|nd
zWJH^RZ+u+HBWoc=83cAa=AUy$u-iO^Nn$ha#BhERB0EhxDpPe$`svoxp3sx86JW}Z
z&WlGBmoH!e8wVE&sa;<!8qp_2nAJX&GFo&zV7WA+=USy%<z4%(hud7OO>yikl({>D
z3_It?l);q|c!1e~ln1%quI7qDa@M(rd2vXiUsR$M`Q26#cajs5=!-m-Lk(V_^y*)a
z<zHXS!UqA`9YC?2JK_Vqg4peT>|IQxN-(GrdYeqB1Yyxr9D{Vn#MurNkffkM^0LNn
zF$RF`ja{;yjeQ31rm!4C4R}#wJkjMTR}lfuB~bi8K+0Y`hMeh*@@%Dgma}lHLL2aJ
ziv$;fd2zV`^6&8N-(0!~jz=2>S*Pan9*C{u{_vPvb0P0B<$?P*V5u^k&uEe!fxgA$
zH5felgM-HuoBcYT$nj|C3<wiVU0vajP@geUpY^pqBgRsTZJgfeLX^+m1^sU8dK|cI
z2@ifeYUBG3_SE2!B1Uk54YR+m!gliHDTnRT{`E>-W*8iNJe=I_eX9{F?z8&^9$f5P
zZB!6ai4TE4==ts?c0MWr+yr*qU=Gie(^`@sY`ED!+>sqgks%7j=j}kC0Q&qL(fS`E
z`|mOnxX|=JQBgr;V}0BetKA2$Euim@Ww+F5C}M#HNtNodB-au?n9Yxqh*K2_Zfhd|
zKX1-^>jvL>IuD{s$7OC(FFIg4?3M-j@o9@FFk1^<Dpw5M0}dA(t?*!t>$uC)R=DpZ
z@6sLAXcE;NM1;t2E<sVzc=Wf)cXIq=Z@3W4r4bY;(ixut4wYDPD<k3l9VJl;YIhS^
zY=2Li>w>Y%17nPnw-hepyq-{8$Muuzl`aHVH|(x0=jX}})hMzzW{-z}wns*yzJmU+
zyr!IT2jNr27!9v9f0sKIJP8452K<<T<B_Xb3e=r=;^!YcTlY_#%=vU46-Wll(S@qk
zF=KYPB2F{J*|EC6%3QAPiwp2&deyL$(y$a}1RetKO~D|R*Y&Q)lL*sS)=&_TsQr$)
z;9h$FcAfd&p|%0I(`I*GkQR!$)VwzXKYvHrlIXE3j(t0LcB~LBEUz9uuZ<x!{gYry
z+Sc3kibh0qIimB6c|5a8P8LgZ)^juAPvR`9PsyJKS!4d8KL2}o>%ZwN{#@1=L0I7I
zkt{{=RSq%XQO#VorL!}M<i*!a;CoWjl1(h+;|!Y1`tbZ6>BXoV<S|AQmYm?b=h)2^
zugaJ}io8AVQ-03hrcayPGGLKF>fCTNya=~mZ<{g=$Zk0&q`4W5b-+>lWOWdHOCj&$
zdv7C=OB9YooWMa^s+j@hmUvhf2LV%Bh)}hosVnOB`<>!U0K$Ha<&(rs0CpcaM=ih9
zr*)~*Y3kdrkE?KYb6O%Wenii$Q8UFxR5K%T^|K4(ceMaTfF?dXzpVa|(qITccA9IG
zSaEr|2YRG7R7R5>>HXIXpK<_cLS+!Zm4C*KEmns8(jbQ){4g-dUu<g$sjGFPOIM;#
z8ItN>t7y^<oG|Tvp*0WM1Kw<vw^RC@Ekse@Y~aG5-hK9_-~9VJMhCY>5d*l!E)G1}
z`R`)-hLu<w#EL-GvcNn4llySI)nJPEs%evI&iANws`ZKyd~wUgX<q~bN-84xH{DOz
z%+maSCQr+WB=(Ly5LPQ=u7B)UgO@wDV83*KBg7-8`r1Xmx+ecB{C{GvrQdBlk3@3#
zX^eWHja|*>%s_~7?-0>>nw`oM#shvHHf}WFhUVNR9eUe@_x#_e>fZAhdxYG6vy%->
zxia8Rbd6~dSfN*?){x|FXbX*UbHRg$Wlg{T0L4)o99TXyB>G&qyzO#08S&}8$Ys^8
z!Yo1*m`C5tzym1*chM3BzByb`AdUH<@;h0n{pg@k|Iy((!^*ozWSTMky7BC?7l_=1
z$GPQJA6SGxtf&K4Hhg4l&Nc0U&sJP<*|L|D)H9!564pB<d>o)`EG!`RK|76_#D4;E
zpDCn@sgd&I!0*6^$#au+0W27BHQNVY?-lB7X+{p^cA3UIBdX%!;`K7|rprM*s!|e6
zZ37P2AXgl)!)18r+o`{!s9(H=ylTIhTr&(la=`+vB_O2;Z3*1m6xMg@rMg~a@>ufT
z92vpr=%PS4A58?`fhK!oW#NkIH3*tnl>V=0U->}l=T9N87JR6|&cb&UIZvq}&y;*L
z^H!9wrvQQhW=7LxeqFxv^Q~ZEpQ}bYG`jv!q%Gm?qIiY}zXkd~I!$JtPsC`8u5H+M
z0-|MYmzHx*S4f_}zos0(f=#`Ovu}?%LxN07NH8~cshA~CZh<?9V7k4gJKesJ_YzM0
zN{9Q7_>k;=S_iS#b|?Jf=1ekZ@$U8|01&0{Wg0XxR1`@HTBHnAC{<)l>WboOYXp5$
zbe*99&9oUGawWnlxXVA`2a4X*Ki~uuVqU5UtC=DgbqT%n4m07QNPnwnG{T)HefLGU
z&hyuzE*Q5lfJMWIv8-YGh$;E@+C3}Sh4SXHOBw@!XUe_2?t3JIfwxO|Be3Q@wUutX
zwhrI~tu7D>H0~r~boDsNFZ(3Lf)f|(SBlGHVZbLEOP7`42aZViK<+LlC(kF_+rDTS
z-3RyDd=Wppt~5o>ogx*Enl$tw1tGG${d56<XVR*EEW|9oQ>n)AN@j?c9KCwW!Ivx3
zkxsqc?l%f}!JW};WmCbnWz$%NvvJlMQv56(_hF9RIPGu<G&%)Etc3p9{SkX74xZxg
zTmSyEy6P_<Sqpu?mUCd)A)oJgeLxCNuu{-6{f|1#QqvQGJ}f0WFgrE1Ge1r&4v-QB
z*9=#KT&*a<3)&<eAkzmF&KY>v+bil$xEqC^EZ`2x_dBn$>AxJAVvMO`e)Yu8HAZ%5
zJ;A#^@AFtrFK;i#54<{U4FcP5MYcg*1pal_9-Mu>s^;o`T1pfM7{RqJLU_5bDPxq~
z7KFg~ReIt<P(Nv!q@ev8zT}><6=!*p0AbMW9y9e)_Q+gg(PM#JI6{En1}MN}g`T$h
zu4@8aNB=s>WUGWpgX2|0f&{RER+@;YPy~*+ab>E)q-8tH0BfK1GC=>eac=C~?=tYX
ztz(~pJGRzS&6e9spNIo7%%G=Po0Ah0akH<Q+fAq8OwBU*-2jWR-+jfpz&3QQr?1@w
zJZS{@udvxQf^rLI^3_l%<Cnrp09B@%&kPxeFy{QuWY3rI9EebiE3un;O?&Tdvd_7H
z#QD3Td1mz$X8Y?@X6iY#QXBamv{&V@ucCYy*FiSbkxN80oWApb`&Dn40r(g8?Q!g#
z!T+|cq8yOs39&F&(Euk!pr4Ka`%6<D^`OGk7rRpmohptr_vxd1PG0Iw7>)dgz0zee
zhEfcKuV;6p*-3~}h@1h@xcVJql~*YwnAQ;**AgGRxEDUTCEKJeP{VLnRV3t`b`N~3
z+^5JOtTx(xoa3vACygKakf6*+d#^Vy{xN;_2yLb^xCoOjh1keQlm_4#6F!{*$-))&
zo<{tSU)BM%S#oIxz%v*NCFg~0{RB1l>XE6xB?2fqq#=hJhnPdgM3gOj!fV03vV<hT
zaP0=cu{XtSG~gdKlOKw*PBlf{kX-$!U9&qG+m;NPil%xPM}!3ptAS#_!i}~6b~+o+
z5T`GqlN^}lN^x`)wefqqZxlv`c-zsq6<ad3RbFGqn$)u$jcs6XLq?ey)V;)>!XrpN
z6hC;6m>F~tb`h|%vr88}r{zNL-J){3Dtb-`4*xq$V%|;u8eOF1lpp<TRlQrxPR%pK
z_g8sQl2iEmvAh}#vfk``n$VrH$L(KJp0ba9=!cmIdnP<JC$0L8x#ANqjqWy5!+5~D
z4P53_`HwQEOp-wHUg;!GVw_~KhZP;UI=EITru_v(-03BwWn?tw&(=CW0(J$k%c_8w
zYtDla@fP7EN6{w2IuvD6v)<7@yXPzOu}0r%dU-wa$zESPOqiK;Vm(=jDZ!vQ^KdIN
zk6-NW#N3NJ9t$Lk(}GauRZx4oPU3qfBf&Ly8k15U8abBsCY!Y6c#m>Sw{DiN7(}{6
z7+`?lniAB~vRyYIAM$Pv6ZGAa*<GYRTD~oHv-}>qq4Efyln68kSZ$s~K}p#2&TT&*
z&pt(D?AZ#^N9B>wWFJbCmq_7IX|iJtv-6t%F8g@;jYV&G+#AVk#oTz(uUL;B5cXS)
z_gnOg5c3wf5aWmFdo?=a_Sz=7%-*YK<Meptv*tEgV&vVxn*K(%|098#`O=!p{-Ll?
zzRo8yE(B%3@AV?W16C07f0k3Z>q25T%s|yf5W&p*{R4P;X}lx}1A{Y~XwmKYag{A{
zdmniE&8DBiZh4@;(0Uf>wXT~VAwAI0+VBe201tw3(UNz~cY;9AiEOWYAYwB%(}Hkp
ziP51N6g*+wm8YtH=1nh4gzh;{+2)bUFuS?jmZbN)KmGL{vh+4XaBo$XRf-UqxLA#v
z`t`%D>*rh`nOmC$YSsvs*>=m9AyVhdqI+;F;rS;k!6QM2MHt#$`dcT%HQn2Yr*1$W
zOT#K0ATZW-O-J%;@(lJF4XF0gzBV@fOaom>KUG_RzHM|1ffVxxnEz^RW9`ElN+D5?
zWtc*QTI%0-m)x@^O)vhtE-wvnbf+S}(4|73q+WAI&0TBfs~7F5{mXb=^?ZG|^OxM|
z4Zh?*`y7>N4Q1J9(>)|+I6=1oXx`axN_b=69`2a0AI%rH3F>?QsKu|KgD4)aze23x
zWK9F&smf;=To59CGQWAsl%?V%P<^v=8~(ht3zcIhocrlc`it021t|2uwJL$WuLvYk
zs(-n4`BVG$>YxJOvFYjh=K*B3DoJ4-$}Xsh=`0YH^}x-qK(_Vky|>-xcdT%2iP4v_
z8QWe3<zfnP*BfR1EYQ^8(+HFcLh1994(USnb;%Chrrh?$0gilAn|o69U>`bp|4C_K
ztOV?71jqQq_D{1@-b6IHskSSF39dOT+I;DaW$uYZ&Y}668>gNuKg&cMnYt-zrj*z5
zk2_6j&2);S1u|LNIp4|)Br1p`NwKn+KAcTpD>K4(HVw#p<Hp->HExR6X-9FPPof!>
zzwAewLU6TU{uaNg=&(+%=PX1ObNV@AqbuR2Ibqs!=f}e@D?LnNkY2h+75v`LCj`sl
zD}-L^jUruMc-_S2=!E-)fRwA?^>fAG;62bvgByhcD!+gMdQ2RM!HEqTvw)8URl6>W
zMPI3foCyGI%?DRTrn}5aRQz_mYqAy-Ei3U;D3NqQ*8wzkaQgj8JxTb)%%Qy}G}b;v
zWs#F~g}sA79HiCTGJoA@^`G@&KjEh98+80m#y80IQT@>$SwRZx_%EU3TYeb~1e;9a
z{6yzyRTda#<T5*`XmYK>92;oTjY2dkqm60MIR{LXa>FK9<Z1A`-f9FFeHHFE$J`f-
z^AtnK?~L9o@={eB223Iq@Y~7nY|MGd(Ssnh%1Gd1Sn!z|HW5d4TmX?}XyaU2W75cl
zKNea5mNHQFW8nA_7-}HLm?=Zc)v<nL=Icv=gp@z}5@&5PRG$JYvKV#uTn5yo+IgzP
zef3BfRJnMS+CIMKzu4{yt43QH!v_ZGYQq7Fq@WQ?3|Fz2SAaTP9rd=YXRX&=<@KdF
zCp<^+eT8t?h=S~w6((WD#y>~_757DLo$m&ngP}v_VL-GFl$z>=idubAk8dP}%iOw3
z6Ba;CT`6GsFjvpu-b0atP9zWG^`1#hpbAWO2u4A$K8ak<i8_!*hL^nlP}S0i{~7nO
zV@d_lpy!=L|2B)CC8`Loj$m|dIBQdcr%V8}Y;2Ir!n4PZ>iEb|5m#)0Ou>t*Wgj(<
z0Jkw(2#X8wu*rJ6Y~^ezEbuHj;3V@<<Uv`BGhT+8U{@}8S)-*xuMa4g*`E&{mD3W&
zcI=!k53o6W^1S<&_R73k7&+MF`lOt?Oz-aYib|R{L5hw9iFA#JmsiJsug&KUnKmUf
ze(;AF)~F3{iq&y}DFI+LKBfFf&3xOrHP^zw;T$zcNGSJEjXfgxz+3AkxX(Wh3$)E~
zP-ftI&c_c8z&R|SIgx+{j@xix^-Z&o$KDryrnRW16J;6Y${vO2_+0C1PjO8$axjvf
z7dMlYYJny^mobUz6|tJ_mP+7H-GzpU5IQKL$@>^p{GtCHL~}m*62tRpj^+Fu`p$;v
zPh#A%Nd<r#yhwHLFi5+Kj|(<>7n^J`b251cjg*sNZ)I7nXvitScRD)41R0R$W<foi
z5t&^Si+v(_!zFPJ%RUE0Ai;_mdU)4)C*G?rKyR%88m#a2%^s{!vK7u|Q~RGk0aRyn
z%;S|ATL*YH2f$>coY?D$i5J&54%vSviQPVX{$crwPnL@c4Zi^HJw%l;*p)R@Um$or
zI{*iKAHhXmJolX@szDVBb3SqgFI?Z4Rul_9ENxxwFV{6tF!v%YM4RF{i_wg0X69`(
zVTxePH+{A-WdyQAFF;s8iYvXdOMu2{e<_nR5J}fb(x0jP#v_9#5yHSp4LGWBoR-{7
zV#8X{RQB>h0Fg>iqq1}`%;=H(rKk)(spvoX*1uG2Uc6?p-5XEnGw}E0;{GH$iwjqz
zuNqG#;ka6!nM_8yKliDSAkw~8`y~><@Rn8<psEhYg4^4(C;P$Fa}ksd=MTVt0H{Wc
zxDS#@RB-(51cDz4z44WZd#VmG1f`?>t83;}l$y-n_*RGWcjy4;)1o7u?zY0SGvxxz
z;$jpbDChP9$D8iRNOE-zlA}kAZ$Xmdi<{txJZaz|`l{t1<$U?59KMrrcz2PiA~+Hh
zp@X}hUgmHT?$Z*BYN7u4AV^2J|9S;<kzdQtI)pd4ny5oW*fndicZ+Av%0pzzLez`P
zFRJxe<_Ci49|i9qJ4x7M9_Z&+?6z#oU}g_a9NLrBT)tN(HF~s>iySmX^}ny)#UEKp
zRtWuDd7<P^1CJYAEyG5%0b(}XmIFLsr5WP0Ky3go#*+kcwVgA<O<}L)hzHXP0pMpq
z4A_dD!-&q;xB~DZ<uH?M3S=M>ch|P585zB+tLz^Oe<dgv5bUE3B95+{O7&YDY%<-!
zZ4u6iPD~&kUYsCS6#C$UHLPDewOw_dHqGw3M_5Vr{j0eSs=M0>oZn5-y2Y#?i~(6x
zSEk1;YMLsDcc?{VX!*lW&y00xzL{hU*brcMzlEs6o0d58s{J7DD)!<HB??5K9`Vp2
zILU8wA8u}3xI=G(d<!3Faimh5pS2lkZy<O|JWo!gsRLs2{}~eg884yluS#b2)JFr<
zlTwq4;hPv`bc@jGiF=cO^fxQhYeO41A(P7vS@hnLopb7QfRmS?EH71rKY6pLrFd`^
zerC@MnLMlpM6(PnUj1x1^)*akd&W(Cw{blVkZ5Rd4!dEuX|}SVB4k1a;lhm%qIFOn
za39okdqGYN4bdl|N<p*CC&w+m->6Cm;y$oc$-jyuVW^7g{aBv+olM}jtEADQ;aUYc
z9g})(TPis$#iDv@C#R0L5dKYUcpfZ5RqB<AOscRx{rdeCgmXsMLmzij?yHk|7U~R!
zDTe{;ff!%TwAa@cSfqJqIpdaQYH(tNMAtKxA>yAqDF2c;UZ+;}m|%V&P{Q=wvac*$
zkj0aX$zSwX84sZP@^?xcG`RNV_itf@^XWpPB?mC?2Tr(te@j8_yN?3M0tGUhkB?Dc
z-FSQ5lSTpI4(-CRb#-d@FhiX&o&stTPD#QUEcGdznB1rRVB<mg<R?Z)c{^zD2emvf
zh~my_ucbY`;k5ilF_(1B))^x&Olo84ZM;4@13r3dh@osbtrVfn#z*p%1rF{nt$K9~
zg4524`ijnpTmAuLBgWHJ6*2ZPJFS!6nx;u(iuq|Kzr<XIr40<kOOiAh9(?G0ZY`r&
zEM$~h@Ewt>-0NwP<x*#`)&3b)=gdPro|oTMf&Ks^^Zt&tgT1s)<aDX|r()80`?{qV
zM1L+BRAs5;Dek*3+~;A-OC*6x2Va?4pxPttS*zxo@#&d-Ig@Som#7+%cGmd6yW!_C
zWEH--3a$Kh6l6;i9R_)BiYFE6imRp8AD;s;zej*6b*BCvW-7j$&%gAs#`_)P+&fJ?
zzT>A5LYe*^`q~c|1t+DSNZua+Ny*7(5!1o>fr_iUE9`VfF_r%%V^;24mx=$<0*If;
zYnZY!K7JpGboIpaVEKi1s|}IJ%<Ls`V13g%<lV+^*DR!`*|t4Hlz80WA?>DH@OJD=
zH@3GO$B-(B4i3J;zoq4{{u|Wh`}cQBKUHbd{+P(GZmwUBBK5!V&*o~s=Axja92@&3
zm1rQP?*Dr53$Jad)Pdp`2KCF=XS!R}^LY6X{?%1FA#UeKE~XROtOWN7R!$$DoFHmE
zreFLdj*p;i(6=P{wMQn4y86qJvn|c)7Sk{M9PuS))DUbcOeqC|T!<@m0S4#K6$xdc
zSIWhTFS{PUJmHqbL!qG!Q5CBic>mPGAy_~Gy6f_*#9_aG77s5Q6*e{wflB%#Br*>5
z+})nB>E17O#_J#*G0JZ&!l<?i2xfWq%k2AyG|zJwxrpe@6>*?e`GSJWvqV)ZE(GgZ
z?Xe$I5yWgiP2g|2{6U(TnQ3kB){n?7E{<hjkZEma-BY472w$=c@hhefZv;0t#Lp!!
zMlII!ii?SCn|!YBi+kgi`y%cSFhQPVw{-!fL6lOWCEYK3C|G}(^((nonw;MliJ}`(
z8xz<QJq8kahM%tgVr5~Kv3`2Y^pIDNZ2%ui7Fj>G7tU}8jalZ-G3hMZBHLN=^!wiH
zmZr0;!0CAYgtrs@XQX(HY?U}y9coZPi(L;W;KhfdnppR>jL~Iwzb52mW`;01+SqP6
zoqm^`YPjJR*b@mOZR<RAA+de<o!9knQS>w`q<c)nwDu{aDegNm>6Q~%ZNY+xzsxT+
zHykk@Uxtw?Y=Gp4V6E9*XSJzAo2-@k_!O>-0i_Ma%u{v4*Ff^pm@4KafF0(`gfKNd
z{TgZB+2L?im{}mHfjIE)EWm}w@6uE?yN!&`l3iNf>w%3AM#pfh`-hJoWJ_-eDTYi}
ze^FFg4Ele1UJYMWcAY8;VG;4BrY6`5QQ+6abz`s*qt+y53oU!x76W2-Gc}~Wy_TOQ
zj7;G_g+(AgzZK{Hj{U~Ab>HT*0QkEBC+Fcs_OwWS`|%H-)y)`sk!&*B{N5D?bzL2_
zY0*Ai^{|u?L;~vc)l;|KU&m2?lyMs49qW^>p==1+&zNYsk(?#utb#q>1j6hPEQ?(-
z<w+=cRfJTz(^9ej4`Xi~5M|r-iw-H>A)N|Jic-=bjf8@9r-XoXqaY#OAYCFz3P^Vf
z!q6by-8Bq(uJL)l@7?F@^X+&4^&ro1#fslr>$lc@&zTI0N)~jG<_P+&h+Vd_X>euX
z%rsmE`c|?Vo5Y{^S&5yUfa^BazR0<RPZKWuQ<s4IH4(C8&d{Gfp+h0})2>z?+Mc6B
zTFZnYvkL3bCW<Jle*P5X_+D8_oG|g&+0_*Z^8ESpp{c3Bi3vWf;&GIsVB{g6_=mMx
zQCF-lYaf-+{?$+ijtGf=AOX)2Yw`Q6(ri*8H@cppaos~sPTaLKJGp1Pxy8z9iU*s+
zP8UZ#93i2hvQ}0k6UBc%23{~byH+vn`!G(F&V6Q*9qjwK*ZyfotLEK3EbNznMeA(x
zQaM_Q(oNH9aAhm{ZZl+L-`X9~vNRddBJr(ER@RFRIE~{<w@<NlCFx}8T-)VYL%H?1
z1-!}efOvTPPv~GIUS3|F=|VHHR{7#RcCAAcU!4ZrYz8%OijL`OUB`<<3g@bt?52Sa
z=Mxs-CkEaJG&YmAT^~?bhPNHEatD^iSQ8U<myZ@cMK3LC1WgIC3_Pn1GJcCOR8GKQ
zU7Wyam>c08On-;*BCuIPKcQ=@P9_`u!!2RvtoWQR<Z<?-f(oG(`$n2yAgV=JPfD*I
zRIwyVO-K0H2|~6;nx&??PmrbD<A`P}78s5Oe8g&*=v4)*SFoVxJuZBz{z{;z$fn||
z^{wq6ADoS{SyXzgR?~vJ&d4T~a*xR;BqRwC$g5Eo#0Sr*pNIL#4tD5hpqTm+y6y^v
z4m3nAufli!liGSKe`b|d&`4Iw>Ax1jD$*g$wttabt)1uzu+~99XLx)(bZ`*wsA7ME
z8Gy#n@bF0m9=y5~=x3MALnLu{J^F!>rX>sT67c^%tbbh>JvgwkNwBdh=g<0Dk9T&)
zS5;jtIQeHd$W`{~v`(ksohMg8(^&wdYT}1PcsSk1peb%H%vMQL+SujSm%@g|oNcL_
zS^|`4@d+eM0`x@23_6=Ul`)BFk((j+%`DCE>(r(VG$X>tl#;Qq2q@0ct6g?WBtwWo
z`9kh|MnuSsq^mdb6NP?fPO*8=v-;q*X1M3@^D>wcVzpv^SuE$jfDJ1a^Z?7QaJ({p
z#>dC7?nA_B*uo|T+lge7lkZ1|%=%m)i~43m{5cw;vOD$gAnr?4;j$`*9m$4)5i|I?
zUw`_xp8cP3DpVS`m)%D44S$OH%OOgt!)N2@`h_$l1GrW;Z(rytGC6B|3Vfj&o)`)I
znJ81Rk=NoS_ONM!_oYvUz1==M<)xL~JIOaPoV$`fWs`y}Kfh&RBz{(y+S!RtND1SU
zjeD&h`A~>Df)9Q+@mXP&3R}(abwDCI)#HAJZ0O(`fv?%@llUb#Gt!i8S@7LXxhS;9
zYUT1YuaG;bH9A)|`w1Os{<?~FeB^L9gUACEiCe<MGcd3hW0FDeU^&%TDr7L|8jI><
zC0ZVdhk<n+laN%fa1&wT51#wZp7CEktLf;4FMpH-KgFb`V=HP?U`4=LIXGns3*Cpx
zpuhS)NE8JBF_V-xCIqqN_ruZPwbe~ynoo7$i(G!So3b&Wd_Z>i_>lRU<F@v;Y}6DN
zH)5)Mk6?OwS|6+R>q9mAK<TEA0G2XUoj0MlGkC@eF(*@QtHKDAUVs_|JZbr+a?l=S
zE`Vm#hk@DpJi9G)p5oUAO^F@t&9x|WlK+(Oot_w7#`hBYO{Q64Z9`qJd)7M%mA>17
zL89#gaXSS7;9Qs*eUpbV5y6|FWH^%iZ4UQPlCKrBHJE<eB##Wb{G#@*xL?Nl)wHZ3
zIe9AU!XLU#x(_*x$Y%MLx$U+x5&5q&zW;t@5R_I-J!SoU$hJ%>R~1|TtFrI>=uSrT
zlFW1_t~tuW0W*?S39FQxQT(XWFU&_FUP%HbSKgogg!h)$94{dGE;&5I>NQg#l_ZhP
zGidxpPv4I&n|q9w^<;AKh>|)287Nf5ARt%GKR;+gBoGG`VZzt#Cbn}v)Z@G^$EMkY
z_Kuq{MF@Zen<i8vCv1Ow<nqEoic~im=_aFq0Sj3T4O~jfRDdl0i#d=y$o1I9BS=aN
z#(!O0Rz8ROTj|Y^oLSj-nJmMLZ%~_)eLG<VF&;Bb4Rb-{>-J$=@&^Xcx}Gn#)!!=A
zbMneD9(<DS{nh8vz^+o}B^gAuu<rr6Hws)>+_V(w5oTfeq-Jhu-$yt5<<)F4SuFjp
zc<6J%H_w<^vDVg!?kn1eG;?Ay42I{!K|+D7@RCXF-l917>gL~jia!7cL-~m8fV{EQ
zFTN}0iG<Xq=6?MfKh=%)Q(-L$B&&a*W6+1?Xy1njGKow80T#qny5Nmrr-ZDW(Gb}>
zWEF)ij)(O8*cfE4RSf(IZ=yzmX4Q2>eh*0@$zd?OuyGbK%c{=7Swf(SOYQ`>MsiYA
zmOn;K*|6mX;}91$Zz2}Jo~mbK9Si)$3vjnDdoJ&iHnv<;dL5W}hiuMJ7GTUsTAJn(
z>KD3!XtGR?ulHC6z}H9@agbshM~PQ9;r*O`EbOx!{O$1m#f3DJaQa4eAZw^qfcv0>
zUvvkK7gjz->v1em)a0TSiK<T539TeLGTI_4w4v5a*mwONU5hG7YJXaW7gcIVQZoa@
zKTDMZxCRpBlk|h$-xDYh>XH(SD9>OP=uLJ+sH~<YxwZ8UL3RX<It__G$kyAsJZJw&
zPXCF~7Ms}+=0JiR-g8p_2uY4>Z>g9s@#wmC<KK9dnmj4O!QC6Zh=aYG2qj;VZWnQs
zkH3*hDwKLJ`M6!Os(ezTW0*Coxb{A<)sW%l;QU6MZaoww_$Tf)@>ZVKrJu{#0>9}g
z3~};57!dhqSjSJ8ZxaAd8OpM%!yAOkhwxwyhw@XPT6!5+`Gf=i`RCets+)i9TZt^=
zgn);D6+$5$_<zVPB&)ick-7PW?rlAy$ergl2QKAPjh2vakyl_w&$x@r*gj9+%0+!J
z-^n1vL^bi52e>36Z@q6v-8WErP{hUcNWxKqfql*VomgD#hj3W~7krd27L*sw8}dk-
zRwPE>OC(*)(RN+NzkRplB9)8}{~m)9FK1rJvp)Y?LFI*Pu79#H)Ltx*mF7Q{0?}Cp
zCvadrOw8O^E*fM}{IBYA8uL&;_%6|<v#912<xp#ouHA?pY@Mm}$`OpuVILaj)TZn9
z_pfGDma2Y)>|%Nq66DzC)dkpW3;Q)X$nMLoBhhmFMiI88!2Rs*{a`g$6~glw11$^W
zU=9_uph|Oitt0ZcCJCnSWQAZd1PaTOQ62St?+nVGsyUKVRED{uB(ROdjv|ol(t0Or
zKB<5|C%gG8bftRN{6+VZ5pJIkg=E5h+XzRP(%-!oDYJ&z`Vosyl{m-Dd!)-L__qm^
zj%!x!Yjhp#_*5p!*B5{tz<q!Ty#s@17w1wTBiaA4YJ6C$OAzP`U3qQH$Hcf>(nHm!
zr)KrL<Eg!$dg7Ph(_5@c3iNbZX%Dm?;=h4jSJGOm9t(RDMnuEVt(X?FXQfTu3x5SJ
z`pe}p=S5E4>e`gNaP{Qdwn2Y*F#5U9o+!t;@%0N#tDl~?)Y)Q6@V;a(=&N;Kfn$~Y
zs@nVG38bw2scMFH(v?jHzJq#Zl68N=e=M7fX+0jcErVVB{J*-wSGSdPP9`ePbe^F8
zZF!$+Qs5Q@=&bm&G3nV-ic%uQ)oFK8;eL#j-w&^wC}2dWFY=QKi0*$XU$n|&{@QmT
zj8B>9(@%<f#w+(yK}uB|^~Xph!7AMcN}K!{n3m0-r%BNj;s*?!336{MfbEU$oHG5i
z1%iI8sK_v;o}Jx{K5@*G9HzwjY+dSG;m0RE{uW;8qh7*IdjvVo|H+GZDm*eCV*$M)
z4V*s@M3?Q*dGf=p5T8ufj`ZU-Q;_*>TD>(kaBUJCGfBcia;mMSxUQS5?pL9)?Tqmx
zWDF|y;(M}zvjx#4nc?xB>K+*LeLr5IUIynDjhr>6J;a8+l<X!N;a*M{&k!?okS>&`
zK<4HUM1cnhC%=4XmT#V2oQLY+$)tc4rmCkE2m+^i{Fm(h-x7|nqq^4QD6k76xaN%E
zNJS!b&6V-5ZmOwS%e?V)ZQ<9@>Qjg*<3CTi_eZa5g`I&e06ALi1uJAu_U*^8vs&==
zPN^f?|9HZ`fS#Bt(^(D2ECJ(N#T!Ou?va%UvnF}>%xAVuL}A!r(Yaj57oIF;RWa*3
zeVi0cJ~g%F7{+bGKC~*za-RybvY;yz52(-MqAP;Nu(^eMPByShxmWKCBVw^2<H&ID
z5)_jHgTz0aQ4(nr5CVF|J)kfG6v;m)F%ANhfh0!C)P+R|uG=GNWF5+F!cDrRqoBf!
zM!zKgK$v_-z0x3u%tOW|FQmw4Kp&0Xv||Ns#v0Os$Tv)@v>%ANcHy$U$;|AU!apy*
zdfleAktV)354X-@M!Fxj0pANE$d^LuWo7(7V19JyOBF;0*zrB7&FbwpnEOh6uG;Pc
zl1;iupuRCpeCV~A2K8l}l95aUxskIO&TnaHhi9Kp+}ABOS|?fVdwAxK?rfv&Ck2LU
zNWSkp329}AX7bmzCw~v8_4lZgiJEL(;b1@kmHB^Cg**mOMDHlo(hl)Rfn_91d1BI1
zN{txEE@BG!8GFS{wALRf@>am;Qfk9pxmw>lVFDr0k7*H7l0+1rvX5zKUp7W|3={IW
zhVo50a!IrXynyy|XtL&Sq`&fHBvU_jSL_x4&$QLL!ADjIO$72sWJco>RT&hG-5K}z
zFG|M?AY!1xWwV;6pRdw>eu(!(uJ;=Z`B|#c;R&v^tx{wE#`m3CLn59Dk63nE&BsL|
zez!wZ`558>$_I!j*0}UB`h(<uREDA!tX#kBDJn2!LfV`&_m22LzGMB&hP9J3nMPmI
zj{tiycr^kH)^!Ixq%d;oy>^5ZDCd0Y#T=mqb%EhN$dz3uq2KhNnPR73S<6~ictM&{
zkorZqUUUj2IvPphKOf))%)uY}>cvuGT*Asx(4)|y#ZA$Z+i?xu=$J1bkWFbnqA-He
z^swRb5d{X^{~65EI>r)qa%zIG0CLYr)+}a#Lx1zM`(uLra_zMKfjBt-DIhB8<#~AR
zKfu7i3xCx)>lZ15bT<Ab5LKqmC*n~HWH{!40LFQg+n;;Ql*g4p`-7`8@ah4>3g%Y#
zM-u!6t)bM}Vm%Vw7f0i%wv}3Cf1V$^fT|CqkRW%QUptxlztX!5k$<85TRC|pgwS)<
zsJEYr^1T%=d-++VJN26uhyZ$`Dsb5l8{t1%nRe^G^1bd%!0o;^D!{Hi0&~^GLp8)F
zAd$Qb&#5w)u`zzp{-I)wA3`ZlbSfp{G5XJ_8-r>Dl8bADPo9mAeZ#Eu9D+1x-Hk{s
z&Bb~5eVenbeop#WtritrGj-Br5cxmErpm&kh?2|25|*Q$GgSbaH__AguxDj0kG|s$
z;hQ>o+!1tzi9GVML)Y@1YiSR(%>4xI|Hchd$qREJ&k`{)PNP&ixw9UH77p#8PpT%S
zC4WAR$9eY0ddX__@MEBNxaJ(PLoHR^oN-D1HIrE*Q6V|nV%+MmU<QdUTIXuSZ?{mM
zsUsf!))i)?=O>3_HjhrO^#U{IWiTid|5I*aX2Ns^aejv74tt1a{vd-c=P{7RCl7dl
zrwRz4^F7S;ypJLx^a8yDTW!^DrPm_oef4eE5Gr{{uP9vF_#}L{BJbM>pS8$!)9X&B
zyrpEO@*#oRlP^noUn6rF33#;rqdpu%w`svMQQ+++LDV86uSY~C#Mi7yhFHhMsm|~|
z1>8p-0~v2~_h&%rjA`hqYW<SoloXXwfs2jgkve5En>9Wi>A><@UO3O%Pkq2RJIk*2
znq}gR8VCKr%c$*FahC7Oi%g(4l0m3w^tmBb0y>VjKFqgr-Y37*8@)q5lf%S9i4KHV
zkD8h8^pg%Ja(Djc5JtZB&c_ZmcL@qE_cKNeP?<zMdlian_OLO+S8NlOa*Q1fSdlN!
zkt*QvxIk~i_mQiz+JkDCp1q)Bc%dC$1)(ln5*3q)R=ze^5-i<O;Qf=uR?Q$V<8vUZ
zf+>y{s@yw-K+PC3SvDQ&k_=9%NJJF<pICos>te;dVJ&hpYFu5rgdWr^gQT!DrMX2k
zBMAn^_65*|m|$Zt{Saea3@s~XX!(dc7^p;&gS&jRdW+E~rUIp#UQo>%DgQ!Pw|sQ!
zVSTs2z%{uUbMjclo(@D9gx+5KCDs3@yw+^_SU}r$=*O716)V<p)M4_q(=#kq4nBq@
zA0q0AfK;b~{A^kVOf*`<g1~Unj}2bcf!m_Ze&b_41YQ)c?1=(!%bwcFu~#uvPX)oy
z_?Vp{A4xu>Hl91~=Qnk@n@?ruBXOqF{4v1SNjep6z<!?hG|^9BeN}Tx*w;zL85X^T
zPb5Z7>@`@(A6<vcrZAA}tE|z<FpNpTgGdB&{?#Y>AK1|+p(A0qt}3x&&q&5Kb(c;U
zdvlS802n+jAk(NeG1b|EJfPpWVKO_s$P2sDeiOQLQ#92FzrtYH4;`906wq!BQ%6b|
zN4esk85Ow<l7xD^_7dfU5>G)1vWbokVvRVsq~5u5{+53D46B;SS9ER5MW$CP2oak9
zm6!bQl)7ajcB@qYO^hd>9-*Y1y&mpeQd%@}6X#^^u?hjI$6$FmH5DVSs}(Mvu>8JX
z=?})R4X=9yJa3K$%G-pbg~^gjOge-&_Lu^3$O<(bLrU-bR>Ig#-9n5ClMKB-INcmO
zY(Jy|IBgP9+TwK}2*DNf#NcJ(U%k}Qhh}1x-TiX-8?*k^PWj*SxTo`IM(QvJjz$dn
zKmtqJ2cfvyKvYs{04S~vgR}n_9H=3RH&x98;i|+5R=)KMiz$LM4nA6oM2ucOm=6tu
z*`b`1JK9dI7@=g4G9Xy8TZOd6-zJ>2>=mwL@jI3e21Oh6{9^fqY>*!om7gklO0@e@
zKIYffLEp$LvpkD7P$k6KU3j7Nb?~ZiyWgk;VI!j5e^p%nThf<t#0jaE5i-c1Sxjd?
zt<z!(j1K+mo#cBS9K`4pg9*x0553!nnr=x+3<k5DrBsIbDyD%Yegpf7qkfVW%PNWM
ztI)8zgeziyB2cLx<9cK|H><1ZY@fRMRFALhbjKZDX5!pK7~9CQ)u*NkZ8H0e?)j<W
zZ=RHtx<)ou$L=)6mPXI`1nH+JMGS&p?Ysrwqi2wO|BO2~HIyEbFF!-~@Uw`%us%LR
zp!*litsKa%V4j7Q!?WY}xU@;WP4We(fGLm+X^$xtq+_lZ&D;_}{Z>iME-B?R5Iq=I
z#MU1Zmw=+EopPQ0i>Csbj*tinkjRsxDpdNw=%pZvIVDu2Z@kllBXctk1a!sMQEBi#
z5lAxcKRBhyDPrZKd;4pPmfW{#OJouc5O0zpBN)S>O-KurU4j~C`GXrzFKuB??BswL
zFU~U?+K>;TMtSeW-cXv+u6QW|b`wRz5)U%IA7tDu{qQqnjB@W#o}8*N;D-m2I7UjX
zT!&xKb{bW*5*+O_iGPNHA=m+fAt1ZJJ9g00^L%IrU)PQoD;&=Hh$nl@Ow!Sq5bNZ4
zSk({(=w{&D6XX?Y#(e!J=o1>+;N_@m<|OLJI+`CR?^a&}kOZ6Fx6m_V#1t<X#ycQE
zii-P_r35ww8Ggj8LTM4Iv?2uW(cb7Ch21i*CFo3yxM27F5%?Pg7<@u}1OB~;RaQf~
z?z*O_lyW=~OI;&A_eT{8`03f7?X)~Y6`rY?0ZfCtxNMM0a^rMx|E}$QLF})S>rP0}
ziP?t9KpZbCzdSdjQ9XEUpN0E6BdfD7hzeXVFq|gOV{_jPzi$5>UTgNy!m;p8QvwF?
zFV+9$+*qxeb8e<GRC~RAGX&;`-Y-GNhVsQ$*UCcNDn71s-5)_Y&BdWiL?=fQgQ8zp
zh19;DClR*=!p`<cqApAjMdT*^|7X$Oee^?33ch$PyWX<JIe%dA5(i7)n30m>@=t14
zon(Ke^t}ChMh?#mw}?(T?CJ>x1cR*o21_;<^3*>0J?8)SpyDNJ)aa`QAKha*u_2PZ
zFT^P?E9)ofj#vRx4N8)p2Zny?PI#ca0ymfV_(S@LB!#W@)f+yO4F%GCi}-|i`hu+4
zl?ClWgtw6W+hB?yyB_=&8YTWU9zKS|*)<GbIs$-(Fu6uLgYczNoO0EyUr_>!5aGPM
zWE$_3q5QkUOXj2am>8j)4aI5~<avu^kz1bxfL$yP$?tGmgY;Q~PYwQi3s#7j-ZN75
z=~e6x(bPxqq_?{sK$dg>(R-?ki8j!4bFRIay9(U(PV3sumYyUd%+oXpK(I<I+H4r7
zjPzOSpx<Y9K9Ja(k-_f1v@1}V9Phf1t~d$b=qKQSU1=9e=a3R~0?Lv~C`PUxK`0R3
zKtT?A(|$)9s=qQ=0;7-GzVELXSeLCB04lQWLkw+_PgCLYQ08B~vY?ucElYp#|E7mj
zmw$7*{GFU2j-{`$M;@8>;ki#lb>_THr%2;1od{W(R`A<OvR`t@`x0`Go8e2EN-2DF
zclu3eDml(WlzSi#EkBte{eAJC!os(j+Dm25f5NKgk8T;a-2~(Ab6?U?3y$`7Qn8gt
zKjGGhn8N>>1z6|M{`BYM&Egj~)G8SvSDJ>;nKd+9uX}D5&Gb$p^B`v3?<5)LO?K>i
zD$Z(FFhbpTDxT+<E?2+~1>yEh*^mbOwC=CzvW_c*#Lmvn;W`{q8O`16`aR`7P|QY;
zBzm!o<g^caUdl$JgSqa<?S5n1NBEKLKNliR5x>~nV-tJFS<>3JLXK$u=+%4Pd--x8
z_YE;b?`A_ZGP7>`$g}k31OnLR1bKx4)WteGIeYfbeUyT=v!P`N$l>qHVJfV&iGlTW
z*`w9E+C5KeFJ(D}9>7RfyxmZ{_PKhZGcyf=@K(DBc-%hcdnXniw^0WAMeoL}O@dg6
zH6RMOOIr_N<d8Hve*zu@hsndG4Js@|HkF?V3XKZs)+=vXFF@fD@Q8-;glw2YUy0(#
zZ&_V)?|KBzqh~rJL0_So!S2_!^`+(p0gI50y4iSV(*NN^tI>o;-5NKsY&tw^?7jCn
z+*axQ%Lf;sNYfvaIPN}A$d~@`UhH)msuuEU)gP0y>ot=-u11&TT<D4Ehh@LA;dZ%1
zX1{$W0@irwHPE^pah3JTCM%^9RcGbi(q>U&YI6mN|L-ZKiaH!!KcUEDEVe$j;;G9S
zM?hA~G)0P)-i4)KDVto)6GQw52bFCXypVqtYJ>iv<K^-KMpPtCf)42OPq{2U15*Go
znyTT5Mp|7LQfd=Ysw=gG!3WHb1CgMA$@GB3rgP^BX%b?oZ$+ij`c3{opY)2B5D2x1
z3z~$n4p98!wiy25srh2aB-4XO4~S>ZuOn}IID4Z!iZZ|&Qc0=7;0&OHjeI!EH#R^2
z!OqK9*0q%I<p76(7aaXMAQ$5P?nZ7WA9R9PpoYPG58F&<oGdL_z*xfP_*2_w&-j)O
zL&dTp2p?RXrQ#ng{$c}*Ew{yK*7}|-g-mwf*gq_Sc&D)sb{Q2q`XLc?G_YYZtOSPW
zRV=MY7o9kkvbI0~<qH}n?k_G9G(z2UH#DaR;(BDr5ul<({m~_77aO|gg-23Y19B;U
zw;z!7l;eZfi)VM6$Is_c%edA}`l{d<N{>2t4=}!sQC_<)b6G{W+RppY0=3oLEOT47
z)c{?F42?4~=MsV6VQXH4FZBs?yCF>0K?e|FKe-QFGHK03{hdh8DRR#H9sLQAZ-xIs
z{q*+eA|>-0wqogvfi)Tl`n)tW-@aA#A#)4$ERInf>g(|g>Rno@TUTg(k1^E35sw#4
zb)}VlX-8A_1he*Vg9Gj&k*y=_er(;jv$eS?t{5g&YI!$|J+wxt_F6Xzw4HNurAQ2d
z8YOq9{lI6C{J(y+*q!ym0==9ckW(`euv**9)QiqWm5)Z1C_qK=X<t5__{|1BDZ{Wg
zC05hW51aVO7gb94h(f#WVsDWG2;bAzD-qSmQJw<ynH{#<4c~Lk01N7{uz^6PY;nOz
z$>Be0`2q?5r#S6kK4Sdb0VR}tNCYG5?8b)+Xlh3Sjs=iOGJ2=-yf3IaO)Cl}(GX#}
zSF4pjfL{)m)Zi{kl(1gsxBe-@5%%w~NZC}aj5I-j2B-!6?&;*x2u10CP$+3zfaYcc
z=ZI^vpjY6c7j8fY8gL@_0pGB*qmsMYqiH{T54086zVm@GMSTw7Imr>QFbHaJQ_LM6
zp4ZbNDWr2H6{P#bsey``2fa{=W2~c@wx_uUqqzlTj__%H$a1~MIx({t`H3hddFkx-
zK}ko(Rg@2C`m5<R`;zPH>-X}K2w;|e{kpD3{P0fHGc<U<d58+j3~95_b9#EF!Ug82
z*X&B3R65so-o&D+_V#RwkA(INuK_QuJ9~j^<#Hex;l1&R8t$jC*!Rn`E>@<?Nbas)
zzBB}pK(eL?2nMKIB_MiQzL)Y+D6(~aNZ>K=la9F1hY&A*U)a~5kxq|60Of+d>M}Kw
z_~ib(GCpZ}F11!|Ym3~lx0?-N>I6KVhnIe*+6`+2K%j`ILOhwde7XQ#N;QfNJ`uj`
zkwOF(AicJ?q*^T}0^n18yP}~WDj>vsE|rAN4soMt`Fti6Sy%iCIhvx<V~uWoY=w(e
zDNOU$n6@y#01~dK)R7WK=V@cUg(Ki_z5H#0n2aI-rH8ZCg4~PwlT2e*0PV@aTT`OL
z4KbK(Nyaf2cFscgN^1qSoWj5hwTeH5_p|}b0K<)NrwI~v^lcyu?vRIg7G=!C!LYyu
znzW}a)#s4Nu0fxIRgb+!L)67j_T@d3DmoT;VC;eoKW4jdude<p9%#Et<(-T0RN@MF
z>_110+DuPR$cDU|^}SzGV#j1a{M0+e3i;6di#yWL!ki!VNhSyapg|_(k8TOuOdyBj
zUGC1R5&8=^6Cs2bJsdcBmm8%}vK0V=>)O?a!%GuRAfT^GsZqepvOuE!#W>+p1`t$V
zrYobKCL4BZONMj<sXqXN@WN5@+J7V#I@avA{lEp7)eGwdue`(z<npRwWL;M}DOuTj
z5PAWnFu#3aifWx@qS5l5*0<_9MXNopMt+nZY<j=}Q()N9!{yv*^XORuJ+FxFtq}J!
zN~rfo5D$%3&O5%5+d}+dn1uqamr%m8jRje*BQQoW)p)|{JLiZ>^^>Okz_Qe{n6{w_
z2{fzMT5bXukFGVMdwymEoTV1_mA}=c)ERxfBijc)*C%C%oH3KJLNw~IJ4On(2VLF4
z8%JUYBD$}xr9vPcaOtV$jn4ma^)bq>Iug*Jsw4TK03PMRdW<LpC^Fp(LU8FVzPmTt
zy#3Y#+Do7$&SiuwtespaAWTwHhTPzeEo|}G<enmkiWrmQc%B~n>yT>_z(GWP1?}@0
zScX4vSN9f-R^U8CV`IB9I-XeK5P`d%m)CHZNMK+~8%R2$bD>lT&riFNZGnPoZhbyS
zhtz<SB}_q)7lBfT7t*u!FdW|xgi}=~tRP%68K}hk3V$gS)y_{(4Zv`!8HNgiBE(+^
zmbtQ<??(WvR{x$d6Xz2<fUMiwk{}{I7ZQreg?2ROZh%3YwF=MYLJfxiDQZs^1wXb|
zO*QV^$MN_C5w65_0Rd|0AjtvNhFy`7E}Ok`tEW;-2a$UT?at_+^SnbkoH}Qp+MW7w
zl`MRH*tU{H0MGzJKtS{<x1f}sod;c3MPEW(ZtNe~=0M`3DLWKP=r|!GVSlCS2LO{H
znwHsDU|yT8?{M4v@LR8#EYpTMLZTQ983B`bX54`Oqg9d4CoQ|~IP4R{Ax&W7f?O&}
zNinrEny$9!>QG}~jW4ID5IEQ6GTlMw%UT0L$DT!@zw@TppuCNXm59qbK+WngMfDe~
z&kBoF1d&N)QfU*?Ko0G>^KDn=kl0sGWlLxuf#HV`PvVUuPtf~bqNDx<K4!#C))(bv
zO+{qudT~!0Y?8(3TedpJe*fh2rSLxR&&GD-yG2%EKhnU9Jm-Rq`R<3yTm6v6h?msW
zp2<u7FUb7c<~o)>ZFR=^DPO+CpePGm``pu@xkX1Q48~a6KUV)!8!?#8cI^1^+y}Pu
zPx4K1fXuBmc}L?TF-Hzr5?n?TFA8<LBb4lBX{J~{;>_O+h*tcpBJtsg{TQl|1!h#m
zUwN6WE}n@|aQ=H0C^9#<u5eovU#)0`Uo1Nw(kpF_*1m>242G5an#kOI4{5>7jxn*f
zM)fkcLS6oH`uLg#T}D4o<p)q<13rQN!hHG=P{aJ)%^NCe=tqr%>6>4^A!;BN5`R!m
z;&g<Eg=-?+w<FnTs86ELD)%xuxIm@?U4=XR?Ph_H-=tIpz(tTh6Y%(YjB`LnmFV*H
zKt%+qX(pad%kn|=1stlXn`f<v-2w?Fg%ya(Ol`JN)h99K*nTp!v<F!=xj#*Ej!P)m
zQ73A=W$D00qepDZy~4Pn0SR)0x~;`M%vjX5$(L{L!p^q}5Wu_`CBeIqz@WGT<tEjO
z<32B(Unz;9-c2!1*Mx{&STQu2_z!3MK}queT22k3zygC2qb8ROlFKJjwr#l#qeCYZ
zF&LO4oMl0W*;vN<;qhsZF|ofr$)N}$otErIDIJ_+h3F%6M+D3iA(5w?JhW(w{mw@w
z@|OEvG3u&q4L2AJ#Q2&Ka?)@(=oe7&A>G$(U138k(Cfe*ZQ$PsR{)r7#{BQfx)HOL
zHDGG!hPCkEm!AvGK`b*E2WC85b{uBWM|2L}g!=z(f86L!7E*j#3{EtmgY?A1gh>&Q
zPgZE&Zis6}SI9ZTT=qI%Om66F05j8J0yS|jNY?&E1Gp3WkEF*Ia_+~kYTbbnTTVRD
zT`znntVbNEWWP(Dp67b6{8vjxyfc1NylSs0=il?HI`ZReHh4oP3s3=dB7^ncWomaE
z1ZOyu<*x0IkIL;!viTcXjFe<KTqcpb<}wZ$Z`+X&3~?~=;Eh-F0-@<+c`#3aX5^u<
z;KZRa`StH&ME_na4C3r|Y^V#3^8<t7YZ~>qQL&=b_YCteYw0us!4MD_jiP#UWLdIy
zl=#<91u*uTyK%>T1SX3LSKx^gy+9$y|BFIU7kiX%O^<~QnE*-k*`J;2x>EGCw;_ps
z(LfKEv15MON9h_|_A#H#UlYM$o1bff^cM*f=c59tS&9F*)U?R`NAzPDIF)Y&Pwz1V
z3J}{7pe^2@B7qr_UIi#68C(-8RPxt0g3^uBaiOEAFSZ`t<(;*G15y6_K#6EsD)sLC
zW)>A!L2nIM2_-}1RDVuc5yh}&)n*ZZB)@|Z@{)|!^6yH$y-RWLR)Ayk{@by`06ZWj
zc-<!r3&+po{fr-|Tw*fh@i$YLbjT~j_+MIMgT`C1G-O@#Fd5h|u(cpMgF9lC|K%z~
z{%Yt#v@F=}Y0Ry!I)rZj`a57d?FjDfG+^nY6kW)`Pu=O_AfTE5ceaa1>BSbByX=mz
zL2!Y`*KsDEf_E>(I#~GVY7Bdp&UXZav7m<+ZnOtGUR9GKWp^TqRzaj(rYFJ%J*xL3
z_u`PF5j0z}V@w4jBp25eSb&3=nz)C?9m}0`<4F{Oq!}>rG(SLGkf=|qa$(5vVty+n
zRRv>FdbW%Rc9xavF77YfHG%uYLqQeu+pvB*^uTXEl>CVd_?fcB&_{UFTxJVx_DrQS
ztOgyFH)*x!s2~-*YxKSvh8cjd%*mmXqpP-G?|qo6Ion;TryMVM);TX}oybc&L23wI
zMMslpE;hOi>eup{Ub>Dq2X(s5Q-13~;UHhKTYycuU83LC7~`v356DtoaxLI@f;`D&
zU9-Q!x2J-TSd-0n_A^{jbLDcBwV-G6KsXZd50ISRYx>;}L%FhTI7uq)UMAg1n}Drd
zNhG&8^X{WFKem{YUB?n|I447-vvpz3Jrh#ogvqb=&z}Z+-W*UF2J)uj8zVMx=z<EI
zO+K}X@PUmk(X&=lyWJ2kWts(n!`ZXkwqNIeuYir=7EGqs?ni)~O*=~Cn0_?jCdd+|
zxD&)qADoC4FW`bwZs_-8?*<F130u);-`1`=*H=pYmdj~0Wvs7u@&E0JpCPBpgd0~+
zVNX|sUp%ME#$<T$u-t1<tYjXp^#@D=T)AO}VE6=B&fk73`{^4CIX#6T*k1IH%o`R^
z-4CEvF@+ZmT)f>e7XI8D2y)7a0CM!E-$OWTAmw~>%d8;0fJ%Ixae0q{A_1jTHh*IA
zr(xRl1z-wRdt|Nk<uaeR4a1TfHoXw#YSr0cIlIu~8rrMDdFr1T(HrmJCO3mCwR=|v
zGM@Wt?&ubSS6o0fQKKvS6V(=jMBtAQgax>INAtU;=45Pe?@w&LiF96srtxBalNDk>
zDQr>g<=*2K>;@Hhz)TDbe|H^gq*fdkq$}@S^{!okde~<*w_w7jsx9d5=7+4o!bp8e
z<)UuQRj+F4T`n%)ze){7&D)P4I~E65xZa!eIUij@@KNBFkvDJ*z;_t){joupeEPl9
zM}n)D*Qd#LpxoXjvpo%MVYw1&3A?)1zk5O5aI8B2)zY`xTeW|o@lF{0b;gSby{OG4
z0lw3F{~h^EB_MdGtC<l)fdtD+P%!#T$F(5S(qofJ0O;l*;ayALPq-e`w{al8+?R+I
zCqK9p5}DV9&<c2AJCS*Zfm0d*tH9_lk_;>*)5X_o{au!5dfrGn<+V)*90o8pP3*33
z>}P{3YYdF1i=}~pX@}9NTxlCVQW$b}gmWbs9~Al#*p;6ZA~Y6!){qUVhU8bAVh=G}
zfodm!(F2~(xI3wTRR)gRpkf3TnQ}bEM~JFl(=O4ADIGYaA(w6d_}J2hoh(7DvE$`n
zY&^z5xui{%=|%<Hl+&?2IEyfbd>6mi_2);U>!w{%x=U1ss3mG7=zy{O02JBX_~85D
zO}+lmZ*4{{)7z2p<OYWa8BN2cU_Sx(eLlbj4lW#Z0H1gQn5g1E-g2dDKsm`ZW(kcM
zS5)oq7q+N4sSfkeZ)KM#ZklCmNV<m1$|#a|c~L|w(2gx(dIt!Bk&3<Rs<HWL49JtI
z@+;<?Q^^(=g$2i*?63>ZKa{_(tpx`cd~r*T0wC&zyzXDeL49w!^8wojb#a_!N$Yyf
z(?jH{ldQL2AC#i&oO+l8X%7S(=X7s5%T`_j^SW>xMS@pk>@<L)6EL7Fn{>%XYdpU*
zY9z@tZtVJ*D)#9<<xAyH7=a67{3@ph4zS}&9Soc))JA3X#(bv@JNdZ}5(2|EGP{-x
zKKiG9e6>4ONB-1;qt%UVa`C3Y4U7Z}c(1zszVZ|-HMqfkUBJ~Em3rPGR)Gre8IW?^
z_P-tjabG-0Ioin>t#zMlS-5c?oqw9lV<%cFjJ4y|fUm^S0o?L0r3ZLEejii72?aq#
zGZA0{{u5#9CmM^ErBD*%S7|dJb8H$5@g~aefbF;<<OW1e`tGvZ*O@AQQ+s73p=Gg<
zuRtXNVFGOUQmdw&2or?<YDu3M2PpQQX!+Q+X661fr$i%gyW^t=dYae>`U>dv;&vk)
zajJ<ufyiFHwk`Jp-sz(j!*e45jz^P~R>0vAWHvCE6<>!RGnBkw4R8@em3vLBDC&7l
zS-Lk0rdt1%y|U^<6e1=IIVsD$UbilZVKQ`vYR>fxJ&W5}`C6DoV4q`pkK;~Y5(|+~
zg)q;OaT<nI>*5*jB}xf+og~CTu6OEw>Xz^J0BQE;EFX6Hfv|CS@{{SpV}`I|GULFD
z`s#!b__2j|9nQwVg&=0K2uqjDc^7y9Ypc(&b6(Ev`f`lvOdU&(v+Ki&+p3I{Jmj6&
z@jdV-zCw=r`z0`??>(RCYWgyp07xNF(Cv&&yWYFW78ftA2`xcqRQA|*+Dj&pT+B}B
zF}^lsyiO!S8we-w85TSIvr+lPYaR>ewobxtK2}5EcEglf*o_K6ohEHitB?*0jB&S4
z)E?d~nLp8s3m<tNPkRTf+E$SMoMgHR7T&)wpn>8GMfU|Alw&9h-@@8e{&cf`<x5|7
zV2FULG6L#VUa<QEqk3}keGS;NfcMdY?@oMkE;HeSHr8K6^2qO|z0jBHbr1wHoPW+`
zSLK2waS@=NDLBxv>v6~BoN~W@wQ(7HN?talK4xpi&dm6Ejl~IrcY|y2g{}y&KV8~T
z7r$$04`O{!_=oGMmJjmBZqeH}yC;9%m#Lp^RK~;`h9!tyqXOkWwd7ph`E>V5p+rJk
zo^ayshx9BSxlb5qa5zpkTS9di4v2N}_2a!V&uTK2L4ZgQ+XKl$kZ;Wu02Q*ygY2;5
zW5e$IYbzaon)YopckbE{<@9E8-va<ekMDwFA!#6LH#R4Sp==x=?$NOmR`;$(;%$@s
z)jGhBsq!6W1m9hy9hPRTR|${y7WN>BeN4x+&hB8K=_eMISTpQnY5&~L4S-?yfabv}
zEXZ=Qw@e>E#c%CH4xsz<%(~%%o-Ke}2zydbWxBij+GM#%rFk(-S)gp_ZwO1H9Xhh9
z{i)*i-&tjj87RaEHcIO=xy#YF+~Bs+4+En!gcV7>RLRv(MJ)I*coDIBEbm#L7^o14
zk>zWB5R`suH3p)wa?a#;x`lKB?XLlpzDr%3C-52pr<MF!T?+ta@5|EXrLfO!36d!L
zIx1}lz8H6f?#wGYRmz|3iaAN$9)QboyDcgFHBX4l`q&Zx+9}UN<gWud%wb?;L@$>5
z_1A$OAfERs-w+lG$hW0y8nG8^6GA0ntWEwWZr9}waGkm(Kj8B3qw+lz-xzo7$NdPw
zkmF1Uc8K?U0PiOKJYqkirmZ)B8tSN%8T%}5V)9eN?Zt{j`7G1^l}kgpaSiKJ;A+3u
z4kj96THH|XdTPnzaezrw>!xjRUjbt|CI|sW+k3}V(gJXOuSR)GNP$tAsK^b4Xz8p=
zucBu4iya~Wu#}4JCEn*ZL$sckXi_3jEbV_S+khx}{62qgYfOv_pr*s>v5!?m0H~zS
zYm8y?+NX9?J~<0^9?TOrw@&;(a}MVdZ14)pX+5}*!Wk_<f*f2|_B#(Qpy60zVz9zt
z*C|}!{VD21@f-#?Wvf3#8*<sT#>AZaitIIDh8ZZxc7?oN&%ev}$#1zi?W|@2eX^T(
zFs_BQeo0>-9<B2xEd+~qgNIaqP<)ZjHHRJTm-NfvDIje#&AN}o==x{kfFH;O<uBN&
z>e!EL>^*lS1uNHhn>sGn^CQ3R&wAx||NR@!xr{i!Up*L^Qy)cliZ%$cM);V|LdGfg
zKo|o`3mL&aRAdcO;J~Y#&IDcZ^k4|?uX67ynZlY~@kqmtYM**AK5Lw;qVQH*(Ayhj
zafQmiPobZMqu=OvaFjjd^XJdOh4r^i2e-uR`nO_QCF7<hbvPZ~!U|;m0b4hk`uzy-
z&Etm=y+GRBu6+xp@y(`mK^GgH{SNET=odsTV?i(FuYfy^2pYh6ej%&ckeG*$jVgm2
zWcMXq4YKM}OHAN*;%24(-)22Q1>n3L$~f*cASAi}rvNBpyUbD<S=E~U4up`4^<cv*
zjMk(I4<OLvSyzzXyn}a}j0ZKnho<wUiuINq?o#dwcx%)C7!mu$4r8ysC}ZV7B<CFW
z2KyT$`Hevf?6-dH$lE#jrW6ns*!tTtcARdM9cz2MBz`T|<0<y!hA6?0==f=(#Sj?{
zr(ex{#PtlGzO(gW3&^OhlovK(Zc)Dr0~AUeW0PKS<=XpR0L{!5@@E;wYLijljQ`Q4
zRFrx=k1H3AmNk~DP9%pf`N|xL_2v#ZTlre62Z(h`%#eTe1wfZZTF`s{VO4h<rubX0
zO}J3T?S^#A%&}bY)lBojRmg+FdnQl@MU}f7>ShYQ;#uZ>r{S2K=u}=yLgn=5EW~tF
zfa(Re2C>4!%Ll~n$c`k(NyGSE{su35-;<8Acd*wb!<_x~^D{TO<v0Zk^2_HtwZ3Rs
z_8;X9%0NKjnx_O1l=7P8z(&ko2$3r~5&4(?MBpN?!c2SEeWv|OmUga+&bPYFTf`{9
z-uHqz1?3wvb`)%!IUrtx0n@q=g|dWCE63Hxo{ipO7&^K7WCc38l@J^`P8x>@Ae_A;
z8-bdCK<`9e&}sk2HGW%{;w1Xne8~*VWI!c#(V+?%@@|e0|0j&j9p5XxNzCT1ZQ<xn
zG!-x4iC=HOt-XEEv`cEm+x~a(iX|=14sNNiSU}i3t5|wo6EE@#RKexmwinP#N;Ypp
zbo?TiVPZ;;4!}!Oa`1(w2T3A`#1b!~A%b`^Lx9(}Z0<eAKh<RzZi8|k^5Ilw6rx?7
zcDsT0leQi>HFfOkSVaWD?oB!>n@GgUQn_Zf2F<Y`y#H#v$7j24orVE+`UPN4c8Z2F
zvcvW%8X~~~RbgMp#TkizfAc~}$vv*#<zoZYAF~ZR$2a1270ny<(VqPKz(9QuK<?DR
z-;6j0qJ~A}oJT8f5Y=!t#hWDLL)iDIweu3g2I;rZvq$n_hyrMG048=2-!%aeI)^iP
zfpzu^GLSxOAG=*mQ5!T-!413Df1T9G%kj8@!(6<bQLEcXc!r;H3R}O~SUaoVnaaGG
z5F`NMru<ij@4g^BiJiuc=8D+TzKO_uFoo)URAUCR18@*TXdrvRZ`c$tAs~Rn>a&3e
zm;l6<y+2N7oHlUyZP()ul(!4<P=N*+9PXfB!v3k*;3xXRUE}NhxiiLY*2(XnBR1pP
z^5NGV%PpQ{1e()2=Z8r@i<RmFo3!UHc!mSI=puf76aO^}p#R3R1zB}krU0}vZY<yR
zc4XYvZ&c0PsM}OE%<Y3@5D~9e+V%Zx1s!OgHtPlT#H7^jk>3M)LOxA-1A1+sFs{=q
z7+ZNs<o~MdkNu==$IAsR4|i30Nc}W=zRRO=0Z>a^`<^{PbW9L|%qrkzV$;3Bg&41;
zn;YTj5=eX`(uREtZ8U@=%A5sJNgmrAT=ewM?3Z~d_xB(JAHtVtI9o&uG}A)YTLI`P
zCBlb;jwrf=(jp`AlrpQuMOg<k8t#LR-0{iRWunb9nW~x^6v*Sp;Nf4Y;h`b_*w|O@
zH?r3~;EQ01BO+cZBM-f^7gw-;zI%>d0JXKTk@A$`J3hwN^93(}AqUtS6K4~h>2{`_
zZ@wlcFE8ulRM{B*`LhD^gMyr|KTDx*ys7=s@oC#*{ZE8+celmNx2X|({``5~FdNuO
zLXwoc)&rUb#@wsfwVmPMjAoV_?Y5jwm%k?_-hiJOAMm1lG@=@_@8BkW0uUWcHG4m`
zb<ea9$W{^ubQE=^ld1Ddn&4aJ!07qF%@=U;w7Hhw{l7+*Kx<C|Q(VQ53wYS->*zpT
z6_8i$j9vJM31}zsiGV1hz>##9m~o=Q{sB-NrKWz8`DDTP@ty64&>Tdk%4@f9j1uID
z_u79HU5){;M+RPW0RlZD3#;nJk2uiDW&Oh}xTpY8IKf7wakO~OH<6~tUSE|B7oVMe
z1FHr^s~1co=21K{>Hv(cq2Gb@x%Y&up2+{hBlBaPRRiB9vv$D9tmz<F4Zt-W9qnfm
zYFIl){s8s^kiCuX7<z5(L6>qrpS&EA3e;Myv$y?8r3=bW1C9;qt>|Da{n};AKnty_
z5+`~PyQ)m@Qm7D_2B-qvNirA|(}!@r3umSQ-U5tPOv*zB^-r6wQ$#jo;!%yDv}&cO
zS>N~U0h<Df<odZpG4nY?kNd~~L?@3P7EE5Sq*Q<cp+Jy1-|l6R+tFv29~X_@FkT#U
z<m-70<8wVVf6p6BzQMG*5HQ=jP_joRGnZ3QF!tQ9M`iyd+W_1Bc%6M$v4rhi`vyOv
z{5a`d%S>oDxH6)&w<|Y3a@#SFnSTwL$0Z2nZt@mWoo~)#5TCRaW%kp2oBT!|a$bY0
zpjS^$KY0O4j<w57YbUee=YaA!PrIf9>Bd6opNWI|`eRn5dAfbHf>T0&k%b+QZz%zV
zB)TI)dNdAp4lW<u3#xrsGD?tzD8Sv|S9Pwfym+e@ykn*vMhJe~qBk^*oTWh@-r{nx
z-m?7R$%6;_zPCHl%WVrL708ftI+BC?Vd0(uYiz#G&($J4$XT#kU3O~vqWqrt(7t!V
zh4?R<JYD~-|5yyR)@aV1qL3zPvvb~be9~e&8(CV)nUq=WII3LW$)(@CfBMDeUSxJt
z6V2Y<-qcUi%uy$=a~f&jP@<Wa`J*e+(p^4@UPmLm1(Vl5VHm(a)b#ZcQB7J=(`0xg
z;rPVu)&~{B%Fbilz5D5SCDUV|)8;N~`0_1<g_6uK<Z}MDIo#>&`u(LHfn64cz*B~4
zqn;JBihC~RFYkEDCUh|ERvRQRTdPdw9V9?lG8t-E(gzLMooDLlF9J({E_f8RSK8<`
zTXMfxA3M{Qfo41{-HsRm4-<TIZkPpF`Z}s4LvGnjfWW2#=i(?Mtzj+9(Df#Arffy;
zxW9D4aX*o(N=B_u?qnZ#y=Lzb|CM3V{th)(Q_`Q;>(c93%CF461zJwl>M8rp9IH;=
zv|+m~o^{RM)_j<~6wREhWHE4ejSznEed1#2^3LVGAb1|>p34p07h~zF>;sSQ4L7Hz
zGd^-M`TgcW7H{gjuT9U+u1it=px=9wYpz-inB;;~B6OXG?`O}4Ch@DfKTx-zSNh=n
z9j*&XGi}LC$RCeLU9O!h7}Sf+bYp?6ti-Jvcp!bq{#IBLhqmbV)#nqN=3QIO!X2XK
z%k6<e{Mq~7&DIBB;Wr`3Tcaa4<;=62BA43tXLR41EI@%v&%`vdW_d>9(#Ei?HHn>6
z+!>ZscBBv62>K+w<fF%EF{mBr(qbEMJ|M)dca4~R`tiewfUq#(U>*}YO2*VQZuEV?
z$Br(cSBXARS&I(W_SNnzGfh`2W=O1<T>-&e49`SUd9cAdRi+vYspl7W>%<5s&d4g8
z^}-YGbonpEcsjzf!yh2A0+(XyTZBIc4-bdRH5GI?bqcC~x7P1({1Iys7;Js-0Yq?>
z2e9@z)OrKyyas}9{p28DbdU#ic;*x`a2m+1{JI3kg2sW2%Az%^jLOp?mzK8&DZU$y
zyHWE}j`b!vdUtH*RMa*&&R5jz2)YC3k)560g~_EbAQ2Fd&HHlqwk!qC3tn0PsU`P^
z9Db7V_H#l!?d=4~5QKpqz7EysT%7&AqN1YgS79A?8A5(&8-s>1Vl72QI=98UyLyn;
zi9M6DrsyGzq|EWxW9h;ik;MB~&j}!^>gwT1qP|0Gn@A9}PY;FNPf5UEwr$MKjozS0
zE;<Nwa?XA!TRmI0uEVDlL4yQ-k_80U;^aVsIg)_+c9PY>rnszZaO3W!CsNWaffw`O
z<@+bf>2;`LcScoJRpGPvecUVbrfT5DK^PSGK^vp-HL9>Ok<riRVU37)Xp|%bkom_W
z#!f?cK-tp$v}At8CH$U2=lvxr&CR3djLy}7r(@#I|GiQjjxJHS2L6R#Pd@Gb;?WE}
zcq<RU8M&C%G&U2{6(ny0e{=ISh<|zmKAs$8zR?9A5}n97&r#*O;<~y<3J71L>F}}&
zyB<*%_K70VA4i93j_nhR(NWl~`YoZRZ)ByL(C7#4rbb3So}c42dQh=NZe9C5Eq~X+
z$9{ECgoNEX=Y<Du-&*FiIhePq?$N6*5Ai)adk=3KIsEG4a)y|9gZCM}kCFmre&<_b
zVdkq8M8Sf10z3LBtf3APfXrz0h>I!~@eB;>kEv)iNkZ^cI=DOrg&~3+c$&8>cF{1K
zx_3b3b_9!P_;DQ@w5taX5Fk9L!}eq36vce~b<mN>f7Bu*PK_!Y4qlSv%mxv9{(SK)
zQ*h|_HKm5exYb+7#a%dCtvmd=j*gD#V~CgE8x=LTt9>b8PPQ`@_yYq20?w->z-4H~
zJUC&?UPs5g(=$Tl*E4kHNK@0(51~-Y>NiLZWc~<L1UI2+z{|?bMFHMT6nrM^x0Z{1
zI5-z9;JZwX6{hs9xT=?^yxHJ>NoKNfw;tjNWHUe~lCOcu;^t${N1|w8>RT$&PegvB
z@$Ymo;O88{!!aG)0g)X`(dGsc#xd9K?@A^12`48ef^=&RgwAmEhB&sEkywB6fZfN&
zaB9G#{uv^E4`AI_wtei5>_>ZENT)RKs%jv+H`*f7=|+`Hsifc2t<#0>sMIwyR+e%t
zk5$tRl``*@-TjV1qld6>4oj7dnCvyo-ks~e^N?PXMO%!}g{>Yu*Ek^sg7CdH-@&;1
zf%Ej|-`51JMEx_BE38DKs<y|z3tj?n=tslHeheLEb-!--JDr1Q2_r_ee`mc`QwzO=
z&incDJF?hb-@#z^4({y%B3IzcfzI1XoT_S6rizb(=FH&le)K;~owfBRz?ecc@#Gzk
zPo5V-LJlPIWKjnN#k>;l0GivMSaaPUWd|rv=$N%*BW#(HU^{6$%vvK>&z^pv7|5q6
z(W_P#E1pr`_&ILFXSG)3;(7Miu)4Z>x@p6ojME@{bZf(Te-;h#F_jGA1ZGn5B&+c+
zXJ3TuLwOFw#>Q><tKN@4*RS)`kBv`FElBu2vDMnfWN}e23VmdEF6kp?^TG8%kUpx1
zNq)L<%@VPWa)Dy3^Y*DW;%9t1Q9QWbJv`dsK8+o)faN>GCX0Zt(Bxc~9sbm(myHHx
zzVj8bqn3l?>zTe2aO@<+cINYbtn!{I>ACs+Z*1m2=JyQ@e1AF%GUF11N{PZzOPj4@
z-t_}c%};MibqZdJ+3}azt$el9sk2Upm$aDnsMrk7c3t{TAm22aM#1f*A=wBxk(=o+
z-D$48<H;D~*v%00$az}eXBT^X0B1uye2Z`@xfv{=dx#Y=!YK3h%t!NIl{BapX?}81
zZ1}N^yf@>dJ~+b2c_;sm3o=M#Lr@_QJ7h!$wW@>~dYXPyv-N6oq?DUW*2|6VtvZsH
z-m4-u?RY<g#{xV4Ne-rhAVUukuSJuaQON7}d-Gh;Wy?G02d(Jm`fD!@^`h4ti!T4N
z7dfXuV8@UuOvEI~$WNj|2>T=Ve5PRK#~WQI->_S?T13IB70}WhJevA}ltr+~w8eZq
zr1*TSQ8fBZ{>Tr|#0T3k&U!}Yf`8OKE>hQC!);g~+DS(w<+zHq$U_=$ihaByx8<1z
zZ@pss+YG?(&8J<vV7ir)na@wTd)n;V!ExTc#&jz#&OjbwvXo9x5JW*7i=c*f_1oA|
zY-Nr@f<{L96-UK9oDm$fJn%7ut?#qT>5zQ7u<OI^<FXO$qVLp;4+06^w<zs!USNqk
z1$jKO3?T;V3W0UmO^~!S_8Q_7b7x;7VL%`{fx7tbS6SWqHPmPv<O3FO615JzLHGWx
zmL#da3Z2-*pVN~fR<_9c>y<^s>;hXGcuOC3Gd(zZ-X8O8#Se@Yq>D@OFEeiRd-E&8
z9*w*eqU-k{km)B;H8QY_Rk*A5?0A{q9oMO^VzFB@P|P#-Y^>JyMrs<dFZ16j@BSa=
z-ZLtytZNr7P_zXFGfHd)M6ybfj3NReIcF8gIY|z-3MvQ+0s;~wXONshQBZO$G6j+;
zaw?#p>dcMZ-+SKo`|deo+%fJLw|;a>)!u8ZJ=YA+eCFJH-z<Z=`nM*K>te-H<=)JT
zMr%emswn5Vu%@OG$*hJ+xYp9Wkfx8eCe@tkw;bHFL+~Uhzb6YCD&=uA5$P>+5tUuW
zKK(a){xt#KZil=s3^)4Tbw_C69{ADuH6D(TXO(|z#@0LK#-@2LR8}U2PL|^;d-q7A
zdlLue#C_Pn6-5nC%lCR?9o4Mv>}*a^u{2h`EdSfkGRwQ<b+LV;XWfDmz3BV#&3Z<p
zMd``vS_N039q3?!Mb=Nj;k|fTKh0CK+3BjU>QnYe0~o}3I$~wYD>nZOK-6<Gc5*36
zAFc@bIkZp0l5ReFdZF|{bN^P~IDZBX3O$r=ZQ4X`wq|*j>h~1IDe7=`kv!S<g7wXf
zDGo93)q6@t(|7{@SNO8s!Q7qS7L+Dq_FtO~>@>A;sQRd6yq1q;chzVz(82x31OnlA
z={T(FF8b9xvpBcJ9xlS6F`urilA-oO+N6oc`D$&x`i?YZH9IHh66izdBz5&@<5lPM
z{Pg?MDT?93?CML|>MttU7bs8QxqeF)S$T2}%b>BzDGEvAGmCHyhVtQF$BIn#rA+mx
zLRAyR(xzBjnCYM)Bl@asxX=i@lV;|y23uOzJ#N=x_AJp;uIBxAzXf?Ps0~jiBS)Y%
z$RWdczt3RqU1bxKYl_UdrTM<q14;3zc;TrDcsc_9^1lgiD{M9-yjKsk%cxAzd!=Sa
z<iP7poSqM=8LKVCz*7HN^q>@tQ+5#Y5W7Dvab5YlmF)MA+g;gY3H%9}mU--1RheF5
zD^2X}Shv5IU$Y;G{9v@~xxE~i|8FBIB}!<X|BTwOJCno8TbrV$!{s`K#ReZZ8$P*A
zqh({a$t{kBQLpt^`{)0)lrF>5`=1N)$r4;n<`gs`_8(VuwdddUrY%Wd%w6TGmUQ?|
ziCQ{6?UvrZu0&Q(Nh&1#1sCcNWny`jGtME-k(@4b%Z&^aJJ+p>zlqEK>bhK<{?hzg
z5rKtL)WIh~%>2jaf+HVEX2UDHlG1nrH!{ma(Rs(f?HKP!PkFr4<8)17o!o34up>D*
zLDEwN^SJ=XRHEHX*|0_h?xqq$%`GYv>d}vh9QXa!)XW6z$3hJ0!NGo8EZ`+PC?v5m
zhnqRrU9h);Ev>AK_jOSyNfB50tBHdhyVrjm&-HsX=61K~IkM7F8{vNE!h6{{T(Rh9
zAGK?bz^^0VS_>RY+1ayNi~qO9oSoO!sjfxbn#PMtT}sMia1ZByp`XzSHH~E2YaR7U
z0vZ1vyhw07I9!?&#gQfIsHvXuZTy!c4aA^Rwqie2Ue&XJyg>v1OD-eizx^-=$ogJ0
z`^~rL7NCxt=N$bVoz^dpF7NFGdTg(BiqK@C$5+Exg>l%OEA*x=F2%ugVyTIViC5^k
zQ3<Qa*cLi3^v~5W3fku3xmrK(A39i#B=+=@w$5`5YNG}s$jF#oSNjJc`DK@-(>F4@
zO{<<o?%2jk_^QAci5Gdz_$_Y+P|~Xe1jqJ#GG<j!h-KLF`TqU;e8=aoQS7jE=!QwV
zxJRB7^||xsYkJoWDxVl2C%y_x6|k(@7yH@NmC}5XosBJ=IVCN=(=)ab;0eFN7F{Sn
zvK0A9Ugw!5vGvmDwO;9z^df9L%NjlPT%4ReaFWOBuN3CFADza?R1GQjtrxBe%C2l!
zrH4rDlp<3{a+@9At5(7gkm>1#JUBB~+1S{6VUG01$ZD3}SaH-zd30&C{<+@ifHz44
zcAw#4;&;69Ec1f3`?049YoAopTHg;X+J-vVWZKvom-ucj^4wR5wcY9~a2oV+AU}{+
zM+5`}^d#9>;&=JYRaPRpF@A68tS-8ChDUpY(r~)c<<~bhm)U+fselm69{Y;@TB14#
ztH^oa9$fuvH_Q}==3K`orqE>Egv86tZDC(RqOkKq^0(w$oxzUu7#1ouIQ)H_&)u#V
z)xytH=J~8TI;Q0Xbo)~uA~+2`!E>I{11e3hPmnnZP20mKIqJGhTaVrB82tEGnvv8S
zS_u_;;U`_mKQpH7%FErS_o){z2EBOkg2cpWWrM^|+p>w&zOl`~G<GKjLulLcEhXaO
zGcz(QHp&Eg1xl|E)ym>2Y)gl#reOmtS_fU;&?x;@+A6)}WYmTkz3iHnx_UB;yjHqv
zyic^KN%W0e{cvWXSVfjACsgN)q6R-ZMS9@o(k!}b`?9olT>M4&T`Eq89f{&i5!fq}
zdnNbG8Q*5m+tV`(VxZv_kcMxH+}F>CM@GgpGDtY6CfyBDBa$2{_Nl+?UOnpfkO3~;
zV{<9X8&B0E!a1ivvTd+-jZ44iPPGTFH#DVL15~G_1%K~8O|p;^^#^==Osy<3%lb6e
zdg*}Ebd*JJnw_sf#m7q_jY%VwILq1mce|;?7>DB2FpaIlj2)Gp%W<g+M8j(QM)$Bg
zg@(Sqb=*u(hBJ#dJ~lMqc%PD9$qTUyJF}g}tw#B>$gE|nXExzaxf;@|*Dc;gnNf4=
zt3T=j=uxdz>AKvzOniXs;>OQf@$Q=aqxVTZ2-~D0yC?3Aw`xW&P6v_0QWRoJk+c0N
z8B>gc>GOC)^7N}yCok3WJ9MdwxveONhilBQn%FtL6@a5e8I)p8etmnThDgkNcdM_<
zghN9|$0Uxo$GO@Y%EW}67`7^)!V<83cF3?kg9WXkPe2CucDF=M(2L*m#L=g_dU0LU
z%4N4f(`_zwE6GRZ^sLYDkfyq)&#}tkmP{-gT6E@nEAysXjn1wuR0dM>WJonC?(Q>M
zPoq{sXa%#7zY5Ia(`Pb#NiJCKq9i%_HArTSd~60P3>ZRWzO%6GG7b?l;V{taM|E2d
zekEtjkEF$CW@ROfP7CyH@eB(nzSc)E2(1MoS})PCFNbJrfG_dp*w)vtw+ojAZ1?U!
z>XCD+R61IGyd;oPCJHV^K@Q`Srjpb+H}<7|vrXziBmK6xr^z1Z=tQxd+N*s?#O_d}
zTK}QgSL>n%8c}EejOr0`*~su2YIC~}M~)ySLo~)4Icdha{Ny6qZR;J~x*J4y=GuJ@
zY97PaH#q|}P)E#qW*suq)2|V8)6?G$8CVb&jhL@cU9=^{twd6}%&S+N=Q6ZxI&Y;v
z(-Lbmlg&xAa9B1>jmiZ#_sD<7vD|t5>-V=47xhu+;h}(+n~0okU8(_B6r(f2o}wJ*
zXXr&*FZy5wt@+yb8_OgtCQ{??lgvuwiGVa*u)gn^PcU8|JgbHFezGupZlz+65s#PX
zS2r|dxR!@(F{nYE^B*o(WR}JEnb{Vcs~tC^cW|I@-7nu6w`_;dN?d>7wclv58ftQ?
zu@AdBkIosIF5&Um;G3|ae;<C<ad)R(30n(NzzEl#n%nef6|HobNM(+i*>P`dgMB3y
zod0KEKR8Tf>fm<aZQ4(R36A%b3JOTMyGOw5@6QDC&=$Aa<SrVO*?c70OP%urdqd&@
z7(kzBTLsN6cX#(6-lbW6xiVE;T^p~84E9oql4`egUrdhI%g`34|8^-w?$>!xxFwMU
zN_uZI77Z<}n1WAQ%QYlqW1Cn(budH9+anb&A`i;mkxORXj}h4Sgs@_XTdJNG?8rW(
zj9ZpamXpg6GM{o5ZoLLKEOM3(<$!~HSzn+{Hij7C!-t=iMw<EZ>L*ss!RqHbI$d=d
zdCl4pwFbMW6z*;k{-L2e|8`PDZ8a^vq-oAMdJes5H*)#BA3EjFQtOdiWcTiWd=%#i
zdVz$V)OOjh#)<1hN^X=<jaLS}h%4Jflg7Eo_p|l2zS*$JbK9@NPBmX<+hdW$Kv<fZ
zni?#{;DjrDcgxq-45Nl#2L^_RZ>rM^?{b$;6DxdnEwUh-x770H>Ys2w#z&lc&^lw(
zZuGWsqBAXiKb~*_$0|f;@-Qt+9d|mC0GLd!6|=YH%FfN!*`3x-I_;FaI#S{tfS42P
za}RunL=UibWgQ)zx+1DLAM~DnnfWVAOG~~-lNS&p;Lyy?E!<01jCt5lU6%YUD5hTJ
z{HEyC=>(K+K`J{+&~7x5lAg(^X=spPk3c10GBcT;naMtHW9wu~ylgY^^_(AE70FOg
zj|Fe<r->MzGVS`EL>VP8JH$SBjfdll+<q3kL@fASNg$e9lafv}d11jCa&xmfofp41
zKb>QmY;5DA1tL^*t^to6`_-%0QeJBaAX7T|X88>jTPfAqGoAAT<0RiczYCFkw(g4*
zI|m2Fj*S;KA)3Es;iF*Q_2K+I9kMaO{iD&fIwqq@G9ieSBI3x%=x)7LoK$-_;w2&E
zGkG18Oh{B>Llb_L@eU{I*|MF<&#tNI<9D&DA+>ZO3<Z#Cv-Pf=O2U3DcAf2b2ibO~
zaf5v5+B!u`S%8SsjWXrtpRM7{PAfgav`oV!9Wo&dG2_p7M^f#(HNdCoP7I~l5#P37
zwD2;jZW2sME)HssExk5&yiU2hokl4OCE>P`k1WgX=!uN=id>`Ghp9RIM%gAe2Ho$G
z{E@(7l}WnNw@%&jDQS6u&)3An1Sk+SclYuEh9DZTwqb@vfzt94Uw8Ms%eKfCRN@wR
z@s9waWkMV#2`StfxxLT*AbIGrLcHwIcYdorvf)~MT0C~Ny2WFL=|JX^p6Ay|?f3oP
z%y+D|n(*bp!|%cJBHh;{4s{6gHdW}4mm9SoJ>Dnmw7k1X8#+q&SlET#fICt?DhlVa
zGWJj*`lF@4j-jC~`CD2++xgMz`vz5RatQF!*K8)%X_q|&7~sT+m5g(Nw~O3}2j2~z
ze-nU)B7y>O!mgcmK6sIJPiMj&MO{-9yVEt><(fm&V~@Q-uLrVihFoWnL93q_%(NS+
z+uFwMQmu@bhG(EjO2$a-e|DWqeOv)AgDB_h|0E@I|EWdnQvu`Y>?7y=&@6m8UvbrK
z2F|!qG2Z3nk>;Li&nRK1t&h17RKX_*uQT<KC}XXU5#dSqF=o?+E*UKVgnhhsdJ^-y
zH9XYpQ(B|d%=U74MRM>SqH%sx{9W6cnwo4PB6^@5xi11EKCFs3ZR!8EC{YpT*_X@~
zJFhiJx`&KxY;tt`v!7++spzbGL{Dg;bi0qD9%W>ZOA>khKtvR3M;{O2qZeExy{KDR
z+tz*6o}uCCL4ug)*5zLU-1;Qu=X^eeM!6ed(ZmZYgN#5`2|3MRXL%YgkDj;KeLlpU
z8ZX2VkaQoycQoc1CAaAB97tKK1ybC?!iFG)>o30lVreENuLJaa!Co>mIhpT486ZTB
zfZ!U86uzC>C>kFt9B$iogig>W5un&ly5m{7xdLWqx8{b7vNZF0k-gcUF0BQ!Qsu`X
z<9GfhtHdkBNHP2e$F7RW2<A8PQRYh%zFU40MAD8a$EcaXYEQem(p4}~G)plOp3vC_
zW(`xI#P@f05qMdZt4x-#iNBT97$lfCz#iDu-TvX>b~|I%+h|_br^3z~`vR&B;aQNT
zhcp^<uL`?2@xeA2r#@W4hLTeG317{nlK-a{fX<E*-4<1u(6*n0(Y&|a958+QF%r#%
zV%uN?L)+r;8sJlXjw11aWMX;MtwnTxh({&fXUiAy`#S}@4Sm8{OWo}Rr6J!@3;#1-
z7DHomX8RH2Nch}-FE@>vgA_!HTdHuTh2o~Yo{CCmx;sr(HklG5>SYS}MHUOfU(%-g
zxN(exK;$PcNHa7vHD7R|l12`o4c0~If-Nnzr9@hCa?kO+^mJK%etv+~oygcid$^Ii
zAs6jlcgDLe1i9%Y&z-TYblaTgUuTH`TaDr|+KKmu+!a246^{&2_YlxBJ=TWo31nHh
z(a|(&0(&8gzMGI>O%s)3@8$6hgJaBuc!_vW@tr=iY1b{q*n3(K^maEE?V3UXUH$y1
zGWDc#b1~tPX_Yu(5;M)oiLKN2@p<YVCtJVfD~5h5f^}ipo02jy5#z^|I}6o|nym~3
zMU2V&>5`cMhHb$Hs)K8*w(kt}I~0kY(zLR)Y`Jv@D`^lA?BW};(wpVwG*^HjeleZ?
z4mLRnVxK@lmQ%+Xo)2^J;lRMav~>#vidK^DRkkqZYBp5Pvv*4I;=E?=PiANFT(a2H
z*<bRSJq)pH8G(_UyxnO<J*Vt_ODk2M9iif{_m&_W8Y%bW`Q==ks)F%(HSK4zvMu3D
zxE;TTE%aM0Zkm&w(9_e)I(8=Q!_FGwX_~dNGYgL&R+5m@EpRS(A7-2&B!kS4m+#4v
zZ}0!S^(;WZBkl-~)t3VsWuuV%=^9a7%uQ^y^G$;+4C3m$WZ|Jh@<j&*Dm~cnVz7OH
zP?+};yK1uR*Jlzdwhh2dZq0k(CowcuO)V{^SzD%pYZyT}EoF}U5A^VW`ziX<eiILp
z2Fq2bpycdq&N0EkzncBm*48`%#(l3CUIUeHDpD>j*Uvo?VwL=mjDle~G4b-Egnh?*
zo-eg{P0V^ttJ^MxV2y35$S>!@n*ajrvX)oD9RruYDISmlM^BolU?*1HCZAL?joKP0
z3T!XGOU)WujA)#A<>tvZ!665^`Q|8V&jy7!g#gW)s5HWSj5unAo6m*B+~H=^ZGyiw
zbEmCSj4{6NgLl9#G6&B1^2m7$Mt10;n{t#MZurd-jJ-Jz;Fy9NHAGJ2rSuhgB8pBr
zgp!Qu&`0QV<kK-&G)tPFn0VXDR~sVB7T=K5x33X7L&c80G$XadKha5~aQrQV?L|J@
za5PZL37@W_e!DUh;{kIGMEP&Qp~TPn!S4zQ2;q)=ypSU$V<i7;1ms9Rfv3nY$Y<rh
zsQKT2k4Yg%4jx8^MLu-_|4{3{|Mr6ybNpuhe=lG#Zcz6pHs@WVo^dd)3hoW&U-Ph1
z*Q0gc12!fzJv*X#e@RtEC#Q*Bsox>#pEAI~Sdv4kdK}#f-*5EBb+A0J$r-hnqvrn9
z@aEqqw2|j*+YNLUc#sc6v@}aZ4!K@=aP8l(x`>Nwe4$pB>_K**1hM()k^h|MG`5T9
z=9fnXdpoQb{$u$O+SERX$WYhs{w<=8l5Z6&2P3?^{<jqTN?6b@7?Cq2gH-;O^qnWf
zFJ~4<ebs9Xt7xz)7H?CzSK>t7Q@{QS{czsTedqgNArT%2K6=8{Bz!nr<1@pX^fGpK
z4IK^FaoZD3AJ1iO^%z(b9Z50ahOGXZ2VbJ9zAgh+<)y9_Jr4X<ctrUlF&dSOEjNwn
z?3bJ7cTx&6b#q@gX@}fZPaNR>dli1u0#0p?EFsamnjz)(JJCl%KAgVsrDRz+{gZJj
z+jSvnsmA-=TLwpCEPIMQMl@Njq+NwCnHt)I+%Q9~jI)*R)QVghp9+`S3|7eeOiE>k
zUon(1$r{)ae^Jfh4!m^N`zcK85U$8;ifS<5A&Z<m&{!2UJw=@*({A^;u+i%7ASt;d
zp9Fbbe*!A#4O%x*F2{A44P^|Suz#x<UtAxyHzkNR`mJ#LS#vw%^{wiA_Z2&z_qa#z
z?mr5%D2zBVY*(*T`ToPl#7Px3e!Ep&wK$t?3#}w0DZmJ!{`Wh^PN_NLmkv!$pL<?q
zq`1UkGvXjACv^q6mMpZ*i8Ak<=vHLRmCxP$uB$XB7_Ljd`pM?<y2*buPh7!(pfga6
zm%LA2XTdwuWEvu9(RBJ6=mE0|s)3yBfpro3w1Q>zgd)iW+OvKKx&RimYFO2B{X3?#
z{z|nAN!f!rVUS(=*F{QCMsTt)IL!@qjqtpXSL&LY7C+L};nyFFw*A-R>>I7KGBd;B
zTHNK)cfIy{mZ>>lna>Ps6^W$z>1FD0ZnUWJC*V<8c3yv<e5b~5KYK@`T3iv+f#<*D
z^xoIXXIq8GaQa&^%Ip26zAv$Hrd5>`RQfqHd7bvB|3@J=PN+2W#yGwY$KuO5pt$vs
z&!z@s_tGuC`e-ns3V5pcKeq9NdR9cx@SU{R-u&iJONvyOj6&}ke~iLTiTjYD(_N!S
zj<4awKRh+ZC$eWeHnua^RsnbxOW10`FNUTwM?|N00_kG!*FGR`0|8&sRo&@3OZLDi
z!tcvf)TLLX*EFx9jFXBZ%vG`Ut_O;d{I@q!;D{!*@9&?Zx#^tPHJ#Iu5Bp^@eVP8I
z*NrjpW=%U)nBd+$dJ<nAHWy@b;VW_xxB)-_(MzVr_8wR!pU3U!W$W7SHHG^(7)8;$
zts;o9JI{1&OhiE5JLB`sft%Z*hYgk1qMv-Lo)t@Y#(FQNR<*uCQERa3TvM3`@7U)P
z)kac9$!mET<aN{RB+pb(w@-ufP)0S}wc_ebMvE++_4|B_MD}lw5FO!5GJBPyFWF+9
zsX;|E_o)<XbaOy3okaJ?S2ITQtskm6tv`Q&Ra`8Ld{M<E!m5NQh=hq^9fq}CJN?__
zSuw9Y^{yCsKW^Qcnp=6i>LfSWr#zjmJnVXVj7Hqn-<^w9G2Ryo`!CN<j4nV~2mjv{
z)MAI)Px^bxJqCXMN3Z4SJU(vf_t}l|*V~t~^I0!AgF?<apq=DYEeAtil0AU`zAdE}
zb-V{FtMJ%|l`TuSCBn)U`<=8^yU+UlWJ*JXJdxV+t`94c8yg#z2A6q6|5wo`oYhP7
zdll3?PNYq>Qyjj^=tAl@+{EY#RMEXU+$ix{!r?uOAzSbQ^x*263MkYyln3X3xxLF<
zTlo4RM23&eCxTVWR;8tpDf+C*RMURu&FP6#3gmH*8@=cThsr9A&ShQY5JbMyFPCQb
ziJ)FzeR*YS;Duw=kB}X=J7EP2;9|f-L$v&L$LUyyGPlXFGH6Q4Qa_KJZjo2@=`giP
z=OaF^M(3QRIhP``_pVQ-NM&V-kwlW%ye93aC^EM-yjADzyS-|Lh~-OCc4>u?)E%`h
zAp_gR;bMsd)Nm;=pM6+^D;M?gUCEybd)Tej8Ib5-q$d>`4RliUs?(qbdr)6GSVuyN
z`w(e<YU<r`cQTjP)oJZUi0n9gx8*{?o%$e?YzzdF;6%K)9!aWPu<jdWLfliVCzTYX
z?|MmfXml#7$k5ZI<9f_uB_(n$HII>R7VLkKw1HE&-<N2palhaEDDRhOanRsnVQ~<q
zVREk4q4Rz~aw6k_`5YqDSRVNGS=ELUa;gtiUV$+9o^)mV;orpa>A`NZbFv>3+LKX=
zLwrEt`E2rS{8y72UUIwPw)Z`JWMiX;8WD$JBSQ6|79x?kdJ_)DR_VpY&s)y!(<ELu
zF>reC_eJ;Kjtt4m{DbG<7Zv>tH~b>5M9cdr#uR^h?<rw}Nh{jn@J<=~V6o;VI_+bz
z?o}W6R#-{Tb)gTOJu)cR->Coz_lDbuguqP|5m%128kXt)HW#F}#KNyYq7BG&Ql$oi
zi>Wk!BVdQgQaMvYRn{{*G@N&d#`9-eDmTfq;`eJIq$eN#r*IVb$P$2Onu-fQma(qR
z;H=XDp|sV*fKoS#-!}!woXeE86@y7VMJ)GdZhR57T?-;3i5x2;uVdlxweGkXDcpp}
zq8D3AwkO6@t2}X~U7(#8{4<yKu2gKJ;D*npg*C~A+{2=~%|AatTe?<`UBv&i5F0s&
zT;M93usM3nJ6RbSDo+#*tG^qiH;T1+5YQokcV7(U%<#-hv~_jhUvz`_Oh3IcUmSCt
z4HXhE%HcU|6kWBKgu0`BP|(!X{Ri$1mO@6AbK0KxC8^@H$xfeoBuZ?z*<y1cwm*3a
z0Ls@y6x@5<)ph$HEK|b|okwSnq2H4+ko_4=hBRQjje!2b12y*B;yQpex?%^79bE7{
zrGxKLi+b4<66BIa9{+86OQi*Q369>l2tAahx+>~2Jf<2kjDMXO)2Mf5{a5?zMm^vK
z00Lg;A?hz#YG}I82hkpcT%<|D{U2>M$5>kFHR$;DGUQoWNrf0?1HP*io-8|X$OmgZ
zXaqr4)q~z`I~*i^N_%lNc85Ci!8&7Y6MG0dJ7(WR0!o4p8v!?l{#MVb|3br^pOCP5
zutc7JE>032=nqi}D#o(S6bPn6J}2P?6tcgCxAu?lP<H_P{!c?%8{fzsRUOUxtJH_?
z-zAFrQ~0c3>w+BGNg=BIYG&iou;-md#W>Hb#ukIByJqcXRhv%#p|hw&DU$w{^LhOV
z%Xja0rsjAu%h|f7P%;Q*fEu#z51TmE(v~h+?5ENXRuieuor|2cot9FF`>f1s%G13g
z-^VOhx-{HZp&(LZ+f6C<(}P>C!fPruI93!Wq$gJ==5zc=S9+oXg&lVLj=W+0pO$Nl
zt4X2}cv8V_RL&+BUFwz-kvE#W;S|Ydu}hi~U!6Q$<>f769jX{#oeo2qPf<y*)h5VN
zMC5j7GM3EF6-GAkT<rp&G&j4-J6Mj(_YYDGXSNw~mz27jGXLW<uSZmv8F}3^8AZ$6
z^IqZag=zTW{zI?)W|dI_g)K)z_)ULt%Bf1f&;xWgyO4KL7;oi|&c>vY$@?nby7jJx
zUO+`AIPK`34+c$t)OmK6ZQV}mg`QUKNY}dwGceuDY27K{$;@X)nWn{^sPj5E2IToY
z9_c=7miQlbyv}sm2vy@2m1P&8&^2x2sj$T;eo3w(W=A>8r#}(d4)~IV?7W{+e09&*
zsjy<V?;(S(v(Et?y-mv2A9}*j@hK^-b-fk#R?U?AKn5U=6AViKVHJqV#SGLpD)B>P
zUSIygbOq~x=9TMu(cI^<xoZPHA=Nt|SUxmYzcS}il2;@=A02mTQON#&sPo3Ri>(Gl
zcSAQe+)Kc<e?9L9S~R=DlZJ>YT*Tl6%|DYZ7NfFrbJ3sb8`ZV7&tg?b26JRW;$~Y0
z);}|x0D{CdF+E-TDAj&qX6C%+b^QeK*3I(hcC0zP=rks(PcKQXn;OXnrZ&;DgRPbK
z7=$$H8x{Lj9C$bOq)T4Emgn<nqB}v)tAL@5O=oKCVv%!Q66>k^bf(y69eP{NT0CyL
ze}Y!TAnA%%9w3J%z)29>faqbd7?@XxUa#QGK6t0&+lYt~U6f+Xb(v#~UUWCY(tPru
z>ig3)r0;`6n6X%<WT2{sMowU4?(EiLWvlpbtxu1EfM*p{0r=;fE(!PLVY<G{YpJWL
zbtl)`<eHHG@g2L#KK?9Z6X(0fI=N_tCZs>75=RFc;73<KkeDj~m6?ltv3)G#4UOVT
ziObjIiv<G{#b%f<cTeC}!#EA9oTXV<QWS)T%|9>M&>x|s`Gg#w)TpCEm6VX6OwD7^
zxjs|F@r%EAW`3H6dnH#HRm0Slz`J^n-o#~T;wndEANIs{Oe2;b6Pl5eqv3N)CCqmv
z{BK`W)Jtkl_-eA7>`CR_RUKfx<u<UeI*oCf;ZlJzOltebW)h1(f52?h`(4BJVqTLU
zkZwaDU$1y`-(k&l(t^Vs%h{uy%UX-?lYDX$Wq>aV8d;uKc|-FaawWF=)2^bXDBUop
z8SWpZAzH-bO9xlFIa-a67B>zi4}49_KYR=G=6x$eo?2SFz?^;3_li=NS%QudjMdcQ
zb#n8Xz<v=TX4BNx$mA<{{Sp0ove9$@@`+uV6q3H0B(ux&#kBMBe0O35?0AW_#xsT~
zt%m7&H4N!uo>cQY>yb3PwgpF6L!e<ntJRo-oV?h+lYDbNEcsZN>1^9bi|c-9N850D
zOa@zq#e6TTT;Vh)V3yCocZY8*USpx8%WUdfo`9NlmT%Wdq$!bkF4CBl-|O+~nu~9<
zi?ISt*iG**Hoqn>B8#|qv5)Vj`}+nZS&ixafXwV{)es(h)S;XEVg5ZkzdkaHxoyiL
za&8|z#OJZ_82-HaKtHYZLsDGz(W@@I)>D&{FX(gm8PKJDA@mX{?~+(Emj#~{J8pV7
z<y)^u#P>>Ayi|-8&pH;C$}u<eaN18xZ!34Yk{NnAYjm`>_D%DbMk<ZWyvQj6i|kip
zTrg9|F&>?B&Y7@yg%2CktQYTw#O`^F3g2$?%<Ibn=3L`f-6xux=6C8Yk`PK+sOXcR
z@A<<}b|0c4$kl(INV_UgD;ZO|myHP3gaZv%HGJHxzJUw5;Ga^Bvp+h|C<uA#R;va`
z!6v971B%~}#&0nSluGmFaj*|hS67%V-(v9=xev{v;TzM{`@MaKirwbe3m5K<NA^8<
zhZc##F<Nf)|J<#>{7EnIj=}z9MM;UKRiBM|p154}4Sof+)YPbF9Rxh-1Z#4pRy;El
z83VkQ<x~|E-fS`6Ohg2Q>`$3Pmd@y91tr-?-dxMwmU3iA!En2}&DvXS2t#k6u^^^U
zVs9p7a)^j5zuT<k-G-^R{q~RRn+sx+o?8srt|MJ<UH&Sj)5H7B_*9#3ouOURz0D;u
zK1v%Qi#220TO*d>^T!*g#2b~8IUL56Pbe~^Knp-G8>&7h?`t(t%0_QLlE;bwFkXq`
zJa?a#5mgV`Mx<4^AU|E(%BMd)4}YR-Y*Iz|$=-Wri^jI<RPDXK+S(q_04!(eW=><b
zDG%~TFD~YbZkhQDa&mGh#juF{rSPw{%i6fRn!58HxWefyvt<(9N?YSt(iNLhS3$dx
zPMHz$a4;wE6q<tzFG$u4FE#f?70&QK>^hEI8*le?R#A`2vVDsGBBQ@vz%B)0Z?(Qc
z0TBb7{;DiCavsyTg<;T1jJ?toW7D{LW{yVeNde-0pci3o??p4{$@A3v3KacE_?_c3
ztI7GjLEG{Oa#9=n**nuda1)>=SbBxS`jc<o0b^6a|H3LoeWdopr%d1*_(AR0iCbld
zos43{43}N!ObHl<$b`&H%kc2<qh2>Z+fumX)0vaIE}2G~bn8wNc2!)347j~Jlk&h(
z#VSg$%I&rjH{ZdPLIK!nXlulDXK`<a$^@97{+Fwv$y9``cHw3({h3^L4yWiLILW(b
zQOzAnL91+>>;gw)_uBKhxLghgWo=^0+6<swh0(DLjR9|Nf!#77Sr&w45f^)npbr9c
z&EG3T+-rL~wmrmk%An0Puk`M-Fd4Fzc&k3UBS9hcDyC>}LWqRt(qFJmt!}#6Gi~iW
ze+VrHP%=_q<FVOtLmH_=TWkpJg%8Hp^7Fp<8rZ->cV07+`k(15&nhRDELO&NqKj#~
zYcF!b%s{UAw(yDCubB6&4?-0iml<BZ4o}7mL$7#j%7rGsY|g5c#m4UKkvhfrW<Tp#
zr{>ObigAHgDiZW|KrXMgNA(J~WO#Fl+mjTCTVL}VPi0M}6|{?Sf0R=zKEIVwH5&bP
z=uMk1K^gjrNbr^r$mg7R->{Hn>md@ZwJ*Pgjo3vWLpxg2*Ns%zq`|ieG1t?+<gvI7
z9NQdSp|;qkv)J*C@$Q$MIBL{MYiaQCoZmaN*7zv#Q%Me?S*vWP)S+9T7mbcKSzwI!
zdbs2yy#EoMJ7iAS_ldOCtsPJE8y9#i#<2JC(9t*Pyb8Ka6@p#(U>Cc`=nZm3)9GjF
zC9dE}Th<ssME-9sFy`mx+U*GYju(`V=-!o>8%-J=zh_tLYn~(ZY{!@IHhJ=sF))AF
z?N=Kwhj#oIjPZ6MoSlki<St1ZBCA~<eS#>fptpW5`MPUbcgAb-(j8YF9ryoKQV61K
zC<%}dJ4aTF;^@jdHpm)x@e%|k*ck8yNJIg$PHU~>Iy;w(IWF!H=rh(UjMkhzsZlWk
zG_qCCN7EuhYC_eE@vu^ya1xiED}=wk$qY>M_|<iMK9-+xl9!h;y{zn;SAw%J=DioK
zpiNk_#zTVl+*+>(Pv7=0>5>u~OpbhH9yG7?S4lv}MpqCvTPToO4qV{eKKICbpXt80
z^_xVL?VDxjxu0?_Z?VzJ8@a~lbCfki71{;;L+&Hi@gh*OD$M;P#j;0@{5u{J%N#6W
zD61CYn!>}OLY$w6{HHPZcqpNYb5fr_hy5OCU5!bJ0UaYR%K=oTqto6ZJdE9pb{O>?
zd&zbPbU@5|OFtlF+lOPiu)S8*aFl~r@rCqvkI+qZfy(7S*}bxNs_lpmtKHt^<P1Gw
zXPVGWnl9cnTpaN9YierJFfg!*_*n>W0Ge6g{4TsfMMlr~%d)E7z@pKC&sOm;g9|Y`
z4K|6l27SvM>$lQrq=>|ty{&ZOtywVD%^M={lFQyx7*F(<JqXv(XwVZJ>*+GP^7&==
znH$(_=$p{cMDxZ9duvwW=-z^LrsAr|<TcdPk{&WOG{a7GO<B?CquOF?)z6)?g<$J%
zP+HY0d`Xq0|83uC%m1$3QQm<)bA?k-4Xe!|z1FqM-i4QN8=}cX-QONFh9Y?(0b08x
z%Jt6;7JJriElO}kW_=a4ZR+8ZbKxPGml*cXZUiTA5avbnE^d_Pr(}CFRf8M%$K4QV
zYzZ447A+htjF>Plb^Q`Ke;gj3s8^F~P@4gYgoX}~Lk(#lqnpG2ON{<QjhoaNsGyAs
z+JX=pn~*)<(S+;W-#m;$;@`r(V1jsciRJ#Jy}iHu#`zHE{F=|ZhW3Uo04Qi5%?(Ry
zLvR>`=FKIM!#u8M{odX|UXqzS^@7yiG4{}X4y~LpP?}9zpU|`0pZ)|W!YfMj>P)hW
zo!Ni<-Q;_#IQ5O8+@frY=Ml}q{ii>IcBL2fJQROVC%O@cIEas;_3v+ga-3V!SbxYO
z!m8C3^UN?Hgf6QT#mUXx*)cvb?-l3*A;45W4^yTw<M58WE`W+LW?Y-`L(a3461KyZ
z;(JS8-fX4xBDm<jLCtFH4!1NnD#r!W)Qe^LN#~s3$WrA(;<m8OHn3n<^Le4YVlgWZ
z=@psS9~(~+K5DZ^B_Qs-l}eZIe}?@Nx784X&X6$2hy*r6#FdwpKQ9ND=`tWqG$}~E
zvZA-W$(2XAoZ|{$7wc)qx#fMS&cnBV;xuVZuT3lNr&?`fD}&ofkL@34*Y)3xdd~3Z
zQ(g#w$SM#SLm?=3X$l%cj*ePC!Q3M1IGu-L)AeqAL+eneS0rD_zytut{3FzUJcZtP
z^%FX!e2-&KW}vKpSRE@~I9x0Em$a^gj4lCV$|%saeQVm95vv*{6U-3Vy2OFP>KRFU
z5CxM_bV43~F&mAW7UJ8!BBf^tzAeJ&*DeC8$)x$0u&cOAXWqOKcI@jwdD2ulc^%wc
z56tJK6YcCbJiG?l_gdM-ZtybRsjjw?CAna`gW&14>~DYl_4Q@F%`D+znYX?#$lpG%
z@)N!vz4gP$I8|<CD;;1JX3x{xUCnC$fj7yO;q7AA%~lC)^$iHw3Lp4JI7K!W|5JHZ
z7Rl@QC9Dw~e|_Q#wr%A8NR^8W++j3FcqZc#=Q=fDwo5!Q3@<deN+hzehGWx<X4$C!
z=>@PRPzMWqsVM4<$Psa#u}#g@FVBUP;VLUD&)AmlK3*OoScT(e1<-J<0euj2=V1bf
zP&(8+rs>()Rc%Kx%482#bWWjDB&oR#FU5?w+HZlr0H*mycf6qC`>sOp1Z!8gfYsBb
z;nw3q`c|UQYu&OvJwq)Uinv2}44LnCagEDp1Vx>z7$&6y+Ve4exkDH1$5vsSf&uTN
zzxJtip(82_e0H|$K82*!D5gBdf-+M!bZ8L)TDs*P)#Z!NYWKTEYxy|?k~kenX0<4_
z>pv5S$YK>G(t?7lNH9&dz$aO0%-hd8HfY!k)eO-oLjo3Zw-q~v%Ou{2ioxnV>C3@n
z7wJ$;+P|09H%#%*am`*W=5}(~Z{Xq$CbSbFHY5ukZQrB1tvBS$w&vMB=Qsxm)gUm%
zLXr^wvZ|^?7dD=&>*%CV^AxyD&N{T}<@1fH`eTmE3aqP!MsVwK#f)f`KvVT?aM{@`
za?^qhf58=bcf56xFLSvK3}LzY$4xyG2tV(bA?7y*sU`QFwir0(V<$`Q)+URck!>ap
zE!3k+4J?+kO*(hQ46JmwlxR*n;OAk{UWn=zO~<=5pp7KvbDJ+}nScT>iMs4&N91VJ
z=G&H#OJa{J636fAh6L<hma!-4??P9PkGiHQ#+!`LJ}n-_0+M6d@sVneei9W$l{h#G
zK31(qN2~7GfosghyfDnSF9+TJfD1rcSIgkO_zP7bSYp@_&0`*$gD2$dnr2|fnQUjk
zz=nuIw7d#5x+t`u&!T~M{5w&GkOhZhud%}#06edF>i;!t>spPc{IVYVFQ^JAz<|V!
z_=Ra;p~fz*&8Vz}j`IVrtHX~ON^TN1;z~(&GXsJs0ok>AnTrAROBOVf?}vjUbf^4X
zj>RBp65QziR*d_Lt4`6^#Fvbr^7NFvRYe07EIX9`gA=FUyAwa{C`3ZiG8^C$)8dU|
zy!psS?-FFzh?#kHc<gSt{}|s532+%G2&wS4Y#0HA92(m7L<dy^Zt>?{O}neqT@H!b
zKOfZK<5PqjH|{u%ecfF=hy4t&FVGKj%RxBSWxBc#%O66V$3C5Ya2GHONvZdU-CJ?|
z9tSwkwgOvol3C~*z4Z<f;Sap$z#52^F|W8j5KWTd);u#xNAJzeI#5q#mVnJs0#;_E
zb*e#_xFZFy?ykNeZN+H0H$Ha<S9go4#j7-e!b$|ecGE;A`scwLqlH^XA<?vMsAq`$
zGp+mF6OY@|U4HT2gzysUk%ti(07s8n3pNDDKPsU`e5<zWUa6L^lQN$^i8iK!Wmx!A
zYJ=;R;n$;#Srrw!pdI|{Xc~XSLo!uI$TlmkcrtAZG3CTFLHBPVl^*6vN_8PQ7wl)0
ztpFa1TK;-Q5Zpl@kJ{<c>Y@y*K7eb`GDXaelSwlpQo!>QIPc{dgSIl7Ys0eG)!n9-
z5oJp!a5c?kj<GIwhkJW_O{;g}iP$qMBEi2k5i(AW{gyn_(WU-!Tn;F*YnE2tKmy<p
zQ!fDjOq4hq9Myi`CmzGc%?yzb+HS^131AiiwI_^oSedGqN(UOZeA^oChxwoPQ%vLi
zwS8&Lj9HFG#OHO?7MhxN9xr-}<mKDHiy1{YQhNw=Bt)KSA-95u6X)gZC=D4T-f_zb
z?>5V=KkOd-Ohw?L_SHNlyAxmzR^H>~rv!+^Nsd*HBvPl~HNRYDy8Qt|P@+_U>zLbc
z3LW**cHi8!t^}?7K=m`U=)t(7(@8W@@D_MR^-*a5iOL3y)f(l29-xK1Rd9j^z&CU+
zTQ#t`l@TV!pH%YOcl^Oy!{~xnhkWtf#<bodIwjyq$um-A58V3x_ABT0OSoAc)<baf
zL?yAp4k(f7g5WtbAO6~9UU-_;I#DrFUUkHsxG~`5w3WDd3!3@<+%ADsHywK1CaqQ^
z`nUIXz~$RDJ<ZNGBRN{>vBhw5t?T|`FK{=9QrBw<`zdjc#lp|-S5f-p-OF4bC5+h-
zdlrXWS)>gOF{agpKJ`kbI|Y<u+Rf6y;kd^-#8yTh>ck4}shi>Lj^Rc*05L*7&ey()
z=;}g@Y<FRGR!&ZD*?V<fg++&Bx)s*N<=*3o=cY>_!giw<D_d+3`VItR5+dL6D<$i3
zVc-5Dy_NT$y#~J9d3s-S&Oixg;|qq6fh1H=1%s5qbblKe-Vd{J(P`eBYdj)$40m_M
z>F)2i{{-Sb=qprUuBSXL_9-0jt~~_nH|i}F-^7&c@=$zP=fQ89>>-J-9JyP~x2IAj
zg|%!bqpBYQX50!<(VAu#DM}gg@`B9aS#Pq-BIxROCXe-b*KuJ>Vl8_`<jLkGuF$cD
zP$`AAOA-=Ty_&X<Vs?Z@qIBW`1PC9sC3g7ITN+&U8A~`7>V*%4#O7La;3nP<I1L%E
z5xc^WMdHUdQCGe!TV<h&a>XZ&P<Lr0?!@_qI<Iz}bJE+5GHS&zdB^<`xBM?8nIZ;-
zhLoQ1^!1p#<8&2ac~v)>B={69GA42uCpJA4j;#xT|78a{2ty$9>_iY{|MHc&GHfq3
z(w1ULTHU<EEvJ~)z2}?mK4t&@g#k`__r{%ccO#W?%1Tjn^)ii}h@o_4{oL1AE-LCl
z*7LRPnfZ*%RY=n*WpsWFedWrtD;!<*u)0m~N%=nKT(dc4R9}sQM*DtfrB&L#_tZZ7
zQ2CdtQ5vU=7XQ~pw#SMUS3IgoB438h8#RDi@y{-m5;J4ov~k7U<r@m$N=*Dp?=UJe
zSaa8dh_}<j_;*jeF8g@XAonG<1U!bl?tFz7IkCoggjT0)F^?sB(Lnlz$UH_Pm@foN
zYs-fZuyq|VNviQi+fVd&crPfoUzAhJiKJb>m>~A@$u8gII@}l!{T}~Td_pQOf5`nV
zMHv25VM9t0&<ybJwI`&i^DhX0@^{JTCFTE*hfFCyC_((|E=j0){eM=SZ~Ld&Eb$Hq
zv<5gbs-lv!xv%eOXlgVfolVo(%EgVe*v^;tETZJWT99U_vyl;v9%mELx{cLPNKY}z
zMLL@@#SFuRI1U=0vNI#H5^tcBPKBG7$p2HjL%PrYPi;FW^Z5Tu3yLHjStGP}+=h0a
zoZ>rSy31v1sD>kCfBsVn9ArJ9y@Sp{>xy{}OLUJ%V=TNU;3|sk@1DC3@&8M|h~L($
z1B7Gz0?yO5dUd6E)BzrBdxBi@@4_ppNa;YKE^xp?I(6mwGB$%npc6?MrTTYwS%P=s
z|GD7@wRq<Lttf(OP%Ujgdw;5#C0=wvaeeHb<0BeD%^fl~K)*Q`f=@x8+qzTb$eM@V
z%=N3NzYC`Sy{!iZ;^g4yqZZq>T&|Jo4Dz`HdwUNeBbQ-CW}6K(T<$Kc=kY!43cBK+
zd+2D$d>*3<)%MUPwsb=d#{e}9bNjWckglhXj#ss`AvFDC@cXPIp0mT{6eJU(zT-Ds
z2<rj!08{yaj`C}a6Lb9{Y6Qo<j}5c3bt-4yz!>fqn_z=qwl8mbxZt-8Z2HTjo3-{5
zpv;k(&AGOFttY?QFb`-{HJ~VW0aq1!wEE|VNH}hkAugXc_G7LfHh*wX7x1?X@Jf_B
z{ky3@p&Em%99fN7yl;w3Na1bD#yLj|Snj~Y>5aaS3ha;02?YY(Vk?kBK!zfWj$9X%
zn1G||1-|D($VHT|Qb8PY#eLPDxK_;NoXCA>e6|4E9YMrU`^x6G@;&ZeyNgcxbQU-v
z<j9tyozCiOMOV?{QQ=GRo9dA8WLl;)QZq>Wyn**#cJw{NH3XBG`fekn4p3&-8Il@w
zfS10H{-UPZUF6VR;<4PfUl>>6j#VrSl5(QN8#K4JT6N5H$bRIGgoKY_rBpe-`?7Zg
z*&w`O5-Q&RUCn7-k99y(RP`tg<b$x*;x>|0gi89&XuR>DjLf=igrj8!nhyAm9ZwaN
z&j9mvfd@tEEle^>9RM9ns_XITLutFVKg>s<+>_GWhnx=uFJ`!T%Lb7EQdWaP-dVss
zJN6&rjsAr3fEVeGt&F1iD0&ZJROPzb4DcIBbl<Y)HmtY|kdv^v%(DsnH^SBL`tWMU
z68Anqyk%UwKJFh2i6?;&LPQFO!q9I3s}hd&Q4Dp4Oa(f%!<dn$Wxy=(BotMs7aiy(
zfGoK#z%-kPLc-o<DTQ7vAx<zUgw4-eBFYzi)7_sztgY+YPu`xLcE-$#ilv$sfZ-bh
zGe&Id1Sy-58hH={JOaeJYsTDe*tRq{URDr)jnItpi+H#jBm`;>mo8{Fb61z=Xbcor
z5YqYmI|l`s;JCM~42)~p1X*mS{crlnD@($Uk`d@R451#F{SpD2(Nv(=l}^xJhl(U<
ziTCB|n0<vJ%2$U1ET`r-LzBU1TM3p{{H}zq582OZfrO%<&P&Jn02rHhZ0I$;7%)w@
zRaxTEdc>Re&vKReGRPx9FeF6EO(Cu>Go1vng#X#m<geC}^wY5<xJWiYJ|u>xJTi=i
zdKhx<(Z|4YeS%6v&qTA2Zpot@9bB$nt&U#lV$ba7Fp!~Y-IN#5x<xKSib#D)8I`MF
z%$=~3m2Pjf8GQoi+~@R0Y0W7BMz1bw)a>YiZQheu&tjfCa1c*+0Q$9*w!@vBxy$}R
z0;OU;p)9a(wxxQ&M9cz3xN9ou*iU+mX(AfgW1q_gq06+f5l*#+@5Q(;P2LJpuFuWR
z4uzC3sFeRWHo+cJ8><diCKkCfS6Y>!Mo1PE02In!f89n{Rw$jJLsPO2iEHmlh<EV`
zId6Xeip^b=K`yj$0^xR{JWW>R4@V=#(jR4}1T<Xs^w6%tDxJc3XA)~Pv~wAHhZaGp
z)9I~4OW99hNWnt`f>nS394y4O7S!18n=ba3Ya!J%C@{LL^;|@r69csk#2r)+6P8M!
z0#BC$rF$~YLr}5oBpi}qmNRRM>jN7{pygtJar-dOws&Y)Od3E`4e-_nNVPGmF>=2M
z?#v!6@h*+X+x~JK12^pf&U9&*(eQbSRAM0;na8(2cta<qqLo{-v$cvC7*q_6HfEu)
zX^ODp!zDl^Zz|Cw0<(`ik7gYQDWlcwiUV>YQso0K#bt3<;SIgS_hB<A0zr+ib<cC(
zKfcJlxji&_gSXZa$h#ACe7AuKzJ?P5XN?rG-6<mG0~x&Grr$8x!on}NtAn+6$Vjl<
zP}c$d1<GApb=ySRgO`XDcj+s)qG}_B>2%B7UO+06uzE%{JS>dbAzFG@M3*Wn=yM~>
z2Oxz#g!;h)k}T(a`I+=y!1G}&URpQAKh$Sh>$}TRCY;2E8v4U3zGc_(&E(KB7~hBe
z9DDpjGO`zlB_jia$By!5gZl`!PF+#jAN@Ff!^AQgm<P_EIO!aastZDFs6Kr7ZkP4M
zyLuJ44@%c&bgd9sBam)K7mfy96dcI*&EZWzxZbDF?p}qu<l?APf+BQU;bSVFENjhg
z3?QOIijszT%O&7SkmvDK?=sH;iF!mo<4>sZS`<=eBAfSk&N64`VUmx~6V*^s!wKjD
zI$|v)Ro$?~-BVHp?FZeaEh?b05PQ=73RCve_Pb2rrtbPY<e7eg*s)JW%sZ)@^#LKR
z6L24Mb|5t`^9xLbzuwX_Tq&gg7ail-w}W_yCYRi2FE|NkC3_b@g=@a@Qc^Lbq)4R_
z)a_V*A9?BWia>YgVBZk%TL@PN^g5j~N;sCt=;=!6y>mX`7%{%7ia#tWsNs13WtrJj
zTIxZv;ZGU~=NzO|-k(2r>Kyf*Teoh}>MNfu)jW$Mb3J?Z@H_ADlTVr3@lx4Ca<c3T
zms;0_W;}yaZ%=8eW@PrL;WSw_@7hQbzH@ks^I+d9+BOfrRc2o3XS$n^AAi2kf_8p>
z{yU!;rjd9LwcVa0@?qf&s<?qRP>Si>5AL?$8G0M7+8(d(EeT}Ga=M(9Z|b_uSSWqd
z%6GZs`53ODm{AdDa_ITr%-UM7ms#f7)|EzIDJ?a=*1J|txjSfj@K1de3Mucvp`q&^
zEcetWwgiGoOK9iyI`mbrTThOsZWOng<2uH|Nya)3NseJoc6iJ-eR`|(<D2!Mf8E6|
zzg8<MJkpuD(2d_-ow-qJi+ORc>+)3HsmYH*6s_Obeh6F4#r}!A-A@<k_ccq9z6On_
zni3#+&|jdTeX*FN)5`dItM8RZ0yb*LiF7;4rcq|CeY&4H(PHVg)aRsFEWZD|WTlhV
zCOI=@w%*^BFPld4pkv|1&4@U%q|WEF#h-uOd%}pptW4Xmh2rSHuC4Sc4q1vVudOM8
zG(NTvXnCKVf6!LNQl`3X_ot?T0h1y_%W+-5=k%W6_^N9t*yRFcLWuicyhVA3uAtr%
zM|(X(t8gdx4*g|4ILCPM`DAs8)>#RUz2oe16x9R_#mUo87QTR}>$hkS_j43Bg5o@v
z%o9cKRK=L!AK_S(wvV>FCA~l+%b2#udFEouwDymO9_YBT6jL^K73K?ZlfaZ2-Kl|R
zB)iRCY`EtH2iw6)9SVwaa_HeFXzWRxZ4>J(bn$IEC2JXbVZMprsj9Mi5f)H5z)8AR
zWE|zTUUJqokWo?<yRzR{BD2I|iE&bmYkV$ObJL6Y(2y(ht1~}NoOtuLNBB<Oo9{b&
zq=yf;ovMC6$v`cXwr+o!_h_hY00`*O!09JfCcJz|oDF?`2*t8`bTqN%rtY*Cl|OR-
z%50?1UiKO=!fjRTTgPiBE;cIN%2{pryupc*e4?0p^LnV0u${Jlu~P}%8vZhNZtm2g
zmaf+8rQv7yx*i!@SG86=;-k6FYfdul|NOGxGAaD;_RLg3F88x;T+6`3WK{N{I)Zg1
z{q+mSKV17+s)V}Hv9F~SX(DdcZs4r9e1^s+n6xf1lKfJJ%e9!+*NqQJo;u~5%iV<T
zyx{UnpZ*BZKZNT4Y{hd0e|YRy%5Cdl`8v4%*}1tdyB}`ek+wUG`b>PsGyg**hAJ=K
z=Lm{<;l6)cGZkwg@$Rps{fM}HmWbu2x)UcrLvPy8UX2sy_!9mV3nEKSHTm;lBSWVX
z+GD_f!c7e>KcDwvK*(bdw>_?L#U14P5XAF%X7ZQ4rLcPFdB&!u&XJL476jhwg3M<@
z#3xVQY`no<A99l20q5hkzrpL+_VJvQLo@YIKM#}8Xe9pV;fK4~CqLFI`-Q8}CZOHw
ztp$dva05c++f#i50?XAdFHIP)kR5LOG5`-l!KJjJJ@FGc1O~Omd&7vv9i^m~{u(R>
zY6JcBpSE$Y<k;Zf_v6p~^|9Oi!^I*LXjYv$9~*<n@k#IZAr_#`Z(Y{-GBayl;&RpU
zs2g2_m(s4*=2cf$e-P(5e5;W9GR|5&A|MZu5WGn;F;*>2K?a?{t4&Aq^jMhJL%!&<
zwIRfCRDMOp5tYvCD^!1ceG?;njpohk#`WNmtkza8SrHFX&|X@>Kx^(l3W%|$t-Gb1
zoo-)HZ&BKcMK#f-Z@xeJtWB9Yx4E+M;eyR^Q~(d^<0gLPs9&B@ZL!e!yZ2tG+IEAW
zq`9bH&x3wGKCSh7YisMWsN<Up5th<-iXLr~ZJa<IGCK?&;WNJvHF@4>-G<I3@4qgy
zEH2Uu;KVI$ZJ*xj`X%35yNr#D&I5ULVr8ySbv}|f9#e?wczolQDppxzlT4<Y7tzY-
zXuWU82F==y#`Xi&#GfV>x>I93{|HZh(WfNAMErFQv_O)@!p7s(4^XiFjoYN04+CAO
zgv}&44XRnM$Na*7ylHr`_*1*L8={aPBO8Whv6zsb;v|S?a9QcNem_=VB=y7^J{9d|
zY_-RIoomK9?gGI@`VJpBN|Jp2ogB1V;2C)h4Woq6BFg2(Vo@*tN2S)(>tUYrEhmnh
zW4((STX}c<v*D1h(t;Fwc=9<dPue$E%&#b(61(t~sqdy&`=t91F}0}~TRg`pl=4pb
zJx)E?vyS^8Nl`yqEB#<m-_MOINYpU(_VObxCb2Ll$Ka##8r2`S!CyuDcuj*%*{`Zz
z64y|_&0^8nxq8A$>h?Rwv6trZ<GnGDMt-*ad|~?QY{1io2SR$3DJW$NgDBe5ugh#i
zz84{)vt2#({(aS7a7brZab=~<@qzgTF*OgKpX=I3{q_gAhj?RJwNIUTW8@P%G9z;B
z?LIYXFZ}Iu%nbLDv6}H2^X;FFk3s3nh-23&8HD|j1&iOCyJ-#9MJMWf{7Tp{1A`+D
zU)q||PiWJeXCv^~G1);($XPw|V6Jl)Km7gjh8{x=%`uU!ms{FLjbcifUv4Votd^9Q
zt}Z)KGx2jt?Mb*Ve-bAdv!}D;)-KYoy1Ox`y-JwfG%z<eKTAZr?~E@Gue<F{UhJW<
zb9T9i(k{U`{=rh(Tp{DJvUly&%Fuzm3i9#2cDY~kBL~!9DL$gV3Wuq6rMihyAB+^%
zTV4z)y?>>zQGKn#9*SnG{Zkx$Dw<m=s~<S8vwcsEw3TTTl(nS4CoggJAA1COzn;l`
z`Lbb)UJfxp`TEPT3`Reet>k`kfXly`${%$fp86u}xXzuBJb6w%R8#-u0C<?N0pFyY
zYJ*k$w$U-v(;6v1cKUXaq1-_#5_YF8kyZj&oc78}r`n`Z)#auNnRWYzC|T46RDm{U
zgz9w^owqRy>V19fy9=c7IB!ah%ZaB7{}*>}9oA*HwTnK4fJ%rGN|&MnB8YTKi6|i|
z-AW_U9f|^ifP{pU5+Z_hN=t)?G)Q-Y<d0^LN8j~+Ykh04z4tlSxz4$+!yhlm`{Ri@
z#~kAx_qfNLm*`}YRvUr`V|ZB~g4Qy};lOCNY`^xZf{j(;;h^tVQDonJ*#JPrsiR0&
zWk}phEQ+f2(3M9JPk+IKzeQ5MSyBTlV$43nHvyOZeUO`dmWVOdsBf;#s`ume&?j77
z%zEb@ulKK0Ci;e7>sj~M&8W3`<2i@VCGvPc!FnpU01!l9Iji)(uBi2+^4RYlYF}Iw
zPlw&z-FOlMLj$gjH@L~uaLCXc6HkWwoq(>e_w1*svGlk@uLtI3mOj{Q90v?8!~I#M
zf}CQcghfS;ux@D&e}(vtT%)=}@U~pZt<Ws6XxpQ)oPN^2;jkbaTfC|xhH)cUtiAhD
z_Hp`*ruFP)k(hYv)3(zbPn#azXs+hj-afqWlQH4f(&A$6_zwbWIIi*JF#{8jDYC2P
zEtKv5QoRw%ZyjkfN<iT&GrIo*8@G)_(o6#{F_CXv%_V|>dD1ni>FwLM982a_fDJNR
zvtQO!_uE`N=9Sq)E-SI$v{-2=s=AXW5)zG5wc|RyXuT%fGg1xlaOvQU-dx<INz{+S
z<w~R_yCPJB^{YFc*AeX+S2Xx0!}<KVC|H9yzCr$H_HH%ktDeY$1>vJH5lBwjKK}dw
zz!hpb5SHL|NEf1Lq{1USyuh!w$?HHUSAu=1<v!N{L^Swlx8OB?xB5Q3EZ#dfT(Y2k
z-~(kw8L=kkKsJq)Mj*qJ(I3iOpYu0xC^(K&?&-ftmhNflY!r0<IcD8B#(d7;+)~lf
zd(Zv3C+Ch6W2V+#xb>{)JMXYQj1%;ZmN;n<PtDKlB#y-}>ZUtyQSP`=%A#+aJI?i{
z?21~jgMMp2m%72-6VGOR`-L6f9^Hmu_|9qZ>T68<VU&!HjI)TNovwQHenoRqkeVj_
z8Q)gT(@(hftWqiUFT2wp$&ZliAxd*j!~G8S3|Q}yMslSLCE#+?-!z$;Jw8s3RYBmn
ziag9wV^1+a_;>4XApEDt==EH0$W*M<N5f8R42YbR#JvXX;r@Mk)nqD5g+_~4fxe#N
zr-sX2IiJP7$Mss^t$mqZ_|y}K9FK#ZM=_Kf$7RJwV@1U}ru0ue0zlBWp=EAi@$7p`
z+w}0Gp4ekv<m3r;Bwv0tUT+k%m&um~c(%B6vdmfYvWsfT+aekY-s{%`=9>11^+D!}
zu-CLSiS#5U8d@l@mpScxQB)+|qmStE%-V>bjB70_F;icji!$!blU{zgHa=y(ss;{8
zO1gn?z?`tVa9ex)AWT<QM-2Q{jBC;0mCF=M)E0;d&s#tf0j@Mnm^IW2h*LkH4&$D&
zacWJk4LQ<WgB>SotFZAco3%}nE|e&nu#JkmT$!-Jp=cXxWB1CS=Pxx}uiP)YcmUqn
zGH*trr~cNrGTq)feoD2Z@<{La*T~O)UtfNsal6Ro3x5AwbP;aDwLB~}1s8Sv$&?iO
z+8MFaSnu+tUiYf+h+ZiuuxCQ<X{Z9ItPRPZFwn5F;v~ewc|6Ge3=B3R;z3MXk6^6z
zM*Jlah4{MN=T@GDEj@QTx#1-SHiolj%#O}$=3RLZOVI1Q^YTpCcOOdTwlNa|C37%*
zuPOd{a4TxrCMB&0%&kV(np?ye^^LjjbyQ+LX;D$UyuM&ichwsV^ySCdKqd1seeUQV
z{r%96Rb}(^W!dsT!hV9F<(F2G#$1Is>$3>)%<A-0Nm*$%zJ6B3yr(V^oV`)rxu@5j
zg#dO!bCJ6XwObmZ4nl4$l7yT)Ws@nbh1$eXhw@krPjW^gTavI*%b%X6uol+UIXuqy
zm||1FL)pBH7SHR<g`J<TjNYxUo%ypIOwi>ZwX8g|7<EgBGQ-o??P!>zhuXN|A^1CY
z8KnJo>@#1Igg*hpjsm$tq8nI~Hpf)vD5c{|>rMf=-|M##PXTQ)q}lV96Kw8YiMoBE
zZe_xAZcm>cfv|uRRFr-|guL-+IUR^kh#W_7#3=&m?q0_8N@^Rz8ol|#(`)JYIV3Ul
zwVQpx=J9A4tQ;Qp(|`!KcMFIGIV%~Dc?Hvnc_;V0-yW8<vvZRiER0K(y{}>$(CK<y
zM%wB*xRf^u>2LzMPfri;S;B}j*PC2PBmm;i&r{t~?S*`eH6kTxf*Q?>q~*W14-PUN
z_Utxf<{?VUamph<{N#_R)``S|%LMEZQtT=QNpQ9Rsd1afFaS~mz)2dK1Haa~sXtyH
zW|9(!eH-+wrMGr3IW+&`6%Q}iKbxH>VA1wi)&Yt9LZzyUqTr@Wi(Gb>9R&ArmS@7k
zO5f*%2TNS(z0Ti5tpWak?5KF<ty{{Gl8#|<qvhpdHzGW5EEF{8({)o>p*UTq!o~Z;
zG{yeff<=Zp<w?C?SPXzPnA7Z|u35cwvS`RG|FwERv@%@o3qkM;k#*k|^D9~tgg{L}
z9O8BjU3$;DT0RR6?9|QlL?}VmYklV!z%g{QZvYqB{5&^sy#Rlb7Fv*3c&@-6@@II?
zq>gSx+d6ISA9Hi_lvGi<_T>v9YSP7Gbb103siFBFKkZ^y*@ViUKX6?MtsUCq0_%k9
zn^;;(f<wq5I`<O!(Qku9wAt(hvACt}_=~B2rd)zG=Wu@68v;hsWF1?6K@l^<6XL@9
zl^eFU0j)0kFsiVm#iwR2r>;b&V?u=k?2(Vq_&^nSbFf@@!>COphBKaR#c?vs4~#&v
zepLktFG}iZgDqdGTU4#2q_YC0;qKv{8E0FIyk)%7;Tf#e;27;PkKJ?7x#!((GPlE_
z`<e{i6ns$4L+-Jruo>Qgl`{H;4`ted?$b0Vs2Rjjb1|3B)bjoQT>%=%C9YZf^FPQD
z+c{FbaT*;CcS+`3BatuZxO-Z72ODB~u-<{unaV0wS@2Gb)vzYw>$$q(g9m)hq4@$b
zRf9)ecrp4Haj<9foVU%oy7}Ivl^lchTgTPqd1>_Qm94!s@NA^9=K?R#h=wvgV{<0+
z$_Pt+-|P62afSAn7fMAK51)o78FMn?g$U|wydJkK|E9;)xKbW+s9JabM?DQ+)<lj~
zdVH4LX*dCMe&^!cY}D-vd_4$_v-8}3t||@=4wrueJy^HREoXNd5>QV}h$org{<@5~
zC_f*fFq(slh=`02dsq!e_?wnulHaLhHKaUCSCWfh{P?CK_$Xxs<rE<I@N?B<`;GFN
zCC61CJm}xA$Ulnvu%Q`YBCPkX=x&)9F|X*kOuWQRw#E98J5M3t-N|ebMrO=bh_CqZ
zSkhOI*b<QqP9!`lw!nd9srYP#QLZBFV$X35A=9du&YnSEY1M5Z)YH$=5yJqfmy<A>
ze-+-P^J%Dvk1QiwCpnl<jG;T*GtH^x6POdh7L=zDR~_ptpA8uqIQ1LiqcpH8?SAgn
zw3nr)oBwLb%B$Neah88}_F21*nTF5o)ENCK7E#WAh#;xuV&TJQs<@>h_e(xqALf<(
zac4c@(z9IHZfP4I_vMzx$c*vDEUws~WLiqet=mzPY?<SL_@ogQl3qjigtNw2@7%5z
zyKz^=)0ic+ah?i37bs(GqkLEvOC$%I8+NlI`E(Q%NKlG#znkn*6YGn~s~YD`rB~X(
z*nk0Ipi7`WeHpt7oLA0a8Vd&iIX_J8Zu#0OZ2sEYG0kzDSM^JlcBMKYJ}YPC=E#w#
zBNuF9kG#4KD}@F&?8H`*`+SCVb`sOxk5V0$JyY-cPu7X_(TTblT*K|D2*1}(Y`hZP
z;VKsoNWj8HLTKPh3u{@MZngzwhA(seFdkM!e9Ia}&Q!?kK-d+|9IC9jk9@SFaS*<y
znPCo?m4E{_(zsHn33+w$B#wax2gheLtu<F9X2{gplNC;_cuxu$oJG+6hg+;irKPUG
zj}$w7-sG}Yz^NJ&92Sm!d*wHWQfCgBb#$|{&7jr?L*I-#dH~Dd;R1k38IStra_)ZU
zqwTi%csk#fn?abVn2FOCLD$h08vbO$C}dlhbq|-pWb1}Cq3MBhg|ntVP#y0>^C2gD
z2|rmc@1IA$|7Iy*ohUq<-VpeZE86op-6~t1l3lX<P)Il_$uPGznG8*9N3H?ma<KxV
zblcJ458QKV_c#Xu3>;DwBznXci8VosAqqgF(>ic)mvEtJs_>mTNO^WWczAjB!DR1+
zrtnpEtd?~+*qf@c+zaiQE-yHYo1RArhyRBA25FI?^AN?sV~*Ft5$jZUcrlzfUI&+C
zX@*I%DhcswvUTOufffKp491vuj6&}mlL-_;2P`vB+t-`$yc{FMujzI*I6BvuWtx>V
z5!2~<pK$uRPYh5LPXlj@N}%53s#)^p#s*=F`I4OI#pSFSzs>t&Fj?+BcMy}ukF9@B
z<f>#jI_Z8{UVdM2w1-(%rtN9$w>cYlA$1`=$zFQvz_qAzMbq3orY3v1-<7uu6Iy@8
zcwp+#qVv%fX4|%qw!o7vP!TYXQC|NX@8^^h`<s~P`PuEB6?>(u6{@uZ1$@`C{(*sj
zFJE>=2W9~|_%%$rl4y`{9#`99mK2DmUV-SyBcOhS@YCL@j?Zfw?60_ITE0SJ-0&qR
zC^bB&>6=j=K|Zau!=heW_g)`;=9a{*1ZfBsXA5<CPgfq*U*2>70z;m+^hsx=Zf}?L
z(tmS4govyzFuJ@LQfju#mqnSuS|I85*s<pYgkQaonvf&xR!|xvb3%Ca#1v4TiJ02X
z)bk1nGbU;mnV6VzXS){0z(CP#7`&mL(GP40`@9(a3wJw447r(@Yyz<uu=J2dAdzm>
zAx}2YbQUO1!!JdW5O#DbJpzOrSCaM(r4!g5nOX=$AMgQdJ~Z?S3px=c@2+7*vc84Y
z``UrsHe5qmN@~&>vfU8dY4*Q(S}HOZGt&Nr6|Qrnq$TzLnme3DPLuxiMMQ@qjtwRT
zTvoV0*66Gua#QNBFCM3VMOndE4FCA6_E9ci;Rz9Sb_)5lvq+FAp4UJAO3J(8|H{oK
zqfs=~(Lu8O81K*3+l&AG0?rp8!-LaohK2}XXyGf-8lL7~M~`KV5Qw+BpPMmg$RpD!
z2d2*N_m|15f1BEu^%c!+_kkO&ecT@e3>^@*l$YgN{{9QX|Jh%_8apK{c6<M*eZrU!
zdHLt!^?ugmh(}sl-De>ZvIN_u=^>A{mF9whi=fY&+Ze}J{59XY=h4;{_lLDuM{_qA
z|3LSa2U3jAD~zj0;H3T@KEvAL6G(78zjw+Q^{;}=>N(pR%m#WqZ+EX(Leum6jRVkx
zA6;_sN<IHw(Q8usV(q4<|K6rXu5YmXYa13@anDZr-?P%<jG7ZXWPQcw)za+8lCj&K
z5DWkLKF1N%zgkRPSQN6OnYp4<5bbb~V315J7PuE2AAtPoj=>b$u5j7dz-D8^=eziL
z7%}_g$;Q)(yYd{!=zOct_C4hns#e2E+tn(Q@s-bBWoX^I_W%c>6LWvbx6+ItoI2%_
zG7qkN*Dmv!j(AYU!69kk#y##xS9KuU259*?92GzDHD!U{VcZI-f}M!0x7B#zZtn{U
zXg^yn_2saVr}J4fMCV0fA*~#i#Y#_b8WiKm^^=mEOTPX#*jP%Os&+6Ilf_c|y(@rj
z&Y#cv(be?|XoG*Ao-+sqx!4UjoyqB73n#JX=scZRj3+s4UeN$k_PUslNWO*-xaIew
z^BnBD<N?%0{yFAWR50#JPUQrb(xUsm7>Xeb*1A;7!=BHcr5Bx|C?N$?tPgqBX>gdj
zer0T}d*I_|^D27J$6uF9NkT&21VDfF`}aBLT<>;-xUf^dNvIrk?`LHv8u6N7UH_Fo
zc^$nHk*32$f)Gje$`9-0WTSCcN4}thZ|D%|l)2#N^}p)den=x^jmP(RsHWL|)#-4}
zGQoKh|98@3qXW)~9!H$1?KP0hp&Ix=WPq!JjBpijup?i<Uv@u8&4)GmT_mm8c~2D4
zoBC<#w7!gk=(X0<I$;dYw)wZ|T3}bb3UfxhTuI^$ItxV*uX)Y_0^RasUY1BysM)!Q
z^*zjEdCnVQa=2cBfvwvUZGjidl%Idum1+MFJ1Af5wn>4YuO^k*Z`L_o|AAuAb(>H&
zIH7tzY6)SNm|i}R#X_bMM48QMD)pxWHS74J96H9zwDf<wz3=H`(j^4RG%xP<bk=v+
z2_Q7-ODb=_Bd;56H@3DC%gbwqS{eSVcP6$8Cd9(jw5H=15kbJ9Uv^_4L7<<6OvL%Y
zlkm6&V#~)(cw;QFtF9TJL=X(UNJC-VCD=O9=fZQ@O(JA!20LPp0O)sr<P<U-5y7~r
z#`_@S=c}+(PGpuEk+HgcY8^H9uStcYYSSb9A@0P=)Vp|I!3h<$5lgOhBf?Hv&n$&h
zcE6>I{k4uixgTP2SdK_-_P43sp_cEQLY`z4Dw+zyto-$rSWQidr6(~a*5^1|ynQtD
ziHcqGT)^<K4$JbL8ra_fLFzCGK{t`@obhXGoFfP#?0!f^nm&Obo(ZL|V0GZYqtV?K
zdMW?n2tlssmY>J2D#aw|EfC9V3Rc*U2aEBIn_G$?qd(fi8ihPxU@-*L84%g#;4`@X
zmw$H-wI)R}1BPCJC$gl|tn6P?YwZ=x(4q|Xo8_;qXVvss;d!g1WI~P9uLvVma){b2
z1HwaPJ-zrytHOo4mE*Hor86Z{uSFew2(>aS2;|qa_PMW2d`uG$brOCogO@<(<BfTd
zKA08Ek)^q8*KTFDLnkp(B_>UhZSjcxfs|!^5A7b1lYhcpjaC`{e~UCQyNkg+g<GVa
zfm=aVP=?_R-lPhgU0$}{-j9#h;kjPKANv7tiD%613wCY`G<OI7)t&w$F#UfW&i)Yv
z|6hrn{}10xhWj_W2&4)?687KU>Lnr0<9We9Qj}1a^G}BL|A&!=I-WxpPhx3K>%^z>
zFIXdHZwH5is_(VT2+o?v452^TN^=lyay+(b(EGHi5;!n$b@=Dwk5&@4(w|XjK}Rod
zQu$I$DPN~IM5O<MM}dlfoT^3@@`K2CGgr2UhbESd2ye+6Q@XeWE<dh+mv27{)ZO6F
zD+$xpA6M~z4Hkk~!!H5dNzBb%PfW^d8EQRChUfKn81pl6Gx(hwe>sUGj``JfiU|Jb
z8e&KCfA$$~5;Tz>PtbJ4>$Lmro~ogInB{oj`c?00mC44pbsR7z9^OBwZs-NpJ69(&
zKRl<$1Lu%0_&8P7_+GTMBUhoycx6(T?)Ex)^z92!RmtW&U(m(_u?i|4e*I)(>{<3{
zqnFY0qVR*eYbOq|BmiNt1Jg(HXzI$$ddf5#u-VvhpS^*U_79-%%NMw`g8*S9e$Dzs
zXedeF{?gDm{`e+*=-Jz>0)w|YBQKz`CIjV$@dfHYnKF+93ZQ1Kp%gjz#hsFtws}BO
zcAYn-wU4UuBv2i+hk@yjLatvg(u0)h@YYQm{sRbK@SGNxjXDcGI2{22LA}K%xrgzI
z%++SG2OFh<fMDR$UfXU$oAD(}oA(qG-fS$eaFSkX;rBS9BX&S2_gNA`tBJWeWv7;<
z<Vd+|FjNA7ql}ssI|IrP@=lcZf*Krv`yb9bj7zh}eb=)+1A#JkFI<2Nu*Z*#Sgt5-
zr9w%}QpXeO0+cIEL{j(c2thya#Z70q-z~L)^gGLi6g?;sMz);<S_4YxWC@*Vy%Tet
zp;+Y=1(4w?tE!64R<dH0erBq(RbWm*whIuq-S}<NgkFkeXuHYR%vyI8#hL~30Ryjh
z_3ZAq-gaK~IW>oi>-HOcV_h4f12c-`Zxn{*sMyTR7j`#=?lmbD`a&fYo||ZH^QG{y
z->JY4?X$=i-&7wHubIL)FodfJ&CgTsn8~rJ0xy6j1}!TNELAR3h<Sl5!c=YYwT@)g
z%2(*DgrYAb^Q%s9%p!<HfYch5R2P6}K{*rc?`;hjz6>Z3#uTO86o|qD#A0qvjWAqW
z;DIX&yKRt>(2KkP3jJF~C*tMfBLlYro^7Ia;4T;thl1L4Tq`OEG5B%~{a|v>SfsA8
zArOQtD<aR21w=@K2`vwnul%y2Y25=IG8FWm-Rk%mJ6h^7K>^9H_LYDFz=iODF=2LX
z@s;Azb;d|ls{bvx&n=y@ufPGK%q%cvo8~31E-vq)`HxW>PADJdV8gff@GoGut_-N{
zR)B6MAoiNEGW-Ng95A16Ix!JG2~eqr!!#g^36VwT2R;OBu=3hCIkqvbA&_@SX3_hh
zArV**EX%{eFcE!`p=Nn)Kg-Tzfi$5ZjI~YKY4gIp&_cyvPuVPGb@lUwGn~5RsP@Bp
z{0YOraP_hxmiXsYbTydNz$i+(rONdH1sxQv75Dl(SZnoq4Ia<Ymt7x^xMYv@!h1CG
z{Oh}$nm5gcymUr>!UR2G7cu|gshHH(?QqBF>RBM~LD>RImS?Rz#tqfC29mq-31PMT
z+AuvHFUnE<Fafa$7<qI}S9U;NwISC#E-P>82-HYwMU3B#sE4|{`IM4#rf&YUX4g0^
zn(R#Y$W={wwSU@?yWR8Lf3l=q5k!^=HylSC@;OlP#Fzr_j}rb^dQhH6wHd%TSwoR7
zXX#EG|4Yz*_~}riln$??jQi1WApD}(I<Ilsw{@(`E~Y9gy~T^!w87HlLEl2x0-E*#
zMe5f821Pbhf{%c#Os_M>TKCqcS^Mn`_2UnuqykLo#qL8nRsZVQU%$rApl&1};<*qJ
zk|69%49^4_5QJUzN{c^ORdSDju=2FYFw_KId#;|?N~IxX6`l9Q4F~O3u@;3o?D_|Y
zJ4f`w_X|ju^NxPM|3xH%K@}+9nnyMTgOOQUzPCCOi;5_b9|Hp?-z3*T8C|=O%Sc7|
znGt8c^ARL0aJn_|0QWuMgzAA^qq);oi&BqESyC}{@tispGLy~rK%EN!0|f+e5|Cpp
zHL6L!=I?ydEhfy-EQCrJEpQ7AP9A5`kC@oGxhX@P2FR|fAlrfB#Y<!eh~<Y{BPfRt
z6`*n8tjDc7t|^Q!mIU|>6rMqqUc>!vT%IYWJ?mP9OeYi*4qV53Tr`{}sjTnv3EL3C
zQ$q3L%VPKZ+#07&HPnuu%Vv_6pPHwpvMkh=NjeUG4JsknRXa2Ih~x5b11fERyOkKP
z*G*V1E!`Y;B!IdtYR7H|8mu1#G%CaCSlg_Du5GQDhe`pHg>3<m<>SZI?HjjqvKE(@
zLG<Fk^c6lI6Mqffml<lTt-@O6^_Z0*wDbUqb?n)rLdT1Hohu`yK-xh)VSK|qsahyL
zn&`-j0qEM=E!x8Jy+9e}j-dD|kRE1eSDteXCGkhDicGM81VPXJHVp;4Mv&*@q3TZK
z^J<{Dfbg+;=zacn87Ma#R^&)Mlk#=ZdJ6KRukU$a&MK5kjzfrg2a+~jvkC*0&H2r+
zj?U$sh8p8pv<3?0d{l@BIy4gti?2P~+EA-M1#b{=QU$~ycp!5Ut*F#rkHAGTG4FdC
z-cHhG7MkZik845&PT))SaJ_<pytOUEGPRHJ!AG6yM1!Km0@CpJ0<^RRLONE|HdA-y
zd?3-$;1_Su=b%;ym6%tHO!OomcO^uJo=eNhDof4Lu*jkTlncHCl2ta0bucyPtw8M4
z-qCU5-O5%**?w5-$|QKI)tOJ5a5O5-l%u!F<bQ$z@A18=DjDC|XLFI+AZJ0x3BE0$
zVPSqArB3P3uqq^uz=8tT7mg$Q8mK4;?F<XaDSTdoCoOHYutDKux2>@v7Cx|_eO$Bf
z1X~g>gNr3Qlv1U>LF>R+0yBLx`#Q7$utiKcDCb0Zlzu#WS#IHKE$FU4v?;Nnq7pnW
zutrcMP`r{klh|ADA0Gx|ItEdKWkra^<puw^$uK|!O9g{B5gy`>j*68LDc~ePhhx1p
zC=Efj57!GK-Z;Jy)FQx70DoJ@S^2#_e$v~0d2Yg@Bn(6M%v1bzt091wo5QY+kEo6D
zIK)AkhN6*Uu!!L(=GY2Z$&k1(bV+xacEV2qPz^+@ST63Af`SziQ2YaZ-OTz)@UW6l
zv$HO+gwoP}oGTqfZQu|=EycJnX$n6ri#ZL>6hJhF@~~lb;#A}JCiIe|B{sB3%W=-Q
zNO}dMqd=&Uag=k)>tJQODMDmDE)-_HeG?CUa`Ys$O5x%7FG*hAZq$JCQ-gnK0r)?%
zeC7`+WwWM-SEb>%BLiI#IKS0Zl^5F;A81>o)cYGqo!c6)OHys%Ib$2YJ%#FM*}h5w
zTbip2JL^TL3aRYx|1E(OhSCFw&YtXk6F3_vgW5W{W>lC3-vC6sPj4BuJFwZ}ca8u;
zFA=|`MphB3BVDPEejOD!*%_YD*V(tF$^=h7LQA6p6;{hH2X*|JI?S*vq0XkhNR3yz
zMB8|H@6h7~6u>}JYUqA@&`*1ii*5%Wmk~Y%CiEPN^f4nP;QnfWghfXmv@><0gxii{
zHtZrN!THsSDie2oXgh(W*RR`*<(qzRcdbGaVSitrcz&$dZAuV;7s&94V5(5K2J09t
z^uY1geUzNUf#NU_c8-`TF$MzA9HL5?j8{KVbuw`7;F5g+x<Y~1f3ve&w5vPkLLgnr
zlE&N~x3zw35~5_}Nn_FK67%pgIOd`N|M%-_wqJ${hIKB}wh%w6_)e!{UWP^~5Yo{C
z{r7S+vOW`P%b<ZkZwKY|Y7-t*D$8}Z^)Q?npn|o;P>{AOYFd<><OZ;WF5F%N4qHB9
zNncWu8O9OZmbGXl0yPt<V7I-c=uK<$>M8TrU0)c9vTpN4{HKLHb`mi@5Z%Wbg&nCZ
zZ@hpy!8VAZApVeHy#u|Fy*&}q@+NpJ#QYby1%zG9Ap9%mJ1gWYKQk=I0ALiAoHp@b
zgy+_AwB=k~eOt>{CK>Z8y7u=fJkoYffU>XL<KfyVjxEX00z%bh+|dx@!A(CynO1N>
zcUn2dpU>vaaQ-@!EEzAS-aUgf@8+?4o@W`ulmuYCQ$$RbplR4otAu!mGK&GUw%|$n
z262>3OALAIFwraE$ROWX$qfv1$F^`$#6pF#<Nga{7ZU8keU;!u`#Si=_Dl~gTDAwl
zb$79)<r1(8;|&flZb-{($G0z4YRM}?*m?!ZipHxY8?M^_w2PVge$a0Ib=MwgIpw+L
zTFk^m1@V!x6a0*U`|a3q9_RR}sf616(H;GpeL1qX0a`{xIqWpslWqt4GK$+mU;zkk
zO_KJ3euN|i3dj%<L4HVDWSJVZ1-h9*4iB%;P*n(GOfIJyCEpEQx$N-8L%=mwxCLSx
zst5FWc+b47uHx?WWu(kyiGCFmbVCo)D*&#jj8?&wR>+0OyBf7dIC1=RFp<%K(2oOC
zD0-vF8Y+-lm&$_X@@|Yy?8P)3(oxGpj^jrcv*sW}Jo!q78A3TAO47E3bNN-E498po
zlZK+4+6c&KVU*g_dNIe5H(T;H2)}+PCmOQCnx2Eaxwtap;I$*j8sW(e^5{_Q;7m)o
z*5riT0;Bj|9*MnuhFnrZzeDRo?rN~(J(VD&>K(TDo@HnOEMbthj=}SEp2YuL6nU#5
zS28*)uL076*HPimK<;s>oR<PhRlvp*&&V439-MjyLss`96M3?I(`P&G3%40ggpaiU
z(p$I1Inc@M<nhI{qGF_1%?6bsVZoXwvxdDO8(0ksDbWjUeB&D&&jeyu<u&QLnwP&z
z1hZENk)awDNuDa(f$zu<5zxi7oqCt&K_AU1Zf?Gi4YLdZQJ;qj1^JK;{>1eHV^J&h
z$SY3pP44N}s=JuLVpIQ5x<M;*b3k_fd!3h1sW;Sj0D0HSU2wihzd)yn*7weB;b+I<
zhPmGEw{<v;kyJ0)mMB7n-a41bIzgEZ+K3m$4ezeu97nV{S^&!PvXX&@&lS)Udc#G&
zI1WdHyZ*CW41ehbuMEJ-QzPWU+ZU1wPolH0VH9Gegt*r)TnKUB?K@yVm_P6~HM+;;
zpk}{u{3Yzo#Ik(yI0Ei4o2zFFmsIcEhqiXPOU`QQ3uh7{Ph|Q#eD?DzEE(UgdY@D{
z!ie8F>3qv9?jq!6v-F<+rfbIuTqhWj#XoXE@R6Vvcyf3H3#w`c$n4@e4!i2ICP~vp
zq3DC6nzk`1BVwdsA+lp)QlN0<=Cj}xtB;wP5~`6B8(#|Oczf=Hpv0$$4e-=uIX0jC
zumjM{LQE!iZ5MC}1gF4TeuNM@4G4uFq;2Lx>3Ri+pAeM%pie@<umz}rL2rcmY%k9m
ziG>44(7W?uz1z%*`re|bHQO~jj0MjvFK?cJC|Or-7<&ARgpjGqmJIm`+9Tb`N99Z5
zoMt)1$X)@7y){^EOS{7oC?il+f@PgJj=1aqi)+eCOEwRC$6R^M-v--Z*n<}Sf<71v
z#wi$jyCWY#&P9W1I>KYGG@Yt)f^G~0UDHYtp6J_XatqxXwIk`*hmqaKZIcrZcAO$8
zUxk#SDL#BKQEMo`=_-_f5InEtuV9eE*QIcTi<ZDjy`dikyDEg>2pK?>D*jUPSy2P6
z4G0vKsKaTB?NAi0O%4Y!({DB3w|`gjRsYpCA-R79YHL(xa5&P}hZ`4}P~7`U#8_;c
z?XqY9y&ZV>TKC;oGV*OzsPY*gR4V4DEw9zW8G3;2DAG3XJ+dxghqS?8NrJBMF8I+h
zBRr0(9(u{Ha?lS>Cua!9YI`c^%z(J>_{pjG*Un-tkrxZNE(^-UhU2nh;P^si?$}&g
z8|Zl8WlcRm^(HxpyqevF5h;u~gOSSqJDe)Z)zYib54`Fb)`Sb~D{*mgi8DUzA`{7-
zVR>j<0GQ)tg)rX`H=VW9@L-7<zVZ2o-%)wlu=naIq<Max8n9-@>>F0hgV2?UyPBG;
z*y6?s^vLb?gqM&V*5w1`ewGk#uvi@z94Az<c@w-hca17NN?c-vQ7Y<g=i$)zCW%|7
zbNH)Kd6p&+{(wrbT1WMXF*+a8OwXZ}m9)gWIka0@z+%rGI37M*di@@!e~Z|`Q)9j0
z!Nx5db`ffb$8gxYvKHQ5BkpJ*5TplBazpacH{v+IX%NGS(ZKft!HN$ZvSnM@)!FF{
z!>$LQZ`|W`CU(^a`f@qYo=8B2n!g7Ome`K|*7BHH=>_`8=7x_pzx2f>FZ|#Gf%b)=
zFYZNc<&O75DWFflecHUd+|Hg|sBcHmB?F)?G$dL2NNPhW4N={FTG}wc9pQ)IMx$`2
zNMJgzf<B?&LIyOg&^<yiz_GV920bE)ltn<b?UB%x5+ZQc)^FMR3V-4e6P_2Y7uLJd
zt3Wg=615|3mO{Wj>LL8w$dlx+VpY5dE<>hLxM#8^z89DYut6*?uCA+_=Ct7DBu^mp
zA|80apRJbr&dzT8fXMzmG=@N>Ev=+(?m!#W$$_{IJU=S^0yc;cPd@AIWVtU2n_&(<
zrJJMr!j=wD@uL(8pf}JSkb0WCzevdoE4H!n+x3xwmY&PYon++YqyS6+DCcmSc{_>G
zKuvaQV*}0eKyFo{6#*!#%xzQV9uRe?uo;LzqzWhmPzm8xac86e@5E;%4@r?fisS*I
zrCMJ5tsJ8V$O?sgFkt@Jx5QwczAByY5BQaK;VP7Yflnf%6cY#076d6YD@<K!Q)-g*
zS{@F2rch2d!%60+Umq{xi3KhJElp-#!9f#G=&Hh_MJPbMrv-5B>RH0Rvhxyzm(Bsc
z0!Z>cFYgT87hQrA(ftS>C4wE{%E<vdDu}(H6vFUCCVSg$YLDCf0J@%n$pI*$#$9Ez
zX#;FxOg5%++Qj7o95(b7U<IV2XgdSsjKp43ER&$m-@dy}?wP5<xqLo(V+ZZOfo>w1
zrT|qFP<BIhX%RT`0wkX?D<~&+6`&{ZAF-Lb-yvzw6}>==rdvRCp)-N`nJ-$sU_reL
zooawBAnk1L@4wVjz8|29AZQZmaCexsiS;a)fzPXnRGJDrJppyokv+vjA>)DJEZv1{
z!(N@7Hk!r5{ES5uodC#9RLPQU#%ehTnXF8y4slg)-cuVLQBtDo=>}v02_vd11Cj<1
zE-48jBqW4NEYNNT@MFOgJI_*qSToqbOKR_9MKaQ@PEmdWO$tck^w0cOoI-OQ)8e^C
z(eS~VZimks?$NDW^JoeOT1^mF>{;|K;)thMc07}AAw9*94==8ysu~QFRr_P_)<1G^
zIJ`~f4CGV5jlBRFq_vpQg1)7xMKh#sz?eZF0#^3mjN&i`%sFG=6zlR4^}k34!D8;+
zcc04>5l+xWKsaP#wIZ$>i3L2E7M>SU`&nReg{<9^=syu?Ziw1?L1A0@ybrAFsAzi)
zTy3b;Zoki<K@shnGN2K1ETqZ24&%b1^N<=W=S<Yv6IQ^<Qi=s2H??qCZkim+T9l`o
z&M7U$M}xow{6}h=kz~wR7ZmmWJHCgjsds|$&0$Z}Gx|!<e}i%#ptM9AqzDLNy;Jl<
z{L2S`W|cAus$mq@<_Hi;VH5{30YJG2-()L1-{%#=b`gO4q_aZ7sRXoXLkG*b)8Fq?
zt8{Wptw;e$lM^5Kd@)uFO@uo4jr|KXj-Eu|FuZwKQrQBWEU>Ws8DX$^AX~Q{aA0z1
zaq!J@L<N3yCV;TpPiFnmiPd6izZ9h%U?!iKed$DgxV(i^JIBNzb6v63cK2@OX}MYv
zVVIbo#0u2(0Uce>nS#PXls68T(xstdRA5P{)Du``O0&Ot`&LeWkHFskE19HLL0TTy
z_r)vIHNJ`#F4q?2<;a(w<a?lU?xgZ^Ny2Mvm@<#;*|b*M@WS_N(r4FP!irrhi`zc#
z7uz>cnxKrSt*-h)@9UKVN70c&Ov1PRLJSDbt@Uf62!On{-Vb*of)!WTAK5VqnV;Xp
zW%Gf<TV$C1&zYGy=M=7hKykJ`gA8dd$Jf*xAj1(i-b(>DVBmfqQiB&4kXjLL+qP*T
z8f-gTt!HY%kj!deSJ6|lH&J>wHMrsQ`-bjawCr6}C&4nS)Xoznb||>>2^2%nVLHAF
z+BWIe8TsY7;lYo5xpifOn?#Bydvhy-X#%x@i$wcy-#nb-vf`ma{iqrzDiQtBpcpSq
z+2DOy&b+gx)5W!~zyBrL3{mL$9Wed~i|0)IZ#3+3<{%R7%>^9uZ}p@1BREgkq3Q8s
zdOGD;4JulLf=ZFI1vG?Ox5ZS01FRW7^ZwI3S~!qv!r#TU9+CZ3{HQo0B{j8Su6%q^
z;LFPM1LKEx(gJ0Y<Opl{Lo*Zwd-!++g-N@Ih9;ieOs(dQzRg6F+uOd{I#!<R18&6e
zOQyY@o9)?Co=3w63Cma)fg+|I)@?K45h(Y4-7$kfHENrM1qGJk3%yUW94F~ODt<5=
zA@I{jP}54Qd|FRn094NLw+0*`1uJxz*~6m}fXqOl$db9vf>&tBXns@Me`&63VNc7A
z<y!P@-g3I9A^pA`zo?g%sPy{9gaqT4+T7j*p(E{^RcDzbn>%8)wZSjuV{U3{Up$mI
zLdVNjw9#Kr8VGVCRL}0HkId4=Qzc@>4>$lgtVVuSk|IG7*^knpr|o@dOuH;pEpS_P
z2!N>u)=CEO399jiHb)1?&Uz8qa^gS24?hzNRKLW|sv%@X)jrfWZQZRi<YjgJ&hJ9z
zlr1gvKf{mje(H2KB0q?P3;uvl2Ary=&_zbmsp{bfT@p}5DYnIkLJsM)C^}o24DPa+
zlkTrddmslqve%T<Lb~&ST84+JdWUJS$j*EkBh_e$r7^q)A#(0-6+-)V?H^4TQQ7a>
z(qDC@hySHDn>h1FhIaiIWEXVtKmWY`e=n)R5cO06KLEwaKZQwgyuWp4JfeTd4s{$(
z7`m~v|2q#6rioouv~mjzdGv@LZISqtUP*|tX-Bw_heY}R>B&1k;(HA^E<)!m+WxVh
za9jnv&GyKVBR6c6A!9<ChAKwzG=3+ce<h&Y2+Kb-BCDqNaH@I=c_G6BKBaoZnG*gw
zit;pYD0Q%lhU^orCUQKljHeX8%fA1Uk}p*^lD*-64x%UIu1wH@23G=I;3#x@-%mG`
z`9J#ml9IX(oF_(C4>3n^gy5agvdGbdr^1c>ts&;(sL2yB?&AM(+ykMgQ^Sn%EI<P{
zLLq8T<?iay0Vgfg)u`S}Cm(|9gUW;p#gKpD$Hsr??0~gMRVG0yJy+_x&5uUE5A7jd
z_#_Ee_o;FIw}aMpzZ*EmvB4dA=Hi<?XF>Lc!|~5EPm7Q07XC}ipvK<g^ilaFGB6<Y
zOYCrl1!%piKi0i?zW&>ta`FEbItD5xQ6V0CTSO-#Gthb`6!IXA^ZR1Iw@h&50;)s1
z{^LJdEc|ItPY=++v~XyJ>;KVIg821olZvNM2IK~>Mh!yQ{_VB?c~$Xz!g{v|8^reI
zVNRh%oz*a7r-SJs0`{MM8`DGhZkeCv*0+0qx`0s7PBMV~-(K`z?63=`N~OQVps&rD
z@qM4?D8XUs?$Ma`oG+<HZO&9}THeJnovxWx(1$fP3#|B1s6#K>|7ua-d6mmBANC%t
z%8b6!W7i~o0hcY-+(!VWFCCWyt4d1xP)OJBsardil=|yeQ>EnF3eLUf8L{h)P36zK
zHfYFnIBz&AlH?v$_$?ffO+XXqwuWXfs2~O66x}7yTp`nv9SaoV4-N5_eXw3>y+GFy
zlpr&<$pmdfAXXgPPgy8_GA9@mw_U0WzTkgpfxvdQh`~Hr?@RF#(~A1Qqat3HpjOj8
z9~Gieubc;JrdVNjEIzA|hTJzXO6vE$VI0&7ZO)v?q8z(XZI4R(zAi}ra6FgI<Awu=
z%{&FU)oR7!nMA$|{Bdo2xr%C36<DkaadlJaMd(M&7N~wHw&T>+uT;mm2IsKt5Ii2P
zV2yX(e@GV}QMRlK?(Ki;GaO*08y!?2%I(x#?nYM?;stTQX#{CEp@R!))_7|vNimE|
zBCkaQ+{Ak4rzO0EgfQ!c$3+B)B(uSfp&=Xuc$B1_G8p+^A2|#}V+xn5y&KM7yzKFu
zNb|Jy%&?)I!+c#C=)Y){{yftbG%4f`_si|&@C+&Y@kabi<ta~D8i;zFkT<98vtnYo
zK$8b5zTr-DDNWazD9ePug?-D5CAa=bd93~l{04@Fo(zM8o3DlILM!{D=M>g<8yi~&
zH4#!4Lm|)dc2r5v6j2wgh}P}|^uE@8A}PG`qg{mwAq*J2NEZpvXg!CR0E<B%!#L=<
zK?roFbX{-=C_42+s8{#v21MJINNOBW_xZ*h>Fd~P{jg{)m|Bz{w7Mk_jXt66Lf=0<
zASe(2il2Tazhp!ZTrbFEvLWXQh{&jd3K39R=blPaYwMbstu`dY=t1{g_oJ#$_N&G2
z7)Dgm8K@cd!<=VaGnFo+U6UMrJZlO>)MX7@F}@NTLFKw38#M4Z%9pkfyS9x8-YtY?
zX>Jj#k?!v>CKX@Lfi*hdn1Xoa<_1G+DphxP{Lr3aME2g*uc}rOPF)mI4J@NuL%sl~
zKv>8hk>xMFJ<oxPRKXbEx5y#07NS8oRWnZOnS`Jw{5A8_QjN6W*h&io$cKTqR_T66
z#~Bfzn=lB??|gy+3W?XEKAa&vn2ByRg7!}TP|7T_gx)mFH+M18_9uX?ek^Do#RE<Q
z5<Te$8oa1DVT1-N3`rmr%FoXqKe`=-4d!=rSQ!T5h3hv0_`hgq4Ai<GWVkPMC8ef1
zHm+MA?r(XB^^*QuJOg=>kYI&Aq|aK7mBLZeZ0HT4qON<(EWs3J71defUGh-VS%BtV
z=&Hze&VVLz0H;t^K#RAqU4{1d8TnRKw0RTcun@u^E6+By1(`hTF7OocUzYRq**gQJ
zbtJV5t?;4iy5@E0W+~_f4UmV__3}{#IvwnC1Q{DmjJ`K420gK$V0e*l(6l9Q47xi5
z)Bptcsa0E;%*`I7$_VKCPwvA*pzY(26z9P4rjvKI*Pp&jpg9bo7<@L+9g~*%Qw206
z@CHB|5P-G^@^u^?3M$$K!*Q+5nfQl5Q9$g53c2-eEU*KA@@Ooyq62!An07NJ=VHj6
z(N-5o^U=1j!a`5al`lUX%Um&ZuoDdI;c*pqn|VA`!S(@_NI;4UY!z_9l0Vze5YOlz
zQ9*hKJWAdrNIEFmILlmcAQ`N!=vLnr2|t+Y$i5lVn=mcbSyy@!hm@SwyM*!mm4rxF
z-jO-$=hvWj6EsD=Q|qXR1$xoyX6)uSop$pdif36Z9r)UGb$65Ot~7~+7n=9b&^k8L
z(BiXMhCzM|t$H<3f`KQ2YvOoU|1hoyDr~yd@DbSmqy`Z7VERQpKYg@YQ|M4r*3^V8
zV&32K$rXWPuAY8xvAUV1IC)9tIw~eb_g;aGMfT$y(OqW1F+={m*zfuTmof}h5&tW$
z;Lm3im%WV3Lv;r}1%fR1D_bRhLJs7tk}gCr;b>Be(TupxR|Et1+F=7%H2e+oWkI~k
zeZhgLeQ43E@%J-9S3tP8DO?0i=MiW;gNF2asAjH06oTtEeiI}@04YBQ(GP5x0u5(%
zpo<xQ{s^QLDBt=)XdOQISGNf8;WyTXB~cv*+8YTNhxn+zy-c^#<0RNARA^g|S1j;7
ze*d|AXew7tla!R`O>%*N90m$T_wKnBI>%S*L9=_?>1UJLr-F}4%tX*WLZE9<(}SG<
zwf+3<gkEJcMMXstxW1mDg)ks?^c(!^U23Yac*~6>Lty5J>6@N7Uh@frVhI%2TV~)G
zab34cSiQm?YZl2dGDlc-7&>TNwFU_vAh#Q6*e1~>s@kkb0-^v)G_^+w<$OnGOgj^f
zM`?otm}ys=>(gG$HqXz=bTt*fE3U@Jl_BLLd-xEKJmj1*8GJoaBIQ$3Qf?q3hfSko
zWTYLUvRR#n=nW$0EW8r$Y;4A=%!mulWiH!&N}o@2=?&6$>i^*<c5UlYy!y)+m8<Uc
z?DtehB-NeI^MnqY)>oz*^6*xC_4W;x)}T*d5hONG=$2rfQ+C?mH%sVdbaEj0%KV^2
zxG2~?9=mWvNkTuTv1Wp`Ai*i+<!z`@e!Ldg#Te)Mi{J*ui(u2E))ftzZn=YPxz8%v
zUqj$LHSrFrdOJ5)3XY(vr?LCNhr&B+ukK|w6{kC5FE3QbHz&LImt5V(9sM3hHCUqJ
zo#r9Y7h0yBqpLbKb<@5pcqprMO^n;@dXMGJyW#Eb?%!{O+-A?sB{68q{iyh}AvN5W
zi0J6z&!*>Yt!~O#7gb-iG_!@|KceOdr2|<Q0U@_R_xyI7)7ytE7m?`tw-=G_YRz>8
ztdGQGUI`U=qcg9)a*^<SyzuaNWeZIz3L-gkC4#ElwOb%}@v&YuSo}W7**qLOSaXqG
z(5JZIcvR)p+oW|o$3PALXI}trGd;aiFQglkl+{yA`WA;GlTLZKyB{<*i++q!AM;Bq
zqFkq7ms~HUSbh6oCg2mBCl2yq_t+()YlqP}ir)mwY>V*N5+`a4DLJX%g>1~OtTeR7
zbQjz0T#jH5uwg^e(^n)qsNmwqs(5YGr+<#{F`5!x5o*?2DqT%by(nT&T*{p*)zDCi
zd3HAf_Jf!HFyB1#W8N)CR8)=;Ari&%QzK1xvT820`^M$N<mBKt>jxs_*ZFvZa1KIQ
z*6i%@+X-APbHc(?Gm9lBf82B-BpG13O-Mo_$vg+rju*-aEvYsK^_Gi$(Ts<lTV-?$
z6Jb&wljd>RJC4%6X6^^_X!&LM*`vPbiiSt5t)&qUq+~wVPkk~c&_4aLuQ(7=UC9|!
zV4*$k3=>Zb*7?2C2uxK>cxjoE`d!~tjVIBd=b}vGi03Z?F1B7qJ2@8ODe|vo1>-uc
zI2qar7l&2sHgHe#c@m@~fQb=P?x!?5HYPq<Y!YUWN!P8krk?XOGHCct2yd5Iad=)s
zLn9=YgSNgTAS6eq#evh~JoXc3Cqgg=^jGc-Bwl+qX02avySmGfUlK@#x#|6IYookl
zEj5NehKI-2G#u<5nGf1-f78q+gg5;)eP=yV%ydn<38vHO0XeM*<HLcQZ9%|KF19tD
z!HkZMo`P$4cVmz~qpY8iCqtCe;r`k=!689hSFaKbO`7t1jFTY@9xB|gY$*el;FB=R
zz{{(+Evv+*;^270ke9h^+OsEcxARA-dQ~wnNBB03Vm>$bA3%ie-y?x7Ag;nl_{Gh+
zK1aSaiM$#&WQEy1{$8HR8g{!LEYb9C{MhZM83X4WTDFPq%{)?A)~6A(J|U-Bh>m9v
zEho7$Vq-%x0S6l*7HuVg$D5*x^v-p3I3}g1Qy*1$cnj1knXrfe(?0Qih$?dGL#gp(
z{5Kr1qOln<72$=92W&9#FV43lW*ccg+y30RlapnB+Wu^sR+#num2m6(By?%F;rJt_
z<>6A!!jzPi2jTW!3u`vXg7Xc_z1saWWWprUvWl<fH9}uj!w#lbyEzFo;yB@c0gYEw
zGj$r8`#{>pk6qUwFFnw9zx3;UXM#SwyBV*Byx_@dt!~N4%CaIeYZ(=XDT#4zySD{A
z)C=e?gw37QCAuLhrh5-*PWoijdc68*=ja2|)kZ%!A7cDy*Yg9z4u&>im8a>Z62cvL
zT^af0T{Instwehf5z|Jn=~>>n&o(PcP<XAz6f(fla4Ij^p@r#0O?+k>Hg$g=veDQV
z_u^|(gXOh4;sGO^#=IY};f&G)ow+r&w)kE)D&8^D^lWYiobjFudNQLlwN^jJl@CkC
zo#QMMvPR0tXAH#7%-VEcH(@Dnc^$DM8zlHbL!FLp;sHW6bEW=itXotoMeXN1r>?Oc
z>>ERxsgZmXeaYxW@z?GOl4<gbf;nd935HLenB1G`=<N-bQ`xuPue}5tPF=*+Q|UBs
zufny!8F?rn5Q+$E{fg|I?G9NBJCwbE?fuHX4HxfR$f4|XRAppv%DZf}c70perIB>p
zVqr@R9sg8?NJg$p$HG2r8=9C9SdH*XrmstnPm@j33;2TzzEUaad~Z4V(qUiBn}Cs`
z4`@8t%TS12$Vi|_oSZxdbAx>TPWd4H{<lO9@QjkqFTkgC^;SwLwt0d{CtJwN%FUfS
z>xQkQW_SDB-8U&6uc`$6+gIR*6C2SsWzL2zn4fSQSb8z;QwbSxwiLY*%WkNXJvv;d
zgU^DaB|P?`ZhNeuq_BNn_azdJPw|lccjTdKxwNP5xi%8SoayW1Q|mbD#Id)#%hhn!
zf9GV4lG`H7G$)~VHLDl%UZo8TV8A(cI1oTW?{&MWgI}sKzFuh-6}7H@i&YvtGGXyY
zl?}{5vt2_qKQk>eE9R<O#hy-hs_m=yH~YV+Sgb59dCPQ6^jNlC(`i@}e&fjpGmb{k
zj9^8Z)2}8cjuUb-!Cy5uv%QZIzSI8wPT#%|T!Ids9b6qzU@|546KOjdmd{xDHfteK
z;n;!64IAh3o-4&{cHTgmXHxc~!!74vm`}=?S9N3bDOIH!7{LP}ylFWP)yclcmwLfl
zog&Y}6A?LLbUk8(m3sLyx|_!Iy~o7F#3k-B!{9t&5Nqo#$uP#?>0#8L6pwNyFZUe_
zOqRXVDjAXxGXHk6Wh_n0R&~X$Hiyn4*gg88qN*d`6;*8*sVd77b6p*mPe~rl9z*3H
zx_1n~p+|`tQZPNJ_1}xUt@ZY;4m0l+I=Bh6B36TB7J>}Z-PX)k>^C*M2{z|HX}5#-
zyhm3Edlqz1ohstRI-g>EicDDXTcaa;+u}kJ?9A$$eBJG?)1w;~xOLr#sy;?tXUe~^
zT+Q6~CWqt*b7X$j8q0YNjyZlvWuA!K!?$V`I`&Rb2?>IfU~XoW61Er-c`DNp&^~55
zSGu~spVF5Q#)|u{&Oibd0#X<ftjq<Q2!N={BJix@+Q}yrUe$S$;A*$8I}5?wTwO?g
zp+ID(2nw`|Jr!a2jt6_YHTDOXO==iUp!LWS-bm*2`)JtqR$mUtRn0oAJB$@ZW6I}p
zNjtycaz}bt?yg#;`aIZ5Mm#fXnzyJt;w#CJSloAp!#Lir`rd>bLlkJa*bMoq+8}FC
z9f6IY0>Hjl1^DiIjPsorqV;^VhzGumt`oC%$?3Egd{Pf0lZ&h6l<~mc#B!7HJAyz*
zIM)SyMc9uJ>Z!Fw#j2j5zBSFuh^CXe^T-;(@P`k*7eyUT!x{?M44j<cy<YBv4oS7P
z_K-o3h2CpYFgg=g&!K0}X2!baxXUa|p38J3rOt?<;j+TDiuanNsF8#|mt9!u%as)X
zTqgDv<FS*`Lb?G6E&`@{?UwKx6?$f5DeDoK&FlrmGkFA)S51<Ri`^=VeEL*^tMeY+
zHlrBZBbn1)Q!||YZIl$Wwm%;iXyh;n5{vEg_bycts5StI@dd1N=6q_Mxyr$_T8&6<
z^pX3oWS(7E&j;9|MoQ}o9)n-i0V~f#gFx&kT4#VR=4Mx=$*F6+Q`|BXHW2!#<g(N%
z?Si=OF(OmZD-Y7iHR7_0M|8?}DXHX0RIIYX5JK(Km$oR2cqJBVbP$EN<G~`)_<A{N
zKYDvP<DG*TS7=)9R2^J9t>lBeSxDZxws?jw)o-`X<o8m@)S^xsHVrOy$u^9B*aiy{
zY~|N_!kokCJ9p=~w4mKfd-fO&3oT*TV+hdK3xIwwn>>f>%~OYswbfj>v->af4S<VZ
zY;7iAy63obLX}Z`YGv50fa$1F8Ac9gR4cw|vpsk1#7zyHnyxe5#m)=Fw-n>fG<hhk
zI<3|n8~yR)RCAjynRy`;neXiIVZHk|+gBv`k>GJC%qTumVOj4FeT7!HeEKbX9<T9)
zzfrx6tEZ~U*ORG8w%`n_(10vyP;Qb~7Hb<8he1zhnJ27$!->Yg$-_gBZ@Z?90M7#y
zE(j#IZBiH2?PZP>e<s+&=@YEZ7t{riyOOW#7+2i3FfZ->xGDEytf2OV!gJt9FvIR#
zt}V2Nq+ZN%Er9y{iH|8_|I*XJ0ucMse6)}B+SRLm1q)}u`4L^io?(EPq7k<ewHEd^
zg3*Yg5xp^tpv*zJ+vRxN(Y%?>L_=e6E=-(ji^t{6PsuS0WR<Y+H7^N02ZUk>{|8~f
zEj$pNU(o&fkQ>E^5Rbv_gvSaqf5l(wi^d8}_N`_`DpQh=OGM@fos_RhRJK_ogqJha
zb+}?M!8<OlQ1RM>l+7ULns$j%Nt@#coH{3+y71a_^5XPaN%9q<c-pn@6XJ?fT@3`{
zd*;sIDI+m0@5{b&Iu%aJukZEnY=dwbyvoMrrlIS6g2KXd5DS8(=~M~_dIBnzz9|$v
za<}8EsefgIx?N^aju@*V*B(jsLB&!HW6RjiVvC-u=#;aW=VL0lHhZMuDY$nq9g7_f
za!n8UI*6%${^~fR-Zc4Em=DW+DW|-)?76%Zz0S^d0dEMCCM%m7hU6z4FA%b=Z22-&
zl6w-6*n4ow(sr?@oHD`VY)d(|-4wrsO#N8g!mQ6-n?fyjZQpOV_;RnzC&!-?pXe4p
z-L^^IQl|wlS*$HISW&idPxc`Ez{RCCp57xi;6T9naZ%XIr%6cHyc@Z_=#EvDd+FC4
z;e0jr#=bBjSdruFHq<RS!eI+ZHZj#60z@||SU|7?z%lwJ^JnROE;mxFzWvN&fa~~E
z0FlNSJUC<jZx-zF7TKp+BT+gb?i^TZ*dRX=Jj~06J6iwzA;6Q>jk#-#?xNC2=D=$f
znP?n(!C`t47jA?2NcMmmO234;*6zv>w_nWTV^h7!P{pg#JbLDxnrbVZW8k)rkEfLP
zmCHtfYN>4&g{_2Tt}CK+Vrk?_g0iJndqKgO%a36R*6f_5logJ=zHs`vF!wgDpHEs@
z768iqT~VpHGHs8nLFA3lJ_HBQr(6!o6WLU(TjV~cxFg_DMi$z`5MQ_Us>yK0`2DMm
z@>lqPP07tE<1Y$)=J)9~lZLzpAP!|78)P*>KhB5D&M!Y;+1sRjN)l+ZcU9q%rXv&Y
z<D{sxNU%BxFSYLMj*qbmw`9lKClvDPZeKV9Ask@X%~w*MTZ0#3m><-RE9o%C_jXJ2
zIa5t@sQGw1A49x2ng+-#Y16w;05pK~JWf!T?Q;6)`Vhu{y?x%TQUhx?E!O5dGNpcJ
z&4m*%Tq(I1Ip|yF-P+sR(~5QLRUU@Dl!dUcmn*if^DyMD=AKsB^m2cD*M<fmZ^UtR
zvY=#+f!d?JTw5@&@kf$L4Q~8&Nm*^Yds&mo+z(AGw8~E1sPc_&-OAf}D7xjmyW6VC
z#YVKPgf~>CzO+i?XUtA<5)CE=3@U{w0W;-kMXJw(3q6fwGyD$hu(nh0B0dKzl#v5I
zK0c@?d4A<3*@6VDCRrDmpC`q`npoo7xCKglhvMm#eM6cHLgwSP_+e>2LQlgcUs!H_
zr0M7w-088@(h@TNk-k({HEVNoGby9&E-5i==)wajjL=fRZFZVtqu{}_9d&~eD~v1Y
z64D)B7&<#;E<TH@8yXn!1r{jyB4VXFf-b&9TG__lMoLl`smK@i9pCh1$nRsP-h$(;
z8hLu8fEO5k>v%#OOnKi4YrABU{v8>pM+l@#LLPG>y&3XVYroDyc0AD<V+1fuR1O)2
znqFv+m$~N%3Vm<>%q4=<=9|&UpFf2LGgnSi7m?y6AP_fB#KmbtBghTUO3ST#yY$gO
zdAv)TyAH^zX7mih_Y{cIkcpp^kC1*3atOB`kLM|+3R=#*wUANAimF`cG4&4|AOQC;
zAEd2zu2h0lp(7*&7Y!mk4XiKir-b9=!Dk6OZL1|itRjH9-K8W#yvp}%o=h(~BZckX
zwpQW*(%p4jJgt9estuspiI>hWM%zI)By{Jv#6Aq`K&0AQZjrFEqK9u!ldo5G4G4`J
zHw5rmS&UBuJ@7Hh^X1$%qnF?3fBD_-E9Jze2srj9qjlPx*Uga`fwccD9i5DRJJ<i9
z?k%9Q+_tvin-EY@L`qsfMMXhWN>ULq!9YSv2~p|pFhLp>QBgp#X^~E)MMOlpOH{f+
z>c4LHK4+hO&W<y__aE>0KF1!z$7jRytb47w=9=@mt~nQV<x1<-yKJJ}aG30r$Wt^Q
zu*IhzJXjeuqwBY-4k@>5vW-&j7lc_?lw;rK=dVQ%w<sJUa47AAIkWI+*Hcp+;DZH_
z!y2f^GnItzEYk00Bw%m51>7}hdmCrn+K~JrEP4E7=o$i!hY$IBKh&i<X!rJY@T1eg
z8GVOA4Q|TMC!~4~5|pVQ-XW3cXsfd%<HXKW(t71c<BQxE+B*ynPb@b$mymFOV&nk%
z#lR=92vpd`dj!6*aA!~UWI^1Ai9cuNcC|$H0`kI*a(c^PzaCkDF(?vO=pg6O$#PJX
zx!JvP-|T4J$QrM><WJU<k#kbck-(ued3XfQQsg;T`^PmcuBv<wEUmUC#|xPS;<P(1
zt|3WHsd6{wv_`E<lehGk2oCRF_U?=>0!u741y%-OH((&SECNc{;h90#=J;In_!f^=
z;u&7&{mjD5ZAo%NznX=M%Rb7~yVKUDOjr7sMsQ!c6WT|zDfQFKGRvw9+u4@oUw^Z|
z=iW1yXNDPHHWIR-2Y@0lB0UdS%-&-=CS4e-Be-YCb+d>va)Evi-JG-H+EF-p4vjh>
za`v&mK2Xqj<N5)FkmT`ipO$8^s3<dwKS>sfH#8UPbjdSh%O+VW03T>Fuv=eW9$7v%
zABE2osqQvrK7CI8y@Z^rp2*ux_0IrAd^|EqrdK*zMQoC~ohz3qJWbkw-8WpDeS&yN
zwWPgdd48Q`>#n$y5_*!$^0Vjo`7((o#4Qv4G6CnyCf;iel(u+P*}s!XII&D2zxLuL
zhPU^=v#opU{XojKwTE6*YA)39Mu9WZq)oL>fxcP-Z(o;n%yL!d+@m#EJhM1k6t_kT
zzyl|fS@P@AAg-e9CFR4WqYjvDzKu>i<k@-uOvm{)@6lzt*9h)!I$R^nl%E+(jvlV4
z7)mtK`s~fv=+M@6yL;dflhNZjojhypW?qD;{C3TnA9_w8c7I8iaP!VB{!u+$cUAvA
zb^Be4_V?rL<%a>7ypXkt)?v*>oV(_3IDSYkGH=`a+Kib;6mS(}-fPhGDe+uY*(SdY
z0Y=)E#U7KYonIK7X}u6`Dbek`+fU_e@a5UOWy#6u6yJB7M_ORTmjGE7`ERf+@esfL
z%;wz#VvE%IzNnDbGyn~JwpZ1pWIHFH5{>St^mo@EK75^nT-BqwHd5AOwcJIn{pF5Y
zndLjiMo0aa9~P3HBH6#EZr~=@sruYGdzow5llli<*i1&g&+XSaCWj-uXh-g&SIaoc
zQWqMZ$*5ASooZ*arjH!T)sQ(<R>H{1Ch|_mHFfUx=CfZU#B$WH-1PI+x~$|UKsd2_
zjrPC!@Ig3;(rPG|D{Kb=xWi}mWX#yf*y}<GAzE(PpN%uV4YDtFTSLF0Zl*QmHUCDZ
z2ub-_pB2nrOth*!_XH*<R7z|ra(QHq-yNSc-$BA_btdRu&);yud8t!8nak?tY^ZF%
z5oDYf$aOazl*5^q`he@qi?bWdih((G<^mq}{a6yw$THdUu*~Q!m*MkAbGCv6C#U|V
z#xhTqFa^LK8dIIibt(4bav^P1P!?9xVU13|?((0AlKYDM>s|;Au#M<f1Vm<whHv#v
zsUc2l?7OWw_QeoM5%1Jpx&*y>B>D=cepm=Pi)|~OHQeGBXls4-MOs~t3sYcn$G&$#
zU5-+>D+6gG-ikWd*=6de7GFpqd$tVp_AB?0@7xN5LwKFh;EmHZcEqHzy*;>m)rn{*
zGJHbbMR(Y4>6BxfxnuLrEHz!%w3G$LWFakGR#!GWoJhway*mEgr=ScIx%Jtx4QAGN
zaV>B4i460UQ&lwsx$gxdgW}@{MMJf^E<Q6cwzP~anR9a4cWMi3QLJ+QhAr%R&YfdV
z%Ej{4dmZQ*b~Vob0vYJ?_!&oQbWS&OaoFf<IM&5mZDD{K<o-L!J-NneY+eD2_5QQ>
z?3Z@g9qcyz&lr)La`+G<Ptr0#QZF8?5ai%kxCkr8Y2h(#EsVgvpf_uXkv-+qKx{~*
zPY$u}A6K-M)*m}btfZ&sKVP1jU~z=r@(N|}`Pl2g_p-%s@85R?iv1LltU!bX$4f0y
zaRV-*{asDpbI+>wl*+Z+cV%X|2D`6S9WYz9hmP;(hw7ChE(m3d(J2nSeN$cHWTAi{
zKIPxyg2%s&fR3+i!^`FQ>=$j1+V>2JSiLM{V)i<0cm!YG9_RcFFa~*n**`x0%BoTG
zM?W~cj12znGnu`pi6v{R>zM$7IGMI?B5E#D22%$AbDUS)!jGcPf&4C9i}q*VwTEIq
zL7J)TzXG3|h^4<gD;~HsZRwJ=6y#tg|26RWw+H<HZ!q<{PPyu(86>8Z_Z@dUv3$X`
z<*AFD+y?u(YX8=>ftS5q(W48Qp_E6L{I-6$1N<M$oqGhgk9r05oqMoxd~(I<(^mTj
z%-on|pUTm%2(S52tXx%7eTd>Y<v+r=KYEI&Q%6Y*_~6cb*Iy~1pLZGl`W@X(Fd!m|
zP+Lx(K<d|NoGkxh>M!gjW5vx?#L%xuRVJ&~;s5y4w&xMCj@fJTzyGie4em?)$9m3)
zKZL#$%+w{)c27Q{Xbt}*1pQxshT{b8d;E1^!In(R6eztYk8b_RnXTt&&-p`>{>98*
zE+K6-W-nE?#6R}lzpov!Od$ocOKTZ=&THyd9R82Y@j2^Hn_j(Qxb>GPU@dvM<p05B
zdBsJi^x6y2XlG>$+viz4A=D`TCARp3Pc`F?V_-8Ic{jdpGiZV(KcD+oL*W%6K#QIU
z6lIo`ZJh}hxRPFCwEcQsoVpP5PNj-@@6BIIXV(na@0f7uO^*C^u(>oa**|)0d2^cf
zvQNp8N|f-e$RmbLishb}1LFc{xhijyvreErSPqgW)QfrH>;qB=_%XPpk?eSn!uh$`
zA1ja}(%>9Ha#t7Ma<p4&tGfgl7$bW`QY0kj3b5Zg8`nv7OoXQyXd|L0;Yz@RJVBP?
z;UizGn7G~x<%8q_)A-$|%`e71+{G16mIJ8_;Qx(6305-=h^#R-=1m^etVuZwN>rCj
zyg}x!l98sK5aDS4(q*hDfFX8#t2XIOL7s7Xc<HLP-6kes<&`eGKJ2f{iOr@Y;Xl!h
z24)D2I5`dk0l*}@5M(1-2E%r^=e{#rbcO}!QoO;;E3$;3UQ$_rOgB%B^?F#>%YH8N
z4DrV8jWweEBja-%17lYXn|1HHdms2FpRx8Xnw;039Yy6d$A)HaOdJ`VasDyR4u}T?
z=^aK%+Av{#`<YziWmiam`>vX%9X&EJAf8aA??zf#Ut8OH5y8mX^DDM}(Dg?I^{i4m
zPJQlPHaFsD=7g*Zwx#{=N-qIzLbP{3HREMMo_mvjuu=!m91<e>_QKY;%k|~r>LES@
zrPvd$reG8dny%ld=8<0nv_Ycq8Q<?!r_L29A*le`mCqpmp(r$_j)Fiy`5<u9v&>Ak
zbd50rxS7v9Izs`53j#Pp5&>L>8{_BQtBpNWA~z|ky}uWf!^IOaH6Q<k1<x=(>G3u4
zo*{h^m||a<tl1oQdZ5!mO}Rd%lfB(iEkUrN;)yjs9ru5_yht9(aohb0$qis40Mqt;
zenVdONAiE(C2pTYU0i1q&skFgcH=l8qGxG2<n>r=EocXsgcxPOp*WKVeP+jyB(YRk
zJIy_2Wp{mrbZF11o*uT{F=Is)+KyI;B{9vV<sy^>6ii5=k{tC{lH0`S^M$JCy8y3{
zaPYt&5YfPM+4H$#E53Oe@gvP6p@ic50)vy>2nX;GM`vSKUR4eP=mzp>B|$<6J9o}O
z*Sje;Wc+!?;wlCnxnh`06%rg`+s>WTNIUB91p6cN#b5OJ*BTBEo5o56=vcEP5rU+f
zVBrv}kYpRlh-2ldrTp!<RO@npmf@-KebIOYTVE?<P~+1!mZsq8DG#`2FZaGr96AnM
zt1A5`GjSUow{A-dLBu^xh?oC|7T^P0TFj8gU~EVNp<&#6t~@2=or-EnVoCMb^5Hod
zzShe+f<j>IQOde!p@V<gZAunIrrtoTJM-ue_4Ibwu<;r$u1lD3`x0TG_l1${v&{C^
zcY)x-n#?X+20pNBtVEKHr$LT#o#G-=RNn#MqjRq=$bSE>*RG%<2Ty_eHG|n`Wz|({
zj6eVwf<Pt)o4B?E-7OM#9uD=-`r$I%zY1tfArReCc^hUdHI0oEY08iY(50@kWHXPW
zW#IL5U59@H9vGRP0a65roNl&F#J8^UzAOW1tP!SXN400Uq^qY8Cs$2Z3T2y~XDPXd
zy$5|$=VETI2f6J5rA>yWOD#bLdK6s#g$q2s?im*@vof<5NIH&4>ad&iPYu-5EEw02
ztRdTCxp7|C(10PCmw_=WG1e~>BY{Ul`jd04%_~%9HUGq?mYA$i(4q`vvw5Ne!NhTw
zeM#nkh}OmJuHrkPu6O;(nJRLdx7?joY6!pSx(1RBlBXJDyY|LxVOWNJ&6>S{EikK_
zIJ#V?dNy9sNAe1t$)lK<CUcJ?xc>;8`MtIjpE>~MYPvI=1c~2?X3im%GN2xQkR=9I
zLohYRsR2ZaGEByzHMSTq7D&8X+7z0||LoL=)MI(u>lSiJ<oi_xkH)NpxjE9`=*%Ax
zPLYUtMSrva3)<UUV=4hCq{27?>>oa@WO#TRaoWjg4Lm5iv`7vp4<3bNrRoh==DO9G
zeV_RpmkE)bH}pg)U3Zp@*tK*?tQX>l`lr^w)>$QT&#y`i*uvw*kWIVTNh}M)V+64X
z@xxJ@(Sn=^OiNLTih;Y^>OEn5J3F5Ur9+*9V}}tFRT&{&c`y!p4l<2RgBL$@XIXu>
zV<*DTodQDP$EqAP?exMavTLZjqUr1whM<cz7ogo*1Gj?2Okh@l#}_SQaNZa!78DfF
z1!?x&iger>M~XqpPu8u%b0k@FTK8H6)GtgQ*s5M^L3%*YX3^2nC(Ot_1Dqd2-6!g@
z2wk?1R>n$F{;)A&70%453p}R>e(W8IcoZ!doGzs__p4H53GqC0R05x+;8eJ|$mbhi
zKvLS#Uw__Iv$ig8eB3^8SxFyFy2vwNfC{=T%L!iUcA#xa>?Y#ci83-Y*ha!*O*Jh6
z<MKO1E#GVh<@+{Vq9W35rIEp}htu(fZ{OBTI=OfRjQ_H~lf%-CdqS~4j|FB3wE@#g
z6y;+l6+p=Nj)igX@DzhIeXqaf+Lektzx~T0$HG-W=7jk9SNKB5p%z-=bxI0kWjm3b
zoK87q4R&IS7VA}D*vwN6$e}u=z&$q3&YgsJVj-0xd&|xXQb_VlRCEcd@SQIgCwFyH
z*OP7G<|OJG9O}LbCeCMcEZv}1>(C*g<Ec-u?L-}njrg!A=xRep_}coD8lh{MyGkq{
z{HkneD??U!f}NV!)bxoY*4rESgqNUc$C+ivhF?8ogpz?Wu_l=`x#Z{5^#?xJ%CRj<
z0OSN3c72x9s_hG5=1%N>Glsh-I*#v8H(d@^^PCAG-oaN%Ij*+2zV)hLnZylZXLtpv
zRT3N{@KN;QRAv)bp=I%%Vq<3Y`|;c#Tf%5a{;^Yq9`TN9GZ*dDW3!g)k-Z}J?`}pD
zb{Z12a<8=^lUg0JooKS{sp}pfcQ`&^4`suUE9lmup>zyRX;x2oRu$(c%mCUX_4i-w
zH7v>p!atqp9R^oMYN%YdGbqH2U5#8kti*Z6Uj+Wfg0?&T0%wMcN@iADcj~sEdD4Fb
zrtQ;o3ItA?{?DZgn%xJT=bmo${kRg*0z9QAq;#9T5QJRa_esFek#$)Rk2i?BZr;=Y
z8(l_jS~v;ZLId_em#42`%tgsi1`A3WYjY#@dsG8XAJK;3P@`19SwGKN=tGgmhL3Rk
zh?A<Mj8qpwqJbZ8)YJY0Er~$GZ(5RXpYv_ghH&A*E_*Y~-KK5}V8nbEmM!xm`6T#)
zx#2FI{=;no)TV%>fre}jWLjgi7q3-jLz0G0>%H1?5cI1`4|3;?a$Vmf1$3vtpcMHG
zwzkS)Z(FqRv^8k_svh}zV?Q%9tKkoSEpmT)9hpQ554B9;#!+lcqJB^paSbFd(2L=?
z5QT)Iid~YV<x9SQn_<8SwChk-W@eFnOy+3XorX*yf#o<k_8gE}P$3b4eV+<0r1*Y#
z3DAp-Iy4em5SN@rk6c@5pg@0Czvpx2MOa~IsV?l%c5lNjIwbyx1W8@gjZZu1mPH7j
z-Bh+ic$r^d2bdNdk`ogmMHx?iuTxRDakY-rsW2|$qez{KPNo|R0tSEChEiE4YCwBy
zUT7cHq=!!iG{?-!%^8;H5Lj1nLdsaaPjx{%*JHb)qGG2E_gEA3I+!VPr-L06^*pnN
zUXJ2xU*BT)*jgrDFfOlq8uuH&erD+Oc40>B)7TX!hIs1s7uCja9h!0KK|R`Fz{s5s
zhkqIi#rVVg50yL6Dy;&?kne4yHh5GPp_N>lJ45~kYkZre&M+G=yjK;+<C0pU!Ac;!
zI^+1ogH(*!8nYqptq*(PcPmc1C{}&emNV$bQv@Cet0&L)K*V7+;l6PifccqE%%0@3
z0;a=)gQ0>Ri4GAfIVenkB8J(tB_URaNTra$cLzZ%rL_ONb7DZ3)C~su6)PSljj#X$
zeEB?q5ZB^k@CUq>0>=4p8|q!FNR$(N<JKQ`qYP|kU^!3`(juH8C4>k~gvYG6B`DA-
zu$PF_o)(gDhcf31wWEYUS<=>3N&KvEs|7fBA+;oVkwb_2?lf^58H{bB9RAc31HW=c
zJe(A;(fd%z(XW=hqtX6(L$b*_3QbKrGqn&KqyF^|o@F}MgytcB{ke(vErVLLR&_Z^
zC}SsjsrN3Asd-uNI5KivDR;qro(4wx_EA&ig36Kd{K5D0zHI?nHrnx#w2)ePrjyW~
zAIft1AV7oev8y$39q;fuLN}#{EAnQ<phU*j!#@F;|HzajlT1*|Fuu2{Bjk22r+lTp
zFA(BKl;@H(_kzW8S_5UvUd@*Xw|RQl+MCxfL~xTDqJ*-hW9oVrwdA+jecw2-*U^!I
zgycic;?RPVK#EvkAIix$$#<F1u3w9tN8TKskj3N$$_57gdxgu+@uAkNAd||z2Ui|t
zxkt)6Qo#I$QrUP#?4>SDV=~DN4cGn<-jo!Dm=eX72T26gcPhcZrQQ0Aw>zyZW(gaf
z)GK}e?#h4b#(d)n0dAAWeR5=&bdNc)jK73^TjV>$08kd)=4TkSh8-Z=(lry>vTMWJ
z-Z-DYf*;fCh*T{Cwu*g9F}+RTQ%$2Dsi}n86t}%(g+qO7r$(9I8mnWiFTJ3`)pL^+
zz@&gqA_<QD^^g?_=V>_ePDY=PHmLQnKg6-<y#B*hNHRpjUt{!#?{$jQR-JQQ<UD`D
zg%oFTKY(~<k0h4x*ilXY)TuUS7&NJVc>8&Be9jxvtKcN*L)}lnIX3qpfBtwRLVS?h
zaFX2f6QYzK<?_VD7)a&U`!6>NqD0O5(k{9;NHyA+#~P2HqmJqtGu=|jv^^=L&j`Pq
z?$ISaX~dHc8nTnU=Y<;>EnXZw`36Z*2?_di9id5_h&%SpiG)pr#l$0>T5>u|)iWYb
zZGRq4HByh(U83i<-a>_O>a}`rjHb{)@64ej5owLN$OYx6HwmtwA7|l(t^L6OcK!eZ
z_VCG*lXK?7OY`-M)~D;bvyl!gmakH?DLhnY)L33X7IDF<xxn82az{ND9??D9R2NP(
zO|h*pDvYPs*3AzE)1qj)P8O2fPQ)4H(%0$Uu1ICy9jciuOmU;O-DV)6iZ0)Ah<0yF
ze6F;?{yinB`N&H76A-H6X%NAbd>(|u%h0_L*?sqrz|wplmZZ*%T%7nw;y0ygAd9(Z
zi$Fmq{w`#Uhmo3_>C8Q^EYbVq{4%@}-jiggQ_%p_Z#N5CjC3{}(_cJ3XMvPq;~dd6
zwm+V;JTDFV#b7q@0Xteft;l!J*jiVqFTQj02R}XqdHK;T=VxD^ePI6Jq=vavN$=xl
zvqvnJpZJNM{s)Ao(l18*PHN*J!n2u$dpk@-GfVDRY%dNJ1Mw;-aUL&zbJ=&<-_URl
zE1=Y)-<k(IoEVU)YHJI^mfQ=8@-d1~X{PRAb+5RN$02f8^r_5_D<eUM-%y#g7bGI<
zYW!&GZx|or$GwNklbuPSjp94*$=Tau#`07bN<R1>+nVU!^WC0t<rcB61?R6dLVC%M
zR|CD=(sz=lcrQWPLQ==IH=IUZ?H*xQEn)wbNn5${P2dCGQ31#7hCELh#McAjGGVY4
zx+Ush|KDfZW;;R@{>U%~wFevrhHMHg-~ii#CR6ey9h0Uluq8)kgH7a1rvkf@WR@!A
zi*FY1_soNNw#BUpo;oA%Dh{zD2|oE1UBamdU}MuLpX2ns!y8BqXSC@dl?cX%2Oaxg
zi_PH(n%=tph~2%j{U6@qxP*r1GSCz9(1CxH48AGymZ8kFqZ9#e(`a4Gd_%23Ql3S`
zyB9%>UXwGjP_%YtVQdhJb$O^5b)H$|B;lai?JnymzJ8yX*hKED;65Yr&;cn;%A^6H
zh|rvI+T8XbRG0MLP^dy%f2G+8y7g+4_m_|hLt)g(6H2=c5i6-9Lhb-a>*MEf68MsK
zG~KI4%m(IGo4mup!Q?e|>LqrJf%-K!%f`s2^v@ClXFm?&J5p<E<w~%0ol?LdO67H~
z0OAq$^ai6{B(>{y-{>wq9g*4{U}=(y?{aMz`&BKKnI=SWE~$Rd8`T7zBx5JKe-i>j
zq?1bXXc(lmtZL&94vKU*0K3ycN(3tC6>$tB$GLo2@wvOYH!1(!mT>y>z{*Z;(CcrI
zNPyG2{<*D9BsGJ{%ch&erbxXYB=za$l~4z=+MAV}lf$ON912I@NH54;+4sUCzGfzq
z`36x)=+3@Mf~5Myyc5p&A~}Pu&XHMl?eN13IW3;U`_1y4zWJ`%*%#mJ5F1&3l<@F?
zkZaYejXERR!LyM%DLpzhOPX6OZM5(FF={?sO^xabPp?;s`}Dd7>qkCK31q$ZU3nL*
zF9OX@poXMW;KHe5!KL~3oHq)eo3|^LWEoB$&~QfBxePvmnXi)Y+2*qy^UAVA0J#(p
zMyo6fFKLSUkHbOdyp)P!8BK59sYtzh5t&m70tSn^@3zfpGN(S}iZWxQC_yu%XW3E9
zBkS^r&UIaR%$qlST(0t$RXu3l?O+MYiM(r&$ICvu@{6?N1?Gpv@i`3An<Si!_w5RN
z*2lxi7KHgUXqu-Dy1(ym5Uuu&G{dS+x{<sh1I8)uY+>*Bh{t_Hd?1&sIJ+FHm{c5+
zE!^{q5M^a%W|k7F?SzBGZV<N=n^{pgaQ3Vu|B&L!GMf6gi$&1tcGSn~WnDxdP4dQc
z3U|LaZrv#3(tLgcZVcL^WXwXI=f^54BbxR)75Zv&y%Q=N%XA@SO<<|5wk1FwwDWn+
z+JrcF;lT$Yd?52rKpQrveXG1S%`&`YSw1WbFx=O#U)9|5`oGSKCyGcbYsUwuIk@b)
zCNLPGFCeSxGu6JC`nhbxJBfVtpiGFUkoRvs>vbwlos@DzN__4ygXzh4$M>%6W1Y;?
zCnHUq%@F+@-f**X-pkzUy4#Sn!;d48qK9GwXzKR}XRh|@(rRmdkfC3i2^^U`C5{|P
zIFoXU5vcKuw;vEu4nQ)uYHV7}E!E?{X6I>)DIAM0r_$d@Jiw70Af%BXq_<p)S@<j?
z<cB0Si#%styx~_vl2-oA24yWvk1?QEl?fhHlOXo{dMh%7`ZNk`&aKm?+jCi!*l=XT
zd*3GrsqPt=%d^k^$mDwW!K0!Vw@Qh6SwD859pRA^r#=U;r>Vcj{2Tv_+f>e)b!zH*
z9k0JkRE~x1N(on9?KPTt$Fgm6U4&fl&7tkfg50@lPqer};a@a#0U_D^{5*f7GO{pq
znOQYpr$M<5YA=ITUx0}19cRkuPt%`Gf#|;Uuw#$-k|-B{W=cCat#2OD#JXi*6)yf8
z&jYEE=4|X>a;dyR10R*bd*&OQ-zK@Yo7S!;CBoOdy+^(r*#UPNxsI@GNfjGUn0IF)
z)!<0?MWbKFfg3(`3HZsG;iU>)@(H-Q@+zoxzSvKTrNF)kEC3W=8~~23h4EWtn5~Ho
zhCs11d9>6eKZm%b450jc5rl+y5Rs75Z7eiSaDY68d+G+Qnx}xq0BnfDp;6bGP_iND
zejC(35OvcM-M`?z*nF_GLO4YdCnK6lO%Zdpx=Vc>7%0GB$Z8m`6?w>SpX7dTQ~IPA
z*AkkVmf%yxH`E&i{Zm{c)@d!H>*(zM(zMQk{4yX@a^;O`qhd0)lQKVMXF~w*T%oQ(
zVG2ZWPQ$~ZP+1KZ1lbnt9}Z&iB8DN$hIP5|dYR{}hlbG!gaCdE;*`~?*<p!>EM8u5
ziYI~Me$Y&5BOUlT3lBjKEj%#rLK;MnsNB8`*pfWTD6KqIcu@Fu2IXD2=p1q1HKeg5
z1WjW9+S<}Te*9p}Tz5S737vx7eG-5p6u`bfUcjxA&zfoqslmPQHnf~t&gb`5iG6fE
zbrb{{p#-&A+su%5_3%)i#55pJYq`J~bIYNlb1Qjd-2Aa+_}_1y$wW*i8)|B}NqV_o
z;HF)lxP$l{B?HIjMoEyVU_a$Y-5GR3BZYwc*=U1hCc1VLzyngV1wFj|gsjqxd%x2r
zKq|LJAg4mM%`z$pAQvjC%Wy4*T|#6eM<vH4J@0Yoz-6Ew0B)5Al6Q%YeOzcR&dNP6
zLROBIwtCW`z~hSfdz^5CgFJ910Pe1$xW)k33h5aLnkAKr0QGm~neNthr3Gg0lL^jx
zM^NNvp#I0)vY9vBJa9|u)m$8oFA`7QiL4)G3Fw36=xehTVB843xkue4L`=+W#wbTX
zT0Uz#iniX~H*T7k<pngN+WINGcG@D}_XQkd5O^thT)1Gy{{)iW@$tE5rA$$=3FTF?
zucmnSXgH?PEfMyXnD_}V$xt2j$i)SV*D2iMQ_GSENwE+>^`cy0AEM`d<zv-jG?!09
z40c*PyvU2XWOzhisRCk}#Kn0^SWdcgG6yz@<S`or25UWBC#PQh;sPKDCiPdJn>~FX
zG9~FMBw|-3J;%Q;h3F5db0&+I;6W9k+atlW)f3}$g6|ecy)77tM~B18tsQ$(r76~c
zX9LA_pN8V*2(BKd0zkKE&{68sdn63cW&<dLH<C2zzmd>ZZnXrLC6}}j#5q^KQr_a;
zK5EA6yv`Cp{@z%hCEIpUY^*%{N>FGvif&32Dc5^DY1_%{a>m!->I!EEZf;Sgq4nPT
zl?9oy+Ix;Fg_{LaQcqpQ7z!5(7N-0R)+NXS#HEwEP0FO9Kh?jP77b|+PGMvu#a*%D
zCGKFqw$wJ?d`(l7DK$yIawVUI`K8i??1iZJq@sN4QO!)?no}n}aTFeA#6(UXDf121
zu<`cgijVH@zRMWY^(~VsAHpGP|NOPls8t%_C&$XS13KzEM_$&<EK3sb-hGoZFoHTt
zW=B+Va(T~4_sR{k$KuW=YuO3E>lO08Ya^o$;}xXPL?~<RPbD=YtUULwbcK=DKGStM
zcP7qnzq_qu&1O<Zb(k(6E|5gGNEYCA`i9B6ca@$`4dw$1D>nJ22-iV2-_hPZmbN$t
zm;VT^Ccl@(Yt(*BO$DLUdO`C?YIu-LHp{kMmDsYT6b+T<rgs>&rAIQ{y@LoAWrXHi
zjC+9<8Em`MB}y_Tc_|?g`qAzY!PhIWLr=^&0J@M_B;x{MGwjJ@XV0&b1vl$AZ*OO}
zxiFx)LmMfVQzZarSP@gn>&T1W>%U1zN?t*oU11VLof#}%T_@X`vqY5lN1u3BUYLYE
zN!lJ`QU?G-5@UyRC(j5(zQ+WU<&`spckbNTJ<4@`g|pSYIqoMAm)}`$668*Ibk-&=
zFOQc*?!TYaZQ*@;S07r%V-D~7;?*H66mX~OaNd~k@c@wt&QtOlky6RjuA?un;jp_~
zG2U`Twk2C2xv4J4h!H&vAL3Kz$<o#Q1kb9d`mpTSq6gAq+wLAFMX4jM)?&{qfiJ&e
z=-#B4%;rUGLwNwQQ3L(ac3JjW*M^@FsD*eq%TyxJ-K1;AXvq3#1z%*0;e5T`bXn=Z
zrkN?$yz_qb8t^NkUS+x&1NHlEgwU?CeLB!vP{ZLh>L|+b7f0#+JCs(j0MMX0W#Sg-
zy4YZLELNX}K#?p;sJ=u`HMF%2F&B@XaE4$Na0M1bT5OQE*vYeAASjUQIy_8JG&grb
zhbDqkhYZWvhLC6}M1vOM+H&Pv)Rocs=3F{V?k2*vDq^M?09QbHlEc#>#=gFcw;or_
zAl@$zd<GO<w5ya6RVsA$XCcsf*5i5l^wE^64BitecPnlmn_p?XOFFCB!QqA_tz%E)
zx$+MogBeNJ!ni?kJBc71i>diOK6mrm*ROMrT~WZ3cdRWaC&yhlQpm8wurC}G3Qn$G
zHMzEIt*v@D>v&{5I&XE#K5cDPeOc-5=k`AN;|NM9`ldAXt?X5U9KQ}!^(Vw+H4RvP
zwS6sJT6Yy8Z21zm&FV2V=C1FnbNXLc$Zgy9^_86A_kol2GWN)f6zF9rys&Wml)i_d
zYZeX~LLT5<WMJJC&j<b86z88H;&psP9y3bhn3K8$m!UEnX{9K<I%<R1a1N5kws4)^
zS|(act~YJfW07}ct$S4hnx-<AhbWT56K&d5q_u_s;gSqZXh7xzr+yR{r#leKxTjQO
zH*^;K**i~jO7>YCG2HVfMBpZ(WDmf=^q@g*RVeKd{9i&;8NHx%xlZnKE(=-8iu31!
ziQ(aF@cFODTX=eSPisH>C~CBdl$pqVtf>hAiiujiOK>sgoOxYtk$Mh&*8kV!Fh>07
z8+kQcBBrXgwPVDcEST-_`KOM?<so5LF!L@((lK|LG26@G;gKCzzdBV7FEc3@d6?bl
z`!)Y-|M%jIu`tnX&->BaPVXv3mdbl*LheiJU(NNHdhjak<xrRIp{D1fE(80-c;p~C
zt+pj4On;yk%H4_ldk;k5&*}ip0A41g-l$cukoN@r1z;IEcoJ{lTNKM~%cGZVmamo<
zCF&XY&(YqCBJ313?PQkusdj0WNtw-wt;k9qr63$ldH60&oMoOn>FX}F#OG8FyZOKa
zCp0wbImUU^dB(EHBQWf?q4Q@NJ39xzI$_<6k%gSP7M{hl0avT}+MHuO69zRanqN4N
zGn&kh>YzUmD9wC=qZpL8iVyq3BXcQ#ZI@5v(9n=FGBhMY2q(_m&vJV2j0~NY>XEI$
zKePY=k9o&>|EZ-)Sh`F>;)+tq^7C~KH31kKiqwK~Xan2(XUaR>(R6%Yi{Cz(xHx4z
zqWHqS4XL;Rbnev`jiOwled_b!b(T#5-2+)HCE1RPqBdiG)}5c7%^GfB>`NQ$&^^Sd
z67eGcn=PC5aH%ya4MaX@=qahI@C~+j(i7?Ky%aq1ajuK4%QwcPUy5zs)BG}5{`(lj
zQ2!obKw%hMSpnHVqJuj>83UkpEsQd8{Ie7(EQY=wfc-f{Yq$rQ6v?2Vo)iqJMm9du
zLi|Xwy@b_juiw{mBl9at#pjS3fBeAxjZ#M_{-FyqdV9jY$C9k_Ml}H<t;QbL{-!eG
z^snUWQ1pr05xczcrKp#>jHuIh%HH1b1d&;w*O-##Xn-{xXP|F)>p2;FYLOGqd@@#l
z^mQsv-|DokuoUg#?05<SORS5VjP`cF+?$k8o4RstDD24ekUSH=y2YMDF<amFc0IHA
z@on+<J>=PCb!_QvW%K+A?Wy6|!S#5lU|lA~RXV%8LzFXV@#C>u_jA1xzdFI=M}Mt9
ze}8M<mR8rVrPg?H1?xGSnqjQg3jrefN<fhLd+}Q2&0<eI==XyGW20|C0q|d7^nw)A
zoyJr^T^K>R!J3e%;8o$jS6H*ai_$rph!8RHbLdW?Fu9;eR-57#WcWn8PQwzI=cI8j
zzj2=mUj0)m7re9r{5}v%5G(=BmzAO8Cu`%XXURz>#WElfz-Fhr4A79W7o`#sY61%O
z<3|`;AVF{Ogs>yc(Pq@o8qXQqkj|o&an+#dX5+5@MpwGUS!1S84%`Z!i$p|it)Y9T
z!>#*rLH*7AM1JjqS*xV)*Y*&%BjWONsZhui+suDo<^%<?ak`IL<v|>CiH}a`M(Xx=
zDP@EgFqthujb0BQo+0vm>-T0m&#Led(FPKJ?q-dzm?SLf{88#eL$T43HLGuDgiq7J
zlJ>ptBcBZfQd&LgsjPO;SZ&Uazb6CZ7dO}~G@B3g@hX^voqziU?>#)TBQx^|lelL@
zYB_!!Z#g&)O;BTw^l$63YoSU;cp=YzHvSL=9ii1gOKLTy^PW6m$;nB5!$J~-nVy5x
zB<&55Z=GBoD$%Ym&pR(1?=Szr(uDN-H-YB%hj&r1&YqQAxCs6qX>{8+_Xz6KBS|;O
zlp2&Up>X&Vw0vYs2xhNAI=?{WZw&|4^cFbnML2YGO^{{gJv;j-w$pc&7x#mf={Aw@
z;p|)rA@%hJR_FHf5p`zGzOcS4C1!iECY_xp2*ULhL)Y6PQ-ijpW#9G?#pbVbO3cJb
zS2q%ICw-kD#l}1~;<$rR=a0Co=v{3K6hmxY+`5aKZU``0XXOz0eP+g9w;Ur>Ue8(2
zQa86sy&3C0JNq$_ec%C;#J|iJ^vfIMP)><v0#B#)Ew1?QBW{OkoW==Fg5kw_(3PZ7
z9tC;6?~_og2;ORnYvTQ$U1!<+^q)fM?GI6|MwS?icp`CzwLv=NJLSCEYr{=kbMy%O
z8xTRVtpEZyF5&6r90yb>zOF2>pEVLUZ-AhVjUcElU!Jx%rP(Yzzm<9|Vbou)Xs5G!
zCEEjPf)7x-#M;dc$-x^~{aB90NJLN0EGKv6XZcqY#L%h6RXoWdl)*cQla;WV`xMVV
zOa=;nAm%<bNm1e5rF`)-s1ZkdnbnJRdFR%I5@x1DD9jN6XY@MF(WlrC@(QG_=<ISC
z8D9vHuX=Tt@AoCu0ss6aAKtJNoM=0Wc}6^cmO5Roex;4p8e~1EYEYc&>_F35KEfFK
zp{U`n*4U;fyjR4YM|!YK!I4~5ldxnW)_s98FSg|pmXGvQ^>?j_c`7QWAN@;eEmf8f
zGEQoKq^lV+ZDL!Mv6=CKZi}Rj-Rc>o^}h4m!n>}|y<Ls8tRwBStR`c)&mFNm1Km!C
zFv@LPcImmPvwGqF*on2oP{4P$S=wxU!bL!b>L|C)QUyyi#Q7iwRLYcq{&!R=1I=f!
zM&PxoYHI_*J4UbeLRTMX8l3)_<pypfQ2RsWv9N=z;vAovGHkiF&g?+yirm?)>sOF(
zL#mik`JL>P@S6gj=^hXzvik(~1Bp@rUqxY5*Juu~sX531F=3bW)#HHPbwRd@3V&~$
z3~QjwLi-qy*ALOH21^3K9t}KbVrqQh(dj*CzI|>Pi`;zt>K{iQauR45ptS!3J_(fY
z2#UR)O&Jf#U%|Q3xd==Uu?HR&DR={QyB`f2A=zvKp1TA5@2W`jc6fvuJ)&t>1M2dw
zn}cje%=xPp`S3a1*%0gum<);(B?wB(r*7YuAuFE%cA?w`u*(SQQV{3=M5yFY2o;@H
zR~zI!c2;c3+9XmD{s%{e{-utNGid?LswfI8qU?z_K6kEkAPJ&O1Pt<D-2M>{@m)ZB
znT?Mh2m*9?f3|LZ1Y|?lz?uKoBGiAXx=~2+Cvw%_wiq4X|4^a-J9Yc@16s~Y0I}m(
zUWG8`sh;-Yc>v!1=#<c^;jzGv<r0$1k{4uvZ7MB`;O0*)vOEZvCjJNb?Qh2b@&u-!
zMiYBd&&(qmh*xwd!-MS+UU|NUej0*n_&q%+TC1979|mm)`h!j*Kr)l|t47K(H34Kr
zWd|n=L*d`b3w}R%<+-OuYkGxQ7d156NCja^O2w05l1@IUvB0`mexs6w*=sKaB>8_;
z@L<$QO1nq_$Rd(U44Ldt>y<pL4MiVxUqy?|UPhns0aSk_?ccxyjW;?&4bHu|zQuxV
zT0T_UUC6Sh23-p~mhHG}&AyLagPCTDTH%T%?DkfQYRw8tN=s-Nk5N0WDqgW_3CpS_
zyO$U#JKT_&@;=PVw3<@#T=lTq%S_+LX_k9FwS0S4c^-SIURJ{Ro?yI53+1q7y9v{(
zr%#RZo4yM03<X@r(>JZ?li25DO-~#+O+2Tk@p^aE)Q9GI8hRbSLyO$snokx-HrTQm
zv@J-Eq$ecsV&kGEE<p&dST-l;7E8`zax#;bShse%B!Q;g2Dn>cOEH=sU!;iIzJ}PW
z7{|vE)!N8TY`#pf_P5)pIXw3iyiKyQ_Hvr*cLwIlGbFEBsp~$cX~{NCQOkO1%4U>E
zTz-^e$<NU|r%%BJpf08+KL`3R*U-*6&poEYkmlyR!71eXdaZgtrez=z@TTGrwFj{(
zm5)+7+K|vxlxtI3K>H{rMQ!b@7Rg`kkvRSrql*j_Tt}u`=x!nYBPu?=)xxd*8l72N
zhK5Y;eUBB%*}W829t;WrkJC7D<2$j9P(xE<<L9_K<+HXlUZET9zjTuhD>Gu98sywE
zfAA^Y91)e9OMxLzP6je=4gYy3&~x0a`)9NN`9*YBvMyT`VI?AHS(<OP?QaKv?>^d^
z5`EWe0~rFonwp(x`MB^fgd&Ra=i{dAAk=86{<TrH6xpa+-|>-sHmdQBiRZWn24g`B
z?$9^?dWrB6m0y~IKf$wJJEgc&A?Hs%3cvW4ILdwj7j#V2e!#2WwchUjrS<k-P1jAP
zpUt<AZo(%$tX;L@sO5hQ=7qkluIy$#jlc^$e>)w=^QNy<Yo^MaQycrGAN*epZ@L;v
z1pNH4Zg<dCKdNB&uGBSY9){H0<IldSlwSj5BB_kSQ``2$*m_5LZrinstCCSeJy*#{
zZ6~Yn%KVUM!K&)&0wOpTvwaym;4|8%e~-h(wb%>)+TXZ0L09z7_6jDp8z-#$r#C_8
z`L*)|KGWj+VJ<lr%BxC6&*SF3J|<c@ak^X0st6z6FnhS8tHkA;{a}6Krq!O$o)$EH
zrIKGfP2*)$^mCH`Y_0<2p~ILSe{pQi+-mG?+ly~REJgd(Zndm$y7m+<-CqyPed!bA
zkq{S0vnqDt2KvOpdjE8Z7jA`~Jl!z57UO{DLlki1!xJKr#!GdXZ~s$A7J?>zS<ynh
zfJ0?Q#dHY8S}oC^=JuyMqtcE+pw`k~!F+%gl^pLQvW8=*@&}|RPoHqQ<z$wm2_}=C
zDD(XrS3+;0w_nnl1{$p(9v1p0%HcgWo1eO_sY0`-#8|in@>pSIiB3yn5KZ!aSd+1X
zSSR#1ekH?YtG3<zd8@HYP5!(gb_@JOFU4s?LneGI;%=wKHzRZEZ_APqvtSPJ=18Y8
zZkc^$@YkO7*~N<#pX(%`T=I8{2n>8!$q-&~HjDKV*}Q&YuW5<*zHzbC7Z&FhKb8_l
zDSq1je|XM+ZtojyX)!iV?9AnV^P@Cg2hU(wf8s%He!0kd^VL5$*0Nu2F8eDlwL$Q2
z_u((&{vQu!<VAWqb?ZJ}Bm?R+af(HK2ffc{W@e6rC-4fdd*<5<aA~1AiS`U9|9#=9
zqdGFMjsL=e?uBc^)JP*@Nf2V>U=57)h_IBXc=DS5@ZB#<k@6>XJtK%GPeeM*$4ODG
zV@O_sjgX!O_&S)wfAIx@-15e3)Ao*2Yvnq2Ha0dE*}_!Y^;CFnZ)I3bae5+)!$_y%
z?Zb2@Z{nkwc!8uV#bj}zDDhb2Z~TbhTC1(KS1k77bb3D;;XNGJH1JklTZnScUSgxP
z`{X4>;tq_r`Rtqzs7M;Gaa^kXm)jd#a1{<GdB^_UlL1Y4#`^f-fbOeE-yjk@PLSnv
z*y!kuz)pN(`*}kAsiU7B!-~w!T`uZEKML#-T%W}Cl=}dY&cBu#aR*XUg;yni<G45_
zl+Tckpt-FLg)_?Mza8>E@4cMp<CKH1!ago&|8jLxwakArnCSzI82rql%pT<ulfC9`
zE8;$IZ@9@G6v@mtGVUxoU`25n#U~MA*{c+-t(Q_M{J8YjJ}0u1Nd@637XQxRnL@uX
zW5Nq=E5H5A`ln-yhGKz5f{hifU(8<N<W8+$vax~Ofq#C;7mM61^T#}S_tMhPER4NE
zSA87A|MP9zE;*k1k|v=|O<HC#DV`!M-pKQ&{r10f$vA!Ut-qd{)YZvwKwGB9Df|5g
zRTek&8U5u0ko&()%k~iGLarOPa_3De!Cu~xxvWNp{VF-v#ym~h`>&R#+YGS&_%UnU
zF%*+-FTq=)a=)Y`lSU`k#kRC(r`v_Mq3^XzbKQAIu9rFK44W0&|Mk&9j&sP&(M%>V
zLNds8iucUG(+5t+$GOZ0xHWS;q(5!9X#es+hWd)xn^4oVk2NiqS$2n8f30Wlmfx~>
zrZ0`IX|-&(%{%?PBHySANn5!UKwb*)@_EeS&PSPlz3Jc&+a1y3gKTh?mBD~J0WX(k
zTQfK>%DfqzFDcqd8x+Ax5#?zm`D0;4ni-XXN%<zvdDh(zn+k1GE!u*-RehD!>h{tR
zJvWOKAME4_>N2OwAJL4A8M%zV)$#X-J+DX9@b^~p$P#;Z#eku~Z%U@xz3Fk4HPZ_e
zOi*u>n7hXpms7Mmk#9YGYJZjDpLaxru#gke+bTd8)aacjqF*vt?__kgtsp>pDkS(0
z|I@P4?5&jfUcp;CottnesEt_(mBM&#w9|0<xxMxi<1gh2v-7iN67=FcB~3J5T}g5p
zU9_}bU2$@Oyxv{fCC=`O{zJUm9%k6j)%IS<<{|>?e&__4{1)vpH8j1vfC#CxCdS6w
z8h5Lb8|1^+HP6QM%Cj$i<Jp(hyIM8U8^<b;FgiM&a$?vOk}plh*X-Qf4}hWi_{wd(
zlvUHWxVNNNWqgX^ba|wxFqMKv`Q7(;V6!*do1Ib#wX@mDgn>*=?*+F*oZ5uP(1;mD
zDeG^2>kZG(2Fm_&I{QY3O8V=waM8ex-}_kMQ0ZuIZ#eQv;U|QlClk3?iROW_@y4wR
zBgw1b|AHynryO>6aH+=y6u$guUY~6)vORf-g7~19?w>EF&G_1ali#7R^IeMeSBEM}
z%;0@mFI8nV4b_AnR0?99vP5Xd7F5Hh)P8V93^?_>OhC1`W{Zrg9y(K5(Gj*oi&St!
z;cuh4pv`WTTlY-o?SOQK1I1~#x98`^$J|CFdpeEb2gpmgfRq%BwaDgt{l-3Xz477g
zF|ofk(h*ZDq8_>&_{R{3nawy&q^P}KjrtzUA`)X`DdFQkAJPD*#+Mx+_xI;l9u2J*
zg5P2Ibi#i#(GPhNa;++{=jy$<rr_^_-EwilZR8a_Q1b7NV#Gc+Vj)F{h9@E~Ds_?y
z1zU+GL%aVzjMY!2X#Wwwh*)k-bM|QjW{<^y6?J5lww=j+LlKo$MO(tOx~K~r@_+SN
zrx9|>h&c0IOI*RIiPSaJ@+Ho-M8`HhH4SZT+LbE_iL1(Q3dY#7T}}q#0=m6Jjg^1@
zq=!Cn4EH;~sJ2ek^%BRWV*=koJk~Q2M@Jgv2s0D~M|viv(?-3i@cY})nCWuaPPg08
z0eA(j?2|J3-wLn(uZs2l_XgvZ897Cm?vWt<0)P_)=#meFyDqRIfMH~Q#Y3VI#EM8<
zLw1ha#%3(ZsNvw1Yv#Mp;8yq&gCwMtf0s^_<t#EF{#Yvbp&c<PULo(}ep+7cNtWQ)
zyjy=?Dx4nFlyQ%?+Q}SXDu(ZNs&e_M7V2ji0E5^l<hg>V&l+0w_ZbE+fR6pU!uWZ3
z{Zy}{Rh68{#5Ugs6zF>&CqdqHO{}HNZ*sILdcB*kFUh@E@6O?~@P7Zr2g6gLgXjTM
z6p;Dk(f0NCUqSv0;0CeyWBsx#&_+<42D)-*Qms>J%e1>xYjzw`3w`90z#INN0c1%2
z(q2Du;+&}^o1%$HZ*X;;gxj9cqMeBEG1E$frj8E()9bA%ybsT4f2<n0OR?6ys=CSh
zzr!{b`WtNtIGT2xMdP@Dv+K)7v$iBm3e&R>{D_=MfEahtwtT+3Kf_6j+N=CF?L(k5
z#>Olp7;R!iN%$wTVR>T`q^fr5+1XDac0%B4{5<79Q8Hfi$`N}Qj)?G)Yh`02!^&#%
zdcS9py?)<dMO8I5ICVcJZZ&9*6sIsKc((6vz106zh|ABxkU6TdNt$HG%cl?LZQ0};
zCpYSq)X_sa0L{b6?7#%}Q%$?7TB1KRYB$OW=@l5o<YYZ#i!*=VTQ?%6Xrdv~*jS@A
z+xvm%wdde*^2fW~Kb^z${(AcuKho!N(YrhUp#|7~>64(VlvR8FMJn2+Gq~|=^{=<R
zF#=Y=FFjg%@poa50zT*7s{ivJJM)-gE$vD!$zQ(lw--0h;QG3~d-uNV?T@-vvK6m>
z{@Ka?KN`i`iEt@R7LMyDABLoR>`?w@vu{9Ukm|}+Wg*?-=k)aS?fd7X$nf=Efb`M1
zxzJDR12j#wr6+mzD=3t*#<rwWRURt8C4By~Ufzr1cPWfc$ES6^9pBggrA3B1zIF4p
za&`&)-$Ep|Bfas8WONnIKNa;<oqIMw!#LDo$hrM{oMf1d(zjRpw)CA{d1+4?pVblS
z5BF6s7a1JOe9S0~nE0Y;D!)}l?XiKd-%slO?w6*mh9}RhlXEl6_YPV?KF0TZQwPJu
z3`D(E3?_caGjg#$vD*}FGpi@Z@5rNoKu*SKj(K<A=M$bb-%oNKk)*{XhD}qWNe*2r
zpB&;~!M}XClju&Rt(ak09x7~7DE!p8^Fl56or<&g@8ngfByUwdG1=u{K6{1r-h9YW
zCLgYQs>w{et5Vn7N@D6ECTKqn?zzha$0i14?`faH7_ORZUfMUt!+d%yHRqhUDVc9v
ziCtu}jJdFHr^s($G(X(;&E}N;ETlSYK{szyTW_6>w^<T!1I^9wD>X~J#D?S_O}cXv
zQ8`^Z@C_%KzM@R*jnQ@rLN8Q<->zEasu0J67%j(DwqMsd49Um8B({C|c;J3U@HJ_v
z#rAn`mnY@yNdSN5l3au?$basz7*tfta}64d(0fwOk<!^K!kBp;q*U^!C;s~(38vhW
z8kIA@12U{V5(8>SOk2iH)A~=P^ITWuuon6k@OG~{Jt3Ge#<nB)uDhzthxfVOwrn-k
zMcl+m8n09X20{Lj=Jij?*MuVXH}kJ2Q=pOIkrU)ta944x4(Ijar>uB7X$RhYg@Kw}
zverDFSIl;IR3FEhgiP`FF{Ymts<mjm9xeF6u&0p@OzLAht!P#jcREK~-i@%+!pMXB
zV2;%B*Yi^!(5l&n>~6hGY3AE}`RNz+?6{Y^kA4+L9%;IF>^JO_+~tyGx|ui3>pF+X
zJTvn~oX&3j-4zt=cbA7HxjS<Gn5DfXY^?VF?2dzax4J%sn#Hyz>b|Dq8k#ID7U(-G
zOgtARUfWMCDDIuNKl*L^zQ<S@b!v0gt$Ms{G6i4EU0LEU*!f1}<Y!iRzIZypOJv8#
zVvB^7dTRQ-?L3Z|h<=$Uw@HdysBYhB-D&-L$6@O2%JthH{LY)?9~i7{aqE{2UduBi
z?L?V2_(e#w>gx+JBKw9jXUDNw97bB$a6PT_%19d5@gy`Pa<e4F+!8u>g@YqJk^kHd
zN)1aT?6P5omCBeSX6De1x{W@~>F&H+x0(~NEypZ;o1?9i1PoDc%gYrQA8$eA`)MSc
ztTXS&T%y6>uEBZ1ERP+uB`SKWf)b2dl#U<F^ph$MdM8n{(dkEzYliI*V^&H0?;WUQ
znZ3QefaI2Cy&`AZ=Zfg5y_K#rO<Z_bOboy2dPe$z17+XfaA@l+zeMS--+g-YiK$Ps
zGodA68*H^p>EzaEnBf|SA}&R&B+MWwy~~6#XK2kUi!W<sE=0Z@ta0vquN2;B82t2+
zdhu1&Ly5vVvXRyeP2W$E#(lgxIoNuBrMhK(V9C|WTf(M$(F11Hs#i<c>xSC9@8%`-
zRNi59)PMIIy;SN;v9`ldmr7W-toVsg!?b2yl${jB2)2T+EPFP?#%^VAEU1Z<cDUS}
zd1!^rC{M@RHum&;_Oun7UpCds2l*bI)st;Xpt!lTA#JGZZJWl)I{O!8M#XViGw^Rq
zq@07`Pt+oq<&>R^w4anuZ?=4SA^5g6m8X7gpvn4#Tlk*`_0`F#GBRrAIVtoliJp*m
zi!EqzoywbBzp6^I7Pm+*q-t(Ky&!#2<>xAad?(RQQ*p^LebOh%gCNx`$T2sp{<5-Y
zOTqJdvz1JYM`(UhROj}rDJK%6yLNn;+43gTzt2$b8QPG)saQ_i6)5eWthwcmtRvss
zw81qu?REc=8vFVkY6rxKB7NhJyVSDdxg4a1<lPD{wS}Ro4gY7i$3mEe^;Xv91_lg@
z680PHPMGj-m`rTRcAjA<`oTJv%f%~Kd)=CZ{444h5M}Ddw;64J_<DT3N@R|gfU;_*
zo=R(CM`E(Eql5h!d<Wtzz}F!lI;x#rU1yP4z2bbEX2I4a)TVZ3vYEV}g2V)o9$ky=
zGCwIsV%^_QN)eJ<>VUo>;2HQ*mTS#fjSE&hjW{3CPjTo}975Y=Rm82JFbJZanFseN
zl;8=3bna&Qcf0ou4gx|Y75v2M`#A(Id3H-!eV~WNQu<<uW!t{Y0Eg6-+VPY60xgjr
zr#B$1x@<j3xpyc~Nnbzj(-Zel3Coy5>$WMG*2k7HU%&0hs(i7?8)N;&Z2RF2)xl%*
za;-BERmS4p1RwJY?JtjR(c}1P*Z6!OOSIgz)#vu?<EZ^+)z9$AR-OJW)3_sbuZ7<=
zpb-zlcQFAqJ~|)2&tKm9d%ur-pMciwIZwbBdx5Tk<W=?O%|3FsN0z~Ju>Lag^{n$N
zd1WsGDMnPBFB7@Gbg{Q8SS*f?&RX-!X@HBalRSmD&PROw-b^CO5fMDk%9rb~_?CaG
z>yPN`>+^n7(U;|+S9~04#CMlufg24L8r|fS8)hPfg<<XF^S5V<YQqg;ci)p_i~ZnA
z!8@a)yku)A{<YomapXlbeql7ffY6;Y$WpPIt5xpr1}c8#+SM)upA1<t43+wcn<eQ*
z^ltMF?x#e=9v4^3+HP|5cvMYBS5?;@85bQo1owD@AR^_&@M$C?mF=W;Ep&HZVNmTM
zv=Q1~al)VXU33X)4kR)$hXg)}HW0T-g?>Ep;QFjH!~G9CKEI-(tTVs^AYTdS_B)R;
z-wMs6IW3!U{N%(+uZhQrAd9E9mI7tXAG^W!JU(?{8j?_w^D?_$fAO8f$@<kvRGBY!
zpd5H8@jmcWXjTee5$#3g+mqh+t`~v*zqxiK<Wcdf(K>wiI{m|nS~I4kc~V?7RUYTK
z79Qq>X>QKFDU|7O`!!8>_shP8x~@0-+tM(?kF~8U2`t9Q<EXFNVf&c8lFfVfr&$)5
zN9)EF+>V)NYj@E;{GE^YrZJHC<lZMpqbSqZ<qakpj~on}JlQ?8bl5#m;@d1_2TPH`
z!EU1xpRXxntHz$$Q+h8zG4(a4TlSc&PG#nj$eBY$U7*b|nP7(Qw%GmBUts^Kg2eJz
z%V|<Xm^*LnH1U#)T_ZV`jZHU`GXKXe&mYcmXDfAm`Z*ngZ-z5~-2>F|@pCgJQP0UF
z@u>30{xGphlb`d44Q4g{bt%^S#tC7H#I~ovGA@q$9|rK&xFk5F=@Dtpo7hC6!IsP#
z1_3GYp3{xSg72|;IX$p#dY;;=Yw7iE>CO)m6W3h5T10|$liaTNg)Omu`(@l)J5o>_
zQtro5vICObQ3IYwBOe^H_!$i6ozMOZhMC@`rPH>j(NXm9UIVa$ug<deSa<{b$l`s`
zATgK^x>Rl~taG@EsndJzMWO9}m5eLETEMJYI<i=ywH^lEG5J6zix@`!=WtOUy%+$h
zN5{pvm%2!2WhS;y^*pznUKdgQy*b2nk(bD~V~B34>4Ed~i>X}h=bN-y^02?_Sn4uh
zSy*)$7d0<eDQA-DEhQ48+Bad1(uOp%ex%Blg#hCtuUu&|lhSqoi-%3HWQl5#9R}#j
z+f5@OLLI+s$!S^9r{TM*&mXBvwgA5Xr4T_tMMZX-cB$R!-BT*aygu&Dx20cRy;|lS
zlU$HCm?-Uh{OB;+fCUv7KRu&=ImS6J^xeBOAAjF#L;RkFJd&GLw#T=vxrkxWEz=5O
zq2Sw}H`<fzv3Z2+xQOnXr^6e!Xr-=35w7x?W1=LR1wV63Lo)T?RuA<~t4F3oxr*s7
z6)yS>u-?QCb~{)_R_wiS>e?NP;i+yzU0HSND*!4^D=E<7dGILw9o<@wb+Y~8<$Ze?
z=;_z4wTe@e{X^Jd%_8_p@J7XOTXb!iROk_4paX1jdWKeDqmk@jPxtlSNLdjjn6>6B
zv-KbDAGua!@TR)6*P+AeT~WDDGwW6!!3a6rf4e|Kbhj?j0y`1F*R`B%L36p?{cob{
z)7pL%ym~d7=V&TB?M`*ARV5BHftwYH>D7d|+lALn#di;%jisa8ZENdS?b6iP#OOM_
zkvzbFhYpVz&U<>S*qJNU<Pc~#E8Z;LShLG4qtSCk+SUyd!9ita1x?r_pzI8!#XnER
zB_%D@=65*#W~iKz$yJl<&<dnaz**ebW&{kH^dCLDT54WJZd;=7>M3wzN5?<A1PwlY
zdKQlxjgI9Yj(dgY0*uQqCwdrOY3VhaFQ!Z4ZD8jfvvf~mT$Rp>-?5UKzo$q@vX+FO
z4@=;`Fl#|BUD&7Xr?+dBOiWD)fY!s;8Fq9MS+^76M)_SFx43-~DFUUp?!Js)c-kPP
zSBojV4$Fl!2Kz}4L1`)C^?F)Eo4(|SfsTZ!sdSSz=PeC25|tp&v02R-O+f%q9%B=V
zSQmg7?dL~qvmVCA?%5(Se{ciD2CIU4)LlWP)z^>)g#ym(rw;>1pj7C9x#F;J80+o+
z;@8G^{aIy!d2x_K%LB9<fINmj@a{g`B0cb``{=8<xR!6?>%oA{Z8KfzCBiq~zI@*!
z$AJ>dT#uDv6O)tJ2ggo~wHgoLDkzpFCc@{stXW#+YcU;S<KhsypO8Lk?>;321}Wte
zo-0h+CLRWw=msobrX>=1$h+_4wR18yDFHT<P3LyDaXYu={|x&!T(M*%DE0R!G{xsF
zET8c{GhI92peqex9BwLUlgvRbqP4sXD44*YmCOy1r@Im7-1wlST^F}(CHe05%^Ywr
zlDZnsN>6l&HCP|g`pgum&pKBs;<JPc<V`l~X@|{p7(Q^?n!5EOfF!^&o!!B4kH^@~
zAi{CAP*NxjriiMXdm`z)c`43nocx8M{UlU`!={i&#usPbwb&Ym1~7z}gn>+N5`!9Z
zyG;-mOyzx|zCdE|dY9w0@Mwvud}RqF5B#SCWUZKihGk8FGF|1`{=C4(Nb$kx$uWj~
z^)$0L`SHtZUFtkW(s63TWt6D;UUOd&|7D)_`}gl4GYxT;rU&2m<vm-m8{3YEJrjh+
zLU>j|)%BzZ-ezPw(PyH8-Ug#;tNEiz`S0|ZS}yDDRv!}lxN2*vMsW9!h>8XJLI8F?
zcIwCKjHyM&t=bGlMF<@WmwLTvyZQ2^BhF1IEf|9ZVU%nl<-uW#P_M7eJWrOfuZw&0
zuqQa%ADn^p7CA=G0bfQzTRHa&S1=Gv@24Hx&-{P9y>(Po+Z#5z0Ko)~BBFp`5CQ^9
zOQRy90@4kl(%l`(5ky231f*NKyHQZ2L7Gi>Z@OWB@6zM>o%{WF$GGF};c#sBUVE*X
zZ#>U4=ZvTj&6f*M*Fd?7(7bvu_X<jt<XNmR+R?AU69SsqjxQ;Efw$2)N^>5A-ivjO
z2rLRJ8MLRvgW-55&AP5$UJ^-<)`iV90Y(H@;3rvR=Q+%)jA6nk!69X<dyMl~EJc>J
zMFpG#@M${lNTu)o2dCK+Fv(EbcgbveP_4c8Y1tz6?51h4X?~h*@zXLKr5U*J(S_#+
zUB-P-HmGR`hIf2{5WK=MFza9JKZv}%-A#blE#C3~DoUdw*zZTO0dV|2uvw(Z3IE#$
zz2^|^!g#A>3no?qGfuZ72t=N*AZAAmM8zJ7s(Q*fbrIMWN&q5n)VW=|&U{a4lNB5>
zNXD)}|F)-gZ5H@_TS2#lf>r@07=&c+x6GB7p*_DqJcxGkvpN}cYOR!>fn8ibK}d<#
zF2d^g_r8<qtVZKxcq%m)A@;bk^E7NmPOY+6Z`qh`8t)Q<#$G6<S>0AA;IYAJh|%5J
zjC9U%FpN1?6tVbha;L&i7~+<fVPRXzZpxl0+a^Ym(ch0jk!w)geRE15Y%&9-FvfNe
z%QG(VxA`EOR$$sQ!IFX}otuMkyd>&?3!knK=pNmf`1o)vuI>Yohjv+dON%t1#1MPF
z!45)b1k2O!02_}g4p>hMPzQ6LS;buj%jNco`zV-i4Xxgu?xA-P11=E1c<sBQ<|3;D
zG!3B8cnU@uM$wa6ZvV~^Y-!qf-{|-Hy2Mp+{kukEMpTmvMFR$v0;`q3p*^W%!yL%|
zMo|ta^6;T{f8;V4ptr*=2Nq+Us+NcWPq_GeHoz)JUZqnE%7J;XzTk%U4libayfs>2
z^U~gT)21EU4>dk=%5a*@jlr60nOw$ZW{`c1A9%B4=l4iyVHO!27Nt?ELUkZQ7$pBu
z-G&zfX<7nz%;zZ~=?H#bN8yJMgI&S@9+%YmSW9;HuWKX)3-hW)fT|}AZg=LN@^+@f
z@1_m7Y|L{7EH-%d7ZA}}l2$Kg2v9He6*1W4H3rkRNZ+V(P@P&Ix{jtwQHHtb#1NYA
z&d&PMRX+R`gk#^xn>{w%*|W4^c0}`NlF}z>oEe;kO4UH1fOIRt{!V2x{3%c>IDdAw
zq5=&VY747sS0{QF%YJA_Bp>m3w&F8pEwt^-!RL~@$noPj2c(Ff4Zi$!Hg{+ir>NyM
zz@Zprx7SjETv{T3mZS3C<}l7cDhy`T=SORIU0n%~*Gmat-oOlh^O2q>pXjdc!_0V|
ztWPo6-73?AWKB6s*VoKQfL|CCFd}0lb-rr3<^!jr1K|?L17^A2<Je8mNt}{(95J0|
zWn)8|qCG4vD=T`iQ2I(Crsad#@VzoW8cBrD0mmJ7aNN&)^=2Q)(clP{BNFeT(1htJ
z?WEBj4{#RmsD+LLG6?9^>0?>P2j4;fHI`GJ(OTb3!5RvQb2YfBE9>eP@=4muHhrB;
zJhQ;hk8!fv6JFbc?DrQR*h?UB5x+WzZ%8B8BvC~IBCM4|8(Z7)j--1lMKG^HNjEMj
zb{cHCWzIdwFoBjYHBnDs*Py<HfA}TqgBJ-B4-PSRQVh|c#r~)}B_-9It#TdBdSDD_
zEWw<U=wCIKn$bgD?p9+s<n(Mw+BGPz(bV@G>DJ<hKolZuyDY=xXM)xJMrNpdj!x*8
zXw6Y6|M3A>aSh6Rb0j^ZcyiL83!yerweqLS44yPyKTW}EL{~8gnVK(F`?*5C=6(JM
z;80b_sl7P$13v`0p0sw;JOUY>*Fyh>x2iQNSY6)N{oyMpL5VbI`gM18xd+mS6S?<j
zUTiI;JPMLpxuS}jmLwSBlF9tMVXOF^r5}4l|D>BPX>6kI2a6aRJT+xyf5k64XlMxQ
zABRUq-whrQ1%Zl5@7d#?;UP2MCC#MrA*swc8d+rUo|pu2U)%5ma?|0uw$A**oBl6O
zPEI$bd&GfR6{YrQ&`hh>RKx2IJX<)Jh1dO90!H{~JR^0mfC8ejQYyFKt5qm?-)7^O
zN?G4^r`<>S?<wCb=A!)|x`?6WjiWLdZgsv?N`Rpvn{K;p3jQvem%;4EPGsa0_~DP(
z4caFMvX$nz5Z!vlX4nvdW5L*h8(WmkVKDf9(Ap6CMe{}dU?glB?%kRR(%=Y{kgRo@
zfj4Ke?M&l9M)aJcM*mQ5rK)Rg;M>+6vx7_Sc0^f?ipVh)b<S;E4kdV?J46Jl940d9
z5f22t39Hz>VegHB4@Vpv4zJ9;m)V9L6TY^JsA$MWyV1+r*cX_)NATqoaPr@a;PMlo
zMuVjGjP8}c?*eJ~1sva4s`Cy_L@orN#;%Kt;1BqpQ#{7KTHKp564>Czi!rSLZ)3Vu
z6@;r=^|>3?Yf|NTb+FRUj!H-anK8j_Xm2udRsN`Z4*sbY##uGYML;4hvwgKFaBXZT
zw3AAPa6-}I)3LS&7Upk~+fZPNXxUpDOe|?0Fyv)?qah-IJ&3<hzCKIto2h3ivkm|h
z9t<OdZ|I?7nst#eA&WbYsW#>lwRwMjjF8Lv-{+N;lwLrDT<fL+q_zzkq2#n&gd3^<
zH^w(Td=6zxxH_YxU$bR;=lbb7otleS)K>wodHriT><tpK*ZXCSpt{a~1M-Q)!AsEz
znW;|RV99F<t*b*2P;90iTgS)mxniZxrB!}C&shpM*9e;NJ|kmu3CK855Cwt<WCWg5
zTT5g2X>+c?B&P+u(;Zfp#Z^ViFX4H*w)W~Zd5~<4Id7Fu5W-F)?aL{rPh$>Wf)N55
z0SdE_pXB>tZecF><a7iRpcG(H?i6xGz?_w)kIHjyQAG?MnhgpBN0_#H@kiNmOK1Ay
zT}tU1`own~41(ECdv7nDnv}pED{mO~UAg&hUWn|g%2AKuEBgcsGCzKZd}UA6-FMav
zsbBiLDfsn8(2t|+BM>@I%pVQ7pFnuc-kni4CD4{G4+*ZME}Vik1sJS4vyl^tqq^Id
zvwgRWg@cMJ97W>F>_anR@v9+h8><z4{KJVZvg(=<97}Un$khviH?MN#;St?NRx(J{
z$j2!lB~Tu1fdF4EJt(*`e@}<iTN%QO;*Y^P_U4yL660LHWiMJi_msKOs60+;c5oDl
z)fu(hl5yNDSIEz$Ug9ne+fwhXd`1d+=2`z{y}WIgUpB3yvA(&e?97TWKAb&vDx*bn
zVEle1`{aL^TTd5Ua66HQ6-5z14!*$`JnI|Zmpvy)S045DGCe(*GdU@87fxM-sX1nW
z4cqmSxnKEdsx2S`Rt^+lC!Usi%jPRFXJr$OzDT=`B6%R~z70V?nhhqkY9UV+DLZ*C
zv9qN872S?Kjg<CF-#Up*w&v{DC{^YTs3Hy^kOl(|yQcRaxSO)yi1BH(!`%A0h_S#J
zD9@iaNj~VYz&w>B)z|dsw<>TYNUxI>mx<PafZL8W7zCrtEW?nlrE4~Z!gx@rx`_|r
z9elixQ}F}F7KR>di7Br9vXIpjMhRK;!578@G|~a+rgj`Mibx`lXO88L0LPr}mfE`U
z6tc(8ZZ{7|nBnj*bgJAc*@0j*CnMN@5W>MXOEl5vM2aw(jTDtP5SxkXAh<F_x4T{2
zl|pK0v2>9SPitB=R1s<{K8t)MdhufPho}#Ryg#;VkEFB49vvoFw%X+e7Y1|qz2m{>
zW1*nUVF;|By{XmSp-)2LRD1CqMcs+IchO(3V;up&0EW&Mg?Gjo#Z^xKbww@b9T$?X
z8Jq!i?Jd4#^h0;B*s-VoYi`N6SswAjCS~QGm~B;`ZLNNON9KCNRyGt+X0ykeFBAuH
z%Z%)cK^vHw3rioaW3R$-HPpcua`oaJggADJB=wa;p5n!%jjJk;PwbvY0@R3m2xlzd
z6YSAnWLwzd?-0!?jnY1GzfI&}z(l95Y3h7i584ZGfG^e62#VVRDk?(gfu>zhKfrBl
zY+UX^XgX$u`8*YT8B2ejvXBrE8-=PgF<9RQ+ncp@JQI>7a~`<{9u*bM1NRQNmQT-5
z$cRLm!aQMuwG9khnF`8EKMLM_vilW4B4|#620c#q7;e`TqIoAMe=OtYV^3*q0ww|t
z^%9gs6F6rPo}Gpr2-kfAul)m=LV^e*?J0P1OYFy%OtyK+^zkHg_X9Mj|4Df_B&e|Q
z1F`Uza)`={pHgOP$yOM*;z0)g+WFz+w8&j&=c9n!^bRUFbQzyF8_HqG5`mtF?=M-Y
z=NI2rgH-?kN3Vbd3ky?U?r2^6W_;L>{Ds)vs{=fAVM#X+ZU>&{rE*pSEH?1;3y;q}
z82-yHAMer=p;%@^VrljCezs>&KFFwF)2go4-vEKbZw(nKND;&l2Z)}J9LW?15RQ^6
zJmw#y5U_OguHcp6c&jHcImWc!cyK?5)3-W1%a0;6pIcy8d|xx4ttElKA+dm)#}pJ0
zpQJeY+VscPF+|feDT2@gBG|*8%=6{A<<n_BW@obWEh?IuS?z|40KSC)+@R;%c`1!T
zjI=U_7xWU4P{o#(>h+r1K-M_W>U?8@f5NQY3*%nWe=g9e*Dn0<j~3t*1wvBbimFb~
zwn>ON#t>LAS>z%nCpw}=E#P(nPQC?1Z?SL~AQ=dPo>E0az6^2lXr&><<#AwWy1KX_
zXk%jAKJW6=T;JxDprE@L$S?q*KF3N5u1<y4yr0MeMiyNJ9|7#dBjJDI?#XHx1YiR}
zrs#`ei)5u2C}$gm5WhSMl%MGYsfxVyNq}sxy^B1L@CU#d3*9`>FqhbIsICsMPWB~v
z!GV=`1M}W4r!S5;(av8#LfKN#L}gc}Zw2wi9X;4g6|?vSP3=ma`PbZx+Q%dUstnc1
z(ysafi02Fk91TzY8=@3fRV92%N<*F{U)g46{)ifKVc$guW8?4|Lcf+^MF80W_ytvE
zT+!K*L}{2Esl#2D04xIANc~oTWTbIx3GjZ{{V=vX?#u^F`c~Nz!0(Xk0D&?(x^t37
zh*{Ly`Xq#}o(bH&uXb_)u7jyzxuM3xUsn2;eXmoN@eZ$Nd8-;=f}o6v+0`TlUD02;
zdgJelB!4ti0?{L}8}!J=&Ng<;mL6JQ%vG5gv9T4LH;O1v@63ODv!sW+eQU~uihhfW
zGXQDp+JaSKpz4si_Ur=UwyiR4kyV<*vHf>bU&7hbHh7zi&nLQtS4sN-O21;Ec+KMj
zp@)?*gZj$xBynCTNTlKt)u%SXNw&D~J%B!V>Vy#^kwAACJDaN|NDKe%ZwHi}qZAZm
zbz=+0Lg-L-?(ahIZneS3j2|Y0>COR=dE2@Ur3_A@Fv01+#&T^jBf33ZU9i69>W~a(
zZ>krzghBHL*(?{FSRVlIwK(xKYuZ9zDL9XSReXZQ#B{#Wm9ZyNd;~(gcH%&gT`e(>
zj%uNJ@GDqM6gQs*$)32e9JtOS0+jXr#9=PE-xQH++Vq34M8(F{DmgOh15*@d=%cZT
zxc$<}Evw~HR4<QT4N!BLZG>RZ#QK~`sLRv4B=Ot<TKT&R3k$VirN$gV?R5n)F*U6L
z5Q<_PCigezr+ZqC4u?<eTO%PEvSYO5F?n-#@JoHxu-zdVZjlc|M*Z<ujs}s%I!kv9
zx@D6q``jG0I)dN5N7!fgkTLpsyicng=J=@!*T6FV2USl8*^2w`wXR0#+v9mH@)u%z
zuT~n@ELPns6^UIjErx#FTwL!v`4pD~iOSyBb7uv~G1p;n+`QalvjY0)nXKQGhhMn;
zH!d)~D2kNcQAjv966gj2%Gi(r;9*juvUk9d+Lk*4`*a%7st9K7h80Wb`Wtb7;z{x#
z=p1~{a0*y1<N@fq<s-d4O74JyJ(*iSo+2~%m--cH+<-p;^pYZj;l-%GJu+{(GV<6U
z*)=_H$9t_Xl@ju2KCf_C(r_AS5DTVW=Rb*PS1{Z2eJAiZ$dOp6luvtEv!LZH)$EK0
zd*6+1m$ql8cj9b6<?R_0+nR7Wr~=5|uUV^KcKsIY>_WOR;*2~{BY=s}yXXy4GFWbS
z+eBpI<X5i%hu!ktEm#62yWnlIrD|)tu^d{ZkZvEmC0Mp+LJ|ylw`NZT&?RyDMEbZr
zG^RnLO%epiJ3uD{1_(agCyp?UpTLgX#}`!|CjFhD#k%-9Bk$1TLpL^v$7+A5+z4$V
z;q?+ZOW_~$enY#W322aZW{Y&N*Fb+>0$#X=JQCKZYF7-rd)I2W)pOy2yL(j!%ip@5
z!!@|47WQ`-0#*0_vj6_u5$W-Sx0{f?$JciI1mT6iqT7r*di-9X?V`WXm8Godw~ImT
zKom%4@tB#Joo0PUG!KEafF=F>{GR#7*5+o(e!1I2?Yu~i(59=qG!5XIYlX-RS1FD5
z^f0*^FzJN`^v&`I8{gTu-=2dMUoS_6dec2OIJg_P-UrJ@1;<*SDJvIs95fiXEUrvJ
zJOIXpy08^i%DkSQa3=k%S!u*8rLWxM&L0(@!>P2_3n5I~{oO3J?qAHL*JY7L7+sNO
z^SZFpBuLV3>nl^B82m=MdVJ;=J5}6<05`SoH;%F4Gv|E82e2*OBc`<m{)AM*-0x=1
zn{r0xxKHuEV?_)(tTzt+#P)ZIk*W}n>H<60I)4g9MeGQtJ4!8y90<~a@2du6T^buG
zHttQCHG+kuuWB-9&z&Q^HP~b0D-IN{D%ip=a1FYWW&uO%4PX)^^YJMus<S_51h&I`
z+rXf|g8ZcRqU1IaIaorof3yQnknLfY-A=x_VA5fEeSO9U54FeKh6ofYQ_c+Twr$%i
zeH~8DGJjn9RyHLqP2$mlP6)(R6*4-oDs4E08KiI<hQ`Jcprl0c`H2)dm))Xy*(>^>
z8$ju-!eoXkyF|ZaUG0DWhUH(QFI0_z+T&yYTV(qh<lUgW`+swpfr~NNq<9HJ10yrb
zTbiKjv`<CvZs5Wh-aIomr&Rhjizm3w77}aNWZ0%DSmG|%g<m?BUz)xTt7v!)Dom2r
zs*F^C;zS`CFdMGFXmto{kHI6!s_)_TaF}1Z_WU5(*a0X&a0T&E{^%3R`>4pg!Q9r_
zgu;0g$1s20Omze$5yXa1QAI?~QUAD{9K#=uCjRr^Z^J55@QuLaSUn0(;sU1+>z;D<
zv_ac-8SrlS3h>MKpc6Q+zjxSJgDxIuZ2B#BfOtOrl$tk$f3WB6tj%4n%C4@i_%YkW
zM#KNL)_q6V>wCRnp|)ch){R}TJN!*f!x6M^0WbrTVAIJB@rT#FpZ-q5&|`5cpDRbn
zPMq|G!UIeWWRiz$^D~Z604aYIhrJrpr!Nk6B&gciMRn=<1w{gpb(_Uz=`h3qOl}_<
zx~bQwa2tS3;2%&R2%?WD|ABLUD5D_uMgIA4G3={R2f7wK1jGQNj`b&R!j;)N@(G`m
zg^8pqKf%^TJ*XxH@^Joi=Y)>a?b{U57L=fhEs5~@-?*r(`uQ^iU4?qmP5a#fRT1Pr
zkP1O`hsp@Rr~zyH_xJA%5YUjKv#%k>7A3loHb};SNJFYGBjx|M+WNI+9~?6S2r@**
zBaq(w14yBu;NE7PPu=QD8z6A^r5gWgRlj~NqHLKL*3Er|<p9^NIWPl}$bbfI;0)1H
z0o~n8=n)iTe)<BrA3z@{IRmHaS|;BiK^hyhF&P~&A7A%ZQXv+=n*sHJ_BDi3<IglJ
z_%eO_E7gyvA^`OIz@&!_`aqd10eq&)@}3nC1YZHcK+@}8v3Pc0{vSPuR0C{@>VuFr
zSU+4P-yyCX-x?Ki<$3cxlqS?~VelOn$80e|2y?>sjkiXfN;m&U!12&ty<@pzhc^Nc
z??7WcnZGiCy6a0S-aCyA%+zYiUgm>3_6r)nNM>x?18cNTig<6_xKv00xJIsVbBHDP
zNoaDQm(7bb-w#&U4=>r<!4fw_bm_ny<&2>($9^{`7c4%i7X$vdrmbV#0WmbL)80cD
zbO2N*yPtj*W=nF4qsZKbzE+hFpxW?qS$ue22^1Efh#y(R%$XOG^Z}87qeaWZ%j=%v
z^^p6LU?nQEpdv6G?wahKWR#Bl1}y;`lQ**5j9~^53WQOfpf`s^g}^+XbZWo!*sL-~
z4ipS#7tk{xcPAT-G(|oE!~a{n@&y=Ecn4GgK9ZYj4jGk&;N{Z*@It=(&(ylH?QkD5
zHu|SWrK298=YGL58AKGC4W_FF*hN$-50v<~Z}f=AYg2dB{-UG{P<k*et{@-Fy57RH
zfbb6#Td(0$>N$&ZNW(mLixz?av<eG_Bw#%^Alo?tnV5oU1aJtArXmo_gO=zRq%B~?
zN6LQCri5go&>NT*7+$B>oT*&j+pvj8T;(Wsgahku17vRraSa?J6AKzJC{KIYGsxrt
zKLuG98y>Q`Byi+6$3w~UN&=;WfLyS-_)O6lppw-!+J0gHDf%kh0RhQAiI{GHejQc?
zfGVB;?b;ft-OP8}sMa&EEQOs07Bm6nx3VqSt}G>ScX%jM=qSv_*J(Yu=oA2Bi0-dn
zzVF=~T*?$;0r(2|FPI;TQyCctPqqXw&pAe6B`SPqDRJh#!>%B74NO3;LbuR8*mh`0
z2PX7{Rpl^D5%)uTemEf}$F+_IAnc!P+7~x=lS-Oli}>-i>726m_0*9Y*VR^!LNtUR
zfWL#~0x^kOQ}@lzQXZ3jFWj1Y(k<%e{@=m5pJP8+OUqJaGkfD)BR!=#^sTG5_t@BC
zCXM@k!Vg2_7@wWg>a6@#Slx@KlEojA^@N5QS%-!B3D!(c4}t24d)SUrL4ucM-}(w!
zeEi2idHQ=#blV}1*Viwge3gZ?Sr?H?S%3!QZlE594uMRxwivpw_T~VvE{mn^E}P|`
z;lQ??ut-L3F!Is{bR*SH!ZkdC`9hh_>WXmQg@n93Cjdey<p;j=EJX-7q|e2#%V0kY
z(7piAbrXkS-t*0Z*;@l~dEC+CCFB~gz^H61HX{SpnM!t=Ij_2aHUPQ{`>TuLOR&8Q
zUSBjfh{+K^rqhAvfgs+y{`v5$RB9)Z%AzsI{xs7bSNE%}I(27cg}r-SSpj-Gkbd3W
z=P@%f!$T6ZN?$_n%4!ck+1h{N>8`)Wwkk0&>afDM_x<9p9-KgKtTZ_el!UVo?I0;-
zWmJIu#;<>40kq-G4)buiI0#ROh=?MHJYee%I3egSU^htSP0Y-`bR@O5V=&Vkz(x!z
zc43$26ibp<#_Rae<xs8BBIAQ)YLFPiOh>WEmKHWxRtBT|#EIxPdfmA|rV6sMp)#~G
zwuT8?*p;u`RoxE|%UTEh`BYaN9^~rngM+NWD=W_;H!3W0SF%zZfe}9;tE|i(#lqx>
zF1g0-V{Oo<RaRDB4%u6l#e;12^)&eMh6ZL(=@CJ1($lkFRMXqs*oaM-pocvL+q<XA
zvF>qLAP?KO$cvfJf=2C49R!0{Nsv7Af$tI86evRDTLCH^NH$gv+wGioo(C#To7sO`
zh0N}M_T`5vuZ8&#Z1Ot0_%hBoly?NuW9DI%y1pTAbCBhL5m7(VP^YqL8EndH1C-$i
zIGM4ybl^;03vEyKwrv)ZAZR)Q%9(rMd%>VVT51WlNxH`!mIc@B=cX^HL+eEdJAcs`
z04*522kVv1$xj49(b&O-auS?~5^2f1oK#!BJ0Q`He}?jn9cH&eSV^r60K0_~j`HW(
z3bR_BOb$mz1AmVXSl@>#Il$O}Z)U6Xj*N_4UL!rn>f4d^ygyPqnD{U<15&heKasZ1
z&L&V}d=I8Zf|V8c-|kI+dG_d_$oU2^@?QoY4m9oJ99#1W&!(HhO2xny?R;aY^OWaE
z0_%?;uuT4*p!vQo-r=;nJ|8h6QEG;O<CU|yeA9X9cA4$;5KaQt((EhwOea0s!(+!S
zdRCT}5_RZPek;Bpvi}y~Y`gh@vhPsk>szECEV3+RgUW&l6UQA`DbuWi3g-xn${RP9
zaeZa2ScWAx?A9&ZJ*B9LFRsyRBMZ)1wzPxl&U>XU^j|S_mo-Fh-~K9&AA2PGV)Z92
z6DJ=gJnuH&l-MmAem<MAwx|5D=f}0^8grk!w-DSEp;HYoeQI(8+oLv282p_xe#Kyl
zcP(_sPr05c{^bzWO`~!nW8;l2{l?nVGJ9;#1#EiX+U?*KzOK&B<d~SY1(Won3YY~F
zR`r~F0XWgCnWhqJyYAojiwdy=9na^<+Rh*G5M2x7Fb)2mAk8D9&iHBWBm!zR-8_N(
z&1orSW@er*I{C=*IEl8wO2DI_;GodlsEt)iZ}yi_c~1*qkrtw5|6(zgB(l_KHdk><
zD65C12*aAx!4xjEeZef0r6)xnOV`1w=XSVO=YHxu*T4}E`OnRA(Uk<A{VIvNy0+3>
z5+@K$0ZzkkJm~=}=hY}Pi!XKQlZQWzOv0*&9k+iR|5jV5XlW_gwqBuSUi)|v3iByb
zsK$~%lHX<GZ()NTRk%1*cUgUNGRE+T-Qa~(rYUY-UK!1@jpM0pONupw9uI>v6dsvi
z`0a%s98Q~im+i>}c=<m%ITu+|8ot&(K0rZ9BD$8Gk<qn?u@4gFjBhCv#2QwD571lU
zAt9$k>}EO@%eJU*h)hom&>=_K^3##*#t@;dc;z^!^#`3zeQR`*J_KHKwD0Wtvn|8j
z_6>7P?7S<f_%!6esO@c~wc;md<(uxAS=;vi)J?O&wI0pwySVF*d(*K>Zp>x0euV7q
zD<Ti#$ilPKNR+T^%YbdR@s=C;Ir4Di#^!-t*xvYU+k;epxaoJ92sTNEYwG!Q@+``@
z>*0g3B+>gU25Q<HGifCvY#)WDs&w=A_NGXAGpb|Eu$9`+^8`9qI?Vd>9m@_kOiE$R
zkWzP+{>Ct^jok2IJ-^dJ0>9fTd*8yLnXua}8wH-SJ2!JoZAV5<--^tPSy}3HeheQ)
zyKDw+E(j$r4X=kZFFl@Wuw_8<@x{}!_Hp~_<wizET&sN?IAPa!Bo~D<w@F20i<Vr&
zbu|fYgLbNU9wd``v`Q)}&)LjU*pVjZFm@<*nsQd-bXq%{Ksis0=r`@kF7~@;iX0YS
zF2ZEoObO(+?Y}O0$dZ7L4Vkr*AFaoOOJ1HqkP%yoUYam&=cqA}{kwft+OmeKq5Sr<
znM|$ycQh*(Qa;8$o3P=x#T^oStHgaMxsxeBZAQs2s3;xs(Az)ay%0mo5z%hz&+npt
z1oX^zdHJb#O*Te-_NMbCN1}wLv3}PC_TG4%qN3^)*L1~uVrUpz;@RSKPD@rcXW^!$
zS~;COn{pzXcFAYbe%tN?5!$<_rpLwv=KAwaX4B&?zDP{eEnUZ8jd~8P$<Lij$^Drj
z?0S@0cjmmL+%(%D_YKFtSEHuVvXfQNqE_s=`SAID{-m7Ln0UwApRg+>ol~slZz2!%
z!o>h+Wu@*5K_5S+CM0xftTRYfR9%dbeHJx*5E34qbRo~}BW96ja7AA?QdU*9<V=8E
zXMuY3J>u!L9j-m^XdB$&T2w4jE+|RhWe77D?7_^}SHmzC)<?cvWo^}nPr$2DP@I$%
z6N`O1jQb(D#@)6{tiCQ**22uh6f{v~IpJv+85FXmKu@1I*C*hE{3Y6vi(g$;wH4c6
zYyUWWn}m{wLn;6_mk+gQ-+$HExrf0+$FzP@X26xB9uK1;&n_HFxhJ-MN*le}5jDsi
z5~o?V)u?BG&9eHjq@1I;crB70+Y$VdKvdGHbtT7SbJ}%89dBfP{Z>E%h(bR(Hng(8
zZ(hQhak_rjKyS0v?_!c!ocGywvcXpJXUvzwvdzs!9Q{H*zGo@ZW&3+W70%k>MGI|R
z#_so5haGc_nw`*}L6JYeys=yAPfAT??pq)^sA+Gx?r$+(Kte)7EqDcnBDBRLWV^`S
z<yuxNV|1(jcTG9D)IRHdd%ExL+diMAqcbiFY&9&BxG5oR8pn_qQ@o7NUd$d|GpxP=
zwu#v3`&-?<)vmb^zTSO7ORLg8{jHgx8Bzpn?7<%CS0WGLXqh|SNnyjYoh9KVt9|1s
zN-*=Lgyx@;BZx<jrh)Ud?CEGTZTGY|eSadyFzuKY&C>8Tqp<`V&UfCVv}u}qt<BD0
z@zFM(I+zSKZu<7aa^<4!dT%}dnhv3d(l;pPJ-^Vu){lK?LvCbi>PzmMy@qi~RAINd
zK=|#OJ=Yqq`C-88D)ybS;xg;4sDx>uhZ9q~w4NN#dsR67Vd|MJ#hug;<|(V%YXynl
z>kfld$BfoFZmO5~qVw3lR0gYN*=KhK-Cx+xT@<#uGV`vQzELTx&@riHuxVU}l3znd
z=T|E)3}9wj@ncrlG`5>f<e}ZCo?m}Y2g7)-qqUMJYwIDkNfg<6@J)|t^XE+piG`!t
z4Ft9o{oRguAYn@RY@%hhI3+MRw75LqzVlraNK4c>w(7t)Qz$5cqoFgM*6n9$^ua-v
zKaGH7z{JMxdbGPQDHX!=yx*T@hw66s-UgwEZ^-ipt0E4V{`14-j_PnTY~2B;fm@*b
zJtnN7TV(c4(|s-&2aAKs?ubF;wxG*)F`fJP@S<Jg{6=Wmjl=P(u}<F0s?o0P@n7&p
zvQHbfQaT)F3baO6&4_%O8R|LWv3S_`Z9lWC!qC#vCpA@YS7*t^x-PbPsf_|RxAByP
zbeRI|9&63~MrwL`d3)8gP01DECc%JT4Qo}x+<ZueATb50sjJE5<yRJ*Cnw2mmxl5_
z1_u)gG2VD=YMODJO#OkRq+zeVhU$P>(K+@Fdw)Y>`<17KFj=n|@cA=ZIk(SRrKC2j
z{hThi^{Pyrb6~f<Z8TkC2{90cR8ps?RXQY1tgbkAcrumQ|M;on2p(6;eY_Z3eT{wZ
z==%Yiw0r}wP1{x!0ZdxTTTU;*hOet{l1qj1$Ybo6+Rdvpd6bid90QVsTD^#gk@;}D
zqO60_C%a9j4xDx)4mbTtU*cD9jqkUTG?iFB<mTp<B@m5nP5RVJI<bv)XBMdvHM0+@
zjJ~Oy=e8|rR#Y~G+^|u5AvX9^zg6Io^o7KRh6jo7!kJ<A70mO5m2LBw4zXqRB(Z5a
zhaqiFF>7d)5+&Rm0uGT4q8I2zraN^%rq>MT*85O9<Mw^PiJ)4yQQ3HG!e+3<Sw<#m
zB6QMx(20bL5nmJn6X@C~!TOHmn`AbJU+LHS!wRUHId>7n7P`hj?gM`H+?<j1!?mNd
zuBlLH%CksmT54yWeSnFb#AD@S-XydkJ=5}8=2e_o2hli_XWyyLBi+2FY2mVI{DR>W
zEJ*%W4k)}YMP59SM?k*LxRNz*l&!>A%$KY4F48Gx$a#Knz?u2!P1m*4gpF_|t7|9o
zotlZj(Pr`w8?WW;ycMut45YI?R(uC5In+@)eh|0hKszm*!i#9+({;FXyYuze>)Fp>
z4n4!{67eZt1FH(JA!-PltV%Ulg{Y9_hAR+^BtX+;etXDKV|USVx<%;VhJEE!lV%L~
zS7WgJ8R}K40r_SJdaPOjOi3MyWQ^`zWAvd7&}jix53{<Ac?=plRl~w_9*3}txEDSa
z7k}lZRi&Dz*V^&Qw@<A?&+{C6y#g%L^GwoIS5Jd=F4vw7UAZXoAu&Cj6ZMDo*xkK1
z>}+i90lF;Q;CfI`&33R^20!ck_OLHtUpW>Yog(B+`e_#Z*?Q;&=sXQmSlVt=@YnV&
z`dJ7M&>Iz*4IUTBfa}muvxC+d=2kG9dSXh49+UMXzqLek>vYEys{ohnu1Ut8W1e*M
zEsFe8v_dUi`-BfSY6f-=%joZXR|m_T*r;T<+8G*FWfAH)IGNfB)m7VDV_56!P9IE$
zhHB0`M8g!-yy@A!3)TgWjU=VMqP~}rBWU{~$o??|4-rihMUMUcdm9D};-U27cl#sA
z@>TT841ByxzrP=mK(ACI#1}>X7IlqaQ-0Wrk8t_kJL=Ij6sFJkQ;?Z8YvL{?f;iA?
zl!T`JTzyc&ER?#sZBT^%!eOyQBWO2OLL_52J26pzGO^5oNu5o3^5I2u-9*%UK{#Nv
zI(wwQz`06zY55hzA?VdYF5BCQ(lV<@!ztMHc<1cZo(kh}Mc<!pm^+SCSSdLvGz6_f
zxI}I_sh9bnQ3L&Ca^)u^;!p!MOsQ$eka33=+#RfC;rc?k4ZL;Vw;WIO-<nA2U}j}8
zUY%8Ot8!6<&&%wvJ$~UuL0nHh@!QPp{`{<8;<Ql;<shc1Oq?PUUGuTYyl#Zdq-@$J
zDk_am{jaLICyF$Jy2Lao+kQWopWk`&C2TL2Sa}fWiC;}{)PLsi;AlXC>@$X$?hJvc
z3ba!e`c4KUynK1vFZ_lS_?@g<7fvdu&5>3>s#5?1d1Em;9naHiek^g?-p`McQw)ly
zTvhueEJ`?O$gxSIM4F1ntm{WRSto?&F2d1f!<A`1fgN2ix6iSuL3nBE<-e|F)o=}b
zfbHI{x^>a`BukIYZj<9$8Kd-JYHW=>T2tT+$+$={_6zN`^|N#BEV649Z1RdhjAIT2
zA*v8`a!j$x`D^(+h`!k~fVag}B}xz|F*B1B2w{NSRh^VSS^yO?#-#bBioFdsQpr*~
zAqiM#$0ZUi<SYj5Dy;37Q0iU<QVgbBx*s8i%YQaK6k{pA+mzHAq5QpE9Ca+Vi`^2c
zRZ)sPX0B)`&u(eaHoPuAO;+7#zuIX?d@(9@Xqcoe*tASRU7aOmsnGVoD?_c=;MEQ!
zV`&iC*sOIgCXb^%)WC^EN8Y#IlSw$RWR%h3IRQ?H(9xB9cib$hN_ITcZF66wpA{XF
zTJFasnHWIhnGqz!ARU<0@{tY#ovxjeAx+tlWi~y9i)GEYy-k_!$^&n-l>_AONe1ZQ
zmIKkCoQlV^qc^`EjC85xTHyulg*{rsFL9F$clqrP19Ed)jwssN7SI{CjeLMh!uW1!
z9wniXH8YEP`V?cd-s{s}uItTjyY$)3$CI9E&KaaZ5DT~Ek{dtb>q)|jx(<w<T&sjq
zL3eaCD2lK!6lN$r&m<1>h94Aw87?r!mB@L$^WoDn4t1>1a$U*Nn%mqc>d!R|A!6`<
ztl=VoMk7NNB9P>EmOQkFStpK;GBoCzjIbV8iqw@;Q8~MAZ(YJ{yD?|GF%y(bQ*q|%
z;Q<VIw74uBJq<KuNq*slJ$s=&=DlauLr<RcEil<Jf&m4=(QQJ)SMG+wc;zlInwXs*
zMFg{IXGBl2LsPbBB>z=vDimaUZ}StMwPj8FGe%v1A9=8@wJUe|m6c?W8Tp_(M*AS;
zN$H{`A!Y?JOYw(nj4)%poYfR!kIFnySh8u<oa83u`8<dZ9R=CYdE|lIP=|}7;32}M
zhHPtvZ=$^q?p#52Hn>rdDLM;vo<-)v+*KVg1%B!`agU#L9eT25zMBTQkyuc)_N99F
z0H-Ib$2b?hinFXkFg7&}(+_F`HimD`S#B_sKT<jgR{PS`yXz0XOq{AfCvFALVzZ!%
zSS;OO6;2c$A)Umz;E<sk9O)_!wY#OsCMhQ+<%e3VLX$y5{A%MKYdT5r(%{rSJz;g#
zyBDcz1rcn_B#)(BDMX6Uyn2G8hi(86a9~Y)i@R)UE-Z3pLHFcf-Ot(-X%(}H;u>7=
z9ZJxgyWf_oxz#r$Qvo7Sx~{>(?#|9@n+N_jBO^MJhh^a%-(`IHqfl!|j0knL$|R7V
zQ=Zvf6r3avwiXwH;6SNsh*F5@nzNm_e4=5e$|CtcBi}w2?@5dSKx72oXUQ;1kPCAg
zEZ>KQP_bVc;?(g+?V-;w@o|C5-BXl;au?Rlg+?DeMVVQ0;iRXR4{n+4;{K#T=T^c@
zEArOIG!1~SuxJ<_Fm)Bwls=1jN*H}jz<PQW)z!`xEi~%X8M}VBo##z6E)o{2;^i^T
zWsrWri}&PG_@GWH#yGh=X(uc&2W?$l-ANsh5Zl|@0ajLK4SM#;g@rtGz<%iXmbxC8
zwiQ$EovQxc#OU#vf(*lB;B0cBomyrZwEx0w%>E8K5@5zaw(Rq}O<aj$$dB-|2r)BR
z&l-w_nu%O%E5OLuOzN?T%bpdNRmkhyfIqRaA09MlFgtEO9=C7}>oAMG_9pJ%e`?O$
z>l&)H5UWMKD@#=)&txVK;SbVQNUd`e-(9n;ToQ3g-6M^jJB)Y1Rgp&TYRCWjsnZ9J
zMIV=r%x$=YW}2L-Dp}!MqO@Xh>O^KLCh6AVx&J)kTB>4~HlH#a+KL=7b}$dpDDtI2
zBc{a3C7tkX2+~&hy#G~hk|Jo<P>1PvxdRp4+Vgns>4d`fiVAZIhN_9o5sIlc&R2L0
z42m8@)&BjLk)Z|U??i4aKUWK?V+ko!lMa!9S_BEC!5mBbI;-?5?{`^JeHt>XlGG<#
zn9*X|I8In8r!|cG^~b~x-u~bH&WaaQI;~jiLKr+B%HLhJ#GExilQp2IrC6F49Tf7b
z;owfgmB&o1j}(gkU!^gZuGlWgg@Cr2%xLsy?R1v>uYw*FoUoVBo|(^A|F_-YO)_un
zVM7TAzUY73>Yw*cujaC}t_>%%iKYn(D++~+2G#AQyZl@0|GeQ=-LdAADUeZY<tVLg
zT4E>kc;OSrEw*+&GS#RgEowvH!GA0F&wB+j#f`k{EiCrc#Ez}lGcI3{wiCEiL9JUX
zLZy4zk9*8T+JnMN{_~W7@4+pvS#@yNp7vaW;_OX(qI)OtYKT0<Mx!zD^Y*JB)gOO0
z%924{&+k{5e~)rJBcU$pnlzT?obFU#vqyF(GFRsg$DazZW*W@468^asDQ{o(WnN#F
z%o$J|N^ZqZCqsyY*IFkxXZ!^mSFNUL|Gls+uDp_Ra-cb|aq+kl!xK+PZN*-~2}Pw=
zoXQ0S1*`{-|6c0BI|LO;O-|=<)FL1dbw8$}s+h5Qq9}8q$#k|A4WfR(L=Tbd@~;^U
zsdKMe@lNfX5``8GS~3bkW5z$PthX$@)({sdC6@7zStC$yMVhRLAex|$C1|Mm&&xx(
z7M=(*vR-voHmDBs329?gPLxQT3_9ZR=NhD%WvroDBPduIT2VGA>4iPwl<L|Fxy-#`
zI5AH>?OmjB$M7>u^4hdEQ3dF*B@cuO{q&lnsMc}!YyQ0pa!hX!ZzeTeDX5O3kgAP=
z7-82aPbeC8?CA_*QEqnL+q~F@!Ir1pd{#$zAo4h&=ifpi`JxD)+t=q62Q6j0t)JXy
z7VU?+It^#1Dkvc8)XM74P|vEx5;5t{99tYHs5_+&WeQ5`o(b0)Hd_5S+h1tvedf&3
zncf_-fPJ0ka7yX!=boalswX)#z@Cpi1bpwGmjfY}F*38^v|)}j>p;r_6we&`Fr5A#
zJD^$jopKP1nd}cvdy)1VB8OO9&wwHyHi<AG;VrHEiBe2kD*D)lptPy2QoH#~sGG8>
zhzWaiYtQqOaMZ{@F9Wk?N<{C#NzJ@!EwdlDMkXnTA;rw2&w-6<=(vRumsPsfza75O
z)0evAWXM(_ps)@Z9la`{C@ZV;xyY)E(sUqS9Q`%=l)Wunrw<upfprf}P)G>xEI!en
z2O(kdc|@?Ig&((lzf=^*;1R3w?=k_M+sN{d56{p#bfw9NtQ|VPb3j|R)M+E^I6+3)
zE`v;{8Gdz=%-Y6QFOS|Q_dWY?J>2^*7d`&HuR{j6Ix@53@UnFFR66>7xt4i6LAA)?
zk9M@xwy0ME_BG$CjbCSH=j|wS#zxW2LNxjaQBj<19|w6rV{A>s_6j5CLcP4IRK?qW
zJK969!vt>xD%w2g4$1xJbb(E2-GlxaK$pT>g@+kt*4S_ygH8|R8rn{O_HEn5?bFR%
z@CYw5=|UgdTDJc%oX4Ddyu@m9u2H4s-{Okq85ANnbbna<8bF4JaWOsmxc9MW_n?h4
zI@H^_B8DS9ySwXol(cKMgN<QeenpBFBDMzs%q%S2dJBB$h~C|h`3YD4icl5%i+y&B
z+>1irTa3ohOXaKluMWZO>8*%MC?F^R(uifjh?E#kYW)efR)p$PXjXNjg}o~Aj*wVc
zLt`K!4<h1!UgcaF49F?{t*8pyDBj-9noX;+K~^E-KVKu&58G1#xrBwNQA$~=Nf6%s
zeBtRmvEnd?qyP7!5$>)z0@45dDRui#P6?moUpeCO?^mKM{~v$lK;PB<0P>4+VRzxK
zh{=tvAJb{Frl#vVX{!#3s*0>3Wjm?4scMQe=CzK$^4Z@-sb)zkRALA*s!!eYBE>T{
z?n;l<PB_79{-2^cOy<{Wy0<S8ol=}!DRkJLw%WrUIVJwTnt3R<q*-if=OfvPo>kRL
zqIdpd3rB)Fe#UA;cse`6o{f?Ne_8<j;sq@nFmUP5CrH@iherVxJmT^1CkD4!FG4nc
z=6^rSf6eGf*zY{@iG-RzcFxHBVXJhY;T(cp8Wd4f(fApM_e9Gr$8JIR-((&_X%5rg
zTnPeism_fEb>hQ|{z+=^$0>CR_p&ow3vl!;_mxFwdb%W|>bB#%qe+viJ99)2*ssj5
z6T*jKsWxRbBmlC1%(*1*=_R88OM$%nBQpuSrT@Oj^K+HYbt&NcqfaS+PbkonNOx>A
zS%1`ieAf0*`p`)WedNpvC)Gh;7{`8@%LXZ{M)~cuZj;AiI+ngiJREnv&2?8~K_L7&
zv6cQ07y*&0(JfxA!BCtcgJ9W5*NiV!&U;JI5AI8My>FN2p51d40}7LXa{vk+^gbdr
z;iF|(XpTaB-5x=H4w*i8z5aOt%iuEs@<Fz{FKGndM)V{|9exq1ivK*b*XR53BZu_y
z`V_PQFEI44^4X8tlkH1|mxz*mZsv||oJ>6>AXQZMV3_y<mQ>jLt@*mX@!WE2swrkG
z|31Q}yK4eDg1poPd@sPE{`8W0LbXL|4&KO$ygpi>nmRW>{(&F)Hqd%=hn^Bs1?#tb
zskke`!opr-6W@l#eUz1tJ3I_5$4A?Ib!)B3SURb3;JATLp&;6_(2|3ddr6Lqz4e@E
ztz~?by(5<fc0w8GOj6*Cvwii#rv)^^4W=KE<;{wtyTvsj?DYSS@i=t9O1oKhDKH7D
zsRFh!ns-qSy3NXL$cOJOdAU?{#f_Pb^8MTB^XHm&WRonHmnF$Ax$!<P|J<sUJQlzq
z`IDB{jK$I-tVA8s@38Mup=5S~J%`1KEArFKdkwT=S^klH4<(t#n_52vd-u#M!tEIz
zg{$iiz!2#iIUP7(?j|(-s}~MyuK3Z2<cZ@~e?El^y8_nf@{?=$qJJ81`JVF!<i@iX
zxTV6kgrSr?cBS|Hqf-<`%mXo+x?Z=Og)zg;Q(vChy1BP4`-s^Ozv8!?i-6wcw&=av
zte*dX?6dACHi@)UL1vb$wz&<=#^C#vU9%q!8Cq4ERn)h-Ms~6+O3_}wDp!@YrUm3=
zd`mVAOog$L{Foj9Sb{i=-UP^fPx(4)^a06Esj2#W0?}4FcK*#D^b3J-3!fkh&inI=
z=3q1m3Q{)M?<|>WDT70o!u99;9z9gHEl>`~x5i#Zdwk&A@cbj|yK`HVH*9X#I_AEt
zcyl7j(R9392<^;%Vu2=OrufeWGczfEhfRT%(MizXkwVcIZ5@xam_sv~4VRc}VJdL1
zO9<M>9cgZ796E+WeQlwOB#kzaW!=Bsr7j?qZ~wY+7VpxZR&<CbB+?T9miU0?CX*3)
z$VVpjs>c*;no5d6b#L{j2I$d8w}#tE1{5v|{<YHb^@HK;F5B&EN(vgO@OakxfydJo
zwO<Uw&MsfCg1Cm_x@H=D-W(aNie1f)DBCVOF39LAA`@TNdP9T}jKZi@v>@8&-=!mT
zwTxSk<<a<om}T?PG4j%_>6$9)LvCBd;FX8FJ2pP%ujOe!450CU%6gbeF^kU?(WXBc
zxxZ14lP<oYY0cpO>Fmwoy^V#$*P7lW7r5zXLY@7HkskA*3@AsU)S(zet2*93`GPH)
z`<jM<?vKYtxX`&&KxJnDLs(2~>XT32N0@yBj55u}%@+`UO*7NMLV;_@0Dy?hgHg(C
zNJOwO@3np7;gyGjC0p<R*S#ZIPSEpkvi&!DU0W@g2N#k~8y-&24eqV!^a?C8Ge?Mt
z>0Fy<D-D`2^ty;EX0mQ-^*fGiT@*y8Dlx5qP;z6-<I&){8i^8SX0{B@g_u#Y=IIJ+
z?2FkmHY3?SpYgRZCDV^Rrxcx5*hJB>l?uZQvqjTJc<oQ4h{`*BKrFU<XQ8JQb!2@U
z7v(m&(fK)=TQF5HaXJtk!il<*Qw5W0yiAvGDOUYm!r2x8AJ$)GsGr{m>w&fK=ul$S
zuBb2X22O0gNgRI9tlN1Oz*bpr;vzw>cTuRdwBpyCDgYye_8)A9ctx_Ik-akkJKe=J
zzw;U$kk1%fI|Z_WtIl*+z$oiXJ9GFSxAiw#PE4jJTF%vFNwplkymM^oX)t&mP)B^;
zBc%x)-CPivqcy9g%fJ-Ni|prXfW4*Ua(P<I#z${hbIx5k@@ie8G2B9}93->gGdwPj
zdoI-)-$y=Kue~cdX%3cOEyv0FF`-xBhv2%twLWz8f=wydoi+_CG6>q)e{ortuepzK
zrtuWsoeJhr@S^{=<1v=yhDw(T*{UL)Ml)-Bb*QA*+o)73UTpUTv&MG^Vl{sE_k>Nh
zVq=xk`_i#qZ+WYDO%`m>&ThN$Yhr#f+-OPSerG|>-*Uh4S^b+0fGM2z-|~;@@I7N_
z`RNf$Hg}P&Q=1sM`pV;|`>p;fcq3owS+pN)|3bxo7o@Fr_2iqmMJ4%ws0s2Pi<w62
z+qA+BiiwzmD|y`$DDyP!SqE%b`MM#uIC7rtNclQu^4xKRlvaq|xyhZ^@xM3o=(#Nq
zl;^QxXRMf}%a`S>lu|@!yV24X#}F%7BZ4pbr}9YoxiAjI<jsk$k9ahAm;U`&ts<BN
zF#i9{!M4BE_yN@iWyhb3M9ES&3teXP6$`eyh!K{w|Kw@Ql*_wDYJ%H&4fAO!obC`o
z`Fgvv*%zb=4)L$u`)?Q|ZMv9dN%5qhC#k=Gd9CN?Xmq3IMZ2N@-s?eX#>VjR-ZNrw
zmHV`Iu?MTgA*9oaO5E;6(f@aFhNzv!7yVO0B!>K7#sWV3|Mja6ybyV3W}@h?f{IG#
z&piAQ?#BuW=^zF8P$xeKf5!wFrtlocaF1*R0@%rGHe}Y84G?5ky?m1PDm9)1Ik%qr
zigK|=5Wn+MoR#&O)^7gtT&d%HVQyYla&B(GnhE%sF*PX&GWxFre|<`wjKMX_b&nLl
zLxavw$61BaL<6l$HQxAQlL5Fb`mtU$*DeE`xZ>l-y;nNSnL+o!#8w#(?jtFGr328n
z{AWE{l5%#N<dH)5vXIf(x?usVM}JS~8_YYqfA;LzxrGv6r{xjZz;_e|>8Nf4Za_0F
zY`AIIdN|4mrRa>UsS9)MmofylAN?gO#;(gSZ~(|h{Z>r{;A;b=Ic>^gG2AgJ2VCwc
zK)@Td4tX{Un;L6JfU2l3Y49VPR)Z2i(0)?k>0jfXLihx?{ixtxHUe@B0Hi;LY~|n5
zzhICbY@%F#9P=imE3>y^+5>_@`1f7vQ+LAn_xUdn%A>ryQ?}t6NyleaCMHF=B~Td{
zz3}L^gQuWXfk&sB<0kaNj{=x)3#m*5poo$D_9u<rs)(SqfsD!sm{iC#ogTI_w@oxO
zvOpu9-8+<E<v0KVk0Ci@1juUGfZ~jZ2;Uv|rwZdY4F)|py(B=QP|^u2#qJ%U`6mty
z`KnU<BF64Rba3tLtaX@8x#%+#rH9H5;?~6SWSmX<pSv3rtZk5F02ILpmo){=&*e)J
zouWkV5A+B3EZ3bns!~mYu>Oe@PE>uS(^04wU0A?Qb8B~_vX`A@{w*}XE<H&wU9)z!
z0%)<`L!&*xy|~lxspvj<!)BhUYF~qTyKmvy84jw8Z$Oa-AgRI7K7A=jp#$GhWqH>~
zNdEvn71gqVEb3){KH&6XVm8*t2HDltmO;}NW=aEWTvtIDa^pQ54uuMNfXq=b?lI-U
z4d>b>{nXb>207beZ;3J~jo?pUmbpOC(-K+r+^q-%4Hrb%ei1@cB2qn>(_C8;U#V(=
zuigkFesKSR>`xCJl!Bl$tZS)2l_C*Gwwx*+fJ_5upLIHH%5kI!+Zzu=1Gmo4EivUT
zt+J?il(hnOMXzbMJp$1xa?8754rne)fJ**^nH0q17FO!sq219jot&TlD1giCE7!(D
z>hy!7Bq@8m2L&jZgxmlo9-R!AnZ&nnE>FBf?DjwI0(0|T=h=q(rY@&8Y?jr%K<g$4
ze1P%9%<)pk#$j720PgLuw_--G)}?5VJ;~6@69bKcPKauP<q<b5J<h%aK9zDk*BKNX
zjB==*2jPcmQ6&u5ko@3AI8J>1;O#BFvY$ZL9IVv&#muTRo&j7NWwby`Bst%0uB4lY
zIb}Vwe3O{=mbB|GNhip_q~4#OwbrV%l0wxeByrH%pIY;5F>KAvD#=k5fhfhUsOZ>K
zng@p<69e>){%p00dv(VM1Yce3mf7$NgPPB#=p#g$BH2UI<YqZJJE0JHQL5vr1$q@Q
zew2XsyU6E|@WPl~>u7grFEAog&DwFGkvQBQ_fnO(4#c-SkckZ~l~1KR7kdkOV8cVU
zeLXL~{OD8rB=2C}LLVt=YF=CspfYnldmh<!5l-~mGM5MHN6%}x2>0HLL`D(xJ!1An
zpx-m@d&50<u!s;pqB(6tF$#JhF842TD5u2Kp*K7BZ6Ujn<tJY{R<VCOMXwhm-pSCi
zib|!50Gxr)2PM~_<$7u*X914TU{fz#;-Wb3vfJ0A<Jn>mef6jC)d2^BBI5wC!wGL4
zTXAO7>>4L_O`zhyC2DQV3ZTQ%X%V}6Z(IXL6g(6i8r+U^k0z(4Qc6qJfartac~i4~
zslP(|;LK6u@z0A4$iCsBoFBDN?3X<X<H&HB`6v^QDwL>r%_TIpYE0Gb76zz5K^WEo
z+OMYNwC;3ekcQaeK3BPgRVip?^)x9LA0%}yn~LXKs+eA$H;W(-HAXuLv~vvg?zg#N
zJOW{AuvqFhmEbmF$DmPmNnyk$t|0zFV?(~(;5~Y}M1z@Sg~k4gsuruDxx#R|*^oOD
z&6_*}`ln22$C}$B7T?^*yz!zw$@N^loqF-jZvXs;esZ~*LULk5<-7ev_docj;rn|#
zZA$;_%cJ1abEwg%v}$&-9|qd{nH=L$*SfES9v?O@ywI|ty=Yc-{yc)V06M55-V!>6
zX}6g)9!ETso2dX!)|%Bn7^Wf9_bQ;g*^OJgX}Ri<s;H%Px-&U@=p-@X@i~CQ=24rI
zAs8+P$<HlOW!J#2v1xC9q+44{igq<!LQZ9XU=T*VI+%t}8-r^8BA{E94rz?gC^FiN
z*x`4bDp&2v*r)<VE+A@nQNL@JbGq4hYw5sn>1!mfyJYWZ#>!CH77!nAn(>TA2FpNc
zs8;AwaGX0MO{(s*RAydzoZr>;6T^F3v_~{g_ktKOyOEV~TJQ194KPxUS)d{F#D64t
zx`?S!Dg6VTX>UI3Odd#sUAy9=0W+*^bsYU_{>Bw|74=EL^@4r4Dy`qFhVv-}{=I3q
zcXx38f_3wY$N8pFpiQ*f42rS60o?0OBoLvz8>#QkWm|S^^3Oj7P8^ju&4W%7fVZ8J
z^760L3*Oz$>P7KOj09zGQ1Q-~c14_<evPR=ewD8hMKCHZi*8lccSu8xPJh4J+C^+z
zO4?3&oy_z4S(`BIeIUP^oc(Ez7U@GR2P8?1Bczi$TxjpGSWlM5n09~}&@0Cl7-j{f
zxtT2s-v6+5Ve~sy@%6@rhUQ^b3ycNx{G(dadtigv-RZxvT+SYRazF*_9vC$}*QVW#
z^n~fXpMgozptj8ivXY5u_3)e8G(NCEZ;O|_F@;CmvOxW6u$ci$)VWjUL0y@z^Km9K
zg;)Cd5=w<2v3QGe)T37!KW@zTWv_LkB>g`_x;HZ(K(0%O<XtfZba?NsUxdLiOq1J>
z4^n{iqQSGpq&ZXH!u%~3@8r8R4`v=K%7EP;Wh?6Ni3gR+7wldsxH}8UmBqzkV2G2;
zO_+-2^Qeuiv>jdKpI`n!M$K8SgTHkL7}t%3$g}INCp5j|7di1OW`y|%+-?r=eAV01
zu04rVhtK(u{1RF#D$;aVTm(fdOj7Fi&kvlsH7<XO;CKK7s=x9XDlsm3c*5WTDyJf{
zh24H>;NaA){(NQV*VL4ho5TaTxmKX7WPuT`Xxx32&;zszya!kqN|6HYlAzoK(Pmre
zM!2Gy+UJ`ohn|@DI_WTiK~N4WJ378fO-n=F4ysDp!iu!P`o3t|{h**wGQqs*CSLmz
zl`Pwx+@u{g)%2|?b`1vqq<(4(Hmy=QQrOtzyA;NDX`h~)oID&m^hNt!m}e7sNQn57
zS=H^0h7a%92CL><-WB+;F=Lsj+6^@zbZu!v9vi7p#Gs*}mX=N-RX68_jH+)iyC!W)
znm9_p$IFW78-y^t=m0@EgGzo>p2c!Vyjq@JJPffuR88R6_M$D2(Q#@E4XRQb;*SSb
zZsDZdw<R50ml*sY41_=~PXmN8{eK(ttGy{;i)!G%3Q{<j|DDdJ{b~8>k35O|xiGKB
z8FL}V`uP6im03q+O>j|JAVH%iKF<J6`IeSKd{9Ph-sF*qx{y-@i+>XToITIL<`1Xl
z{>priG(c$*rUyMY!J^a16#O6JzB4MSt=sYd0*V5n1j#503IYm9Mo`3n3Mx@@5Xm`b
z5S1t(5|k`iqDao5AV|(R36gUxpn&Ri?)~n2-|K!o`cIE;e%#>|EUNa|YpuEFoNI6D
ztEvE<JoL+&6~CAbJDBvZ9HK$@^(=cz^tK3urF(N#R<m-BQFC8xnZs&(!Zei`!**<X
zzHB<^)9HZrTJlS86G&chR@Ug8IY0ETGSW9bpUHHnprK(_bP|G+xuCTKF!{<Tw)?<z
z)GDyA)mX6Q<95<TBe14c_NP|L#vCXv3YuOYw@T|as(J`~^9iIJ5DDxt@EGgK`raF^
zK9*yH`XJB`RK{#RtXui=jRx%2=|3Z3Tdp`-K%6jU(3djqF4&#<<%?el8dtadE65`f
zi9NwJi=sF%b8R?R&dhdv*nf7Y;YlRRu8RF`+`R<(8r>IQ;<kh2wN2#Nck?3qY$_NP
z9^Id^75Py_-noCnq5Q%~QR4akIh?LTIF%vq3P^p6u3q|7^w`LVw&9cox|5=|HJ^bl
z3~SO6u#%M02<PxDkxh@3q<|GSI{pV^0|Bze=9mOJ?}R-#)gWKm*r`w4a!Tg>RBpd0
zZ%`IX9jn~ZlJ&K4eKNB!aLri6cK0KMm9P`N@j}6K$bUl~6Cp;DG}P3ekPft}fN3Pg
z)E+mg^FHTW>#o&%VMo%XL{3QF1LadBBqXgT;%YcmrE>SlmcBPQukI|DhrW<yAfpvf
z0;i`8tw?H{1{)ya4%pP*n!y39=X%87T^bTfjBP~S{orTpkZQ`--%rGwSbJ|2nw+*r
z_%aU7jAGB(e`F!{08k+Wl97(6AUnxTaDay<L!;HZr`7;_Jk~pJX*~B>?CU()1G!HE
z%~{^Rn`SrPXz;8%A6KU_F<!8*))Vj68+mP%THbU>e83)%z1`&eauggwFov*tJfJAP
zpl`4y06)<U&G)x+f3|-tPH%Hja<J?Bl{SEpKs_Sh5x&OWp7kw<ZDmmO%G@^UO;=Yx
zQ}76q{g7YTfx)n6&FVX<0zm;JP=I`UnJ<yhvv1sNy(>KQ#mpeA;LTwOv}mj6?1#4_
zDOA}PMdJ^#;UcTh<V3l(dwJh$v6pf_I)%DLABI}n9G<s>VUTnz&Eg&F2@x8zQSxH5
z6P4a9mN@fD8b_MULM@NoHLE&+FJH~xP&zSRl_p2BPk&!{g{i6i@of<2jGW7M(_zG_
z^n!gzqde|xA)3TbWZTU0yfI@=v@`Lumo7P!mkJ`JE6a8qTqgPQd)e-a5MtU=lvssa
z>k?oY`WE(zKr)DS>=A0M9X2?&&xxJ8kEcB$@SWtsJP{?bmU;nE*g`A^NpRuKNk1QT
z6fO#vxlTvH*g_XL@fIIBtbdW%_PDg%r*?iD_ed;*U0;z0=RH;Eu<R_`Q5!wHtORh(
z=GD$Z@8Y+?Lv|N4dmPnH=&Kdv>eZ{E7j24LczlAQ%2)a<1`@%SV++n=aAsW=6wH<F
zxb$GO>In5<+wf6yKsXtB5<_G?xH`Xgf_;(Jd7at)Lh&%;))<t#ix0ZH58H$9$A9`9
z=!AM)!gfbbYgB|~gBPpyR%-Wj7qiDmN6sh~T9u4F*FGxmK0ds}cRxg~8*!!8_(Z5R
zi-2e6;$A$LHsg{2ob)tv-Znav`83kk*B7-uBOyAs3r@%UM~QB-i=IErri5%o`ZNN;
zIi3Z89U|rz7W}Al3Vok^*(n!}dD0g*y~GfE_F3mebi#s(xL<e(*!^ekL2hY{-TJQ&
zVh^6d<jP-;Ju?IFT|w83w%_2(8d=t7v|Sy=1Y9%%G<M{T`!)X*^WpPi7Udxd^Iud_
z4^Z`Ht2w+Hi{4n;Q&9Sfn>Wx}Jb3dE7FYQ=v#5KMdc6d=cff842+a--1wr%QN?U%}
zVt&<d=g+6AsxPZ-AaO%(YB^9;Q23~Sxb|D`0q^iKc#XgY);eq6DArTlew@)_Vxw@S
z<(sU!W<{7;752C6?K4Q#^DO%xaN_yJJxu&O-%Ql3<@S-i<P(=aT^7|3otY5T_OIW{
zD9J}w-$K4!5#;LZJG2~*s1ZG$^<hRy*|yK6FV@s+IW;tNc6_?y&_Jq~s&l8dYx87a
z*7OTAd2(jq&)~;I+ivi}K4=eq2=V15{$6F1g^<|u{SXaQTrh-ogZ;0-s@r~3aH*$M
zt;b$|;^rT)FrlVKfB^jfvK0Ul7rFWNWnUVi`n@C9IYjmDF9;)D0BwN%o9=njo}vq?
z<%wWjn*3jb;J#gO3VnHS#KH>A4>Q)R!?SoS$i!o5Bz+EV0`@$llU((<4|z5G6$Y(w
zH1<QE&$Ikyru#9w`H3JC`ok8y=g`~n1=<ltw;mmEf2z4_4NmuC8eaSS)ion_{W*uT
z;4<!x@f8WTV_Q0b;W_Gk2%G$2WOf%AJYTBA;6Q1q(~JZAqy3w6;x3QWJMvkfzV&X+
zO1Qp=0*m2|)#Wjp8dq{S_)~i<zo8E8o}k`h%NI+nI2VMVZ)s_VDJ+BA6~UsepP{sG
zZo)VK6(#rUlSnp(n3U<u!NIEpCtqqrraj)N2j0(1+5x>ug=f#`wr%2s_A+5ZQw2hY
z7f1(uJ@;lg_<ng8W%W>By@Bl8<ahC@U%CyVr+xb43%T7pa`NXVc_4aP{Gz};`*HQw
zMDIqQp9uI3=ewF;VjNCTnMu&D)TtG$nie3Iz&fBqQ+s4Cm17Cz1jKB?*T(0;ijDel
zg+CX<W6kHHixzlZygI@c?>4&MI+N&A|4`ZZ?*THDj!B;iiL;;qm_ujFZad*u2AEI~
zS3LNG*b|z~mZCWb2GTg6{T<rRQ>5w<VCKHQ$?y6{h%XMDaVHR+xZ$$^xM5N+>VqR7
zzYw5NptqI)&~8z5-pgSH9S(G5XP1=;F7r51+$ODtNs8@ZhQS2kTZX}Y-AN6lw;T?(
z=E4nS+dQECeTs?iETV$yj~d$mCfsH8**cg+3kvV@#YL4LBva6(r9Rfq_mTL*Jj8uG
zh8PlXU{95$h(;<`DKu#(h+TGM{fEp$UkqIncVRdBok;bqp>D67h5IU~a#DZ826VIL
z0SnieW7zW7&IQ!aap*B2<|x)nQH<9akpklh)-7u<jUUk@bnejp4*F*YqwI3};=7Z`
zz2Mk$TORXHND0g%J!mI?ktG^Ic4W;zhxZ5Gc1Bs5$mCY`>5w&Yp2?$l@-0X!#Ic?y
z#C{tyengSQcFgvvICQChYXLIsZVkG42>yOyU%;J)E2s0wYzfNy#hexjglkTUA#nXT
z0ey#8uDIh`W6L-MWQ$9m4F_sl1@<pA48uQeYXDE7Z-lnkr5%rok}|_!H95g&KutMM
zRl^V%r?Ykpp#@-M-PGQ9+Kl|zesPcag}GasY;5_b^*<veiUy?&H?6-j{9yu*V~5yl
zbNMW!L*$xO`RL3bn?Sk5@d_wW7o`tlfM1>A4zORA$mNS|D3xn@K=WXx29Vsx4_8P}
zAlYXt`+D1;x22`@wa2AOXgC+1`MjtL(fV<vIC++R#LV7DHcrG$vskw09g}EhMf^>^
z9~I0-60~J)GM&|!-$nPlaut=8qfefjd3lw86(ID>zC*}h)9bsKPB3R)-;53k1N!Dc
z7Yu!P%jR5y{;YeRzxF5m?;>M^--qg`50pRdrGCPRYH*`NmS#?{xHkAU(;4xLS0hoJ
zr!Qvp%sJ^VWNcgUyU4`LquA<f>X+2ix5(+xWZ2S=%g+PMMxCu=U=;pgelk^TF+&V&
z+<US+OR>pKG9J0e`yHO&eZp5ZP~3ZFKdP{b*#6!~p&D~OcQGLPQYpc%BYFRd>=N88
zLH^+v3kF~nQ5r7#Y*Zf>h83RxG%{j+K73|z^DTE|hyATNv13IIiG@5sIZ_sk?r!Dh
z+F{1r9&`>r4i8^RsD1#Xu<gMerC6h>*3OY-f6HNi!)5=U=A4>$%M)SeqW@#cc^iZK
zym{J){>iwNqBe5bs%4E0B_^NeCQq!&&pDqni>Fvo*_Ynw{EV$P#M8csWk+i0GZcwD
zc^(=)e?Blv|2ltFwQ8g31a57TgL8D|^`}dMg6(4WIKBoSJb{LqqFghNY=AED`j5M3
z9HkxgQ$*7<Irw6~HFmE%SL)2N+78~K_i0yVjpx~LD9*|fn{@e%&#cNMLcR^(XDcAZ
zXeLi<JfAmT%jd7q%!Of!q#4dLk(ph#y|4S~7q|PKuY#TS(HfX@1tuMSF5BO$IG%bP
z`^#{A@GVJ2QY(N{x4UWG(<J4id0}B;eS7Y2+>00K?-c~Rijg(&F8>a*GcN~zwn>$^
z-7Q&vE3c$9Hc?GKCieL=9HRSWoJZ>h`;_@u#xPgapK;7vtgPyk;oMP5m0k7u+pG8_
z#XLC{I9hWx9Xp4y4y!xEN(xGM$BN$4_eDi^I31_TcKdBx`rTY`!9;M+wTjKeB*890
zV|^sEAp7_T&SzK&XeoaC=hiKrh8LFkvg~rN>~y{p)+B;5CxslZU;`zrC45&&@J22{
z*=u}FaxdjMCLza?6oa%|-|c8gCZ^GGoIxd(QMc-a?{);oC#DlM@Dk1s+=Gt98dS+#
zzb2VtUU&6m7^&ibQ8#eIc$*ED$wQ6vcccL_>j(7Zh1#9g(0rNBKR5cCrPYqkZI{_#
zG#|E;to>|k5=k1gnOWTWw3*x5y918rZWvb%3%5&6F(7o*>&QVmPA?_lA&&pWxTy5{
zKh<NzQ2O8WEzke^-%9@V-}+t?HQ!B=NrDje_g6wV%YTY_|1ZQb%`24`4;wg@GBp?2
z|HJk7H~=~Am~!BgT&$TFb@WW)`af^aP!)WKH{0A2fg7p%6MU?q4Hk_BEHQMTPS4B&
zxCNc4uhPY%XhIzi@sxyFz7zvIBuZm0k7SKkIJPY!ju6T9dP#~jH*><^FEd!%a(_wO
zhlGKOPM~_&jb&zMD@O9TaF`twuzl)_t0dlr*6voWzJV4h9=(8?TJwhjBscrYDW@$V
zWt4*h?0`;Qz+l&{O)(g8g<-?{;Jr@<0`QePMxl?EuM%jS{;3i68F66O0qmr0(-+-|
zt%Av{-pu|&sBm2B1-D^j<C&9_bkFz+L37|i{62J1LFq?PdrI>K2U;hv=(_=Yc`oZk
z{1&7e^!S0hL2;*d92V8s0Ds8CyG92rQ2u0D6!Sf(VcyyZrV|GBCeit15z95p4{}q|
zX5&W^J*kgJPp>Qu7H?G_^{Z_-9!O|a?nfNW;#?p4kQ0*^YuBpL@g}dV;uf_mjD`hp
zIF~KQhxCF()#K$b?fZGV8YhUy(lG>Qq!<FDflkrF5DEuS(*P_4R>{xts{?ODMKk`_
zY&wwhAKhAjs8CjSZAdr_2Lq)#DhdKFU#RGZR&aR~^Dwsm1JNmY=rZ0#;m}BeA&E;5
zfEO7|Yl#xit({VdEB)#E6P=I;G7`Yo?WCD0MP30j>q@L^!u71xGDUIcOI3Y~12E9@
z2y5*$Lx;XAnTO2_r;6d`Y50AAUg0NrMHu9qa0!Go83AM){HUsS4pMQ|%WSS>Hwe|N
z(!Mj$@b{st6~j>X0Y3b*QzV^WQ9WCf4M&fk2deNQJZ$)jq(TXc{pQUs6|YThLgq~V
zX?|2Bfoh1-J8&q((Zln4b7Iwx2#83@U0e-ge^k1xR_)>5J|13ZF@XN5bkv;hks<x^
z$lk+!s7IF`xMA5%CX=@kFoLE-sQ`p2tekp_P5X0((*X`d0$7W8-zkLZ&bXZqdmU8N
zbGAW6S73m%Jtp`ju;3_Nk$158bH99MTHLH}{w7Rbz(ZJMGzTeFMwYf$chhoeX1Th;
zG=@8pTeF4CnQNr<(2$l;)1!3^JP;&!ZdG)DbJ*bx^3bM!$>Iab1vHMmhuxN?9KC<f
zsl#8*Y$t*Ot2c=Pp3w?BH53pqKH*1?A%HQBg`sVRR;`jp&?3MHd}#6w6G09r_`vO_
z!%PSIN0=tO{NV2)^$r*@MEf96G}5JD06sZ;*nS?JkHNl&<GMSSYG4rd9;y$*!537(
zc-;~$kbM6$_NHDAIv$gwS(yWg0NwLI5nkMrV|gw*7eil+s@6K)0x0zav7i7OCNvqQ
zI?<^ec>6Gt))^?ehDqZ30KEo!*a7InsW7{11Y`_K<SQx@=bjA3y|zKK!0b;hp!^@h
zrx6x32f0;K;b|wXPtBq-<zeJ2f-*0H!}D?5o9Rz2=Cg~(x|FpD$p!Ug)-06{mn|%e
z>Pc|8;R2_J0W`$b9<yy~O>H~<Y8HD0-<Ot(ZTEN~grZ7D&D{W&FKp<`fxLDHR4ACx
zXGMpbfI`0b1rEzV4|LD~bq~A4+@&nOkE-*~Eeki!bvtOsTD1eM2ppMG&VFf|3k;l{
z8Y+7DOmj>gp5$oBV2O7-Ov0q%nJg>QxkT1332*j7(nDYE`Evt)=)2*cnva%sr>|FV
zpks87^Gy+Pqy-nCFGaUpWUhKQjH04LuE0E+jeSc>F<5?+rM{gH>QLw(+|l1hq@=c4
z!f+e8F%7=2Ij{f}!Fh6VBH3Nv%5I5z_A5W3-|x>y=f7YL(LqU`cNm<(>R4RVeVXm{
zS@PZNVY|Xy`(6i)r2xA;4wo{H@@I6<5-wa4qJ7$eOj77bN=l1ePYi6CI6*7@^r^xV
z$xf@a*ZxWANkRU;a|shVYp-K&;p0Du8<&==PL?_&`GjF+Pr;5V`Gc$j`{=xTJmxF=
zA~NIC;ERiGPNC+}c+>N4KBJ#9p3_T-mqpKjdL=A;N?W$-awIk^rhjx@Q$P99+6^6@
z7Yr*A$`eh!i)-7_Z!fK9N;o>TEgoDaY&&k_<dGisTS+{F+QZ}$K^*QWXWZswJ*VL%
zf~yg-y_<|0+?7PJW5mc4_tl#Pp?F~5AVl~D1a5WFTCuRVFYh}I6~p@aDDh70%CSFH
z+&-t)?U2#e*;{0%a`muC@8T6qwWq6vmUSMbK=g7_MSog?YfijKo$JmLxngORsMFq?
zYsBsJg?1nLcu26{Y<#wFhKG}%pNFd%9rUqryd?XJ^x@YLiMz+sWB4z|Qn35WX3lW=
z`o2l#%P^PqZ`Y`M<*V}1dsgS(jHcE1mNAdxdxQ-kUoV{aoX@IVs9J9_R=s-Hz4m&T
z`c*~7<Z^q1O#Es%`f2Hx$i%mod5J%CZ#8CF_Ecum1kZ2Xyj;1#iR|5L%)2pF6gZj~
z(GdI1`l|oq)0=T(ZbaEHB$btE%*QI;J&erNb$1LL2CM0Ed5G;@cx^(KVrO}E>^9rQ
z*iQXc1LbCSTorw2+vPsB=Wn}uGdqWwp9W0gA$}&$6xiE_i&t-R(sp!o_|AItB+mVL
zZrVPO#BtHywKC1kdS;0b*52901rMpLtn82>iV=3XRY*!o`Yz)nJ_2iX_J;DkN%6O{
zCyx;se>HusCDh-YR4Z}xx%Ly^2ClM_?qD;XE;;3wj)uwN8i8cPgQU)hF>!l58Gh<z
z3CnY1XVZ2TIWE?`xcf6m9N8al<iBx4ij(%q^Svj>JXL>r_UA6v*}(C73Ef!9E?SMT
z32{diLip(2@#k4t#vNtjco{tpL~SpxUWQG`V*FHWC2V_?pGWJ{>%<QRc`O&G$J0`O
z@4r(U_;!OpF*t+bMcm2k7d7yV)JvTie=Q1Tl+k%?l@Psu`VgzwW2vY;zbN>a@|>8X
z${W~~@Y4ZxH?A1MQLXLreV5qGg}F7VIGC!HpZb+t;=JzQ&QCV;=ZAUml(`e3QkE)b
zoV?{9cE#)-usTdV8GDLI&WCH|U39;3At@rmI8?LR>g4<|Z=Qap`ouH&O-eX`_WtNc
zGMhEA7fS=IIBq^9nIid^XHZ|xL#p2%Qc|o{4+oFIckeV@m8Uu=6`>vxzZs^NoH}!*
zk1g$jsq97jmn%}r%8@F{vwC&Lg%?a#Z@q2{s_|De$-Ci}#({*{-aS`&sMuels2E(o
z_xOtX!u)(~To%FcSVpg}!tWFNeT%nAeS@CA)#BEug%!zqEL-1g&|d#dELMtxlUcVu
zqwx4AsvtfC9__uRi(($!G-nEn3eUT#vE6?8Mo&@qn^3!m1#9Q*cX_15RsT#zX1t@A
z=2)L#x~4_p(AR6cWN;ALzy~`-lo#XgG|X$SXJL<<i1WS4sN8Vy=SsKqUdV<hwTLMG
z7y6<MlI_t}>~t3uB!^pR81&r~6j%QU-R;e&$z2<0&)^j-A0>NWu+%SFTc~B>f7@hw
z#HMtMZl*2xuIu;W441&qBOXXj^J$Ija_e0D#_50t4-vmV+w|x&3S#7W)jLGf7sFNM
z*_fW9a*o!AQ#qGa<mK~fx15mxVNC<EoSa(_lPXtZ51nm<oibFm0w))SntMeEtW(~>
zKDch6Nl6k+<7bk*bm;TMamgS{=F!iQz0O^D$0Jub@7cESUd*~r_my|{34RUofmX|%
z>grDC69P%e97mDb{?}t;nh>^<p1+m^ST+kR@Jdg0@A3U==AjI~E5VQ0Dy}Te59RHu
z`|ZXZ*iMFB4z@oawL2KY+i+XUsC$7}52ifpiz-+lR$P=*#uPQ>$=hyRts>L#OnM_x
zeh>$RqjJ1Rm}%C}q%SFFCA(qu%SLIOh#MK~X$r>tM`4PbBW{8kjA<)7Nt-v}khlzv
zehIsM21wSuxiNLZh^<5WN=e-24?P8OmXdM{I<Vt@DkT@GBzHYb{jw4~vK$OYRk}up
zy$X5$`~JgmFF2pQ!gX6!@uhWI)`<S#kt8kQ;r2Tj<oMPbPuAY6s=`JWbDjs+(CSQD
zrM#(yPhh26VY`>1E^pYt^oLoP>~Qx%qxi+*4OPl$1Y&XMj{;?U`P@b&lX%Wk#$<Tc
zXvmyVx~L-~dHPI$7UtYh=|+jF=1gY4MP1S5>^aDYk2z@-XioZ%{J6J&gI@C-?W_R8
zPu%{aYDrxsTL2!#87_9W!_?okKRA*tnr)qa|27_Mdawy0dF<2dg%?UfZPXY-T^`Mf
zGwdTQo9fBt0~|BYuf{@hJFw4uBxcXTE=PrM<T4w^C*wZ)As?O>#^JH?b$PTXi0=$%
z^IGA3zCZev>efst>kiY8O+wkYFoK(ziewZ10n<1amuXyk{3;eFftx?M1E=A2O6pEV
zU^2xQTlVhGEXQZJdEgEya>h#tlZquEkTSV<<>EMg3h_v^e4?4&AR-ST5J-`}!9qiQ
zna~L)mwYgFUm7K>)eC;go3q(DGtV{1eGh7>ERk2@=KdZXtrk*<VSze$iRR(@%wt9Y
z(|wBb`QPhZvT*KvGc5rN#oRe0JQeJ+^{_T@sy^h<_fU+WYW<)*cR@9iQ=H__y_XuI
z|9Amt7|s?3ni$6=Rvt3KtA3&Hwo05U7<u!!_IjtT)|I;WGpCa?9tgHIlc&kX|43<8
zhRWDD@aYX?JgGDc#f`&_jg$3+E)Yx=E(Wz>o-Cc0rXsZnn+q}Lkgns_R7eg)4n#My
zvE9D)Dc@>xwp-;)H63iWCHwMWJ)M$<#>IZSj(NAQy1l9lTw-3Z_*ns)*SkhXy_4-E
zYFs82{!G(c5P3;k5PA!qkw&c+c01J=3rj53MJxTgi=4je8oWCw;{%1F^iV(=dT&g=
z9i=??3T7!@w~+W;xpoW@i<63z$c2)9!Dy6xAUc-Sczi4~{dKRgbchr8ZG(FWka8eP
z;=vOV5iQ?0`#Z^{cVj2|mU)940&IRO%gF@`u`4J`0L+<yZ8nmb9(Gb8-Xn&Z>JGn9
zTSLXDc>_GsKQs(d78X3I?J=Z~$SIk4ZbPboq}<unwO}<CK$CkqKExLi20T5TLe-~^
z75AxjD<QUe7aKNb3lE#@DEHStJaL{@wsNPPo%Ydi*_rYoHOfGYE@PNin$T>gr=74>
z5L$Mfv3zIACz;QmTV5_+nEZi39VB|Ry2Oq(n4LQ<#Ci&L#Zyi9YORm@B&TluY`eOS
zgQtVSjvX}7MQZLT7Q~Ij<)OpI!(Vwsl?!%b#PrLK%K?~LUKiyH`wLv0gEz5EYhB+%
zegff&kPY12_;IjyZf{R9m{?uH0jp%h0w7F|s?lkvsP>p=+jLu84r4pDmS-}bu0x+Y
z#2Lv01IqEU4dYK{6BZT<=@U7JNTc2Bj%l5hg&2TL0Iw(oOFQhMre6vnXH8C(P_&aW
zy!wfCTGbv#H5<iUkDa`rdmSFJQfBM&BBRUZa7=_3<0luz>2GmW(QOT1(hlb;+8Hsi
z)>q4nOBYMD#7Fbt(^0`zu=wx{J{e7Do9`=D2|P=WasDTWV{YOZ_(hXvtEi@D;&#yO
z0h!PeP!H5n$wwpBP>1BhKk@VP`%k+xkuva+(9z$$fyC@>Hxk1E$>fR>BS!P0Yj$(^
zORa4bG#moak9)-6Za-=Gr&l%0NIYGitx>w;9l{JXtqvp@*T`=t>StxHxy>xO-+Iq(
zX14rs!sN^i>M+&IJX+h!%G0kJ^0tq4^oRB5)e}q{Nfr&70;22btEwAYVu0+GnD^!R
zF%5l(RX84(F8J`YD7V@dooR6^4u9FW`jxCh_!Wwo$Lo)2$yZyk{B+v;qS_%$?CI~d
z^I$S6%w2=!s-M=V#Up<x>RXG!m1~X^Y`al+mr(d->(I<~#I3PFpU-o%iYMeG=`#H+
z57%Sw^(k6NViS)5X*Cd?3%*CohXFh#r0R&DT5}reb**usAF_7vMhhUCFE!ks(?-qJ
zIYQ`Jp1%`-UmeA6-MkGaS+8R?<Tn+>1Wjd=)2}6VW7CZ>BATy79SlAf_*$5nz8W?6
zaX+{inOz{5re6cmx+rM=d3Qvbg6J|~Koe>7sQJB>->e<M@y8@{+{D_N<+gt0+D2!L
z#Bkj3QBxbfLyiv*5pqxG?yN;1JVV%oQ}g+=up03Eq~?~6cjBK7F*(Ostq7R`UgjbP
zGFmDR(Lo#=YrU9;SuLkUx_sqTu_#DOQFgC)xDw4WA9z{BiQ1FF`pO$~8U3#`JesBA
z)Nfq^ms&=Aa;0c|x8<E}9oHunt5Ns`2>OW?&dbp~#3_dZd8G3Gb>XiszPm54Bc*U>
zH?37#mO6S!Z7du(f7*k-^3bYa?RANc$J$pCPciqvu1vy-BZkl_E_uZ(x8_NwG^H;!
zHLprZxQ7bm+B;x;&9`HV-_O}x4}*Im)+etZ$2_^zrpFhN51*=S?!<ew8qu!B2~k0-
zqwChhcAeT`bl5p8avV(vA#E@7bs%ysi|yn$I7#BTuf!5aNOFrlyY00}<8CF|7ANe;
z^lfL_cQZiGB=KX(v<mKU=KQ#aBZri&ro$}KVKw*qHPwSe#Ry@?I1b6dh`eF5a~*Jp
z*LOi!J(K<vf9?qKX~s9X<NSzQt)ZKncY_JftQ}b_<9Rx1q$WokEB$FEao|{9n|(Q>
zNM&$(pn@9qnXBv#xwy~JYFxj9wZDv~-J4|m)TsK~#&2+LAt73pr&NEjIG-i(EZt1{
z9DYjo*-k*3+erk{q%`3Td2Qc}Ecq)Z?Qe+Vl9UuQpR%Q7bt{(Umzy-eQ_*%%8ei4g
z5B>y4l}Fa){`}r3WVM_#@}sQ0STSO8fR~r2x?>vC^3<txgfO#<CAGYq*k>asu`s)J
z8KbbL&ZxF)F&K58W8Z1tT!c9-4#iB$MF7rDK(kkD9$8D(aJVoZCvIzhEVSQ(a<ge=
z?5s|8IhL)Vy?u0jYJ@O7?GVjQqI{Uzm-(Ob^B-2E*?jW*u3<hA^R#2&nz4pw+rj>n
zE#5v<YwCJ77OTf3SxTH+Q|#z=S40MehTc+T_I;mQCeOa;K);~E$>J70ORdp{H_`w3
zWZka^&yTcCF5BDL>Fl=*9*;hI#e5+==Th!?$)&h7%DT&M@I4RoG9kRm?mjIM4PjR9
z_a*RfcRU5@m3lL9?C5g2i(Jo7`v$8)ho&ZMZ^i@7>dtAFFJ64#6&`n$m%HqnrIjO=
z32xtnxstS6ljivh^lVh$E?l3!5j1tjd@#xjve@6C2O-tfyK$VnKOsqq41D_2*K#T~
zjyx6=NR@K?wA&c=aA|T_{2E$5KtS(JD8{eeRoy2GZa)!2K?L~kBb1hN<WEXVl<_4q
zd)dC<n7&Yym-kB#QNa{xsxO(#HlKd8E@Q|(AE?_UL-h1oE+q?x7~G7+z{b$>i)K_q
zH2CDHEjv6RrzYEDA6xE2ux-GR{EdRUw4(VF(7|OzTFVc1c6t#~<R#wy;}<U%z%5v0
z8s0#~=Zu}g_V815=r0X;!*_+&H;rDm`qe?^^p)GChK64{;d7vPrlF~6s72h+(Ee!4
zG}Fzl+>>bfzIrZ&B1IjCX2K6?kM6zbc}8)BcbaO9A^7?9-QLl>YcYBkp#v>ST~)|V
z0@x<xa1`m@;QOq$CXX63!!?X0^pvUDEvmvR^&z?Q`89l6peLZ(+{t!@j&|iUe&h}N
z!q5?sj&9+LyvAP^R8>xht|%%@0&b0*{q8Ni$82{%k@)+Z4BXWM`V0vY&Z2H~OY%;V
ziH#}|<a$4*B8DGsDax1cWuEzvXRiT=o_H=^pGT{}_lVuscMiVZ;to+#O)DvDV}?S0
z@=|2oUVWZJ4m35Vc{yDhG0bsIr-?}rMwh^$_od1evS}Er=R1EMz^(Go_xfMKyOr4g
zp|425N_I3NPfamyW@V_^DK>nOp~3C*h@Nodd%DU)X@b{9MfSiLL`ADv7VY8#!VP#p
z8)cM^$AY-VM-i?1$xA=9R7B=_65HYWZq;nq3L=0{6&2SkEIfRm)3`27PVw7#T*P^O
zGJGJuDdaY6&adKn!N#Rcn3X-|!mp}k8BR?Oolf!2W%fPuZVHvD!tQcJ^vF$Tb?;yD
zslXn<r%`uZ9T^=i+aFcBX`(#NSO2*p$(;U22{w)+ezDSDW_<*jUW#|m#M}g9gXQJ0
z@M@gH>89mVYg$1Jn9MX6djL-QQs-(8-9AjY+dCWx5qrk%Gz?Cj1Z)b0PW!3ptMr0v
zkd77a-qQQQP7aLFE^#`6WJ<^Cz<Q#DNwcaV-bC?(E61;WTF0&i-}%ZHgIG>4ym-n=
zG*@o*CCgQ4LZqEM*z3x*WUYQe89_pS0C$<jLO1yNA@*|@hzH)6BWr{C5_Mk8XNwt1
zeS&@M-UGEWTIoYfo_UAM&nqJP^&2>GT(?SZc?Oyo6j*q=)}~TcA*Ty<7}Q3f><8sy
z3gpoC7wW)wrj(Q<n};+hY@eor9}dLauVcR$G~jY77;XwLyHt!XW-00Ifh*?;6m@*!
zjoarT4GrB-#qBYZ_T@&-&i-k{i4r+0WmaT`o`F-*Jsg0!(vy)4$>2SK06%e-CSt|B
z%M*Teh{=~I@7eQ!s}t>0(m;WO4Zy0`zyzSzYGF$lIX&7v!j&s&q89xzjK1eHkteau
z2F|p;M00z1sZri5rK=ULbQ9Fhvz-KxacCUgSDAh9=>1fpT~K0D5&;x|>$UwCRedC!
zuPRsgsZs_*R5+?@5I{}=u7aB=`L6~gL|$=Q<zP%`yd_-y>Kll}jP1^OH|Riot$PX6
zZySAyblE))x>mhit{#`Oa>J|g24b7QEV;pCk+|?Y4~`XyIfuZ@vy=_0zknu#u=P~O
z-UQwQ8e%^a-3G++RqlyqWwzh-0m@&8mygF#2xud7^9-S7I++V17|b}c-(pv2KniRX
zxHT_Pgl1=FhZjk1@3SP3oF02b>n&r%n10NYMuyw(Hh04->kD*@K@AnHFTJ6Lu49)L
z=<IIYxoU5)j1eNYWJG?lyJi}DSs$c*xS;-|3D*{jlisG&7aQN-C$d_B8DgH9H1h%f
z-PaaAuDIV{PFd9;meC@J!tI~XIw`&^<`M1JM|Och1t=Bfzbk|1Rwo#c=hST9*_y<v
z+^^ZTm=!oRSHcsP*8wq9ws{^;8{!>4sZLwPWl(ReF*!k0T?h-XONw&^tTsHh&ddcx
zg=qQV_U5RU#1;W@v9M1aLhpGQt0$!4DY7Cj*B=B4QrXM~FdH{P&G#v3G~qjr$+63R
zX$o1k7d1AHyI`j$0zF(WRq|$Kc6rVf)})BC!#KPRVQ5hmb)xFKt~5Q-aFYvfA6vI+
z1ghj6&ws?K2I9DAPm3lzYXgIzhJ1+DS?;GUE-szDz0>PeMhV=KUPpKdX@_`?PIm@J
zT|SCR(4BRCj1Vy+&P|u+a#uePc`|bz5cEJ!dcVtAXvRQLGtKz{rL2JBbUZ90yK8}i
z18l2DInGY`q5yJZ{~bI`?ZTmsfu1G%tF^G&I$Jvpn-a#*$@xb_DB0TmqG6bqcnPt~
zQzp;rj14d|f^-JyNDrzny46e=<-V=pOQwVm5APGj06jBRabTG^#}A#y8zo-t&4^`P
zNqL8uNHelHAL+akhDJux^@qgpTkm+a=8O&sfe1Aq2ThDgzj*>&h;Wj1YQGoXh74iU
zS~ZHltRc8O6iXVAau#Kj%RV;p2)zZ4iy%a*{>^(ULlcvRLJ4ezl5x+eS@FAX84!HB
zgGDWC%VPb9TF}y^+_L^A@^!dc%NuuOLAqp5s#zUDP?3C*G%AYUar3UXMb-Pr?!m$0
zz<2aF49!=f%K$8&Ib`G)EUuYb4o;U|PtR};EGsJ>sL(Gr{6u`}CZfRMDHJCKr9|$)
zRh9BjrN=lIlOW++7U<g-#`==-zR*HauPgOP$J2iJFf;vxLvh9TX=g`{uVPPa>7eE9
z=<5ptR{W~3FO?vfOTNu%+Cs|JafhVOpDECW7+6+Fgv46aMo_138yL`_Jm5%ZxbCMW
zA+5qf9zX)Qs$X*D+@|lQ=d5tSZ5tE<?9Z~|ZECBZbzj3g!2>Cwb6bEwlI}qqJdzt0
z`qNTC94!syYmGFPiJ}<)a=!^6r1c{=!LBX`$u!I@=t`R{uhzWy38duQSCu<DuQQP~
z({)0tswX+K3<Q$E6@1%adJTPlYjiPjFFq9UJ69BBMn4AG%z990+#AhIzauZ7zaWx7
zc|-th({Ctcr;z#lLSZff&<5%b4PhlN^V2;-jyE<80*$e@(Q5)7qznU=kvia<fr*xV
z&bhN6eD4Nt-YDP|7z3uZb7TY`I{n%hSGbG9*NL1-$ti}ovA-Ply6!1$NwRAU-i#@)
zJfG>XxZuv;7hweuco%Lchgwbo`7$xI!g}QsGm|$wxx}xUC+OZ<qxqxLX_S~AhK}-?
zft0bfJ{jWir=*118mzCtzfw+J6}WMO6~Kw{_~m|)AdE^}PGwBL(~nf<-;08z)wrYM
z8X6iZr6RP8xKnrTUO-SrVOtdLshGMBJxj*D-bqdQJ&gyd7y<yJz+sWWmQ~KtRNnSa
zb)9KCeOl(BoU%@@_Kq0<c(ioF8mMF|sdHDRW*{QZAf`<kR^__^;*nY`(m&ZwS1tHs
zGopz=%*vX=t#k5#%`}dAq8y@$gMg_(^qjjUEp<~bWEgE3S^_zshz7TTU>f*3f6vy=
z&Tq=Kx$l&%%2grYLkpgbKT*o5N^3H}O)J-?J8e8-&}uqb-x{^ODJ#Bw&jFIf^{|g;
z3XXsxbj|rI?d&{`F0KViDr~$w7;w=?e5o~!CbnSAWA774l3v7l9qCXZBH&Mhg2)`@
zV*J&Lo3#s@xXy>a6_?3nZ;$VHZXp%Zr`+ntJRqo1&K=*P&ooa4pdnmJcwr8|2QT4S
zzDntD@)!y>Ri0C9h(Z~?WdZx5=dM*0PzE%-z|1%d3YK<>zu!zgu(Wf)u&|kzI*P%6
z=EfxFFElz?U!4oweVI4>y+(L5am_4LeUlxtMgb&P19Z1fKmmgW{%T;Ld|{K#OvMtk
zx4)ZnU)3L}mvbxH`puXEW7GLaxaI|QeB>lZc*AreaXTkiXq2wRXWBTB$m75I>YAcH
zunBz({-c+9RY8YF<d9wNY9Sw^IDD*fHGko%9na&mG_uJMHPt^27Gq(!YP*N#gz24)
z-MFJ%B1Of8(@#I8J)###C#dl!0a&4@Xtw+i;5g-MDP+!o6&|lzVoy(3zRx{Z35dv0
z#_7IDk`OZ|hz!6HT<E(p8C{>K76B-t$=Q*vxlbM$0MHL$D32QrsdrKkQoEJiGDK)1
zp_!8ToT9{A({B-F-153`@tNXcK9G!^qbw{Aic`D$&^tn6tsLLskl~K-A5T0{#RfXw
z7x!l0x6Sg%amm2&L<Uw!z)|e&NQngXTbn>cvagE4igeyFdwJoU6TsCBY&<m3i4Oi;
zYFM<fA%PAVSowf{5h71uBm(RNoUuPp3X|#Pg`eD3$;as8+Rl55Y2F9g5qKDs%Dou-
zbnB7T=8TylMt7LkzI^m<VtegOL7+P(IY>i)v`k}W-4X9k(=AAYz)$EpS&a4QESD)j
z7xZ<|^sDOh`uDIEoUfs6N!eR6-gc_b5mT!lWmmm#`;3K(wVD_jqFh_SGcEF`ZC=a?
zWbsI;>x20PtC&dUK9B0>1p?1V`oo)6RDUHHPxFOg$>sEY+ZI=@!1)}aYD=7wD?}Q!
zp^{hRZKqoXPiDA;@KlpfhYRABCRWR?cCRuuj}}I5il}8P0m;M_N3YErFzo_ON<>&t
zZ8jg=XKdCyAg&E7`TA1Rp%T!dN|)F&%WjT9EIvIt_aZKn&V)8ZN-TElUayStS8NgB
zy@!*^nPnQb46lCmy5$2Tz!z|c!F+)vu(HC`LLN-92`>?_>bJSNxW6hGV9wLehS5+P
zuX0mnZ~+40?J+9{i^T;8`nhs*`-3<X3o0#SKFSKCxr}XI7joDZSG<X>yRlgBj6&F3
z;c2U>n^p@(5+bWMvu0vIaKY1FSYTI)|Mp->v|(znTfDs2STX!kwD+vvME5A%>v_0z
z-^eog4+*peUNK_p8okhtOvQ6(2#C5f1?gi6(BKy2&_mqGmh43r7RGiKF-}5RO3@h}
zR>(kHUc<Dbqc>c7cVp7e1$I89Xec&Yi+rPb(m$Vo)>f-g{VNE5eBpw5I?)h&TfEms
zT-(s_c<FNYuGE;`i!DOWAF-;c{Eis&ixKrmh~ZU``1Y2{?4dxt-4;zg&f8wU6DUp~
z(di9W5*Kq-z?IyQ*{93OUFsg!_&DOKT<*vFr41F`VOI00fAv$s!Zfz@uj)5oDiHkU
zQ5#%8`BvN=?l|Uw_g<DgG82?(bKk-uHzVP8>7Y`Xr~+K#OtyFEd(@PrMBfl~o=!?k
zBgr{xR$cbR){ZijE;}eO*&YmqMcX{_R;C)=BO{a66_VO(7-oX-^JImAFj@7S%8{{2
zbm7~&Cu@UJUy$nX5Nzubo3x5?F*y{Rj&$=?EEdSs8yC8D6n<h~+2LZ*@_?p*IS*sq
z(0!Oz-zA)`wALo&CS+`GZndYjxH4w{RlU*xO0BV&dCew<GNd|q<)-&%S3&XRhT4q+
zX5fRXJ;s+e)F<Yvj93Jsv&VNzhMDclHI4<hh2`<jug+W0BkmkfLq-JznIE^u9pV9Z
z56`CRfa9Ew&4u4UwkGODyxYk*Y<;JW2w9(ni@EnrN<b6_b#bGFoH;v@h@#WSY3-{_
z!Tm?T!9&kme~$gmojb`&?yFT9m(VPy*nTPQRH{p5XIP}xaVX-DkwZ$@q!qfDGeEf3
z0gk>gYc2R|#2r@earwl~dN|)ZGuL8G#YVfp&ek^J+s64E^~xZ~Mf<%S33Bh?;;v4g
zGB+%@{fm`tp&5LNPD5unGy&@Onwv3Q5Ov(S&awM&x8r@N<3U+&!bz2MOhAAJ0dWYZ
zO%x!({;lTAVw$f(Qd2K_b#Y&P%|(X4482fHi34wBw}p*q96rE5UmlnK?QTnWS>K<h
zA$|Y*m)`Net}BNd8UOxDy#D&H%f;Yg%)h@n&wYoxlm6|?@RSa6|KDGN|LtGbS^o11
z7cS6A{dKw2Kd(SR@$UTpg}1@0i^sw)8zW>jSqG;i{&#=48SKY}`2E{k_5FGL|J%pC
z$w`eY#}D=#J}v(EZ*S=?HGyPedlL=9A3wNtcyCnqKbP$S-E&x`o1Fh;tqdJ+8X>z2
z+w=$4^G)~0E+$s<q919c!ejiMsQ$F$&QdUihB+8avXmBmxj+2#n+*Bgx{$9R4!&x!
zS-0u@L@|Ckx|Im9Z;}4eieS5WF{|a>b7%UK0~=jpp~nFvn$ZA6Hfzm`x1hEG{AW_`
zKUESFnXAbPGAvN4K-=eNlz&#8E!bj2>3smEpfP`TUIrGR4*LeM3M%`G0Zi2L;g-~N
z|J;BnR?SY&a`hz;b{YVkI+9yU+65~boNHBRT0R=I`b+?YUBmsQLk9jP)nl*0>H>O;
zdK+$8i54(t#yr@9>JMs{uwFX`tse}ac_(^caAzX$T923$+YFe5z!3p|19kGl@HWE<
ziNh`2#B{I3>vAV~;78QFSIqZtO){iM+dQN)GCl3Xc~ai>0oZEynMb5S%#k=U(%ysw
zNpX)h1}CSsZjYlMkd?EH;4-)&yDun351^X*?oX6C(5(WUf(pazT7dBYa}F@+x=@B;
zNg&6-<*e2<{m-)nP(MT$ZJyC)(XDDNw3R(`x@UDgF!uQ_xBgj#1r|G^E_bIShAe>4
zVI_=w-_7r+2`FiK4Tm>vLFd-WHf)qYR8&t}X>IcY9>mbhY!Oo-pVnSGw=6Lke#-Y}
zM&+RJq!^mhz@#!c(>k0~smg4MnmhW})vxoLe2{<tLG9X5<}EZbWp6ssBrtOxD^N89
zWo2&bCS2P1w6)xMnFzFE=t$pgGf_We2if_R60amDZQT?&KtR2Eu`KQjGOVxM{W{Qs
z$xFnbaZ{m;_5>m;B#-YTR9Wbt5lLBdJm3~a4wlKxkL-y-Dkw?F$+hr==D2^w6m{gx
zebi61+#FcH04m|x&C$}mVa9)@WeL;!QqVD=jXnS);MwdVVLvQ2HTggj0RjSux##0t
zKL0rb^<`v*Pa5_$>;?D?luX#t@kKlqp6b&8Xi)*@BOQJ8+k#c`<#xDf78Top#Diww
z)Hqv;q=fq!XXihwPl5S8)^=P9L<`i<0NgG7sTgZ76cu$u@b0enH(onQ8b&T3$0l5J
zq)9@j;o5fp!mJx6cHgOK%LA8ITjjPfuBl14G?WsD`{PG6J-w0K*@&m(R7yle1yTAl
zG$)7Kbx-jczQJo$6&NYgcng#OtR%m{4FUvRq%w`2&c5?jt<Jmqk5L)^DY)S-R6P&0
z(sTz#ib+d(JDm>Jl`KI2{;I>_Pp<nSdesg6X{NV9mPBg2eH00(Cl!@$+LkgT=G_-I
z2ga)gyk(}3lNqRP|KkN1KLKIT`TcBCr7`mhoYxOf8%`htF%fw1f%~dr+}rsG-@5iJ
ziY4Z~1pXNk!c!|89t5+OqTerAS`f!+mld%rurI!vw7Vl>%BOlk2LeL|!*VYRnx5E`
zc!?$&j^l+RPe338pMmihSOWm!b0Al5I#7Vls{>>RXuCT3g9tK+B|l$1aSn_j=WXp@
zXFU80qTPE?ihvVT)ae6?B%|X?e*Q_9Z)7D|T<L&-fCXl-vskRxgP4=aJs?3qX?<4s
zas;^Rf`oE;r65>S-LVg8?Fr$h;6ml^(6?L7Zzuw;w4z7Gs@zba7+5?cfy1_PXYnz-
zujW@zz)1&n6%|_nSiwjZ)<E);%dYRRTPmpSLC|`@#yE?YFtv!M4NWmc@r#sZGuovp
zOo2puOeNS|Bmqnz3B|=U@N__gO#ns%{say@|9;?2->H~%9aTwcClED9Y`?J)7pFUz
zVy24`X2p#UXVyyKzT8rcV(2R@B9lODWBBPvS4Q<{67J}A!m;pZ2#bh_C<GIKY-t?G
zBlZ-5OYKdh_KO~&4Ij90D%>^LH8;;!CwZy^>woDfBu$Y2S^9qUT4ypTvNnpLZwVDl
z65)K}e$;~lfqeV-`i02zliK(-AQD)@WfX`cYD{}91MtK$Ib~JS#Dre6$~oH^C#rA#
zuqG-hO(i<UAKYbVY6dD`QoOrZU$<GQRC}vuUbl|x`4`pdR<)ueQ2yGP&vjn5vKz_L
zi1Y`U53jM|7l0sbc;XP}yN8&2lTH{84p_lU!0!A6l4HHnVS9IUgCt9(P^qG5qESu-
z8r6epT#XJxlPHPyT7w!80KgWY>84|lLM6|b3zcFBJww}$ClyyOe9X#lzRHnx<;}jh
zxHxJ|gC6lT@IqVo>!8VWUT<D&PT^EJO%VXXt>gYusY)Nj3F=M(qtAWy53gossIS8b
zljp(d7XVf$A)6iih}=it!Ki_Z#M}I(&*q`B*(Ei|Z;eAPr#)wFq&t7*qb~_<VF`Gk
z91rB<IN?V25HM`aOgO=Fx>wb1cN`&h$+0Ys{UNOUzj)L>eM~degS9q&Jnq*fiy5BF
zg0=`EL;B4SNM2xYR8sfR0L}WrqC3*zAWH(?z8+FF>0pW`d#YHm0JN!vwFX@g8e?#>
z)!PM?kG}!3(-L-iT^&~g$fGg4rMV0ZqkA+V%{*k&jP>B?fbS@8cTAX%p9ZjXsPQjz
zSCED>na>%7?O*P$bs&x)&cO>uEyxaK7-&ouVEX^f;zgwP-&nlfJpVsfynyXto6!QB
zZ}tn%UgJf~5MWYm=qJRBuJN{+A%?I++y+ZQ1_IshqN?mZWI%XO_s1i?l+{|!7!ML#
zZzymfnHfx(s=6Ype3Is^pI^TV!b{j(q^W1q22&Xd<iQT3C`jZzh#^>R-(u#Y(B{q5
zJgd#idf4y?JYXO{BLOM$Ee}V(ZnIKXxq5wIpZ07w4ksv?)ZN34Y3|`RXR$}Pc8~p6
z;sBfYL*V&B{I9GF%OHk@s;F-ib|6UZeBdTRNz%5q9G$};^RaJ?cP%_(s@G0}4Opqw
zrg#K473|mJkQjc|KdW$(_vzxS_NSg0=G#H-uJ%ub;K22~jwWzK?ESuuZaH{C;CY0h
z3;Z%x4cQ}Cs~>etg6k6;1;>Di0j>kwzv{~0zaPBP1Ag?a5^uuNia3IXDwJvPtPt-v
z`rdt$IrS3C{B98Bi;p*L1Y{3f>7d;P7nc{9Eg(67hWAV`b?Q#15okA%Xj_)2WOAux
zI&NHIx!=o*8rFctHoxDX2691Y-ys5B&ihC$UkF~<6pBc??XvrFe{{xjfS(%59KP9y
zBK-sPL`~D^LP3X@2P`-N3Kyi`YrqXd35JIPoev%hrUz_gsH%HbIt^`wpxz=i5NA*U
zFJ@!$fDpdZP6x?BJnrwX`wf>G1GWP77OzA?`Lg&H_^y6H#sG8xN`rfsO?|lo^`jHV
z&uB1s>?wX7>3%1L2o2c0DPKP5ut85<fnSFv1hBh(1`~_Ryr9J&GoZn!Kz7r9mHS|%
zyj+C2Y*O4R<J>bnFj&BQ2N{MCLET$W?7;3*4`w#BSb@}m;zt0)Kswjk6GAQ)SMVGf
zikwu<_@PTNtXrr$>YnQ9+InR^5Y3dZk>Nv8GVGo3#BTB+rb88^P_3YelU{h64eKc8
zwBIsSbsmc4emPw)VmZ^#%8V!}-FywUvrfIe$!lD0#HbY%MR7BAFZ2C|OhCf$^-~Li
zF=@PzlX%2s_if4Y0Z829q(#X|aOT&-d&LsU#1#}4>Vc3225G#I^1>b&q6*jEVlAyI
zXHwXW-SHX)SHie|xtH2XZ<mxK9WV0%hypG>gVOP^zkjB_r0@*~Ir3hx$v&Y!0oO1%
zNoOkBO$F#-6PmV%sKo%483ZyGT71+mm%fHV4p1yH<)`+}p(K{i>ak39UOd3pyOU9r
zU@FH0K}2B_Y__G0?UuV$k`BcqldD}RRoAhTQ&{}cj*cp;qpmLga}sgTNRqaJgV<`x
z@qNQAxJR7!+yJSa$xZ?X14<vLJDaIgC&4Aajo`lrKzIi;B138?*KD`)iVv{EaYj7t
z{<uSK4;R!oVZ0zJmxEse$O)}k0@0+gu^Nf^zMI(9f7yI+;nY*$6}_$LejaQZUpSUg
zw&=#f=E)$px^d9s<%6P8x6)QqE(*$lz$=(RO+F2Gp&YG`daO@UfzDMBYG!8U-D_-z
z6=I=@nVqIdTyI|lE6Z`z_y$})tc;<BhhXwl>t9wP1-(y1pJp@gYruMg?h{`NYJw1#
z8Q3e}H&&)vQ2Vb&qRR*FsF6sWB^O@C(C`=wCIqiBTfv%~*~|UlA|eSW0NkaQ`W9h8
z-~zH`+h%7cdw!q6RJPd@nvi~rk=yH~0T-^xs}`1tDg!2_g=g_Z8AFZS5&RRsp>8!R
zD-5W!^Y+pqcEufULc5)6rD#*CoeF9g#EqnB1B@q3YC0Rt+@zqyw_X&<esMaSkjN$n
zY_f`5m-)d0jXHA_b$NjXgBOAf|8`>o3!kQQyR7x)4|tYO!Bw575tK~}IeG#-j%Z4P
zM#-<ewc8*AVsiZ>-roLw+M&A9J>@Hy(kIprDpr7mOwVzjv>NYdEP-BtGFFU}twAXh
z8kH?4x<YPA1NTF#GQ@2&l`KH_EU+ttN|{useB`>4$N}KU><1*x`T-jli{Pdt?sllO
z`M3=}zNh(5o>wXH`qDGY!L{jN)H6jHX_^HYnlM<XGwt#ux?#6rj6U1#igA^&4GnTL
zCx?RYBkCI5P{{jeu(fj!8nwi?DWa?t2vg&)AJ9n-Fv;O1<ilvpM`k7hZA+|s!eJ@s
zKH!y8s%(I81l%Ac)}FWXCnB3RLn)PY@gzc5_tW?^Q_ih>J`9cFk<B{lF69Tfo-cG+
zn%T86!W%fb_#Hw|zLzLP(vKp4=%1P5la6_UnaO|rzCPGyz$(MMvwE3@#$Iv6!xPQR
zphtIh{<bP@!;5)FKV~(mUbrQ%$_ti*j8yO(m7PLRucquO0npa4Vs}{P4~{_pMyClD
zDp3z{>1H*Wrs1h)IH3g}el)X}2-vaUsjV~b1g7^5z-WdVI?#cKvMfao4Phn^nUHGz
zOfmBaXv87a_`Ong2sZfNns06$JqaoX&tU(qOmUs($i{#$DB0dHrvPab0ayiKyeAjb
zMkt1pu1Vpi;ICOosu{0j%R}DbwSQR)?7k2WjLsl`;y8;;TTkcC&(BkUZe){_X+zRE
zD>=_*1Md;KLevI5jadoUTWO<`5e$>z{B~9%o_h4QdxniP$kvC>cHmX&<3Si&O23cV
zyU&&01~-h;Dv4x)vHeYDm>8hlD!qN;npUMd0klZ~OHniIYPAG-EfW9sl<f>l{L6>a
zy!_1BvqR>sd-#V@w^ZnCGfd=CTolVkS9T6EPkBrZNCkiIuKN5QwgCa^-mY_d2zz)B
z`v(u&BOGFfqz76#EID?@-<ZhCK-PwnDS_`tA@T);P8KP#w&O*4a9nuwo>$q<H&ruq
zm&t42uRb{dS#5HLAVf_-sOS!`|G<W5-PrMBb-<g*H}LSqZvot*8zY{nXilqQk6~gG
z%Q{m?PF!x<fP5{?CPiE6qwhSrRhu`#Hx+Q5is7Vlw@1qoW*-G9L!Ujxls=ppAhjQN
z8H#TRf@|SvrEk6OlG%U`z4O_crgVy<+21~svQdd2ti+zh=D)HLa)yqHaoozuDKe&>
ziRz<=-pR>T^Bza{ytfyp_k>|%2YJQya`0p(17FxVJ_>yua30ASkMJ7_*<>6vWDpe)
zuAoMOzo=uVk1cg<Y>fPf(G3_B!h7zwP1LlMTbouf*~9uwk&6s9aH|O;Dv9^CI+;po
z&uMt#Z&*C|+Y+E!&|~9{+rAR5P%Q!0L}>Q>vE=I1HP5q^fZ5ocue)M+$=mppc4GUx
z@+l%uL$?qAGK~~QPN~Q<GBRE+Rq+RrsJG--4wJ{0N=^)Q;bkVUv#ght5y8@-?I%D{
z<kYgGd|9--Y7k<5c><(&YtHB`vrjPh#+Kv9cygP4H|i@)&uCUS5(0e%E;9lmPlEs+
zKz~--L!>a0QsO=pak)nhGO41@%3t1+M{=|3M4nrvsF_9g+N^(B@%CR60``io{x;Hp
zBSCD;P&J4hOVdJ*JKj`w9BLyMSB5Q<fn5f`p({L|V)`A%S28y5n5fY&*<%yhsi5w`
zqC!7&8|)$Vxb+j`{_WkpN6(>m8GVi&CGv#+=qqTdP~H?0o|WuBf>8wU!LrA}7*15l
zJqL#)#kTbz3>H=Ci;MgJ!7Tg9u!Tv`Eqq+EC;1`nDR+m>DI^lwCTKjic6KJW7exSG
z`cNULtQtt#F?K`-Q(6A1NADiDnm3#Y1XCU$W-(k6H5XSlm?EgW!_sgcPe4C6Ckw!f
zrzi!;NVt$D2r`19u`zY7Vp$h5LhLDHQUX~6)pfxq@*6;G9lI+!`2{vSXl)BK7Ec)v
z5PCu*s1pA1Dv6x>az2RD=_NSHN8ns(fS-B_qc-D<;7a+<AVv-<+wWi92G^Xita=80
zp4g*eHT?mPi8W8G{Ctx>pjmiMld014D;J@S2EqgNFPL})DX+t{NHNyH@egvkV?qlT
z>RryIw*Os-2i#R3dc8)E4(Sds9wyqwCTshJ3=@|w8Flm|*G3D{xo*Czh-qu9(l;GR
zzhz@H-ZR>Ygv_lbl$H|0YTV)Szo*!%*V9{B4{uajSy5688R+TB5)o8_L=RgMmdhRh
z5Zbo_hz4#DAk9FbLG@f&bGLOYK?!*7UxU}^;0VhKD!2~V(y|=p?#h6>_$zdmFp_s9
zOq8h3r}gD@QUT(4R6(tjsd&Hy$fE&^83lS44+;b<o%zX$Fmp<&mv6{-SXt?);_z!=
zCnm1-f+1Y51jf{Wh(s+-Fr5iL*poK1_gKw;$rJ~3hUKjpn`q&C&RtNU<<L%VQ1kp1
z2)${iPF}(v-7DzCBH~!I`zrl)syarP$P+#>+9E-8L<?GwXAn;KC3XW<jQR|1?d^4L
z-O0M#Qw>&v?2Ex~;3P(#L{6*=RX9_7DcCD)rmq0p$$=RUZxCld@uG*pMf4xT1b|zY
zjkKQL2ccBZm6zK72X${Aj%E9{jb0R$43%Wa5GqrlL1eBBJqgK}Op#2PL&#84hR~p-
z3`H`Jk<5gMA_-+q$xNANYrmf7_xry0eYfpff2{SbZM~mA9&Hcq`@XL0Jda~P_I*E&
zvwb3G^O^Fgg160Nur~!hM7q5D;JoiLZ%wu9x-CEWjDT9u$wl^b^xnzh*4+U@6F5BJ
zz+B&>H1Z!Aedxyl{*-w9APnT;0ktXArFQUqEs8*>Ci5Zyg|s&k00XiqY45STZ2b<D
zsM*3P_t+w-HA=4^VrAZjw;}7`We{J69sgB<gLVJiG9tcG=*J?^Kw+Y0cYR|anHRq7
z&=T%jXK|AozEj@{D&MeFn?=Ll<KT4)Uy_XlE6cI6&ZRvpPV&Zc3JniFM_Zs;L$ge9
zjT!!9$Ny0HMpR-^Ka=SKEV?>*SDg=|)vZ+ZzD*ZwuQ$MQkdPL7_*)d9a1y2bnT#sX
zpG9dEX6RekZV@W&LZPoar?dSoN+R$gscdcKU8TklOz)TvTKP~q9gCQZb{Kc+|M*lA
z@uzPoN2-3tn}gMh!o)g-{auO2p0%|;|79PSJg`+(_qfX3HCNYK_ZKidQ{q)$TPkDI
z(oR01U><|Rah}l=LW0nLLbPG<A?-X-41DU58N(SW7;4lD;yOjA9fJ8fmhK5lY>t+t
zFyvzpSsM&8oXMJ;-1T~DzVACTUmxw|CYHTl@%uU%3_wMQD-ytZ28~#41H_3s>CC*v
zcRfh^O(o$!Cc=s+B@*%)vF7aN7@7vkVFe(-idSbdOG+IV9`&B2C9<v#2_9$!@?hbu
z>-s@t!Fg-FJOo4)WH-D0#L;fV_Jm;_5g0RAJnidSOOJacnA`O|nd!?5rRaUHS#25}
z(!ENG11L9p7pC;{{TGp5Al_<^aV4DLBG6T=@Shz5hrf?U)f0DRbzxsBUnz)7NMIs+
z4#`GjCYio#b$@38$1Zp!$p%u#O!08C*kx}h-~mC?l$YXEmP)ogWoUy1kGoUtzO$z|
z`2<wSmKWh+QBrH0;SdO0ugKSkrUosu!lN+{0NNc_epnZ=XC}Zq1y$n0U(41w14eBk
z{s}Ybwq@vy_MtdxaD?hsz{2Ejkt1PCx1bpfPFQQbBbM2}j=46qUw#3PRqpH8$($W<
z1?7s)ZvjCVr`>xpIo%6XvjPm_+8e2ByDY9{;63v5<_yL>iIo_+Ppen*Xrb{GQEbrS
zDlH`(-e{@>Q%`h<ROOKCK@pKixJKPEAt52pc<!&t6^^md(X&hky#}2;Jv<PJSC5VK
zhJw?8BwX*lLnU!IzZ}l|ganr}^(B8x2=OdSw+1uQ(0d*K^v8>$jv2?H@jn%8b$_U9
z+gvJ3Tu0E(W7yTf?Z(~q<;y;Onxn!h$tD!j+8eLIb~GccJ75r3Ca69@lORr5#4Z|q
zANIJIByF3>m(jok0VJjS3Rtx<-Q=&$c|q7macm5Y*<#aY?o_Qh&O{16Y{11v#LmeN
z^vuq>t<)Xztr**hdOxl#xXhNAPgYRcUyU^a!FEO3b9TdriYbJK`N>ohR3$ed>40uH
z(w;giF78CpTdPWHe7A&PRYj#5D4Z5JI5B|kv?iVda9bkgF#XVH+$w-R84w=i&W2JK
zP*-FYVwTBB>O0epqQr77_(|Cj*#Rj@NpxXvfjdhXI$72?S=Y_tlOKrQwWSX)_j9=f
z2L`Ot!>-VaDlGQdo}*j68qlmC9Mwq)oA<4Fe?FyL@ohY8QsbQhHNSFcFN69*$-ptz
zvcQkqLEg_MBRcXr50K*ZfB5=uBMkrV(5HEK5KjL~U73`eho&BXrTou2_#Kn~UvzL>
z?%*q@P375*mpzvMH;Bu6kf4A-z-r9h6AvED4Ep;qugCy#pk<7HzL-9^pD~RNPrm6l
z{3bw9SmS0&%E~pCneZ<dck|g(%tK-h+eX=b`3OK__I@+BGIv0Act=sqn=5pWd>L{k
zMI9L(BX2G!$q-LT8vjk<rSg8XD6^rK!a_%}=Q!3**CLsiFyRY21XR&+#F`eHOrs+1
zZV~9vMkU_7WCQTL<P{2R4w=$2w1UDD%8u&2;e!{L`(fYM;8gRDF;~)Nze(u6LFuJu
zwi=M*{>7jbM6JOpO6to3jvp6~*}MH$Y5B;Y%RX7%8vtj27QEALB*l6!`uv_8=6c&z
zoLo`1mX5jn%Rc4_)N6|o)O+>}4~%_%UeQ;*Vl3zUlDa0W9-R@^XU;r}k+TRbmL3?A
zTZ32P@FTM2a6lcz>sI(<#qGOyOd*a}LPJ9VL$+!@Onp#IH;TqV(tX(4`r5l*27nl!
z67oJn#DvYOZ&@&OlXN($A81z?81bv-TkVBHO`V3Pu5ofRv$Jp8?Af5Au>UR~TVAwV
zKE0!(kJ?I(?2wU71ge8(1kRH)c5cv-4kjV`p%solU-{S!Id*Ku&gUYPJ_h!QJ$O%2
z21%vw*W(%n7|^&i3(W<{uEpL74RgaWijHK<C5V<eW@JHHPs3Yvj$ITc|1`FQ%zM5m
zQeOJhPxtbJ({8}u8q!J5IWj(e9jpSlxyku<P;f}y)YrNJQ6UU5fx$wcgk~8C_SJM1
z1!3Gi(zk!klflD44t@f>x%SaiA!IpIFaqGBu5lEW_j|ODxqgV|3PI;nkpW4}A&1`V
z@$uQsIi=Oz0kii%JPP!P8kDBO5hE#`?V1I@93G8W?*w{CZeW6rY#^+D;B3$P?*@&a
zn?*58f!>oNKvp^aGu0sE&U77;hX)9R4@+w*!>9;?YWdsRHy287SAPzKRTG3bsNX+V
zH8sf<jSt-C=t9@Wxa|*osq2IRG}zEMMs^)v9Q^>L{TZ@90i;R*#fbY9`8_S`x(>@9
zA~7KkyD#1g74Q%II>}q|HJjB0qeEK#gWJF_d$)h(lI1LJI=I(O$CoWh$s4fAu=HI^
zj*t)+51bp&b-<cl9rwSlVrgr$)8Rb({vcK8@<}u|$o4m?I`vo?3|x7(-0h`>0t99B
z?`8L~XRnJA6E~m`{%w1f#yUp25<)tOyklZwDB7}zHN^127L-Hd@h{NR-0&24cuBFV
zs;*sEia&NPQu0}F=%W+T{cHX8VxKGz&oA1{OqDLFtw@_MmaR3L^vEvQql|JLJKN|p
zso*#1<o?<6r*BrVf!{w)()Y+YWV<ZP)&@nc>p;YSVFg=ANvgnP@rf>!a$F~D%c@Zi
z&~ysF!reTP#2zQr>)g2eS~4lF3#Bk+9Ea#n6S{m8eC5|CrHuOTduQh^9k$xzH~h<g
zaANfM`#p|cGG|m|KmwHn)p74%!;Q{o+Q4pD;9+Q>TX+a~de(g4f9#8YhRGn(Dg3-X
zY}D8G6zr}fPgyKvYZJ_HneQnuu>SK|8)8z1hw7h#ZNSx_wZ5yJJBm>w!A=G0@7=pb
zx?97pnp3OKS#rH~kCuB0(g4M1)^K))aDh{VS;944)ET6|_sG+aKc+B3;Wnx;gTiY}
z;JbKHi6As=KsAM84HtSDO?_D3<hYdnAoCh;*CKE1T|Aq{H`jch{@V+%mgKS&1H}b5
zk?e^L<80f72UdSq2y`HB$-(VLu{oPSq}Cm!XzVW`AggX8Z7hZ>>#GNZ$<|n>Y^@J&
zx^^;W3Vz)dZfiM0fM@hWOTLEdQtyR_9bTL6bh<f74DezNqsx-+pZ#)#`q?(h(CvH3
zQ6^FRlIc(KG0^3HLlO-U{GSHx{PDYAvbJS%b11Ao+aQo7(MbJ=F+0(}UB?=9sJzJ{
z_<>8gxzHv>xE)d3Bzc|};cOoAA{*?9NrqxGn|HRXMT+}_VSs`^W!Enm_eCgyzHno7
z7Q62Rd?B^be2U(&4maeLzKeGG9o5C8$>_zQ!hLsOIQgIRb9gDs^L<uL1oASaZG+>W
z4WOFL5<GCuh1(1S@t3%(gwx$rF1h#pN9c09EE<fkok&-JuR*+_5G&fx{VCcGpfwb5
zPism2@8LXyPKN(ahV0m?)eq{jzC+MJdjdKT4&l+NuldZ5j|!wX_w2m7wr*h7AUaiZ
zW<1zATjZ?QY|5~v;pZ#YgThS$lDKb3@T^}S7r+>_?XNRi1N#EvZqU3Fka%wD5VUQp
z#=Tw7SVDq!#ecXmH&>!}j-kXuk1n9{-9+MWa@@Hto52e*l@qMPu|c+Cc`oQk5jGNH
z{UExuK4~&!c$iINs{<4IM0SRDd_HoyLj1z!svoIs-j#hfwF82T;)eYrU#)FXi;@lr
z|9glFZD=h2&1%z`Hy<y(`u^!&>;XBR9ZkX891^c(@z|B^KjIyk^rGgSh@a6x?u);q
z!{P@6WjAb&@B8C5yqD!pDSv^JVP1Mp4h_y8P#jF#xZRL{2Ss^Xh-yHfVNl%W2+Vgm
ze7|ia;PtHQ<?j3bzmGz8eVVyQ7c1komB_lRcu<%r!o=~d;JzT0Dx4Tno&6~N<PHv|
z@vcmT<vu33j;J>{Pr;;;Wi}v-xBER68<aQlxvG?-ewraQC0pVG)1{jq6hA*9{j!t}
zD;@SW_R7Cnqc=X~2+XBBuaIfizeuAVTZ5Z$=IY|I=kodhS=*ya4Bv6;l-|?(x3a$7
zt8Kp*(%mha?Um#*E*C3PbLVcsCzZYX0`62sPttT2yX-vw3iEZ;gx?M*Txc6-*Ip^i
z7~j<T@&)%5o%OFTj?1I!C)}$};!VF6@3GP9*cnjkVrcsLr&S!?JHzheys@_XHY^j&
z>;0OTH}m}X)bwXZFr!W~rFTu}TAa1>D-0o^y_AS9sGd`bH6DA)N}Xn?;mSC6yw5s+
zhN7nMZ4T3WerYdG{B0GjcE-3xM#IXl^bWk&W?xrBDx!he@VM6WwtaVkYVt<Jw=x!e
z8IoyBiFa{vF}t8uJnSXw^>X9W&-s)NhL@aN8hksyS>tX)u?jKcqfzt{u~_3~ms;Jd
zvp2zHe3@lg--*txPG}2b(e}Xl2Y-^3Jik0jB%VzkUBM6V39^ptQ8gGD!OQ`#jt5=@
zX3sG#otfMqpV8Rv!z?M;ZK^&?0ph3+!vRHEytHe|oMvuWdU9A1zb|NuHAI!{;*5Co
z=$J^PR;;~d^UjmhhdztjJF^n|aD8**y2lSbR{VWBwS<|V|H)aAs!M0Ol$&Xh+J3Mr
z@4TmV8~c#Ap&@2|a82L;ON>Ud-l6Qlx^?T~=p@~{!c2cYOPwq($|*BD_dH`fP>|5m
zJb&9?;}2(9kHVU;tUkIWb@&qF(niOV3<9<hr}bZPRy0>uukB<rIw2C7bx=U@BKscQ
zjCvXW*AvH9n;1nsR290p-E$)j(%9ObVha*BaCJ{p7IR72X++*^H9h~T{`ZgBCD#3A
z(`rM#W{{lxaBiWmU&wL4ZbtW(j!c7+@8OaBlk{Bv-}vNb%J50-*7<TD8n|Gr#<_0?
z#@q4*$8>qGYW~SeVT(NPR=Dq~<=B$^_|}$<<=DW}GcycB`oJ)v4INy3YB5S4N{<AI
z`Q?Spj()QDeQ2rUMc!Ug?yJwdWUBIuKCydnJVR<KF?u5{jmC<IDF6CMxv}Z1p@)wD
z;<2sVk)58Jy3^zR%^v%*uo&*Ow?oZNzKy2$);TCDPX4$~vGAul*e|SX-c&TJhS;^$
zy)WhS_@N6yEMkn(GVIS^@to24Q=Xh??xD29)HDK5NW0lB<MgRxmzNKoq<&RTn0Qw>
zhQ;@(WEkAOD9UT2d}NkOg4VA|H>x@AjRN_Ak6a=NKdkWsEq7aAPk-#_J#>L)GAw2b
zFULd5<(JdxSSZ;zvF(NJSIUx$Z-4O3#9g~vBBHx~XMn6OW_URLE-j=6SV*qBrM`BJ
z`n`$LWFc3!IG^r^w+<8Ddxl5WZXz;WQ`_z>>q>JemcV;rG4Gl<L$TZM-1@m4)q8lH
zN7RTd&HCmO^@{l0=Mkq(yO<M>cVj2ww&aFHN@!o*fxiU%SW~j}5O<N>d>XRO`<lfu
z{qEr7dvBy!6KNWG_$9QauemOdG0@VQw70$5deE6OG@4)G^yt~gUX-8O+xKRWH{bm>
z&8^Ni#}4lhD0@Y9&k@m?9`3RL<6_G4-@~089QOB0=AN-Qe)=-4bms{I@{JS9-nSZW
z3ZQX{kC@cDfQO4QWhc77$0KU&9@nTF33uj+Yx<!Vfi@JDfw8dV8$X`7C$_#GXf)o%
zePGk|W8D0u*O+z$Q`M+#PZ?(LDY+^Tv3WHn=l4*v1tM95<_c@c-oD|y9tCe1tS3yf
zsR`S8P%C;{-Y^Z`?2Zv5dH*{FG95hSoL$D1C&L2egLMr1aX2C#+vs~)U)&>dJCEI&
z%^kKpR`DDmb3dm#ebjZCZyP!vMH)m;wb+yeHa+ObnN7NpS|>JI|DKUomQOWi?~TOq
zm#=f>+|tP)LPd4E@8s%%n+-woXB_y609)eB`6U)SgWK9Irqj^}dG!{5*&>Ve_9Yl=
zN1q{{m6WW*Pm!jor(~jg&QSUWWn|cC>F97@c72hey8Uh<v+7BMkf-@}Hfoz~xTKwb
zrj)cHiMg0D;<<z?cWX<OwPtsD@Q*#={g#<(b4E5lX>iZu!|rTYA(r&dSjOF)DqqHm
zc8hFGY}|gqHb{EL#>b~j)7>a_bV5&OaAbseCZw=tCS`VGT(-%F5F#xt?W}nxYh=eC
z)vp*z^PY){DYZq=qn4JIcGnSa*3$Di+kB%6tf<O}ft^ObryU0OFqW!!-Hh8@{djif
za-zwDN3*l^E$wcn7-GweXiGCsT~911P@K^>PYE|x$w*$E5Z-brPoJCh1ByryynZ!u
z(beWo9!jHrOr_CKjn<_8Vbv2#AzytaqyKg;?E#vq1B7Mf&pMYX5u@vGn+F_6=S2{@
zw9+Y(T)O_UIU7A&gbaDV^@WFY%^&Y$Y9kGIre>MrHz>E2eQM(in->ybHFzb$eL)m6
zv5vfHFjl%nZ)8M^nKYkXSX|`hmq6v)rPSnK&+{x%>sEKM)ea`9gbS*Xt|BtLn~@;0
zkL;nl*W-=&&;A$nq499tH*`dX>R%_0o8JHB?*B1Vp><ZK&k=tgcR!b3c&qb3O@J-=
zX9%~>PtWd6O7-M<?cW%9y#3aG(~g9`ZQ0~hS)Se+D<bgXsd&j<nJ(!Or{k2zU#H1z
zjAh&tv$Qnklt`GEnK2UXPh8^L6q;<rz5mc?{Bofs+SLzSp53%XCiNlB!qkAsGyGwM
z_xbZhgS5XSsFG3-mVCZz_UhYRxA`RNOPiK@ycMh0A%Iz0l5-NUB0@RV6b)j%)UU-g
zwjgqyej=?Zt;5zYB_(y+aKJT+avBR4zyG+R|BHylcZ4v)q^7|uCAmKQT`xMO*x$=h
z<MTvtSOgAs;oenPyxo5JedqO=<fm00rgWJ*#irEKZGESveL^YZ<n8=4ByEk0r&Bw8
zPt|^KukDTynzUK6qBZ*wabbmF=!pxJiNoS?|JIcce>yqV`Hl}CAX5i&YqqUTt6e^Y
ze7a=&b6&a1Mjt`n3Qq?pEtewS|B0%+q#Q)gMv#`^rk4f$!WvPp(D`05C?u&1elub|
zYM8Sv{`a)|z3@5LBno-+pjzEbwyN60OE|6UayL(#`8vPj<RAZ8D=qc@IV!gvS2VcC
zeSvSO@%5s{{$I*f$3-GdW;e;tmKtn5som~un2_ir%eWAHpS?q-EklLzRns?h=W|Z|
zlC(<3ut0@L5Q7;d`ROHwQH=nf!c$T;t|QNLZ9*@WWn_FGifzooq5!;eEFIkT(o1G1
z@*zfbb(O|eE~p73#Ug9Qtt;PI<myyYNaps`oEwux;w)Zr^IC5eCORIUU-!Eul^V!V
z0r*dE-wu|Ny>WwY&9#Xvba4ZZlDW4t=^@QcuM;<=LdA>i-|jFub}{N|+Vo@BmZB;R
zb#(^vZNEFmRfQ-=#(ef3<~9FwK7n$5ZDjhv8x{A8<n>f-qm%SLh6TXMrfB-~8y|s<
z7<e?Xi&c&I)SM@smhxz4>{_XS4Hdy*Sme!kzanjzqJO-w`A|-j$6nPXk0YNC<w(bv
zAr>6)U$=`{m_1g`W0gw&_8SQf9-b?Mqv7kEn3$YIGvZHpOPdGLr|JxeT7)jozkg6c
z^iB_9C*HHEI~?<1ulfm-GaG>#iqbAm&%Boz+`FMc9%%bdJ79>ZOe^qqt(4X-!KiUc
zOnsP=nWfckHPJ41Z>BA|c>KI)QIyEq;m0EOJq5ba7DZoQo_@%~`hjO?4<k?6irQu8
zd<ltlz6v=aWluICQ|YapkZet~yJ2*{jgI0c=f~NylGRmjpuj$0=9D}YK;H{4PJ+Y$
z@ytu)=cjX9O=T`E3Ai7zf4_}RLhglmfYq7-6){#n4NK5DshsZva@w6-qlq_j*2cIb
zCtqnQS3mqq05sCap~V1Mi{QR(_ln1rTh?~_vAPM3GZZz92@;lTQpM*Tjh8Q(nMM?T
z7_hM((F&PRI9!OE2}ET4A<LZWO;epz-fN1Cwl%havCJpl(#V8zc6X(=2pqDUnVFG_
z{vl!SV<0HJbs=wM)BuPdaQ)^bLkb6@&8J7ae+gh^a+--Q7GC!I+?Nvia=op!^+=YO
zO@4}DgCV(>9yZ;co$z;(b1gQ0>P4v_e~Q(x4HVUsV#F3nq2s&FtzPyHeXsrIbJB$)
zgVJ|4e8jP{wXKcey~#VgZ$yQ_(~q}s7&y;fR{`vW0}pP-rI&C}DXYIVnP!UL>z8=j
z?0hTdVX=~}e;plfmW!=0%}#k;@MJ9gy9@8ZgZY4@pSruRBiWJRdZOYarLX>231O10
zcSc{II(Cz0RBO$80|o=uQ$@cV=2BhgXv`J*D^slVCk7l!AB0&Ci&{+{M)Emsp_r6W
zQ7WCOJ?o~elO^|Z#mP{?tYQNLQ5x2Z9#ulnrjtWXW8O`nCys{5P*YRHD#Nj;TdAq3
z@5bDlQKKklN<FI(#$uAS^+irj-H)S<VF8L~9FjCoyf~<Oodk9%wDHM9bRT3X;>v&4
z8tzIfT~&8%z7t}+w{_^1-p_m2$;5R*JFg>ewsWjQmiXG*O^>KzfY?`KbM7_Ix$P&z
z1>#0MuYcGW89bpWPH|Vre^$mi+$C{zv)6dW(tO}??W{Abo7|TtI7Rgb9^ZZZVz@tJ
zS}&XHfP}|S0(8M7fBCu%SLO%gHuyPiU>N>wyq0jnY0_jdcCG2ciif+WUB>cP*=H8n
zwM&A+m%zh24_MQjsYZr~YW-BAX+%-7Tm5$0dV->$#u_CY>Px}Nt!@<ML7of>tC#JK
z)nW!$<c>PrN;z@L#U<p8h19Qlvg&#0?A8%3U_Y+Ysf_J)5`IY2r(T?09UXj<Uq!(m
zOSm*LSh1e$cpM1qv@x2A`^G{~qTSmdZ9nrKAd2{HM6Uhi&CyKP{R$R@^IcqB<K`!|
z@62sJ{+Z3)IEK=9AXqpsIUih;<5a6{K1F$7y>9hM-s&5*5~B^>jl`~d(Ta|NDeo?s
zpURF9*?9{oiV3e6RfJu0c}>=Z5f!9H{~z12F<?eSkrL%umrZDz#`ccee_CkbOFQ)&
zdSdVHj2(xliSob)iPal-C9F)mtv1%q)MyVtpN@jJtz5_jB<7PR4bso)5>fRW`g4cE
zDCEUw9+yAcqTSI_8YLakzggYoFcGjkEA_&@d+$rd+<}x2Kd&~_NrqzcY?Iz;O?--;
zuNKlWS0YS*y>7_JxIjgSFhvCT-rY7mG&XjkqUnLD!fw&|l{bbup_4^(Q8x_Eb<71c
zTE5Wq?JhD-PEi-MO^FCnaY*^SZ~DIUN*W^i`bSu8mi7}4?Ga|bKNx!2Tj(;QKHJfw
zDQ{Pl%N3aEa5=x#y6sxTN@3wGW)b7SWV`DXVp1w9^-)HNEDdgFzgZY|F}|?<u$@<l
z!sTzQCrmtcOCp?qDgHo76<5|%;78F^mde0Jq<L#C8Qt(f!^cK>h53iwM`kHNa^24s
z734(ed37O&;!>=y8x67QU1X3J_yrY(z=$~ZxPP^2_0wNF@@+QZ9^XRRK<RP|!(AcK
z2KpNw@@e1nN}Y(2^SKTTUp~sXD<dKP$Ns&lF}D`BW|Je4GxLlY8Vz@yW*wU?%-#eJ
zYfH)5ZQFDa7w(q2@7%$cc2+gHuU3=DDl6j>dT>_ZL{@8_w9hK#9GCQV0Y~?P;3}Sv
zJIWAf?_$S1`mMgw{^1pa!NA$@`BX0l=rxVJZz(vpZwDURtwi<MK&xR8dB=2h#qmu;
z_1JTl(7Ie5al6jro}L?aC{>r$Q1$l{yPj3bt#WS|KVr{G`_A2S<nH}A`mbX>nUy|k
z`SeGg(u)|^Q565Y$noT<%hj1vx9!Uw&NX+*ya@~0>0)WcdfLkiE76NSm(q7^j02TL
z_AO;+=go0(5dlH3y@=n}n)WnFsTG73ZYK28brigpIF^?a<8pIpKYrXV;XX`@1mU09
zSiiJd^tS!eZ?^PwTM`pCIPa#Amp5YIMWkgj67N%W-h3nRcJT6UfY&Kr(?65u>wtPr
z9DH0oEstUcb-|Ty@s9_c@5S6p(AV7Q%d)bBvO4>n67V4M<-XP_j~<G0EXCddIVSt=
z!|*+CAaU!=JCwgXj_x^wS_4;o$cj-ZGZ3qgq<?lOyh}z7C|g0V9m-GoU%ygYx4Y|U
zf5blJ=+F1T5vEY)%v_vO^iG++ak1;?oSGgwl<1NRo5^p?V)~>q$u^Glgi<jSS%rm#
z#RP#$#wksOf8oc2#YD2&J0fp)hiiiQCKgfl1jgkjJ!;i>c}uIE(Rr5Z#zoN|(~&%+
z83?5SP*Bjb!28Bzs6J6?(^PS0(@U!sCieQ>*uXW;T-JmG;x_8Jdrx(Jm*e@WJnBNF
zTbhWY^C|1!g^T^ptvek$P<)|To#fi&R<A-;;7rqdcw@%Lt;(m3cy`uadZzx|6<3$%
zFJIH6_>9|cpF~mKkRhBs+lQEdQdptfTB+7xx3IbrwkBANzcHnuM!U^KxNf<1Ufk>1
z1Milo0*8#0*@zFozDmXU`EI*BjfFw%e6bkoI66iD-Zm0znH(Dne!-x~TXVEt_Ug-)
zZYfbw;=RcZ6;^HCHWP4cdZkY3DJzT)U3Oy`hEs;KBg1UrGi>Uy0>|;zIj`$&<^{&O
zGH3^+SeZ)J7r73QZ=W_wzERqHTjQ8E!KI?jM7OYzGS)f5irRIXI3EixTe|Y5Uo6Cj
zk3w6n3(Ip5Y02q~&L>o;4`FHXdT3DkKBpoc4pEPey_Y3Qb~j#-?iM+@{UT0^7<5X?
z|E$@5K%lZ{X>oDu&a%_Xav)GG??_+yX%UfGg77>lH`y_v#oIpmF_L*dn-M4?k~X~-
zTezt@A`=wDc5tg=%J~KDa}}M}A~bzH3U?^$Yx>U4%<y9MeGSX;eqQ9P`SPyROnq;b
zXTP&slwC#h(eZ|E5hXrqYJZ84i>xw!6y>>xkFw0c|1-bfyx?e?E{W-ff@@{DTHe=|
zUQ5%QNqj)g388Ok8Qv9_qxu&)C&YJd;t(>|4l62x!hL@+(4fG$zp=NNW||vjTA2`^
zOtZ^PrnS>6hlMdmN9GVCIIQk4>;irXkF%Ha_4dufg67x>kR8x{FLYrtqw6R*uh|YG
z@gt}twMGx&x)nr9Z?%P_*iPntcVcKCE!hAv=0r^B6U%)-aUx1{?N33eb>#e<kvw!T
zKR8DNTw7Dt^EA152`o8nLezXk>45n&9YPcYK>b$V**P+!neLZOxL)JEa%O4igoOnk
z_+X|?x~Ck;G=${pEW&=3mhmYwN+NNDcQHy}<h;N_5!jZb<n(o-Ig<GY6MC~5{nbL8
zndUf?ls1lke6Jmna)#{%E3w<d$Dm~o`D*?4ZtjVRwyLW3pbAckHQzTYXE?I~13seP
zq0BqbZjGAFw3Tnq)fZP>+f?=*DBAwaP}gDK1Iw;P_C`Y?!qQlm;^#ffy3e$yp2i93
zyBwCM?**5w2lz81>1MvS#`(40KE0@{Q_|w1{0gJSLNF!2$Ytm(ypL-2jq%7HMnssv
z#un{@Q=5o(`}0M@bl7)U`srDEKgD)G6u6L@YO_U_@6@PIRDPLY`RhH-x97)!?!kQp
z^*&D}o*jH*xJj_!b4SN*z_}{fhy95Lj!~3XoO)?nEcUQ|c;i;K&39n7yTiP{PbxFw
z=M24+WVd9VPoed{5~-xoI$~7LL65y2*Q@QBCxim+(ZeonuNZJ4)!w7^Q~KsU>BKHk
z797nfuxHUt{1T;arTMFGpFaKe(7HXXzfUJ|;aR@<7-++strM>j6O~^@RGmao%8aOv
z*NCQcJZ1lU?m})xLRneQSi5TIsIsD<!N+gupCpxos~3%wGE?ZNi5{`M*TXo8!E!X1
z0xkKfHZ~o1Ctg)T9ymNvQBvX+@7;+wl<$6Cx#oNX$5{{0B?-#AmK%X)4b;r1OHmgT
zNoTZJGsWNULf^RK61#4hSGv)dLM&K~ucp}nL;0g2FB-a9TE?7g`E+4>f5IVob6ZnQ
z;zKuUTj$I62bR_coRcJWVI#6oU2ODTRQ6vP%tqADH}_00ydk4L_v-s=CNc5+BuRBn
z)H=T;9etN1^??wj>&Ddln~&gO>kf4GOsp2fgQaTrjMm96DpH<WnkmeFZ@%+;QI>vm
z$8{N2YtF=kSFf6fO4#f2-2WlIv%g&y_Iav*YbyG(m6gkak>sO+yt-9|*x<$^#Qbvw
zMG?m*eoLBXjMw;%Uuy6}LI9HC0V{fK@9C{02byXQdQg-%sUQK9cA$IhXD&5z^ROiY
z<!Z%e#mFqF<mo(lr0!KW&bv^vi}k}iAS76$AhpFx?W>E@H*TDWepG{2sk5TQe2mzU
zBNt3edd*^QosW)=PD)FA3*kXy?v2su2zf3QO5bwzeH=cSx~EColfs(!sSJZTiFD?z
zO*PNb>SqOtoD(UBSkIm8DW(JA9%jh}){<x9chiNiTsW2*H=q*zk6##e@qg_9s7<0G
zA|L-RzhpzIw*HrETmRqaVq?SU2p+lYE8k0u4v>rHUtb}@)R=f7utxc8sp>Ps#7t1&
zzXw<ZU^dbL;^g#S7chOKHX5)&Z{MRZFSaL=MTN4n0_b;b+E7&-8xXMCmG}Dfb09nW
zC+B5nldp+>C>wJAb8MY&OPKWm-iyKzl0p~#(QXVZLDuBW5ZiA77@gFAASqZQiB3(x
zhvZdVjXwn9AdqBLm9Qe1nwpj6nZ7+JdgTv3-paE5#!hj&<c6cX&QhSbFHAoPxbtBw
zr43W4RoF$K-5C{M+w&SS*^j4LR1)`nPEXB)LVx&BTjH+gdMVfO6Yn36aLVn}UBZ}f
zayyXZ%e9b18;xQsyNau2yO!@h`tIZjH43mHB|P_1$ycMfH>9Wp`gUUsXDF&X;ko8-
zE&h+cCg3BIwOy0HY0E6gV3OCDRav6FkW|Bx{J@NRY3biy0KPS@;*w}ThlB)4ob4hB
zswYfH$Ys7p?h3!Kj-36HD@W;4!@`WQPkLn_<7Cf;3zFNnC*?Or@=i1!@cKiA)nlfr
zq9O$Szz;c&R8~-_G{%;(%>0l}Nj`C+a^ympoxNH{bIB^Mn()O<Mc$zywrppIwS<%2
zy$rR6JlLwlwVnda>!6H5f^*FlNDjjfWOVTR*TA=K-ONojTHbRp!{RJQq|R#3!opeE
z?qUUH0_=y<d=x*)H4f*^_Ul(0ix|BfW%MOacN&r)9Coj<kfocIl~<T<nwKi!P?Tm6
zPEoT&#qBw9EPKC)#tn?=K@CFQ(SwprdS<Z}OQ#>-0B6s?e?Mb~@`%xQy(4;CSZ|LA
z8_jX2pFUM_Z`tg_QlL_8X@<l1zD)dx?{$gY<r^rt3=O+d+QJ__3Utk~GHz6IaiR0A
zn3Yd2RG#hjgTw$NQw?Di?WK$zx$SMauR|2T2BO5OMDd17>Ernvur12PWlfT0e?3SH
zoNIotv+N-*=9#sMC&+nd7`{daD{yf*13Y9<`WE_b*-7a8)DTH2%V=VFS^0P>$JZ`5
zrn^(`K+@q^T$tT-=AnR$mmDIZGKiMx`<t*_y1XwzHj!A_o7;XU_KTeVMbXMZv8}*@
z9+!Pu3T2f~c^?gTUcUR-r+MI~Ul_5R@VnD<6D2Y#_#IG7iAu$!JqsG9sNiaJD8_V#
zz~%&41?A_@8d{)HkmSs9DyZ6WY}@wWcfal-nej&O#=r)B&}4I5FQTYac=zzBE&+i$
zp{(cF(1e?b=pv7JCP82p`Fdz_Kyp|0v_r6vNyU?JSXSVE=e`s?HXgp}z2Sbv9YDoE
zF7b=IAVHFXJs{y5*Oiy`ZExD$%*`LxUV~N{G+-nsd<==O#wI%-tgpxW-E3|Y1*UpP
zSj5p2pH=p1b$a?@3HGh}-M+dw%}P8&X^U6Vi;fDyR>C(L@J7>fQsRS3iX!(8)hXxI
z%6U*i9vW88BYy76g9x}bxJgScMG?yv`H*$?fKp1q!sfv%lHn1l>#iI);Iu{Ez4&q@
zy<{|f&$W2(?zx`S*u)oWOL82uV-MD5XIn3{3D3;dgt;Uo-F=|Ow_&4@;FUK%u|OKx
zFJQL<6lTQp(zx>dpk2g6GYtct-G1(0JQsoEL%fc<S9%*lBPHSD+ybs6$a5Nm+&w<v
zJa8MbKUa>3=Lbkvbx%ID=_$BoGSNQslxK~1(ai<?4j$3C+|>Z7ex|SY3)bO=#)d^x
z61&sSF#z4dV8H=wx(n!;RD;n>1Wo3a(ZLIl>l0V(zD_e@9W61ibAEOt3XYu;iF6PZ
zUn?<s)hZ@dYzJxd!qlUE%YSNkx5vneh_kS-QTcWrJyx(+5%m%N5WK{!QRCA=vz*3P
z_MLD1LCs>}d})=X7WJ5;X>s%xs%{S_sYI}XO&dy#JW-uwlOspSZTGe`<2Q=u!95QI
zdk4NA!L&6xtQJVRNf{XxxX=rti*M04JuB}P%@!<daO<LI{NV8e7^3qQ3$S(VF1>t_
zm#R(2NiPhdAZz`;?sc8>>D%$tYo)GTQCMR8IQ4+`QfHCz&>wd=(Mf+x-LW0P@E@*Z
zV-5XdeW5S8$o9EB;QQjjR{`8eVWUMR7(>W3634uUc3~!?!Dn}F`}MriRI+=3jU-ue
za*Fs19ayn;pt@0fTJ`=SlffM823Dx4;+^bcIs&g8*QLLpdeyqI)2COI((ibcY;L=;
zjA1PA((>66b~)-_J<|pA{F=U{VY{B)|BlK~jVVUk_WTys4ew2K#C|gwzPSVKcVpyH
z2C#+xErN4N;EKuf%1ABw!Yf{F%@8<1F?2;DNW@s1if{w%LbXiR%6v;idwXY(0+J?}
zW=cp$)oa-21|_pQ36o;uyVi$);2c8JFW=!#f%LJxgH!I_q3cMt2zF%o{{hpicM|)A
ziZ&w}|LF(%FZ`<qclCb7J~q8El$D^HpF;$?T;I-1>6^JGe3L&iyfu$M!)S>P1PPSU
zBuZbX;rAkqG5Z3~LO62>svK4YR8E2bmWH&ZhWThuy5&V8&*-@7E{nhybU^a3m8u}H
zr)G&RZtTmK;wNO^6)iB|@N>~Cydo;mM$$yfx9JBO-iK|VzB1pq_Jy1G1bu5>UWq61
zNp|RpWM@&0fPCP)IGlG=i82E=l9W|0Wbrh#DiHNLyGi8=t{g_*oJ_;A!0Jt@qOcZ$
z&)L491TP6$Ktm+s-s_rd8PJjK%!PY4zo1@?%tZVw{`DVyO_+y!^rgkc0=nA%QMsEq
z+mZ6j2BM?A<6eOaAHai&`B@sH(#sADiy-6rt`P-1yHO%(8N|6qXVg){roscs5k6Kw
zP`7;r_+Y`e)ccDO<4CiGMuB_R*PDox^LannP_<ovc_ikGoQr#d0+-*m$FK5T4WC#h
z%}vFo48QLHUFey^@a)wq&BMbZdmaquf9>gEKoq`TF}fW`M@1=%IsK3aDV?IUNq#l`
zp+Q0D*Lib27N#)GGTKLLAb#Gy*R+5ohYkzsULJ2pvSZb~R<UR)pH0;9nZpaD6Q$pk
zn(WjPY@7wLt#s&4YsuRdN9=*U!!PvviKSu*tB)QnC;k3|J&di|6CvrMU02}8^FPbY
zuqnVRaod{VWU_`6&~u%l=O?IDmx_J91zm)`QUPI4Z+k=lMEKy9_6btfxHwT?U9D0^
zdAD9G^?~MAEMio6VjbH8WOwMA_Z1fMk;W?+!M@@t;rO|#sji3qhAm8FO1Z{FfZROZ
z{_gajH#s?{n0DjrKoLYAa0r33<rwO-OVDEzh`69xVFH4eFNf4zV9o8&<$dkH|IXqR
zP6Jis%E0bN`I2%;=u9_U6ZdMDt@suf7a=YJobj)$gkCiQ^9<Sd$*(0l<FKF*<6Ba0
zg3>WXiBqX4XAru`Pp!xtbeo+x4Gy1`+j*<BjKTU(oI2V_ms;lOAholOm}hm1buPY;
z0zYU1AI=}W1<u@jH^O11)Kk*OWN_v$e;ui;Rv-Z7Dm*-4qn)r-S?xR|<1Lpn*KZ1n
zti_!q>#nW8t6WJ<b(=?qSB1%-*}9RmL;YB}fh=r#>>@i@P3zZX9)+^$Wa!}#u-%sZ
zr(SC!qSc~*Tr91qd0;#qa{qb?<>33@`O?p2KIuz+{#^{Qog{`6$dG^=nDdXV$tf)8
z#ALu>^X=`3>e~(9j85vEGP}uxn@ZmHzR8QHVd{7xHgen0MAt*E`0BzbgZhW5;#IRk
zy7t)Z25NK=(D_MxwzmIHklRjz77=a<a!a-z0^7MeQPbcI!7|r&7BU{lR_TgKP4(ic
zm5F1c&@(jjD=l5+HdFy&ibwsU>V5Oc#@e$~M68?-H;n*XClw~sieE=hUR!864e6Yl
zGB;B0s5mVZwLb|gQr1?yi#n4n&OwssE0VwihPQERM|jNsvL0cs$phUV%N!PS*?S>6
z5e6Ffmam$~dtdw0*ZV`Hl!bN_Wr;#e)jJVQ?H7gzfW%M?;Gp3?HFqk6J=JNu&PRCw
zGW*!35b8z8M!u1B6HH!vJXX7kj02%}?B1R6ZX&;bmmwS~zavGd7L?Tkwo-;!M|t{N
zQxVMnn2a1_^6Tp^Wb2X3kMw7K{bRi4h}1R&(<^Rs5+$Wbeuzr<*0vj$(qNl|@qN-Z
zq<3U+@aksBv{>{}g3_BI48U!h+F)a1LNu4ggxrmsau`+M#-b;oH0a+iZEKtG>u}J7
z{^U9V?r=TTZTf!R-HW>nsD2@Q2MiU!Rp$o`%q+4pyj`!zedGw97(}S+a9>qnx`Du3
zXq2!3rn3^cat+X_NK7s66V~gs{K80DebbgS)xRo1<szNZgvP8FoquYGUx4k1WQ4Ku
z4`-emdD7k?g+y@jT$#qS_iH%EyfO^>zsWMb4A78?cgb{+4#n^ZybVlMZTmLxcaV9v
zxKcTL*Fj8YU%^e%fK3484;12TjF|#V>MIWW$)(wKqPukL?ay*n(<gl-1sV2szUWwU
zspfrva>wpfSS5mgy2!zY@afyPK-d(rNjua=8hY(9-hUW>N3iWTVLbuU)U=$0VLWD$
z^ZoVIB;Qu*w4XGIp=RV^XcOFAlp-WSy^IW^MFsP~W)z8}r&UW!dJAvDPg}o3Hxeu^
zURY`<Q5!om3oK#sjiycI>l<rh=e+dn>`j1afc2yh07I1NY?5x~&pC5oGB`nQp<>`h
zl8B&)fw#+5aP!gj@KPou*VhxB!EmKU)hSfUl)*Xyo`x6Z#jj5v2whs7+)m0(Le#WZ
zX^3}K!b}{6N@ruQSa>U>2@*-`WrT!MJ4+{G8hj-F9ama3)WbSCJyL$B)lAfMv%8Rk
zWUz;{Rk@#Flaj<w^LfEz`_gAW)Tj^NyZiVi)-je|5U|3>S>5!JSB)bE{So>Dmg<r3
zMSw)0TR<m4bGE|NE2lZO)~-NV(|>%EDN3d#oA*@edhqav1pNp5(?e?5pX@}jkOL4x
zCmyA(-^Fa1d&Ah*nGn6|A%PeK(UUBDPcM1AZVu5_@$|fHJtk%TB<FAY6P#+~N`6(j
z-4=B>isS<Z2H%B=q>KER47=xGnE1#2Jp8)e7@pAbrC|T>Hy!zA#F+!(HVfSQPoz!!
zWFc~Ov55MZGv&VzO-Z;eGn3KuXwrk$7m_7*aJeSBa5YAk-Ndp<S>uq>;8)rmI=9*B
z$(nmqzFb3e+2NmN#ZP^nXR34l(LH<c%_ZaGZ%yQd_g!{~F1tg^QC!SI?2daLNqU1k
zAOGmajh$&_c*-Fl`Tn1ympI#SQj?_Cmlhcfrrxo{8I8$7<Tg_|*h#cFgtwnkmtV@2
zI-eo>hKA75lJ;$~i5vX*6{f3UXYKF0uLVY^6-7?T!;dIqlxX%%KJw*B*6OdVt-^u|
zvjgB{O*zh`wgh1zeMb~g_`6mk3hv3X+Nw<poKgBk`jT}sS8hQvhe1&T938Qc9}ZtP
zR`K(QpH{OEd-6Xg`TY5u$x}{G#*zIV6dfCgE{+=0Y|?{pXg~Hy)h$)IK<C3OUgWy}
zBT?4-=JBkxhCy74_)2qPqXKWSlz!X#+7Kn^Xn4&$TV$;uR)z3F-_$B%SBN=SJZ!vb
zxVBLf<>*-$ZVC@;EkPFBj4(hZ#5DD;-K{qESG$tV(I+KcB}y)C3(4{FT9JSllAD)b
zAMdvovqIdp*m!n0kc|I>Vj5Ri3c(KozF5+ZkBv3c5|<|GnU=)h2}Ca>3aN~CWn<$q
zYc8?`fFm3n5gA(3y_BW}9QH9zd@WGV?I-*W3CsAb9)GouRzids!Si_vhpLtMStEwp
ze&;1=ouT>oFJiO5Xjf<9Svi|7lmzyN7TZ}jGfMetfsL_qzUuoQwnuhCnqlI7={nk(
zD0myhQi7$0KDZK?lpKrF*qMb_X&^*#{B*Ox@L)uVzV>id6{5gUg*ET+{izNl6w+5T
z6&^YX$QYNGM+fmT_(j@?HD;Ir)!Lq$^lFy%y_8p{>5JX2Xl~AgGM%i~;4G!MlO{Vf
zE{)K16HG49H@{Gk(4*ag`}a3r>&a^{7UFVr<BVy)-sPn`_U-Z!(mNkv{Biq2NbB5*
zO|F;5YL)PEDEASdYim2{<vEl0vVQP!yRWStJd!Nq3?mt;1SSw4#(5cyn%>DSp|kM6
zQQ@XmCwZ9{Y)fyf>$1^v<74yVC5%g~%VCJyo&Fb7$u{WhI#j^Q?b+A*^$$$Ex+oeP
zBRU%rJT5^^lx;fyOi&NDuX-kLW|^BDGt<+5yJR6ubpC$${OfG9KR?~>I#v3+x6cWc
z__7ylCR)F=26ppec{whgzW4PKoMj7Lo~E3RZnqdQT3|owxc*apJyeWvkH*`y*~5Jd
z2nXeM4-In=$?CusJ?vALJ(frTJG{yrHahTbAJ0=8$7_AC>n@b}dw)}W;ucoB9k7u@
zQmWtAK+&K5&dA_hF7?Q`$`ozM50Sib-jf$a2?;MrkY_*jf9CfD(%g^=wHaZ(Q_7R6
zCAjO9Y@C+sXubfQ=j=m|gq%2Ob$2`b)=>^QEOb0#(#N|y;q0Iwadoh^QFw05u0+&4
z#mf9j!^#E*?CsQ?ieLNB@of2hLjP9M&#$o&W=AbhVSu7ze7MomV`wGq!Lh^JPPtn_
z%_NP8q#oWIEAyZIL+P<d=cs&9j^X61`<9>Fr(S+DCqA_}W*C-{F%$;4v^8!HY;-!%
zBwMc>V)4?r@?0-U1;iJ`&ciSHE4)B0{jjU{3Tqo5elnVumml9d_!rV5%)E5+!g6-?
z?eT^70%gwBgw;Nk##)HVX81^?8ydJUG0*k7TbVALjTfLXJ#MKf<yK2&cfb|fN&OPE
z`62{!=p#S>u`!ZK&D*B{_p+M12bdU`70neG3DWaxXGAec&-5luMQ};Nc(=OPW#C&4
zgFa<L#=u&RnuCthaqC+w_sMfoT?3c*#QZ|}Q5>$*FO=9INiNL8-gQY`pFbZ&6&jG&
z3_9YTB||P(#jMSHvBc0Zcto(+Q+kq)r+R&CIfBrc#_^3b^Nb&>yYd}SRB?lkG87^b
z10X~mIO;$RA6sA>7O6zb^>B}HokZX7F~;OaIIXj?veLJbnz_aZ`@6zf$;+IzGB-el
z#;JaGr1?m?uCJ+uvxw~|;Xk%MSQ$Cmjgz=rGPesE_c|Wa`Gal&Tkq*l6tync^z)84
zoJi%+8!57$fL|AGE?uhoxusmb(oZHK&>#|%EF=l502HWq<+lj(p6BqhiD^Fs+h^!#
z$N$`)l2TG6c0y^5EFQJkpZ1uht&6Mxh>>vxGdnsQa=})`=2oM=eYMNE@&CrnMfN&K
z>l|#Xs}l?xkVdZ$;EP)10-##UmLc+>ETs%Fu@YQ}eBPsbGH^mIF3Kq??Szz_)(jUF
z@4EVl?n=^Y<}6dxk?#esWr?8}Ltbm%zVr9?*}VnWb)3?f72~~_G1z5z?%W<hk8+a}
z>c+-$p=({6Pg-q1t0XBIdPT$I-Zy62$^iv#`1Xjqq^)a{%Y=6VONGQ2v*MjciL0bc
z{kxokV|Agi!lbjpPjb1<XXq~c1*-!-SM<t^x?`RS$-QP6JhyMMG$<Hy?P4d+>G6Ai
z{g77lUqr$E6s>aH!#Xx8n4oxIunH1bAhmX9=iu5U_!A#miNn05J66+@D_9v#sTKL|
zRYHPxo_&oCjvOiBdl{W=9M;<9BFWii1Wg$vO*J_GCeP2S#dypbGCnBGTrDOn_S}$l
z&v^Mu3-flKV>{*MF{rs^hF980JPcOyk~f+=3Tk9`=8{I*&?pO8(xZUKfPqLD!vyYo
zB_2ehL|#lIDlCNsCo=JxJvo?AR5W8CZK#Pzn9^{WxSQt{wsDIC&6!05tNw5C?wMI~
zp)J<_v1?iyYpsGCfal0GB(p-X;BAtpk9B=3<<Mm~)sjYzQWJ*#LrA3^FlrtZgyI2!
z_oJ?5CxDiQtj2K9?95LXJ8`wQ3#QDp%(us>11nzz6wp5Z7`|ad3vjXj?8A*o>%8%l
z-srEt;@x@oxpgYV&q>dQ)f0W)PALu!GQCg@wJ5?m%qRKt;gF2VP{A(jdX0Zpec%BT
z|Hggf^~NuN12@4<S39Tcq*_i1fq@J0$$Us%+w9pM7I)>vm-x{RW>3$hs*;Pl2j=iG
z()7gU3tD6{+^qSWU*xt4*t(tCvKOVGrHy?}!Bm9ST>G=$GY8u3Ud;TZJKmWrKNGM2
zXZ~Htd0Zb3?XfJK&>xWNT-^Pvi#~0}P#eBEa4T(A`;Vqi)WB5p=Fj=$uP;wOcOOur
zLWzA`<b8AR6EDiD+zbTSHy&f+VPlbS+NYC9xw%e6COTdST--gM>6<M5;^B>Tf5d27
zyM~-+E7ti=@RH}#`4S2u%n7=|UW5av5wahvyqo}$<ok`UH=5EHWhy#ke!R0!K)n}C
z_B61afd18)vFGvKH*DB8(koM}I2D5IBiS+X5sU?jwyUelRIrIryi)gl^C&blpG*+2
zVaK6sptx1`l?yYWrSubu$J@wP%vA=>n*vk8{6kt*-FI_56i#^`A33rjJbi9NpLCm%
zymUASNTjVZ5UYGU^}J>~6$vsjqcDY=Sqb71UY`ex1!z<8;A5QiLk|}szJ*%PyZ+<F
zVf1C!G5`yOUWU$j&rr*R4UZ4bRD|rzCq1jAXPY@7(d-WWQDWoZ?=YX*>qQ@*!kgLM
zE&1X_(mL0rxsl&JYw3O;Usl#fI1wU8&)xoYiNmPm^Y;$>{*^0k4C7`$lsI5>)imZp
zN{;n|ybfVyO9?*(PV=y|yc&WkR!e4reP;$v<laQ~P}OjSeQIv@gSR0|*5v_zxvq{5
z47EX4^5Hb+(VPP#(vF82SSzGVSUI8u0q+<xlcP_*cqd_kfH2&BZLQ)26uQrsujmT;
z&X!#4GEDs8NO3e^@V}VA_JmJaTUn8b)WlA9acQY~u@WHVT;MbH7#$P(yY*+$-OvQh
z4;=wGnsD%Hs`VG$OAoU|Z0Po&hHD%}U|T4S`>>s4#=&uR`uyI4H9)E|ieaYaA#o6s
zo}*g}w3%39{@fMSQ|H#eQQ#0$Ya1>zkiUae4P>RAJ9*h;dYmb=Mq}~|-;BCgJ;f=b
zVt17t;Ec)RmEqYJ2*O<=8(Zk;GMjMjDd@I77A$A;D<<8~Dd9#7wps+px@<q;i^7^z
z*dQ~YFEP*yyes+94(!oy4ZZx4zCeL1*ep`dO1(hS=sMaYFJ82}jlV$P_?RQwYoJT`
zq6$vgYQU!+y*2(SxP@)DVsHgWc#g+y^yVMCPO2s@VIzuCu}&GMe0|_Ni(5$p8uoQv
zdeZt@)8B&RVz80`<4JG+#w>w}`ftw6O?aMUpXZnGQ%`l#-!OP>LXh7|{T%N!YI)H0
z*h=y9lPz0gV<*p{VlRIx{xPoe1ru38r&<?1#Wn#40=?4)mHj+4#OXWxaA84>!!teC
z)9$tM86JhB5I{f!ZGz(VPe{1{{ed1Ny7t*U^H;j7N&1A~E_Jh%%eu0M5`HAN&i(lI
zstgc=Y_*EUIb3Te3J3Rn?&--alr^Ur-OTKx2+zrX4H-Ws^6M2#%f$JZHJVgD!F~f;
zoa`(F`S>LEVNqMwxZ3pfzh&<pmEQ~w^u(`UOi2gXmk1N6*?PB085^|Y^kMc>MApmK
z4MR0$d`rGbxmc;&{GWihmP|jofp#{_@$@OPi^#C1KOzFx(5lPWtRr|LhU39Xt`fR)
z5{FeS?Hh_M?;ZQaAsYn0KB;CSp~1(^4{K*?>!|Zj>mGCs7^+bW59za8sZzAJwS|$5
z1#)$Z{y`+O+t@;uzh7e5B~BcsDe-98^=nfE?WLx5s@YPWWh{X#EZgIr>@*r-i8m7^
z9zWW<;fGQ2T`oBvVY!TS?G42F^ZjcPkLtqgdmbrM3}10t>{)AhUZ~HZp!Hh7s*)Ne
z$W<?x3f`qyG_D?pfb1v|4Qkf9P`KunP;fPDD&b3U+x8hey}x&r3zBn2)=Jm)6Uo~J
z+<Vc93ic~#KpAe)#ii(}8{er3if6gGr&}I4qf_SN+%EL~X-8HxyA%rUyoQPKS2K_~
zn>?Gl+=1^+;hUE^=$WSQDX|J(+QLF57cN%#&?NQ0i4U)nhxx4K<fG^7i7+%sql?Bv
zK*)Q40oj2F)gSS)WkM7^1=fYVNS{^Vnkago!4ZjcM|N)|e(C5)bXO&^NHdlUY2kty
zOXCB21?rM2ah+_RJ=LZsVBvMh9cRi2Jp{b;_>_Uc`|kz+_5!4`KVw(^_VQ=-j$lO>
zhK0SCDL}aq5*y&o+y3k<CVw#B1UIN4b5@8Th4|Adt4S~EA<sc(E(fSY2eiO&%Lb>g
z0MAF*urQG4^<0Y!E7y*c@HEb_l*_i?ysk6CpJJepa@Pj8@R@7ZEAn2$dGXdd&lF8@
zRoS@0#F=*wTGN=zh9GFfJ-CKg8ewbs&(3XVP=jSZHD&WR^_DkSmGi1$XjR~yXJa!8
z7W3cZ_swjHcUPEYPNwpE70z=#L(6Du2%b9#rWvoBefaGe2{j7+#U&2MP#_fR-2*2_
z9%P`JN13U;U*I|Ii%%XsGBInSBM<7b4f596c<ElR5YQNVu+3m<dIjpBR@A_Y_syMZ
z%wyIbs$jTaCDhh@Vx9Ltc=EPHyKVh9K$ntqvg0zuxVWf^@mHTc=tjn;3zjTx2ydKW
zM~CoectkcdyxNp$^Btkr|IwlLFf!y89u(>zUS8)S&0QJ!`Sx02=JtPk)Qp{1oogBi
zUp?a{BhqZPrW=#Vl;rAir|AF-ajor3drD<TetfnFxvY8A=g#Uj>ax8Xb#Zk`mNfhN
zN<UpK{)JRgVfT5XW~BRH3tR$jZ9}Jwdp^Zr4$7k1fWmY#92X0gJ@yH2yJ1J0meOM5
z-@hZ++K|ayQocqDs+)98vlue}*^h<C6k@!RJpFZ!VuoRLvL?l@HlN#?oE{M)q-$cp
zB3sV{A(oL(J$MWk{L!vXOCk0kcsr#p1%2agKlF5wQ=!|Q?H>UM(U$ML^va4eHU7s~
zmUr_+3SMz6?Tk)p%b0!Pt5ln>{eeIsc2dn@KbN5d-ZGeA6--|Vc_BO0P+soa(Rgme
zYwqG3;IXlC8ucFS{V}Cn6O#pWi87k0AIqC(LUxy3iE`DBJXX%+_OJLC`|95YHjVWC
zzmt<tbwS1hr-g|uhqlV{(U6p~qQ{UKYYEXixCi$WqtBZAB<kLEpSd)>i)ZmJk{;Po
zOm=cT&A)g7vI>gYt5Yu*%wpM^_!6LhXj_cJ=qB+b27k)&F9(~IF#A$A*>{1_1#KBU
z3SB=uB1(9MPMH3Ea#HOB)MH9W9}yieYv`(ms4Gkh;H*z&w1$)F74&|~WzT|b7_!9^
zH|GzFfO?$<ab7O_XQ7+SznxO}?)3yDBKb@I{vyv=`akx6DD5X|tNxc?(^k7f|I4-U
z{x`bV#TVD8de^*6t=c?GO#l5j@SV+&>`FL`ro6ep1g`E8CdU8y{F(+ApHY;fhvYkE
zI7}?u4_J*Rl_WD2Bmi`~K0~t;;R~Gu<uL3kzwb5P36OpLx9@F7SmVg(@FHPx;vX~P
z;n&wb5hjQfWS^5UO=HM^3x69bk<<mY{|_y0N{P=o&0eU*Ec^VPb)|p%@X_$^MxSA{
z9?NB<efiF{_UZW>y_Mpz4ww0Hsev}1l{|VrwOXIs{zDkZ)h&yGTyizj)y#N6A$vTX
zos{>Bu+s!r3yvp}11$(tHqaztlIZh`-mo>~1IjJ9NXUr@VT}L~Y$>TWxANBhvACU@
zI*J}Gm>AflG?EsIG06c@PbTe0M-gCcM#lKoG6V<mYfy8lB9ZViJ|-VrO;d9522v+f
zrk2<L?@d-H?5K&_k3uBi{@gS13|^*xnlK0gM@ifO^9u_ZS%V?XLWZRvB)sFckj$5>
z+bN&2b?7Vv$6JNY{ksdzYVaSdBm3xzyqo)N491EO#UN|p`atV%Z!FO=xPgHyVQr@N
zuqlE6YuQ3N_E^LwU#tp1m4TnA7q$JHwO;NRSwOGBiHX}yHaz5n40H|Q+gn)Bz=EmO
z1Y$k`?qHI)RxnycfPe9?%>?-$kd6q3<PY$3j4?PkYIaA<d5Zbd&=r0W-3^1LrayPZ
zOkVwVkmHIZN9lsnO7TRQuAKT`YjZx5qaA!}V`J%+8HU4SVO%3;G`RVq)#$hAXbn27
z$&x0<zdV#$r3U;fpLc4GNu7lbi4*z$R5V-<P#Qn$7|3tz$(GFbw{P7^Z^=hbdw-p~
zK8R3(x`*TBWE0YjC0Qy1FA|rJG~1t%e>qfT#kkDr%ICJO*P`?V-H+Nsy8{*t<Qnae
z7)54bGjKXEIaJO@dxB=BAjqas$YL;l@{;ogvN3#_0S+FGYYQoY#2Zw^g1v2BU4Am(
zHhgORRr);cRqAFChM#^HYAiQ`*uzK!3W7AMDjl->*uGzhqgx=8WYV+8{ygx2BoFHY
zx;by%7iz=AomN{S3w<dNMB)6S{J)rc^KdTrcWwAaQJEV|nW7>@X*8208c;%+Nh%?P
z%t}RMs7Rx!fy_$CT!=_Q=9$c6=GlARtKV<$wf3=}=Xj6zJ)UDf{ZXwIU-$hPuHih-
z>$-xJ`*v6@Y601CXkhEQ+(uT9p}Ie1r$yizB6nFz{s{^LiY+uqQ4qqZ_~WV?tBG=1
z3Lk@DLZ0ClN6z-l>^I0IAq(7vf*JXdl*G{EByc?7gdzqqivgdo%qngd#>V_Gb^9iG
z+_$a5*wNF~&$jS%wJg$p`Xni$FUj_NaI~&NZduXWuJ>0l6_w;-ug5^p{Vg<ujg74`
z#KmxI?MO@4#)!kF_q9m+@!$P}po)nbc?dl%^ewzs9JW46((^;UVghwY$`U$JB%><<
zfbMow6cfMN+y1lV4i?SWSW_Bjloa#07>+FD=<qq4|Nrba#OP<1-24~RK}N>V^4x?-
zge*RXl#ZqNTpAxciq$EIe`<SBIY}y1u)hD&5t+0Fn9W1nKq_X*-YU>LVG;=i0Xart
zj>?m6vcwm?T=?+5WZxx}m=f}OhM*>A5xb)akw;)S@yEARmbe9z)e@^x!!yVA1u60&
zxgayW#k~JiZoD*y02vqhyk(mgt{xe~W&c<01}c3uDe{rMlaB=GfrPam)W+A*Eq^?9
zT6lD#s7$-_+>r87y^qdlq_LIb_)s^O>^gu+10Gn>7HUEf#~nn!j))cslE`E&Ek={7
zQ1SE;va3mY?*I}*+rXG3gqC()L{gH+(Yh*}co3>9;W<(+m-+N(X~I0(bKH`?kM?Nh
z^mgh!_j{XNea1<6+m_V<N7pj&iwgQ=@ZMV&<KrvnD_$VT_c9|Yrq9#2to@E}SH?YY
zLCPpE&nRBsAzq3bw?;>!qIs$sh)?u+;jxK){jaJ|JQxwEm^piOVDjwN=vQwk^BWr_
zH6$K}yucWR4GMOj$A%r>C-1ZmU32lYM=QNy9#JDZH@}*9s<$O}VOc~34g6y6TvwgH
zwD}Fqx7EaP#>alI!qe{BZ$Hh7PF)@>EcA2xj`UbOml39Mz3`qhzq|Wu`ojFLrcg1)
z=H-F78%BZXt4aUm4DmQsV$%^u9?o*f8^02yesR|ojZ3@P46g6^U4H(&S+9{z;W{*v
zyQ%n@qNGj}?RFazuW?FG(q3~`<19IN69Cq$Q8~JV^YY6zgV*QALoUicbm!f`$P?m`
z+_gQb!@|NMR9QtZDSw_`CH7s%``&%%m{@2%%e=5hyl4&cw%2B8t|$7PS-|#teqRSh
zA{@S=M;X8=gHehbJ6a!<u)VShEz^+95%}`ag?~wYd*^{g!5Qw6p^by<Mp+_XcG2Ty
zRi2%;**+tEk6X4x)?qz9a%_rL{@S;5i)VGVrdjI0vBm%cOp&~BM*91&Fz;}W2)1s8
zIm;kCW=M$IkGeYVw|jbcjcTQTJufZl^x3q_c{bw1hZCIPNrnWT<j&KltUTkE<SZRB
zqIws|L41EKF;8K1wt*iD!>wInH}?9~Na44L)%D@`cL>QKmAP2dgpc)!3DL=vX7SWJ
z+b*<7IYcGDa_Q3#bj~~8d^7vl++#`80Dbjes-$dSBnx6@e3-#c`b9&-pE>9Xj(kUH
zs`=eJWvtht!|<H}cXNt}B9j{!6Y-{J^|bkU6X$%rz5CLA)D!#M*K%uXHmvsbvTWK<
zXwr4-xF1#hgy$iQSc!94(+ejK@6`2ge$RT}Zd|*sWxJ0A(N(*xQO5f0BuCcAL{Yu$
zn>Hh@u?w~*yM4LucI7M%^*m<p9r34SO``kj5KT^&$Sf!7Z+`q<OwyS*h;|*v<6g0C
zN>m39P-BSI-tUz1-5kzIF*?oZ?uzRlDJ3!IyeKQ>zH3kMzUMBn>*7haDhGy1>Tg-s
z&OA2{u?XJB@LqY+>EL*ojfSj{s5_?HG1)1N9&Hl%PLVH9B|JzZV?LFq^v3K~%bRRA
ze3u(8YxI1eClXw!H_NzQg#;!gam<SOvc;fgZ!DU*SF(L`Sfj3NHg8_h9oe<8uwe5m
zv@7=hw)lz@MMaG0RB1A6;#YL@?!z~Hy}yz=XT!AQT#8pjD(f}IdS!lv<p{F8?%2-k
ze`4`FqGLCA*+!;_Jr{Drx5yjj#1`WO7A73K)o|rbt0m>QsQ#JNp6J`8vnh)kcV_pM
zm@3NpOuo<TO~lm;KPW}k_-#xNVW}=%yq0*)(b06^p2Ql4wX8Co!KGS*k%3liJ2dI#
z))M>niA7YqnDmY;IW*a`KtQ2&x3qpPlKG&Es9O9UoW4HyyN^wOJn2~F>BUu6pxlik
zps}S(h)A{X>aoOdDhPTWoUYns|An(=o;<q}+fLYrk2ls%9JXqCwB6Z%UXAukttC|j
zW|(YRko#H3_9ThoA`|;tg^MxNFJ9R4YU_!3+i-D>4}X2QPv`v+uOOzm>FQ`IiuTk?
zXarrd8z)UXIMrTk0&ezGnajG^*s$dsE2E=V%mn2KlK^d{KkWcPKH<w{P21cL&>FO!
zPVV<Ue?_&KujeSWr_!;gGyJ?Djv7~c`eIzo-H)*pMsA1J*M2GUkG?`B|9Xa-SoNJ@
zlid+v3SQoD58Ps`=VDOs&BR12B7jPMP&}u|L;<$ux|14nx5tat)A8xD2e`^5w;b_S
zFZ{C2Xz9+@tS<if2iu}wZMo_Yqa!2~Cp#_5T<KCcDve^C-d-;na2JbIKk+WbEniQ6
z{E>CSv*C)?YEO%<4IP85o_Wj8_i}S(VSD`r3B8={6e%`qJJU|BHEGfP+#p-Q=<f+j
zarvmK{D^&;d7FZbOGU0%Y?y_={|OifAE%R7Bxs4axNyJHdfao9FxmHKN7!|)<*kD0
zlX_uM(U6uvm5(?T_pN<Aq>WnUQAk{u(zXEc!@+3zZ+Qat+W)RDQ6i%f?|n~LEQ!gu
z6%WZrw~E?XGAy;fJbF@AWXH}8GpoIC@k?%JAegu|L|?8nICXBj^Dc&|eMgQk5VW-2
z2A<vwm&U?Z=x*6~Gg^R=xX8pKm%O;p#&M-_Yf{CxU~63(=L_$%6Bb=@RShN0DU8g`
zqaTlI-nSVOgiS9}FDcr_SeS{^*QqD*)iE=6w~CX~?StCl;2foQY^h^Z*>SY-x$mp;
zw`-nr32_{<gz>7epf1flqZX^YjnF(KE6+eMnqQF8tAl23F|KZRYnj@;!d*JV_1&ZE
z(1sRK$c?W*Z#OxvdqM3vr=3*L_3Ufx%GaC8M~6<xmHc~@v+QP`y@ab_2idoS!lyPz
zb@2QkfqAUgMd$(#85;5!<i>kf7MLHVXb-=wgzL~e|B^trv7qEjd*Fy3m$SeU9(-|Z
zm*j<=a0Az;v#C)+kEykam<Hx60iQ`4^|UmG4<GEw-81d)yY2;pVB&sp6$Zi-+9kM{
zAEYHhxSf(VbC4ptdv-Hlo-|LONjipq$dA`@>9FJ+S(M{s7a@kw)g3;nlt-JvSp=Ua
z=r*P<vOBJmnR9(WtUwLnDdVyS<8RD}ai&x7Timij$|UjReT4U_gCG%6eIAp3Oe$LG
z9v|1Qe}6!6-?h`zDGxJjCiW8&V4k>dlgv}5z4Eu;(b=JBBC4A{LbeK{EqHmDcI=aZ
z>9rCH-iS|m%iCxib<-Jc*^G>EY~30|mE}dV4}C)R^^MlGcOR3;_Y16x_;}V!J8AFi
zvWt_HzCIPYDxL-3bmMijHzwqS!f4PV$|$sd317EY{&zUby%@8&N^GKe#pMXcXP$~r
z&Jw@wtbgbl-SxRh_-IS6?mikLtOVO=xA**f9l5wyk7i`F{&iAt3*Ywqr1p%iA*Z6o
zB%q|cXA`TOJbLFpwjOn(@l={Q*4{0%8h!0CGWARIoFDUtEBgpCxG0SGW$oSDB))|8
z#vPSMu{uf0@rs<<L<~%Zl}Lp6g@qZQ1Lh%&wmG<GGv?HFUgwb&GXHnC^KgGOv#8B+
zH9Mf)axsOT*b~UPL4g$qNmwWjFT#6gg?u?!BnrBnM0`yAyM>NCu_Y#$94zl|1NW%t
z#yQ&1;hyJI)aO*2L`$!R$;jmR_?+7@5{TdKBuGEC|J-3W${OlB?CqAPSu^<kTuHW4
zRA+aISTXZKsg0XAr1P!}*w4<<m>6FVzWiNQHz3XJ;GU)qrU)-Czn$8Op3{?)h(5CG
z1H?TdJEvb9`kjjxi#1jjm^)cqTJxLm)J__JN#bo?$>|?3ZFuIcK6!X@ik2z-ExF-z
zt2|XyY}vH61=<o5Laep5VyW_LwdR&@QqDOTM>f-{zq}v1vSdhKT2`|q>fOn+?(-^K
z#G^;p7Y;wTiJ?R;_+bjd;K1I`6>{p&Hz&9}c64wsIWy#Z-E|K;&H!%F`!z)Qg*}f%
z12;82V^1Z}!-9BD<JsN4iKox!Zl6A`1Ix?9I?sMdaY<GEl8`%n%F%cH)NEAukA4}A
zc_i90aT*~HD;Av%HWAyeG~Sz~m!rJOMNpTowX3K4G4I;dEu-|UD0*+n>C%=ovw7g_
zh*yQfHt!WUzKMAASNzD-{p04%ER#%P8|Nw`N7sLq$%e-Uiqo`5ll4+lQ%RLgg9m+_
zSuea_4Ido4;P7f#@$k=5$JPsuj_G}y4xYPw*#Ps8?mx(^7WHviNHf<oENi^T1wbpQ
zCFpJKl{P9O)+u2l>;`9Rl63CNuJYtR%ge8SPIuq+i3@wviqM<lSXJfkBm3G!co_#9
zs;Y#n!~%3~^gaF%Tb%9I)HU9G{IDq$AK_~j<zC@jdM8<==umS#i3FJ3Zwh&DituLL
z@P$8ki;t{;;T2Rc-x52Q_;hpsY4kPb#9m<F)o%p%Oq}Z(0<E{3+7$W*=2#eJRMHa4
z*67bZ`C4~9JJm~XMr>a4L6g-us4${)^;t^)Q9FEc7vWmL!ND=?e9Bc7>KP5K=`{ze
zT94E`ysRS<;8IxWO%5TDmAUYq-6=HD<a8&?tKnvWJ0G|I31Wfks%@YGuB%G#SsY$3
zzN>=oKXE~3w|R`m_}hOo`)?t~L;UU67bZB9zyCrZv;4n5n*1|rH>Pm?{UiRThBKW1
zNhvR?mvOb@^KDwz|MoAg9JDU~<#n0=$6nX%)BuI_O5vk`8Rx>kt?%AU?1<Z`T<VCq
z!bgB{ng0Rfn*1qCKKi$B;Ga;S%Fhf<8f*Hnd2|jZ!ThgR>MQ%v(n9~fLAtL?^28g)
z<OAfl@SB1}5w~|6YGK=hqa-&i%Eat8Eqf88e}7X~Q}uM#HPgOy=LOz@2<?hmlSO(W
zZsT(GP3Ck_8%={jC^+E~qBD~+W+_~kC=qY#aHddh3OVCt)vMHU3{l?gS9?C!i4o~m
zEgHjisskqx63LJ5r`YjU>P$tB(_p~$ocxB!7?(NK_&rZDckQ`I@$Q|SUT$u~l_N;8
zI7`2MPHdsMIz00Xh;G-oL_k_gTU#JvC#Ls8tsQpMQY=cR?P$Na%yoFb+8Byz<Md@g
z&&mQCr_k{tx0aR`(uX6XhAU39I_A}Ig?)NiQ|9fRl~f}{(u>inUk<2DB?orvzmQ#$
zyXu(E*s*Ti-q{L|y?y=np>(=5mgI3MC_D+x7hZ6P=wDu0WZ#1ZSgOlXf=9hfi+>I(
z9{M%hAZq9a%W+YpA^d*-*tv{d((90m_?KF2Y!SOrS)eQeBTJpb?N(~iwO)2`Nq__5
zepv*zpVEHnd&xR<zIrPtmc&*&y%fFL6ggRFVE@1X**(8kGqJ2#CNbua+tQ$MPVNU6
zrK0#`{&^qC6Wg1!v=>txy?peLbG{Yo6<gz1cp}a@-f?Q+OiqlVOUsWnFTDc?o=VFY
ziLP5W(kO%WSHj3eyb*gKZ{(cop7ohA%ZQ)hBFIeQdyC6YLsJEvtq7*b&}U%ZT7IGT
z^&=AtsTWoDo(z}3_C`mu;sE@tt^MdaGAwl)V+j>_W~MC}YpsudKImwT#Y8-*aeCrV
zyjZsG)`3~<$QHL1<In|jar;kw9WP_e?YGVhDII^lcN3;YJW-(K95IK4r{}xjJ>)P4
zo4-^Kn3J&u;&PD@yEAPN;@&A@7DlG@xv#?uK^3P}okos*>ucA0GvgbkYHR6-j=a-X
zE>7Mht!kh6_?J{m$MnXRQ%^WmoR*tLFGR)<Rr<`_=sP|6$s3UOmWYNcH?+j%qi0YH
zopiaST-OnSiVhq1zNorgPcoUrt(pG{2zW=Vt*nq_^Wo7oHMO=N^hSDP@nhHt+l6FM
z+Ep_kRlgr;Jlb7R5aNNHUMENI-jo}SY_D*EH@xoz>Hfc_v*Ve^#xx{Yl;fEMsvkz%
z?*87Q8}IlAUx*0Sb)iLMarX4OQy#7UA17E9aUo#A9cDR|n?!|ORsruJQJ0=ucZ&_a
z=G{q~o>mAfYQzIzxL_<_3{w8sxbQe`V6^nuXg&68<JvYWRoy9L<6$>DAJAk>DN{^Z
zZQx`f^oP|jIv#&d-Y?6HpgjeDIH#{gaX43PN_JdNPf|qXMRm<r41FwO<lKbm(h!b|
zdpW*6f9u}-#ebl9N7>3!I5iDJiAPqJMY4II^U^~Bj*YBken<FeZWR@A1pgIi9K$K%
zG@x}`qC7H8GlAoQHw>1&?t>Fs|0t6d8@@rp{D|2CPvhq?!J!7nt*M4R|JDMGnT}Fd
zD%)&Zc`9hgSbJIx<AP6}+aEtH=c;L?{oU@@m-414z5e5fxef-|oYzURK7r{{n^+G|
z8i$0)AeeR^YT@N$C66%<yDE=#VS?PcWZ5m3G!w%Ysu+#kFW$<q)D`=1%}M0J{^;1S
zhmJdV5cpveGqg4D6+CH(G8j>O*D^C-NB^?*v2k`N56d0p4tJX!R?XS;Vxv2}_D9$j
zIfS<f0KGYQy^pm9M#Z*Ebnwe`0CIeOM1DFV)AS1oMF~x-@Z}kRTQ-JD%h%5w!+viD
z(GcU&0*E8O*7DNqU{Z03jElyZ(7uZ+xWw4uFqtHq`KQ3FaH4=k_!MtCv&JyB*|;PG
zKw!f8t8DA6RhubQ%t=Hj;}-={H-#w)$TZr6u4-z@Dzv_iBfrrwN3>QdE?v|^Z!OZ5
z>EEXX@i#m#KFYPQ$^IH0@(ve1VJVu|jNDO^pA>P5M<zYi-fK0t-Ac|**l^p???^V|
z;qWLj+*(*e5kjaV+TK2seYpjh+EK}uu~mCUtIh!6IGi8vRR7T>FC*eSr?l^osQ~kP
zA#T_=%@8i@wrSpldKElPqGZQ#!?VbBi)18^Si7<DxwhuDr^k^)`eL0sW$`2HtQRTd
zbMtj)E;NUwX{Wv;cVpZA-6ky$qigU^SlgEo?V^cG?i(f)`JYpJI*zu&dig$dLKkBl
z$H72KJXJv{n{tyovb~SyVkXLsvdkb57H+=Q+@2-LQZ%*MgS_rn^lrxTnof>=irQ8g
zTfE)!WYMJO$FXo05z$8YG@MLa-n+$IQtliZ1WtUAV$fc&>*(BstwB*GQL?k`!vhLd
zQ3LkzlzZRm#%Ah_ihOTeO-$GJTA3H47u5^0o|(EtYW@^deK}F^>n}~D8tmnuS5-Z@
zO0ZIAFGeGxo(hlynJJJSukPLE1J<OKzx7S`*7MUJV+XwtttAo?+JbJu4EPOOBf<7O
zJAuIOcC07T{X59Yb~`ScaDM;B(&Tt;WvTO2ysy4kn9I=YrTDg>tyVk$V*@U{APCJf
zGDY*ZwyyHNWm-2v)i*N2vhXz1?LeB<L*YF@aH0UJ0V!qPWx-wLF!C_T31bdvKfqNX
zf5AExerU6ft;LP{99us{?h_zNKEk!-hYyT!kYm5lp`M+G7Vq#>*0u&DG*yvj5O>Gq
z)}4D^$~I)Wn~zK;<ADc#SyY{o%6U3~T^o}=*xE}A35OF`U1jS(ED-Q6B%ISr0kF<H
zurx))nI7P^Qgh~Ea=-z>7o~-fA56O}!uozU;m7<O&SKsxK&K*SxgjAlq^nHEg?Wz`
z3-8QO(abCZlUt)W12;K@9d~^#nZ=|DlPAz;N^z-tDf<lzLKl2mGOx(`8DC$Ug_B#-
zqKAu??;R)C2kG~jCx<_#(R^npf)DN+uywT*KpXPD^uj`w(@IN0?=7O^?DO=qZXiE|
zRYx|u9%)0eh_k=YSee9JT<rG*1VInJUp$~%40Ch1z`5IbX<<tDv6RQ|DAU?b1C5l+
zo0Z?6Gy=fDvh%K1g6>C2Zt{>S=)7W!EUldTR+-zDd)fypNtE<vo{p~IGp@ey?L{7&
zfLeF#k++$T9anewJu)@Ez7b}~A6qcA+>2g;xERt2?%PM=V&V@0Hh||M-QSdltcxh4
z?t^ryt9ln~Q!6|t+ML*F0!g^j$NyM9vhCjp1j!4A4?@_)9Vo0f)5sx0XtqYTCAQ?_
zipQ%RU0*z(8L8pgI{ljG^Y@m8qW!^xRJ@Lf$;%?wu4RA9omA`_8Y;Z)rwvmQYp^mi
zn0~lrFpJs~co$j4)9Ik_NgvK>V964MFC3`TAcHrB(MW@z;EtVMxVU5A&bVPLGQzny
z?J1L`pX_#;_QBr=5&%W>0erVv7-?C+>!Bdq|6*1^K*w+sH|gtG-v}2h9Y=?_yOMoK
zD}BSf0!k;omo5hkP{dQ^`<4m;A>x>vI6<~7py1ubM9EP5+Bqhe*k#qSeO8T@Wu~q!
zkBp`Eiz?_Hgf%&BwIkJz=Urg<0~cSe5Eq*rIX`Lzwr+uO^G=$|h*GuxOlz3Ri9^f_
zzF_;@N#*9u6QTuj%0fcjmH-*H1$5)h3+LOC+TLY777SRl<wR6e;|6>NHVVmIhx`|2
z;87&1u`??tJG#B&rR^)Lw&CRVj>}En;_o$Oh_W(aNP4ASnIg>lg3#%?q#MiE9hYK>
z<g~Pt&m$;4*7&YhXJ8??%O#Dq*UHo{zgo`Toa;^z+dKP*04i`dY%Q-l=%U3i`|W~+
zXIa@pSfQ`!VusuqOEub5pSY2YaePy!l$TqP|HkN_k4<C3MPk+vrYND`7p(O`s%lzd
zv6B8E17X^=9#`a4b}jbfYERt+a4u?u%8>t7BK(J+1oC(Ap$mz2pXZV4pLBn1|Enx?
zoH0ZtxB84sfAL2ba`VwFlpEirRg_qK_xT>sFH8$jsU><$EO+4`e)ssV1&ZWnd@OIt
z>QOW0LkeEE8;y;Pk(dc2_P-~F7~svW9zA&S*K>r?G_ck68LK!Yoarzz=yML71yHHY
zL}9X4KaDtZUWYQy%i|fPIfaoSSM^ips1ZXQE{-n(VrbG-Yc_x9&JhHuCR#;Z$48ui
z*7!cED7E&Qq<Rt)?|Ksf`SBOKX|RD?dNoB6vXLnSFvQMT<TO`*^`&glwqo*EDxEq0
zF~HeLP2uOe8sg5(vn()BRWm#+G7M-dTewfswbB+u8U@n&uIQa|R6*YBs$o6AijW5d
z%u1m|>2%}C!!L`c(+?x~B}pxK%+R`%+JoRTfbr7cq2WLo-Z$JMokRX8QmBu5V>3aw
zE5d3pYl@R$DjMM2;DKePx<Rlu_3uY{-4}N#iPlLc1_zoAGLV=~L$TVH{i1-kc!d`1
zoz;+U8G&rT{U4fi?YY?Y{+-?7AMdt`Q)5A~z2rw=JTu)BXP9xU5bpn>svgZgKvd30
zEXYI;t_w`ckaNM@91WkPc4mgmS4T;Fne92!+9bO7?kK*>+vU^uTf(MFlQ~Rsb7Pfr
zoBnFg(uH5WJU;P5oMaLh?!im=*b|ryxeCV$=3i+v3s7UB%O&{cZsEMQ9FYVG{vixs
z`)t2oF=LvC;#y)8_{`E$?kyKjK8`)PG02<MKj5q%z+`;}S_`hQ23yUxCS-$k^!~sJ
zg=eyb(>xL_bEe?okIr9ub~*3E1BKvcZT7Gy3QldGS$7u0yfbeO<-K`C`Od<V#Y<%s
zWXkcrcRX2EfqVV~CQv6zkH!vJ>uU9ZJIOl`8>XokJ;Pa9!go0Q>ED^Zn%h#_>;*1R
z@63lw(NIs(5sA8e96&XEm`VS*4l!O-er6Vg;21JYMYy5eHniiS-6SLAu;qa;g74Um
zqroh)VguC6|DKefXBHC-YpmWf3d4N!9cV}7c6a+J>?(gY^WBV(TG)17Ps7ad2K$w!
zG>Qll!QyenQ|s^q1d&DjaA-s9oy>2^L&Q+Z6XY!hBcpyjeNCw7%J$4iU2i+DVKq3~
ztU5#d8|Yo{sod<Wq{?dknb|A{OQY|(eSJ6NMFlS!h2;frq;GBp;!yd6ZX3Y~B2Yhz
zG2bL5A}&sMF`41%hV4Qlgb~;fh9vt^J^J*~jh*xUa>>6(jTM3o#4#t?<k^`sYDL*3
z*bakUIiH4(^%veZ^e>gVo167U^p8%w$6@#$R#t$Nj|}zTUXbD!?xPOUH4#dBg2*?g
zX_d{3496rk$(-murHE96^Tbg@zSpO?f_gKxa-nC&o09Z}>57QRJ6d8h2M0w-LG&QF
zO|2}AGA%#xBunD4JMZZ$)qNfO=d^_7O7veaUhyXEHQ#6p*}}S!93jwVronh`I+B9~
z-Mq;k@gQPArSD%2i+-O?FBF(Rwe#*h4gZWN%~Bwy3=0R+hnXVIHb@}3*)3l7#IS-S
zGYC&CPs|<B(?VWZnVG|h!-w}eBN=H2eSYOw%k2|)bqifhrjj=68A$0TPz`ynyr*9z
z<_`E)u`PfXdQL4w+MFf%HyH-HjHYbNAJ#u}Kgu%YO)g<3qI~8c!2(txy%!Z%W?De*
z9#Nq1e0=6N+&a_3N3o?Kopc$?q-rAh?c1}rtW~>c%q~v8JS#v#?fLl<8Ih5dW>3C4
zgzGPT2d2nB{SiS6R`jACnWtx~AsxK$G99H8yfUm#C2!_~kqHAz6?+F!7*Ap)*d!P~
z&AbYzc}TtpNn}LGum14(wx;pokjFe67(hsxNmyT{pxB?ilIM`kFxRn~r6kPg<texu
z!m8~1){VgO5aMuM-32Kc&+h{+=tfhtEaGR-HRf!tYc11SR$(PO3{z&3`rff6@uexr
z-W=mIy$Y<Kbt2ISR|ZKfrC(9!<ch@eieK;g_91QGHn8z&{D5gf*+gkBF>U6dY__`F
zC8^rQeJt|U-PZKL{j2)!JsCA$^8>Gx0#k<*Z@m9mBur=aG3_%HM!LFE@K&r7B`T6H
zXDN*JnLF+cueAn;Tlq}BA=lnwqjqLi)^0GY2p9b}1d0#6n);!vdOLQUYE6(>8rCp&
zbN1)6gpS79ZSFed@UabcP9`s~7$7<hC#^F_{RxAE2x23}D)u6khBL%<!9BF316ax5
zPoPaLO`J&`ne)Rjnz|i&ps&61X<9&HTY2K@YIx$H=MVOy<HC6$ehTMbQAb8{TyrSB
zp=XoA`NjTPNxFbqtx-7#{h>p@n$*G>R(V#x*$r`OF;1Oko$zgYP;YA7+m#U0126b(
zs(mR$sQ+HnjoU9jItNd5!UFDwnI<u54nDO@f~GlK-87BJPCLCD!1nR^*g1GKes|M>
z^WKverVRHx{f6f-<P?y5@EytnkCFma%4Hsz+$Z;rg?gM`lBfBVU*M3j3;8Be3cpD}
z+vNGfG5+$V5E1Km_7=~@9MvVKi0tO3CJR<Vhy;|LW}W|w4;G+IW+W1Hw;&YXG$EqP
z__b@uwOx=%6|L4q2k&83@6efzHp}ls1<q-+!L=GYijpBM)FckY%9Go0s=W{u#*RD$
zCnzS$HEnIBOc60PGv;pdcJ{kyfKH^)L&5I52otj`q?rA~eg*F(xeWd*XK4;3Cca3l
zr3mQ7kcE*14tHrlJ#x!i5AdEk@?)UC|3gzT&Lk3=6M9Jr%DtrruW!8ZUa=_IH?21)
zc{G$VIh^)e&D@n_;zwq7s@;tHZ|N7U)y6Fkgk@xG#i9`%!E0)^rspX>!w&~+8W$UC
zr*+|7i@A2*#FdIV#8b>icjOF0WMu=Ql+xVWSLw;quO8=iA*(sV<^7WQ@zhp2Z4g%v
zBLmrbM}~Jj9~d1~?)UO0;Z+<!HkCtUE@oP+1`o9{XFCZVA_YeLd{@b-#k|78Xuq!J
zAgBMd)=DOcwIbX?OK(qbv3Rdek1<h-h`4zJV%M{BLBR}KL@Z6^fol(rWJJ-Ope<QB
z)-+%4*pL`!sxBxa1h&m_eueY9`M8bJrtK%6u0vSXKBQi=TPL(vKV*q3WK+ChwR5Iu
zR7(4QW!*gl<}aKfG5|UufF<z{zDaf!BE$K_&5O)bbecDVLu5Fvh4*?N$*++6Vbw=z
z_L#CL%#G#@>%A{uwzJ8&YEE#SwSz`NTaHzr97KE6=ejG8T&P)E#6Ce75zA7k*pO!b
z*W?Ab487d(rikKqw)WYAL4t~h&!$s8;oilH{1&wgNzz&pyM<Q^nOzqsdh}~J)_`Xn
zGW~H)Q5dOI>Qm0g!xpn%e=`~_EBQ)cMAB+wKeo^>PlVstH8N&Qzx<n#zO#$wk;jUz
z*NJDprk*?*w;YtOxbi4HB)o#;j2w}US2`O+K3_@jK7j5HN|j6Nk<RH%5~q4*P}GUc
zK2RwCH&evA*U_!_4Fg_6-lHd$pnK85!GRAL5-?3gxaZIrxx}E&A4JZr_eXXe6BB<E
zvJ)JRPW1~cgp-Nwphc><`B5AKht(?}+lQCs5O!0^&vy!L;*s0>n)i~O5I`<I2qG?S
z{eYN5D~Wy9;Ec>$?hu^QcRRsAGmu<;Z=dTQhTfOWx$OMFX8?95spOS=Z>~1JU;oTK
zh=TWi2*T^w(hFusF@s^yd+Aw|2655NKi5!CsFs8%fK|kmZiNB_@>(#lliX(mx0|Hs
z;NmL<zt`6%T^%QlXXS2-A|DEZ)VNhr9eul!b#3lIja_M(@L|S--OiRW_l&F5nwYrW
zYtaQd<z;BvGiXqXH`#i}O*BMMv^&@nF}LoKd5`l4Dt2YgM`8$(4+p(M97~t5cUR*X
zKy3H3?Y-GpDxba-e>g0gHUHwkPvXZDASP$Xp$xy$PCmS(L(v|xXu-#H>QH#PwaZm<
zoA}qW&AM)E-FXOmlocdw*(>{-J7<t70w`Rpq+$1gDSQK&^PE%RcCSVJaB~~TIMgQ%
zrI~FGlZYD~-uncANbKx$O4}E&?A2UvTjtnbJO2FgB*SZgR=><p{ziB)lFy*Cr=?q5
z78T5}n2|2JD*Lc>e_U)B-zB@)zTN9$$|e#^m%mfy^D75#Ip4}h;=z;CjR$t|&g;4T
zAjaHolam=%@ve8@#`%tc&`t~}26T$yc^%zl&bSyyHWJHcbylgElW->nFH$3Dh9Q7b
zN#V4eU-idTFHLJn;2eek;%st0!|oJ|fr>2S$uZ`FD0Ugw!W1&@BE5m!UP?d<ogY;l
z-SeG@m`M}R2R@Mg+|}BF4TRk|+L}p)j5y|wX39PtqQ0rg4|&+`w9Giuw+RV~IE^NE
z&u$7NAxW9H)WlH3vl|nvqEtay!@6=Lxj}wA*joyD>Ga4*ja!f5)qQ4;evHX#3_tl0
z(_ei6l!JjX1}amdz9}(GO7a)M^rPKy<$+gLf-Vi%1xNbz>wn&8`Q*ic&aoVmGZtgx
zuQ}U`iY<OL$77ZvhwDmC_KU>C8<tmE;}wpT<yTb~ke4#zo8L328}V|$V9Brvfg8$0
zU%r38fxGSak&YI=$K|$u60a3X)O6kNz|kyD)tQpQt*NK0uFPlMxU)~2!f0ubx>Ekj
zl{7Nq<s(Eg4Jm>0Uc7wy2%5Q)<ONRKi`FFd9`4gU9jETNYusVWvmazgeIUJ9-jptL
zRHbDtz)px3aAV)RxgZfC?M#Q9X8KLpLNO7PyO&J-B|cF2MA}<e3>I>3MxyoO=TDIy
za#TY^+{7mc5`E5Y662_8c+_73`6BEAj^YorLd9K;CDajFeSfQmn(!!$bH-Z2Y{W_^
zL3M&#d0uI5#4zLfYW%#~F9N=Ax87NJrYlh_?V@FRAdm$L3F~Dy%ax`1oj6uokcR><
zIf5Jp%<xQ!gCs@w{A}v{lQI$t^VDOPgRtjYH~I?F4E9q8M{Wt}DA~in4Q{V<=%e)B
zy?Z+wM-L#r;ytvX+gS!j3OlZ0U_gPu+W09VNu<>BSW4)0@;%Na$GE)P`7lE=ykTTP
zohn~ufq{$=d+wW-$hxa8zDcQRZ6&{PLIjOPd684stZavkWWKk<uKlCXo`#Y4acxfg
z^n_TCJ~*BBZ%MtCm&7BZ-mQbNh@$DjC!Tz$@-62&Z`T^Af%uZ2!V5s5Lw*sN!+aU)
zyUssgF}i6}0kWER<7+`x-R&@F+eaLi3)<oQ*T4oyO_7L_nuEs1H?djLwv%i?FF|Rn
zfs_!Sh7FW>DLV&AP|F%i1}Ab{L({<E1}Q3nvI0E@wpzDrITB^3X`K*4mw^+3T_dr&
z$x^Pb4qRMb;)Y!a8T(*L(oTmJsJ$I^IDatw>zGnmin%p41b!o}IZ3g!$)XimLJLx~
z1TECAkO3iV$ZCJuXE*(a-yQlQ%Dpp<!U!wJ*GCDdTa}`Gze11PPBy<shpE`k5ixWJ
zj4Tc3w_M!jMAt=XU3l$~<a^5$20yAw^Q+3isBKojLPbmDZ)4OzEDySl0AfyALX0Ds
zkWBX^{itR(=)!|=LMEo2EF?AoR0*Klsd78>vdT14`^8ClE!i}s`|=uf-84nd+PXZJ
zF6U#CF9+P3gEN#C*|@HFkZ5o?W0Nua9XpZH3%tZ})dvL`nUZr3mI<y|?@n<MX=$Z1
ztQ$+x|I)N^_-8MUu3T0(NMv9Ru`eC3RvRFaQ-dK}(m4Z#9qukmZwgjA>fQKV9S^}h
z$5KyWFl<paJM<2)Q$D>AO8ayuBz#;4G1;7OaBFMnm>7|K%_&}|msFypbPu`9hdF+7
zZf!i1GFT+dwyvAz>F~ZrjZbnoW;XOBCIAfn@Zk9<u_6F;yH#&}Ktxxh_YHAW(TosI
zq((~QH%xAr7<7Vy8u}SF@gHXhw!H%1j2Y$4d#PUERNmp(^r#;r_IAq{B@Qf_a{W{1
zQn>cDIE81+Z)Ufz!E*`0wqC^t9%^WuUESW|ZYQj`uIG8_hpZ#4q0;IhV$k}=I-e1o
zLWk13tvt#Tch#VsIkeNf?)#@&vR!?4Xn5cKRrNIPo|3MVo;m$AMWatiWN1?H9b37|
z+Q8s1BS3<Vgi?9}CK;Px+&K6-*HFlLvHp?DpR^M3nYs0ySwjk2wN$JsxO(}YJ0xwv
zf{;!rB?$!Ru_>weq$EZX<4X+CmZ>=VudLE;6CotCBf(2o8332w^CXZZw4eEk76xMU
zUa#`39RxXi6EbR?=WiFB7*x!T){l>`BU7s3K)V^O)mNHMIo_=Z(-H?`aBmGG*J@8y
zYlm%`w!Z-W#v453O?!J>uG<GmH`1iIR$-{aRW7l6ej0Sab$IJuCI)e!a`EQMps8<3
zw)w*`t<Ki-3K|YGz#pf2`CAf)cN6)a6!U!Q#%C|Qi_LAk-{HD_6!*&cF9Fl=pXe1h
zRlfX>OZvUXCnXjH?FjdEfCn@TSDZDoCZCqGWc`kC{JYMmOl$opslbM`5r<*;v+(N=
zKNiMh1B&j$=G1IHWh|xEX0*_C@yckV>`V*&D$jq2i!O>>wy=}FCBSRQ|14p9by{sx
z)8N&<2OY2jnh))D2m5WZ-OOhgLyAn;CyU?i)82XZ?oo_hJJ31tDeJ0(Y_g7s$xmu?
zNEV;V_F#>&-tDefefay1O$8U;pQXz)8`gKXdv;u(q1VB-@Ql-KA6af~5?YKefJ*aO
z@E0FX>4AqYnUBVMduZy+a9d#5LgUq}>hm0@Wa^E2_cXcj97o3pwtcigUg4kKgkG|=
zeE&>#O;DgAxWG|^lom<tyvQpvPJ7*ZKaOWc{?1{Dt4ICr_{3CZWTmlw$59ZWQ~6%(
z1N***K;o6P(ybm)ekCnqF+O+DfvbOX)N!`uni;GdiUz!qVT@<Ty_2g9?ewE3<bq-O
zhQG8gZ`9P5QwGKOFNPdPg~V8p@^qSxHnLhxQs!6c{!5;OK@UeT=)qYV3RcaWWQf0F
zdQ|PYPxHK!0@DdsNNPmVMK$(T@gze0-qFh=c;_eTQ{NR4V=@*PjydQwy`z6<=rB|!
z%^6Ocfrb=aT|1d_oN{bMHf7sz4)^ZABusAZpbhMP7(){%OKoP5rq+<-QgrmBiXz02
zV0+6Q8;`&Plah*LmvfLFhkE_rp?&&4BEfpeLfHPV#Z=H)byw@uQw9A^Ear3Zp3%Rh
zntvopd++S}do3+(z?n7w)&iiw0!76CN7QG14<FF-E^W|NZTs)^Q*#`iJsWi0uO})0
z8SU}sNniTG=Lp>X$A0>MqoF6tc(h3!4I*f#3U8&!kI-O2Nd*b?T#Dn3i|UXaA+Pq5
zO{_jYPq_SNnd}(1XI_uNb+IjEB?rKwrt0a&gh3Q2LXCtn1I~~-Nyp{&2uI$I2m_P^
z7XUn-jGUCrY9gAPG-lQVg8&`?h9y5i*HLrf`Gd?2P;-#FSqQ6Y?5tZe`3=O7<_#F+
zt{*)9M)VuqIZpuap-I;JpOGp-Fi^=BGZcCYOFa>zelIO&W@b#`)<IV}&OZMXpaiV>
zCgOzIEjx<3Wr=*`7Dkg}kQunz7&<y00JVug?G_X-ATEI~+{ux{t?59#@!<O!;6E|W
zr(}jqowTFXRv4RGh7~hzQX+@up?7xv)nsPIu{dbR@vAqEC*3ZZ`dDbAoW~bB`jamn
ztT3#rYOmitH6O&}<dRmVZ3r}r;~3l?@|TzAfN)=(dye8LBt1k)T^>LH1|IYMy2$`O
zGxo3k_S746fOo24l0gk)KZNWbQd3P(96<6Qa97ZBM5d*Un2tVrfm~x|WRqVL0BaD#
zvR~a^R~$p=mYp4Kq&twPz#|1zEI3q~&SC+a2e@hfvSK6)0PlnBgzCDxP+}9AyF8U_
z(AJm}Wdil~=%VW%&0~~WxiUNDq}we|C{xdUB@pjJK^$vOO5fqyjIaOnF(^1ca0m((
zpxq#;GV(rtB$Wq~OWyGLxBDI+grkjDNJnt88ptOp8me-5ji3CdtXA5V4sWt<Iolgj
z1%*F>GT{k23nGQ-q4InHAtWXQA4x@=3@argmXy{f<k$WYnvQj;?KryRL}n{=KuKWh
znmX(_Ewkc>n1Sy?2DJv5KDW!Z6^_QnCK?$Q3p@k<Z>(<wI0uwxB|7V2?-5Dcn*9JY
zzH}_K_%o_Pe2;Or*Yd2!*~<r@(UcPqw}i2Ww~?SA*@zlY*@r(40pdjNQy}@sv8H)(
z6NC}IzCS5iI*V+5qMHpqo}%(U;`L-tO<+@o#?nEvxxAI?_I!#tYb1QrLmEjQ<A=RE
zO`Iw({_;%D(DAA|1=*>oimfUKsTv^D&K(|l{o@ifH5Ens#9;G*q)WK!HA~L9I`Q?=
zLH9-;1T2z!p1Z}5rN&VAHIS0r@sJ<Y!29GbS+Rhe;Ro{zEZ{SsQrxwt<j|Ipw?L&p
zVf!}W9+%`fbFuij@v}vBkYHeN63yUSf&P0SwKvyJ0~kve?v=1bGN6%oZ9CF<fTZH_
zb?I+H=t!{ZA4lXFmHJvVvR+T9O7f!+O*=uCiDj*dx#nt5Qlks;9p#1c0ub*?+s=OZ
z^pY%PBdZD^kv`M#8#=ppfiDiD#x9n)N~#yy>yQDu^?U!Q?a7Xcsy=@Rc-+rCE2f$L
z$*>IfE=D5%x|rM<>o3EXT$GXuAj8rD{$DHObdDa_9o`;`Lnds<{XbtKuFs6P;pNAZ
z3}|>~E}tfgD;|9BOBVl9nHDaSqyP@T{(hR;Dm2t*5DXbBuSpS1Y@4ORnS`EElOh6!
z4CzK3H<@cgb@3Vb-5O#i3oSyV)gG-I0;L=l_X0J%?8uoo-3uKeE&&owiXh!wi)~b>
zJ`?|C%Kjv&V>IcL?<T4aJ?kXul_^6Gy$s&Ak-_TrJV0*28ztf`EH*n47jvLZ3l6@z
zMm;J;5OBG%>0<=7u?yuFXvv%Y@uS&Migw%w{0Qkp^_fmxkX^XVpuI&%TJy*AU1add
z-TV(}$Em#x7)81tg=-49qGZ7VIzXYL61gW&pFX7^5MYobIh~^uWF%w-;`Aj5c*v5=
z4Ewtn`EvW~PqR9|QRKl_R9dYZkJB(NQIdcv{p)@d8l}E~C>2N<Nmi3OmC5S;H4Y@6
z1DJ^<>TugMbGGOwoK9m0(TXZ0u<5N<`gqpDgr-|4wYUzu{|`0GaBD?uY_v{z&@Est
zLyc|(&S~e$2N_E;SKvFimD6SVLWW4zk5F^yNA_>Gx&ec2k=Le~AS~>13mFed=t3T=
zM9gMJGW+ps@!}4UawH(>WSy^W`s*$D5br(ji`LLXN7A`?yNsY-`3}Ju1rZ$lXbURx
zNT~|Gpc3RO=r8DpZUH_a^+;)!x^En>84#YZ)7XVo-<}E_`FM4DNh?4M>QB-gAr@=v
zl9K=9VJAmq&k<_~2&8OgMwT=rn6?r3bkkKd_fyKdEm`31;)oqKt0y@m7~-`5opNIn
zaYyW2fLWylsc?ZY<hN>hW2_x<Mzgdj9$*}&pMBC@$Tm<odyung9K{<&V^@4{cW9iX
z%15#X0(;H33$&02_&sU?cS;)JQ|Y5$fWMrasX?A=cHylv@hDU~B0AdfXmJ&;ACjzt
z_VXen?LuK>iDBB$DSkO^4e_*1CdMw-u04Z#cCQgNU~Z`Gh;R--9t5$c%+O4Ci>v>8
z^KMVT$5a{F(sK@m;jRng-8Y&H-S#n|o%`0PPbfx8P(;u^2oOTdu$FNL@vZbbdus1O
zpxkSt=UE4!kWL0pfPaP18s#>M*N$_-mIrxENq)Pq2e(skGQRD88Y6@fLfs@&1BDSK
zv45KtiI-G$w-H3;ZW|CO@`{T5xTY{PWCiWwA{BG)MF|2}JkzDDsv`Fj<1YeWWQL{>
z@Lk>pU|CWo?7tIAC{O;X>z5(rj{hmdShL|p!k%a4j{&`qhaQ!utIF4U!Bn7!lt~L<
zN0NahNhYi!YKfHRmkV%Q051dp_^)x99ygN#-~y>zAe5u+xJH1xI^C*OsX<%?kQ68Q
z)y33q^UzU#H;MljYLd<gR!G+HS%_yyeJ}J8$^qP@FzKo_<Z9Sz>Rq#rZ%|l@K2Z=_
z1i_e@+g20+LIvCdMe2W%lQ?VluI^4(n7?rx*TQBF=eq(LcYLJciE=;2xim}!BY)91
zJRYRb(V9M5L%Zc~f`R@^DLRLRTd|mj4<{5tw@dsgrPS_VHR2&qya~OM5s9_vmllHz
z96GdB8{m<qT^ok);mO9LtlC%Rqeix2_sjPe1nekqU;1}}@cQ7IpV_1&fizBUdRUmx
zZvs=&<tvmWZ<B1<MD6Jt$yo-L&xAp!=|4mRCq|r%xd=*IwGBWv1+#T;f!4#qG~WLI
zq!~a#<z3_W5HsufPs}u)gBu<|)goZkmgB;MWZzhKKvd(SwYYsGkl;m2C_kVVB8I#P
zdW0YxJw!gZpCbEx{n3_Dtc&nqq`d&vJUKH%l3f0KK`>MB&e+PKb{MJ_B51QW1cmo`
zCgLGg;+-yQB+pe<(R0&3g}=zE5i!O9)9@X902>IcPv>tyXwRiQzIJDJcG8dvfSeyL
ze{pQHz(F^%%6XzXlllnaw}VgZDPgr86g|)7nP)lhsFzRFqbYh14Q?V1kZ+w7z#l}J
z4gI^TL&;jOB0-wcUbX(ntbb|~LPpO3o+Ez}|4Gzg?<~!RdLwT1IM8Q^=@o?8uO=N0
zn|POypntE{SZY<wOYxld6O<9$ls{``bR}|8QP=ug?$}<3jf+l<P!ReSWp<!iS>|8W
z%3qo}JrVhu;s|%vZu@*?KS?Sho`|K)M`<*v6z#bWZnX06Wy+OL4H|M`2O8c#RhY@j
z%G!L|{F?%5`PRe+8w(_O%VxSotMA*pjrjR9+Y_tyB5S6}vhEMpEwmO?T{|3I%6D80
zgoh>p3jg4`m2TgQBgVj1k(lbr4NGDcp$nLH61Rq$t{4JU2#X3D!@<NtaHTx;{7(V1
zWeJ!!S9*D`lB4v86!-NF1yg<OG?5_tSzD`x#eaIbkK@*@lJsy{t~EsT2~(t70o$TW
z6vqI7-7Pvlz+poY?8od!vLQPpD-xi2EV6^pZWoYfkfm#QLW0nXOOu-)O!#hZ+u=-*
zNPv@C%CvzrfH@|EW)l5J7zD}{BOFLMDcnGzUC1Cg+N;kk1NlY)*y~$vd8Cl{#j;r7
zg%`;dB^x0py2AtfQAuqpK^DpO+_O&`f&H(s5iWLzh=BxEE%km05qhaxIdBKwa*x7x
z>18f%h85Q=zM7Zub0ky6Fwr{i*=k%s61VHKeCD>ek(jd!nV*n%IxAtWL-QYH)E__P
zH_jd=rvDrweW#XMOIt;1FjOe|SI`cXew6_3IP>`EKsFIWC9mCP-Sl6|q^UjDGrOhD
zz7XK!n_qMt1J!hkq?$B)GNhb@SdmR4bw!kE>B<L>GFE38sMNRT0dW<a2<onVnpC$P
zJ=^e7Va5s4RyYh}ar?Km{-_xtZ|*RVe3R!{=@~5;u7<jVn2V|1B1AkoJP57jkJ9pW
zn*Vm;qqz}yHz?2(FEh&oTk6ty;+By~1T<ju&LYCv#eS-sW<G-G3eZFX_y0lPzRlJU
ziU{s_u@OSoIA<9_z2OQ}Op{t1fmc<gr}|fm*Dr|M+7dcCf-{uT*N%FvESmG)lXBJZ
z@>o>#nw`DT-L_I|RK4BF?ZO+^CdnUro^@Mx_wGTVbCtwqO3nWAc)e#R`RCChu7iuz
z^GX<Qa8zIA1<^(_WX#|me_(<Ul3c_KuqdSyl^@dml-So{bTBEOhWdHUg8SPHF0h%L
zO-0$l<hjbWrvdju*8QKEMD6Ituey##fNNv7+`HU1bHV7r=(Q|rZUkWM5RJn1S=H%U
zA?5@(RJUd@pE9U`EKd-v>jvhIoO0*Rgjmzj!9hi20r>Em=0be72#a4CaTNuAXV@`a
z7K&t_DjG(_hYLlo9Td&0LsjPJmQYm>nIBokjXJB&h3tRv!g_yr;j1xiPk`2uo)?L~
zkFJ2VMKW<UdE%x$(KoPA{vQ?Etf<fy@z9$y_$-I1(UeRHE+JP-BndqTn<0KB+h~9&
z2D`|vLCl&PGb5@%A(lMg*{xR^>G1f-jZc*CJlVVc9tyH>Tw%%;5Yv-gfm?Q_o18>~
ziWHNKWh^bZ@V8DKIASBvhY%XwKzoeedV{J8=uA-MH*BxSj}aHBeQqUb+JA7AJ}ch*
zUaLKkbCS``Tvw?=;A_-<qwc|X8w9;%iPF?74o^J_m%mE1dyD5&NXZwVyqF{pdZP0q
z^lN;D*^eESvXv3Wi}x*~YyqncQj_B0TUrFxF?T#|r<yCb(0F=Mugr&XHe0qxGJW}&
zWf2q<!7#+Y{j)uM<!3~mp;xF_Hz6i#;MH@19vy(&7e>2>ui4XIF`c+Tj}E|(!nl#m
z8d930|G|NGv%jM^X2-bPeO+c+l${FQBhn|9TS{b_jni}3)N}(hGXgVgk`AY?$e}a|
z4iVK6iLo?BS`G}Pshyi}ZyetPETcUsj~jE{H^<d&HL7m&S0J1c<xqW+(iKfnqPXtz
zHm{5EWT*!%7unGm-4;;Ofzv5${1i+cAZ72BK)|!WT9Q%u1*RTTcR6rueLD8&o;wHV
z>EQDx{;jPByS?j?W)ZDBi7QrC8v0&j-3|P;w2J}1f%Rb8UaT6~lZox-{H3WqyT{4S
z3pwVf0AyC&p6k}+75wuBWc8IzO=U#TbJde7r_0~c%e#KZB`fUBK_Ma1t|C{LQK|o)
zZ>1>daQzm0y)x!|+HtvhClV6*!+~Zly5m0og~~)#6e&NWx|-TR?fFDG;BEx1I*lh{
z<sT~^(<8%g?_M$H@mRj$HWTMIWsq~G&F#0rkl)*({@5W^mE$))tKWRc{7KN~x;)!P
zHk#kJIwQXI#gqv8`bOQP5)$_n(BxF&QrbwNp`p&nq;&t~s#~04ZAxk^dsT?l(&xj}
zYGU72_tywKNL`vdS5}~#%1gV3PU&aoL4u!_;Hmj3xmfI>_JyMIb;DL3uMCRo^WU7J
zcNPw*sWOUAk4U3QI1^Xa@oa9cEIRb`CwMd0Y}P|RKHqu%+@+J1rz|6qoisYX9Ggy3
zW|EfT9DHyfvd?5U9mOXdHugBSUaMW^_B`K8?Hl|X)fdF;)%86Y_Gi%kc=IOoF%Nf3
zoA}jyC%y1&m3tNko2T{iG=!FA_ns3|3Jo89CpH=_M>HoZFm!Qj?(V-s?UecE2s@GX
z;cHT8a7p#+*S5m)A*!M)bAjt>YD$?ZWh)H!TWL~zhJ=8YYOYkLX#c%oyxd0RC9CP`
z-0PKFzkH?A!xd?MZNE5vxY8}UwVILUoo(Ub!{~KIj^uxZJ&g9%>MJi#+Wobd_siK2
zm=eA|T{XL{&1j?P3}ybui9E%f{XZthHxUu-zs|;Nd%@=YDlU#z;mb#pxgZH<-_1+l
zJW}~MRo#~M+`6OW>zw;koU412W6|P+2f9&8nKIJJn>jJE^6pi3g5mjr<dZ5di_=nD
zI^F85gN1tN_1Zp{=)`Q}8Xu?K*h@!<Pn+FknWjq8pboDX_syas)_OK~-B_BC__1+?
zcQ*^lRvCUfZepL3!E$M~=JbxuI4%}mQbPBnW%I4eV;ejp;cLU$7pT@<R-xf(yJR9F
zyFleMJvj2IZnD5l?EH|-nh&ow)I}!Bwt3A2{(;B)PIvF8XwQ1raOL7<XOx7d&{~VI
z2qV<rm}IHe<keSiHmYx~rWSZ{(?P9)!ElADK9sf>Y{|B*S#Kh8uQ>N$wVC*ibBc}h
zBVQ~thS^<3+sqnf>UfBNwA2r8$9l?jev;+vqo2_({P#uWmpKJ<GtnrjJzagQ{>uL7
z37Q!u(rO0;e4l9zz@4wW=`uF0!XaaYnPVC<Zf<T2`u2?H8M%v3>FQ>cb^Sywd}b_n
z$@u{Xr{#Ebxi?nXtM%=|M2zgq(YW-wIY+OW%l7k6cuHz!D0vNO7<2b?2UZ;TlLb|J
zkEN3&Pf5(Eet_8I?wXpVwOt^2_By*Rm5X5aK0}Em;%hLUa$wlnYKSsFMHr{5#BJkq
zX<9}3T{q3WJ%&#Fs{<1#f&+9!aYLMTIm6Bh*=_pz`Z2MYfx_BJFQ;u@RI{v}+_FUQ
zPHqs6F18Q6>m&Ordy(?|igTfvu+ks67QZ{@|J$wo*@+VWe=rh!e75|56-@spjnVvH
zD%|-FkQMfS`}IHc5#kppcxnHazsjOD>M8&Em?!?PdDHn<@sv!HcSAOGWfuPdgZ}z`
zZ`z+?_f-+|g{6W2?Z5rS5TS&I%CBfV<$%|}cR}_vLX>!S9WUN4y=xA+>=Rrm=MsLn
z%p2=AT6sI6KQP6O$fG(BrMC}C+Rt-tpJUsY6cXBYJMYsPn1-mn*Vi>qOI?wv;0Wix
z?r?CcKld^<f1-X?WPMNYPp%)%*A)jl{P8zmvm}G8Ew!vLzWx=4K2F<DAGmNwME;~z
zYtUf2jtF@csm@B&Kgneb6*c6VZax^-bm6_R{`mGnF|})%->xp4TF79)li={LT6HH1
zXSQsLHB9(3oWa5G`r98qo@xK2xQe~^P*vaVB01>y4eiers}Bx}KS>sJ-hsz@=t?Ij
zt-ZH%D)4rj`+~>ggO$5)3GdM8Xj{>WOxF%ej6Kz1xN<5o=IC55my{-&j}~{Ee^cKg
zXSnQm)MuSHqj0bH?XOexqK2-Yh@cWKnd@Ur&T4XcqPhD!%`%T~Z_d?UZXJ}yAo4>6
zd|NI}&R#CPc78-|YtIWwH-^fTvevATj`}3#fq`YsZ1?x6bcP;#EShTvRU2NcJN}!|
z_PUIvId$zeYf1udXQI*^yJe7lSb{yFGI7P!TJEEkLo_9Rn#Rq0cK1Wvt{*Owb=CBP
zcPhwDLVcpMT3)4<&>x$@{Bi7)E)gbpaE~ZSm)$;BrSNj<khOKVNo$S8frv-f;P9kk
z?H?a+S@Vo_^@mqp=c?}3kul1p$&z{(rohXWnOVbkMQ!$#&8<#8xSbmf5c%<FKOZol
zc?bbgtl-DR9Ch1?{i;^2ca98hv&znPuA%$zsvxoDNrqz{hhJ2v@8-M3<Fvbsqmmwv
zs(vkR`j@?0Ox?ZuZQd)>kwqmO3rrmuJQ-@E<#?vXZFciL^<$FoIZUHD>eto|b8!`n
zkQ`GgcdO2e$M+hG?ePa46r%I<zwC4zq7OAEC%EfSeR!ofa^F=`E?z<22yFy&X$W-A
zg1Jv|Dszy2>*8y9DQi=4wN=KH(h;{n&wO?AEAb8RUa>s2bXm(ORaN7wHH9{nmIhO_
zL@C+&n1>sr9bX-ydi%+qkWt<AlXJ2zbE6(->eJPhXA18M4K==gzA~G#uDjb-<1M(A
zY`xp1s)$BM1TQUB-~|qYj`9h88=J|f^3o$|YEzi-&2v>-uy}|=_(tp3UQ9Kp&o+}H
zcm)nHemOhQ8aHx3*^s|JuVPq~)zIt6;6AHC`|f%FQ_;n?ZsXgTZ?$F_4m0U6?0;$}
z&T=GcIWTAG*V85I)bSCSVC`n5o@GTW>~jeh<9f4#9wlSL3)9J?ad8W$ZDdaT%PyD>
zzPv^u$-O0FsVD4JW!Lpjmx{7iGw;T?DG@r?NBCF{7v>+d;C6U5db<WAD{)+JH5U{!
z<w-MdvE$p=Vx8mG<cI&Eel11ErU28-k1PG@Zpu!BAQ+SGvyN|HRl%TKjh2%8{A+28
zw3i9u`1o$Yb9=0gHSIjd)ha4n-1!(Ct$sh0#Hy3sO;6d<;%XKxj$I6;Xa^U|dudWI
zQ-@C8D$?9>IB@+@j-2Xe0pADQ=gno-oeV3QPL)A5?VPs!lcmA?#xvcR_=bgsOpHKi
zd<RE&^Ko2@!#e}0h^_G|TFtz<kc{E1B0j3Ds`AZwa<)@?8i!(M|JA`-t|D2w54k-(
zbqr-}=H(l9Dtn(>sh?X<K_Mif-^lZQYU(XIfyG?yxhHM8KMqZaV}l;>dD{;Uzhoq6
zSa2$Q*EvwA{z`-@2hq&X@irQSCX5!uxOF?qX^XCX`uhIh;}Ab{{|e^w&uMWZZu+n_
zi$2t~tf`g#)cA^i4ZUCC_enQYNZIIwW0=mXN~u)UJUv(X2S)-i9K@R#!<9fVx6XJX
zDk#*D*F74g)X4%}#G#(Uyn97XrB=Dm#j@jmMIo^JMt9cp=0kIu;fWH;{G03ZshR(+
z1$bzl!plbui?cDIq)AFLD03&*r}qUZ;#<~Mgdd;?Qhe~!vcLY_K6*riF$r!ru^i+b
zYj5a)=CWh*oY7W__I$gJ`0tJ~0$zcYmDw9$F#N!prYs`{O}R9&-+S0ObSiLiexPEW
zI=ZYn`cp$&AA-WI2`lWLgB6{4MOcXTE-88ok9yumA3WaldMopb<q`58gpO-BqsYB`
zN}r#e_pT89m%+-(3*1i~A+w58c>0;kT8mnK-d&p6tv@H%UsmxBS*yZFWM7+$ZC-C&
z%>9e|t9Na|<_7OyESLODJ0oGto~2UU#?TA>x&q}7zQiu^0T+?Gy0>S$?>_G2xpfOu
zYw1>=J842<FuQoWKJ<qEdwtPdYFND@6MLQg3w8Vq`hq*}-Lq#W{vYz*1e(jYYa6~$
zG#HaHLsS~f8Vm^~sT56y%B&DFMaWnxAvCKLqN2>1XEG-t6*6U>$IQdecU=GBe(w8z
zp7(v9wZ8R!@4MD#wNm{2T-SB(bMIpx``G*BHmfSi`)q}=rwBOfMYp=UMYXpsS-iGZ
zBV(Lc`uDRf0OIRKF}#ld6~_KIxF1>C!b_ozj1cqmW`SRWaM#D;@?{zVLCCnMG_J!P
zAr7V}tyWoV30UYnpTalj*-Ve1*_58^m*sP=t?H{3w#Bix){-{l4~#l&9^}szx0`s)
zGj>+Qp3v6WrV&y#F*)~psm{Qymj90$$Ndb4xgD@S@(`0*^`ciVB8^+I$8en-bsMCY
zZe+}U?;CRSzMD&j$AhhP7Ypo6$yv=E$3afqjdUq%w~;X3fADV6e5gX4)2ubGmEj-j
zQv2S+^(UW-^K4z|`eRS~{9iQ75B+?(8g?A{{2a?>_~>#42hORf>h)7Wn~9Ve_Is|g
zoQ$U32)HNDFRVZl7%XblGuG=lCR>@MwvyqBMfWF7EF1`qIiUj{?eS6V#0JJ|+EXm+
z?yvBoslJsg*EaP+X78cfUWTuSKQj-8VcGU^(eb2Nz8>@p9uzi%ffZ4t=cg}=<0SNh
zhMs9BJd`TGn<YWE3ZT)^q3u5y*&*zyB-)=SC&{%Sm5e|p<JKiTE`4d$szd75e58}R
zGVv`av*|CdXx$yT(u=^W8(-b}vGAd-IR+jZw^^h*!RZEyQex)?s%cYGU!uk$)o*Jn
z27E=B1h;38YE$2{Il;i@K@~`4h=7BoC9}veU6!}iPdk~V7~VuivI1nx+9|IgGSyDv
z9g|Bbo%6BdvUn+2D8GxtEoMs|{eB&e+En2<u<LbgWFCbJze=E7h9lwpIhAeN2=i!*
zW|S4GJWQ>W-9Ej===g^sPF1xIEm__Ky9Yu0<#$_4Bd|v7eSf9blS411hfksB1aQt?
z01u&KlbW9^E5(`P*i=7IY8Te!=Gyz`s|C-O4f*>IGIbp|Fkd#OcI0GX5h=9_&_!-N
z&YQi{ogZniacB&|Y&#ThXEv_@-?H)Ta9lK9+BO=m-y9x)840J<)&n;W5s8-79^)Yv
zQjVS9V@$_wa-;YIdw4nae|(q~r9Q}igm~&Sv;tScW)hrB8JtPWSrkJUkLb?Gt?aKX
zslWFygf7k}y`%lbYF76o{B9g%goS-U8;1PSukC$d$yuWB{TC<MtzQCbVccWmFKNRS
zqf`0Yt{=*xIOXOUbA*S9nR!OSU?4N0vRyj6f+w3`c*ZJlj*;3PXeFVA+4G^M<_zZU
z7QutyoLhy@>g#HwA2;U&z+<W;DP|lwIN}@Tf_YojK~1TI+jzukc$52yLR>K7b4)ht
zL$jk-5ls*t<3!88eM<+^Uri@9)3z--nA#FDJ1<<1_^ynOTdb-^*bk=cmVNv7JykGa
z1nw(gIOv-Gh`f`TMw{XW8zr(FyOWIj_w(vs>1$K{!d|jVzU<+=OFeYQ`rnhG9^0}{
z3zTv?bn8(Uv`=5W0+B}b(?}iD`Ma_WFCO%q(1xX@Sq*!(v{v;NWKm_he#cl)f9p52
z+!pTB!`w2ryPm{dicsl4T(2l+Kz%|$=+Lb(TehsME~WS!UB*rvaM}Ovw5Cq#(OZcU
zF7p)+DTIUs`cznC>l^22@px)5!(iEtwD9d739YCipX2d~d$*Tu%2hqo4<@FaV`|f`
z;Oy3VotD;%J1%(k@{?WH#%+|W^%NB4&*i9!_TO{w8%s3t^(7ML?{`dHr!v&m=D?o2
zqh(*F@!~d4Lcl8e4JX;u6~^jDnQ(-P<`BRNa7XNA#d}voD0vRPhl}$2fM*>Aa$c^j
zoAd|3fDzq4Ks=~>mbG168oh=|QDb!%mp2R#4=dxS1wO@h%1VaOtL*gL*{RBi6OmJ=
z9Nt;>4%wWFoZ?RQq470eybP`3*pTf>oD}RabX+jPuDJS-5vOItrR16)xohVnlK(4V
z>u*s%!q(APYLVfPyz|(Jn<pYy6WXyyKYqHoS+b?RKFT@5CHitGKOcj#Qlj$O>!jUc
z3rObTFO{`^xOU`9+e@{%$~6fc?U|^IMs^TUcgcehMQJKW&iq0YG2fS?XFX#}W$3C(
zhut9K***g>qvJufIY9p|%LSWP&O-@LuEKxn1m~<Km^s3{ur4PxR4zU?*K4S$xq~cS
zIBh#Hz<BYT?O<~HG0bB;^^FATL-S>UJQ!Q}DUM*`Ie}zmgsGE}?@YTVMfFy3F=fJY
zIqKv5)Wl+}h|4v@a9ook8yiaH^VyaA+~{HJR<p92>roIWDPn+=@g3DA?)V!FOA#d7
zHQr>#KbQcxSt2)_U+wK(I5Cm^w97<EBgme<AmQz?GC+Rw(LUyq)&cVeK~xy<P7X`?
zGhy5W4Y|@_`>@0w!_ro7M$zdI{k#JJ-?g6-z`G%SVGh*xv<j;|dl?9-Il1s5^_9?B
zZ9aFOX)<2VE9?Dly)V8oChIZqkA%!*(#f<k;6fN}!m?gM0w>{-^<pVNe_Ph(c&0xM
zz}B|@17z&jivM6BN*n2zh%(Hwg#w;HtRyp?q%N2-F4WlQf(R=9p^7#)TI+1iQ2jzE
zKFqx@e(B_mFJGh&pIiQI&?$U&JnPN(Zk-!;<1w#hCX4D62Wx-)2t<7lZ6n0JviEha
z^QgzNfcl07_`3Ha?2=Cf*cNkH{4Qdkb##*^VQzDOW<qnP`bz~Ln2ue}uU!aQ;OG*O
zr2wmJ3G~@nw9*RzLFd`M%~|I*SQsFi#I;-<{&KV88=A;>BBJ$4Jww0xRkM!CXTLjS
zVz%%i!@eFEs17j27I%2GB>`Ai02m9bPR4Y-j{3^2)!?rTe?J)p?C@xqS_w>oTb7fP
zQ{kPK1ae+(xKE>`bjx!|jd3K+s-LM-Nd1h!_9I*k!)*y4mnjKr_Jpjd4y&ZnH;z~%
zD!L=b`PIktwog+ylC6IHclC~xwCUhhedIo#bjZoEMA;pw01UtlYjH|#TVU7?;Izk1
zqwPQWw;<gZXD&u~h)6|3%F=c}z48;3S>mToIVmAEH3&0N%m2LOgG@li<vnwPLHaM#
zOI-3>HA*HPTbAr;@J<N`@wgr|x(l0=8SAT)v}5()@|rDEp&n$y3Uk}CCH+t{H8Zi!
zb9OaQN3)o)4;~!3XU^4*R((Ej;oA(34&^{j@M>zTw0%?lD;(=No_*3~h7X1{Hd%em
zhe!lR3TicCQi}^@;@7LDGVb9$@X4<R+=8!k3~;jPiLi@qpbHAw+pNH#znraaz@Q(h
zz&o8^3wwYqzrqiK&tTU3oHZ{(T>!{<#~^eYpLJ7;%Ld$wic5)JijzYDGxJ@?ijaRu
zbpw(ygH=m0mMa)Xz0niNADH~XxYK$e3&*9hx13(N;<liL9go-jm0r^$pJ{(Sv{Q1p
zzN@0l%XKD(iioOyfq@byhdbq>OqLsL4kFX>jc*(>p>E99NOn@)lhM3AVf~b<+rrC;
z?=4D5D-z{S@-1%%>|GVg8;A=*X2*#@3M=CMpc#^!#bnx@H6&*h?M~Gda%}qdtJ-S}
zjc<BJ?k+_v?Dq6N`NBp?p_e8*unAkzYR?A!eCzAyzP8W$))mE%miP++B1QzZa4o3j
zP?Bo-3G0T9K6U{C6AsGWIJ-2G9%n>%)vF!t>i>EwlP&z{mf+<@)msA=7w?#dnTc<Z
z-a%9FXEt5h`Y99iPKTpw`uB93;K=0P3~&uA0NP;$2g}5i!Hkc$-nyUEVYHSgZwTI!
z$4W<;mQCJkqKGHW)|No#9a*V-oUhM{u#-E?V<%jDZFg72>02F+z$@f>pbk(x>!>Ul
zQiW~zx=+iY^R0nlaw8OHmxpKPL(WD}kSGflY}=msrtgP6$%GB3?Y;MSlZQWi*LppX
zs}1Z(V1q(fvM;P8x~IxdI0jC>$dEe(A4DSUxWf)lr60I+XHaG`^SE=CCNFWy(}o`!
zyoCnPSL1VQiFieSrDbos=|Kbkl86k(U0<I2fJ=_@eE1*k>x=3JnlY2)KWOg$ls6w2
zKIp`n+l-#bN!xch$ocuQJKWG6t?MRl03yL}0lD&&Ua+5@T-M>THlXF-t1ZGlcu&9{
zEOf@Jru@4ml{a4fK-52Uw_-MakpCqG$IQKnJAO;rrZhr~+{x0)OM9LlYw;UZ#Zk#=
zY11tAEy(i6c!w=Ez;E#CONUf}aF>mcdy%9Qs|?m$>Q#2roXz9pHV!jb16s1%EEig%
zzSO>WI336c4@NTL52y00r@sFhj;by?5vGD8#;$26V#cf!PeRyV{G)kdKI9Is4jyt>
z?0PE4ucp@$Ch_Gt9nz%ww$BI5bvBc(0Q-sGwT{wLDn{^RlN53}FWY}baz{v(61FdJ
z8lgy*%))v{N5@z12NZBnOdvR<#B*~iC}rUG(U5TWPj-97Fz+VI>l%O4s9{Wa4q=ZD
z5RG9vnTqkQ|Ey^@fu{Yhg!PY4_cvhX?B72~e(pN-k8S<u>oQsJZvXsY{co)W|A*e<
z!e?qF_W$9>6OG8kmH&FDA^+Bh@PF=3CyzW^@oRaZ_~<~!h~z)5Mu6xa3nxw$t&lX)
z`ETEggOA;#;Ca1GT#u_)PjLPPIrTvhdPF*Q|85f-+P~k&{Vh4Y6|fjMOy;Dm>1U^6
zi_`<7{XXCkd3zeI_JElcG&(-<G<NV?{}lkC6FFM?9vsL*vHL*FbeudsoH!+K=@tkw
z1wjw)FarWJ;}DE}1{7ide~FN{?Md#n;oCX}K&HDCJOz559cy{Y^?{JhbWx6PLtiEA
zmGMHiA<{72EF3HP(&n~q>Dd-UIV76`9xf4e7jHKO!<tvEqDKM=u4H{`(4cO7KJrim
zvtqjusb|GGbWD7L$SFZAZKv!9Ver0A?)Eu@;EJ0nwQ4{UB#3Lzj9^Ld6j_{ZS}rQ~
z4HVEl;=5*<lD;N4cfvvQ@fwuq*Qj7_({RJ9k4|l}Vu~iW*UZgL<SQRIBjctct0;0T
z-o|#WV=bQhNME714-inh{dg*iIEriS)58-p`n@=Rn3)?=?Z`6i({DFjSr(8S#dEt8
zs5jl}$W-PLZ~|btV=Cm$Mbh7Prs->c8aZR==XtMa@Y3F$iDE9S#75j5P$|RNYV+y}
zpC`cvzb4LIR}j7Ev?F|Gl64F2@NA=xYRV9}AJQ`oEnv1YklKdfw|}+5++WL|v$ke@
z4V5UnFw!-6=4-AC>wm}VXHy|P|5)B|G7cREhZ=IWfrt6_Ks~4R>(@0$B2@udQPuFz
zn7zr;a$<7)<?Ry5agyA|g@HlGp?`G5g^T>4zi&MVNk0iP96`aZvl|I9-Uq;~ICtT@
z&idRl&4=Zm7<d8pmAGk>d^t$iK^xQdr~ot;Y~e+(I0=)q<Mo}g?j~o&ydNoQGrS2P
zcR~H8^XRPzHGpf*s|H{J!+~1{iZ6Uqh%dq?WD~XZTf>Sz>}Bh?eR-;g8^6>(s4H^b
zh=H0~nFZBWA{^&ZVfCxdr*$4_Ic=rZ6ekmUwJ1&;{1{n1!7K3t0HG(A5=|SXf*wD4
zA|8I~-3hI?^nL8250vE>CO=%<5q)L{=9#*+WjTJDX{_{Ij`^79K9Rpw{ftq)SodOC
zkmfe=VE?0A=x%m*?>M7{!Rhv@M+QAfB-+t5dMM`@nEk`tORjMVuuVLDJUrW|oOLc`
z>VSP8dqkUXoK~g_eEp2RW6;ed?m~*YwNvIS_pWmZcIOj>kwwexdouV?+IQn5QYfDS
z`$R;RAfx5$1}xm{b0}aPDxgT81Bm-1JR%75Ld5y<B3EMQ0||7*ce*yrpkDeeBlNH7
z-4RJsCrb&QAm$p6D;i(>0K`*_TS3u+az=l;yc5e>L1V)gyP5WWoxyph)P&Rw|ACQq
z6TrATWZiru9aG9x@C9&cu^C1<{rauo*x<-WVdz~NL}lB|Ts<LHR9qwbyM@P}!!kfh
z5d@jI#Brs+8D@`T#8_k#yJI;|XJ(JU)))b0fi7;T1t%DLIHyz+V?W~d!fOCq&~8kx
zNzR^DUA;M=wg0%PnWN%TG9M7VG59%*>Rc2K|4f-GPh7Caxz1R6<S|466pW(%#SB7#
zHxcY*RK&U;n}w~Jv2=7u@{yxLZeP;+S;USHLJ62KI;#VX`Qa0;{I>MDcozrGJc(3}
z^Bi*X^&;4whz&FK&d;BjEmJ%rbLCLzo)Ar(k)V0_$o-<M>FHWJFB<=&Zw{!e%qF(j
zYlAYuwz~RuluWODc4I`-7;+TjEO693pFfo(m-eob`hqHy(f)(<*1;8V5UYe4Uj9mp
z>a{VP959SbY_(}J$~L^`-WY(K#rAV@3Q{JVy9XReE*H9ua&TJtr;#ExJhUTFnt)r`
ze(qAf+xNThXD4kZM94}a=y&gFmkU&e_=gTN3#kL})9M0`aJc0O>5+l+ZuVA(5aj|#
z2GSg?8lT@rz4O}-h5dL0vFgVT!6CnXJz{%JR068KUzxUAz1g7;3(NY<TUP@gt0*f+
z>MR36Hl(<O)Ln7j*1HXK<|Yff7djk-$oczs)~W<2ZnkCvsnIzf@Rh2p<pwBN7Vw~z
z+VLenzP+R;6j{Ge4sjeR6-2d&(Dh_@!ZSNGxDu)dorNOWq}ZjM`xNE5UFKF2^E3sp
z9z!H-SjN3>hyI!(-?xM#!kGJ*sOYZh$#Vbyn=FS>@s7`{j;g(o-%jVo?$1-e#{Q|!
zG+ExA;<h}=VK7PO3M6g5Sxhf)4d^CVDe9TF+j^s)rlY9&uIX#ZWa;tzjba|V<@UC1
zG#TBGjpQfB9+^3}n<NFWf4hb2JIq_{5XE6lor!r-8iTxf=jk?Z66^+Z$|>*LLeo@P
z_$Vl9vI@-$qNIoP{D5fxSoB-16{`UXJ}~hf0{N%1v}rXloV&7%PvN%r*-Y$k*xYp-
z(sR#Fj4bS+E{MXXS8JWdir{HNY-UUnMa)9viF56>GGsNm=b+5+Pltc1%6tjDFR+ml
z-n4i=YL?Cjnkb*)pUB9_v<3`I?6JcrJGQrP%8a>!J0~yB#DJa5jo}I6<HZQ24kpDy
z2uHfQdW=p^p2CgO6ja|_vY8xi(no%Or+{MhYSHUSOtrDfMK)wk#U%;s^{OcDd0`iW
zC!4-#sto@*TW-@~^A#70ykF$bo$I|_@A$8z|7EJppHvwLv(GrTJn{WNUPtK}2!Y6w
z6$)~KM9R6i4qqpXYQz?u9a(rxbZxL!zGdKLLU1y3u0deV>N<{6{mp*NH@|sIxxcTk
zcr!nZNAo>urIAx-@Q7oRmNOJA-55~-R#S^HKI=MTkZ+I`;oJhYC6%mXLzH+MzY0cD
zGWbM`<<sMqcWC!ZRSv9>dO*}zXSg5Hc{n6dTKgbFQ@zacMVAS)MnKc?r+qPffdkER
zZ7LjbnLa_X-z2}yBchP;o9#CQPX{ea?#Fsg<{h+2Xzm#O`i3I8(9tnZlX>qR#g207
z)S0m{5-4xtNR?4{D;q(55QO2=-W>!8>X2p#8+IzQ-?`)}JaAp~6Y*>DR@-0ZbQ^VV
zrf#Aje&0fg&3iBx+6m7~@<DINJa^Jvv07swR4&eQGnHX$66;fmTJ5`f)AI=!B{z|c
zD!TuZ&S|kIaSj7zR64*c`uSV|_g;b;T;jPn%rds)cGHJk%_D}E0~*l3$yFcwz>j54
z++LLMA0BRW{MkQ$ZtX|~<2bH#7lwb={j6~)lx9)tVJMR!!+!+|P*S{H1_`g($Hum3
zfsHyhv*Q)~y-Ya5;f)Vg?pGRV#SxAhI&3}wz7liSbg)RXM_POuj|g(7k`T#uB6iy}
zowRTHzVV$%w<hQ2%=Nr*9-M-n7gTRI0k5Diq4zJL21s60t#@XH7iK-`<k^dYA&+P}
zv7lq^ZQ~)gQ-*lK^+Bn2fSl<8YsQxJX&J%cy2rvK>0Y7Hg*GDh{HN<J=KnMD-S+<u
z^8HZC$8*b_rr<M9FY4#25uB+qjOR}~?HHJOA<x$PWjWrts`aD$*lZ3B13j_(ocMT?
z$fe1SHm~L^H^2qwAfT*;ns%eIb*xl|Q=3W#X=n<txv>#h;<^IEWJI&_crx})UzU6N
zc+g?!WAZJI@Y-uof_y}+&_`)~pN$?GOV6D|NpNr%;h@=@{eso3EIKz*Ii>mMleDJ(
z(Tv=X@xlcgenk-Kr&4Y*fiQyhBida=+-&suhI{ANNfC?k4a<jsCs5ua%Ph>yoICg)
zT$w^ahDIsihg$8M_?OA~M*@CSzFN2{IPdU3;^WC9$2wUkRG)|%h0>O!#T)sdpVPNd
z7ku}v7?b84hpdO?K!6aT3*Jwd^+B-%PLb*G?Rk~vf`vroicyp-H<ggPXA*z0iEeuy
zVxT<QAH`{KaU%v1fluf#HF6k|l2i{X5lp8S$v%A@>>2pAtC=leUV#uuISTfpPfM`L
z+)8+8JMWs-1LF+_qQlVJB>j<zh$-y1>r9OJa5P2C%G|v8aZEj1(|T_9cg`Jd8B>kt
zg>V|(_JKS88k|>`OjH>OHMMRnFFMBPu~E+%A3Hjx_hX97kq3;8J<+Rs+Gy#Ti-*<|
z`F#>K$vRzGetsYhmRh>`6lh`ndlp~p@PjYyXurM1E~eN?jDY{W%0<L$w7#AlP7a!q
zPAuW5SzeHr;S>?i_dlXQJ2|<nj97%+2<2Me>A*Pe$eVv_0T@pX#RUR`CR(WoA~!Nh
zZp0$VMPN`Rd<CNkjp@+7z8d3vKvtC2IpP)(0hK|?T3Ut}hkQ0ot|OT5CD4#*88kZ)
zY;#JZKUYTo;Y7f6v9x*kAipp{QF8pmy_frT<(<}l*RVWd?P9ebapz6?BdT90`6M+L
zu-`iA-wDoM=)c9;GZ1CM|64fwa_MiUJdgOmvw^WU$KjTUxkGAZy&K$iUz7uwiv%ky
zf@6sew!~8_x%%e>Cp@<sn3N@J;hig^SUB>z;d013KGM9yPW}a#7%?<BScEE3?RSWV
zzh0CgrAL-dLa67Hg>&H8;EEMQL+V~u@U$FdXQ4qE{>k9r-~c8*mNRS=NeyBz;tHlx
z-Lmuy=sp7^3vtOFo5n!Wv*{TCBCsDSjfjjq{msaxQR3SlwI1pnm<M2Qn|@KvlT+F*
zV$G2wp9-v(J=iESo|=h`XPhazjAQFqHO()bY%f{Mmbau8AC;Y*9~kDT^(r+re{z~U
zcx*4&gA!z5Yzf@}0Ur+<K-s!@b#XncB09&Fsh+a!`s-SMpN*m4_OZpSL?L4~Fh@@-
z5R>2_rKJJhpP%PBKYwvVaRst_fMVyRtd-C?{E~Iq0gob_R>=4Ia`WU`H)trp4M6cy
z=%;x^XIXpOyO~L4B-c1c7rD>w4t6guc|Ht)WI{;*9WkUP%uj35b!Rd&l2|g|0yams
zOJWTqFq(_j&=C8;<mH!=TLp-rfq@&?Dcf>2Y5hz5QeJYY^GCY`6SmQ04G|Wq!r`w{
znOE4^^OKAEMiNwj&-L>@0uLYq_G>fMMh8JqQZ_I<>Mcp=DhQ)nXfwxvQ?yo`xE4cC
zMr$!svbtmllthX`n9?u*%wZs_1UVgIKljQRu3A+JsPZ3-Z6iipYzWJ@<&3e8rDyz4
zbiUrX{|=phKi4w0u*752hxBv}hbmKk*78>O=ec`76n3k-yopvsYP~*ggmz5`$F1+a
z6SEqP`F#74y2Prr-i+`skyx?9#OT7%y||w*zPn2Z*I%kPDjHt9vF*Z#Fs6VXmgQo*
zoy>+fT7u>_-0g6qnULjgaBPMhz%h)?JFZ1mikdCoRd;dyU4;;oI}UwmP=sJI09<hq
zt?XS(t4C2AxV!qFb6>>lNTGcFQ-T`7Wa&|JN9JO$;*K-g!pa91<XsyxPI3`ie=q{l
z(^_9ZP_0jB%8tu(&*lN4CE-L7gyF+D1mv!Abp&tqn-N19i|IU}RGKF;{!(Tvz4{r-
z2<@^i?`J*qkQ>#;O%-gcLOlyRZ#)G06+ba?4b;yQ2KOzIHuu4EpI~Xi2ERtDQfx<+
z^au!Hs6(n~2{1Jzi@a`19C4BA(2)vJmGt(euUGe4rMFy<<rzQ!y7n6S0FsK*GUy4<
z=DQ7Bgo$kls<+=?dEHz5T~aEf3Q{IG&xj)VY`6oXRjb&`gs=h!Yxc?z^w1no7eE;`
zuJi;<9PZ^~k4mO4le-*k5LI;TH6u7p;~{J9FqQD-LYalBgc9SEx^&PPk)X9M|Hwbs
zVUym-yHvB=u_?e}{r8#vDKPz<e>45UNMkZywEg%YX5BX}Zer)$2JP#R+osYBZuL_^
z>Yjwm&#yn;ehiT|Imv-Rb@?H$JT@GEYh5xE`Q1VVGluUBT7$%x4ZNDlz{~rRF(IVN
zbl2`&o|C*^bVPm#1dmERJ2>;iTXw<SuGBOc^|Ptmv{Cl~o+{Z(qkUeWwLtk9wKZLo
z%B^=ifTMXU+s@3pF-)BW)Q@mlnGMHLHa`FNVQ91q=&0pCin5$~*|)g{NMdi={g4NJ
zlSeUShl&CVzk^*xe5oO1T3Y%l)vpFN@==XMgHqt6zQH2DchSUV&EKqTfF!L~=Mb2;
z+LFeoXjJha{jdXd0ItmY`=_mwiezmAhu(B`b8JN6%Y2mc?ApHukf4#z4YKa}*C|xa
zQ@)Q!>{?9zA$5mb{`@~S_MerC|68@}|7%6P2|Mv2@qhT?#(hilUk|ElUV)Pk{`uqo
zGu6Jr_T9uM#iR)f-I=F<>(lYMlpQv!@hO-%6Q(m~_g{T)&A(hR_sjo^^N*+<92l5y
z2vOP<i=076<cU#R{Y5EvueiTjB<#f@gdai`AH>iL2&jAZ8mFEkEB}z8F#bk~3+yUX
zLN3RCIFh&kLRWoZ@%*)r|AA@+6Ez<F_G-hm(A^5EaL6!c<j%U;SCx~hP?`gSdmCIY
z{<XeRKliF~tT@E-++q35zX2D>%=krfjzGOllFkWDM}7zm6CsTPci{&$g0fg=?1<RI
z)hIEL;&v2&KVDH$4|YdM8`W-=BRa_*2N!nLK*8X1ZNhW!_8v2I&4334CruJl*n7MK
zoFlV86yl+n*@jvLD)!Oty3!pNRXfw$DEva|4)pCukDi&G$=B=~ejF9^{>*HB{+Vq%
zPUYE@F|y??e6gG3+IgnDI(V6PUBt)sqEB;1M)vOBl^h1xJ@#7>u6gnl&2Ecu+CPIg
zgkXv&&-a7?^+jH_ags4=r{nvqL9Bw%4K&Zz&oSq&9qsY?f$6HLidJ3-;G~b0kYWca
z<9AKwad>tt!#!K~m_hzYZ~+UO(;q8{qpC{E(RVxcCXOxv>0;X1wWxU-YUQNO*5B`q
z_K%DpO@;o!uzUuyk4a(tXbR=Jb?{@b`yQj+e>on7-TyDE0V~jU6Kgd1`@dHZK!t#o
z_)p?^V?R%3;uoYpq(<(y-u6tF4X~bs{Aahq_PpIV73_c!A*&$F(apTp(k~T15O{a~
zj|D@2M)RgQh@YWi$2gIecS=ZX2(PV<8l=uMA;bSu_RI;8;ShE5UkxLE9jM&`!2v<o
z+y9m*Q9S&OR6C$xPenl8hQ<xm_Dn&XmrF-JR!UhF<AT(;@!`QiZ`f!I>%)`iwZJFj
zNEmF|mRK36rB=yt;@z2T!l!8+{Mjo6Lfx-5O0hvZZ~Em-o=uBf_rg$j{<5Y~o5EZh
z>(=*)mcjOv&axekf-6<tJfQhFVb8Whn2T7K`LJsHC9pD@Zk|8$6ZGCet-ja;2wEs(
z8Co~9CH8*4a8M7gD&lnPk`WEyNU(nbL$;o)6r-Vs^JMmDjSNPN7m{^hSTcBmgZ*(*
zB7wd>2tbZ%gJrGqx8A>BKmsS(Qdj2<I0O=e-!7({SC>=@CHPpr+X`+dIu^DA$qakF
zuX3jSR8|I~!xk(3^`N!#>*ncBsmVcTGL{>RK5z14{+rt)Nyvy+q|kX`p^yo%{f4|v
z>1!Vwm0^3PKgdBE^khNcr`^1{ve|PLm?PBb1i{;Fv%ZS6PybfXvk)UcU%p$l2(=?A
z>i*fJ*A@*~57~`)T-?C7p41f>%+U}M6=mV(RT-j})6E^7vtxN6O)SYldJWbdKzcu(
z4OtlcT@<ND>xIrx0QE>Hs)$ULkd{=%qfpVP+my=0WP`}W^CMeFM|XaCzV+PsfqhHN
z;26AkiY@l#ytJ-6u`oH2U@L)`NO(bEvw!FToBCh{B))s=W_<gVWmR9^PEzJ=+i4~a
zZLQ&+5UO&Gd<c*JEU`q+Y@wz;qmz}Q_+oJIbUXj@iT2N2E<dfb+QXL52y9Vd9Q@g&
z%1<zg?0CF}jcthfQ8_Qt|10wnpDVSi{OVDTBNLl9Zya$nHELxrYk9ZVRwd~`<8ZQ6
z<xJW`6*69^yFfI*KCZ+w-(e-BwWOoiD0nF4V7~p7+>_$C11Q`ft``82An>DpQ>@I7
zRz~RG4>>rwEFIbo*7Jx}9auit94R`7P^S=$c;+Qe6K4eWTyE`2)L39zTm$_ZZ`RjI
zY0mp;CQL+lZX^u|Vv@Vxu*X{STQ-tsvGsZ%@isa<tO@1}vft!gU;c-tUiR}^sGgxU
zuZ3ovY=c5w5}6|OBN=*HBen{b|6cI8)0rxIS(?=S?h;uC)|k;{_<*P4+D#@T)c`ZV
z`f5rhfJq|-+o)WC3*Agz0Q^bjFr?Mvw#nv6q#%hGExCc1>?DLa*wvODXV8d1MZf&)
z-8&pp217r9Ma9`#ERbn`L^l=cEzqJuQcHSXW=E#Hw@%Z!1OZnK<3b^B>$ObVskyXK
z1C&t6qBLqwft_3%|J(@IJo&c}E9RAzv|Hr!gk3Sd)igJwaTRg=xHu`qhj`8UwjL}K
zx1Pf5de3z;KfKrl{s-r6MX^Ic9i!+2-_z%y2Zi$v>H;)1!h5p;|C26p-H%w$-VNqK
z7F}}4pqLk=62BLBcUZzO?20ag4;cjA8EG7X&1BIN0m(gRcG&}&7MVM2&Hi_#zN29a
za#7ropV-4aR?U8h=7fE{-E@dB%8f7~Qk;(NtF>U;vfQ4#jVWkqE3OmW%TZQrf(s!r
zD9U)9P&KI!5?;|Ib~<T-C&z!<mPx}oqZ;6M5pn%B<pJeOZ%>Q6@58N_NMwAUCgbA)
z*#DEL>afu;N{2tiFbH}PhB8e;Mxu+RD^VSc=%P#A9qIxEdZY7s%l}2)fQ*2kki7B>
z?~uMrM`T;xgpc{z{C$_1pc8F=1ZGgvVIfDsg%vv+6d@zDni>Vjc*r0FmkwPNkGKqE
zsuF)RLjfz_Pur<%RgYF&?51Cdxmf7L_TDqW3nqI)B;8AS&;_Hc??DBueG6PjN>{yk
zF1ohF!SD-=`-I^M3LbOVjTpWW77e2J9+cg1Yf7X2KIm7G9F5stcYkS+1)O8yP2W6o
z%Rwci_E<5LFb^SdFOhZqulf#TY+xZ+d^?oTNNEqsF!U~b{iBh&xymEoU(K`ppd{|M
zyF3e79xxPHw*bI6$i#v!^o~(+>=@PGfuQ$Dfe>!}0>2z?oumD)9tb*#MYFe%;vpL%
zI|6XC<P!lHvS;E~{zo~Z6j<rxOo8S6t2~aOWoc;0ZasfqrtFb7ywGbSA-GUu^sQcT
z;a=3OKOv}jv4RC5W75+==Y`~gEshy74nxy&>Y=L7>!kO^X~j7E)m!Z$6TrL$k1fQU
zY2k@>j$fPv?TXtd2$4#LHPviJP;@g=eLVpw6$#<^rC$^Gve#?E@mUTj#=~u(ep@3I
z-6ZLn{y#5f82?qwV7wj?lU4n9dE)oP+81eea8SSw<KS4b7FxddDm6A>38z=l@WU2J
z_{jPvS)|<LE)J!G{62*fC>a0^BG=!p&p$FN6no?<XOJmUY;;n2L|ysq@xLl`B+G6&
z?qG6RJbUMK5GGon6~}ITwedXa*bUFKSh2nQLKe^iqn~TRzWf9F5LDBMKs~QN>K&L_
zL^8Ic1GfXttN4$D(;-1H+I^4(V~-ZoaBD0-%6^*GXjM*`x?_Ib1J(k@pkmbJ9C|fa
zn|9YgRMOeNY!XQJq9O)XUZCE%oaX^5ZzAv|v5}6QYvDuj0$D|IoNvDO`%~rUfx&js
zbKx_8v<TWkXFz@lHFKInm=_@P=*oH!!Hnqpmp4NI++OOElHP1%ZoWSM;q(-*q8&GA
zpR8uHdDjYDPDW_*@>1jZK5Mj_lVubA1sWq78l{Ea9l{F|;Lsw<e8D6X?;iaHGOGF*
zKne!E<9FF+ALIM|0d_8b4ATWpnAK0l=W!4hIl`6QVR|#KNBUj)&I-<uf)X^pv6WDM
zZDq;a>d^!Is-Vapx3-3BXIa$R8V>R2WM}4T%Lf>^gT&$xV2B@)h?)p$&E!sY*kIvF
z?fffXl{PJ%7s+Eq^$$<QU=%=`^|t?LR!~_h<r@5uCR-uPBl1kGC<YhRE21EMi?<&M
zgCiTE@ctc}GzJ%`c6PlxAgO^}55bACyn;6EkIQZG*E_|m8=t>5zt#T<WH@SWev*E-
ze{R(Ve?1^^^^yB$?uFC8Xc(N_q@!Mww(oZljSb#_f14DfM@Q9&9mU1b%zW_&w1aud
z9|u<&>6%5!?{j>=CPwQWGrN$6qRUr)f|eF!rC{%#sB*or-O~B&m{`PzV|q3UtB&Wo
zO#NgaK_aOde-an(aTE1Y7|y|2bEY}m_4Ev!2fXIuhI`p}(Xs%o6%{<j%ZZ~Tp9_5y
zQYp;Qpo7#A#34eW(39`xxkP!(eB*h3bT0+~d#DF#7N@si{+Lgti3>`{=EK(MQUXUD
z6hZE6_wYuP@E<qUtJ?eM%9*6LX?I05{{c4XDd_Gx^N(^)>nO;KFE5vQ5qtdHGfwMo
z4`i(+DJhffP3N0>_$uf&F6+IaeD%z=TK>YxN&H;8y7<Ugw>S0328eY>c6gxU<QrVt
z6M36Tt-1ZQaAhcj-WajYR6B2mPQ5>T7;zCV>UABXuq?g&rz#6$K8_?$n|=28#3EaH
z%%I^SewJnIePTeM)_^HEf`l$wYmve-@yV~hUTscYz!vi$5qEj4$>zox%@+QvA+UfV
zX6D$w1FXcq7Fve?EVOL3-o@CngNOx~Z{B=2P*14zJIWeQu0y6}JL-{InKVyZf7xb9
z3uiv{_+aA1lZ}5hI(WHxPk;m;&l?y}^&6}Cu8`{FptP`@?qsTQQg3N~)bm$!Xv`JI
z_a37qna<*^1HVV!D|~;`uyV(#8~t~<1^qT%55MClLuayUzshD7RUAZSZu{}9WT}9~
z3+CGJh;4U1NA9ZW{GHtpuQJNFf7cEd1x<}hGjE*|T3cKh+RWlcx#iX&imo9bkaPO>
z{d;AnOZN07>S}45cgZyxVX~t$J6B}o`7m-^x_cza;#BO4)zdBX^xugbm(zMHGhEXd
zF(@g4E8Q%J5py@?UPsLgpy|R#Gv-_8+}wbPlX7+YiE2&VV>I{f<?p4O^76~ljUB<k
zAA`YE&grkuq!o@>wdAS&s4gn1(#eqF{r-KoZKm!WKK|Z%f@k-&7g_vzuGx<cuk3S>
zGm^M%)ZXE+*=?V;g8K3EVv0?Gd9OH+WdH?>JQ35)_BhSjr!jj?Osd|dc+580RPgTG
zp{5B5Ig1<hU4dsS)+X+>5%&|<oj4~dz0-&>t^573ceW8#v}tMR;tj7deCI|X=WWQ3
ztIX1yhPUO}uJ$W@edOikB!|L&2ijePcAS1xe`JQP*fv_$qoayr^9rL+9$9=*rsUme
ztC`_CTdorla5uH_&PyKg(cV$5grbf&x%n}EQIAK9Q6kw_*VyRWu{KyjzFB1EC8H@p
z8^h7eP@ps;&7gE(mB3AA{1vvw^BvV}-e*N6OM?1dvTMoE1t%I?+_T%`r_|XkfjEuK
za7_TuJ*wHVs=X)Zg>;veXyxSeO}gKwN^lnavX#O7<qjwD!fz?v61NU@%=x21Ar0jY
zhL)BAk)9#`^n&%=z5@f?XSD0_ukDIzs%4gUx%V;d?08t)+$?A?$hUsdjPPT#nqml$
zv6~RNP48b&8}ab)@$-zi>u!9W+8`<J_%4SpZ%lsX=F>~FJ0w@4Je_fED$BGRbHrSv
z_L)&yX>cWDzl>y|gO=Q+z?Jl{)7wJ`%@A8EwIUX4S&4yAe@WJ;NK94I2-EzCtC+d6
zL)??T#PH*f;p{HiVvl2<%{ktB*`AEo-1myIPw_NO7$!Lw4W`K-=Z;oN;FWn#wW^P7
zP%dqmpUO3DPBfB>)qS^n=<4v-b_{!^3s&>dPB=p&zE97m$CTH?(s6d)a!OuLFSl1G
zTMOcH{j+hqh}Cm@e^nDJzG?najIH=s`CJ>>fp2qgnmBEEU4QZCo3g8dIQ=c_Z6a{`
zvT9)H32k~_na$N<*(OZ7VjR}Z8E?)~W#or5!)8C^=_ik<-c-F?66UFJ0Hbl)#r1qO
zZG;{Y1NxrVwydCI<f96IyZ)Q7fPF+Mo}~mMukZ9UBYO5sOh57*4>x#v$*=HcC|^wV
zAUd_zoHpP5z!Zg*MahAIf%};rk;lRs@nt-n&_!xgr!sw>KJA;>Lu-gh`)`-F=Pnbt
z24_md(Y&^K2HCz89ovqsv(G%{&vsvV=2FmZYo52WRt!f4-w5Rs{_sJ%(2(A{$~2Pd
z@Zy7K-7l;5FMfF+W7##D`?^a3Gn2YKTt}OToGUYYA2*doynDxmVVh6)n6RJf5v2`(
z{`->u*Y4MH)e7#3*YG~d?d^g(acN%v$$oWyzyC3sXH8R5M|^H`RpQq3`a!rYzNRjH
zwdvw~Sl_ta;pZ>cgxk>m>fFkvPqRFnnSJqSa(lZe7a{L5@S^&=k@4G<sDlG)G2d@@
zJ-Rh9hrjIKyg1C#^DcYKn~BBM2G!qVPhBw^nB2_e+_><2f3bRCnNv*ttJ#lRo<^FC
zYa08R2JO|5uhu(%-e=pDyE&o8Q{G#(Vi<7w7hOsy-tJ4sZe(R$%N&i+UyW0}g)hv1
zgKuyPr8}X$|4uFgjh=zh@xkpLn`lj*3U!+$)-&GKr;*sCyt~uF;#=AG?*pA%HBx8|
zEo0^v12znFhDd+c^pbn|etF4&_fuu6P=t(7ifO<PLPYcp)!}l(&G)FBC!ccjXwwU2
zYLio5o3}EJ*$~tgM+Z|>`lZ~Xw(nY({d=ae69uRHQ*ZIVSDQ-9HTwbrj&t%^-_}1l
zqvI&U^E5c?48{GC?4gmCwS-yq(i-f>ta(~Osdl`s29|}vZC})n-FYTtpm^!%4WSyF
z^rr3|AC=B%<{oVRcF-mCWMtW^u2y%K#nOQDQZF+km{x?EmcHJ;+Jix9#$=@T4873e
zqvYe1mefJ%-DS;fqcO$n`yMl|=M($tW(Ih^)8H+u<7lL_N7$B`kvd{C@y&{^gW_Q3
z@NI?F=SD`Q7PIq<@#`M;6u~O`m+18K^CQdDE$9m#$NUgnYT_qW>>-v~b{gNfp}%^+
zbFoe)N7&PQTjyIs-RBLb4vYlu`{NeOJ!jH;dpG^z2l1DJmO?q77e9?y@LEU5sl>+C
z$99p=@1ZN@dGDScD^>eXAJY}goSf2i*=FOT-(Oo@Vt7DnT1dR}Q`^xyc{tGO9Jk$d
zU}*jA8f~=x?>}x~|62?2CZ=s+#D(IXI5;@xKHZyYqnbb^b0RfuU~GOWTZRM9m?9>_
z^F`r%XQ8>}jGoia;j0LWMcwvu@?xj%tpWXw5lgLEJXKYq_ETwQbL+iVqdRA^U%v3C
zsF8f08p@`N`carTS4GLB_J313I@9YQ*S$vVKr7qTY<H!Zz9!?;`S=Yl)T63hTX{XF
zsKckd_brr;c2b1?zIVzRN*e7i0~O=1Zutvq-4E{&HrQy|;efECu;3=x@m5ICp_udY
zQT?%3{?pREEnHrs>TqcS-aZkXQAUA*kGDs!{xhDCZ^(7GhH$F}@Sb*k{L|ownb}qx
zh}(glvS{aX{Z~||=7fEz#;Svk?QI?0Ds=N+{)3N2Dh=3H`7!JN`CaI1h|Par-(S({
z0`q>Fdt})9r?21Jzv4f_+23EMWg#!`@BjVzdai^2_rGDzPMUiW+x-6hPjry7F4f_G
zxozeH<r}ZlZv3}<6!2cf?e(v>EpU@w(41KJuMdq`>Q4B7@rF14cf27#n=4i9Qu$<=
z>r(N*UYbifR-`Mkqm6Ljf0pN&5cc$6*LIX0H{*8Z-<PetU{;NxU_w<xLco+8U?jgc
zNTob#4QU0dZ`SqSEcv>He`Zq0Zb5xD?AWc~6oZ(Y=o2Qr6@NYh1zGvB9j`|*FWsY0
zaB_9vW1t{z&$%@PCMr>_{;NsYw<e%iL$)a=FjH6TU{Fxe2OF*Yhcj{{Jn;$HUH$k`
zv+5&RS_Dyeaj5N7YJTU$y4-507zaQ)_{_w1YQXXMvt-0R8Hdexl~o0WT_5(OqS+vL
zlw+?f-|hs9Zb|<)YYo(&`!21#Mb*~UZW|suByhENw5&&TuibdM@cw)bgWi!89SLC<
zD(rRyT$w9r4ZW7G*J6RPEK-I-G$))(>W<>#yp1IUuDS8-2-TVwEld8?3m;wzT=1a!
za?2CC)8?-i8Q~t>^7hm$tjHcQ`@(MGoN+d<EZcfEh-c1|bI<3do7r~CKAx1*bTOLl
zx>|3G6e+Ki?UJTP_gwyJG@?6N?>T;p(T6E!Ic(Pv9~!!pvM6=U>fU#rOa8DG?*L%e
z*x5Za2q6WA^hMgf+oR*-@0UF^jrt@fCvPnBmHkcSo}Mo)uH<F^6fOkrAz@;9EvtUn
z=h`G0gx~t#zDIuFPq#G4{}lG@v9~~xAVDztoc>WUDCIfuTlQ*KH_p74Gp2{P??f<J
z+EG?k{NSRnd)i#b!o(SXlC~@8Hd9Wx89rvq0&D@e>J}pv0F2q)9n?0E+Evs!*Ys@H
z76J4836r;Y4X%mi#OQJji%HFoA0tyvTh&8vZQu2Pb<L_d!r`0<N?={e9Nx_9h#7?x
zM8}=1J-_^d?Dl&igLo*JGJpHf(*v7!3;hHfRah8+R8tiJ4~|l(_*hYE7!zZL$Wlq}
zkk{4N39&X3aB<!>;*=7h_79HdxmVG5wrA#gQG3Cd?aq-Wk3RK^QLe6hTXR_6Sw}2v
z@0B!8;MC5aQy~aX&+Xoc%P&L&dz1i&$?ycuOrLGG;}^~qRVmXj`POF#TXU1W^tQTs
z$Ualza;eDO1!KSJD>6Kc<a*GWaKcoR_Bo~ZI2#y$%j?L#-ceEbsY_Tr+j6FQ6|W>|
zy~VHRo>QC*Oe&~7O`33CN&o5<gGEtqMT-!p^{cUik~*5`>ABdc5b1D_i0vzg%~2wg
zb9wD7CR9Z71CC!~_d6$auXl(>yg<mLs%+He+ZXR_)+^{8!t?+Kj6C&X^kD@g#pT3m
zh4eIluXv?>U`*5alUHkzasS6}{YP-C_%ktw@P&tH?=(~hkOugFyILWPbJ7jJNzzrF
zn@?Uu^-GT~Ai||{-J|;mZ%KM-N=Cp2&*s}mpcZrK2!d<|7Zzy95@llIdt#zBL47yy
zIYG!cWUNxYty11e$rvxY{8v2l(0O<ZsfppwyJtyo4DM#mEg=8OR-r1@$yu34iq~%3
z@b<xlo}l!tCQ@&(vyEY6;mx;YI`O}m;SZmr(8zo0uOtxd$)E4;k2yJ>vaYgDy9gWJ
zYEMYLi&mUIU5Vj?UTQCcH9-d?pW2QrCOD5J@~|4e6}WWueZASLX@%?Yu5*!F$+wkp
z=Ijm%-H2@rBd1#mT~NOAJ0EF*ZExU@@Q~eVyT^+=Z>@E#>35i&P#bP@pLsbwdXqA`
z?9h;TdTANyh*it`eU!;}j9a$6caZzOQDl4VtCUCN{`4Igv38rDJ4kvlbcNae{=xe>
z^dT)4v~I)cZTN+_P@k_0OgQk=1=b{V?A3i+86JDXJus+*D+y<3HccK~b#<81IN0z>
z(=u1?Czcsk>^zy_>0J#x$hC3(l)dLxlMANZh6g_HderLa6{DSCQt{z2`KpPoOZi`Z
zCt<zUq*=FhPb~uNA$$H%#rC0Tn5x=o?$hp+)bz*?6Sv;x*YU&A%^a<4{bR>cnljy^
zR&4kntt|O;Os&0^NiQWGW3a+lq<6D;U0WV}%-l8dd1ij^6^Gcj{A#P_2Db^jt|~E{
zuPNDhbA?i!4`qo~EB3RO{_5Hli*2_7_>mZ%RhYi3R`oJ}1(#*=?gUxvHdv-?$Q3e9
zOm}gVXEYo5nl-kR?HKh#Zh-vv2GD<oTQ@gS6Jz~>ujvY5X3yF<kX|MUxF);h$h)U%
z%S&E9DF=r_4zMlZ5F@j8`6x5~)L*}h;3e)$*+}Y&)w?c;jND23+GLxMLXTgG{o7gF
zxn{FaRq(j3(=^BW0|_^0cR$?u!>S;<w)2G6G;_Xw4w;?W1jkeNoxl52+f7<WUiQQ@
zw~|W<6b~A_1zeU&MeYJP3m=4_E=%f?2kz}QR+gzhUvFjZn*vaj3LU+4M{L2A4Hw_h
zVWWM*epF#yUZ_9Z>o5Dv6KCfR<OL%cY2Q?K^4jwCT^}OL$|^VyCp!CYGn0tSPB`{5
z^yW(!*S3nx@?SmP!&KXj6*%3>@Wm3T`m0+6RvmjvQ)2j))649OegSgVJI`czL(+!s
z1srRQci$#sy9$|)B=Q1N_9GfWY%A#)$yDjMk`<X!U;K%aD6k^#Uqsm9Zoypy!I0)&
zU>{?QKVA5qv5^=q&rgj)+PtmEA{(!K?MjNO-hu5{)6x>KLE5?<w<EDhp)rBVdGLoG
zwlruIYU21Nm#LWzaEf8cLT)d!kwxP<p$PlflVhh{mhR<CYXTk}YK8+c;*tAm_6$QI
zm~z(%dOx_D&5IYpjnBwwAh*fTK8M}$fT1#lD|r{M|NHmBFl2O@_0=z|$Qr54I~(xS
zw{Ca+NraoEq>5g%YkMgHedfIEB7M7it@iLzIu#vc9FMwNr4NpUEx%LNdSdYdWJojN
z5Ud_ml<Rto>S(#)!OsQ1k0q?T7`Xq-+hHPwS0_9@QdevG1h*Hi1herg@{{0LIE%tL
zk0~$|&@olw-ggOCr}d7M!a#`V;hMaqe8WR-QpnporeC)1|NXI~f18{KHyNrH?uvkx
zVjYz3Do^Ra`;lJ*^w!C=5cSA)KAWdS|Gs!L(|%K}!1~wWV|S9I3`y#w=Z#ni0-DZr
zl?5hfe9C9Nctri|9shj2`_*m2qRO9gO317nyQHAozTNuBc6QOT0?R!Gg`0H7FW>H2
zXh>h?APU}8=9}mboPuH3$42B_T@w1>`SZrqhHqYKDkVFS4hWiD-eWAJu8O<1$mS^^
zCVlerYH;cB6YqklbWV=b3u~E{7rJR{r^{<$8~8toRT}DYej$7Q7|j@KS-p)}Njlfp
zMH?%tkI23Ske?tU317W9m&LKTuPw~=;35T?it+C!FVTPT<l<D0Di0$a8Bq|=bW$#?
z+;hR^2d9@`;R?W_w@kYF6rCS7g3g#dkhsrDTIl!@B?LLyotb&BSjf;;?;k7)&JJ#*
z0Nx)_Zh(2lwfkHDZ*Ycs>US(HZB(Z<&NBnhsXd8%G!@%xwz<nhz@}b-NA?;uZp85G
zqZM6NUsN=LH2FpcpDw6qroKI%53g1q-$tU##7*M-cBfgB9M6ZEx(z2B?^rrezEGsi
ze+{u+N@4TQq$8)--Agj{7AhYeZAjn{2XNy;95ogCydNCeXEnX|l8bAYc<YLrK@hF?
zuCRRkK!OKY@51?|rZ+KvkSKLeEK50;xIBrx!JP&dIZW7;;szP{Wdo5V8zc6Sv5`?V
zq0kWnov~<TKyPq&&r5k&?j${RRqPypxMn?%%nD?b!XcI8tY#NX*BiKt8(gG4bJ`N?
zO!^39ZXbdkrCajjN{WEWBoQ|juZ>G#26$m?*UH1^AMx2r^-edpJpXPCjA)2^Bgx9J
z4M0Ss6LVLNT)e#U{j&Si$-#jQ;o1jm^JXLJow9B1vV`<AZSCYRMLY;DP68MJ5VxbI
zU6A~>;01Sgem69EW4N^60N^Q*b!+vfGHL5(<omUYV%!@-uy@LJ^J}9Tf7F@WGM1>A
zl?<m$m&jy@OIjF=w<wKw8D5-Vi)snYK7TrphAyalNUG4dB5&2Mv|)d$jJ=+U5uYVV
zvJqU}SDv*&oH6e-NY>MJ#5y6v_l|!?C!gYKb{m#%dE^9$*(BWH3Zc6Zw9hXvtTgzc
zX++=bC9BpCtXMEOV2e_Xo3kC>TwY#s3q?z&{Hr>I&P`YCKu~^I?axL_+D|}5Nn3pM
z&Rcsfs}>d(k*Fef;hUy@a_{T?2{#Q(KG9>`WMQxCzH7R#R^Qoz#mf2i22VGz_9SZ}
zvH_|pMFV+{h|uI7&A3Go<7rxA@oN8j?Z}N}UY)RB&tS{j+1-SRkb2pdoLpO(7x+;z
zZS~vW5WRi6%PE)qs{?%!t}NUAW}G~FM`%f@^f`llqNbkSCU3rlwQEQk9M((%39Ir}
z5r!WCPa8k+M7o4+yF&lLv$?~O@49P|6hf>CvF7x*WMjrjg~Ip+IFxdo<o$ffI$2oR
zF%ZZe37X4u(t-Ti3<^HVyMKLoagx7jc%bu2?=}AAL4({<KICwRB_5n+zg87GRa{5J
zdL|DnRx9$i0}~@}5WH$H52pQ*=at1`E&$W(@9G}9aeI0Fe8(>Qo@%#F;wBBf>kl(M
zHXTsCyC09yes?J6G48uY<l{Vk{_3ykm+OYaw;lXk+z(B=%AYh4NxG+|I_iK@t@5(}
zKJ)CU+`ft!k-Qrmq`jK8>XQXT$*1?yw(%nLedOU4)^_#3OO2RTaki9=ts2A+H{2{R
zg<VSDX5c4;zr*nj9QzlsG`nJ!O1x$euSj!jeBlp{8F*F5Y{K{16FBDZUj+g=9+wOI
zqE}08=`;(|IAeBcx{jd##v#R7L}Il7DxLG^=>T?x^QsDvTo@yHn`R5mkG_Gd4?Guq
zh`|@0H&nCz9fRq~7aEU#MqpMN-W#xBye5!uudmBHHLP7Bn50||+G{~M*WOSlaNXAd
zN(DdhY^v;V3DSw%^V)NP22ZSza^nCTDv`S`LXuF)dKHu3R^yfjE)+qPOMceqI6Fzs
z<3(02Pqv!T`@0tL@cJWx#fE0O;vhn-h*b_%obgOR3IbyAHr&?<=RQvORWD>w;C1!G
z?%xYqDS4GWzY1~Z@UwJIrRCCQUfzV=m#>+aJX~x6{w_mg+X$*D7Rb}9;PSdrjsvay
zq3-6vmA8OgPT2lp9=f`>)Ln8VN$4Y&Gu<LizI$BUWvU=e?fQ+oFLPn%l55K7Lvzc=
ze^)7)az2mcuMX38DS5R5jIdq*#OQ}OJ~*KB>7yT+EI;g`-S1h-PZ{{rMH2Si8l^w2
zP$63DSGf7~+faE&M&wEWEccW4Yyd;s_IX2XXD8|Rw``fo)hd4$X>vbVR$GCOcQ;kj
z6{m$^*SQ_P5eh5WOg3Cev;3?%&ULkC__45pY5?C>hCQDB8?U!oiQ)h>`(rLsRnDI*
zQY%JNQ&W%c99eZ{d0|5vxy$CHVNWCrK|YQvONSga&sDh3wcHNm+_Z2GR|5=U_v;r6
zJ(INB?=(e|Ee1=4hB_j80Ks?g*mI=1H&>~vSp2jH5~z!6)Iwy1i7rep-&ieKM_xJF
zVuH&SSR<#|_D)afCQ7Yt?o2VZ*K2=eLS{*zFcK}M<cLC(iagF}Doy|uz&f%e7G#FS
z$QyWH^4c))-a<&qW!-0jp54Z-TK_4sckD9rj+(+!zLPziLoH5(rlz<ZP%r-X`mLyE
zncXERPA&&wqVf};1@}no(D7OOug8YUD}#C2qUyGrl{XAuMS@w}Jf}uP2b|ydd+pdB
z0>~6D@K^TtLE9cHNvwTI<%Kl|F$E9_Zue(F$)eti$44F67$SS~_6chGE%?zD<Wqsf
zL81Yc)|c01?kV$5hT~PDU;DC9XF!6wDx)`OAyea}!l>pP2cOu)&rK{RHq<<F@jvOX
zxC?>I+ph0$CfzTvKCW*hK!or5HN-S?`wh$u_!mgAEbhD$%f-O!`m4u3vGVu1-_V;u
z!jK@}Mkboyy+?0*7FlR&FY4tqWSbdSSR@EYUph6a;Cc3}96j$*@Rwhu4+Ze~DDR&Z
zW_In-2UyEr&v#2!jvX`)T=Q2#-ie|O*1&%EREGH5^2g>B`hv@u*<D`I9q;6hM811>
zHmwbgr>m{>`0+=qV)UgFRaWvd`%}%bBqZnXZ7vYluygkxwa?DVN~o4~z<FZvZtS8d
z-tnSW{F|qq7{@fl?L@r3xV!^BdCl?*f|o5E9U0*JU&uD2lVNKHX#*%X9k=<(iM@@s
z#!Yp`P7XO*+Q)OwUSA!Zd|ag|3*X1@>0S}ul&)qdal7I%CM*2#q7B!n-MpE;R>@t!
zfc6&%t=*RrROX-K;0`eNVpVM6PD-jYV|6NvSL5~aeF6E)oNT_%ujf@{P}-eY?4`Ft
z03^<0>sp#zRrF)|if^rY)XkcFJ0`|5XN1M4hzf-WB&=O+8h4((l_cue-<TjeqC(5z
z_52yKMcV~+-%=t)C#$BWX4|q2>{R@gYIm-{sbw5qb?L)_*%)QO(uik|HhwtL3}}0#
z!kyD6@X^%!?-mdHU&t$N65wBps9W)UQOV{+UUG7Bn~8Px9(T|E0_(kxw6dz=P|LnM
zk_2`7ksO0nE}lqyNq>c~cvmx~z9KgRFb1QR`QbZ`%SF}sl68==nk26>V)W6Y(A)gs
zrTPc&EjG^?EInt258LEqmS+{yqFqm#{rl0K3;QUm&V;!<X{jR|+T;X~Ts{#wzrC_Q
z&!!2Gagp2W`0=W*ZmbXa53c#-zTkP^^}erM#;aG7hHaI}pC7*6eE7;*0;%>Eljr0;
zNM-Aak%nY{t32oXrKIqVOIv_Xp1hBC7FwnZj7r;f^{oa=vN0?hyI%I)TCZTLz68pQ
z8TG~3MlY`MiivDTgW61xKwNaY5RedbiGqh)HIR;UagG7}e~@3|5}q4iN=r+-6z^kZ
zWnYp$F!PS{*z<iX;vlvFesIp+((}v4Z!Gc5$PA^)-U*wzd}!B_@5z}GVo2@TiV?e?
zs1)WMJ$AqIgtz3e(gE+12P$$W1qx;ww2I>angl5|IL2(DVPqlrT-=_n;h%J!HTP?T
z2iT2Aro1;krQ#H675uba=m1Rt>XG)wCW%Qty=zXtCAPR<tQjT)s1I^TfTZtWHb^7@
zU9CAidDxi9xewGJ-_ExCQ56r#UIGkKE0~$sMdZKOb-FdSV{s(l@W!m{Y{?P-?RP?+
zZ=>5TDB2AMqr1)5?~8j|C~`w2X^EFA854fb?<DvY-`xx7zB_xNag561dDUL0(Tc_f
zimhV$w%~<4f8=B4T1NAoNW~CNWnQYoaGa}nxMxb%<6pDxxvoXjMCRUU(wM*;fMM7P
z<|R}i=39=?AJi>kPM6h2rOO-Tmpy(hZt!Bf($mMxpP+0OWl{e4QM9S<|I^l)heOr=
zfBcMHBBID%o>Eb=%Q|JL$WmlUmZ*d*DNBusQV(gNEQK&Bk$q$dF?x_K&DgW6$UgQN
z4CD7X&-b~0e|*1BS65e8SLU2E=iHzB^M1cy_qk7muLXS-k%&Lsd2!NedH#c2CCBi}
zJQ{;kodQAuqFDCzB*;S1uK=FP#tp<!)=C5nI?F`QJu5>U9pV&3=)D~bzUYKFnXvi4
ziY&M8I{+G)b<rhsFV`i6B`cvomV|v*LF*S588^jfcr0l^nSjp7p+wd!LlCSK0ZB#c
z_-5y=tO&XrDVU!}8PsuNjFQeb^w#h%;Em!{#{Ja1>cKP6xIO&`D%b3(hhc6&`_eWF
zf0*+zOH1_1VPjv_RACF74V)PvQc_CTm)#k9gjlYfY?C~zN=V(ogXGx>5GXLw#mUhy
zs{Y)()#hTYo4ZtRi=)*Qyv??CR_QQqDv4e3BrQ;3>xks3#N@2TB_uODfSkhUoRSn^
z4JO-Frf?9Bh)juz5(9@YyR>hpBhAfHu13Lyuj2A;ju*f`rZQY38M`ecp1)LaYJYK)
zWJ8<TtQ*rQktJ16DQ{mOqS~a5v~g_lmCF&(#_pv0{;I85I*sam>iwq|EXDs{D4ZJ#
zxDqZl53KWNKkK(EytdamI7whmWEf{&4$Y0q1kJKNzOe|uCoDey4m0|qfQD1>nUYSb
zT<Su=jQ;e<%AF`ZmQJ_N@Y%Wx?+$6HY<M{lGqBLWU09#lVsyeZ+Rhxlw#yrI%WrBe
z9!ep21+vnkJ5L$K{L4f)ycZZCJp7O(LN88%H?+gsY-IxcKE-}dbf>QGMf+dSlm{(i
zV52HFm^h$6v(+7QN7k}8H+F@BZ}|h9h1G#_bC#pm7jmY@%0f#2DiDn61;Xl_sKtha
z9CvNt8L*XZ==6Vh$UQkJ79Cf~ecN!LssVgnxR{0BRpmaAg=bpw7U~zu(4h9{<=vso
zx=a}2_(L((I%bTTM0vm(3}GfJFE1w^UX+F6RdC+xm}?_AT8WA|K|W++uI(R!Uy-l2
zNxa~YLB%9aGERdO*q#4E3+6p=XPrTd!Ov}&VMNiwFrjP4T>g34{SwV>8UslZek^w@
zHfdlL=7_Z1H`y>nF^+5^xtRU;?f`I9nXoZN5eWq=SEflkOm8!o4H%fOIj=CgLczd~
zRdxv-{QSu+eK`9o04xxEE*m>Yw+V4U$xVNMNlYvW!iS}#vF=oiEqoPf@r?&~i1e|r
zLV4)fpdkDJNkYOc-%7Fn`qeN06B?^R!-^COFsUuuXA29%6B7=(9R1koQS(||ZpEO$
zD91`jS+<`n<LhG!uk>rRTC&M^3<ov4agpuwpe)7T+|>S^-4E$2iRJks;()0HExs$?
z;!F3IV6KuKmA%Q563i*m&6DP{otx`Xd;s{>FD`c0Q~yk<d7YB|@g+FKA%P{{%{3rE
z5*z;r6+I~^ae^#FpmMSDTe!Xda{ATNC7+OJToKTK7=M|SSEhZ?_{HL+B9>GFO^jQ+
z1`qG$$lOpx=p(|P?CL%mx2skBl4H*thW8Np84>E*9stnNgvlV}RbkjUw|T1Bb6SNJ
zfE5UhYx9ojD9LO=AMmhT%<o{}t-_(ucA;bib$tWru+pIl`ZYC6HJ3CgN81Jec>W3_
z2i0~hnMK9IsiB)dgMJWAJz4@gx(4|`9{fW;b)OeGqJro-uxtd>8dp~8Nf|&wG)*rj
zKVSA&Siw~(&>ONkr&Q=4zB4kw#?QwYbR2N`$wCl~Na2tse5)ce-FZN<H|Y{9FdEwZ
zj~_g0KjYxQ3I~AFc?{qw|C6AN6RZ2tjE!zQ|G)&!3WifwSv@EdUfzXPC7fB}Z}meZ
zCxe!=@}PNe;+WZ+<_($F;wgh;Rs_Z@6Y7GtWadAHPvy3mo0@3dEFo8|Wr8Slwx{Mn
zyD-Gz3=Mq3ULFJ-o5MDW4_AhIZjd}2Wn4}}(ovYZ^Su<NSOTE5!P)r}gf;n0%t}lb
zBDBvHm<_=XeF>%AZlR>|a-&2AmWv2?jNFf@GB890pvO#9WFM}W9kshcjCupL;mZjp
zUTlcCPQdn5ysiM+(5db?(Dp?CL{rBDsEwqxAseaU^z<E|AY{#x_1)YuE==rg=qom-
zu`)amT42r}{2RwYpp|N`jWm>}1<xCbAJXKmOnaBB`oPFoumSilppRBXiC59qRd+1q
za+;pvq%()JQ}Z9bQSC+vt|K~pOH4<&*_==IGJbkl0^Bk=G77FwG$<|*LPTF;xrB8_
z9ZD4OiEHnXZ7NSCS4txH#6my+JoNJumA(Y3w9F!1&vjcUhxCLNU5a$v{)Di+gY}Ya
zWeW-6AV?%TSQjn3vO7cKGF!LKTEroZ9G$ZMT5??-5k72&T3-cyGjPZF-ccH0umcb#
zLl>AB4|)QH>MuZ;YJM14LeyBv1~s|{E@@053--GIv#U$Z-S+b4M>NDsFl+ob!c8uI
zk(J4dB{t=Pu?U`5obu7L?eUOTqQVZf@lL(}`EaaE7UDxV3$U7_S3eobRQcOWnx$xR
zA`L@01R5zc05dU>yHYFLY-h4(xeeI20^9NeFc0?`-e=rmqw+RCdn4;CuDLxb)rtTj
z04nyyTjjlF*EPh^`wse-9iNKrc6h5&aeG-4rU5jC!+p1PR7Efn%=vAdAMHt1-H*l8
zPKU?I75_Pq=b*Vx51AVFo0yx7^B7Lgn4<LO=zHbzIfdk=WMpU4#XY+x;lY>7jzh}`
zC%|`58w}c}tzuv383Fv(FMRB+#zZz|KZhjM|IQKCIcNm@uDr*2<3Uh>ZpS*{Sz-5j
zejQ!2u2rZZ_V#@v@+}a#=r#*9Alm0|Zii>F^*>wwfvq7EM%P+cc=l37N=L_9MNJLO
z*5P5e2W53P1kJ#bwL-4ou6(6YCmLzMS7l{6vV@*KbapYz`Vct@gL81u0dtgJUG+>n
z`353y%}E7$y3^#v>D4wT)+2w{6zl1b6|hd>K|mu6Xt<mKYLeUqGQYK>L!KUx20qL7
z@lqM<#rQa#`!zpm0Uvye8J~3&8Q0mf_M&t)mXJ{&391%K0=UY-9E>+#6+u4=CGX@x
zQBRj6t11ZKtqM~-t-?3e5!2Vt8U~1*Fl~WzIoZAiic197_scmgUtpv+37J9~M(OWQ
zn|Kosu^K2$?T|Bu`eDIE5o=7aq0!q95!AHoQsCD^)}y*1j-$m<I|;l9r$<Z>iGP7P
zH?99jcNn~Dbi;R-BNw5{LN=+r@24K~DaIot5WFNRW^1ORB)#atUpWHvwVxaq;8SVb
z`MDL|Sb|~*&?+8~ZG2R68?pv~14r4k1cGMCD>4@N-*&Vr(NHi@P<|ESR}0^{f@z*x
zZG(dl7C&dmtErbtE4o+x?v1E=$`FyWK;?;N*G2>wKP!vm6X4H(`I#;^>gdI)iqw6t
z(@D>GdHOf=LI`g)j3|Jg(DzY9DAl7L`uA&-9)&2w2Zm8{ax(0wu>~zsZwuiB(6-~=
zuFx{A#Zir7pzz@@s5sFmfYSaR3{(*hfWv$>lhOP6BL4y_!OSH|N7l6Ji}Ti)R7H!&
zy&K|KU)BP>%Pd9LdjS`18aj9529HwLHAoJhky^3DOHLm{=u|)0e_in7^<VM7U$#%g
zX7dhMZsD;kpm?>O>P@=|8P@pZWc)8N^UXc~h>_KvF+oU#&oWDDb-GfCoCMKF5QyQa
z;l>gFsZAB^P>+^uXYlGsu9_<QRmK#xw3l_x;g>t|dsavK$zh;zBNOV<K0lO{lC@D-
zszZb(IQo0Qt>!o$9-egh#P5;!H>%XV@XA_)mV1&jIz9CLnvSmq!yjcT=ihQI#Nr6b
zQ1Nxc?uKgWV_&-BLUbd5Pg(I^))aF3$Oa=21Q++mtd_-oFhBjsI*{glo%5~tC<e`0
zE}#EB#KL!G&2+Ug=$-x?>Yop%0i_C#i04^#F6DDKHJ(aNITTW7@hlF3*nt}3PXNRi
zF$V`FDmk2u{`C0L*^wEQo!wb)o^lm#srB-zn0iOOx=&U%;;(sblR?sqec@?paQ*bv
z7SUXc?RjuTqCXp->olnaOJlhoQZAK=SeRW{JT$fFI!@3b?lggngPTV<!!sq{=j#2V
zn%40L-~#=SZYNfYSQ(0A$=$8h{~(FYN)SD69V{&=`SF1)+vEz9YQr}gm`WpyfD@>$
zuG$1Ay*@xjK}=CmY;xvL<{IiUC?CYLD?L)U@O<Vw;2989(R*kdO4nJIAJnP}Ga|Tv
zMDe_WFQ3(W6<2wxBnqgN(dy{nM7FgVB$`2qz!^X$2nrk7r2mDb3J}ztfA)0K{G)(;
zzIxVoUxs|_hqP{=aaBZuj}ttbGFerEDiQ_8O7k_So1l;Xw(4=L<Gd?uS^9{76dBAq
zK(`<FOW;&CdLa08KWn-X`=MnP4VtjiK6`ur1cv3(@S@k3{ypi=0LSJJ;UN`Hyxr)O
zRLgh}O%Ko4T>=xnt;5f!9uB$d!nS}M2u7g?pvYD3ir41VLmW5A;4Se3U$Yche%u}W
zZ>7E%u9uG*skiqU#GK30`xS*<PH^jC-36n4w9%72)16Wm&$j2?_#?{<vga3RXd2F#
z4YGASWP&%^Ez<0S4s|eJ7tg+EB0W*6Z&>66xn^t}_^V6U1rs)QgUXO8r{}VCZl*A*
z@!)k{%IT4|@nPwmwN`wolF;5y>H}2v2_^`Fpy`mR7F%vEZ-fRcO3;L{-5sJ=oPu_{
z*HbVpNWTCpUrpjqJ#)<zvl4ZtB9(PcLW@txoX=_>RxHB{Cel8)h>~7d2VC{#`M^-0
zjr=Dl3lrQylU=zLK$z?!X$4y2QxBAi?N<oNdH4)e#A`)0cJ#V?_~xFbvPG6g_(6mo
zr>!e@>+S_gJB(zCCym3n*_ewU8ak6-adDz>_4MY1+qP<T4(C!2gt=P8M>D?`;|1*^
zTtrVbiAS6-V;@Na0qcvZobT%d>*Z<2u176kc0xmixXMO3w{k}0V`f|He7Sj2Zr`<%
z&<}#z`4>ZA7SbipRB6ICr-I|<TH@d6g^}mdVTD5Gd3*n$jWvf?e*;+0oc-s+v2TY(
z_M;QN>o*!E`Au1wp|S}@LQ$C_nBDnXd55vn!~~HxrNyn%SEBIA)Tv?Aud#BcHnDGp
zb!~m5J+0lP_4J5e{ZQo*3a%Ci241DI_O7nMj4F3&=xL$ws~(H18qVf}A4m*Md&$2t
z85eNe&ePMLG!zxR?Jn0=Epa~6a@Eg$Manx(Y*J_YuwL7DkJJccMv0EUbbD0??Gmg)
z82JVGvESuHE$Vv)8&&QKGz@sEFxL`(T_8ty%I9$=oOVo}?-0}J9>+X11Hn&sfSN@Y
zTi`2dr)&vTFWeHmO71SV>#9K%hf8;v-Zm@aE$^#Y`K$i(T&G$|aVg_*U?hni9CerW
zh;eqG`E&rTn(-!|I6}IYmq*1!5!s<#guDSSIXnBkX5!}B6MKFZBp_TcL^s=#x7xcC
zDe7IjglJM+{RtKIu+6BqRn@iQuFVW316?mj`EaAdOp(l-;JaYI!+EVtFFpicC;|o{
zaC)D^5BCne3UouNv|52%4HkutI3}CSp_Bm3;~*@1if`WW5Sm#5O_#_0i(%2`&#Eqw
zci)dLO$SUmK~mg8_Ctl+Veb2+*jrLOkh!4;fNGu4a!?LuNg`W<H4VU=A5H=w#@ghy
z-`$y6UWO;!)XQ<x<3!EiJeDPQ<h&P@U)LL)lDfJ24wm(@rQ7H5?G%azVVCS|5){YS
zIGtK}xuyk7P47&kr6PHev${&FW+$**yQRc{m8b((VQ$^9GyL$D-S<~UU@^zYtWM~x
zav_S~(3P@ZMUx_d37D@KI=uUS@X1=Hhm<mq$kNJkoC#CvC}uJ^DGsSi0cc)bn`6M7
zt}<LcXr1Z%{!}lu^L25}9$xH^sb%+V*o$ld0d}pu-pBM^wGL*9&J)shLeu`=*eeRc
zPAat3M4pEmVdPoCo;$PiW`NxWbrY8A2r-ZV`uDlswy^jTGZmH6*YEOnDR_v^tzXtj
zvFZM`+RU*$G<kdZ=>Nd9@Tr4lZGoQA%)Up793361Z(f)29`Z^K@|rjn7`3^vc`paC
zGOf<@mU9fG5ppYeTD+34dQh?YmRh2Ty%b9S)3tYM|N5!VL=%UCuA9!F|NDl$Y;SMH
zT=@r1hk>rp-%eOo$^hFmvG?Lc$?JBPI!}{rnwmIDYtNJJ<bj}p9{n>yhX4J$L(5WK
zQ?sJAwI{4QUh?MooPwKu6xU)-)y;dNp)Ly8d7r>2i2-XZ^bwdWseG3FFW+Bg;J(iA
z8}#4(Iu*`LM+-O!uBFlaG+p!mJ{TOn13N0`nlZKri-+F+FN3^)@)w}$|8m`;25Fd+
f|MGERCpV>v9?p1P?$#PZ;MXZbGlRV2&iDQg<8<x8

literal 0
HcmV?d00001

diff --git a/filebeat/docs/modules/cyberarkpas.asciidoc b/filebeat/docs/modules/cyberarkpas.asciidoc
new file mode 100644
index 00000000000..446580eb5a8
--- /dev/null
+++ b/filebeat/docs/modules/cyberarkpas.asciidoc
@@ -0,0 +1,184 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-cyberarkpas]]
+[role="xpack"]
+
+:modulename: cyberarkpas
+:has-dashboards: false
+
+== Cyberark PAS module
+
+beta[]
+
+This is a module for receiving CyberArk Privileged Account Security (PAS) logs over Syslog or a file.
+
+The {plugins}/ingest-geoip.html[ingest-geoip] Elasticsearch plugin is required to run this module.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: audit
+
+[float]
+==== `audit` fileset settings
+
+The `audit` fileset receives Vault Audit logs for User and Safe activities over the syslog protocol.
+
+[float]
+===== Vault configuration
+
+Follow the steps under https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm[Security Information and Event Management (SIEM) Applications]
+documentation to setup the integration:
+
+- Copy the https://raw.githubusercontent.com/elastic/beats/{branch}/x-pack/filebeat/module/cyberarkpas/_meta/assets/elastic-json-v1.0.xsl[elastic-json-v1.0.xsl] XSL Translator file to
+the `Server\Syslog` folder.
+
+- Sample syslog configuration for `DBPARM.ini`:
+
+[source,ini]
+----
+[SYSLOG]
+UseLegacySyslogFormat=No
+SyslogTranslatorFile=Syslog\elastic-json-v1.0.xsl
+SyslogServerIP=<INSERT FILEBEAT IP HERE>
+SyslogServerPort=<INSERT FILEBEAT PORT HERE>
+SyslogServerProtocol=TCP
+----
+
+For proper timestamping of events, it's recommended to use the newer RFC5424 Syslog format
+(`UseLegacySyslogFormat=No`). To avoid event loss, use `TCP` or `TLS` protocols instead of `UDP`.
+
+[float]
+===== Filebeat configuration
+
+Edit the `cyberarkpas.yml` configuration. The following sample configuration will accept `TCP`
+protocol connections from all interfaces:
+
+[source,yaml]
+----
+- module: cyberarkpas
+  audit:
+    enabled: true
+
+    # Set which input to use between tcp (default), udp, or file.
+    #
+    var.input: tcp
+    var.syslog_host: 0.0.0.0
+    var.syslog_port: 9301
+
+    # With tcp input, set the optional tls configuration:
+    #var.ssl:
+    #  enabled: true
+    #  certificate: /path/to/cert.pem
+    #  key: /path/to/privatekey.pem
+    #  key_passphrase: 'password for my key'
+
+    # Uncoment to keep the original syslog event under event.original.
+    # var.preserve_original_event: true
+
+    # Set paths for the log files when file input is used.
+    # var.paths:
+----
+
+For encrypted communications, use the `TLS` protocol in the Vault's `DBPARM.ini` and use `tcp` input
+with `var.ssl` settings in Filebeat:
+
+[source,yaml]
+----
+- module: cyberarkpas
+  audit:
+    enabled: true
+
+    # Set which input to use between tcp (default), udp, or file.
+    #
+    var.input: tcp
+    var.syslog_host: 0.0.0.0
+    var.syslog_port: 9301
+
+    # With tcp input, set the optional tls configuration:
+    var.ssl:
+      enabled: true
+      certificate: /path/to/cert.pem
+      key: /path/to/privatekey.pem
+      key_passphrase: 'password for my key'
+
+    # Uncoment to keep the original syslog event under event.original.
+    # var.preserve_original_event: true
+
+    # Set paths for the log files when file input is used.
+    # var.paths:
+----
+
+[float]
+===== Configuration options
+
+include::../include/config-option-intro.asciidoc[]
+
+*`var.input`*::
+
+The input to use. One of `tcp` (default), `udp` or `file`.
+
+
+*`var.syslog_host`*::
+
+The address to listen to UDP or TCP based syslog traffic. Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+
+*`var.syslog_port`*::
+
+The port to listen for syslog traffic. Defaults to `9301`.
+
+NOTE: Ports below 1024 require Filebeat to run as root.
+
+
+*`var.ssl`*::
+
+Configuration options for SSL parameters to use when acting as a server for `TLS` protocol.
+See https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-server-config[SSL server configuration options.]
+for a description of the available sub-options.
+
+
+*`var.preserve_original_event`*::
+
+Set to `true` to store the original syslog message under the `event.original` field.
+Defaults to `false`.
+
+
+*`var.paths`*::
+
+An array of glob-based paths that specify where to look for the log files. All
+patterns supported by https://golang.org/pkg/path/filepath/#Glob[Go Glob]
+are also supported here. For example, you can use wildcards to fetch all files
+from a predefined level of subdirectories: `/path/to/log/*/*.log`. This
+fetches all `.log` files from the subfolders of `/path/to/log`. It does not
+fetch log files from the `/path/to/log` folder itself.
+
+This setting is only applicable when `file` input is configured.
+
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard:
+
+[role="screenshot"]
+image::./images/filebeat-cyberarkpas-overview.png[]
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-cyberarkpas,exported fields>> section.
+
diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc
index 5c13a6fa57e..3e554cc6407 100644
--- a/filebeat/docs/modules_list.asciidoc
+++ b/filebeat/docs/modules_list.asciidoc
@@ -17,6 +17,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-module-coredns>>
   * <<filebeat-module-crowdstrike>>
   * <<filebeat-module-cyberark>>
+  * <<filebeat-module-cyberarkpas>>
   * <<filebeat-module-cylance>>
   * <<filebeat-module-elasticsearch>>
   * <<filebeat-module-envoyproxy>>
@@ -90,6 +91,7 @@ include::modules/cisco.asciidoc[]
 include::modules/coredns.asciidoc[]
 include::modules/crowdstrike.asciidoc[]
 include::modules/cyberark.asciidoc[]
+include::modules/cyberarkpas.asciidoc[]
 include::modules/cylance.asciidoc[]
 include::modules/elasticsearch.asciidoc[]
 include::modules/envoyproxy.asciidoc[]
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
index f4c8f79bb0c..8d0ddda9143 100644
--- a/x-pack/filebeat/filebeat.reference.yml
+++ b/x-pack/filebeat/filebeat.reference.yml
@@ -789,6 +789,32 @@ filebeat.modules:
     # "+02:00" for GMT+02:00
     # var.tz_offset: local
 
+#----------------------------- CyberArk PAS Module -----------------------------
+- module: cyberarkpas
+  audit:
+    enabled: true
+
+    # Set which input to use between tcp (default), udp, or file.
+    #
+    # var.input: tcp
+
+    # var.syslog_host: localhost
+    # var.syslog_port: 9301
+
+    # With tcp input, set the optional tls configuration:
+    #var.ssl:
+    #  enabled: true
+    #  certificate: /path/to/cert.pem
+    #  key: /path/to/privatekey.pem
+    #  key_passphrase: 'password for my key'
+
+    # Uncoment to keep the original syslog event under event.original.
+    # var.preserve_original_event: true
+
+    # Set paths for the log files when file input is used.
+    # var.paths:
+
+
 #---------------------------- CylanceProtect Module ----------------------------
 - module: cylance
   protect:
diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go
index 26e47f5f9f3..94340a8c11c 100644
--- a/x-pack/filebeat/include/list.go
+++ b/x-pack/filebeat/include/list.go
@@ -25,6 +25,7 @@ import (
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/coredns"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/crowdstrike"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/cyberark"
+	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/cyberarkpas"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/cylance"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/envoyproxy"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/f5"
diff --git a/x-pack/filebeat/module/cyberarkpas/_meta/assets/elastic-json-v1.0.xsl b/x-pack/filebeat/module/cyberarkpas/_meta/assets/elastic-json-v1.0.xsl
new file mode 100644
index 00000000000..abd4777a52e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/_meta/assets/elastic-json-v1.0.xsl
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:import href="./Syslog/RFC5424Changes.xsl"/>
+<xsl:output method='text' version='1.0' encoding='UTF-8' indent='no'/>
+
+<!-- version control variables -->
+<xsl:variable name="format" select="'elastic'"/>
+<xsl:variable name="version" select="'1.0'"/>
+
+<!-- configuration -->
+<xsl:variable name="include_raw" select="0"/> <!-- save a "raw" key with the original XML -->
+
+<!-- main object with header info -->
+<xsl:template match="/">
+  <xsl:apply-imports/>
+  <xsl:text>{"format":"</xsl:text><xsl:value-of select="$format"/>
+  <xsl:text>","version":"</xsl:text><xsl:value-of select="$version"/>
+  <xsl:text>"</xsl:text>
+  <xsl:choose>
+    <xsl:when test="$include_raw=1">
+      <xsl:text>,"raw":</xsl:text>
+      <xsl:call-template name="json-string">
+        <xsl:with-param name="text">
+          <xsl:apply-templates select="*" mode="raw"/>
+        </xsl:with-param>
+      </xsl:call-template>
+    </xsl:when>
+  </xsl:choose>
+  <xsl:text>,</xsl:text>
+  <xsl:apply-templates select="*" mode="object"/>
+  <!-- this text below includes the terminating newline -->
+  <xsl:text>}&#xa;</xsl:text>
+</xsl:template>
+
+<xsl:template match="*" mode="raw">
+    <xsl:value-of select="concat('&lt;', name())" />
+    <xsl:for-each select="@*">
+      <xsl:value-of select="concat(' ', name(), '=&quot;', ., '&quot;')"/>
+    </xsl:for-each>
+    <xsl:text>&gt;</xsl:text>
+    <xsl:apply-templates mode="raw"/>
+    <xsl:value-of select="concat('&lt;/', name(), '&gt;')" />
+  </xsl:template>
+
+<!-- serialize objects -->
+<xsl:template match="*" mode="object">
+  <xsl:text>&quot;</xsl:text>
+  <xsl:value-of select="name()"/><xsl:text>&quot;:</xsl:text><xsl:call-template name="value">
+        <xsl:with-param name="parent" select="1"/>
+    </xsl:call-template>
+</xsl:template>
+
+<!-- serialize array elements -->
+<xsl:template match="*" mode="array">
+    <xsl:call-template name="value"/>
+</xsl:template>
+
+<!-- value of node serializer -->
+<xsl:template name="value">
+  <xsl:param name="parent"/>
+  <xsl:variable name="childName" select="name(*[1])"/>
+  <xsl:choose>
+    <xsl:when test="not(*|@*)">
+      <xsl:choose>
+        <xsl:when test="$parent=1">
+          <xsl:call-template name="json-string">
+            <xsl:with-param name="text" select="."/>
+          </xsl:call-template>
+          </xsl:when>
+        <xsl:otherwise>
+          <xsl:call-template name="json-string">
+            <xsl:with-param name="text" select="name()"/>
+          </xsl:call-template>
+          <xsl:text>:</xsl:text>
+          <xsl:call-template name="json-string">
+            <xsl:with-param name="text" select="."/>
+          </xsl:call-template>
+          </xsl:otherwise>
+      </xsl:choose>
+    </xsl:when>
+    <xsl:when test="count(*[name()=$childName]) > 1">
+      <xsl:text>{</xsl:text>
+      <xsl:call-template name="json-string">
+        <xsl:with-param name="text" select="$childName"/>
+      </xsl:call-template>
+      <xsl:text>:[</xsl:text>
+      <xsl:apply-templates select="*" mode="array"/>
+      <xsl:text>]}</xsl:text>
+      </xsl:when>
+    <xsl:otherwise>
+      <xsl:text>{</xsl:text>
+        <xsl:apply-templates select="@*" mode="attrs"/>
+        <xsl:if test='count(@*)>0 and count(*)>0'>,</xsl:if>
+        <xsl:apply-templates select="*" mode="object"/>
+      <xsl:text>}</xsl:text>
+    </xsl:otherwise>
+  </xsl:choose>
+  <xsl:if test="following-sibling::*"><xsl:text>,</xsl:text></xsl:if>
+</xsl:template>
+
+<!-- serialize attributes -->
+<xsl:template match="@*" mode="attrs">
+    <xsl:call-template name="json-string">
+      <xsl:with-param name="text" select="name()"/>
+    </xsl:call-template>
+    <xsl:text>:</xsl:text>
+    <xsl:call-template name="json-string">
+      <xsl:with-param name="text" select="."/>
+    </xsl:call-template>
+    <xsl:if test="position()!=last()"><xsl:text>,</xsl:text></xsl:if>
+</xsl:template>
+
+<!-- json-string converts a text to a quoted and escaped JSON string -->
+<xsl:template name="json-string">
+  <xsl:param name="text"/>
+  <xsl:variable name="tmp">
+      <xsl:call-template name="string-replace">
+        <xsl:with-param name="string" select="$text"/>
+        <xsl:with-param name="from" select="'\'"/>
+        <xsl:with-param name="to" select="'\\'"/>
+      </xsl:call-template>
+  </xsl:variable>
+  <xsl:variable name="tmp2">
+    <xsl:call-template name="string-replace">
+      <xsl:with-param name="string" select="$tmp"/>
+      <xsl:with-param name="from" select="'&#xa;'"/>
+      <xsl:with-param name="to" select="'\n'"/>
+    </xsl:call-template>
+  </xsl:variable>
+  <xsl:text>&quot;</xsl:text>
+  <xsl:call-template name="string-replace">
+    <xsl:with-param name="string" select="translate($tmp2,'&#9;&#xd;','  ')"/>
+    <xsl:with-param name="from" select="'&quot;'"/>
+    <xsl:with-param name="to" select="'\&quot;'"/>
+  </xsl:call-template>
+  <xsl:text>&quot;</xsl:text>
+</xsl:template>
+
+<!-- replace all occurences of the character(s) `from'
+ by the string `to' in the string `string'.-->
+<xsl:template name="string-replace">
+  <xsl:param name="string"/>
+  <xsl:param name="from"/>
+  <xsl:param name="to"/>
+  <xsl:choose>
+    <xsl:when test="contains($string,$from)">
+      <xsl:value-of select="substring-before($string,$from)"/>
+      <xsl:value-of select="$to"/>
+      <xsl:call-template name="string-replace">
+        <xsl:with-param name="string" select="substring-after($string,$from)"/>
+        <xsl:with-param name="from" select="$from"/>
+        <xsl:with-param name="to" select="$to"/>
+      </xsl:call-template>
+    </xsl:when>
+    <xsl:otherwise>
+      <xsl:value-of select="$string"/>
+    </xsl:otherwise>
+  </xsl:choose>
+</xsl:template>
+ 
+</xsl:stylesheet>
diff --git a/x-pack/filebeat/module/cyberarkpas/_meta/config.yml b/x-pack/filebeat/module/cyberarkpas/_meta/config.yml
new file mode 100644
index 00000000000..4ebf2db818d
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/_meta/config.yml
@@ -0,0 +1,24 @@
+- module: cyberarkpas
+  audit:
+    enabled: true
+
+    # Set which input to use between tcp (default), udp, or file.
+    #
+    # var.input: tcp
+
+    # var.syslog_host: localhost
+    # var.syslog_port: 9301
+
+    # With tcp input, set the optional tls configuration:
+    #var.ssl:
+    #  enabled: true
+    #  certificate: /path/to/cert.pem
+    #  key: /path/to/privatekey.pem
+    #  key_passphrase: 'password for my key'
+
+    # Uncoment to keep the original syslog event under event.original.
+    # var.preserve_original_event: true
+
+    # Set paths for the log files when file input is used.
+    # var.paths:
+
diff --git a/x-pack/filebeat/module/cyberarkpas/_meta/docs.asciidoc b/x-pack/filebeat/module/cyberarkpas/_meta/docs.asciidoc
new file mode 100644
index 00000000000..af66f19cd4e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/_meta/docs.asciidoc
@@ -0,0 +1,171 @@
+[role="xpack"]
+
+:modulename: cyberarkpas
+:has-dashboards: false
+
+== Cyberark PAS module
+
+beta[]
+
+This is a module for receiving CyberArk Privileged Account Security (PAS) logs over Syslog or a file.
+
+The {plugins}/ingest-geoip.html[ingest-geoip] Elasticsearch plugin is required to run this module.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: audit
+
+[float]
+==== `audit` fileset settings
+
+The `audit` fileset receives Vault Audit logs for User and Safe activities over the syslog protocol.
+
+[float]
+===== Vault configuration
+
+Follow the steps under https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm[Security Information and Event Management (SIEM) Applications]
+documentation to setup the integration:
+
+- Copy the https://raw.githubusercontent.com/elastic/beats/{branch}/x-pack/filebeat/module/cyberarkpas/_meta/assets/elastic-json-v1.0.xsl[elastic-json-v1.0.xsl] XSL Translator file to
+the `Server\Syslog` folder.
+
+- Sample syslog configuration for `DBPARM.ini`:
+
+[source,ini]
+----
+[SYSLOG]
+UseLegacySyslogFormat=No
+SyslogTranslatorFile=Syslog\elastic-json-v1.0.xsl
+SyslogServerIP=<INSERT FILEBEAT IP HERE>
+SyslogServerPort=<INSERT FILEBEAT PORT HERE>
+SyslogServerProtocol=TCP
+----
+
+For proper timestamping of events, it's recommended to use the newer RFC5424 Syslog format
+(`UseLegacySyslogFormat=No`). To avoid event loss, use `TCP` or `TLS` protocols instead of `UDP`.
+
+[float]
+===== Filebeat configuration
+
+Edit the `cyberarkpas.yml` configuration. The following sample configuration will accept `TCP`
+protocol connections from all interfaces:
+
+[source,yaml]
+----
+- module: cyberarkpas
+  audit:
+    enabled: true
+
+    # Set which input to use between tcp (default), udp, or file.
+    #
+    var.input: tcp
+    var.syslog_host: 0.0.0.0
+    var.syslog_port: 9301
+
+    # With tcp input, set the optional tls configuration:
+    #var.ssl:
+    #  enabled: true
+    #  certificate: /path/to/cert.pem
+    #  key: /path/to/privatekey.pem
+    #  key_passphrase: 'password for my key'
+
+    # Uncoment to keep the original syslog event under event.original.
+    # var.preserve_original_event: true
+
+    # Set paths for the log files when file input is used.
+    # var.paths:
+----
+
+For encrypted communications, use the `TLS` protocol in the Vault's `DBPARM.ini` and use `tcp` input
+with `var.ssl` settings in Filebeat:
+
+[source,yaml]
+----
+- module: cyberarkpas
+  audit:
+    enabled: true
+
+    # Set which input to use between tcp (default), udp, or file.
+    #
+    var.input: tcp
+    var.syslog_host: 0.0.0.0
+    var.syslog_port: 9301
+
+    # With tcp input, set the optional tls configuration:
+    var.ssl:
+      enabled: true
+      certificate: /path/to/cert.pem
+      key: /path/to/privatekey.pem
+      key_passphrase: 'password for my key'
+
+    # Uncoment to keep the original syslog event under event.original.
+    # var.preserve_original_event: true
+
+    # Set paths for the log files when file input is used.
+    # var.paths:
+----
+
+[float]
+===== Configuration options
+
+include::../include/config-option-intro.asciidoc[]
+
+*`var.input`*::
+
+The input to use. One of `tcp` (default), `udp` or `file`.
+
+
+*`var.syslog_host`*::
+
+The address to listen to UDP or TCP based syslog traffic. Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+
+*`var.syslog_port`*::
+
+The port to listen for syslog traffic. Defaults to `9301`.
+
+NOTE: Ports below 1024 require Filebeat to run as root.
+
+
+*`var.ssl`*::
+
+Configuration options for SSL parameters to use when acting as a server for `TLS` protocol.
+See https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-server-config[SSL server configuration options.]
+for a description of the available sub-options.
+
+
+*`var.preserve_original_event`*::
+
+Set to `true` to store the original syslog message under the `event.original` field.
+Defaults to `false`.
+
+
+*`var.paths`*::
+
+An array of glob-based paths that specify where to look for the log files. All
+patterns supported by https://golang.org/pkg/path/filepath/#Glob[Go Glob]
+are also supported here. For example, you can use wildcards to fetch all files
+from a predefined level of subdirectories: `/path/to/log/*/*.log`. This
+fetches all `.log` files from the subfolders of `/path/to/log`. It does not
+fetch log files from the `/path/to/log` folder itself.
+
+This setting is only applicable when `file` input is configured.
+
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard:
+
+[role="screenshot"]
+image::./images/filebeat-cyberarkpas-overview.png[]
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
diff --git a/x-pack/filebeat/module/cyberarkpas/_meta/fields.yml b/x-pack/filebeat/module/cyberarkpas/_meta/fields.yml
new file mode 100644
index 00000000000..8ac73cb4913
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/_meta/fields.yml
@@ -0,0 +1,10 @@
+- key: cyberarkpas
+  title: CyberArk PAS
+  description: >
+    cyberarkpas fields.
+  fields:
+    - name: cyberarkpas
+      type: group
+      default_field: false
+      fields:
+
diff --git a/x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json b/x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json
new file mode 100644
index 00000000000..bac1c083f52
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json
@@ -0,0 +1,1574 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "Dashboard for CyberArk Privileged Access Security events.",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {
+            "filter": [
+              {
+                "$state": {
+                  "store": "appState"
+                },
+                "meta": {
+                  "alias": null,
+                  "disabled": false,
+                  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+                  "key": "event.dataset",
+                  "negate": false,
+                  "params": {
+                    "query": "cyberarkpas.audit"
+                  },
+                  "type": "phrase"
+                },
+                "query": {
+                  "match_phrase": {
+                    "event.dataset": "cyberarkpas.audit"
+                  }
+                }
+              }
+            ],
+            "query": {
+              "language": "kuery",
+              "query": ""
+            }
+          }
+        },
+        "optionsJSON": {
+          "hidePanelTitles": false,
+          "useMargins": true
+        },
+        "panelsJSON": [
+          {
+            "embeddableConfig": {
+              "enhancements": {},
+              "hidePanelTitles": false,
+              "savedVis": {
+                "data": {
+                  "aggs": [],
+                  "searchSource": {
+                    "filter": [],
+                    "query": {
+                      "language": "kuery",
+                      "query": ""
+                    }
+                  }
+                },
+                "description": "",
+                "params": {
+                  "controls": [
+                    {
+                      "fieldName": "observer.hostname",
+                      "id": "1617726994032",
+                      "indexPattern": "filebeat-*",
+                      "indexPatternRefName": "control_0_index_pattern",
+                      "label": " By Vault host",
+                      "options": {
+                        "dynamicOptions": true,
+                        "multiselect": true,
+                        "order": "desc",
+                        "size": 5,
+                        "type": "terms"
+                      },
+                      "parent": "",
+                      "type": "list"
+                    },
+                    {
+                      "fieldName": "event.code",
+                      "id": "1617811797137",
+                      "indexPattern": "filebeat-*",
+                      "indexPatternRefName": "control_1_index_pattern",
+                      "label": "By event code",
+                      "options": {
+                        "dynamicOptions": true,
+                        "multiselect": true,
+                        "order": "desc",
+                        "size": 5,
+                        "type": "terms"
+                      },
+                      "parent": "",
+                      "type": "list"
+                    }
+                  ],
+                  "pinFilters": false,
+                  "updateFiltersOnChange": true,
+                  "useTimeFilter": false
+                },
+                "title": "",
+                "type": "input_control_vis",
+                "uiState": {}
+              }
+            },
+            "gridData": {
+              "h": 9,
+              "i": "1007fa0d-a6a1-4682-a346-a90acc179da5",
+              "w": 10,
+              "x": 0,
+              "y": 0
+            },
+            "panelIndex": "1007fa0d-a6a1-4682-a346-a90acc179da5",
+            "title": "Filters",
+            "type": "visualization",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "enhancements": {},
+              "hidePanelTitles": false,
+              "savedVis": {
+                "data": {
+                  "aggs": [],
+                  "searchSource": {
+                    "filter": [],
+                    "query": {
+                      "language": "kuery",
+                      "query": ""
+                    }
+                  }
+                },
+                "description": "",
+                "params": {
+                  "axis_formatter": "number",
+                  "axis_position": "left",
+                  "axis_scale": "normal",
+                  "default_index_pattern": "filebeat-*",
+                  "default_timefield": "@timestamp",
+                  "filter": {
+                    "language": "kuery",
+                    "query": "event.dataset:\"cyberarkpas.audit\" "
+                  },
+                  "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+                  "index_pattern": "",
+                  "interval": "",
+                  "isModelInvalid": false,
+                  "series": [
+                    {
+                      "axis_position": "right",
+                      "chart_type": "bar",
+                      "color": "#68BC00",
+                      "fill": 0.5,
+                      "formatter": "number",
+                      "hide_in_legend": 0,
+                      "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+                      "label": "",
+                      "line_width": 1,
+                      "metrics": [
+                        {
+                          "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+                          "type": "count"
+                        }
+                      ],
+                      "override_index_pattern": 0,
+                      "palette": {
+                        "name": "rainbow",
+                        "params": {
+                          "colors": [
+                            "#68BC00",
+                            "#009CE0",
+                            "#B0BC00",
+                            "#16A5A5",
+                            "#D33115",
+                            "#E27300",
+                            "#FCC400",
+                            "#7B64FF",
+                            "#FA28FF",
+                            "#333333",
+                            "#808080",
+                            "#194D33",
+                            "#0062B1",
+                            "#808900",
+                            "#0C797D",
+                            "#9F0500",
+                            "#C45100",
+                            "#FB9E00",
+                            "#653294",
+                            "#AB149E",
+                            "#0F1419",
+                            "#666666"
+                          ],
+                          "gradient": false
+                        },
+                        "type": "palette"
+                      },
+                      "point_size": 1,
+                      "separate_axis": 0,
+                      "split_color_mode": null,
+                      "split_mode": "terms",
+                      "stacked": "stacked",
+                      "terms_field": "cyberarkpas.audit.desc",
+                      "type": "timeseries"
+                    }
+                  ],
+                  "show_grid": 1,
+                  "show_legend": 1,
+                  "time_field": "",
+                  "time_range_mode": "entire_time_range",
+                  "tooltip_mode": "show_all",
+                  "type": "timeseries",
+                  "use_kibana_indexes": true
+                },
+                "title": "",
+                "type": "metrics",
+                "uiState": {}
+              }
+            },
+            "gridData": {
+              "h": 13,
+              "i": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e",
+              "w": 38,
+              "x": 10,
+              "y": 0
+            },
+            "panelIndex": "f2dc3750-9b7c-4b0e-a45d-3d3b08f74f3e",
+            "title": "event types by time",
+            "type": "visualization",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "attributes": {
+                "references": [
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-current-indexpattern",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203",
+                    "type": "index-pattern"
+                  }
+                ],
+                "state": {
+                  "datasourceStates": {
+                    "indexpattern": {
+                      "layers": {
+                        "33bc0096-e418-4f81-9c7c-7fdd16cc5203": {
+                          "columnOrder": [
+                            "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12"
+                          ],
+                          "columns": {
+                            "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12": {
+                              "customLabel": true,
+                              "dataType": "number",
+                              "isBucketed": false,
+                              "label": " ",
+                              "operationType": "count",
+                              "scale": "ratio",
+                              "sourceField": "Records"
+                            }
+                          },
+                          "incompleteColumns": {}
+                        }
+                      }
+                    }
+                  },
+                  "filters": [],
+                  "query": {
+                    "language": "kuery",
+                    "query": ""
+                  },
+                  "visualization": {
+                    "accessor": "eedd5aa8-a7c4-466a-b10b-3a8cba3bac12",
+                    "layerId": "33bc0096-e418-4f81-9c7c-7fdd16cc5203"
+                  }
+                },
+                "title": "",
+                "type": "lens",
+                "visualizationType": "lnsMetric"
+              },
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 4,
+              "i": "af9e9f0b-a40c-411e-b441-2a779983ed24",
+              "w": 10,
+              "x": 0,
+              "y": 9
+            },
+            "panelIndex": "af9e9f0b-a40c-411e-b441-2a779983ed24",
+            "title": "Count of events",
+            "type": "lens",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "attributes": {
+                "references": [
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-current-indexpattern",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3",
+                    "type": "index-pattern"
+                  }
+                ],
+                "state": {
+                  "datasourceStates": {
+                    "indexpattern": {
+                      "layers": {
+                        "de047c06-a965-47aa-8a15-8b0266d5abc3": {
+                          "columnOrder": [
+                            "b916e5f5-a64a-49f1-b37a-ee1825fc61a4",
+                            "3effd03e-0ed9-4e2d-ba8e-d77ae505092e"
+                          ],
+                          "columns": {
+                            "3effd03e-0ed9-4e2d-ba8e-d77ae505092e": {
+                              "dataType": "number",
+                              "isBucketed": false,
+                              "label": "Count of records",
+                              "operationType": "count",
+                              "scale": "ratio",
+                              "sourceField": "Records"
+                            },
+                            "b916e5f5-a64a-49f1-b37a-ee1825fc61a4": {
+                              "dataType": "string",
+                              "isBucketed": true,
+                              "label": "Top values of event.outcome",
+                              "operationType": "terms",
+                              "params": {
+                                "missingBucket": false,
+                                "orderBy": {
+                                  "columnId": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e",
+                                  "type": "column"
+                                },
+                                "orderDirection": "desc",
+                                "otherBucket": true,
+                                "size": 5
+                              },
+                              "scale": "ordinal",
+                              "sourceField": "event.outcome"
+                            }
+                          },
+                          "incompleteColumns": {}
+                        }
+                      }
+                    }
+                  },
+                  "filters": [],
+                  "query": {
+                    "language": "kuery",
+                    "query": ""
+                  },
+                  "visualization": {
+                    "layers": [
+                      {
+                        "categoryDisplay": "default",
+                        "groups": [
+                          "b916e5f5-a64a-49f1-b37a-ee1825fc61a4"
+                        ],
+                        "layerId": "de047c06-a965-47aa-8a15-8b0266d5abc3",
+                        "legendDisplay": "default",
+                        "metric": "3effd03e-0ed9-4e2d-ba8e-d77ae505092e",
+                        "nestedLegend": false,
+                        "numberDisplay": "percent"
+                      }
+                    ],
+                    "shape": "donut"
+                  }
+                },
+                "title": "",
+                "type": "lens",
+                "visualizationType": "lnsPie"
+              },
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 13,
+              "i": "7031905a-92ab-4e0e-aa58-72f1c07ff409",
+              "w": 10,
+              "x": 0,
+              "y": 13
+            },
+            "panelIndex": "7031905a-92ab-4e0e-aa58-72f1c07ff409",
+            "title": "Breakdown by outcome",
+            "type": "lens",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "attributes": {
+                "references": [
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-current-indexpattern",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "filter-index-pattern-0",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "filter-index-pattern-1",
+                    "type": "index-pattern"
+                  }
+                ],
+                "state": {
+                  "datasourceStates": {
+                    "indexpattern": {
+                      "layers": {
+                        "19858811-84d1-4f50-901c-dc1451972324": {
+                          "columnOrder": [
+                            "81dcff19-b14a-4e4b-999e-dbbcbdfdf816",
+                            "e3526253-18e0-4122-b112-ee5b4b9e23d7"
+                          ],
+                          "columns": {
+                            "81dcff19-b14a-4e4b-999e-dbbcbdfdf816": {
+                              "dataType": "string",
+                              "isBucketed": true,
+                              "label": "Top values of destination.user.name",
+                              "operationType": "terms",
+                              "params": {
+                                "missingBucket": false,
+                                "orderBy": {
+                                  "type": "alphabetical"
+                                },
+                                "orderDirection": "asc",
+                                "otherBucket": true,
+                                "size": 10
+                              },
+                              "scale": "ordinal",
+                              "sourceField": "destination.user.name"
+                            },
+                            "e3526253-18e0-4122-b112-ee5b4b9e23d7": {
+                              "dataType": "number",
+                              "isBucketed": false,
+                              "label": "Count of records",
+                              "operationType": "count",
+                              "scale": "ratio",
+                              "sourceField": "Records"
+                            }
+                          },
+                          "incompleteColumns": {}
+                        }
+                      }
+                    }
+                  },
+                  "filters": [
+                    {
+                      "$state": {
+                        "store": "appState"
+                      },
+                      "meta": {
+                        "alias": null,
+                        "disabled": false,
+                        "indexRefName": "filter-index-pattern-0",
+                        "key": "event.dataset",
+                        "negate": false,
+                        "params": {
+                          "query": "cyberarkpas.audit"
+                        },
+                        "type": "phrase"
+                      },
+                      "query": {
+                        "match_phrase": {
+                          "event.dataset": "cyberarkpas.audit"
+                        }
+                      }
+                    },
+                    {
+                      "$state": {
+                        "store": "appState"
+                      },
+                      "meta": {
+                        "alias": null,
+                        "disabled": false,
+                        "indexRefName": "filter-index-pattern-1",
+                        "key": "event.code",
+                        "negate": false,
+                        "params": [
+                          "308",
+                          "22",
+                          "319",
+                          "295"
+                        ],
+                        "type": "phrases"
+                      },
+                      "query": {
+                        "bool": {
+                          "minimum_should_match": 1,
+                          "should": [
+                            {
+                              "match_phrase": {
+                                "event.code": "308"
+                              }
+                            },
+                            {
+                              "match_phrase": {
+                                "event.code": "22"
+                              }
+                            },
+                            {
+                              "match_phrase": {
+                                "event.code": "319"
+                              }
+                            },
+                            {
+                              "match_phrase": {
+                                "event.code": "295"
+                              }
+                            }
+                          ]
+                        }
+                      }
+                    }
+                  ],
+                  "query": {
+                    "language": "kuery",
+                    "query": ""
+                  },
+                  "visualization": {
+                    "layers": [
+                      {
+                        "categoryDisplay": "default",
+                        "groups": [
+                          "81dcff19-b14a-4e4b-999e-dbbcbdfdf816",
+                          "81dcff19-b14a-4e4b-999e-dbbcbdfdf816",
+                          "81dcff19-b14a-4e4b-999e-dbbcbdfdf816",
+                          "81dcff19-b14a-4e4b-999e-dbbcbdfdf816",
+                          "81dcff19-b14a-4e4b-999e-dbbcbdfdf816",
+                          "81dcff19-b14a-4e4b-999e-dbbcbdfdf816"
+                        ],
+                        "layerId": "19858811-84d1-4f50-901c-dc1451972324",
+                        "legendDisplay": "default",
+                        "metric": "e3526253-18e0-4122-b112-ee5b4b9e23d7",
+                        "nestedLegend": false,
+                        "numberDisplay": "percent"
+                      }
+                    ],
+                    "shape": "donut"
+                  }
+                },
+                "title": "",
+                "type": "lens",
+                "visualizationType": "lnsPie"
+              },
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 13,
+              "i": "a24b9c0c-da95-4016-9fe5-2c0d34005832",
+              "w": 11,
+              "x": 10,
+              "y": 13
+            },
+            "panelIndex": "a24b9c0c-da95-4016-9fe5-2c0d34005832",
+            "title": "Top 10 user credentials accessed",
+            "type": "lens",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "attributes": {
+                "references": [
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-current-indexpattern",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "filter-index-pattern-0",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "filter-index-pattern-1",
+                    "type": "index-pattern"
+                  }
+                ],
+                "state": {
+                  "datasourceStates": {
+                    "indexpattern": {
+                      "layers": {
+                        "50325938-6a9e-4a26-946e-4468e68c6591": {
+                          "columnOrder": [
+                            "8a965540-daa1-4848-80bb-96ddf53a328f",
+                            "c05a39ad-2983-4f4a-900d-a939ecbda504",
+                            "a808a872-71b5-4a76-a939-354f68991881"
+                          ],
+                          "columns": {
+                            "8a965540-daa1-4848-80bb-96ddf53a328f": {
+                              "dataType": "string",
+                              "isBucketed": true,
+                              "label": "Top values of event.outcome",
+                              "operationType": "terms",
+                              "params": {
+                                "missingBucket": false,
+                                "orderBy": {
+                                  "columnId": "a808a872-71b5-4a76-a939-354f68991881",
+                                  "type": "column"
+                                },
+                                "orderDirection": "desc",
+                                "otherBucket": true,
+                                "size": 2
+                              },
+                              "scale": "ordinal",
+                              "sourceField": "event.outcome"
+                            },
+                            "a808a872-71b5-4a76-a939-354f68991881": {
+                              "customLabel": true,
+                              "dataType": "number",
+                              "isBucketed": false,
+                              "label": "Credentials accessed",
+                              "operationType": "count",
+                              "scale": "ratio",
+                              "sourceField": "Records"
+                            },
+                            "c05a39ad-2983-4f4a-900d-a939ecbda504": {
+                              "dataType": "date",
+                              "isBucketed": true,
+                              "label": "@timestamp",
+                              "operationType": "date_histogram",
+                              "params": {
+                                "interval": "auto"
+                              },
+                              "scale": "interval",
+                              "sourceField": "@timestamp"
+                            }
+                          },
+                          "incompleteColumns": {}
+                        }
+                      }
+                    }
+                  },
+                  "filters": [
+                    {
+                      "$state": {
+                        "store": "appState"
+                      },
+                      "meta": {
+                        "alias": null,
+                        "disabled": false,
+                        "indexRefName": "filter-index-pattern-0",
+                        "key": "event.dataset",
+                        "negate": false,
+                        "params": {
+                          "query": "cyberarkpas.audit"
+                        },
+                        "type": "phrase"
+                      },
+                      "query": {
+                        "match_phrase": {
+                          "event.dataset": "cyberarkpas.audit"
+                        }
+                      }
+                    },
+                    {
+                      "$state": {
+                        "store": "appState"
+                      },
+                      "meta": {
+                        "alias": null,
+                        "disabled": false,
+                        "indexRefName": "filter-index-pattern-1",
+                        "key": "event.code",
+                        "negate": false,
+                        "params": [
+                          "308",
+                          "22",
+                          "319",
+                          "295",
+                          "38"
+                        ],
+                        "type": "phrases"
+                      },
+                      "query": {
+                        "bool": {
+                          "minimum_should_match": 1,
+                          "should": [
+                            {
+                              "match_phrase": {
+                                "event.code": "308"
+                              }
+                            },
+                            {
+                              "match_phrase": {
+                                "event.code": "22"
+                              }
+                            },
+                            {
+                              "match_phrase": {
+                                "event.code": "319"
+                              }
+                            },
+                            {
+                              "match_phrase": {
+                                "event.code": "295"
+                              }
+                            },
+                            {
+                              "match_phrase": {
+                                "event.code": "38"
+                              }
+                            }
+                          ]
+                        }
+                      }
+                    }
+                  ],
+                  "query": {
+                    "language": "kuery",
+                    "query": ""
+                  },
+                  "visualization": {
+                    "axisTitlesVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "fittingFunction": "None",
+                    "gridlinesVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "layers": [
+                      {
+                        "accessors": [
+                          "a808a872-71b5-4a76-a939-354f68991881"
+                        ],
+                        "layerId": "50325938-6a9e-4a26-946e-4468e68c6591",
+                        "position": "top",
+                        "seriesType": "area_stacked",
+                        "showGridlines": false,
+                        "splitAccessor": "8a965540-daa1-4848-80bb-96ddf53a328f",
+                        "xAccessor": "c05a39ad-2983-4f4a-900d-a939ecbda504"
+                      }
+                    ],
+                    "legend": {
+                      "isVisible": true,
+                      "position": "right"
+                    },
+                    "preferredSeriesType": "area_stacked",
+                    "tickLabelsVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "valueLabels": "hide"
+                  }
+                },
+                "title": "",
+                "type": "lens",
+                "visualizationType": "lnsXY"
+              },
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 13,
+              "i": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a",
+              "w": 27,
+              "x": 21,
+              "y": 13
+            },
+            "panelIndex": "1dc68cc6-e1b3-43ea-9b0e-f423d194b99a",
+            "title": "Credential access by time",
+            "type": "lens",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "attributes": {
+                "references": [
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-current-indexpattern",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "filter-index-pattern-0",
+                    "type": "index-pattern"
+                  }
+                ],
+                "state": {
+                  "datasourceStates": {
+                    "indexpattern": {
+                      "layers": {
+                        "105faf70-8330-46b3-a82a-573a383068fa": {
+                          "columnOrder": [
+                            "c51d6847-2fcc-4d13-a44f-49786cb979ed",
+                            "d73b823b-ae68-4e73-bbe2-90a35bc825e7",
+                            "c0147524-accc-4dee-a4fc-44199e3459f1"
+                          ],
+                          "columns": {
+                            "c0147524-accc-4dee-a4fc-44199e3459f1": {
+                              "customLabel": true,
+                              "dataType": "number",
+                              "isBucketed": false,
+                              "label": "Authentications",
+                              "operationType": "count",
+                              "scale": "ratio",
+                              "sourceField": "Records"
+                            },
+                            "c51d6847-2fcc-4d13-a44f-49786cb979ed": {
+                              "customLabel": true,
+                              "dataType": "string",
+                              "isBucketed": true,
+                              "label": "Users",
+                              "operationType": "terms",
+                              "params": {
+                                "missingBucket": false,
+                                "orderBy": {
+                                  "columnId": "c0147524-accc-4dee-a4fc-44199e3459f1",
+                                  "type": "column"
+                                },
+                                "orderDirection": "desc",
+                                "otherBucket": true,
+                                "size": 8
+                              },
+                              "scale": "ordinal",
+                              "sourceField": "user.name"
+                            },
+                            "d73b823b-ae68-4e73-bbe2-90a35bc825e7": {
+                              "dataType": "string",
+                              "isBucketed": true,
+                              "label": "Top values of event.outcome",
+                              "operationType": "terms",
+                              "params": {
+                                "missingBucket": false,
+                                "orderBy": {
+                                  "type": "alphabetical"
+                                },
+                                "orderDirection": "desc",
+                                "otherBucket": true,
+                                "size": 2
+                              },
+                              "scale": "ordinal",
+                              "sourceField": "event.outcome"
+                            }
+                          },
+                          "incompleteColumns": {}
+                        }
+                      }
+                    }
+                  },
+                  "filters": [
+                    {
+                      "$state": {
+                        "store": "appState"
+                      },
+                      "meta": {
+                        "alias": null,
+                        "disabled": false,
+                        "indexRefName": "filter-index-pattern-0",
+                        "key": "event.category",
+                        "negate": false,
+                        "params": [
+                          "authentication"
+                        ],
+                        "type": "phrases"
+                      },
+                      "query": {
+                        "bool": {
+                          "minimum_should_match": 1,
+                          "should": [
+                            {
+                              "match_phrase": {
+                                "event.category": "authentication"
+                              }
+                            }
+                          ]
+                        }
+                      }
+                    }
+                  ],
+                  "query": {
+                    "language": "kuery",
+                    "query": ""
+                  },
+                  "visualization": {
+                    "axisTitlesVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "fittingFunction": "None",
+                    "gridlinesVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "layers": [
+                      {
+                        "accessors": [
+                          "c0147524-accc-4dee-a4fc-44199e3459f1"
+                        ],
+                        "layerId": "105faf70-8330-46b3-a82a-573a383068fa",
+                        "palette": {
+                          "name": "status",
+                          "type": "palette"
+                        },
+                        "position": "top",
+                        "seriesType": "bar_horizontal_stacked",
+                        "showGridlines": false,
+                        "splitAccessor": "d73b823b-ae68-4e73-bbe2-90a35bc825e7",
+                        "xAccessor": "c51d6847-2fcc-4d13-a44f-49786cb979ed"
+                      }
+                    ],
+                    "legend": {
+                      "isVisible": true,
+                      "position": "right",
+                      "showSingleSeries": false
+                    },
+                    "preferredSeriesType": "bar_horizontal_stacked",
+                    "tickLabelsVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "valueLabels": "hide"
+                  }
+                },
+                "title": "",
+                "type": "lens",
+                "visualizationType": "lnsXY"
+              },
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 23,
+              "i": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a",
+              "w": 15,
+              "x": 0,
+              "y": 26
+            },
+            "panelIndex": "c56b3e4d-bfb6-4b06-a62b-282753b85f7a",
+            "title": "Vault Authentication attempts",
+            "type": "lens",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "attributes": {
+                "description": "",
+                "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":null,\"isAutoSelect\":true},\"id\":\"a3734143-d6e1-4551-b0b1-8282a37e151b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"label\":\"filebeat-* | Source Point\",\"sourceDescriptor\":{\"indexPatternId\":\"filebeat-*\",\"geoField\":\"source.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"source.ip\",\"tooltipProperties\":[\"host.name\",\"source.ip\",\"source.domain\",\"source.geo.country_iso_code\",\"source.as.organization.name\"],\"id\":\"5f2b25a1-01ea-45ca-a4a2-f1a670c3b149\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":22},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"home\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"2ad8e318-4ef4-4e89-94f2-f37e395c488c\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"filebeat-* | Destination point\",\"sourceDescriptor\":{\"indexPatternId\":\"filebeat-*\",\"geoField\":\"destination.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"destination.ip\",\"tooltipProperties\":[\"host.name\",\"destination.ip\",\"destination.domain\",\"destination.geo.country_iso_code\",\"destination.as.organization.name\"],\"id\":\"bc95f479-964f-4498-be1e-376d34a01b0a\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":35},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#D36086\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"dbb878c8-4039-49f1-b2ff-ab7fb942ba55\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"filebeat-* | Line\",\"sourceDescriptor\":{\"indexPatternId\":\"filebeat-*\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"destination.bytes\"}],\"id\":\"faf6884d-b7cb-41dd-ab86-95970d7c59d2\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":8,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"9c450fbf-b009-4b53-9810-2f47ca8dcfa8\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]}]",
+                "mapStateJSON": "{\"zoom\":1.24,\"center\":{\"lon\":-49.38072,\"lat\":7.87497},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}",
+                "title": "",
+                "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"
+              },
+              "enhancements": {},
+              "hiddenLayers": [],
+              "hidePanelTitles": false,
+              "isLayerTOCOpen": false,
+              "mapBuffer": {
+                "maxLat": 148.88690000000003,
+                "maxLon": 438.09868,
+                "minLat": -116.68142,
+                "minLon": -417.60444
+              },
+              "mapCenter": {
+                "lat": 43.83453,
+                "lon": 10.24712,
+                "zoom": 1
+              },
+              "openTOCDetails": []
+            },
+            "gridData": {
+              "h": 23,
+              "i": "cd1e20e7-706f-4d02-949c-d9f5908bad67",
+              "w": 33,
+              "x": 15,
+              "y": 26
+            },
+            "panelIndex": "cd1e20e7-706f-4d02-949c-d9f5908bad67",
+            "title": "Network sources and destinations",
+            "type": "map",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "attributes": {
+                "references": [
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-current-indexpattern",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "filter-index-pattern-0",
+                    "type": "index-pattern"
+                  },
+                  {
+                    "id": "filebeat-*",
+                    "name": "filter-index-pattern-1",
+                    "type": "index-pattern"
+                  }
+                ],
+                "state": {
+                  "datasourceStates": {
+                    "indexpattern": {
+                      "layers": {
+                        "028c5c1e-79f9-4999-8438-4889ac2b714c": {
+                          "columnOrder": [
+                            "e55346c7-87bc-49f4-9215-8a36931d05f4",
+                            "f2cd86e2-fb91-48b2-b8dd-e98395d28e00"
+                          ],
+                          "columns": {
+                            "e55346c7-87bc-49f4-9215-8a36931d05f4": {
+                              "customLabel": true,
+                              "dataType": "string",
+                              "isBucketed": true,
+                              "label": "Users",
+                              "operationType": "terms",
+                              "params": {
+                                "missingBucket": false,
+                                "orderBy": {
+                                  "columnId": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00",
+                                  "type": "column"
+                                },
+                                "orderDirection": "desc",
+                                "otherBucket": false,
+                                "size": 5
+                              },
+                              "scale": "ordinal",
+                              "sourceField": "user.name"
+                            },
+                            "f2cd86e2-fb91-48b2-b8dd-e98395d28e00": {
+                              "customLabel": true,
+                              "dataType": "number",
+                              "isBucketed": false,
+                              "label": "Failed authentications",
+                              "operationType": "count",
+                              "params": {},
+                              "scale": "ratio",
+                              "sourceField": "Records"
+                            }
+                          },
+                          "incompleteColumns": {}
+                        }
+                      }
+                    }
+                  },
+                  "filters": [
+                    {
+                      "$state": {
+                        "store": "appState"
+                      },
+                      "meta": {
+                        "alias": null,
+                        "disabled": false,
+                        "indexRefName": "filter-index-pattern-0",
+                        "key": "event.category",
+                        "negate": false,
+                        "params": {
+                          "query": "authentication"
+                        },
+                        "type": "phrase"
+                      },
+                      "query": {
+                        "match_phrase": {
+                          "event.category": "authentication"
+                        }
+                      }
+                    },
+                    {
+                      "$state": {
+                        "store": "appState"
+                      },
+                      "meta": {
+                        "alias": null,
+                        "disabled": false,
+                        "indexRefName": "filter-index-pattern-1",
+                        "key": "event.outcome",
+                        "negate": false,
+                        "params": {
+                          "query": "failure"
+                        },
+                        "type": "phrase"
+                      },
+                      "query": {
+                        "match_phrase": {
+                          "event.outcome": "failure"
+                        }
+                      }
+                    }
+                  ],
+                  "query": {
+                    "language": "kuery",
+                    "query": ""
+                  },
+                  "visualization": {
+                    "axisTitlesVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "fittingFunction": "None",
+                    "gridlinesVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "layers": [
+                      {
+                        "accessors": [
+                          "f2cd86e2-fb91-48b2-b8dd-e98395d28e00"
+                        ],
+                        "layerId": "028c5c1e-79f9-4999-8438-4889ac2b714c",
+                        "position": "top",
+                        "seriesType": "bar_horizontal",
+                        "showGridlines": false,
+                        "xAccessor": "e55346c7-87bc-49f4-9215-8a36931d05f4",
+                        "yConfig": [
+                          {
+                            "color": "#d36086",
+                            "forAccessor": "f2cd86e2-fb91-48b2-b8dd-e98395d28e00"
+                          }
+                        ]
+                      }
+                    ],
+                    "legend": {
+                      "isVisible": true,
+                      "position": "right"
+                    },
+                    "preferredSeriesType": "bar_horizontal",
+                    "tickLabelsVisibilitySettings": {
+                      "x": true,
+                      "yLeft": true,
+                      "yRight": true
+                    },
+                    "valueLabels": "hide"
+                  }
+                },
+                "title": "",
+                "type": "lens",
+                "visualizationType": "lnsXY"
+              },
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 15,
+              "i": "c6305b30-a7e2-4cc3-b49b-db99031f150e",
+              "w": 15,
+              "x": 0,
+              "y": 49
+            },
+            "panelIndex": "c6305b30-a7e2-4cc3-b49b-db99031f150e",
+            "title": "Top users by failed authentications to Vault",
+            "type": "lens",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 15,
+              "i": "96a2c711-40a3-4dfc-87f5-4b193078e05a",
+              "w": 33,
+              "x": 15,
+              "y": 49
+            },
+            "panelIndex": "96a2c711-40a3-4dfc-87f5-4b193078e05a",
+            "panelRefName": "panel_9",
+            "title": "Credential Access",
+            "version": "7.12.0"
+          },
+          {
+            "embeddableConfig": {
+              "columns": [
+                "observer.hostname",
+                "cyberarkpas.audit.action",
+                "cyberarkpas.audit.issuer",
+                "cyberarkpas.audit.safe",
+                "file.path"
+              ],
+              "enhancements": {},
+              "hidePanelTitles": false
+            },
+            "gridData": {
+              "h": 18,
+              "i": "6cd62115-65e7-416f-8da7-96b0d7a9d932",
+              "w": 48,
+              "x": 0,
+              "y": 64
+            },
+            "panelIndex": "6cd62115-65e7-416f-8da7-96b0d7a9d932",
+            "panelRefName": "panel_10",
+            "title": "All logs",
+            "version": "7.12.0"
+          }
+        ],
+        "timeRestore": false,
+        "title": "[Filebeat CyberArk PAS] Overview",
+        "version": 1
+      },
+      "coreMigrationVersion": "7.12.0",
+      "id": "eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6",
+      "migrationVersion": {
+        "dashboard": "7.11.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "control_0_index_pattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "control_1_index_pattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-current-indexpattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-layer-33bc0096-e418-4f81-9c7c-7fdd16cc5203",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-current-indexpattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-layer-de047c06-a965-47aa-8a15-8b0266d5abc3",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-current-indexpattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-layer-19858811-84d1-4f50-901c-dc1451972324",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "filter-index-pattern-0",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "filter-index-pattern-1",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-current-indexpattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-layer-50325938-6a9e-4a26-946e-4468e68c6591",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "filter-index-pattern-0",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "filter-index-pattern-1",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-current-indexpattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-layer-105faf70-8330-46b3-a82a-573a383068fa",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "filter-index-pattern-0",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "layer_1_source_index_pattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "layer_2_source_index_pattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "layer_3_source_index_pattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-current-indexpattern",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "indexpattern-datasource-layer-028c5c1e-79f9-4999-8438-4889ac2b714c",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "filter-index-pattern-0",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "filter-index-pattern-1",
+          "type": "index-pattern"
+        },
+        {
+          "id": "a9b82df0-97a5-11eb-bbf8-d77aef8ad7a6",
+          "name": "panel_9",
+          "type": "search"
+        },
+        {
+          "id": "fec0d170-96f7-11eb-bbf8-d77aef8ad7a6",
+          "name": "panel_10",
+          "type": "search"
+        }
+      ],
+      "type": "dashboard",
+      "updated_at": "2021-04-13T17:04:21.111Z",
+      "version": "WzM0ODYsM10="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "event.action",
+          "event.outcome",
+          "source.address",
+          "source.user.name",
+          "destination.address",
+          "destination.user.name",
+          "event.reason"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {
+            "filter": [
+              {
+                "$state": {
+                  "store": "appState"
+                },
+                "meta": {
+                  "alias": null,
+                  "disabled": false,
+                  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+                  "key": "event.dataset",
+                  "negate": false,
+                  "params": {
+                    "query": "cyberarkpas.audit"
+                  },
+                  "type": "phrase"
+                },
+                "query": {
+                  "match_phrase": {
+                    "event.dataset": "cyberarkpas.audit"
+                  }
+                }
+              },
+              {
+                "$state": {
+                  "store": "appState"
+                },
+                "meta": {
+                  "alias": null,
+                  "disabled": false,
+                  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+                  "key": "event.code",
+                  "negate": false,
+                  "params": [
+                    "308",
+                    "319",
+                    "295",
+                    "22",
+                    "38",
+                    "300",
+                    "302"
+                  ],
+                  "type": "phrases",
+                  "value": "308, 319, 295, 22, 38, 300, 302"
+                },
+                "query": {
+                  "bool": {
+                    "minimum_should_match": 1,
+                    "should": [
+                      {
+                        "match_phrase": {
+                          "event.code": "308"
+                        }
+                      },
+                      {
+                        "match_phrase": {
+                          "event.code": "319"
+                        }
+                      },
+                      {
+                        "match_phrase": {
+                          "event.code": "295"
+                        }
+                      },
+                      {
+                        "match_phrase": {
+                          "event.code": "22"
+                        }
+                      },
+                      {
+                        "match_phrase": {
+                          "event.code": "38"
+                        }
+                      },
+                      {
+                        "match_phrase": {
+                          "event.code": "300"
+                        }
+                      },
+                      {
+                        "match_phrase": {
+                          "event.code": "302"
+                        }
+                      }
+                    ]
+                  }
+                }
+              }
+            ],
+            "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+            "query": {
+              "language": "kuery",
+              "query": ""
+            }
+          }
+        },
+        "sort": [
+          [
+            "@timestamp",
+            "desc"
+          ]
+        ],
+        "title": "Credential Access logs [Filebeat CyberArk PAS] ECS",
+        "version": 1
+      },
+      "coreMigrationVersion": "7.12.0",
+      "id": "a9b82df0-97a5-11eb-bbf8-d77aef8ad7a6",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2021-04-13T13:24:02.327Z",
+      "version": "WzI4NzgsM10="
+    },
+    {
+      "attributes": {
+        "columns": [],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {
+            "filter": [],
+            "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+            "query": {
+              "language": "kuery",
+              "query": "event.dataset:\"cyberarkpas.audit\" "
+            }
+          }
+        },
+        "sort": [
+          [
+            "@timestamp",
+            "desc"
+          ]
+        ],
+        "title": "All logs [Filebeat CyberArk PAS] ECS",
+        "version": 1
+      },
+      "coreMigrationVersion": "7.12.0",
+      "id": "fec0d170-96f7-11eb-bbf8-d77aef8ad7a6",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2021-04-13T13:24:02.327Z",
+      "version": "WzI4NzksM10="
+    }
+  ],
+  "version": "7.12.0"
+}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/_meta/fields.yml b/x-pack/filebeat/module/cyberarkpas/audit/_meta/fields.yml
new file mode 100644
index 00000000000..9dcb53669fd
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/_meta/fields.yml
@@ -0,0 +1,97 @@
+- name: audit
+  default_field: false
+  type: group
+  description: >
+    Cyberark Privileged Access Security Audit fields.
+  fields:
+    - name: action
+      type: keyword
+      description: A description of the audit record.
+    - name: ca_properties
+      type: flattened
+      description: Account metadata.
+    - name: category
+      type: keyword
+      description: The category name (for category-related operations).
+    - name: desc
+      type: keyword
+      description: A static value that displays a description of the audit codes.
+    - name: extra_details
+      type: flattened
+      description: Specific extra details of the audit records.
+    - name: file
+      type: keyword
+      description: The name of the target file.
+    - name: gateway_station
+      type: ip
+      description: The IP of the web application machine (PVWA).
+    - name: hostname
+      type: keyword
+      description: The hostname, in upper case.
+      example: MY-COMPUTER
+    - name: iso_timestamp
+      type: date
+      description: The timestamp, in ISO Timestamp format (RFC 3339).
+      example: 2013-6-25T10:47:19Z
+    - name: issuer
+      type: keyword
+      description: The Vault user who wrote the audit. This is usually the user who performed the operation.
+    - name: location
+      type: keyword
+      description: The target Location (for Location operations).
+      ignore_above: 4096
+      doc_values: false
+      index: false
+    - name: message
+      type: keyword
+      description: A description of the audit records (same information as in the Desc field).
+    - name: message_id
+      type: keyword
+      description: The code ID of the audit records.
+    - name: product
+      type: keyword
+      description: A static value that represents the product.
+    - name: pvwa_details
+      type: flattened
+      description: Specific details of the PVWA audit records.
+    - name: raw
+      type: keyword
+      description: >
+        Raw XML for the original audit record.
+        Only present when XSLT file has debugging enabled.
+      ignore_above: 4096
+      doc_values: false
+      index: false
+    - name: reason
+      type: text
+      description: The reason entered by the user.
+      norms: false
+    - name: rfc5424
+      type: boolean
+      description: Whether the syslog format complies with RFC5424.
+      example: yes
+    - name: safe
+      type: keyword
+      description: The name of the target Safe.
+    - name: severity
+      type: keyword
+      description: The severity of the audit records.
+    - name: source_user
+      type: keyword
+      description: The name of the Vault user who performed the operation.
+    - name: station
+      type: ip
+      description: The IP from where the operation was performed. For PVWA sessions, this will be the real client machine IP.
+    - name: target_user
+      type: keyword
+      description: The name of the Vault user on which the operation was performed.
+    - name: timestamp
+      type: keyword
+      description: The timestamp, in MMM DD HH:MM:SS format.
+      example: Jun 25 10:47:19
+    - name: vendor
+      type: keyword
+      description: A static value that represents the vendor.
+    - name: version
+      type: keyword
+      description: A static value that represents the version of the Vault.
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/config/input.yml b/x-pack/filebeat/module/cyberarkpas/audit/config/input.yml
new file mode 100644
index 00000000000..0cc1c5003c1
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/config/input.yml
@@ -0,0 +1,32 @@
+{{ if eq .input "file" }}
+
+type: log
+paths:
+  {{ range $i, $path := .paths }}
+- {{$path}}
+  {{ end }}
+exclude_files: [".gz$"]
+
+{{ else }}
+
+type: {{.input}}
+host: "{{.syslog_host}}:{{.syslog_port}}"
+ssl: {{ .ssl | tojson }}
+
+{{ end }}
+
+tags:
+{{ if .preserve_original_event }}
+  - preserve_original_event
+{{ end }}
+{{ range $i, $tag := .tags }}
+  - {{$tag}}
+{{ end }}
+publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
+
+processors:
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.8.0
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/ingest/pipeline.yml b/x-pack/filebeat/module/cyberarkpas/audit/ingest/pipeline.yml
new file mode 100644
index 00000000000..ec5c565ba0f
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/ingest/pipeline.yml
@@ -0,0 +1,1106 @@
+---
+description: Pipeline for CyberArk PAS
+
+processors:
+  #
+  # Set ECS event.ingested
+  #
+  - set:
+        field: event.ingested
+        value: '{{{_ingest.timestamp}}}'
+
+  #
+  # Set event.original from message, unless reindexing.
+  #
+  - rename:
+      field: message
+      target_field: event.original
+      if: 'ctx.event?.original == null'
+
+  #
+  # Parse syslog headers (if any) and extract JSON payload.
+  #
+  - grok:
+      field: event.original
+      patterns:
+        # RFC5424 from Cyberark.
+        # UseLegacySyslogFormat=No
+        # <5>1 2021-03-04T17:28:23Z VAULT {"format":"elastic","version":"1.0",...}
+        - "^<%{NONNEGINT:log.syslog.priority}>%{NONNEGINT} %{TIMESTAMP_ISO8601:_tmp.syslog_ts} %{SYSLOGHOST:_tmp.hostname} %{JSON_PAYLOAD:_tmp.payload}"
+
+        # Legacy format.
+        # UseLegacySyslogFormat=Yes
+        # Mar 08 02:57:42 VAULT {"format":"elastic","version":"1.0",...}
+        - "^%{SYSLOGTIMESTAMP:_tmp.syslog_ts} %{SYSLOGHOST:_tmp.hostname} %{JSON_PAYLOAD:_tmp.payload}"
+
+        # Catch-all mode, just JSON payload.
+        - "%{JSON_PAYLOAD:_tmp.payload}"
+      pattern_definitions:
+        JSON_PAYLOAD: '{"format":"elastic","version":"1.0",.*}'
+      on_failure:
+        - fail:
+            message: "unexpected event format: {{{_ingest.on_failure_message}}}"
+
+  - json:
+      field: _tmp.payload
+      target_field: _tmp.json
+      on_failure:
+        - fail:
+            message: "malformed JSON event: {{{_ingest.on_failure_message}}}"
+
+  - rename:
+      field: _tmp.json.syslog.audit_record
+      target_field: cyberarkpas.audit
+      on_failure:
+        - fail:
+            message: "unexpected event structure: {{{_ingest.on_failure_message}}}"
+
+
+  #
+  # Remove all empty fields
+  #
+  - script:
+      lang: painless
+      description: 'Removes empty audit fields'
+      source: >-
+        ctx.cyberarkpas.audit.entrySet().removeIf(entry -> entry.getValue() == "");
+
+  - rename:
+      field: _tmp.json.raw
+      target_field: cyberarkpas.audit.raw
+      ignore_missing: true
+
+  # The following processors populate @timestamp from the different sources that can exist in an event.
+  # In the following order of precedence:
+  # - IsoTimestamp field (expected ISO8601). Present when new syslog format is used (rfc5424: yes).
+  # - Timestamp (expected MMM dd HH:mm:ss). Also present only when new syslog format is used.
+  # - Syslog header timestamp. Either ISO8601 or legacy MMM dd HH:mm:ss, depending on the syslog format in use.
+  # - Original @timestamp from Filebeat.
+  - date:
+      if: 'ctx.cyberarkpas.audit.IsoTimestamp != null'
+      field: cyberarkpas.audit.IsoTimestamp
+      target_field: _tmp.timestamp
+      formats:
+        - ISO8601
+      on_failure:
+        - append:
+            field: error.message
+            value: "failed to parse ISO timestamp field: {{{cyberarkpas.audit.IsoTimestamp}}}: {{{_ingest.on_failure_message}}}"
+
+  - date:
+      if: 'ctx._tmp.timestamp == null && ctx.cyberarkpas.audit.Timestamp != null'
+      field: cyberarkpas.audit.Timestamp
+      target_field: _tmp.timestamp
+      formats:
+        # This is the default format.
+        - 'MMM dd HH:mm:ss'
+        # Drop a few other formats in case the above fails.
+        - ISO8601
+        - 'MMM  d HH:mm:ss'
+        - "EEE MMM dd HH:mm:ss"
+        - "EEE MMM  d HH:mm:ss"
+        - "MMM  d HH:mm:ss z"
+        - "MMM dd HH:mm:ss z"
+        - "EEE MMM  d HH:mm:ss z"
+        - "EEE MMM dd HH:mm:ss z"
+        - "MMM  d yyyy HH:mm:ss"
+        - "MMM dd yyyy HH:mm:ss"
+        - "EEE MMM  d yyyy HH:mm:ss"
+        - "EEE MMM dd yyyy HH:mm:ss"
+        - "MMM  d yyyy HH:mm:ss z"
+        - "MMM dd yyyy HH:mm:ss z"
+        - "EEE MMM  d yyyy HH:mm:ss z"
+        - "EEE MMM dd yyyy HH:mm:ss z"
+      on_failure:
+        - append:
+            field: error.message
+            value: "failed to parse timestamp field: {{{cyberarkpas.audit.Timestamp}}}: {{{_ingest.on_failure_message}}}"
+
+  - date:
+      if: 'ctx._tmp.timestamp == null && ctx._tmp.syslog_ts != null && ctx.event?.timezone == null'
+      field: _tmp.syslog_ts
+      target_field: _tmp.timestamp
+      formats:
+        # This is the default format.
+        - 'MMM dd HH:mm:ss'
+        # Drop a few other formats in case the above fails.
+        - ISO8601
+        - 'MMM  d HH:mm:ss'
+        - "EEE MMM dd HH:mm:ss"
+        - "EEE MMM  d HH:mm:ss"
+        - "MMM  d HH:mm:ss z"
+        - "MMM dd HH:mm:ss z"
+        - "EEE MMM  d HH:mm:ss z"
+        - "EEE MMM dd HH:mm:ss z"
+        - "MMM  d yyyy HH:mm:ss"
+        - "MMM dd yyyy HH:mm:ss"
+        - "EEE MMM  d yyyy HH:mm:ss"
+        - "EEE MMM dd yyyy HH:mm:ss"
+        - "MMM  d yyyy HH:mm:ss z"
+        - "MMM dd yyyy HH:mm:ss z"
+        - "EEE MMM  d yyyy HH:mm:ss z"
+        - "EEE MMM dd yyyy HH:mm:ss z"
+      on_failure:
+        - append:
+            field: error.message
+            value: "failed to parse legacy syslog timestamp: {{{_tmp.syslog_ts}}}: {{{_ingest.on_failure_message}}}"
+
+  - date:
+      if: 'ctx._tmp.timestamp == null && ctx._tmp.syslog_ts != null && ctx.event?.timezone != null'
+      field: _tmp.syslog_ts
+      target_field: _tmp.timestamp
+      timezone: '{{{event.timezone}}}'
+      formats:
+        # This is the default format.
+        - 'MMM dd HH:mm:ss'
+        # Drop a few other formats in case the above fails.
+        - ISO8601
+        - 'MMM  d HH:mm:ss'
+        - "EEE MMM dd HH:mm:ss"
+        - "EEE MMM  d HH:mm:ss"
+        - "MMM  d HH:mm:ss z"
+        - "MMM dd HH:mm:ss z"
+        - "EEE MMM  d HH:mm:ss z"
+        - "EEE MMM dd HH:mm:ss z"
+        - "MMM  d yyyy HH:mm:ss"
+        - "MMM dd yyyy HH:mm:ss"
+        - "EEE MMM  d yyyy HH:mm:ss"
+        - "EEE MMM dd yyyy HH:mm:ss"
+        - "MMM  d yyyy HH:mm:ss z"
+        - "MMM dd yyyy HH:mm:ss z"
+        - "EEE MMM  d yyyy HH:mm:ss z"
+        - "EEE MMM dd yyyy HH:mm:ss z"
+      on_failure:
+        - append:
+            field: error.message
+            value: "failed to parse legacy syslog timestamp: {{{_tmp.syslog_ts}}}: {{{_ingest.on_failure_message}}}"
+
+  - set:
+      field: '@timestamp'
+      value: '{{{_tmp.timestamp}}}'
+      ignore_empty_value: true
+      override: true
+
+  # This script converts the nested object under cyberarkpas.audit.CAProperties.CAProperty
+  # into an object under cyberarkpas.audit.CAProperties:
+  #
+  # input:
+  # "cyberarkpas.audit.CAProperties.CAProperty": [
+  #            {
+  #                "Name": "PolicyID",
+  #                "Value": "LINUX-SSH"
+  #            },
+  #            {
+  #                "Name": "UserName",
+  #                "Value": "test12"
+  #            }
+  # output:
+  # "cyberarkpas.audit.CAProperties":
+  #            {
+  #                "PolicyID": "LINUX-SSH",
+  #                "UserName": "test12"
+  #            }
+  - foreach:
+      field: cyberarkpas.audit.CAProperties.CAProperty
+      ignore_missing: true
+      processor:
+        set:
+          field: 'cyberarkpas.audit.CAProperties.{{{_ingest._value.Name}}}'
+          value: '{{{_ingest._value.Value}}}'
+      on_failure:
+        - append:
+            field: error.message
+            value: "failed to process CAProperties array: {{{_ingest.on_failure_message}}}"
+  - remove:
+      field: cyberarkpas.audit.CAProperties.CAProperty
+      ignore_missing: true
+
+  # Parse key-value pairs at ExtraDetails:
+  # input:
+  #   "cyberarkpas.audit.ExtraDetails": "Command=ls \"/var/tmp\";ConnectionComponentId=PSMP-SSH;DstHost=[...]",
+  #
+  # output:
+  #   "cyberarkpas.audit.ExtraDetails":
+  #     {
+  #       "Command": "ls \"/var/tmp\"",
+  #       "ConnectionComponentId": "PSMP-SSH",
+  #       "DstHost": [...]
+  #
+  # The original string can contain escaped separators, \= and \;
+  - kv:
+      field: cyberarkpas.audit.ExtraDetails
+      field_split: '(?<!\\);' # unescaped ;
+      value_split: '(?<!\\)=' # uneescaped =
+      target_field: _tmp.kv
+      ignore_missing: true
+      on_failure:
+        - append:
+            field: error.message
+            value: "failed to process ExtraDetails expression '{{{cyberarkpas.audit.ExtraDetails}}}': {{{_ingest.on_failure_message}}}"
+  - remove:
+      field: cyberarkpas.audit.ExtraDetails
+      ignore_missing: true
+
+  - rename:
+      field: _tmp.kv
+      target_field: cyberarkpas.audit.ExtraDetails
+      ignore_missing: true
+
+  #
+  # Convert field names from CamelCase to snake_case.
+  #
+  - script:
+      lang: painless
+      description: "Converts audit field's names from CamelCase to snake_case"
+      source: >
+        String to_snake_case(String s) {
+          /* faster code path for strings that won't need an underscore */
+          if (s.chars().skip(1).noneMatch(Character::isUpperCase)) {
+            return s.toLowerCase();
+          }
+          int run = 0;
+          boolean first = true;
+          StringBuilder result = new StringBuilder();
+          for (char c : s.toCharArray()) {
+            char o = Character.toLowerCase(c);
+            if (c != o) {
+              if (run == 0 && !first) {
+                result.append('_');
+              }
+              run ++;
+            } else {
+              if (run > 1) {
+                char prev = result.charAt(result.length()-1);
+                result.setCharAt(result.length()-1, (char)'_');
+                result.append(prev);
+              }
+              run = 0;
+              first = false;
+            }
+            result.append(o);
+          }
+          return result.toString();
+        }
+        def keys_to_snake_case_recursive(Map object) {
+          return object.entrySet().stream().collect(
+            Collectors.toMap(
+              e -> to_snake_case(e.getKey()),
+              e -> e.getValue() instanceof Map? keys_to_snake_case_recursive(e.getValue()) : e.getValue()
+            )
+          );
+        }
+        ctx.cyberarkpas.audit = keys_to_snake_case_recursive(ctx.cyberarkpas.audit);
+
+  #
+  # Convert rfc5424 field to boolean.
+  #
+  - script:
+      description: 'Converts the rfc5424 audit field to a boolean'
+      lang: painless
+      source: >
+        def value = ctx.cyberarkpas.audit.rfc5424;
+        ctx.cyberarkpas.audit["rfc5424"] = value == 'yes';
+
+  ########################################################
+  # ECS enrichment
+  #
+  # All processors from this point use the snake_case form
+  # to access Cyberark fields.
+  ########################################################
+
+  - set:
+      field: event.kind
+      value: event
+
+  - lowercase:
+      field: cyberarkpas.audit.action
+      target_field: event.action
+      ignore_missing: true
+
+  # Severity to number
+  #
+  # Possible values:
+  # Info -> 0
+  # Error -> 7
+  # Critical -> 10
+  - set:
+      field: event.severity
+      value: 2
+      if: 'ctx.cyberarkpas.audit.severity == "Info"'
+  - set:
+      field: event.severity
+      value: 7
+      if: 'ctx.cyberarkpas.audit.severity == "Error"'
+  - set:
+      field: event.severity
+      value: 10
+      if: 'ctx.cyberarkpas.audit.severity == "Critical"'
+  - set:
+      field: event.type
+      value: error
+      if: 'ctx.event?.severity > 6'
+
+  - rename:
+      field: cyberarkpas.audit.message_id
+      target_field: event.code
+      ignore_missing: true
+
+  - set:
+      field: source.address
+      value: '{{{cyberarkpas.audit.station}}}'
+      ignore_empty_value: true
+
+  - set:
+      field: destination.address
+      value: '{{{cyberarkpas.audit.gateway_station}}}'
+      ignore_empty_value: true
+
+  - set:
+      field: file.path
+      value: '{{{cyberarkpas.audit.file}}}'
+      if: 'ctx.cyberarkpas.audit?.file != null'
+
+  #
+  # Observer fields
+  #
+  - rename:
+      field: cyberarkpas.audit.vendor
+      target_field: observer.vendor
+      ignore_missing: true
+  - rename:
+      field: cyberarkpas.audit.product
+      target_field: observer.product
+      ignore_missing: true
+  - rename:
+      field: cyberarkpas.audit.version
+      target_field: observer.version
+      ignore_missing: true
+  - rename:
+      field: cyberarkpas.audit.hostname
+      target_field: observer.hostname
+      ignore_missing: true
+  # Use hostname from syslog if audit record's Hostname field is missing.
+  - rename:
+      field: _tmp.hostname
+      target_field: observer.hostname
+      ignore_missing: true
+      if: 'ctx.observer?.hostname == null'
+  #
+  # Enrichment based on message_id
+  #
+  # This script is overly complicated (read_field) because at this time
+  # there is no processor that allows to set one field from a source
+  # field using indirection (it is possible with rename, but that
+  # removes the original field).
+  #
+  # Once something like this is possible:
+  # set:
+  #   target_field: '{{{_ingest.value.to}}}'
+  #   copy_from: '{{{_ingest.value.from}}}'
+  #
+  # ... this script can be updated to just create two output lists, one
+  # for value-to pairs, another for value-from pairs.
+  #
+  - script:
+      lang: painless
+      description: 'ECS enrichment based on message_id'
+      params:
+        # 4 - User Authentication
+        #
+        # Always a failure.
+        "4":
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["authentication"]
+          - set: event.type
+            value: ["error"]
+          - set: event.action
+            value:  "authentication_failure"
+          - set: event.outcome
+            value: "failure"
+
+        # 7 - Logon
+        #
+        # User logged on to the PVWA.
+        "7":
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: [ "authentication", "session"]
+          - set: event.type
+            value: [ "start"]
+          - set: event.action
+            value:  "authentication_success"
+          - set: event.outcome
+            value: "success"
+
+        # 8 - Logoff
+        #
+        # User logged of from the PVWA.
+        "8": # Logoff
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: [ "authentication", "session"]
+          - set: event.type
+            value: ["end"]
+          - set: event.outcome
+            value: "success"
+
+        # 19 - Full gateway connection.
+        "19":
+          - set: source.user.name
+            from: cyberarkpas.audit.source_user
+          - set: user.name
+            from: cyberarkpas.audit.source_user
+          - set: destination.user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["network"]
+          - set: event.type
+            value: ["start"]
+          - set: event.outcome
+            value: "success"
+
+        # 22 - CPM Verify Password
+        #
+        # Password on a target host is verified.
+        "22":
+          # Address of device that hosts the account.
+          - set: destination.address
+            from: cyberarkpas.audit.ca_properties.address
+          - set: event.outcome
+            from: cyberarkpas.audit.ca_properties.cpm_status
+          - set: destination.user.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["admin", "info"]
+
+        # 23 - Action on closed safe
+        #
+        # Nothing remarkable.
+        #
+        # "23":
+
+        # 24 - CPM Change Password
+        "24":
+          - set: destination.address # This could be host.* or user.target.* (doesn't exists).
+            from: cyberarkpas.audit.ca_properties.address
+          - set: event.outcome
+            from: cyberarkpas.audit.ca_properties.cpm_status
+          - set: user.target.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["user", "change"]
+
+        # 31 - CPM Reconcile Password
+        #
+        "31":
+          - set: destination.address # This could be host.* or user.target.* (doesn't exists).
+            from: cyberarkpas.audit.ca_properties.address
+          - set: event.outcome
+            from: cyberarkpas.audit.ca_properties.cpm_status
+          - set: user.target.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["user", "change"]
+
+        # 32 - Add Owner
+        #
+        # Change owner of a Safe.
+        # source_user performs the action, docs suggest otherwise.
+        "32":
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.category
+            value: ["iam"] # How to best model Vault/Safes? An IAM system? A Database?
+          - set: event.type
+            value: ["admin", "change"]
+          - set: event.outcome
+            value: "success"
+
+        # 33 - Update Owner
+        #
+        # Same as above
+        "33":
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.category
+            value: ["iam"] # How to best model Vault/Safes? An IAM system? A Database?
+          - set: event.type
+            value: ["admin", "change"]
+          - set: event.outcome
+            value: "success"
+
+        # 38 - CPM Verify Password Failed
+        #
+        # Like 22 but failed.
+        "38":
+          # Address of device that hosts the account.
+          - set: destination.address
+            from: cyberarkpas.audit.ca_properties.address
+          - set: event.outcome
+            value: "failure"
+          - set: event.reason
+            from: cyberarkpas.audit.ca_properties.cpm_error_details
+          - set: destination.user.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["error"]
+
+        # 50 - Store File
+        #
+        # I don't think it makes much sense to enrich Vault file events as "file" category.
+        # This will involve probably constructing a file.path prefixed by the safe name.
+        # Then these file events may be treated as file events in SIEM, which can have
+        # unwanted consequences.
+        # "50":
+
+        # 57 - CPM Change Password Failed
+        "57":
+          - set: destination.address # This could be host.* or user.target.* (doesn't exists).
+            from: cyberarkpas.audit.ca_properties.address
+          - set: event.outcome
+            value: "failure"
+          - set: user.target.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["user", "change", "error"]
+          - set: event.reason
+            from: cyberarkpas.audit.ca_properties.cpm_error_details
+
+        # 60 - CPM Reconcile Password Failed
+        "60":
+          - set: destination.address # This could be host.* or user.target.* (doesn't exists).
+            from: cyberarkpas.audit.ca_properties.address
+          - set: event.outcome
+            value: "failure"
+          - set: user.target.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["user", "change", "error"]
+          - set: event.reason
+            from: cyberarkpas.audit.ca_properties.cpm_error_details
+
+        # 130 - CPM Disable Password
+        "130":
+          - set: event.outcome
+            value: "failure"
+          - set: user.target.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["user", "change"]
+          - set: event.reason
+            from: cyberarkpas.audit.ca_properties.cpm_error_details
+          - set: event.outcome
+            from: cyberarkpas.audit.ca_properties.cpm_status
+
+        # 174 - Change User (untested)
+        "174":
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.type
+            value: ["user", "change"]
+          - set: event.category
+            value: ["iam"]
+          - set: event.outcome
+            value: "success"
+
+        # 175 - Change Your User (untested)
+        "175":
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.type
+            value: ["user", "change"]
+          - set: event.category
+            value: ["iam"]
+          - set: event.outcome
+            value: "success"
+
+        # 176 - Delete User (untested)
+        "176":
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.type
+            value: ["user", "deletion"]
+          - set: event.category
+            value: ["iam"]
+          - set: event.outcome
+            value: "success"
+
+        # 177 - Delete Your User (untested)
+        "177":
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.type
+            value: ["user", "deletion"]
+          - set: event.category
+            value: ["iam"]
+          - set: event.outcome
+            value: "success"
+
+        # 173 - Add User (alternative to 180, untested)
+        "173":
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.type
+            value: ["user", "creation"]
+          - set: event.category
+            value: ["iam"]
+          - set: event.outcome
+            value: "success"
+
+        # 180 - Add User
+        "180":
+          - set: user.target.name
+            from: cyberarkpas.audit.source_user
+          - set: event.type
+            value: ["user", "creation"]
+          - set: event.category
+            value: ["iam"]
+          - set: event.outcome
+            value: "success"
+
+        # 295 - Retrieve Password succeeded
+        "295":
+          - set: destination.address
+            from: cyberarkpas.audit.ca_properties.address
+          - set: destination.user.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["admin", "access"]
+          - set: event.outcome
+            value: "success"
+          - set: event.reason
+            from: cyberarkpas.audit.reason
+
+        # 300 - PSM Connect
+        "300":
+          - set: destination.address
+            from: cyberarkpas.audit.extra_details.dst_host
+          - set: destination.user.name
+            from: cyberarkpas.audit.extra_details.user
+          - set: source.address
+            from: cyberarkpas.audit.extra_details.src_host
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: network.application
+            from: cyberarkpas.audit.extra_details.protocol
+          - set: event.category
+            value: ["session"]
+          - set: event.type
+            value: ["start"]
+          - set: event.outcome
+            value: "success"
+
+        # 302 - PSM Disconnect
+        "302":
+          - set: destination.address
+            from: cyberarkpas.audit.extra_details.dst_host
+          - set: destination.user.name
+            from: cyberarkpas.audit.extra_details.user
+          - set: source.address
+            from: cyberarkpas.audit.extra_details.src_host
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: network.application
+            from: cyberarkpas.audit.extra_details.protocol
+          - set: _tmp.duration_hms
+            from: cyberarkpas.audit.extra_details.session_duration
+          - set: event.category
+            value: ["session"]
+          - set: event.type
+            value: ["end"]
+          - set: event.outcome
+            value: "success"
+
+        # 308 - Use Password
+        "308":
+          - set: destination.address
+            from: cyberarkpas.audit.ca_properties.address
+          - set: destination.user.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["admin", "access"]
+          - set: event.outcome
+            from: cyberarkpas.audit.ca_properties.cpm_status
+          - set: event.reason
+            from: cyberarkpas.audit.reason
+
+        # 309 - Undefined user logon
+        #
+        "309":
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["authentication"]
+          - set: event.type
+            value: ["error"]
+          - set: event.action
+            value:  "authentication_failure"
+          - set: event.outcome
+            value: "failure"
+
+        # 361 - Keystroke logging
+        "361":
+          - set: destination.address
+            from: cyberarkpas.audit.extra_details.dst_host
+          - set: destination.user.name
+            from: cyberarkpas.audit.extra_details.user
+          - set: source.address
+            from: cyberarkpas.audit.extra_details.src_host
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: network.application
+            from: cyberarkpas.audit.extra_details.protocol
+          - set: event.category
+            value: ["session"]
+          - set: event.type
+            value: ["info"]
+
+        # 412 - Keystroke logging (same as 361?)
+        "412":
+          - set: destination.address
+            from: cyberarkpas.audit.extra_details.dst_host
+          - set: destination.user.name
+            from: cyberarkpas.audit.extra_details.user
+          - set: source.address
+            from: cyberarkpas.audit.extra_details.src_host
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: network.application
+            from: cyberarkpas.audit.extra_details.protocol
+          - set: event.category
+            value: ["session"]
+          - set: event.type
+            value: ["info"]
+
+        # 359 - SQL Command
+        "359":
+          - set: destination.address
+            from: cyberarkpas.audit.extra_details.dst_host
+          - set: destination.user.name
+            from: cyberarkpas.audit.extra_details.user
+          - set: source.address
+            from: cyberarkpas.audit.extra_details.src_host
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: network.application
+            from: cyberarkpas.audit.extra_details.protocol
+          - set: event.category
+            value: ["database"]
+          - set: event.type
+            value: ["access"]
+          - set: event.outcome
+            from: cyberarkpas.audit.ca_properties.cpm_status
+
+        # 411 - Window Title
+        "411":
+          - set: destination.address
+            from: cyberarkpas.audit.extra_details.dst_host
+          - set: destination.user.name
+            from: cyberarkpas.audit.extra_details.user
+          - set: source.address
+            from: cyberarkpas.audit.extra_details.src_host
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: network.application
+            from: cyberarkpas.audit.extra_details.protocol
+          - set: process.pid
+            from: cyberarkpas.audit.extra_details.process_id
+          - set: process.name
+            from: cyberarkpas.audit.extra_details.process_name
+          - set: event.category
+            value: ["process"]
+          - set: event.type
+            value: ["access", "info"]
+
+        # 414 - CPM Verify SSH Key
+        #
+        # SSH-key on a target host is verified.
+        "414":
+          # Address of device that hosts the account.
+          - set: destination.address
+            from: cyberarkpas.audit.ca_properties.address
+          - set: event.outcome
+            from: cyberarkpas.audit.ca_properties.cpm_status
+          - set: destination.user.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["admin", "info"]
+
+        # 428 - Retrieve SSH Key
+        "428":
+          - set: destination.address
+            from: cyberarkpas.audit.ca_properties.address
+          - set: destination.user.name
+            from: cyberarkpas.audit.ca_properties.user_name
+          - set: source.user.name
+            from: cyberarkpas.audit.issuer
+          - set: user.name
+            from: cyberarkpas.audit.issuer
+          - set: event.category
+            value: ["iam"]
+          - set: event.type
+            value: ["admin", "access"]
+          - set: event.outcome
+            value: "success"
+          - set: event.reason
+            from: cyberarkpas.audit.reason
+
+      source: >
+        def clone(def val) {
+            return val instanceof List? new ArrayList(val) : val;
+        }
+        def read_field(def map, String name) {
+          if (map == null || !(map instanceof Map)) return null;
+          int pos = name.indexOf(".");
+          return pos == -1? map[name]
+                          : read_field(map[name.substring(0, pos)], name.substring(pos+1));
+        }
+        String msgID = ctx.event?.code;
+        def actions = params.get(msgID);
+        if (actions == null) return;
+        List values = new ArrayList();
+        for (def item : actions) {
+          def val = item.value;
+          if (val == null && (val = read_field(ctx, item.from)) == null || val == "") continue;
+          values.add([
+            "to": item.set,
+            "value": clone(val)
+          ]);
+        }
+        if (!values.isEmpty()) ctx._tmp["values"] = values;
+
+  - foreach:
+      field: _tmp.values
+      ignore_missing: true
+      processor:
+        set:
+          field: '{{{_ingest._value.to}}}'
+          copy_from: '_ingest._value.value'
+          ignore_empty_value: true
+          override: true
+
+  #
+  # Force event.outcome: unknown in case it gets a value other than one of the allowed.
+  #
+  - set:
+      field: event.outcome
+      value: 'unknown'
+      if: 'ctx.event?.outcome != null && !["success", "failure"].contains(ctx.event.outcome)'
+
+
+  #
+  # Set event.duration from the session duration ("hh:mm:ss") present in some messages.
+  #
+  - script:
+      lang: painless
+      description: 'Set event.duration from the session duration ("hh:mm:ss")'
+      if: "ctx._tmp?.duration_hms != null"
+      source: >
+        long parse_hms(String s) {
+            long cur = 0, total = 0;
+            for (char c: s.toCharArray()) {
+                if (c >= (char)'0' && c <= (char)'9') {
+                    cur = (cur*10) + (long)c - (char)'0';
+                } else if (c == (char)':') {
+                    total = (total + cur) * 60;
+                    cur = 0;
+                } else {
+                    return 0;
+                }
+            }
+            return total + cur;
+        }
+        long nanos = parse_hms(ctx._tmp.duration_hms) * 1000000000L;
+        ctx.event['duration'] = nanos;
+
+  #
+  # Populate ip/domain fields from address.
+  #
+  - grok:
+      field: source.address
+      patterns:
+        - '(?:%{IP:source.ip}|%{GREEDYDATA:source.domain})'
+      ignore_failure: true
+  - grok:
+      field: destination.address
+      patterns:
+        - '(?:%{IP:destination.ip}|%{GREEDYDATA:destination.domain})'
+      ignore_failure: true
+
+  #
+  # Populate related.ip
+  #
+  - append:
+      field: related.ip
+      value: '{{{source.ip}}}'
+      if: 'ctx.source?.ip != null'
+      allow_duplicates: false
+  - append:
+      field: related.ip
+      value: '{{{destination.ip}}}'
+      if: 'ctx.destination?.ip != null'
+      allow_duplicates: false
+  - append:
+      field: related.ip
+      value: '{{{cyberarkpas.audit.station}}}'
+      if: 'ctx.cyberarkpas.audit.station != null'
+      allow_duplicates: false
+  - append:
+      field: related.ip
+      value: '{{{cyberarkpas.audit.gateway_station}}}'
+      if: 'ctx.cyberarkpas.audit.gateway_station != null'
+      allow_duplicates: false
+
+  #
+  # Populate related.user
+  #
+  - append:
+      field: related.user
+      value: '{{{user.name}}}'
+      if: 'ctx.user?.name != null'
+      allow_duplicates: false
+  - append:
+      field: related.user
+      value: '{{{source.user.name}}}'
+      if: 'ctx.source?.user?.name != null'
+      allow_duplicates: false
+  - append:
+      field: related.user
+      value: '{{{destination.user.name}}}'
+      if: 'ctx.destination?.user?.name != null'
+      allow_duplicates: false
+  - append:
+      field: related.user
+      value: '{{{user.target.name}}}'
+      if: 'ctx.user?.target?.name != null'
+      allow_duplicates: false
+
+  #
+  # sometimes application is capitalized.
+  #
+  - lowercase:
+      field: network.application
+      ignore_missing: true
+
+  - geoip:
+      field: source.ip
+      target_field: source.geo
+      ignore_missing: true
+
+  - geoip:
+      field: destination.ip
+      target_field: destination.geo
+      ignore_missing: true
+
+  #
+  # Set host.name
+  # This sets host.name from observer.hostname when the original event from Filebeat didn't
+  # have a host.name. This is the case of forwarded events (the tag "forwarded" is present).
+  #
+  - set:
+      field: host.name
+      value: '{{{observer.hostname}}}'
+      ignore_empty_value: true
+      if: 'ctx.host?.name == null'
+
+  - network_direction:
+      ignore_missing: true
+      internal_networks:
+        - loopback
+        - private
+        - unspecified
+
+  #
+  # Cleanup
+  #
+  - remove:
+      field: _tmp
+      ignore_missing: true
+
+  - remove:
+      field: event.original
+      ignore_missing: true
+      if: 'ctx.tags == null || !ctx.tags.contains("preserve_original_event")'
+
+on_failure:
+  - append:
+        field: error.message
+        value: '{{{_ingest.on_failure_message}}}'
+
+  - remove:
+      field: _tmp
+      ignore_missing: true
+
+  - set:
+      field: event.kind
+      value: pipeline_error
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/manifest.yml b/x-pack/filebeat/module/cyberarkpas/audit/manifest.yml
new file mode 100644
index 00000000000..025a519a5b7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/manifest.yml
@@ -0,0 +1,22 @@
+module_version: "1.0"
+
+var:
+  - name: paths
+  - name: tags
+    default: ["cyberarkpas.audit", "forwarded"]
+  - name: syslog_host
+    default: localhost
+  - name: syslog_port
+    default: 9301
+  - name: input
+    default: tcp
+  - name: ssl
+  - name: preserve_original_event
+    default: false
+
+ingest_pipeline: ingest/pipeline.yml
+input: config/input.yml
+
+requires.processors:
+- name: geoip
+  plugin: ingest-geoip
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log b/x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log
new file mode 100644
index 00000000000..cb662d0ec48
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log
@@ -0,0 +1,6 @@
+<5>1 2021-03-08T18:24:49Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:24:49","IsoTimestamp":"2021-03-08T18:24:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"105","Desc":"Add File Category","Severity":"Info","Issuer":"Administrator","Action":"Add File Category","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WinDesktopLocal-Address-adriansr","Station":"127.0.0.1","Location":"","Category":"Address","RequestId":"","Reason":"Value=[Address]","ExtraDetails":"","Message":"Add File Category","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-10T09:11:54Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:54","IsoTimestamp":"2021-03-10T09:11:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"105","Desc":"Add File Category","Severity":"Info","Issuer":"PSMPApp_localhost.localdomain","Action":"Add File Category","SourceUser":"","TargetUser":"","Safe":"PSMPLiveSessions","File":"Root\\PSMPApp_localhost.localdomain.LiveSessions","Station":"81.32.170.205","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add File Category","GatewayStation":""}}}
+<5>1 2021-03-10T18:46:48Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:46:48","IsoTimestamp":"2021-03-10T18:46:48Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"105","Desc":"Add File Category","Severity":"Info","Issuer":"PSMApp_VAGRANT","Action":"Add File Category","SourceUser":"","TargetUser":"","Safe":"PSMLiveSessions","File":"Root\\PSMServer.LiveSessions","Station":"81.32.170.205","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add File Category","GatewayStation":""}}}
+<5>1 2021-03-10T22:17:26Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:17:26","IsoTimestamp":"2021-03-10T22:17:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"105","Desc":"Add File Category","Severity":"Info","Issuer":"Administrator","Action":"Add File Category","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSM-ASR-CYBERARK-WI","Station":"35.192.121.42","Location":"","Category":"LogonDomain","RequestId":"","Reason":"Value=[ASR-CYBERARK-WI]","ExtraDetails":"","Message":"Add File Category","GatewayStation":""}}}
+<5>1 2021-03-10T22:20:12Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:20:12","IsoTimestamp":"2021-03-10T22:20:12Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"105","Desc":"Add File Category","Severity":"Info","Issuer":"PSMApp_ASR-WIN","Action":"Add File Category","SourceUser":"","TargetUser":"","Safe":"PSMLiveSessions","File":"Root\\PSM-ASR-CYBERARK-WI.LiveSessions","Station":"35.192.121.42","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add File Category","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:58Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:58</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:58Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>105</MessageID>\n    <Desc>Add File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Add File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_VAGRANT.LiveSessions</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category>_PSMLiveSessions_1</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:58","IsoTimestamp":"2021-03-11T16:59:58Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"105","Desc":"Add File Category","Severity":"Info","Issuer":"PSMPApp_VAGRANT","Action":"Add File Category","SourceUser":"","TargetUser":"","Safe":"PSMPLiveSessions","File":"Root\\PSMPApp_VAGRANT.LiveSessions","Station":"81.32.170.205","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add File Category","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log-expected.json
new file mode 100644
index 00000000000..8318232cba4
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/105_add_file_category.log-expected.json
@@ -0,0 +1,300 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:24:49.000Z",
+        "cyberarkpas.audit.action": "Add File Category",
+        "cyberarkpas.audit.category": "Address",
+        "cyberarkpas.audit.desc": "Add File Category",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:24:49Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add File Category",
+        "cyberarkpas.audit.reason": "Value=[Address]",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:24:49",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "add file category",
+        "event.code": "105",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:54.000Z",
+        "cyberarkpas.audit.action": "Add File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Add File Category",
+        "cyberarkpas.audit.file": "Root\\PSMPApp_localhost.localdomain.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:54Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_localhost.localdomain",
+        "cyberarkpas.audit.message": "Add File Category",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:54",
+        "event.action": "add file category",
+        "event.code": "105",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMPApp_localhost.localdomain.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 665,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T18:46:48.000Z",
+        "cyberarkpas.audit.action": "Add File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Add File Category",
+        "cyberarkpas.audit.file": "Root\\PSMServer.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:46:48Z",
+        "cyberarkpas.audit.issuer": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.message": "Add File Category",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:46:48",
+        "event.action": "add file category",
+        "event.code": "105",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMServer.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1342,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:17:26.000Z",
+        "cyberarkpas.audit.action": "Add File Category",
+        "cyberarkpas.audit.category": "LogonDomain",
+        "cyberarkpas.audit.desc": "Add File Category",
+        "cyberarkpas.audit.file": "Root\\PSM-ASR-CYBERARK-WI",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:17:26Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add File Category",
+        "cyberarkpas.audit.reason": "Value=[ASR-CYBERARK-WI]",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:17:26",
+        "event.action": "add file category",
+        "event.code": "105",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSM-ASR-CYBERARK-WI",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1983,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:20:12.000Z",
+        "cyberarkpas.audit.action": "Add File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Add File Category",
+        "cyberarkpas.audit.file": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:20:12Z",
+        "cyberarkpas.audit.issuer": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.message": "Add File Category",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:20:12",
+        "event.action": "add file category",
+        "event.code": "105",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2624,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:58.000Z",
+        "cyberarkpas.audit.action": "Add File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Add File Category",
+        "cyberarkpas.audit.file": "Root\\PSMPApp_VAGRANT.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:58Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.message": "Add File Category",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:58</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:58Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>105</MessageID>\n    <Desc>Add File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Add File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_VAGRANT.LiveSessions</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category>_PSMLiveSessions_1</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:58",
+        "event.action": "add file category",
+        "event.code": "105",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMPApp_VAGRANT.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3275,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log b/x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log
new file mode 100644
index 00000000000..14adbc29da4
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log
@@ -0,0 +1,6 @@
+<5>1 2021-03-08T18:25:52Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:25:52","IsoTimestamp":"2021-03-08T18:25:52Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"106","Desc":"Update File Category","Severity":"Info","Issuer":"Administrator","Action":"Update File Category","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WinDesktopLocal-Address-adriansr","Station":"127.0.0.1","Location":"","Category":"Address","RequestId":"","Reason":"Value=[components] Old Value=[Address]","ExtraDetails":"","Message":"Update File Category","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-10T18:46:48Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:46:48","IsoTimestamp":"2021-03-10T18:46:48Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"106","Desc":"Update File Category","Severity":"Info","Issuer":"PSMApp_VAGRANT","Action":"Update File Category","SourceUser":"","TargetUser":"","Safe":"PSMLiveSessions","File":"Root\\PSMServer.LiveSessions","Station":"81.32.170.205","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update File Category","GatewayStation":""}}}
+<5>1 2021-03-10T22:20:12Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:20:12","IsoTimestamp":"2021-03-10T22:20:12Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"106","Desc":"Update File Category","Severity":"Info","Issuer":"PSMApp_ASR-WIN","Action":"Update File Category","SourceUser":"","TargetUser":"","Safe":"PSMLiveSessions","File":"Root\\PSM-ASR-CYBERARK-WI.LiveSessions","Station":"35.192.121.42","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update File Category","GatewayStation":""}}}
+<5>1 2021-03-11T17:38:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:26</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>106</MessageID>\n    <Desc>Update File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Update File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File>root\\87012dcc-8290-11eb-949e-080027efd402.session</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category>PSMStatus</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:26","IsoTimestamp":"2021-03-11T17:38:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"106","Desc":"Update File Category","Severity":"Info","Issuer":"PSMPApp_VAGRANT","Action":"Update File Category","SourceUser":"","TargetUser":"","Safe":"PSMRecordings","File":"root\\87012dcc-8290-11eb-949e-080027efd402.session","Station":"81.32.170.205","Location":"","Category":"PSMStatus","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update File Category","GatewayStation":""}}}
+<5>1 2021-03-11T20:10:33Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:10:33</Timestamp>\n    <IsoTimestamp>2021-03-11T20:10:33Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>106</MessageID>\n    <Desc>Update File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_ASR-WIN</Issuer>\n    <Action>Update File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMLiveSessions</Safe>\n    <File>Root\\PSM-ASR-CYBERARK-WI.LiveSessions</File>\n    <Station>34.66.114.180</Station>\n    <Location></Location>\n    <Category>_PSMLiveSessions_1</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 12:10:33","IsoTimestamp":"2021-03-11T20:10:33Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"106","Desc":"Update File Category","Severity":"Info","Issuer":"PSMApp_ASR-WIN","Action":"Update File Category","SourceUser":"","TargetUser":"","Safe":"PSMLiveSessions","File":"Root\\PSM-ASR-CYBERARK-WI.LiveSessions","Station":"34.66.114.180","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update File Category","GatewayStation":""}}}
+<5>1 2021-03-14T13:49:38Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:38</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:38Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>106</MessageID>\n    <Desc>Update File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_SSH</Issuer>\n    <Action>Update File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_SSH.LiveSessions</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category>_PSMLiveSessions_1</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:49:38","IsoTimestamp":"2021-03-14T13:49:38Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"106","Desc":"Update File Category","Severity":"Info","Issuer":"PSMPApp_SSH","Action":"Update File Category","SourceUser":"","TargetUser":"","Safe":"PSMPLiveSessions","File":"Root\\PSMPApp_SSH.LiveSessions","Station":"34.71.250.247","Location":"","Category":"_PSMLiveSessions_1","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update File Category","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log-expected.json
new file mode 100644
index 00000000000..2fd7243dc82
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/106_update_file_category.log-expected.json
@@ -0,0 +1,298 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:25:52.000Z",
+        "cyberarkpas.audit.action": "Update File Category",
+        "cyberarkpas.audit.category": "Address",
+        "cyberarkpas.audit.desc": "Update File Category",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:25:52Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update File Category",
+        "cyberarkpas.audit.reason": "Value=[components] Old Value=[Address]",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:25:52",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "update file category",
+        "event.code": "106",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T18:46:48.000Z",
+        "cyberarkpas.audit.action": "Update File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Update File Category",
+        "cyberarkpas.audit.file": "Root\\PSMServer.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:46:48Z",
+        "cyberarkpas.audit.issuer": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.message": "Update File Category",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:46:48",
+        "event.action": "update file category",
+        "event.code": "106",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMServer.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 697,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:20:12.000Z",
+        "cyberarkpas.audit.action": "Update File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Update File Category",
+        "cyberarkpas.audit.file": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:20:12Z",
+        "cyberarkpas.audit.issuer": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.message": "Update File Category",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:20:12",
+        "event.action": "update file category",
+        "event.code": "106",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1347,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:26.000Z",
+        "cyberarkpas.audit.action": "Update File Category",
+        "cyberarkpas.audit.category": "PSMStatus",
+        "cyberarkpas.audit.desc": "Update File Category",
+        "cyberarkpas.audit.file": "root\\87012dcc-8290-11eb-949e-080027efd402.session",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:26Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.message": "Update File Category",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:26</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>106</MessageID>\n    <Desc>Update File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Update File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File>root\\87012dcc-8290-11eb-949e-080027efd402.session</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category>PSMStatus</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMRecordings",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:26",
+        "event.action": "update file category",
+        "event.code": "106",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "root\\87012dcc-8290-11eb-949e-080027efd402.session",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2007,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T20:10:33.000Z",
+        "cyberarkpas.audit.action": "Update File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Update File Category",
+        "cyberarkpas.audit.file": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T20:10:33Z",
+        "cyberarkpas.audit.issuer": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.message": "Update File Category",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:10:33</Timestamp>\n    <IsoTimestamp>2021-03-11T20:10:33Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>106</MessageID>\n    <Desc>Update File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_ASR-WIN</Issuer>\n    <Action>Update File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMLiveSessions</Safe>\n    <File>Root\\PSM-ASR-CYBERARK-WI.LiveSessions</File>\n    <Station>34.66.114.180</Station>\n    <Location></Location>\n    <Category>_PSMLiveSessions_1</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.66.114.180",
+        "cyberarkpas.audit.timestamp": "Mar 11 12:10:33",
+        "event.action": "update file category",
+        "event.code": "106",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3611,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.66.114.180"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.66.114.180",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "34.66.114.180",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T13:49:38.000Z",
+        "cyberarkpas.audit.action": "Update File Category",
+        "cyberarkpas.audit.category": "_PSMLiveSessions_1",
+        "cyberarkpas.audit.desc": "Update File Category",
+        "cyberarkpas.audit.file": "Root\\PSMPApp_SSH.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:49:38Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_SSH",
+        "cyberarkpas.audit.message": "Update File Category",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:38</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:38Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>106</MessageID>\n    <Desc>Update File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_SSH</Issuer>\n    <Action>Update File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_SSH.LiveSessions</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category>_PSMLiveSessions_1</Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update File Category</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:49:38",
+        "event.action": "update file category",
+        "event.code": "106",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMPApp_SSH.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5211,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log b/x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log
new file mode 100644
index 00000000000..92fadaab728
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log
@@ -0,0 +1 @@
+<5>1 2021-03-15T10:22:24Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:22:24</Timestamp>\n    <IsoTimestamp>2021-03-15T10:22:24Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>107</MessageID>\n    <Desc>Delete File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category>LastFailDate</Category>\n    <RequestId></RequestId>\n    <Reason>Old Value=[1615803137]</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File Category</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:22:24","IsoTimestamp":"2021-03-15T10:22:24Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"107","Desc":"Delete File Category","Severity":"Info","Issuer":"Administrator","Action":"Delete File Category","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"127.0.0.1","Location":"","Category":"LastFailDate","RequestId":"","Reason":"Old Value=[1615803137]","ExtraDetails":"","Message":"Delete File Category","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log-expected.json
new file mode 100644
index 00000000000..262c670a528
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/107_delete_file_category.log-expected.json
@@ -0,0 +1,51 @@
+[
+    {
+        "@timestamp": "2021-03-15T10:22:24.000Z",
+        "cyberarkpas.audit.action": "Delete File Category",
+        "cyberarkpas.audit.category": "LastFailDate",
+        "cyberarkpas.audit.desc": "Delete File Category",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:22:24Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File Category",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:22:24</Timestamp>\n    <IsoTimestamp>2021-03-15T10:22:24Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>107</MessageID>\n    <Desc>Delete File Category</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File Category</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category>LastFailDate</Category>\n    <RequestId></RequestId>\n    <Reason>Old Value=[1615803137]</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File Category</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "Old Value=[1615803137]",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:22:24",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file category",
+        "event.code": "107",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log b/x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log
new file mode 100644
index 00000000000..b3191445d81
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log
@@ -0,0 +1 @@
+<5>1 2021-03-14T13:42:20Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:42:20</Timestamp>\n    <IsoTimestamp>2021-03-14T13:42:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>124</MessageID>\n    <Desc>Rename File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Rename File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-PSMConnect</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Rename File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:42:20","IsoTimestamp":"2021-03-14T13:42:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"124","Desc":"Rename File","Severity":"Info","Issuer":"Administrator","Action":"Rename File","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSH-34.123.103.115-PSMConnect","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Rename File","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log-expected.json
new file mode 100644
index 00000000000..0b008d88f7a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/124_rename_file.log-expected.json
@@ -0,0 +1,49 @@
+[
+    {
+        "@timestamp": "2021-03-14T13:42:20.000Z",
+        "cyberarkpas.audit.action": "Rename File",
+        "cyberarkpas.audit.desc": "Rename File",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-PSMConnect",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:42:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Rename File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:42:20</Timestamp>\n    <IsoTimestamp>2021-03-14T13:42:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>124</MessageID>\n    <Desc>Rename File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Rename File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-PSMConnect</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Rename File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:42:20",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "rename file",
+        "event.code": "124",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-PSMConnect",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log b/x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log
new file mode 100644
index 00000000000..d9c83a42d98
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log
@@ -0,0 +1 @@
+<5>1 2021-03-14T13:42:20Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:42:20</Timestamp>\n    <IsoTimestamp>2021-03-14T13:42:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>125</MessageID>\n    <Desc>Rename File (Cont.)</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Rename File (Cont.)</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Operating System-UnixSSH-34.71.250.247-PSMConnect</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Rename File (Cont.)</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:42:20","IsoTimestamp":"2021-03-14T13:42:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"125","Desc":"Rename File (Cont.)","Severity":"Info","Issuer":"Administrator","Action":"Rename File (Cont.)","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Operating System-UnixSSH-34.71.250.247-PSMConnect","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Rename File (Cont.)","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log-expected.json
new file mode 100644
index 00000000000..9f23e422362
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/125_rename_file_cont.log-expected.json
@@ -0,0 +1,49 @@
+[
+    {
+        "@timestamp": "2021-03-14T13:42:20.000Z",
+        "cyberarkpas.audit.action": "Rename File (Cont.)",
+        "cyberarkpas.audit.desc": "Rename File (Cont.)",
+        "cyberarkpas.audit.file": "Operating System-UnixSSH-34.71.250.247-PSMConnect",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:42:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Rename File (Cont.)",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:42:20</Timestamp>\n    <IsoTimestamp>2021-03-14T13:42:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>125</MessageID>\n    <Desc>Rename File (Cont.)</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Rename File (Cont.)</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Operating System-UnixSSH-34.71.250.247-PSMConnect</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Rename File (Cont.)</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:42:20",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "rename file (cont.)",
+        "event.code": "125",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Operating System-UnixSSH-34.71.250.247-PSMConnect",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log b/x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log
new file mode 100644
index 00000000000..eeacd9685bc
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log
@@ -0,0 +1 @@
+<5>1 2021-03-10T18:33:34Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:33:34","IsoTimestamp":"2021-03-10T18:33:34Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"126","Desc":"Unlock File","Severity":"Info","Issuer":"Administrator","Action":"Unlock File","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"Root\\PVConfiguration.xml","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Unlock File","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log-expected.json
new file mode 100644
index 00000000000..76a9cffafb9
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/126_unlock_file.log-expected.json
@@ -0,0 +1,43 @@
+[
+    {
+        "@timestamp": "2021-03-10T18:33:34.000Z",
+        "cyberarkpas.audit.action": "Unlock File",
+        "cyberarkpas.audit.desc": "Unlock File",
+        "cyberarkpas.audit.file": "Root\\PVConfiguration.xml",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:33:34Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Unlock File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:33:34",
+        "event.action": "unlock file",
+        "event.code": "126",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PVConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log
new file mode 100644
index 00000000000..3f6ae5f7871
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log
@@ -0,0 +1 @@
+<7>1 2021-03-15T12:57:13Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 05:57:13</Timestamp>\n    <IsoTimestamp>2021-03-15T12:57:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>130</MessageID>\n    <Desc>CPM Disable Password</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Disable Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>MaxRetries. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=5;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Disable Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"(CPM)MaxRetries\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"5\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813031\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 05:57:13","IsoTimestamp":"2021-03-15T12:57:13Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"130","Desc":"CPM Disable Password","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Disable Password","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"MaxRetries. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n","ExtraDetails":"address=34.66.114.180;retriescount=5;username=ELASTIC\\bart;","Message":"CPM Disable Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"CPMDisabled","Value":"(CPM)MaxRetries"},{"Name":"RetriesCount","Value":"5"},{"Name":"LastFailDate","Value":"1615813031"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Parameter Reconcile account is mandatory but has an empty value or is not defined"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log-expected.json
new file mode 100644
index 00000000000..0f598e7e3f3
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/130_cpm_disable_password.log-expected.json
@@ -0,0 +1,76 @@
+[
+    {
+        "@timestamp": "2021-03-15T12:57:13.000Z",
+        "cyberarkpas.audit.action": "CPM Disable Password",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_disabled": "(CPM)MaxRetries",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615813031",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "5",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC\\bart",
+        "cyberarkpas.audit.desc": "CPM Disable Password",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "5",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T12:57:13Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Disable Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 05:57:13</Timestamp>\n    <IsoTimestamp>2021-03-15T12:57:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>130</MessageID>\n    <Desc>CPM Disable Password</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Disable Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>MaxRetries. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=5;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Disable Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"(CPM)MaxRetries\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"5\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813031\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "MaxRetries. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 05:57:13",
+        "event.action": "cpm disable password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "130",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "ELASTIC\\bart"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log b/x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log
new file mode 100644
index 00000000000..77869bddde4
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log
@@ -0,0 +1 @@
+<7>1 2021-03-11T18:45:23Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:45:23</Timestamp>\n    <IsoTimestamp>2021-03-11T18:45:23Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>178</MessageID>\n    <Desc>Get User's Details</Desc>\n    <Severity>Error</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Get User's Details</Action>\n    <SourceUser>Master</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Get User's Details</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 10:45:23","IsoTimestamp":"2021-03-11T18:45:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"178","Desc":"Get User's Details","Severity":"Error","Issuer":"Administrator","Action":"Get User's Details","SourceUser":"Master","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Get User's Details","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log-expected.json
new file mode 100644
index 00000000000..0b5f7793f35
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/178_get_user_s_details.log-expected.json
@@ -0,0 +1,43 @@
+[
+    {
+        "@timestamp": "2021-03-11T18:45:23.000Z",
+        "cyberarkpas.audit.action": "Get User's Details",
+        "cyberarkpas.audit.desc": "Get User's Details",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T18:45:23Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Get User's Details",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:45:23</Timestamp>\n    <IsoTimestamp>2021-03-11T18:45:23Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>178</MessageID>\n    <Desc>Get User's Details</Desc>\n    <Severity>Error</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Get User's Details</Action>\n    <SourceUser>Master</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Get User's Details</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.source_user": "Master",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 10:45:23",
+        "event.action": "get user's details",
+        "event.code": "178",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": "error",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log b/x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log
new file mode 100644
index 00000000000..78ec9f57fe6
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log
@@ -0,0 +1,12 @@
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMPApp_localhost.localdomain","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMPGW_localhost.localdomain","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:35Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:35","IsoTimestamp":"2021-03-10T09:11:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMP_ADB_localhost.localdomain","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-10T17:59:19Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:19","IsoTimestamp":"2021-03-10T17:59:19Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMApp_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-10T17:59:27Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:27","IsoTimestamp":"2021-03-10T17:59:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMGw_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-10T22:19:06Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:19:06","IsoTimestamp":"2021-03-10T22:19:06Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMApp_ASR-WIN","TargetUser":"","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-10T22:19:15Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:19:15","IsoTimestamp":"2021-03-10T22:19:15Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMGw_ASR-WIN","TargetUser":"","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:36Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:36</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPApp_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:36","IsoTimestamp":"2021-03-11T16:59:36Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMPApp_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:36Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:36</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPGW_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:36","IsoTimestamp":"2021-03-11T16:59:36Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMPGW_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:16Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:16</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPGW_SSH</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:16","IsoTimestamp":"2021-03-14T12:57:16Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMPGW_SSH","TargetUser":"","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:16Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:16</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPApp_SSH</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:16","IsoTimestamp":"2021-03-14T12:57:16Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMPApp_SSH","TargetUser":"","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:21Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:21</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMP_ADB_asr-cyberark-psm-ssh</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:21","IsoTimestamp":"2021-03-14T12:57:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"180","Desc":"Add User","Severity":"Info","Issuer":"Administrator","Action":"Add User","SourceUser":"PSMP_ADB_asr-cyberark-psm-ssh","TargetUser":"","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add User","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log-expected.json
new file mode 100644
index 00000000000..3f89812c054
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/180_add_user.log-expected.json
@@ -0,0 +1,704 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPApp_localhost.localdomain",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPApp_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMPApp_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPGW_localhost.localdomain",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 581,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPGW_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMPGW_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:35.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMP_ADB_localhost.localdomain",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:35",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1161,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMP_ADB_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMP_ADB_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T17:59:19.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:19Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:19",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1743,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMApp_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMApp_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-10T17:59:27.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:27Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMGw_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:27",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2309,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMGw_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMGw_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-10T22:19:06.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:19:06Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:19:06",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2874,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "related.user": [
+            "PSMApp_ASR-WIN"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMApp_ASR-WIN"
+    },
+    {
+        "@timestamp": "2021-03-10T22:19:15.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:19:15Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMGw_ASR-WIN",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:19:15",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3440,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "related.user": [
+            "PSMGw_ASR-WIN"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMGw_ASR-WIN"
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:36.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:36Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:36</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPApp_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:36",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4005,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPApp_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMPApp_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:36.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:36Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:36</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPGW_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPGW_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:36",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5419,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPGW_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMPGW_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:16.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:16Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:16</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPGW_SSH</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPGW_SSH",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:16",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6831,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "PSMPGW_SSH"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMPGW_SSH"
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:16.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:16Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:16</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMPApp_SSH</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPApp_SSH",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:16",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8235,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "PSMPApp_SSH"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMPApp_SSH"
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:21.000Z",
+        "cyberarkpas.audit.action": "Add User",
+        "cyberarkpas.audit.desc": "Add User",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add User",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:21</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>180</MessageID>\n    <Desc>Add User</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add User</Action>\n    <SourceUser>PSMP_ADB_asr-cyberark-psm-ssh</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add User</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMP_ADB_asr-cyberark-psm-ssh",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:21",
+        "event.action": "add user",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "180",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 9641,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "PSMP_ADB_asr-cyberark-psm-ssh"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.target.name": "PSMP_ADB_asr-cyberark-psm-ssh"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log b/x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log
new file mode 100644
index 00000000000..93d8a45a00e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log
@@ -0,0 +1 @@
+<5>1 2021-03-10T18:15:44Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:15:44","IsoTimestamp":"2021-03-10T18:15:44Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"181","Desc":"Update Safe","Severity":"Info","Issuer":"Administrator","Action":"Update Safe","SourceUser":"","TargetUser":"","Safe":"PSM","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Safe","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log-expected.json
new file mode 100644
index 00000000000..6c43cfdf699
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/181_update_safe.log-expected.json
@@ -0,0 +1,49 @@
+[
+    {
+        "@timestamp": "2021-03-10T18:15:44.000Z",
+        "cyberarkpas.audit.action": "Update Safe",
+        "cyberarkpas.audit.desc": "Update Safe",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:15:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update Safe",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:15:44",
+        "event.action": "update safe",
+        "event.code": "181",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log b/x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log
new file mode 100644
index 00000000000..21a17a2c729
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"185","Desc":"Add Safe","Severity":"Info","Issuer":"Administrator","Action":"Add Safe","SourceUser":"","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Safe","GatewayStation":""}}}
+<5>1 2021-03-11T17:38:13Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:13</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>185</MessageID>\n    <Desc>Add Safe</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Add Safe</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Safe</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:13","IsoTimestamp":"2021-03-11T17:38:13Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"185","Desc":"Add Safe","Severity":"Info","Issuer":"PSMPApp_VAGRANT","Action":"Add Safe","SourceUser":"","TargetUser":"","Safe":"PSMRecordings","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Safe","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log-expected.json
new file mode 100644
index 00000000000..e84c490f628
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/185_add_safe.log-expected.json
@@ -0,0 +1,97 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Safe",
+        "cyberarkpas.audit.desc": "Add Safe",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Safe",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add safe",
+        "event.code": "185",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:13.000Z",
+        "cyberarkpas.audit.action": "Add Safe",
+        "cyberarkpas.audit.desc": "Add Safe",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:13Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.message": "Add Safe",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:13</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>185</MessageID>\n    <Desc>Add Safe</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Add Safe</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Safe</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMRecordings",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:13",
+        "event.action": "add safe",
+        "event.code": "185",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 560,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log b/x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log
new file mode 100644
index 00000000000..3f7fa511cc8
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-10T09:11:40Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:40","IsoTimestamp":"2021-03-10T09:11:40Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"187","Desc":"Add Folder","Severity":"Info","Issuer":"Administrator","Action":"Add Folder","SourceUser":"","TargetUser":"","Safe":"PSMPADBridgeConf","File":"Root\\Scripts\\","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Folder","GatewayStation":""}}}
+<5>1 2021-03-11T18:01:14Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:01:14</Timestamp>\n    <IsoTimestamp>2021-03-11T18:01:14Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>187</MessageID>\n    <Desc>Add Folder</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Add Folder</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMUnmanagedSessionAccounts</Safe>\n    <File>Root\\2\\</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Folder</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 10:01:14","IsoTimestamp":"2021-03-11T18:01:14Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"187","Desc":"Add Folder","Severity":"Info","Issuer":"PVWAAppUser","Action":"Add Folder","SourceUser":"","TargetUser":"","Safe":"PSMUnmanagedSessionAccounts","File":"Root\\2\\","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Folder","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log-expected.json
new file mode 100644
index 00000000000..35bafcb8bf3
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/187_add_folder.log-expected.json
@@ -0,0 +1,93 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:40.000Z",
+        "cyberarkpas.audit.action": "Add Folder",
+        "cyberarkpas.audit.desc": "Add Folder",
+        "cyberarkpas.audit.file": "Root\\Scripts\\",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:40Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Folder",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPADBridgeConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:40",
+        "event.action": "add folder",
+        "event.code": "187",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Scripts\\",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T18:01:14.000Z",
+        "cyberarkpas.audit.action": "Add Folder",
+        "cyberarkpas.audit.desc": "Add Folder",
+        "cyberarkpas.audit.file": "Root\\2\\",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T18:01:14Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Add Folder",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:01:14</Timestamp>\n    <IsoTimestamp>2021-03-11T18:01:14Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>187</MessageID>\n    <Desc>Add Folder</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Add Folder</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMUnmanagedSessionAccounts</Safe>\n    <File>Root\\2\\</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Folder</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMUnmanagedSessionAccounts",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 11 10:01:14",
+        "event.action": "add folder",
+        "event.code": "187",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\2\\",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 589,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log b/x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log
new file mode 100644
index 00000000000..88926eb1571
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log
@@ -0,0 +1,9 @@
+<5>1 2021-03-08T18:07:51Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:07:51","IsoTimestamp":"2021-03-08T18:07:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PVWAGWUser","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-09T08:32:51Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 00:32:51","IsoTimestamp":"2021-03-09T08:32:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PVWAGWUser","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-09T10:14:58Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 02:14:58","IsoTimestamp":"2021-03-09T10:14:58Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PVWAGWUser","TargetUser":"","Safe":"","File":"","Station":"37.223.7.45","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-10T08:31:50Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:31:50","IsoTimestamp":"2021-03-10T08:31:50Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"PasswordManager","Action":"Full Gateway Connection","SourceUser":"PVWAGWUser","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-10T22:37:00Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:37:00","IsoTimestamp":"2021-03-10T22:37:00Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PVWAGWUser","TargetUser":"","Safe":"","File":"","Station":"10.0.1.10","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-11T17:38:05Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:05</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:05Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PSMPGW_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:05","IsoTimestamp":"2021-03-11T17:38:05Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PSMPGW_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"81.32.170.205"}}}
+<5>1 2021-03-11T17:48:22Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:22</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:22Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PSMPGW_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:48:22","IsoTimestamp":"2021-03-11T17:48:22Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PSMPGW_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"10.0.2.2","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"81.32.170.205"}}}
+<5>1 2021-03-11T18:02:57Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:02:57</Timestamp>\n    <IsoTimestamp>2021-03-11T18:02:57Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PVWAGWUser</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>35.192.121.42</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 10:02:57","IsoTimestamp":"2021-03-11T18:02:57Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PVWAGWUser","TargetUser":"","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-14T13:49:35Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:35</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PSMPGW_SSH</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:49:35","IsoTimestamp":"2021-03-14T13:49:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"19","Desc":"Full Gateway Connection","Severity":"Info","Issuer":"Administrator","Action":"Full Gateway Connection","SourceUser":"PSMPGW_SSH","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Full Gateway Connection","GatewayStation":"34.71.250.247"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log-expected.json
new file mode 100644
index 00000000000..9faecd9b6ef
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/19_full_gateway_connection.log-expected.json
@@ -0,0 +1,579 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:07:51.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:07:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWUser",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:07:51",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "PVWAGWUser",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-09T08:32:51.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T08:32:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWUser",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 09 00:32:51",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 611,
+        "log.syslog.priority": "5",
+        "network.direction": "inbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "PVWAGWUser",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-09T10:14:58.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T10:14:58Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWUser",
+        "cyberarkpas.audit.station": "37.223.7.45",
+        "cyberarkpas.audit.timestamp": "Mar 09 02:14:58",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1226,
+        "log.syslog.priority": "5",
+        "network.direction": "inbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "37.223.7.45",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "37.223.7.45",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "37.223.7.45",
+        "source.user.name": "PVWAGWUser",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-10T08:31:50.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:31:50Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWUser",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:31:50",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "PasswordManager",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1839,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser",
+            "PasswordManager"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PVWAGWUser",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-10T22:37:00.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:37:00Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWUser",
+        "cyberarkpas.audit.station": "10.0.1.10",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:37:00",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2452,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.10",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.10",
+        "source.ip": "10.0.1.10",
+        "source.user.name": "PVWAGWUser",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:05.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:05Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:05</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:05Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PSMPGW_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPGW_VAGRANT",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:05",
+        "destination.address": "81.32.170.205",
+        "destination.geo.city_name": "Barcelona",
+        "destination.geo.continent_name": "Europe",
+        "destination.geo.country_iso_code": "ES",
+        "destination.geo.country_name": "Spain",
+        "destination.geo.location.lat": 41.3891,
+        "destination.geo.location.lon": 2.1611,
+        "destination.geo.region_iso_code": "ES-B",
+        "destination.geo.region_name": "Barcelona",
+        "destination.ip": "81.32.170.205",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3063,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPGW_VAGRANT",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "PSMPGW_VAGRANT",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPGW_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-11T17:48:22.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:48:22Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:22</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:22Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PSMPGW_VAGRANT</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPGW_VAGRANT",
+        "cyberarkpas.audit.station": "10.0.2.2",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:48:22",
+        "destination.address": "81.32.170.205",
+        "destination.geo.city_name": "Barcelona",
+        "destination.geo.continent_name": "Europe",
+        "destination.geo.country_iso_code": "ES",
+        "destination.geo.country_name": "Spain",
+        "destination.geo.location.lat": 41.3891,
+        "destination.geo.location.lon": 2.1611,
+        "destination.geo.region_iso_code": "ES-B",
+        "destination.geo.region_name": "Barcelona",
+        "destination.ip": "81.32.170.205",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4581,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPGW_VAGRANT",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "PSMPGW_VAGRANT",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPGW_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-11T18:02:57.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T18:02:57Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:02:57</Timestamp>\n    <IsoTimestamp>2021-03-11T18:02:57Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PVWAGWUser</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>35.192.121.42</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWUser",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 11 10:02:57",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6097,
+        "log.syslog.priority": "5",
+        "network.direction": "inbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "source.user.name": "PVWAGWUser",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-14T13:49:35.000Z",
+        "cyberarkpas.audit.action": "Full Gateway Connection",
+        "cyberarkpas.audit.desc": "Full Gateway Connection",
+        "cyberarkpas.audit.gateway_station": "34.71.250.247",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:49:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Full Gateway Connection",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:35</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>19</MessageID>\n    <Desc>Full Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Full Gateway Connection</Action>\n    <SourceUser>PSMPGW_SSH</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Full Gateway Connection</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPGW_SSH",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:49:35",
+        "destination.address": "34.71.250.247",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.71.250.247",
+        "destination.user.name": "Administrator",
+        "event.action": "full gateway connection",
+        "event.category": [
+            "network"
+        ],
+        "event.code": "19",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7607,
+        "log.syslog.priority": "5",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "PSMPGW_SSH",
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "PSMPGW_SSH",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPGW_SSH"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log b/x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log
new file mode 100644
index 00000000000..46036841299
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log
@@ -0,0 +1 @@
+<5>1 2021-03-09T10:17:54Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 02:17:54","IsoTimestamp":"2021-03-09T10:17:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"202","Desc":"Old Backup Files Deletion Start","Severity":"Info","Issuer":"Batch","Action":"Old Backup Files Deletion Start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Old Backup Files Deletion Start","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log-expected.json
new file mode 100644
index 00000000000..8e24b5e0d54
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/202_old_backup_files_deletion_start.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-09T10:17:54.000Z",
+        "cyberarkpas.audit.action": "Old Backup Files Deletion Start",
+        "cyberarkpas.audit.desc": "Old Backup Files Deletion Start",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T10:17:54Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Old Backup Files Deletion Start",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 09 02:17:54",
+        "event.action": "old backup files deletion start",
+        "event.code": "202",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log b/x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log
new file mode 100644
index 00000000000..015edc3e25e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log
@@ -0,0 +1 @@
+<5>1 2021-03-09T10:17:54Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 02:17:54","IsoTimestamp":"2021-03-09T10:17:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"203","Desc":"Old Backup Files Deletion End","Severity":"Info","Issuer":"Batch","Action":"Old Backup Files Deletion End","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Old Backup Files Deletion End","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log-expected.json
new file mode 100644
index 00000000000..0c1dbfbdb61
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/203_old_backup_files_deletion_end.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-09T10:17:54.000Z",
+        "cyberarkpas.audit.action": "Old Backup Files Deletion End",
+        "cyberarkpas.audit.desc": "Old Backup Files Deletion End",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T10:17:54Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Old Backup Files Deletion End",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 09 02:17:54",
+        "event.action": "old backup files deletion end",
+        "event.code": "203",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log b/x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log
new file mode 100644
index 00000000000..4c7b137fe67
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log
@@ -0,0 +1 @@
+<5>1 2021-03-25T09:20:07Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 05:20:07</Timestamp>\n    <IsoTimestamp>2021-03-25T09:20:07Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>20</MessageID>\n    <Desc>Partial Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMGw_COMP01</Issuer>\n    <Action>Partial Gateway Connection</Action>\n    <SourceUser>Administrator</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Partial Gateway Connection</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 05:20:07","IsoTimestamp":"2021-03-25T09:20:07Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"20","Desc":"Partial Gateway Connection","Severity":"Info","Issuer":"PSMGw_COMP01","Action":"Partial Gateway Connection","SourceUser":"Administrator","TargetUser":"","Safe":"","File":"","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Partial Gateway Connection","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log-expected.json
new file mode 100644
index 00000000000..3c54667a525
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/20_partial_gateway_connection.log-expected.json
@@ -0,0 +1,42 @@
+[
+    {
+        "@timestamp": "2021-03-25T09:20:07.000Z",
+        "cyberarkpas.audit.action": "Partial Gateway Connection",
+        "cyberarkpas.audit.desc": "Partial Gateway Connection",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T09:20:07Z",
+        "cyberarkpas.audit.issuer": "PSMGw_COMP01",
+        "cyberarkpas.audit.message": "Partial Gateway Connection",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 05:20:07</Timestamp>\n    <IsoTimestamp>2021-03-25T09:20:07Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>20</MessageID>\n    <Desc>Partial Gateway Connection</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMGw_COMP01</Issuer>\n    <Action>Partial Gateway Connection</Action>\n    <SourceUser>Administrator</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Partial Gateway Connection</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Administrator",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 05:20:07",
+        "event.action": "partial gateway connection",
+        "event.code": "20",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "10.0.0.15"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.0.15",
+        "source.ip": "10.0.0.15",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log
new file mode 100644
index 00000000000..f3949f536de
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log
@@ -0,0 +1,2 @@
+Apr 07 09:51:42 VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>22</MessageID>\n    <Desc>CPM Verify Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12</File>\n    <Station>10.2.0.4</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=radiussrv.cyberark.local;username=test12;</ExtraDetails>\n    <Message>CPM Verify Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"test12\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1604943844\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"22","Desc":"CPM Verify Password","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Verify Password","SourceUser":"","TargetUser":"","IsoTimestamp":"2021-03-16T15:01:00Z","Safe":"Linux","File":"Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12","Station":"10.2.0.4","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask","ExtraDetails":"address=radiussrv.cyberark.local;username=test12;","Message":"CPM Verify Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"LINUX-SSH"},{"Name":"UserName","Value":"test12"},{"Name":"Address","Value":"radiussrv.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastSuccessVerification","Value":"1604943844"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"success"},{"Name":"CreationMethod","Value":"PVWA"}]}}}}
+<5>1 2021-03-15T10:22:44Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:22:44</Timestamp>\n    <IsoTimestamp>2021-03-15T10:22:44Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>22</MessageID>\n    <Desc>CPM Verify Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=34.123.103.115;username=testark;</ExtraDetails>\n    <Message>CPM Verify Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:22:44","IsoTimestamp":"2021-03-15T10:22:44Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"22","Desc":"CPM Verify Password","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Verify Password","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask","ExtraDetails":"address=34.123.103.115;username=testark;","Message":"CPM Verify Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log-expected.json
new file mode 100644
index 00000000000..a549886a098
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/22_cpm_verify_password.log-expected.json
@@ -0,0 +1,149 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password",
+        "cyberarkpas.audit.ca_properties.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1604943844",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "LINUX-SSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "test12",
+        "cyberarkpas.audit.desc": "CPM Verify Password",
+        "cyberarkpas.audit.extra_details.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.extra_details.username": "test12",
+        "cyberarkpas.audit.file": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>22</MessageID>\n    <Desc>CPM Verify Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12</File>\n    <Station>10.2.0.4</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=radiussrv.cyberark.local;username=test12;</ExtraDetails>\n    <Message>CPM Verify Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"test12\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1604943844\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Linux",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.4",
+        "destination.address": "radiussrv.cyberark.local",
+        "destination.domain": "radiussrv.cyberark.local",
+        "destination.user.name": "test12",
+        "event.action": "cpm verify password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "22",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "info"
+        ],
+        "file.path": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.4"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "test12"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.4",
+        "source.ip": "10.2.0.4",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T10:22:44.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "CPM Verify Password",
+        "cyberarkpas.audit.extra_details.address": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.username": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:22:44Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:22:44</Timestamp>\n    <IsoTimestamp>2021-03-15T10:22:44Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>22</MessageID>\n    <Desc>CPM Verify Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=34.123.103.115;username=testark;</ExtraDetails>\n    <Message>CPM Verify Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:22:44",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "cpm verify password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "22",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2648,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.123.103.115"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log b/x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log
new file mode 100644
index 00000000000..51629665b2b
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log
@@ -0,0 +1,3 @@
+<7>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"23","Desc":"Action On Closed Safe","Severity":"Error","Issuer":"Administrator","Action":"Action On Closed Safe","SourceUser":"","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Action On Closed Safe","GatewayStation":""}}}
+<7>1 2021-03-14T12:07:27Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:07:27</Timestamp>\n    <IsoTimestamp>2021-03-14T12:07:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>23</MessageID>\n    <Desc>Action On Closed Safe</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Action On Closed Safe</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>AccountsFeedADAccounts</Safe>\n    <File></File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Action On Closed Safe</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:07:27","IsoTimestamp":"2021-03-14T12:07:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"23","Desc":"Action On Closed Safe","Severity":"Error","Issuer":"PasswordManager","Action":"Action On Closed Safe","SourceUser":"","TargetUser":"","Safe":"AccountsFeedADAccounts","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Action On Closed Safe","GatewayStation":""}}}
+<7>1 2021-03-14T12:57:16Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:16</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>23</MessageID>\n    <Desc>Action On Closed Safe</Desc>\n    <Severity>Error</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Action On Closed Safe</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPConf</Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Action On Closed Safe</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:16","IsoTimestamp":"2021-03-14T12:57:16Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"23","Desc":"Action On Closed Safe","Severity":"Error","Issuer":"Administrator","Action":"Action On Closed Safe","SourceUser":"","TargetUser":"","Safe":"PSMPConf","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Action On Closed Safe","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log-expected.json
new file mode 100644
index 00000000000..a8ef4bc0bdb
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/23_action_on_closed_safe.log-expected.json
@@ -0,0 +1,137 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Action On Closed Safe",
+        "cyberarkpas.audit.desc": "Action On Closed Safe",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Action On Closed Safe",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "action on closed safe",
+        "event.code": "23",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": "error",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:07:27.000Z",
+        "cyberarkpas.audit.action": "Action On Closed Safe",
+        "cyberarkpas.audit.desc": "Action On Closed Safe",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:07:27Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Action On Closed Safe",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:07:27</Timestamp>\n    <IsoTimestamp>2021-03-14T12:07:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>23</MessageID>\n    <Desc>Action On Closed Safe</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Action On Closed Safe</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>AccountsFeedADAccounts</Safe>\n    <File></File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Action On Closed Safe</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "AccountsFeedADAccounts",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:07:27",
+        "event.action": "action on closed safe",
+        "event.code": "23",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": "error",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 599,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:16.000Z",
+        "cyberarkpas.audit.action": "Action On Closed Safe",
+        "cyberarkpas.audit.desc": "Action On Closed Safe",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:16Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Action On Closed Safe",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:16</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>23</MessageID>\n    <Desc>Action On Closed Safe</Desc>\n    <Severity>Error</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Action On Closed Safe</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPConf</Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Action On Closed Safe</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:16",
+        "event.action": "action on closed safe",
+        "event.code": "23",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": "error",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2101,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log
new file mode 100644
index 00000000000..f50102d48f7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log
@@ -0,0 +1,4 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>24</MessageID>\n    <Desc>CPM Change Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Change Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12</File>\n    <Station>10.2.0.4</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=radiussrv.cyberark.local;username=test12;</ExtraDetails>\n    <Message>CPM Change Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"test12\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1604943844\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1604944158\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"24","Desc":"CPM Change Password","Severity":"Info","IsoTimestamp":"2021-03-16T15:01:00Z","Issuer":"PasswordManager","Action":"CPM Change Password","SourceUser":"","TargetUser":"","Safe":"Linux","File":"Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12","Station":"10.2.0.4","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask","ExtraDetails":"address=radiussrv.cyberark.local;username=test12;","Message":"CPM Change Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"LINUX-SSH"},{"Name":"UserName","Value":"test12"},{"Name":"Address","Value":"radiussrv.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastSuccessVerification","Value":"1604943844"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"CPMStatus","Value":"success"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessChange","Value":"1604944158"}]}}}}
+<5>1 2021-03-08T19:20:05Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 11:20:05","IsoTimestamp":"2021-03-08T19:20:05Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"24","Desc":"CPM Change Password","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Change Password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask","ExtraDetails":"address=components;username=x_accountA;","Message":"CPM Change Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountA"},{"Name":"Address","Value":"components"},{"Name":"SequenceID","Value":"27"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1615231204"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"1"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-10T23:39:28Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 15:39:28","IsoTimestamp":"2021-03-10T23:39:28Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"24","Desc":"CPM Change Password","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Change Password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask","ExtraDetails":"address=components;username=x_accountB;","Message":"CPM Change Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountB"},{"Name":"Address","Value":"components"},{"Name":"SequenceID","Value":"25"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1615419568"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"2"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-15T10:12:24Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:24</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:24Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>24</MessageID>\n    <Desc>CPM Change Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Change Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=components;username=x_accountA;</ExtraDetails>\n    <Message>CPM Change Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDesktopLocal\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"x_accountA\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"components\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"28\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"GroupName\" Value=\"WindowsGroup\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615803143\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"Index\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"DualAccountStatus\" Value=\"Inactive\"></CAProperty>\n      <CAProperty Name=\"VirtualUsername\" Value=\"virtual\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:12:24","IsoTimestamp":"2021-03-15T10:12:24Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"24","Desc":"CPM Change Password","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Change Password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask","ExtraDetails":"address=components;username=x_accountA;","Message":"CPM Change Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountA"},{"Name":"Address","Value":"components"},{"Name":"SequenceID","Value":"28"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1615803143"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"1"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log-expected.json
new file mode 100644
index 00000000000..3cf879a9996
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/24_cpm_change_password.log-expected.json
@@ -0,0 +1,292 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "CPM Change Password",
+        "cyberarkpas.audit.ca_properties.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1604944158",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1604943844",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "LINUX-SSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "test12",
+        "cyberarkpas.audit.desc": "CPM Change Password",
+        "cyberarkpas.audit.extra_details.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.extra_details.username": "test12",
+        "cyberarkpas.audit.file": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Change Password",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>24</MessageID>\n    <Desc>CPM Change Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Change Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12</File>\n    <Station>10.2.0.4</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=radiussrv.cyberark.local;username=test12;</ExtraDetails>\n    <Message>CPM Change Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"test12\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1604943844\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1604944158\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Linux",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.4",
+        "destination.address": "radiussrv.cyberark.local",
+        "destination.domain": "radiussrv.cyberark.local",
+        "event.action": "cpm change password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "24",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change"
+        ],
+        "file.path": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-test12",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.4"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "test12"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.4",
+        "source.ip": "10.2.0.4",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "test12"
+    },
+    {
+        "@timestamp": "2021-03-08T19:20:05.000Z",
+        "cyberarkpas.audit.action": "CPM Change Password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.index": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615231204",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "27",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountA",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "CPM Change Password",
+        "cyberarkpas.audit.extra_details.address": "components",
+        "cyberarkpas.audit.extra_details.username": "x_accountA",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T19:20:05Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Change Password",
+        "cyberarkpas.audit.reason": "ImmediateTask",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 11:20:05",
+        "destination.address": "components",
+        "destination.domain": "components",
+        "event.action": "cpm change password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "24",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change"
+        ],
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2757,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "x_accountA"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "x_accountA"
+    },
+    {
+        "@timestamp": "2021-03-10T23:39:28.000Z",
+        "cyberarkpas.audit.action": "CPM Change Password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.index": "2",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615419568",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "25",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountB",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "CPM Change Password",
+        "cyberarkpas.audit.extra_details.address": "components",
+        "cyberarkpas.audit.extra_details.username": "x_accountB",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T23:39:28Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Change Password",
+        "cyberarkpas.audit.reason": "ImmediateTask",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 15:39:28",
+        "destination.address": "components",
+        "destination.domain": "components",
+        "event.action": "cpm change password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "24",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change"
+        ],
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4099,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "x_accountB"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "x_accountB"
+    },
+    {
+        "@timestamp": "2021-03-15T10:12:24.000Z",
+        "cyberarkpas.audit.action": "CPM Change Password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.index": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615803143",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "28",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountA",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "CPM Change Password",
+        "cyberarkpas.audit.extra_details.address": "components",
+        "cyberarkpas.audit.extra_details.username": "x_accountA",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:12:24Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Change Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:24</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:24Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>24</MessageID>\n    <Desc>CPM Change Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Change Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=components;username=x_accountA;</ExtraDetails>\n    <Message>CPM Change Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDesktopLocal\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"x_accountA\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"components\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"28\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"GroupName\" Value=\"WindowsGroup\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615803143\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"Index\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"DualAccountStatus\" Value=\"Inactive\"></CAProperty>\n      <CAProperty Name=\"VirtualUsername\" Value=\"virtual\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:12:24",
+        "destination.address": "components",
+        "destination.domain": "components",
+        "event.action": "cpm change password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "24",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change"
+        ],
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5441,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "x_accountA"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "x_accountA"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log b/x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log
new file mode 100644
index 00000000000..7284820d8e4
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log
@@ -0,0 +1,4 @@
+<5>1 2021-03-10T09:11:21Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:21","IsoTimestamp":"2021-03-10T09:11:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"259","Desc":"Add/Update Group","Severity":"Info","Issuer":"Administrator","Action":"Add/Update Group","SourceUser":"PSMMaster","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add/Update Group","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:21Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:21","IsoTimestamp":"2021-03-10T09:11:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"259","Desc":"Add/Update Group","Severity":"Info","Issuer":"Administrator","Action":"Add/Update Group","SourceUser":"PSMAppUsers","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add/Update Group","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:35Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:35","IsoTimestamp":"2021-03-10T09:11:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"259","Desc":"Add/Update Group","Severity":"Info","Issuer":"Administrator","Action":"Add/Update Group","SourceUser":"PSMP_ADB_AppUsers","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add/Update Group","GatewayStation":""}}}
+<5>1 2021-03-10T17:59:29Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:29","IsoTimestamp":"2021-03-10T17:59:29Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"259","Desc":"Add/Update Group","Severity":"Info","Issuer":"Administrator","Action":"Add/Update Group","SourceUser":"PSMLiveSessionTerminators","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add/Update Group","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log-expected.json
new file mode 100644
index 00000000000..74637ba020f
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/259_add_update_group.log-expected.json
@@ -0,0 +1,190 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:21.000Z",
+        "cyberarkpas.audit.action": "Add/Update Group",
+        "cyberarkpas.audit.desc": "Add/Update Group",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add/Update Group",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMMaster",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:21",
+        "event.action": "add/update group",
+        "event.code": "259",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:21.000Z",
+        "cyberarkpas.audit.action": "Add/Update Group",
+        "cyberarkpas.audit.desc": "Add/Update Group",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add/Update Group",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:21",
+        "event.action": "add/update group",
+        "event.code": "259",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 585,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:35.000Z",
+        "cyberarkpas.audit.action": "Add/Update Group",
+        "cyberarkpas.audit.desc": "Add/Update Group",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add/Update Group",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMP_ADB_AppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:35",
+        "event.action": "add/update group",
+        "event.code": "259",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1172,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T17:59:29.000Z",
+        "cyberarkpas.audit.action": "Add/Update Group",
+        "cyberarkpas.audit.desc": "Add/Update Group",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:29Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add/Update Group",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMLiveSessionTerminators",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:29",
+        "event.action": "add/update group",
+        "event.code": "259",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1765,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log b/x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log
new file mode 100644
index 00000000000..bff61c277da
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log
@@ -0,0 +1,14 @@
+<5>1 2021-03-10T09:11:22Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:22","IsoTimestamp":"2021-03-10T09:11:22Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMAppUsers","TargetUser":"PSMPApp_localhost.localdomain","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:22Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:22","IsoTimestamp":"2021-03-10T09:11:22Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PVWAGWAccounts","TargetUser":"PSMPGW_localhost.localdomain","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:35Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:35","IsoTimestamp":"2021-03-10T09:11:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMP_ADB_AppUsers","TargetUser":"PSMP_ADB_localhost.localdomain","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T17:58:01Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:58:01","IsoTimestamp":"2021-03-10T17:58:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMMaster","TargetUser":"Administrator","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T17:59:29Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:29","IsoTimestamp":"2021-03-10T17:59:29Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMAppUsers","TargetUser":"PSMApp_VAGRANT","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T17:59:30Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:30","IsoTimestamp":"2021-03-10T17:59:30Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PVWAGWAccounts","TargetUser":"PSMGw_VAGRANT","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T22:17:15Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:17:15","IsoTimestamp":"2021-03-10T22:17:15Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMMaster","TargetUser":"Administrator","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T22:19:16Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:19:16","IsoTimestamp":"2021-03-10T22:19:16Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMAppUsers","TargetUser":"PSMApp_ASR-WIN","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T22:19:16Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:19:16","IsoTimestamp":"2021-03-10T22:19:16Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PVWAGWAccounts","TargetUser":"PSMGw_ASR-WIN","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:38Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:38</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:38Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PSMAppUsers</SourceUser>\n    <TargetUser>PSMPApp_VAGRANT</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:38","IsoTimestamp":"2021-03-11T16:59:38Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMAppUsers","TargetUser":"PSMPApp_VAGRANT","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:38Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:38</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:38Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PVWAGWAccounts</SourceUser>\n    <TargetUser>PSMPGW_VAGRANT</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:38","IsoTimestamp":"2021-03-11T16:59:38Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PVWAGWAccounts","TargetUser":"PSMPGW_VAGRANT","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:17Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:17</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PVWAGWAccounts</SourceUser>\n    <TargetUser>PSMPGW_SSH</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:17","IsoTimestamp":"2021-03-14T12:57:17Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PVWAGWAccounts","TargetUser":"PSMPGW_SSH","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:17Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:17</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PSMAppUsers</SourceUser>\n    <TargetUser>PSMPApp_SSH</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:17","IsoTimestamp":"2021-03-14T12:57:17Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMAppUsers","TargetUser":"PSMPApp_SSH","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:21Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:21</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PSMP_ADB_AppUsers</SourceUser>\n    <TargetUser>PSMP_ADB_asr-cyberark-psm-ssh</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:21","IsoTimestamp":"2021-03-14T12:57:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"265","Desc":"Add Group Member","Severity":"Info","Issuer":"Administrator","Action":"Add Group Member","SourceUser":"PSMP_ADB_AppUsers","TargetUser":"PSMP_ADB_asr-cyberark-psm-ssh","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Group Member","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log-expected.json
new file mode 100644
index 00000000000..131df5259cd
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/265_add_group_member.log-expected.json
@@ -0,0 +1,667 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:22.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:22Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "PSMPApp_localhost.localdomain",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:22",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:22.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:22Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWAccounts",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "PSMPGW_localhost.localdomain",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:22",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 616,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:35.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMP_ADB_AppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "PSMP_ADB_localhost.localdomain",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:35",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1234,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T17:58:01.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:58:01Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMMaster",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "Administrator",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:58:01",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1857,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T17:59:29.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:29Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:29",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2455,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T17:59:30.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:30Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWAccounts",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "PSMGw_VAGRANT",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:30",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3056,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:17:15.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:17:15Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMMaster",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.target_user": "Administrator",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:17:15",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3659,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:19:16.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:19:16Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.target_user": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:19:16",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4257,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:19:16.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:19:16Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWAccounts",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.target_user": "PSMGw_ASR-WIN",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:19:16",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4858,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:38.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:38Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:38</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:38Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PSMAppUsers</SourceUser>\n    <TargetUser>PSMPApp_VAGRANT</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:38",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5461,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:38.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:38Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:38</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:38Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PVWAGWAccounts</SourceUser>\n    <TargetUser>PSMPGW_VAGRANT</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWAccounts",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "PSMPGW_VAGRANT",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:38",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6945,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:17.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:17Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:17</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PVWAGWAccounts</SourceUser>\n    <TargetUser>PSMPGW_SSH</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWAccounts",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.target_user": "PSMPGW_SSH",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:17",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8433,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:17.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:17Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:17</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PSMAppUsers</SourceUser>\n    <TargetUser>PSMPApp_SSH</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.target_user": "PSMPApp_SSH",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:17",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 9913,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:21.000Z",
+        "cyberarkpas.audit.action": "Add Group Member",
+        "cyberarkpas.audit.desc": "Add Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Group Member",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:21</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>265</MessageID>\n    <Desc>Add Group Member</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Add Group Member</Action>\n    <SourceUser>PSMP_ADB_AppUsers</SourceUser>\n    <TargetUser>PSMP_ADB_asr-cyberark-psm-ssh</TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Group Member</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMP_ADB_AppUsers",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.target_user": "PSMP_ADB_asr-cyberark-psm-ssh",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:21",
+        "event.action": "add group member",
+        "event.code": "265",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 11389,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log b/x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log
new file mode 100644
index 00000000000..7b0f9be88a0
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-10T17:59:48Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:48","IsoTimestamp":"2021-03-10T17:59:48Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"266","Desc":"Remove Group Member","Severity":"Info","Issuer":"Administrator","Action":"Remove Group Member","SourceUser":"PSMMaster","TargetUser":"Administrator","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Remove Group Member","GatewayStation":""}}}
+<5>1 2021-03-10T22:19:23Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:19:23","IsoTimestamp":"2021-03-10T22:19:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"266","Desc":"Remove Group Member","Severity":"Info","Issuer":"Administrator","Action":"Remove Group Member","SourceUser":"PSMMaster","TargetUser":"Administrator","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Remove Group Member","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log-expected.json
new file mode 100644
index 00000000000..9fe62e5d167
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/266_remove_group_member.log-expected.json
@@ -0,0 +1,97 @@
+[
+    {
+        "@timestamp": "2021-03-10T17:59:48.000Z",
+        "cyberarkpas.audit.action": "Remove Group Member",
+        "cyberarkpas.audit.desc": "Remove Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:48Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Remove Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMMaster",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.target_user": "Administrator",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:48",
+        "event.action": "remove group member",
+        "event.code": "266",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:19:23.000Z",
+        "cyberarkpas.audit.action": "Remove Group Member",
+        "cyberarkpas.audit.desc": "Remove Group Member",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:19:23Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Remove Group Member",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMMaster",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.target_user": "Administrator",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:19:23",
+        "event.action": "remove group member",
+        "event.code": "266",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 607,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log b/x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log
new file mode 100644
index 00000000000..ea1458e5874
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log
@@ -0,0 +1 @@
+<5>1 2021-03-10T17:59:33Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:33","IsoTimestamp":"2021-03-10T17:59:33Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"273","Desc":"Remove Owner","Severity":"Info","Issuer":"Administrator","Action":"Remove Owner","SourceUser":"Administrator","TargetUser":"","Safe":"PSMSessions","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Remove Owner","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log-expected.json
new file mode 100644
index 00000000000..6fd2e81ca83
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/273_remove_owner.log-expected.json
@@ -0,0 +1,50 @@
+[
+    {
+        "@timestamp": "2021-03-10T17:59:33.000Z",
+        "cyberarkpas.audit.action": "Remove Owner",
+        "cyberarkpas.audit.desc": "Remove Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:33Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Remove Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Administrator",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:33",
+        "event.action": "remove owner",
+        "event.code": "273",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log b/x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log
new file mode 100644
index 00000000000..b4e7a9ada36
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log
@@ -0,0 +1 @@
+<5>1 2021-03-11T18:01:14Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:01:14</Timestamp>\n    <IsoTimestamp>2021-03-11T18:01:14Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>278</MessageID>\n    <Desc>Add Rule</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Add Rule</Action>\n    <SourceUser>Administrator</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMUnmanagedSessionAccounts</Safe>\n    <File>Root\\2</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Allow</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Rule</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 10:01:14","IsoTimestamp":"2021-03-11T18:01:14Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"278","Desc":"Add Rule","Severity":"Info","Issuer":"PVWAAppUser","Action":"Add Rule","SourceUser":"Administrator","TargetUser":"","Safe":"PSMUnmanagedSessionAccounts","File":"Root\\2","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"Allow","ExtraDetails":"","Message":"Add Rule","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log-expected.json
new file mode 100644
index 00000000000..4cfd55c4722
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/278_add_rule.log-expected.json
@@ -0,0 +1,46 @@
+[
+    {
+        "@timestamp": "2021-03-11T18:01:14.000Z",
+        "cyberarkpas.audit.action": "Add Rule",
+        "cyberarkpas.audit.desc": "Add Rule",
+        "cyberarkpas.audit.file": "Root\\2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T18:01:14Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Add Rule",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:01:14</Timestamp>\n    <IsoTimestamp>2021-03-11T18:01:14Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>278</MessageID>\n    <Desc>Add Rule</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Add Rule</Action>\n    <SourceUser>Administrator</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMUnmanagedSessionAccounts</Safe>\n    <File>Root\\2</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Allow</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Add Rule</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "Allow",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMUnmanagedSessionAccounts",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Administrator",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 11 10:01:14",
+        "event.action": "add rule",
+        "event.code": "278",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\2",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log b/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log
new file mode 100644
index 00000000000..8a37e23616a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-05T11:00:06Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 05 03:00:06","IsoTimestamp":"2021-03-05T11:00:06Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"288","Desc":"Auto Clear Users History start","Severity":"Info","Issuer":"Batch","Action":"Auto Clear Users History start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Auto Clear Users History start","GatewayStation":""}}}
+Mar 08 03:00:20 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"288","Desc":"Auto Clear Users History start","Severity":"Info","Issuer":"Batch","Action":"Auto Clear Users History start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Auto Clear Users History start","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json
new file mode 100644
index 00000000000..0ed48dfb9c0
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json
@@ -0,0 +1,75 @@
+[
+    {
+        "@timestamp": "2021-03-05T11:00:06.000Z",
+        "cyberarkpas.audit.action": "Auto Clear Users History start",
+        "cyberarkpas.audit.desc": "Auto Clear Users History start",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-05T11:00:06Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Auto Clear Users History start",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 05 03:00:06",
+        "event.action": "auto clear users history start",
+        "event.code": "288",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T03:00:20.000-02:00",
+        "cyberarkpas.audit.action": "Auto Clear Users History start",
+        "cyberarkpas.audit.desc": "Auto Clear Users History start",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Auto Clear Users History start",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "event.action": "auto clear users history start",
+        "event.code": "288",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 604,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log b/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log
new file mode 100644
index 00000000000..8d873525e41
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-05T11:00:06Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 05 03:00:06","IsoTimestamp":"2021-03-05T11:00:06Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"289","Desc":"Auto Clear Users History end","Severity":"Info","Issuer":"Batch","Action":"Auto Clear Users History end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Auto Clear Users History end","GatewayStation":""}}}
+Mar 08 03:00:20 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"289","Desc":"Auto Clear Users History end","Severity":"Info","Issuer":"Batch","Action":"Auto Clear Users History end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Auto Clear Users History end","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json
new file mode 100644
index 00000000000..4476ba0f803
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json
@@ -0,0 +1,75 @@
+[
+    {
+        "@timestamp": "2021-03-05T11:00:06.000Z",
+        "cyberarkpas.audit.action": "Auto Clear Users History end",
+        "cyberarkpas.audit.desc": "Auto Clear Users History end",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-05T11:00:06Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Auto Clear Users History end",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 05 03:00:06",
+        "event.action": "auto clear users history end",
+        "event.code": "289",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T03:00:20.000-02:00",
+        "cyberarkpas.audit.action": "Auto Clear Users History end",
+        "cyberarkpas.audit.desc": "Auto Clear Users History end",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Auto Clear Users History end",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "event.action": "auto clear users history end",
+        "event.code": "289",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 598,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log b/x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log
new file mode 100644
index 00000000000..2c7336ea820
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log
@@ -0,0 +1 @@
+<5>1 2021-03-09T09:00:47Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 01:00:47","IsoTimestamp":"2021-03-09T09:00:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"290","Desc":"Auto Clear Safes History start","Severity":"Info","Issuer":"Batch","Action":"Auto Clear Safes History start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Auto Clear Safes History start","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log-expected.json
new file mode 100644
index 00000000000..0feb0516dab
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/290_auto_clear_safes_history_start.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-09T09:00:47.000Z",
+        "cyberarkpas.audit.action": "Auto Clear Safes History start",
+        "cyberarkpas.audit.desc": "Auto Clear Safes History start",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T09:00:47Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Auto Clear Safes History start",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 09 01:00:47",
+        "event.action": "auto clear safes history start",
+        "event.code": "290",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log b/x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log
new file mode 100644
index 00000000000..8731e1e4ed9
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log
@@ -0,0 +1 @@
+<5>1 2021-03-09T09:00:47Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 01:00:47","IsoTimestamp":"2021-03-09T09:00:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"291","Desc":"Auto Clear Safes History end","Severity":"Info","Issuer":"Batch","Action":"Auto Clear Safes History end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Auto Clear Safes History end","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log-expected.json
new file mode 100644
index 00000000000..0e37b256a45
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/291_auto_clear_safes_history_end.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-09T09:00:47.000Z",
+        "cyberarkpas.audit.action": "Auto Clear Safes History end",
+        "cyberarkpas.audit.desc": "Auto Clear Safes History end",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T09:00:47Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Auto Clear Safes History end",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 09 01:00:47",
+        "event.action": "auto clear safes history end",
+        "event.code": "291",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log
new file mode 100644
index 00000000000..2ea7c7cf132
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log
@@ -0,0 +1,10 @@
+<5>1 2021-03-08T10:19:42Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 02:19:42","IsoTimestamp":"2021-03-08T10:19:42Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"PasswordManager","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Groups\\WindowsGroup","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WindowsDesktopLocalAccountsRotationalPolicy"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"LastSuccessChange","Value":"1615198782"},{"Name":"CurrInd","Value":"2"}]}}}}
+<5>1 2021-03-08T18:24:49Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:24:49","IsoTimestamp":"2021-03-08T18:24:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"Administrator","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WinDesktopLocal-Address-adriansr","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-08T19:20:02Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 11:20:02","IsoTimestamp":"2021-03-08T19:20:02Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"PasswordManager","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountA"},{"Name":"Address","Value":"components"},{"Name":"ResetImmediately","Value":"ChangeTask"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"SequenceID","Value":"26"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"StartChangeNotBefore","Value":"1615231182"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1614785704"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"1"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-10T14:38:57Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 06:38:57","IsoTimestamp":"2021-03-10T14:38:57Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"PasswordManager","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Groups\\WindowsGroup","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WindowsDesktopLocalAccountsRotationalPolicy"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"LastSuccessChange","Value":"1615387136"},{"Name":"CurrInd","Value":"1"}]}}}}
+<5>1 2021-03-10T17:58:06Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:58:06","IsoTimestamp":"2021-03-10T17:58:06Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"Administrator","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSMServer","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":""}}}
+<5>1 2021-03-10T22:17:26Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:17:26","IsoTimestamp":"2021-03-10T22:17:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"Administrator","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSM-ASR-CYBERARK-WI","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":""}}}
+<5>1 2021-03-10T23:39:25Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 15:39:25","IsoTimestamp":"2021-03-10T23:39:25Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"PasswordManager","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountB"},{"Name":"Address","Value":"components"},{"Name":"ResetImmediately","Value":"ChangeTask"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"SequenceID","Value":"24"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"StartChangeNotBefore","Value":"1615419536"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1614868762"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"2"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-14T11:48:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 04:48:26</Timestamp>\n    <IsoTimestamp>2021-03-14T11:48:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>294</MessageID>\n    <Desc>Store password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Store password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Groups\\WindowsGroup</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WindowsDesktopLocalAccountsRotationalPolicy\"></CAProperty>\n      <CAProperty Name=\"InProcess\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615722505\"></CAProperty>\n      <CAProperty Name=\"CurrInd\" Value=\"2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 04:48:26","IsoTimestamp":"2021-03-14T11:48:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"PasswordManager","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Groups\\WindowsGroup","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WindowsDesktopLocalAccountsRotationalPolicy"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"LastSuccessChange","Value":"1615722505"},{"Name":"CurrInd","Value":"2"}]}}}}
+<5>1 2021-03-15T10:12:21Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:21</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>294</MessageID>\n    <Desc>Store password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Store password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDesktopLocal\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"x_accountA\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"components\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"InProcess\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"27\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"StartChangeNotBefore\" Value=\"1615754905\"></CAProperty>\n      <CAProperty Name=\"GroupName\" Value=\"WindowsGroup\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615231204\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"Index\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"DualAccountStatus\" Value=\"Inactive\"></CAProperty>\n      <CAProperty Name=\"VirtualUsername\" Value=\"virtual\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:12:21","IsoTimestamp":"2021-03-15T10:12:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"PasswordManager","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountA"},{"Name":"Address","Value":"components"},{"Name":"ResetImmediately","Value":"ChangeTask"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"SequenceID","Value":"27"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"StartChangeNotBefore","Value":"1615754905"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1615231204"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"1"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-15T13:13:01Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:13:01</Timestamp>\n    <IsoTimestamp>2021-03-15T13:13:01Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>294</MessageID>\n    <Desc>Store password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Store password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store password</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813465\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:13:01","IsoTimestamp":"2021-03-15T13:13:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"294","Desc":"Store password","Severity":"Info","Issuer":"Administrator","Action":"Store password","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store password","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615813465"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log-expected.json
new file mode 100644
index 00000000000..c3afc5ec8df
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/294_store_password.log-expected.json
@@ -0,0 +1,521 @@
+[
+    {
+        "@timestamp": "2021-03-08T10:19:42.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.curr_ind": "2",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615198782",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WindowsDesktopLocalAccountsRotationalPolicy",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Groups\\WindowsGroup",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T10:19:42Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 02:19:42",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Groups\\WindowsGroup",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T18:24:49.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:24:49Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:24:49",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 907,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T19:20:02.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.index": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1614785704",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.sequence_id": "26",
+        "cyberarkpas.audit.ca_properties.start_change_not_before": "1615231182",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountA",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T19:20:02Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 11:20:02",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1541,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T14:38:57.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.curr_ind": "1",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615387136",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WindowsDesktopLocalAccountsRotationalPolicy",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Groups\\WindowsGroup",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T14:38:57Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 06:38:57",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Groups\\WindowsGroup",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2960,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T17:58:06.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\PSMServer",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:58:06Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:58:06",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMServer",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3867,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:17:26.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\PSM-ASR-CYBERARK-WI",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:17:26Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:17:26",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSM-ASR-CYBERARK-WI",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4455,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T23:39:25.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.index": "2",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1614868762",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.sequence_id": "24",
+        "cyberarkpas.audit.ca_properties.start_change_not_before": "1615419536",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountB",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T23:39:25Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 15:39:25",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5053,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T11:48:26.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.curr_ind": "2",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615722505",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WindowsDesktopLocalAccountsRotationalPolicy",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Groups\\WindowsGroup",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T11:48:26Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 04:48:26</Timestamp>\n    <IsoTimestamp>2021-03-14T11:48:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>294</MessageID>\n    <Desc>Store password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Store password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Groups\\WindowsGroup</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WindowsDesktopLocalAccountsRotationalPolicy\"></CAProperty>\n      <CAProperty Name=\"InProcess\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615722505\"></CAProperty>\n      <CAProperty Name=\"CurrInd\" Value=\"2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 04:48:26",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Groups\\WindowsGroup",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6472,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-15T10:12:21.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.index": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615231204",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.sequence_id": "27",
+        "cyberarkpas.audit.ca_properties.start_change_not_before": "1615754905",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountA",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:12:21Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:21</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>294</MessageID>\n    <Desc>Store password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Store password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDesktopLocal\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"x_accountA\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"components\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"InProcess\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"27\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"StartChangeNotBefore\" Value=\"1615754905\"></CAProperty>\n      <CAProperty Name=\"GroupName\" Value=\"WindowsGroup\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615231204\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"Index\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"DualAccountStatus\" Value=\"Inactive\"></CAProperty>\n      <CAProperty Name=\"VirtualUsername\" Value=\"virtual\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:12:21",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8761,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-15T13:13:01.000Z",
+        "cyberarkpas.audit.action": "Store password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615813465",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Store password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:13:01Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:13:01</Timestamp>\n    <IsoTimestamp>2021-03-15T13:13:01Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>294</MessageID>\n    <Desc>Store password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Store password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store password</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813465\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:13:01",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "store password",
+        "event.code": "294",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12415,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log
new file mode 100644
index 00000000000..b7413a20012
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log
@@ -0,0 +1,13 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Prov_PVWA</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.3</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>AIM password request</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Nobody\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"295","IsoTimestamp":"2021-03-16T15:01:00Z","Desc":"Retrieve password","Severity":"Info","Issuer":"Prov_PVWA","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Linux","File":"Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2","Station":"10.2.0.3","Location":"","Category":"","RequestId":"","Reason":"AIM password request","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"LINUX-SSH"},{"Name":"UserName","Value":"admin2"},{"Name":"Address","Value":"radiussrv.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"CPMDisabled","Value":"No Reason"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Customer","Value":"Nobody"}]}}}}
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.6</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Show Password)</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <RetrieveAction>Show Password</RetrieveAction>\n  </General>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation>10.2.0.3</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"295","IsoTimestamp":"2021-03-16T15:01:00Z","Desc":"Retrieve password","Severity":"Info","Issuer":"adm2","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Windows","File":"Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2","Station":"10.2.0.6","Location":"","Category":"","RequestId":"","Reason":"(Action: Show Password)","PvwaDetails":{"RetrieveReason":{"General":{"RetrieveAction":"Show Password"}}},"ExtraDetails":"","Message":"Retrieve password","GatewayStation":"10.2.0.3","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WIN-SERVER-LOCAL"},{"Name":"UserName","Value":"Administrator2"},{"Name":"Address","Value":"dbserver.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"LogonDomain","Value":"DBServer"},{"Name":"SequenceID","Value":"1"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"success"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessReconciliation","Value":"1604944215"},{"Name":"Customer","Value":"EvilCorp"}]}}}}
+<5>1 2021-03-08T18:16:51Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:16:51","IsoTimestamp":"2021-03-08T18:16:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"Administrator","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\testobject","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"testing","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"test"},{"Name":"Address","Value":"test"},{"Name":"CPMDisabled","Value":"testing"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-08T19:19:59Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 11:19:59","IsoTimestamp":"2021-03-08T19:19:59Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"PasswordManager","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"CPM","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountA"},{"Name":"Address","Value":"components"},{"Name":"ResetImmediately","Value":"ChangeTask"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"SequenceID","Value":"26"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"StartChangeNotBefore","Value":"1615231182"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1614785704"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"1"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-08T19:20:02Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 11:20:02","IsoTimestamp":"2021-03-08T19:20:02Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"PasswordManager","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Groups\\WindowsGroup","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"CPM","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WindowsDesktopLocalAccountsRotationalPolicy"},{"Name":"CPMStatus","Value":"success"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"LastSuccessChange","Value":"1615198782"},{"Name":"CurrInd","Value":"2"}]}}}}
+<5>1 2021-03-10T14:40:37Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 06:40:37","IsoTimestamp":"2021-03-10T14:40:37Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"Prov_COMPONENTS","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"Application provider background refresh job","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountA"},{"Name":"Address","Value":"components"},{"Name":"SequenceID","Value":"27"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1615231204"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"1"},{"Name":"DualAccountStatus","Value":"Active"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-10T18:27:57Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:27:57","IsoTimestamp":"2021-03-10T18:27:57Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"Administrator","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSMAdmin","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"test","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"UserName","Value":"PSMAdminConnect"},{"Name":"Address","Value":"169.254.180.25"},{"Name":"LogonDomain","Value":"VAGRANT-2012-R2"}]}}}}
+<5>1 2021-03-10T18:28:07Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:28:07","IsoTimestamp":"2021-03-10T18:28:07Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"Administrator","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSMServer","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"test","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"UserName","Value":"PSMConnect"},{"Name":"Address","Value":"169.254.180.25"},{"Name":"LogonDomain","Value":"VAGRANT-2012-R2"}]}}}}
+<5>1 2021-03-10T23:39:22Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 15:39:22","IsoTimestamp":"2021-03-10T23:39:22Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"PasswordManager","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"CPM","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountB"},{"Name":"Address","Value":"components"},{"Name":"ResetImmediately","Value":"ChangeTask"},{"Name":"InProcess","Value":"ChangeTask"},{"Name":"SequenceID","Value":"24"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"StartChangeNotBefore","Value":"1615419536"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1614868762"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"2"},{"Name":"DualAccountStatus","Value":"Inactive"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-10T23:39:25Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 15:39:25","IsoTimestamp":"2021-03-10T23:39:25Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"PasswordManager","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Groups\\WindowsGroup","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"CPM","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WindowsDesktopLocalAccountsRotationalPolicy"},{"Name":"CPMStatus","Value":"success"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"LastSuccessChange","Value":"1615387136"},{"Name":"CurrInd","Value":"1"}]}}}}
+<5>1 2021-03-11T16:41:21Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:41:21</Timestamp>\n    <IsoTimestamp>2021-03-11T16:41:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSMAdmin</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>lksajdflkasdf</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMAdminConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"169.254.180.25\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"VAGRANT-2012-R2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:41:21","IsoTimestamp":"2021-03-11T16:41:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"Administrator","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSMAdmin","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"lksajdflkasdf","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"UserName","Value":"PSMAdminConnect"},{"Name":"Address","Value":"169.254.180.25"},{"Name":"LogonDomain","Value":"VAGRANT-2012-R2"}]}}}}
+<5>1 2021-03-11T16:50:28Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:50:28</Timestamp>\n    <IsoTimestamp>2021-03-11T16:50:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSMServer</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"169.254.180.25\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"VAGRANT-2012-R2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:50:28","IsoTimestamp":"2021-03-11T16:50:28Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"PVWAAppUser","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSMServer","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"UserName","Value":"PSMConnect"},{"Name":"Address","Value":"169.254.180.25"},{"Name":"LogonDomain","Value":"VAGRANT-2012-R2"}]}}}}
+<5>1 2021-03-11T16:54:20Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:54:20</Timestamp>\n    <IsoTimestamp>2021-03-11T16:54:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSH-centos8-PSMApp_VAGRANT</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>sdfsdf</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"PSMApp_VAGRANT\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"centos8\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:54:20","IsoTimestamp":"2021-03-11T16:54:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"295","Desc":"Retrieve password","Severity":"Info","Issuer":"Administrator","Action":"Retrieve password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSH-centos8-PSMApp_VAGRANT","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"sdfsdf","ExtraDetails":"","Message":"Retrieve password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"PSMApp_VAGRANT"},{"Name":"Address","Value":"centos8"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log-expected.json
new file mode 100644
index 00000000000..e3afb5cf05a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/295_retrieve_password.log-expected.json
@@ -0,0 +1,880 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_disabled": "No Reason",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "Nobody",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "LINUX-SSH",
+        "cyberarkpas.audit.ca_properties.user_name": "admin2",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "Prov_PVWA",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Prov_PVWA</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.3</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>AIM password request</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Nobody\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.reason": "AIM password request",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Linux",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.3",
+        "destination.address": "radiussrv.cyberark.local",
+        "destination.domain": "radiussrv.cyberark.local",
+        "destination.user.name": "admin2",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "AIM password request",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.3"
+        ],
+        "related.user": [
+            "Prov_PVWA",
+            "admin2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.3",
+        "source.ip": "10.2.0.3",
+        "source.user.name": "Prov_PVWA",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Prov_PVWA"
+    },
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "dbserver.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "EvilCorp",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_reconciliation": "1604944215",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "DBServer",
+        "cyberarkpas.audit.ca_properties.policy_id": "WIN-SERVER-LOCAL",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "1",
+        "cyberarkpas.audit.ca_properties.user_name": "Administrator2",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "cyberarkpas.audit.gateway_station": "10.2.0.3",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "adm2",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.pvwa_details.retrieve_reason.general.retrieve_action": "Show Password",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.6</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Show Password)</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <RetrieveAction>Show Password</RetrieveAction>\n  </General>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation>10.2.0.3</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.reason": "(Action: Show Password)",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Windows",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.6",
+        "destination.address": "dbserver.cyberark.local",
+        "destination.domain": "dbserver.cyberark.local",
+        "destination.user.name": "Administrator2",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "(Action: Show Password)",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 2272,
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.6",
+            "10.2.0.3"
+        ],
+        "related.user": [
+            "adm2",
+            "Administrator2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.6",
+        "source.ip": "10.2.0.6",
+        "source.user.name": "adm2",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "adm2"
+    },
+    {
+        "@timestamp": "2021-03-08T18:16:51.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "test",
+        "cyberarkpas.audit.ca_properties.cpm_disabled": "testing",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.user_name": "test",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\testobject",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:16:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "testing",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:16:51",
+        "destination.address": "test",
+        "destination.domain": "test",
+        "destination.user.name": "test",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "testing",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\testobject",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5424,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator",
+            "test"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-08T19:19:59.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.index": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1614785704",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.sequence_id": "26",
+        "cyberarkpas.audit.ca_properties.start_change_not_before": "1615231182",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountA",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T19:19:59Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "CPM",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 11:19:59",
+        "destination.address": "components",
+        "destination.domain": "components",
+        "destination.user.name": "x_accountA",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "CPM",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6304,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "x_accountA"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-08T19:20:02.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.curr_ind": "2",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615198782",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WindowsDesktopLocalAccountsRotationalPolicy",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Groups\\WindowsGroup",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T19:20:02Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "CPM",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 11:20:02",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "CPM",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Groups\\WindowsGroup",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7735,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-10T14:40:37.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Active",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.index": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615231204",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "27",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountA",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T14:40:37Z",
+        "cyberarkpas.audit.issuer": "Prov_COMPONENTS",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "Application provider background refresh job",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 06:40:37",
+        "destination.address": "components",
+        "destination.domain": "components",
+        "destination.user.name": "x_accountA",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "Application provider background refresh job",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8612,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Prov_COMPONENTS",
+            "x_accountA"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "Prov_COMPONENTS",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Prov_COMPONENTS"
+    },
+    {
+        "@timestamp": "2021-03-10T18:27:57.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "169.254.180.25",
+        "cyberarkpas.audit.ca_properties.logon_domain": "VAGRANT-2012-R2",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMAdminConnect",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\PSMAdmin",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:27:57Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "test",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:27:57",
+        "destination.address": "169.254.180.25",
+        "destination.ip": "169.254.180.25",
+        "destination.user.name": "PSMAdminConnect",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "test",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\PSMAdmin",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 9938,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "169.254.180.25"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMAdminConnect"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-10T18:28:07.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "169.254.180.25",
+        "cyberarkpas.audit.ca_properties.logon_domain": "VAGRANT-2012-R2",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMConnect",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\PSMServer",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:28:07Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "test",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:28:07",
+        "destination.address": "169.254.180.25",
+        "destination.ip": "169.254.180.25",
+        "destination.user.name": "PSMConnect",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "test",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\PSMServer",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 10705,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "169.254.180.25"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMConnect"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-10T23:39:22.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Inactive",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.in_process": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.index": "2",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1614868762",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.sequence_id": "24",
+        "cyberarkpas.audit.ca_properties.start_change_not_before": "1615419536",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountB",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T23:39:22Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "CPM",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 15:39:22",
+        "destination.address": "components",
+        "destination.domain": "components",
+        "destination.user.name": "x_accountB",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "CPM",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 11468,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "x_accountB"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-10T23:39:25.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.curr_ind": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615387136",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WindowsDesktopLocalAccountsRotationalPolicy",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Groups\\WindowsGroup",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T23:39:25Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.reason": "CPM",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 15:39:25",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "CPM",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Groups\\WindowsGroup",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12899,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-11T16:41:21.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "169.254.180.25",
+        "cyberarkpas.audit.ca_properties.logon_domain": "VAGRANT-2012-R2",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMAdminConnect",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\PSMAdmin",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:41:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:41:21</Timestamp>\n    <IsoTimestamp>2021-03-11T16:41:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSMAdmin</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>lksajdflkasdf</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMAdminConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"169.254.180.25\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"VAGRANT-2012-R2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "lksajdflkasdf",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:41:21",
+        "destination.address": "169.254.180.25",
+        "destination.ip": "169.254.180.25",
+        "destination.user.name": "PSMAdminConnect",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "lksajdflkasdf",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\PSMAdmin",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 13776,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "169.254.180.25"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMAdminConnect"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T16:50:28.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "169.254.180.25",
+        "cyberarkpas.audit.ca_properties.logon_domain": "VAGRANT-2012-R2",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMConnect",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\PSMServer",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:50:28Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:50:28</Timestamp>\n    <IsoTimestamp>2021-03-11T16:50:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSMServer</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"169.254.180.25\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"VAGRANT-2012-R2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:50:28",
+        "destination.address": "169.254.180.25",
+        "destination.ip": "169.254.180.25",
+        "destination.user.name": "PSMConnect",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\PSMServer",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 15710,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "169.254.180.25"
+        ],
+        "related.user": [
+            "PVWAAppUser",
+            "PSMConnect"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PVWAAppUser",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAAppUser"
+    },
+    {
+        "@timestamp": "2021-03-11T16:54:20.000Z",
+        "cyberarkpas.audit.action": "Retrieve password",
+        "cyberarkpas.audit.ca_properties.address": "centos8",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.desc": "Retrieve password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-centos8-PSMApp_VAGRANT",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:54:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:54:20</Timestamp>\n    <IsoTimestamp>2021-03-11T16:54:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>295</MessageID>\n    <Desc>Retrieve password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSH-centos8-PSMApp_VAGRANT</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>sdfsdf</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"PSMApp_VAGRANT\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"centos8\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "sdfsdf",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:54:20",
+        "destination.address": "centos8",
+        "destination.domain": "centos8",
+        "destination.user.name": "PSMApp_VAGRANT",
+        "event.action": "retrieve password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "295",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "sdfsdf",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-centos8-PSMApp_VAGRANT",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 17606,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMApp_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log b/x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log
new file mode 100644
index 00000000000..74928df0a23
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log
@@ -0,0 +1,17 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.7</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=35fac41e-22b5-11eb-83ca-000c297aae88;SrcHost=10.2.0.6;User=admin2;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Tesla\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"300","IsoTimestamp":"2021-03-16T15:01:00Z","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"Linux","File":"Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2","Station":"10.2.0.7","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=35fac41e-22b5-11eb-83ca-000c297aae88;SrcHost=10.2.0.6;User=admin2;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"LINUX-SSH"},{"Name":"UserName","Value":"admin2"},{"Name":"Address","Value":"radiussrv.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"CPMDisabled","Value":"No Reason"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Customer","Value":"Tesla"}]}}}}
+<5>1 2021-03-11T17:38:20Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:20</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=87012dcc-8290-11eb-949e-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:20","IsoTimestamp":"2021-03-11T17:38:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=87012dcc-8290-11eb-949e-080027efd402;SrcHost=127.0.0.1;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:46:56Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:46:56</Timestamp>\n    <IsoTimestamp>2021-03-11T17:46:56Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=ba22b012-8291-11eb-b981-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:46:56","IsoTimestamp":"2021-03-11T17:46:56Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=ba22b012-8291-11eb-b981-080027efd402;SrcHost=127.0.0.1;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:48:34Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:34</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:34Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=f6acbf00-8291-11eb-b9ba-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:48:34","IsoTimestamp":"2021-03-11T17:48:34Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=f6acbf00-8291-11eb-b9ba-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:54:56Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:54:56</Timestamp>\n    <IsoTimestamp>2021-03-11T17:54:56Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=d8ff4d32-8292-11eb-b962-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:54:56","IsoTimestamp":"2021-03-11T17:54:56Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=d8ff4d32-8292-11eb-b962-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:56:37Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:56:37</Timestamp>\n    <IsoTimestamp>2021-03-11T17:56:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=173dd46a-8293-11eb-afcb-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:56:37","IsoTimestamp":"2021-03-11T17:56:37Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=173dd46a-8293-11eb-afcb-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T20:23:25Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:23:25</Timestamp>\n    <IsoTimestamp>2021-03-11T20:23:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=988b22e8-82a7-11eb-83b9-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 12:23:25","IsoTimestamp":"2021-03-11T20:23:25Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=988b22e8-82a7-11eb-83b9-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-14T13:49:37Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:37</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:49:37","IsoTimestamp":"2021-03-14T13:49:37Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615729572"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-14T13:50:43Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:50:43</Timestamp>\n    <IsoTimestamp>2021-03-14T13:50:43Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=47747796-03e1-4a11-af39-ab56c00e7732;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:50:43","IsoTimestamp":"2021-03-14T13:50:43Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=47747796-03e1-4a11-af39-ab56c00e7732;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615729572"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:31:56Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:31:56</Timestamp>\n    <IsoTimestamp>2021-03-15T10:31:56Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:31:56","IsoTimestamp":"2021-03-15T10:31:56Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:33:39Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:33:39</Timestamp>\n    <IsoTimestamp>2021-03-15T10:33:39Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:33:39","IsoTimestamp":"2021-03-15T10:33:39Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:35:00Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:35:00</Timestamp>\n    <IsoTimestamp>2021-03-15T10:35:00Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:35:00","IsoTimestamp":"2021-03-15T10:35:00Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T13:18:31Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:18:31</Timestamp>\n    <IsoTimestamp>2021-03-15T13:18:31Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=692fe25f-f940-4170-8ea4-5241b35173f0;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:18:31","IsoTimestamp":"2021-03-15T13:18:31Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=692fe25f-f940-4170-8ea4-5241b35173f0;SrcHost=81.32.170.205;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T14:08:06Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:06</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:06Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f5725611-ca57-4a2a-a089-f45b3174a358;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:08:06","IsoTimestamp":"2021-03-15T14:08:06Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f5725611-ca57-4a2a-a089-f45b3174a358;SrcHost=81.32.170.205;User=adrian;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T14:08:28Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:28</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=7db90436-8a1a-4203-9a96-65137625ab2d;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:08:28","IsoTimestamp":"2021-03-15T14:08:28Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=7db90436-8a1a-4203-9a96-65137625ab2d;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615814025"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
+<5>1 2021-03-15T14:11:09Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:11:09</Timestamp>\n    <IsoTimestamp>2021-03-15T14:11:09Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:11:09","IsoTimestamp":"2021-03-15T14:11:09Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615814025"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
+<5>1 2021-03-16T10:04:51Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 16 03:04:51</Timestamp>\n    <IsoTimestamp>2021-03-16T10:04:51Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b222ac9-c2ad-49ea-9c4e-6829940f58d4;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615888216\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 16 03:04:51","IsoTimestamp":"2021-03-16T10:04:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"300","Desc":"PSM Connect","Severity":"Info","Issuer":"Administrator","Action":"PSM Connect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b222ac9-c2ad-49ea-9c4e-6829940f58d4;SrcHost=81.32.170.205;User=testark;","Message":"PSM Connect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"4"},{"Name":"LastFailDate","Value":"1615888216"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log-expected.json
new file mode 100644
index 00000000000..f8e788c087e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/300_psm_connect.log-expected.json
@@ -0,0 +1,1481 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_disabled": "No Reason",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "Tesla",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "LINUX-SSH",
+        "cyberarkpas.audit.ca_properties.user_name": "admin2",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "35fac41e-22b5-11eb-83ca-000c297aae88",
+        "cyberarkpas.audit.extra_details.src_host": "10.2.0.6",
+        "cyberarkpas.audit.extra_details.user": "admin2",
+        "cyberarkpas.audit.file": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.7</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=35fac41e-22b5-11eb-83ca-000c297aae88;SrcHost=10.2.0.6;User=admin2;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Tesla\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Linux",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.7",
+        "destination.address": "radiussrv.cyberark.local",
+        "destination.domain": "radiussrv.cyberark.local",
+        "destination.user.name": "admin2",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.application": "ssh",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.6",
+            "10.2.0.7"
+        ],
+        "related.user": [
+            "Administrator",
+            "admin2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.6",
+        "source.ip": "10.2.0.6",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:20.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "87012dcc-8290-11eb-949e-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:20</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=87012dcc-8290-11eb-949e-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:20",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2566,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:46:56.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "ba22b012-8291-11eb-b981-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:46:56Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:46:56</Timestamp>\n    <IsoTimestamp>2021-03-11T17:46:56Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=ba22b012-8291-11eb-b981-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:46:56",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5086,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:48:34.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "f6acbf00-8291-11eb-b9ba-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:48:34Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:34</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:34Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=f6acbf00-8291-11eb-b9ba-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:48:34",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7606,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:54:56.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "d8ff4d32-8292-11eb-b962-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:54:56Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:54:56</Timestamp>\n    <IsoTimestamp>2021-03-11T17:54:56Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=d8ff4d32-8292-11eb-b962-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:54:56",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 10124,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:56:37.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "173dd46a-8293-11eb-afcb-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:56:37Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:56:37</Timestamp>\n    <IsoTimestamp>2021-03-11T17:56:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=173dd46a-8293-11eb-afcb-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:56:37",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12642,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T20:23:25.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "988b22e8-82a7-11eb-83b9-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T20:23:25Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:23:25</Timestamp>\n    <IsoTimestamp>2021-03-11T20:23:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionID=988b22e8-82a7-11eb-83b9-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 12:23:25",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 15160,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-14T13:49:37.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615729572",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "d284c268-2ba0-4366-af52-e33459b073a1",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:49:37Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:37</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:49:37",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 17678,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-14T13:50:43.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615729572",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "47747796-03e1-4a11-af39-ab56c00e7732",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:50:43Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:50:43</Timestamp>\n    <IsoTimestamp>2021-03-14T13:50:43Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=47747796-03e1-4a11-af39-ab56c00e7732;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:50:43",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 21194,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:31:56.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "29f340df-89e9-405a-beae-0216390cda42",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:31:56Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:31:56</Timestamp>\n    <IsoTimestamp>2021-03-15T10:31:56Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:31:56",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 24710,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:33:39.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "f1654cf8-8ce5-472a-8205-ba731b0fab46",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:33:39Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:33:39</Timestamp>\n    <IsoTimestamp>2021-03-15T10:33:39Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:33:39",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 27706,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:35:00.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "8b3d0b38-aef5-49d9-bdd7-d57706887d8b",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:35:00Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:35:00</Timestamp>\n    <IsoTimestamp>2021-03-15T10:35:00Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:35:00",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 30702,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T13:18:31.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "692fe25f-f940-4170-8ea4-5241b35173f0",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:18:31Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:18:31</Timestamp>\n    <IsoTimestamp>2021-03-15T13:18:31Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=692fe25f-f940-4170-8ea4-5241b35173f0;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:18:31",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 33698,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:08:06.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "f5725611-ca57-4a2a-a089-f45b3174a358",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:08:06Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:06</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:06Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f5725611-ca57-4a2a-a089-f45b3174a358;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:08:06",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 36226,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:08:28.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615814025",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "7db90436-8a1a-4203-9a96-65137625ab2d",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:08:28Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:28</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=7db90436-8a1a-4203-9a96-65137625ab2d;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:08:28",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 38754,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:11:09.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615814025",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "27f74dce-f5d5-4c94-bf99-ca6aafe2c518",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:11:09Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:11:09</Timestamp>\n    <IsoTimestamp>2021-03-15T14:11:09Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:11:09",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 42532,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-16T10:04:51.000Z",
+        "cyberarkpas.audit.action": "PSM Connect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615888216",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "4",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Connect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "8b222ac9-c2ad-49ea-9c4e-6829940f58d4",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T10:04:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Connect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 16 03:04:51</Timestamp>\n    <IsoTimestamp>2021-03-16T10:04:51Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>300</MessageID>\n    <Desc>PSM Connect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Connect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b222ac9-c2ad-49ea-9c4e-6829940f58d4;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Connect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615888216\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 16 03:04:51",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm connect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "300",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 46310,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log b/x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log
new file mode 100644
index 00000000000..c172f644c9f
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log
@@ -0,0 +1,16 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.7</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:07;SessionID=35fac41e-22b5-11eb-83ca-000c297aae88;SrcHost=10.2.0.6;User=admin2;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Tesla\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"302","IsoTimestamp":"2021-03-16T15:01:00Z","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"Linux","File":"Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2","Station":"10.2.0.7","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:07;SessionID=35fac41e-22b5-11eb-83ca-000c297aae88;SrcHost=10.2.0.6;User=admin2;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"LINUX-SSH"},{"Name":"UserName","Value":"admin2"},{"Name":"Address","Value":"radiussrv.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"CPMDisabled","Value":"No Reason"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Customer","Value":"Tesla"}]}}}}
+<5>1 2021-03-11T17:38:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:26</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:13;SessionID=87012dcc-8290-11eb-949e-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:26","IsoTimestamp":"2021-03-11T17:38:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:13;SessionID=87012dcc-8290-11eb-949e-080027efd402;SrcHost=127.0.0.1;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:47:01Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:47:01</Timestamp>\n    <IsoTimestamp>2021-03-11T17:47:01Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:11;SessionID=ba22b012-8291-11eb-b981-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:47:01","IsoTimestamp":"2021-03-11T17:47:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:11;SessionID=ba22b012-8291-11eb-b981-080027efd402;SrcHost=127.0.0.1;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:48:40Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:40</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:40Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=f6acbf00-8291-11eb-b9ba-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:48:40","IsoTimestamp":"2021-03-11T17:48:40Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=f6acbf00-8291-11eb-b9ba-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:55:02Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:55:02</Timestamp>\n    <IsoTimestamp>2021-03-11T17:55:02Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=d8ff4d32-8292-11eb-b962-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:55:02","IsoTimestamp":"2021-03-11T17:55:02Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=d8ff4d32-8292-11eb-b962-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:56:42Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:56:42</Timestamp>\n    <IsoTimestamp>2021-03-11T17:56:42Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=173dd46a-8293-11eb-afcb-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:56:42","IsoTimestamp":"2021-03-11T17:56:42Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=173dd46a-8293-11eb-afcb-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T20:23:30Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:23:30</Timestamp>\n    <IsoTimestamp>2021-03-11T20:23:30Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=988b22e8-82a7-11eb-83b9-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 12:23:30","IsoTimestamp":"2021-03-11T20:23:30Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=988b22e8-82a7-11eb-83b9-080027efd402;SrcHost=10.0.2.2;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-14T13:49:54Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:54</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:54Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:18;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:49:54","IsoTimestamp":"2021-03-14T13:49:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:18;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;User=testark;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615729572"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-14T13:51:35Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:51:35</Timestamp>\n    <IsoTimestamp>2021-03-14T13:51:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:54;SessionID=47747796-03e1-4a11-af39-ab56c00e7732;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:51:35","IsoTimestamp":"2021-03-14T13:51:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:54;SessionID=47747796-03e1-4a11-af39-ab56c00e7732;SrcHost=81.32.170.205;User=testark;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615729572"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:33:30Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:33:30</Timestamp>\n    <IsoTimestamp>2021-03-15T10:33:30Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:01:35;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:33:30","IsoTimestamp":"2021-03-15T10:33:30Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:01:35;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;User=testark;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:34:50Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:34:50</Timestamp>\n    <IsoTimestamp>2021-03-15T10:34:50Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:01:13;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:34:50","IsoTimestamp":"2021-03-15T10:34:50Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:01:13;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;User=testark;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T11:12:09Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 04:12:09</Timestamp>\n    <IsoTimestamp>2021-03-15T11:12:09Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:37:10;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 04:12:09","IsoTimestamp":"2021-03-15T11:12:09Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:37:10;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;User=testark;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T13:18:36Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:18:36</Timestamp>\n    <IsoTimestamp>2021-03-15T13:18:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:05;SessionID=692fe25f-f940-4170-8ea4-5241b35173f0;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:18:36","IsoTimestamp":"2021-03-15T13:18:36Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:05;SessionID=692fe25f-f940-4170-8ea4-5241b35173f0;SrcHost=81.32.170.205;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T14:08:11Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:11</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:11Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:06;SessionID=f5725611-ca57-4a2a-a089-f45b3174a358;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:08:11","IsoTimestamp":"2021-03-15T14:08:11Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:06;SessionID=f5725611-ca57-4a2a-a089-f45b3174a358;SrcHost=81.32.170.205;User=adrian;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T14:08:36Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:36</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:09;SessionID=7db90436-8a1a-4203-9a96-65137625ab2d;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:08:36","IsoTimestamp":"2021-03-15T14:08:36Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:09;SessionID=7db90436-8a1a-4203-9a96-65137625ab2d;SrcHost=81.32.170.205;User=testark;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615814025"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
+<5>1 2021-03-15T15:00:21Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:00:21</Timestamp>\n    <IsoTimestamp>2021-03-15T15:00:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:49:12;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615819476\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 08:00:21","IsoTimestamp":"2021-03-15T15:00:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"302","Desc":"PSM Disconnect","Severity":"Info","Issuer":"Administrator","Action":"PSM Disconnect","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:49:12;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;User=testark;","Message":"PSM Disconnect","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"1"},{"Name":"LastFailDate","Value":"1615819476"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log-expected.json
new file mode 100644
index 00000000000..8aa327ff1a4
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/302_psm_disconnect.log-expected.json
@@ -0,0 +1,1417 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_disabled": "No Reason",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "Tesla",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "LINUX-SSH",
+        "cyberarkpas.audit.ca_properties.user_name": "admin2",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:07",
+        "cyberarkpas.audit.extra_details.session_id": "35fac41e-22b5-11eb-83ca-000c297aae88",
+        "cyberarkpas.audit.extra_details.src_host": "10.2.0.6",
+        "cyberarkpas.audit.extra_details.user": "admin2",
+        "cyberarkpas.audit.file": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.7</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:07;SessionID=35fac41e-22b5-11eb-83ca-000c297aae88;SrcHost=10.2.0.6;User=admin2;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Tesla\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Linux",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.7",
+        "destination.address": "radiussrv.cyberark.local",
+        "destination.domain": "radiussrv.cyberark.local",
+        "destination.user.name": "admin2",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 7000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.application": "ssh",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.6",
+            "10.2.0.7"
+        ],
+        "related.user": [
+            "Administrator",
+            "admin2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.6",
+        "source.ip": "10.2.0.6",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:26.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:13",
+        "cyberarkpas.audit.extra_details.session_id": "87012dcc-8290-11eb-949e-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:26Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:26</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:13;SessionID=87012dcc-8290-11eb-949e-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:26",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 13000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2634,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:47:01.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:11",
+        "cyberarkpas.audit.extra_details.session_id": "ba22b012-8291-11eb-b981-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:47:01Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:47:01</Timestamp>\n    <IsoTimestamp>2021-03-11T17:47:01Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:11;SessionID=ba22b012-8291-11eb-b981-080027efd402;SrcHost=127.0.0.1;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:47:01",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 11000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5222,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:48:40.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:12",
+        "cyberarkpas.audit.extra_details.session_id": "f6acbf00-8291-11eb-b9ba-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:48:40Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:40</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:40Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=f6acbf00-8291-11eb-b9ba-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:48:40",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 12000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7810,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:55:02.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:12",
+        "cyberarkpas.audit.extra_details.session_id": "d8ff4d32-8292-11eb-b962-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:55:02Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:55:02</Timestamp>\n    <IsoTimestamp>2021-03-11T17:55:02Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=d8ff4d32-8292-11eb-b962-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:55:02",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 12000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 10396,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:56:42.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:12",
+        "cyberarkpas.audit.extra_details.session_id": "173dd46a-8293-11eb-afcb-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:56:42Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:56:42</Timestamp>\n    <IsoTimestamp>2021-03-11T17:56:42Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=173dd46a-8293-11eb-afcb-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:56:42",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 12000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12982,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T20:23:30.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "ssh",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:12",
+        "cyberarkpas.audit.extra_details.session_id": "988b22e8-82a7-11eb-83b9-080027efd402",
+        "cyberarkpas.audit.extra_details.src_host": "10.0.2.2",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T20:23:30Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:23:30</Timestamp>\n    <IsoTimestamp>2021-03-11T20:23:30Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=ssh;PSMID=PSMServer;SessionDuration=00:00:12;SessionID=988b22e8-82a7-11eb-83b9-080027efd402;SrcHost=10.0.2.2;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 12:23:30",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 12000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 15568,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-14T13:49:54.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615729572",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:18",
+        "cyberarkpas.audit.extra_details.session_id": "d284c268-2ba0-4366-af52-e33459b073a1",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:49:54Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:54</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:54Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:18;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:49:54",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 18000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 18154,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-14T13:51:35.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615729572",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:54",
+        "cyberarkpas.audit.extra_details.session_id": "47747796-03e1-4a11-af39-ab56c00e7732",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:51:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:51:35</Timestamp>\n    <IsoTimestamp>2021-03-14T13:51:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:54;SessionID=47747796-03e1-4a11-af39-ab56c00e7732;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:51:35",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 54000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 21738,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:33:30.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:01:35",
+        "cyberarkpas.audit.extra_details.session_id": "29f340df-89e9-405a-beae-0216390cda42",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:33:30Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:33:30</Timestamp>\n    <IsoTimestamp>2021-03-15T10:33:30Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:01:35;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:33:30",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 95000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 25322,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:34:50.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:01:13",
+        "cyberarkpas.audit.extra_details.session_id": "f1654cf8-8ce5-472a-8205-ba731b0fab46",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:34:50Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:34:50</Timestamp>\n    <IsoTimestamp>2021-03-15T10:34:50Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:01:13;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:34:50",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 73000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 28386,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T11:12:09.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:37:10",
+        "cyberarkpas.audit.extra_details.session_id": "8b3d0b38-aef5-49d9-bdd7-d57706887d8b",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T11:12:09Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 04:12:09</Timestamp>\n    <IsoTimestamp>2021-03-15T11:12:09Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:37:10;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 04:12:09",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 2230000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 31450,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T13:18:36.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:05",
+        "cyberarkpas.audit.extra_details.session_id": "692fe25f-f940-4170-8ea4-5241b35173f0",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:18:36Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:18:36</Timestamp>\n    <IsoTimestamp>2021-03-15T13:18:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:05;SessionID=692fe25f-f940-4170-8ea4-5241b35173f0;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:18:36",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 5000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 34514,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:08:11.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:06",
+        "cyberarkpas.audit.extra_details.session_id": "f5725611-ca57-4a2a-a089-f45b3174a358",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "adrian",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:08:11Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:11</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:11Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:06;SessionID=f5725611-ca57-4a2a-a089-f45b3174a358;SrcHost=81.32.170.205;User=adrian;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:08:11",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 6000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 37110,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:08:36.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615814025",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:09",
+        "cyberarkpas.audit.extra_details.session_id": "7db90436-8a1a-4203-9a96-65137625ab2d",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:08:36Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:36</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:09;SessionID=7db90436-8a1a-4203-9a96-65137625ab2d;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:08:36",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 9000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 39706,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T15:00:21.000Z",
+        "cyberarkpas.audit.action": "PSM Disconnect",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615819476",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "1",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "PSM Disconnect",
+        "cyberarkpas.audit.extra_details.application_type": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:49:12",
+        "cyberarkpas.audit.extra_details.session_id": "27f74dce-f5d5-4c94-bf99-ca6aafe2c518",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T15:00:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "PSM Disconnect",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:00:21</Timestamp>\n    <IsoTimestamp>2021-03-15T15:00:21Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>302</MessageID>\n    <Desc>PSM Disconnect</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>PSM Disconnect</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>ApplicationType=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:49:12;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;User=testark;</ExtraDetails>\n    <Message>PSM Disconnect</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615819476\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 08:00:21",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "psm disconnect",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "302",
+        "event.dataset": "cyberarkpas.audit",
+        "event.duration": 2952000000000,
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 43552,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log b/x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log
new file mode 100644
index 00000000000..1469d6ed00a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log
@@ -0,0 +1 @@
+<5>1 2021-03-25T09:20:56Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 05:20:56</Timestamp>\n    <IsoTimestamp>2021-03-25T09:20:56Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>304</MessageID>\n    <Desc>PSM Upload Recording</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_COMP01</Issuer>\n    <Action>PSM Upload Recording</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File>Root\\a4636750-50a2-492e-984c-e08743d8a883.SSH.txt</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>DstHost=rhel7.cybr.com;LogonAccount=logon;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:46;SessionID=a4636750-50a2-492e-984c-e08743d8a883;SrcHost=127.0.0.1;User=root;</ExtraDetails>\n    <Message>PSM Upload Recording</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 05:20:56","IsoTimestamp":"2021-03-25T09:20:56Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"304","Desc":"PSM Upload Recording","Severity":"Info","Issuer":"PSMApp_COMP01","Action":"PSM Upload Recording","SourceUser":"","TargetUser":"","Safe":"PSMRecordings","File":"Root\\a4636750-50a2-492e-984c-e08743d8a883.SSH.txt","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"DstHost=rhel7.cybr.com;LogonAccount=logon;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:46;SessionID=a4636750-50a2-492e-984c-e08743d8a883;SrcHost=127.0.0.1;User=root;","Message":"PSM Upload Recording","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log-expected.json
new file mode 100644
index 00000000000..14603f0592b
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/304_psm_upload_recording.log-expected.json
@@ -0,0 +1,52 @@
+[
+    {
+        "@timestamp": "2021-03-25T09:20:56.000Z",
+        "cyberarkpas.audit.action": "PSM Upload Recording",
+        "cyberarkpas.audit.desc": "PSM Upload Recording",
+        "cyberarkpas.audit.extra_details.dst_host": "rhel7.cybr.com",
+        "cyberarkpas.audit.extra_details.logon_account": "logon",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_duration": "00:00:46",
+        "cyberarkpas.audit.extra_details.session_id": "a4636750-50a2-492e-984c-e08743d8a883",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "root",
+        "cyberarkpas.audit.file": "Root\\a4636750-50a2-492e-984c-e08743d8a883.SSH.txt",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T09:20:56Z",
+        "cyberarkpas.audit.issuer": "PSMApp_COMP01",
+        "cyberarkpas.audit.message": "PSM Upload Recording",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 05:20:56</Timestamp>\n    <IsoTimestamp>2021-03-25T09:20:56Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>304</MessageID>\n    <Desc>PSM Upload Recording</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_COMP01</Issuer>\n    <Action>PSM Upload Recording</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File>Root\\a4636750-50a2-492e-984c-e08743d8a883.SSH.txt</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>DstHost=rhel7.cybr.com;LogonAccount=logon;Protocol=SSH;PSMID=PSMServer;SessionDuration=00:00:46;SessionID=a4636750-50a2-492e-984c-e08743d8a883;SrcHost=127.0.0.1;User=root;</ExtraDetails>\n    <Message>PSM Upload Recording</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMRecordings",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 05:20:56",
+        "event.action": "psm upload recording",
+        "event.code": "304",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\a4636750-50a2-492e-984c-e08743d8a883.SSH.txt",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "10.0.0.15"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.0.15",
+        "source.ip": "10.0.0.15",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log
new file mode 100644
index 00000000000..8c77aabf909
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log
@@ -0,0 +1,11 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.6</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Connect)</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>10.2.0.3</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"308","IsoTimestamp":"2021-03-16T15:01:00Z","Desc":"Use Password","Severity":"Info","Issuer":"adm2","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"Windows","File":"Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2","Station":"10.2.0.6","Location":"","Category":"","RequestId":"","Reason":"(Action: Connect)","ExtraDetails":"","Message":"Use Password","GatewayStation":"10.2.0.3","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WIN-SERVER-LOCAL"},{"Name":"UserName","Value":"Administrator2"},{"Name":"Address","Value":"dbserver.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"LogonDomain","Value":"DBServer"},{"Name":"SequenceID","Value":"1"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"success"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessReconciliation","Value":"1604944215"},{"Name":"Customer","Value":"EvilCorp"}]}}}}
+<5>1 2021-03-11T17:38:12Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:12</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:12Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>fun and profit</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:12","IsoTimestamp":"2021-03-11T17:38:12Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"fun and profit","ExtraDetails":"","Message":"Use Password","GatewayStation":"81.32.170.205","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:46:49Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:46:49</Timestamp>\n    <IsoTimestamp>2021-03-11T17:46:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>FOR FUN.</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:46:49","IsoTimestamp":"2021-03-11T17:46:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"FOR FUN.","ExtraDetails":"","Message":"Use Password","GatewayStation":"81.32.170.205","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:48:27Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:27</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>For fun and profit</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:48:27","IsoTimestamp":"2021-03-11T17:48:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"10.0.2.2","Location":"","Category":"","RequestId":"","Reason":"For fun and profit","ExtraDetails":"","Message":"Use Password","GatewayStation":"81.32.170.205","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:54:49Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:54:49</Timestamp>\n    <IsoTimestamp>2021-03-11T17:54:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Because I say so</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:54:49","IsoTimestamp":"2021-03-11T17:54:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"10.0.2.2","Location":"","Category":"","RequestId":"","Reason":"Because I say so","ExtraDetails":"","Message":"Use Password","GatewayStation":"81.32.170.205","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T17:56:30Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:56:30</Timestamp>\n    <IsoTimestamp>2021-03-11T17:56:30Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>for fun</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:56:30","IsoTimestamp":"2021-03-11T17:56:30Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"10.0.2.2","Location":"","Category":"","RequestId":"","Reason":"for fun","ExtraDetails":"","Message":"Use Password","GatewayStation":"81.32.170.205","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T20:23:17Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:23:17</Timestamp>\n    <IsoTimestamp>2021-03-11T20:23:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>testing</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 12:23:17","IsoTimestamp":"2021-03-11T20:23:17Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"10.0.2.2","Location":"","Category":"","RequestId":"","Reason":"testing","ExtraDetails":"","Message":"Use Password","GatewayStation":"81.32.170.205","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-14T13:49:35Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:35</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:49:35","IsoTimestamp":"2021-03-14T13:49:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Use Password","GatewayStation":"34.71.250.247","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615729572"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:31:54Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:31:54</Timestamp>\n    <IsoTimestamp>2021-03-15T10:31:54Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:31:54","IsoTimestamp":"2021-03-15T10:31:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Use Password","GatewayStation":"34.71.250.247","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T14:08:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:26</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:08:26","IsoTimestamp":"2021-03-15T14:08:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Use Password","GatewayStation":"34.71.250.247","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615814025"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
+<5>1 2021-03-16T10:04:49Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 16 03:04:49</Timestamp>\n    <IsoTimestamp>2021-03-16T10:04:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615888216\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 16 03:04:49","IsoTimestamp":"2021-03-16T10:04:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"308","Desc":"Use Password","Severity":"Info","Issuer":"Administrator","Action":"Use Password","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Use Password","GatewayStation":"34.71.250.247","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"4"},{"Name":"LastFailDate","Value":"1615888216"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log-expected.json
new file mode 100644
index 00000000000..953a5211a77
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/308_use_password.log-expected.json
@@ -0,0 +1,867 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "dbserver.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "EvilCorp",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_reconciliation": "1604944215",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "DBServer",
+        "cyberarkpas.audit.ca_properties.policy_id": "WIN-SERVER-LOCAL",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "1",
+        "cyberarkpas.audit.ca_properties.user_name": "Administrator2",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "cyberarkpas.audit.gateway_station": "10.2.0.3",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "adm2",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.6</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Connect)</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>10.2.0.3</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.reason": "(Action: Connect)",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Windows",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.6",
+        "destination.address": "dbserver.cyberark.local",
+        "destination.domain": "dbserver.cyberark.local",
+        "destination.user.name": "Administrator2",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "(Action: Connect)",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.6",
+            "10.2.0.3"
+        ],
+        "related.user": [
+            "adm2",
+            "Administrator2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.6",
+        "source.ip": "10.2.0.6",
+        "source.user.name": "adm2",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "adm2"
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:12.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:12Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:12</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:12Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>fun and profit</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "fun and profit",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:12",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.reason": "fun and profit",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2883,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:46:49.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:46:49Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:46:49</Timestamp>\n    <IsoTimestamp>2021-03-11T17:46:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>FOR FUN.</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "FOR FUN.",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:46:49",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.reason": "FOR FUN.",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5109,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:48:27.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:48:27Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:27</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>For fun and profit</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "For fun and profit",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.2.2",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:48:27",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.reason": "For fun and profit",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7323,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:54:49.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:54:49Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:54:49</Timestamp>\n    <IsoTimestamp>2021-03-11T17:54:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Because I say so</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "Because I say so",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.2.2",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:54:49",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.reason": "Because I say so",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 9555,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:56:30.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:56:30Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:56:30</Timestamp>\n    <IsoTimestamp>2021-03-11T17:56:30Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>for fun</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "for fun",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.2.2",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:56:30",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.reason": "for fun",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 11783,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T20:23:17.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T20:23:17Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:23:17</Timestamp>\n    <IsoTimestamp>2021-03-11T20:23:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>testing</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "testing",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.2.2",
+        "cyberarkpas.audit.timestamp": "Mar 11 12:23:17",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.reason": "testing",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 13993,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "34.123.103.115",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-14T13:49:35.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615729572",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.gateway_station": "34.71.250.247",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:49:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:35</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:49:35",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 16203,
+        "log.syslog.priority": "5",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:31:54.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.gateway_station": "34.71.250.247",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:31:54Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:31:54</Timestamp>\n    <IsoTimestamp>2021-03-15T10:31:54Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:31:54",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 19395,
+        "log.syslog.priority": "5",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:08:26.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615814025",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.gateway_station": "34.71.250.247",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:08:26Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:08:26</Timestamp>\n    <IsoTimestamp>2021-03-15T14:08:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:08:26",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 22067,
+        "log.syslog.priority": "5",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-16T10:04:49.000Z",
+        "cyberarkpas.audit.action": "Use Password",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615888216",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "4",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Use Password",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.gateway_station": "34.71.250.247",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T10:04:49Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Use Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 16 03:04:49</Timestamp>\n    <IsoTimestamp>2021-03-16T10:04:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>308</MessageID>\n    <Desc>Use Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Use Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Use Password</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615888216\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 16 03:04:49",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "use password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "308",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 25521,
+        "log.syslog.priority": "5",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log b/x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log
new file mode 100644
index 00000000000..18c5b7e67fb
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log
@@ -0,0 +1,5 @@
+<7>1 2021-03-08T18:31:52Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:31:52","IsoTimestamp":"2021-03-08T18:31:52Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"309","Desc":"Undefined User Logon","Severity":"Error","Issuer":"adriansr","Action":"Undefined User Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Undefined User Logon","GatewayStation":"10.0.1.20"}}}
+<7>1 2021-03-08T18:32:03Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:32:03","IsoTimestamp":"2021-03-08T18:32:03Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"309","Desc":"Undefined User Logon","Severity":"Error","Issuer":"adriansra","Action":"Undefined User Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Undefined User Logon","GatewayStation":"10.0.1.20"}}}
+<7>1 2021-03-11T16:43:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:43:26</Timestamp>\n    <IsoTimestamp>2021-03-11T16:43:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>309</MessageID>\n    <Desc>Undefined User Logon</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PSMAdmin</Issuer>\n    <Action>Undefined User Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Undefined User Logon</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:43:26","IsoTimestamp":"2021-03-11T16:43:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"309","Desc":"Undefined User Logon","Severity":"Error","Issuer":"PSMAdmin","Action":"Undefined User Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Undefined User Logon","GatewayStation":""}}}
+<7>1 2021-03-11T17:46:28Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:46:28</Timestamp>\n    <IsoTimestamp>2021-03-11T17:46:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>309</MessageID>\n    <Desc>Undefined User Logon</Desc>\n    <Severity>Error</Severity>\n    <Issuer>adrian</Issuer>\n    <Action>Undefined User Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Undefined User Logon</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:46:28","IsoTimestamp":"2021-03-11T17:46:28Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"309","Desc":"Undefined User Logon","Severity":"Error","Issuer":"adrian","Action":"Undefined User Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Undefined User Logon","GatewayStation":"81.32.170.205"}}}
+<7>1 2021-03-14T13:28:00Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:28:00</Timestamp>\n    <IsoTimestamp>2021-03-14T13:28:00Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>309</MessageID>\n    <Desc>Undefined User Logon</Desc>\n    <Severity>Error</Severity>\n    <Issuer>testark</Issuer>\n    <Action>Undefined User Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Undefined User Logon</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:28:00","IsoTimestamp":"2021-03-14T13:28:00Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"309","Desc":"Undefined User Logon","Severity":"Error","Issuer":"testark","Action":"Undefined User Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Undefined User Logon","GatewayStation":"34.71.250.247"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log-expected.json
new file mode 100644
index 00000000000..06947792b70
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/309_undefined_user_logon.log-expected.json
@@ -0,0 +1,299 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:31:52.000Z",
+        "cyberarkpas.audit.action": "Undefined User Logon",
+        "cyberarkpas.audit.desc": "Undefined User Logon",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:31:52Z",
+        "cyberarkpas.audit.issuer": "adriansr",
+        "cyberarkpas.audit.message": "Undefined User Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:31:52",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "authentication_failure",
+        "event.category": [
+            "authentication"
+        ],
+        "event.code": "309",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "adriansr"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "adriansr"
+    },
+    {
+        "@timestamp": "2021-03-08T18:32:03.000Z",
+        "cyberarkpas.audit.action": "Undefined User Logon",
+        "cyberarkpas.audit.desc": "Undefined User Logon",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:32:03Z",
+        "cyberarkpas.audit.issuer": "adriansra",
+        "cyberarkpas.audit.message": "Undefined User Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:32:03",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "authentication_failure",
+        "event.category": [
+            "authentication"
+        ],
+        "event.code": "309",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 589,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "adriansra"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "adriansra"
+    },
+    {
+        "@timestamp": "2021-03-11T16:43:26.000Z",
+        "cyberarkpas.audit.action": "Undefined User Logon",
+        "cyberarkpas.audit.desc": "Undefined User Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:43:26Z",
+        "cyberarkpas.audit.issuer": "PSMAdmin",
+        "cyberarkpas.audit.message": "Undefined User Logon",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:43:26</Timestamp>\n    <IsoTimestamp>2021-03-11T16:43:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>309</MessageID>\n    <Desc>Undefined User Logon</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PSMAdmin</Issuer>\n    <Action>Undefined User Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Undefined User Logon</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:43:26",
+        "event.action": "authentication_failure",
+        "event.category": [
+            "authentication"
+        ],
+        "event.code": "309",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1179,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMAdmin"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMAdmin"
+    },
+    {
+        "@timestamp": "2021-03-11T17:46:28.000Z",
+        "cyberarkpas.audit.action": "Undefined User Logon",
+        "cyberarkpas.audit.desc": "Undefined User Logon",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:46:28Z",
+        "cyberarkpas.audit.issuer": "adrian",
+        "cyberarkpas.audit.message": "Undefined User Logon",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:46:28</Timestamp>\n    <IsoTimestamp>2021-03-11T17:46:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>309</MessageID>\n    <Desc>Undefined User Logon</Desc>\n    <Severity>Error</Severity>\n    <Issuer>adrian</Issuer>\n    <Action>Undefined User Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Undefined User Logon</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:46:28",
+        "destination.address": "81.32.170.205",
+        "destination.geo.city_name": "Barcelona",
+        "destination.geo.continent_name": "Europe",
+        "destination.geo.country_iso_code": "ES",
+        "destination.geo.country_name": "Spain",
+        "destination.geo.location.lat": 41.3891,
+        "destination.geo.location.lon": 2.1611,
+        "destination.geo.region_iso_code": "ES-B",
+        "destination.geo.region_name": "Barcelona",
+        "destination.ip": "81.32.170.205",
+        "event.action": "authentication_failure",
+        "event.category": [
+            "authentication"
+        ],
+        "event.code": "309",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2627,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "adrian"
+    },
+    {
+        "@timestamp": "2021-03-14T13:28:00.000Z",
+        "cyberarkpas.audit.action": "Undefined User Logon",
+        "cyberarkpas.audit.desc": "Undefined User Logon",
+        "cyberarkpas.audit.gateway_station": "34.71.250.247",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:28:00Z",
+        "cyberarkpas.audit.issuer": "testark",
+        "cyberarkpas.audit.message": "Undefined User Logon",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:28:00</Timestamp>\n    <IsoTimestamp>2021-03-14T13:28:00Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>309</MessageID>\n    <Desc>Undefined User Logon</Desc>\n    <Severity>Error</Severity>\n    <Issuer>testark</Issuer>\n    <Action>Undefined User Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Undefined User Logon</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:28:00",
+        "destination.address": "34.71.250.247",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.71.250.247",
+        "event.action": "authentication_failure",
+        "event.category": [
+            "authentication"
+        ],
+        "event.code": "309",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4089,
+        "log.syslog.priority": "7",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "testark"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log b/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log
new file mode 100644
index 00000000000..f2577708d06
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-04T19:10:01Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:01","IsoTimestamp":"2021-03-04T19:10:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"310","Desc":"Monitor DR Replication start","Severity":"Info","Issuer":"Batch","Action":"Monitor DR Replication start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor DR Replication start","GatewayStation":""}}}
+Mar 08 02:48:07 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"310","Desc":"Monitor DR Replication start","Severity":"Info","Issuer":"Batch","Action":"Monitor DR Replication start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor DR Replication start","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json
new file mode 100644
index 00000000000..5b958288c53
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json
@@ -0,0 +1,75 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:10:01.000Z",
+        "cyberarkpas.audit.action": "Monitor DR Replication start",
+        "cyberarkpas.audit.desc": "Monitor DR Replication start",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:01Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor DR Replication start",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:01",
+        "event.action": "monitor dr replication start",
+        "event.code": "310",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T02:48:07.000-02:00",
+        "cyberarkpas.audit.action": "Monitor DR Replication start",
+        "cyberarkpas.audit.desc": "Monitor DR Replication start",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor DR Replication start",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "event.action": "monitor dr replication start",
+        "event.code": "310",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 598,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log b/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log
new file mode 100644
index 00000000000..1e3812c2a8b
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-04T19:10:01Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:01","IsoTimestamp":"2021-03-04T19:10:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"311","Desc":"Monitor DR Replication end","Severity":"Info","Issuer":"Batch","Action":"Monitor DR Replication end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor DR Replication end","GatewayStation":""}}}
+Mar 08 02:48:07 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"311","Desc":"Monitor DR Replication end","Severity":"Info","Issuer":"Batch","Action":"Monitor DR Replication end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor DR Replication end","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json
new file mode 100644
index 00000000000..e4999439bea
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json
@@ -0,0 +1,75 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:10:01.000Z",
+        "cyberarkpas.audit.action": "Monitor DR Replication end",
+        "cyberarkpas.audit.desc": "Monitor DR Replication end",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:01Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor DR Replication end",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:01",
+        "event.action": "monitor dr replication end",
+        "event.code": "311",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T02:48:07.000-02:00",
+        "cyberarkpas.audit.action": "Monitor DR Replication end",
+        "cyberarkpas.audit.desc": "Monitor DR Replication end",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor DR Replication end",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "event.action": "monitor dr replication end",
+        "event.code": "311",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 592,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log b/x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log
new file mode 100644
index 00000000000..41f67cb2add
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log
@@ -0,0 +1 @@
+<5>1 2021-03-10T18:16:45Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:16:45","IsoTimestamp":"2021-03-10T18:16:45Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"316","Desc":"Reset User Password Detailed Information","Severity":"Info","Issuer":"Administrator","Action":"Reset User Password Detailed Information","SourceUser":"PSMGw_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"Password changed","ExtraDetails":"","Message":"Reset User Password Detailed Information","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log-expected.json
new file mode 100644
index 00000000000..d46cdf31a02
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/316_reset_user_password_detailed_information.log-expected.json
@@ -0,0 +1,50 @@
+[
+    {
+        "@timestamp": "2021-03-10T18:16:45.000Z",
+        "cyberarkpas.audit.action": "Reset User Password Detailed Information",
+        "cyberarkpas.audit.desc": "Reset User Password Detailed Information",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:16:45Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Reset User Password Detailed Information",
+        "cyberarkpas.audit.reason": "Password changed",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMGw_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:16:45",
+        "event.action": "reset user password detailed information",
+        "event.code": "316",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log
new file mode 100644
index 00000000000..f52711e43b9
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log
@@ -0,0 +1 @@
+<5>1 2021-03-10T18:16:45Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:16:45","IsoTimestamp":"2021-03-10T18:16:45Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"317","Desc":"Reset User Password","Severity":"Info","Issuer":"Administrator","Action":"Reset User Password","SourceUser":"PSMGw_VAGRANT","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Reset User Password","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log-expected.json
new file mode 100644
index 00000000000..0d82c44a4ec
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/317_reset_user_password.log-expected.json
@@ -0,0 +1,49 @@
+[
+    {
+        "@timestamp": "2021-03-10T18:16:45.000Z",
+        "cyberarkpas.audit.action": "Reset User Password",
+        "cyberarkpas.audit.desc": "Reset User Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:16:45Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Reset User Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMGw_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:16:45",
+        "event.action": "reset user password",
+        "event.code": "317",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log
new file mode 100644
index 00000000000..ec268677c60
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log
@@ -0,0 +1 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>31</MessageID>\n    <Desc>CPM Reconcile Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.4</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=dbserver.cyberark.local;username=Administrator2;</ExtraDetails>\n    <Message>CPM Reconcile Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","IsoTimestamp":"2021-03-16T15:01:00Z","Version":"11.6.0000","MessageID":"31","Desc":"CPM Reconcile Password","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Reconcile Password","SourceUser":"","TargetUser":"","Safe":"Windows","File":"Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2","Station":"10.2.0.4","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask","ExtraDetails":"address=dbserver.cyberark.local;username=Administrator2;","Message":"CPM Reconcile Password","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WIN-SERVER-LOCAL"},{"Name":"UserName","Value":"Administrator2"},{"Name":"Address","Value":"dbserver.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"LogonDomain","Value":"DBServer"},{"Name":"SequenceID","Value":"1"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"success"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessReconciliation","Value":"1604944215"},{"Name":"Customer","Value":"EvilCorp"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log-expected.json
new file mode 100644
index 00000000000..60aaf45b24e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/31_cpm_reconcile_password.log-expected.json
@@ -0,0 +1,71 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password",
+        "cyberarkpas.audit.ca_properties.address": "dbserver.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "EvilCorp",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_reconciliation": "1604944215",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "DBServer",
+        "cyberarkpas.audit.ca_properties.policy_id": "WIN-SERVER-LOCAL",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "1",
+        "cyberarkpas.audit.ca_properties.user_name": "Administrator2",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password",
+        "cyberarkpas.audit.extra_details.address": "dbserver.cyberark.local",
+        "cyberarkpas.audit.extra_details.username": "Administrator2",
+        "cyberarkpas.audit.file": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>31</MessageID>\n    <Desc>CPM Reconcile Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.4</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask</Reason>\n    <ExtraDetails>address=dbserver.cyberark.local;username=Administrator2;</ExtraDetails>\n    <Message>CPM Reconcile Password</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Windows",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.4",
+        "destination.address": "dbserver.cyberark.local",
+        "destination.domain": "dbserver.cyberark.local",
+        "event.action": "cpm reconcile password",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "31",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change"
+        ],
+        "file.path": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.4"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "Administrator2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.4",
+        "source.ip": "10.2.0.4",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "Administrator2"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log b/x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log
new file mode 100644
index 00000000000..e58b64d6750
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log
@@ -0,0 +1 @@
+<5>1 2021-03-11T16:21:37Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:21:37</Timestamp>\n    <IsoTimestamp>2021-03-11T16:21:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>326</MessageID>\n    <Desc>CPM Auto-detection Start</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Auto-detection Start</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PasswordManager_info</Safe>\n    <File> </File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason> </Reason>\n    <ExtraDetails>ADProcessID=2b2d3024-be5a-4b57-9f64-3813fb56e9b9;ADProcessName=LDAP Based Windows Local Administrator Account Provisioning;</ExtraDetails>\n    <Message>CPM Auto-detection Start</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:21:37","IsoTimestamp":"2021-03-11T16:21:37Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"326","Desc":"CPM Auto-detection Start","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Auto-detection Start","SourceUser":"","TargetUser":"","Safe":"PasswordManager_info","File":" ","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":" ","ExtraDetails":"ADProcessID=2b2d3024-be5a-4b57-9f64-3813fb56e9b9;ADProcessName=LDAP Based Windows Local Administrator Account Provisioning;","Message":"CPM Auto-detection Start","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log-expected.json
new file mode 100644
index 00000000000..c488fa9349d
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/326_cpm_auto_detection_start.log-expected.json
@@ -0,0 +1,47 @@
+[
+    {
+        "@timestamp": "2021-03-11T16:21:37.000Z",
+        "cyberarkpas.audit.action": "CPM Auto-detection Start",
+        "cyberarkpas.audit.desc": "CPM Auto-detection Start",
+        "cyberarkpas.audit.extra_details.ad_process_id": "2b2d3024-be5a-4b57-9f64-3813fb56e9b9",
+        "cyberarkpas.audit.extra_details.ad_process_name": "LDAP Based Windows Local Administrator Account Provisioning",
+        "cyberarkpas.audit.file": " ",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:21:37Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Auto-detection Start",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:21:37</Timestamp>\n    <IsoTimestamp>2021-03-11T16:21:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>326</MessageID>\n    <Desc>CPM Auto-detection Start</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Auto-detection Start</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PasswordManager_info</Safe>\n    <File> </File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason> </Reason>\n    <ExtraDetails>ADProcessID=2b2d3024-be5a-4b57-9f64-3813fb56e9b9;ADProcessName=LDAP Based Windows Local Administrator Account Provisioning;</ExtraDetails>\n    <Message>CPM Auto-detection Start</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": " ",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PasswordManager_info",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:21:37",
+        "event.action": "cpm auto-detection start",
+        "event.code": "326",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": " ",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log b/x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log
new file mode 100644
index 00000000000..8055d656a08
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log
@@ -0,0 +1 @@
+<5>1 2021-03-11T16:21:37Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:21:37</Timestamp>\n    <IsoTimestamp>2021-03-11T16:21:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>327</MessageID>\n    <Desc>CPM Auto-detection End</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Auto-detection End</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PasswordManager_info</Safe>\n    <File> </File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason> </Reason>\n    <ExtraDetails>ADProcessID=2b2d3024-be5a-4b57-9f64-3813fb56e9b9;ADProcessName=LDAP Based Windows Local Administrator Account Provisioning;</ExtraDetails>\n    <Message>CPM Auto-detection End</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:21:37","IsoTimestamp":"2021-03-11T16:21:37Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"327","Desc":"CPM Auto-detection End","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Auto-detection End","SourceUser":"","TargetUser":"","Safe":"PasswordManager_info","File":" ","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":" ","ExtraDetails":"ADProcessID=2b2d3024-be5a-4b57-9f64-3813fb56e9b9;ADProcessName=LDAP Based Windows Local Administrator Account Provisioning;","Message":"CPM Auto-detection End","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log-expected.json
new file mode 100644
index 00000000000..5c67acde9f2
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/327_cpm_auto_detection_end.log-expected.json
@@ -0,0 +1,47 @@
+[
+    {
+        "@timestamp": "2021-03-11T16:21:37.000Z",
+        "cyberarkpas.audit.action": "CPM Auto-detection End",
+        "cyberarkpas.audit.desc": "CPM Auto-detection End",
+        "cyberarkpas.audit.extra_details.ad_process_id": "2b2d3024-be5a-4b57-9f64-3813fb56e9b9",
+        "cyberarkpas.audit.extra_details.ad_process_name": "LDAP Based Windows Local Administrator Account Provisioning",
+        "cyberarkpas.audit.file": " ",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:21:37Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Auto-detection End",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:21:37</Timestamp>\n    <IsoTimestamp>2021-03-11T16:21:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>327</MessageID>\n    <Desc>CPM Auto-detection End</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Auto-detection End</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PasswordManager_info</Safe>\n    <File> </File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason> </Reason>\n    <ExtraDetails>ADProcessID=2b2d3024-be5a-4b57-9f64-3813fb56e9b9;ADProcessName=LDAP Based Windows Local Administrator Account Provisioning;</ExtraDetails>\n    <Message>CPM Auto-detection End</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": " ",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PasswordManager_info",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:21:37",
+        "event.action": "cpm auto-detection end",
+        "event.code": "327",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": " ",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log b/x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log
new file mode 100644
index 00000000000..6aee911c509
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log
@@ -0,0 +1,16 @@
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Master","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Administrator","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Batch","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Operators","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Backup Users","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Auditors","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"DR Users","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:20","IsoTimestamp":"2021-03-10T09:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Notification Engines","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:22Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:22","IsoTimestamp":"2021-03-10T09:11:22Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"PSMPApp_localhost.localdomain","TargetUser":"","Safe":"PVWAConfig","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:23Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:23","IsoTimestamp":"2021-03-10T09:11:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"PSMAppUsers","TargetUser":"","Safe":"PSMPLiveSessions","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:23Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:23","IsoTimestamp":"2021-03-10T09:11:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"Vault Admins","TargetUser":"","Safe":"PSMPConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:23Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:23","IsoTimestamp":"2021-03-10T09:11:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"PVWAAppUsers","TargetUser":"","Safe":"PSMPLiveSessions","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:36Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:36","IsoTimestamp":"2021-03-10T09:11:36Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"PVWAGWAccounts","TargetUser":"","Safe":"PSMPADBUserProfile","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:37Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:37","IsoTimestamp":"2021-03-10T09:11:37Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"PSMP_ADB_localhost.localdomain","TargetUser":"","Safe":"PSMPADBridgeConf","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:38Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:38","IsoTimestamp":"2021-03-10T09:11:38Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"PSMP_ADB_AppUsers","TargetUser":"","Safe":"PSMPADBridgeCustom","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
+<5>1 2021-03-10T17:59:32Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:59:32","IsoTimestamp":"2021-03-10T17:59:32Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"32","Desc":"Add Owner","Severity":"Info","Issuer":"Administrator","Action":"Add Owner","SourceUser":"PSMApp_VAGRANT","TargetUser":"","Safe":"PVWAConfig","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Add Owner","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log-expected.json
new file mode 100644
index 00000000000..8cff9f6ba31
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/32_add_owner.log-expected.json
@@ -0,0 +1,993 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Master",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Master"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Master"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Administrator",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 568,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Batch",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1143,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Batch"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Batch"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Operators",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1710,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Operators"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Operators"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Backup Users",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2281,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Backup Users"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Backup Users"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Auditors",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2855,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Auditors"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Auditors"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "DR Users",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3425,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "DR Users"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "DR Users"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:20.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Notification Engines",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:20",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3995,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Notification Engines"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Notification Engines"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:22.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:22Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMPApp_localhost.localdomain",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:22",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4577,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMPApp_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMPApp_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:23.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:23Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:23",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5170,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMAppUsers"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMAppUsers"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:23.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:23Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Vault Admins",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:23",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5751,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Vault Admins"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Vault Admins"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:23.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:23Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:23",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6325,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PVWAAppUsers"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PVWAAppUsers"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:36.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:36Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPADBUserProfile",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAGWAccounts",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:36",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6907,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PVWAGWAccounts"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PVWAGWAccounts"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:37.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:37Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPADBridgeConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMP_ADB_localhost.localdomain",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:37",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7493,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMP_ADB_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMP_ADB_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:38.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:38Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPADBridgeCustom",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMP_ADB_AppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:38",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8093,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMP_ADB_AppUsers"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMP_ADB_AppUsers"
+    },
+    {
+        "@timestamp": "2021-03-10T17:59:32.000Z",
+        "cyberarkpas.audit.action": "Add Owner",
+        "cyberarkpas.audit.desc": "Add Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:59:32Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Add Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:59:32",
+        "event.action": "add owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "32",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8682,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMApp_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMApp_VAGRANT"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log b/x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log
new file mode 100644
index 00000000000..16ec40c4f3c
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log
@@ -0,0 +1,7 @@
+<5>1 2021-03-10T18:16:49Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:16:49","IsoTimestamp":"2021-03-10T18:16:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"33","Desc":"Update Owner","Severity":"Info","Issuer":"Administrator","Action":"Update Owner","SourceUser":"PVWAAppUsers","TargetUser":"","Safe":"PSM","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Owner","GatewayStation":""}}}
+<5>1 2021-03-10T18:16:50Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:16:50","IsoTimestamp":"2021-03-10T18:16:50Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"33","Desc":"Update Owner","Severity":"Info","Issuer":"Administrator","Action":"Update Owner","SourceUser":"PSMApp_VAGRANT","TargetUser":"","Safe":"PVWAConfig","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Owner","GatewayStation":""}}}
+<5>1 2021-03-10T18:16:51Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:16:51","IsoTimestamp":"2021-03-10T18:16:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"33","Desc":"Update Owner","Severity":"Info","Issuer":"Administrator","Action":"Update Owner","SourceUser":"PSMAppUsers","TargetUser":"","Safe":"PSM","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Owner","GatewayStation":""}}}
+<5>1 2021-03-10T18:16:51Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:16:51","IsoTimestamp":"2021-03-10T18:16:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"33","Desc":"Update Owner","Severity":"Info","Issuer":"Administrator","Action":"Update Owner","SourceUser":"PSMMaster","TargetUser":"","Safe":"PSM","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Owner","GatewayStation":""}}}
+<5>1 2021-03-10T18:16:53Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:16:53","IsoTimestamp":"2021-03-10T18:16:53Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"33","Desc":"Update Owner","Severity":"Info","Issuer":"Administrator","Action":"Update Owner","SourceUser":"Vault Admins","TargetUser":"","Safe":"PSMUniversalConnectors","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Owner","GatewayStation":""}}}
+<5>1 2021-03-10T22:19:18Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:19:18","IsoTimestamp":"2021-03-10T22:19:18Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"33","Desc":"Update Owner","Severity":"Info","Issuer":"Administrator","Action":"Update Owner","SourceUser":"PVWAAppUsers","TargetUser":"","Safe":"PSM","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Owner","GatewayStation":""}}}
+<5>1 2021-03-11T17:38:14Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:14</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:14Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>33</MessageID>\n    <Desc>Update Owner</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Update Owner</Action>\n    <SourceUser>Auditors</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update Owner</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:14","IsoTimestamp":"2021-03-11T17:38:14Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"33","Desc":"Update Owner","Severity":"Info","Issuer":"PSMPApp_VAGRANT","Action":"Update Owner","SourceUser":"Auditors","TargetUser":"","Safe":"PSMRecordings","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update Owner","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log-expected.json
new file mode 100644
index 00000000000..ef5d1eddfff
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/33_update_owner.log-expected.json
@@ -0,0 +1,436 @@
+[
+    {
+        "@timestamp": "2021-03-10T18:16:49.000Z",
+        "cyberarkpas.audit.action": "Update Owner",
+        "cyberarkpas.audit.desc": "Update Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:16:49Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:16:49",
+        "event.action": "update owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "33",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PVWAAppUsers"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PVWAAppUsers"
+    },
+    {
+        "@timestamp": "2021-03-10T18:16:50.000Z",
+        "cyberarkpas.audit.action": "Update Owner",
+        "cyberarkpas.audit.desc": "Update Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:16:50Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:16:50",
+        "event.action": "update owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "33",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 578,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMApp_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMApp_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-10T18:16:51.000Z",
+        "cyberarkpas.audit.action": "Update Owner",
+        "cyberarkpas.audit.desc": "Update Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:16:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMAppUsers",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:16:51",
+        "event.action": "update owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "33",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1165,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMAppUsers"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMAppUsers"
+    },
+    {
+        "@timestamp": "2021-03-10T18:16:51.000Z",
+        "cyberarkpas.audit.action": "Update Owner",
+        "cyberarkpas.audit.desc": "Update Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:16:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PSMMaster",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:16:51",
+        "event.action": "update owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "33",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1742,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "PSMMaster"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PSMMaster"
+    },
+    {
+        "@timestamp": "2021-03-10T18:16:53.000Z",
+        "cyberarkpas.audit.action": "Update Owner",
+        "cyberarkpas.audit.desc": "Update Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:16:53Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMUniversalConnectors",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Vault Admins",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:16:53",
+        "event.action": "update owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "33",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2317,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator",
+            "Vault Admins"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "Vault Admins"
+    },
+    {
+        "@timestamp": "2021-03-10T22:19:18.000Z",
+        "cyberarkpas.audit.action": "Update Owner",
+        "cyberarkpas.audit.desc": "Update Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:19:18Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Update Owner",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "PVWAAppUsers",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:19:18",
+        "event.action": "update owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "33",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2914,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "related.user": [
+            "Administrator",
+            "PVWAAppUsers"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator",
+        "user.target.name": "PVWAAppUsers"
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:14.000Z",
+        "cyberarkpas.audit.action": "Update Owner",
+        "cyberarkpas.audit.desc": "Update Owner",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:14Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.message": "Update Owner",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:14</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:14Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>33</MessageID>\n    <Desc>Update Owner</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Update Owner</Action>\n    <SourceUser>Auditors</SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Update Owner</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMRecordings",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.source_user": "Auditors",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:14",
+        "event.action": "update owner",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "33",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "change"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3492,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPApp_VAGRANT",
+            "Auditors"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPApp_VAGRANT",
+        "user.target.name": "Auditors"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log b/x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log
new file mode 100644
index 00000000000..726201faa4d
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log
@@ -0,0 +1 @@
+<5>1 2021-03-09T10:17:54Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 02:17:54","IsoTimestamp":"2021-03-09T10:17:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"355","Desc":"Monitor License Expiration Date start","Severity":"Info","Issuer":"Batch","Action":"Monitor License Expiration Date start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor License Expiration Date start","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log-expected.json
new file mode 100644
index 00000000000..4cecbceb396
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/355_monitor_license_expiration_date_start.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-09T10:17:54.000Z",
+        "cyberarkpas.audit.action": "Monitor License Expiration Date start",
+        "cyberarkpas.audit.desc": "Monitor License Expiration Date start",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T10:17:54Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor License Expiration Date start",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 09 02:17:54",
+        "event.action": "monitor license expiration date start",
+        "event.code": "355",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log b/x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log
new file mode 100644
index 00000000000..a5ed2fa3bef
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log
@@ -0,0 +1 @@
+<5>1 2021-03-09T10:17:54Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 02:17:54","IsoTimestamp":"2021-03-09T10:17:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"356","Desc":"Monitor License Expiration Date end","Severity":"Info","Issuer":"Batch","Action":"Monitor License Expiration Date end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor License Expiration Date end","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log-expected.json
new file mode 100644
index 00000000000..181d9a733e7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/356_monitor_license_expiration_date_end.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-09T10:17:54.000Z",
+        "cyberarkpas.audit.action": "Monitor License Expiration Date end",
+        "cyberarkpas.audit.desc": "Monitor License Expiration Date end",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T10:17:54Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor License Expiration Date end",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 09 02:17:54",
+        "event.action": "monitor license expiration date end",
+        "event.code": "356",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log b/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log
new file mode 100644
index 00000000000..50743ea86e7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-04T19:10:01Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:01","IsoTimestamp":"2021-03-04T19:10:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"357","Desc":"Monitor FW rules start","Severity":"Info","Issuer":"Batch","Action":"Monitor FW rules start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor FW rules start","GatewayStation":""}}}
+Mar 08 02:32:56 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"357","Desc":"Monitor FW rules start","Severity":"Info","Issuer":"Batch","Action":"Monitor FW rules start","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor FW rules start","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json
new file mode 100644
index 00000000000..a3b04bd34cf
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json
@@ -0,0 +1,75 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:10:01.000Z",
+        "cyberarkpas.audit.action": "Monitor FW rules start",
+        "cyberarkpas.audit.desc": "Monitor FW rules start",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:01Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor FW rules start",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:01",
+        "event.action": "monitor fw rules start",
+        "event.code": "357",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T02:32:56.000-02:00",
+        "cyberarkpas.audit.action": "Monitor FW rules start",
+        "cyberarkpas.audit.desc": "Monitor FW rules start",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor FW rules start",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "event.action": "monitor fw rules start",
+        "event.code": "357",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 580,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log b/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log
new file mode 100644
index 00000000000..cbda469d1fc
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-04T19:10:01Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:01","IsoTimestamp":"2021-03-04T19:10:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"358","Desc":"Monitor FW Rules end","Severity":"Info","Issuer":"Batch","Action":"Monitor FW Rules end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor FW Rules end","GatewayStation":""}}}
+Mar 08 02:32:56 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"358","Desc":"Monitor FW Rules end","Severity":"Info","Issuer":"Batch","Action":"Monitor FW Rules end","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Monitor FW Rules end","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json
new file mode 100644
index 00000000000..a5af60dcea0
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json
@@ -0,0 +1,75 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:10:01.000Z",
+        "cyberarkpas.audit.action": "Monitor FW Rules end",
+        "cyberarkpas.audit.desc": "Monitor FW Rules end",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:01Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor FW Rules end",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:01",
+        "event.action": "monitor fw rules end",
+        "event.code": "358",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T02:32:56.000-02:00",
+        "cyberarkpas.audit.action": "Monitor FW Rules end",
+        "cyberarkpas.audit.desc": "Monitor FW Rules end",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Monitor FW Rules end",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "event.action": "monitor fw rules end",
+        "event.code": "358",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 574,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log b/x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log
new file mode 100644
index 00000000000..3006cd28bbd
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log
@@ -0,0 +1,10 @@
+<5>1 2021-03-25T14:56:44Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT USER FROM DUAL;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=69B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:56:44","IsoTimestamp":"2021-03-25T14:56:44Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SELECT USER FROM DUAL;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=69B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:56:44Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=BEGIN DBMS_OUTPUT.DISABLE\\; END\\;;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=123B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:56:44","IsoTimestamp":"2021-03-25T14:56:44Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=BEGIN DBMS_OUTPUT.DISABLE\\; END\\;;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=123B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:56:44Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT ATTRIBUTE,SCOPE,NUMERIC_VALUE,CHAR_VALUE,DATE_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND (UPPER(USER) LIKE USERID);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=187B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:56:44","IsoTimestamp":"2021-03-25T14:56:44Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SELECT ATTRIBUTE,SCOPE,NUMERIC_VALUE,CHAR_VALUE,DATE_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND (UPPER(USER) LIKE USERID);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=187B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:56:44Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT CHAR_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE   (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND   ((UPPER(USER) LIKE USERID) OR (USERID \\= 'PUBLIC')) AND   (UPPER(ATTRIBUTE) \\= 'ROLES');ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=380B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:56:44","IsoTimestamp":"2021-03-25T14:56:44Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SELECT CHAR_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE   (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND   ((UPPER(USER) LIKE USERID) OR (USERID \\= 'PUBLIC')) AND   (UPPER(ATTRIBUTE) \\= 'ROLES');ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=380B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:56:44Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=BEGIN DBMS_APPLICATION_INFO.SET_MODULE(:1,NULL)\\; END\\; (Parameters bound by position: 1\\=[SQL*Plus]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=596B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:56:44","IsoTimestamp":"2021-03-25T14:56:44Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=BEGIN DBMS_APPLICATION_INFO.SET_MODULE(:1,NULL)\\; END\\; (Parameters bound by position: 1\\=[SQL*Plus]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=596B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:56:45Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:45</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:45Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT DECODE('A','A','1','2') FROM DUAL;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=727B;SrcHost=127.0.0.1;User=HR;VIDOffset=5T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:56:45","IsoTimestamp":"2021-03-25T14:56:45Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SELECT DECODE('A','A','1','2') FROM DUAL;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=727B;SrcHost=127.0.0.1;User=HR;VIDOffset=5T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:56:54Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:54</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:54Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[HELP]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=800B;SrcHost=127.0.0.1;User=HR;VIDOffset=14T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:56:54","IsoTimestamp":"2021-03-25T14:56:54Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[HELP]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=800B;SrcHost=127.0.0.1;User=HR;VIDOffset=14T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:58:02Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:58:02</Timestamp>\n    <IsoTimestamp>2021-03-25T14:58:02Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT * FROM DBA_USERS;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=1097B;SrcHost=127.0.0.1;User=HR;VIDOffset=82T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:58:02","IsoTimestamp":"2021-03-25T14:58:02Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SELECT * FROM DBA_USERS;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=1097B;SrcHost=127.0.0.1;User=HR;VIDOffset=82T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:57:05Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:57:05</Timestamp>\n    <IsoTimestamp>2021-03-25T14:57:05Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[SHOW%]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=948B;SrcHost=127.0.0.1;User=HR;VIDOffset=25T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:57:05","IsoTimestamp":"2021-03-25T14:57:05Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[SHOW%]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=948B;SrcHost=127.0.0.1;User=HR;VIDOffset=25T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
+<5>1 2021-03-25T14:58:44Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:58:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:58:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=select distinct owner from all_objects;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=1153B;SrcHost=127.0.0.1;User=HR;VIDOffset=124T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 10:58:44","IsoTimestamp":"2021-03-25T14:58:44Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"359","Desc":"SQL Command","Severity":"Info","Issuer":"Administrator","Action":"SQL Command","SourceUser":"","TargetUser":"","Safe":"Oracle","File":"Root\\Database-Oracle-oracle.cybr.com-HR","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=select distinct owner from all_objects;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=1153B;SrcHost=127.0.0.1;User=HR;VIDOffset=124T;","Message":"SQL Command","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"HR"},{"Name":"Address","Value":"oracle.cybr.com"},{"Name":"Database","Value":"XE"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580248"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Port","Value":"1521"},{"Name":"LastSuccessChange","Value":"1616011984"},{"Name":"Tags","Value":"Oracle;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log-expected.json
new file mode 100644
index 00000000000..aae4123d3cb
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/359_sql_command.log-expected.json
@@ -0,0 +1,852 @@
+[
+    {
+        "@timestamp": "2021-03-25T14:56:44.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "SELECT USER FROM DUAL",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "69B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "4T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:56:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT USER FROM DUAL;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=69B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:56:44",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:56:44.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "BEGIN DBMS_OUTPUT.DISABLE\\; END\\;",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "123B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "4T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:56:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=BEGIN DBMS_OUTPUT.DISABLE\\; END\\;;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=123B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:56:44",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 3579,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:56:44.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "SELECT ATTRIBUTE,SCOPE,NUMERIC_VALUE,CHAR_VALUE,DATE_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND (UPPER(USER) LIKE USERID)",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "187B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "4T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:56:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT ATTRIBUTE,SCOPE,NUMERIC_VALUE,CHAR_VALUE,DATE_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND (UPPER(USER) LIKE USERID);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=187B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:56:44",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 7188,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:56:44.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "SELECT CHAR_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE   (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND   ((UPPER(USER) LIKE USERID) OR (USERID \\= 'PUBLIC')) AND   (UPPER(ATTRIBUTE) \\= 'ROLES')",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "380B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "4T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:56:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT CHAR_VALUE FROM SYSTEM.PRODUCT_PRIVS WHERE   (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND   ((UPPER(USER) LIKE USERID) OR (USERID \\= 'PUBLIC')) AND   (UPPER(ATTRIBUTE) \\= 'ROLES');ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=380B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:56:44",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 11047,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:56:44.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "BEGIN DBMS_APPLICATION_INFO.SET_MODULE(:1,NULL)\\; END\\; (Parameters bound by position: 1\\=[SQL*Plus])",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "596B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "4T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:56:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=BEGIN DBMS_APPLICATION_INFO.SET_MODULE(:1,NULL)\\; END\\; (Parameters bound by position: 1\\=[SQL*Plus]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=596B;SrcHost=127.0.0.1;User=HR;VIDOffset=4T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:56:44",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 14960,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:56:45.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "SELECT DECODE('A','A','1','2') FROM DUAL",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "727B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "5T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:56:45Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:45</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:45Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT DECODE('A','A','1','2') FROM DUAL;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=727B;SrcHost=127.0.0.1;User=HR;VIDOffset=5T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:56:45",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 18707,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:56:54.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[HELP])",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "800B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "14T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:56:54Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:56:54</Timestamp>\n    <IsoTimestamp>2021-03-25T14:56:54Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[HELP]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=800B;SrcHost=127.0.0.1;User=HR;VIDOffset=14T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:56:54",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 22326,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:58:02.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "SELECT * FROM DBA_USERS",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "1097B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "82T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:58:02Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:58:02</Timestamp>\n    <IsoTimestamp>2021-03-25T14:58:02Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT * FROM DBA_USERS;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=1097B;SrcHost=127.0.0.1;User=HR;VIDOffset=82T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:58:02",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 26101,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:57:05.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[SHOW%])",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "948B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "25T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:57:05Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:57:05</Timestamp>\n    <IsoTimestamp>2021-03-25T14:57:05Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SELECT INFO FROM SYSTEM.HELP WHERE UPPER(TOPIC) LIKE :1 ORDER BY TOPIC,SEQ (Parameters bound by position: 1\\=[SHOW%]);ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=948B;SrcHost=127.0.0.1;User=HR;VIDOffset=25T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:57:05",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 29690,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-25T14:58:44.000Z",
+        "cyberarkpas.audit.action": "SQL Command",
+        "cyberarkpas.audit.ca_properties.address": "oracle.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "XE",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011984",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580248",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "1521",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "Oracle;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "HR",
+        "cyberarkpas.audit.desc": "SQL Command",
+        "cyberarkpas.audit.extra_details.command": "select distinct owner from all_objects",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLPlus",
+        "cyberarkpas.audit.extra_details.data_base": "XE",
+        "cyberarkpas.audit.extra_details.dst_host": "oracle.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "0887c643-42f2-4a4f-806e-58c1689de0e6",
+        "cyberarkpas.audit.extra_details.sql_offset": "1153B",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.user": "HR",
+        "cyberarkpas.audit.extra_details.vid_offset": "124T",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T14:58:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "SQL Command",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 10:58:44</Timestamp>\n    <IsoTimestamp>2021-03-25T14:58:44Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>359</MessageID>\n    <Desc>SQL Command</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>SQL Command</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Oracle</Safe>\n    <File>Root\\Database-Oracle-oracle.cybr.com-HR</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=select distinct owner from all_objects;ConnectionComponentId=PSM-SQLPlus;DataBase=XE;DstHost=oracle.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=0887c643-42f2-4a4f-806e-58c1689de0e6;SQLOffset=1153B;SrcHost=127.0.0.1;User=HR;VIDOffset=124T;</ExtraDetails>\n    <Message>SQL Command</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"HR\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"oracle.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"XE\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580248\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"1521\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011984\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"Oracle;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Oracle",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 10:58:44",
+        "destination.address": "oracle.cybr.com",
+        "destination.domain": "oracle.cybr.com",
+        "destination.user.name": "HR",
+        "event.action": "sql command",
+        "event.category": [
+            "database"
+        ],
+        "event.code": "359",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access"
+        ],
+        "file.path": "Root\\Database-Oracle-oracle.cybr.com-HR",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 33467,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "HR"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log b/x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log
new file mode 100644
index 00000000000..6c959f21d65
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log
@@ -0,0 +1,7 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.7</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=ls \"/var/tmp\";ConnectionComponentId=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=499852f2-22b5-11eb-8bff-000c297aae88;SrcHost=10.2.0.6;SSHOffset=3642B;User=admin2;VIDOffset=125T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Tesla\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"361","IsoTimestamp":"2021-03-16T15:01:00Z","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"Linux","File":"Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2","Station":"10.2.0.7","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=ls \"/var/tmp\";ConnectionComponentId=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=499852f2-22b5-11eb-8bff-000c297aae88;SrcHost=10.2.0.6;SSHOffset=3642B;User=admin2;VIDOffset=125T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"LINUX-SSH"},{"Name":"UserName","Value":"admin2"},{"Name":"Address","Value":"radiussrv.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"CPMDisabled","Value":"No Reason"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"Customer","Value":"Tesla"}]}}}}
+<5>1 2021-03-14T13:49:49Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:49</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=10T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:49:49","IsoTimestamp":"2021-03-14T13:49:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"361","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=10T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615729572"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:32:04Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:32:04</Timestamp>\n    <IsoTimestamp>2021-03-15T10:32:04Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;SSHOffset=1312B;User=testark;VIDOffset=6T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:32:04","IsoTimestamp":"2021-03-15T10:32:04Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"361","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;SSHOffset=1312B;User=testark;VIDOffset=6T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:33:47Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:33:47</Timestamp>\n    <IsoTimestamp>2021-03-15T10:33:47Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=7T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:33:47","IsoTimestamp":"2021-03-15T10:33:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"361","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=7T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T10:35:08Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:35:08</Timestamp>\n    <IsoTimestamp>2021-03-15T10:35:08Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=7T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:35:08","IsoTimestamp":"2021-03-15T10:35:08Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"361","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=7T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T14:11:18Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:11:18</Timestamp>\n    <IsoTimestamp>2021-03-15T14:11:18Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=8T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:11:18","IsoTimestamp":"2021-03-15T14:11:18Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"361","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=8T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615814025"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
+<5>1 2021-03-15T14:45:51Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:45:51</Timestamp>\n    <IsoTimestamp>2021-03-15T14:45:51Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=(reverse-i-search)`grant': grant all privileges on *.* TO 'root'@'%' with grant option\\;;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;SSHOffset=296291B;User=testark;VIDOffset=2081T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615819476\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:45:51","IsoTimestamp":"2021-03-15T14:45:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"361","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=(reverse-i-search)`grant': grant all privileges on *.* TO 'root'@'%' with grant option\\;;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;SSHOffset=296291B;User=testark;VIDOffset=2081T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"1"},{"Name":"LastFailDate","Value":"1615819476"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log-expected.json
new file mode 100644
index 00000000000..2824c5c7f3e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/361_keystroke_logging.log-expected.json
@@ -0,0 +1,649 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_disabled": "No Reason",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "Tesla",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "LINUX-SSH",
+        "cyberarkpas.audit.ca_properties.user_name": "admin2",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "ls \"/var/tmp\"",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "radiussrv.cyberark.local",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "499852f2-22b5-11eb-8bff-000c297aae88",
+        "cyberarkpas.audit.extra_details.src_host": "10.2.0.6",
+        "cyberarkpas.audit.extra_details.ssh_offset": "3642B",
+        "cyberarkpas.audit.extra_details.user": "admin2",
+        "cyberarkpas.audit.extra_details.vid_offset": "125T",
+        "cyberarkpas.audit.file": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux</Safe>\n    <File>Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2</File>\n    <Station>10.2.0.7</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=ls \"/var/tmp\";ConnectionComponentId=PSMP-SSH;DstHost=radiussrv.cyberark.local;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=499852f2-22b5-11eb-8bff-000c297aae88;SrcHost=10.2.0.6;SSHOffset=3642B;User=admin2;VIDOffset=125T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"LINUX-SSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"admin2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"radiussrv.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"No Reason\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"Tesla\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Linux",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.7",
+        "destination.address": "radiussrv.cyberark.local",
+        "destination.domain": "radiussrv.cyberark.local",
+        "destination.user.name": "admin2",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "361",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Operating System-LINUX-SSH-radiussrv.cyberark.local-admin2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.application": "ssh",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.6",
+            "10.2.0.7"
+        ],
+        "related.user": [
+            "Administrator",
+            "admin2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.6",
+        "source.ip": "10.2.0.6",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-14T13:49:49.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615729572",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "sudo su",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "d284c268-2ba0-4366-af52-e33459b073a1",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.ssh_offset": "1309B",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.extra_details.vid_offset": "10T",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:49:49Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:49</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:49Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=d284c268-2ba0-4366-af52-e33459b073a1;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=10T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:49:49",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "361",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2724,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:32:04.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "sudo su",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "29f340df-89e9-405a-beae-0216390cda42",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.ssh_offset": "1312B",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.extra_details.vid_offset": "6T",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:32:04Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:32:04</Timestamp>\n    <IsoTimestamp>2021-03-15T10:32:04Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=29f340df-89e9-405a-beae-0216390cda42;SrcHost=81.32.170.205;SSHOffset=1312B;User=testark;VIDOffset=6T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:32:04",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "361",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6380,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:33:47.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "sudo su",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "f1654cf8-8ce5-472a-8205-ba731b0fab46",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.ssh_offset": "1309B",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.extra_details.vid_offset": "7T",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:33:47Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:33:47</Timestamp>\n    <IsoTimestamp>2021-03-15T10:33:47Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=f1654cf8-8ce5-472a-8205-ba731b0fab46;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=7T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:33:47",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "361",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 9514,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T10:35:08.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "sudo su",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "8b3d0b38-aef5-49d9-bdd7-d57706887d8b",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.ssh_offset": "1309B",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.extra_details.vid_offset": "7T",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:35:08Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:35:08</Timestamp>\n    <IsoTimestamp>2021-03-15T10:35:08Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=8b3d0b38-aef5-49d9-bdd7-d57706887d8b;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=7T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:35:08",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "361",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12648,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:11:18.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615814025",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "sudo su",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "27f74dce-f5d5-4c94-bf99-ca6aafe2c518",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.ssh_offset": "1309B",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.extra_details.vid_offset": "8T",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:11:18Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:11:18</Timestamp>\n    <IsoTimestamp>2021-03-15T14:11:18Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=sudo su;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;SSHOffset=1309B;User=testark;VIDOffset=8T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814025\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:11:18",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "361",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 15782,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T14:45:51.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615819476",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "1",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "(reverse-i-search)`grant': grant all privileges on *.* TO 'root'@'%' with grant option\\;",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSMP-SSH",
+        "cyberarkpas.audit.extra_details.dst_host": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.managed_account": "Yes",
+        "cyberarkpas.audit.extra_details.protocol": "SSH",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "27f74dce-f5d5-4c94-bf99-ca6aafe2c518",
+        "cyberarkpas.audit.extra_details.src_host": "81.32.170.205",
+        "cyberarkpas.audit.extra_details.ssh_offset": "296291B",
+        "cyberarkpas.audit.extra_details.user": "testark",
+        "cyberarkpas.audit.extra_details.vid_offset": "2081T",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:45:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:45:51</Timestamp>\n    <IsoTimestamp>2021-03-15T14:45:51Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>361</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=(reverse-i-search)`grant': grant all privileges on *.* TO 'root'@'%' with grant option\\;;ConnectionComponentId=PSMP-SSH;DstHost=34.123.103.115;ManagedAccount=Yes;Protocol=SSH;PSMID=PSMServer;SessionID=27f74dce-f5d5-4c94-bf99-ca6aafe2c518;SrcHost=81.32.170.205;SSHOffset=296291B;User=testark;VIDOffset=2081T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615819476\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:45:51",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "testark",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "361",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 19698,
+        "log.syslog.priority": "5",
+        "network.application": "ssh",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.123.103.115",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log b/x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log
new file mode 100644
index 00000000000..54143042844
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log
@@ -0,0 +1,5 @@
+<5>1 2021-03-11T16:31:13Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:31:13</Timestamp>\n    <IsoTimestamp>2021-03-11T16:31:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: False; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:31:13","IsoTimestamp":"2021-03-11T16:31:13Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"385","Desc":"BLService Audit Record","Severity":"Info","Issuer":"Administrator","Action":"BLService Audit Record","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: False; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"BLService Audit Record","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-11T16:31:23Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:31:23</Timestamp>\n    <IsoTimestamp>2021-03-11T16:31:23Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:31:23","IsoTimestamp":"2021-03-11T16:31:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"385","Desc":"BLService Audit Record","Severity":"Info","Issuer":"Administrator","Action":"BLService Audit Record","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"BLService Audit Record","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-11T19:40:52Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:40:52</Timestamp>\n    <IsoTimestamp>2021-03-11T19:40:52Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 11:40:52","IsoTimestamp":"2021-03-11T19:40:52Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"385","Desc":"BLService Audit Record","Severity":"Info","Issuer":"Administrator","Action":"BLService Audit Record","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"BLService Audit Record","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-14T12:04:35Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:04:35</Timestamp>\n    <IsoTimestamp>2021-03-14T12:04:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:04:35","IsoTimestamp":"2021-03-14T12:04:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"385","Desc":"BLService Audit Record","Severity":"Info","Issuer":"Administrator","Action":"BLService Audit Record","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"BLService Audit Record","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-14T12:04:53Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:04:53</Timestamp>\n    <IsoTimestamp>2021-03-14T12:04:53Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 500; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:04:53","IsoTimestamp":"2021-03-14T12:04:53Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"385","Desc":"BLService Audit Record","Severity":"Info","Issuer":"Administrator","Action":"BLService Audit Record","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 500; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"BLService Audit Record","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log-expected.json
new file mode 100644
index 00000000000..afc569ca43a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/385_blservice_audit_record.log-expected.json
@@ -0,0 +1,227 @@
+[
+    {
+        "@timestamp": "2021-03-11T16:31:13.000Z",
+        "cyberarkpas.audit.action": "BLService Audit Record",
+        "cyberarkpas.audit.desc": "BLService Audit Record",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:31:13Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.location": "<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: False; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>",
+        "cyberarkpas.audit.message": "BLService Audit Record",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:31:13</Timestamp>\n    <IsoTimestamp>2021-03-11T16:31:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: False; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:31:13",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "blservice audit record",
+        "event.code": "385",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:31:23.000Z",
+        "cyberarkpas.audit.action": "BLService Audit Record",
+        "cyberarkpas.audit.desc": "BLService Audit Record",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:31:23Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.location": "<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>",
+        "cyberarkpas.audit.message": "BLService Audit Record",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:31:23</Timestamp>\n    <IsoTimestamp>2021-03-11T16:31:23Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: True; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:31:23",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "blservice audit record",
+        "event.code": "385",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3510,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T19:40:52.000Z",
+        "cyberarkpas.audit.action": "BLService Audit Record",
+        "cyberarkpas.audit.desc": "BLService Audit Record",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T19:40:52Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.location": "<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>",
+        "cyberarkpas.audit.message": "BLService Audit Record",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:40:52</Timestamp>\n    <IsoTimestamp>2021-03-11T19:40:52Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: True; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 11:40:52",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "blservice audit record",
+        "event.code": "385",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7018,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:04:35.000Z",
+        "cyberarkpas.audit.action": "BLService Audit Record",
+        "cyberarkpas.audit.desc": "BLService Audit Record",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:04:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.location": "<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>",
+        "cyberarkpas.audit.message": "BLService Audit Record",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:04:35</Timestamp>\n    <IsoTimestamp>2021-03-14T12:04:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 90; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:04:35",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "blservice audit record",
+        "event.code": "385",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 10528,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:04:53.000Z",
+        "cyberarkpas.audit.action": "BLService Audit Record",
+        "cyberarkpas.audit.desc": "BLService Audit Record",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:04:53Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.location": "<VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 500; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader>",
+        "cyberarkpas.audit.message": "BLService Audit Record",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:04:53</Timestamp>\n    <IsoTimestamp>2021-03-14T12:04:53Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>385</MessageID>\n    <Desc>BLService Audit Record</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>BLService Audit Record</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location><VaultCommandAuditApplicativeHeader z:Id=\"1\" xmlns=\"CyberArk.AppServices.LogicContainer.Audit\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\"><RuleAuditComponent z:Id=\"2\"><Action z:Id=\"3\">Update</Action><ContainerName z:Id=\"4\"/><IsAdvanced>true</IsAdvanced><NewValue z:Id=\"5\">EnforceExclusiveAccess: False; EnforceOneTimePasswords: False; AllowOPMAccess: True; RecordSessions: True; EnforceExpirationPeriod: 500; EnforceVerificationPeriod: 7; AuditRetentionPeriod: 90; PSMEnabled: False; RequireReason: AllowFreeTextReason: True, BasicValue: False; AllowTransparentConnection: AllowViewingPasswords: True, BasicValue: True; DualControl: BasicValue: False, DualControlRequireMultilevelApproval: False, DualControlRequireManagerialApproval: False, DualControlRequiredConfirmers: 1</NewValue><OldValue z:Id=\"6\">N/A</OldValue><PropertyName z:Id=\"7\">Master Policy</PropertyName></RuleAuditComponent></VaultCommandAuditApplicativeHeader></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>BLService Audit Record</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:04:53",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "blservice audit record",
+        "event.code": "385",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 14040,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log b/x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log
new file mode 100644
index 00000000000..211d487b613
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log
@@ -0,0 +1,15 @@
+<7>1 2021-03-15T13:19:58Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:19:58</Timestamp>\n    <IsoTimestamp>2021-03-15T13:19:58Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814397\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:19:58","IsoTimestamp":"2021-03-15T13:19:58Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n","ExtraDetails":"address=34.66.114.180;username=ELASTIC\\bart;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615814397"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). "},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T13:25:32Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:25:32</Timestamp>\n    <IsoTimestamp>2021-03-15T13:25:32Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814709\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"UserDN\" Value=\"ELASTIC.local\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:25:32","IsoTimestamp":"2021-03-15T13:25:32Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). \n","ExtraDetails":"address=34.66.114.180;username=bart;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615814709"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"UserDN","Value":"ELASTIC.local"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). "},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T13:33:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:33:26</Timestamp>\n    <IsoTimestamp>2021-03-15T13:33:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615815206\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:33:26","IsoTimestamp":"2021-03-15T13:33:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n","ExtraDetails":"address=34.66.114.180;username=ELASTIC.local\\bart;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC.local\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615815206"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). "},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T15:04:11Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:04:11</Timestamp>\n    <IsoTimestamp>2021-03-15T15:04:11Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #1). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=1;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615820651\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 08:04:11","IsoTimestamp":"2021-03-15T15:04:11Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #1). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n","ExtraDetails":"address=34.66.114.180;retriescount=1;username=ELASTIC.local\\bart;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC.local\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"1"},{"Name":"LastFailDate","Value":"1615820651"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). "},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T16:35:01Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 09:35:01</Timestamp>\n    <IsoTimestamp>2021-03-15T16:35:01Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #2). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=2;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"2\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615826099\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 09:35:01","IsoTimestamp":"2021-03-15T16:35:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #2). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n","ExtraDetails":"address=34.66.114.180;retriescount=2;username=ELASTIC.local\\bart;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC.local\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"2"},{"Name":"LastFailDate","Value":"1615826099"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). "},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T16:56:29Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 09:56:29</Timestamp>\n    <IsoTimestamp>2021-03-15T16:56:29Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615827245\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 09:56:29","IsoTimestamp":"2021-03-15T16:56:29Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n","ExtraDetails":"address=10.0.1.20;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"10.0.1.20"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615827245"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T17:01:07Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:01:07</Timestamp>\n    <IsoTimestamp>2021-03-15T17:01:07Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615827554\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"mariadb\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 10:01:07","IsoTimestamp":"2021-03-15T17:01:07Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application\n","ExtraDetails":"address=10.0.1.20;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"10.0.1.20"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615827554"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"DSN","Value":"mariadb"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T17:05:47Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:05:47</Timestamp>\n    <IsoTimestamp>2021-03-15T17:05:47Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615827864\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"DRIVER={MariaDB ODBC 3.1 Driver};TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 10:05:47","IsoTimestamp":"2021-03-15T17:05:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n","ExtraDetails":"address=10.0.1.20;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"10.0.1.20"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615827864"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"DSN","Value":"DRIVER={MariaDB ODBC 3.1 Driver};TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T17:10:25Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:10:25</Timestamp>\n    <IsoTimestamp>2021-03-15T17:10:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615828174\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"DSN=mariadb;TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 10:10:25","IsoTimestamp":"2021-03-15T17:10:25Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n","ExtraDetails":"address=10.0.1.20;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"10.0.1.20"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615828174"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"DSN","Value":"DSN=mariadb;TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T17:28:07Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:28:07</Timestamp>\n    <IsoTimestamp>2021-03-15T17:28:07Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=127.0.0.1;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"127.0.0.1\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615829287\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 10:28:07","IsoTimestamp":"2021-03-15T17:28:07Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n","ExtraDetails":"address=127.0.0.1;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"127.0.0.1"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615829287"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"Port","Value":"3306"},{"Name":"Database","Value":"test"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T17:33:17Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:33:17</Timestamp>\n    <IsoTimestamp>2021-03-15T17:33:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=127.0.0.1;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"127.0.0.1\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615829597\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"mysql\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 10:33:17","IsoTimestamp":"2021-03-15T17:33:17Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n","ExtraDetails":"address=127.0.0.1;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"127.0.0.1"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615829597"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"Port","Value":"3306"},{"Name":"Database","Value":"test"},{"Name":"DSN","Value":"mysql"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T17:38:27Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:38:27</Timestamp>\n    <IsoTimestamp>2021-03-15T17:38:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n</Reason>\n    <ExtraDetails>address=127.0.0.1;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"127.0.0.1\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615829907\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"Driver={MySQL ODBC 5.3 Unicode Driver};server=%ADDRESS%;user=%USER%;option=3;port=%PORT%;Password=%LOGONPASSWORD%\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 10:38:27","IsoTimestamp":"2021-03-15T17:38:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n","ExtraDetails":"address=127.0.0.1;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"127.0.0.1"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615829907"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"Port","Value":"3306"},{"Name":"Database","Value":"test"},{"Name":"DSN","Value":"Driver={MySQL ODBC 5.3 Unicode Driver};server=%ADDRESS%;user=%USER%;option=3;port=%PORT%;Password=%LOGONPASSWORD%"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T18:00:07Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 11:00:07</Timestamp>\n    <IsoTimestamp>2021-03-15T18:00:07Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=Driver\\={MySQL ODBC 5.3 Unicode Driver}\\;server\\=127.0.0.1\\;user\\=root\\;option\\=3\\;port\\=3306\\;Password\\=1234;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"Driver={MySQL ODBC 5.3 Unicode Driver};server=127.0.0.1;user=root;option=3;port=3306;Password=1234\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615831206\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"mysql\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 11:00:07","IsoTimestamp":"2021-03-15T18:00:07Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.0.1.20-root","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n","ExtraDetails":"address=Driver\\={MySQL ODBC 5.3 Unicode Driver}\\;server\\=127.0.0.1\\;user\\=root\\;option\\=3\\;port\\=3306\\;Password\\=1234;username=root;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"root"},{"Name":"Address","Value":"Driver={MySQL ODBC 5.3 Unicode Driver};server=127.0.0.1;user=root;option=3;port=3306;Password=1234"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615831206"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"Port","Value":"3306"},{"Name":"Database","Value":"test"},{"Name":"DSN","Value":"mysql"},{"Name":"CPMErrorDetails","Value":"Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<7>1 2021-03-15T18:05:16Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 11:05:16</Timestamp>\n    <IsoTimestamp>2021-03-15T18:05:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #3). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=3;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"3\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615831516\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 11:05:16","IsoTimestamp":"2021-03-15T18:05:16Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #3). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n","ExtraDetails":"address=34.66.114.180;retriescount=3;username=ELASTIC.local\\bart;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC.local\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"3"},{"Name":"LastFailDate","Value":"1615831516"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). "},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-16T09:50:19Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 16 02:50:19</Timestamp>\n    <IsoTimestamp>2021-03-16T09:50:19Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #4). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=4;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615888216\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 16 02:50:19","IsoTimestamp":"2021-03-16T09:50:19Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"38","Desc":"CPM Verify Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Verify Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #4). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n","ExtraDetails":"address=34.66.114.180;retriescount=4;username=ELASTIC.local\\bart;","Message":"CPM Verify Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC.local\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"VerifyTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"4"},{"Name":"LastFailDate","Value":"1615888216"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). "},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log-expected.json
new file mode 100644
index 00000000000..6e9afaabf56
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/38_cpm_verify_password_failed.log-expected.json
@@ -0,0 +1,1196 @@
+[
+    {
+        "@timestamp": "2021-03-15T13:19:58.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615814397",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC\\bart",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:19:58Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:19:58</Timestamp>\n    <IsoTimestamp>2021-03-15T13:19:58Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814397\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:19:58",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "destination.user.name": "ELASTIC\\bart",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error in verifypass to user 34.66.114.180\\ELASTIC\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T13:25:32.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). ",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615814709",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_dn": "ELASTIC.local",
+        "cyberarkpas.audit.ca_properties.user_name": "bart",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.username": "bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:25:32Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:25:32</Timestamp>\n    <IsoTimestamp>2021-03-15T13:25:32Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615814709\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"UserDN\" Value=\"ELASTIC.local\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). \n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:25:32",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "destination.user.name": "bart",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error in verifypass to user 34.66.114.180\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The network name cannot be found. (winRc=67). ",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4191,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T13:33:26.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615815206",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:33:26Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:33:26</Timestamp>\n    <IsoTimestamp>2021-03-15T13:33:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615815206\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #0). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:33:26",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "destination.user.name": "ELASTIC.local\\bart",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8413,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC.local\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T15:04:11.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615820651",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "1",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "1",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T15:04:11Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:04:11</Timestamp>\n    <IsoTimestamp>2021-03-15T15:04:11Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #1). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=1;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615820651\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #1). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 08:04:11",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "destination.user.name": "ELASTIC.local\\bart",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12652,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC.local\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T16:35:01.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615826099",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "2",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "2",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T16:35:01Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 09:35:01</Timestamp>\n    <IsoTimestamp>2021-03-15T16:35:01Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #2). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=2;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"2\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615826099\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #2). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 09:35:01",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "destination.user.name": "ELASTIC.local\\bart",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 16937,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC.local\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T16:56:29.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "10.0.1.20",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615827245",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "10.0.1.20",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T16:56:29Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 09:56:29</Timestamp>\n    <IsoTimestamp>2021-03-15T16:56:29Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615827245\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 09:56:29",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server 10.0.1.20. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 21222,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T17:01:07.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "10.0.1.20",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.dsn": "mariadb",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615827554",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "10.0.1.20",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T17:01:07Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:01:07</Timestamp>\n    <IsoTimestamp>2021-03-15T17:01:07Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615827554\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"mariadb\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 10:01:07",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server . State: IM014 Native error: 0 Message: [Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 25232,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T17:05:47.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "10.0.1.20",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.dsn": "DRIVER={MariaDB ODBC 3.1 Driver};TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615827864",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "10.0.1.20",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T17:05:47Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:05:47</Timestamp>\n    <IsoTimestamp>2021-03-15T17:05:47Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615827864\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"DRIVER={MariaDB ODBC 3.1 Driver};TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 10:05:47",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 29415,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T17:10:25.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "10.0.1.20",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.dsn": "DSN=mariadb;TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615828174",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "10.0.1.20",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T17:10:25Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:10:25</Timestamp>\n    <IsoTimestamp>2021-03-15T17:10:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n</Reason>\n    <ExtraDetails>address=10.0.1.20;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.0.1.20\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615828174\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"DSN=mariadb;TCPIP=1;SERVER=localhost;UID=root;PWD=1234;DATABASE=test\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 10:10:25",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 33542,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T17:28:07.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "127.0.0.1",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "test",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615829287",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.port": "3306",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T17:28:07Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:28:07</Timestamp>\n    <IsoTimestamp>2021-03-15T17:28:07Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=127.0.0.1;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"127.0.0.1\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615829287\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 10:28:07",
+        "destination.address": "127.0.0.1",
+        "destination.ip": "127.0.0.1",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server 127.0.0.1. State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 37627,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "127.0.0.1"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T17:33:17.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "127.0.0.1",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "test",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.dsn": "mysql",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615829597",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.port": "3306",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T17:33:17Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:33:17</Timestamp>\n    <IsoTimestamp>2021-03-15T17:33:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=127.0.0.1;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"127.0.0.1\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615829597\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"mysql\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 10:33:17",
+        "destination.address": "127.0.0.1",
+        "destination.ip": "127.0.0.1",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 41831,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "127.0.0.1"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T17:38:27.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "127.0.0.1",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "test",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.dsn": "Driver={MySQL ODBC 5.3 Unicode Driver};server=%ADDRESS%;user=%USER%;option=3;port=%PORT%;Password=%LOGONPASSWORD%",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615829907",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.port": "3306",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T17:38:27Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 10:38:27</Timestamp>\n    <IsoTimestamp>2021-03-15T17:38:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n</Reason>\n    <ExtraDetails>address=127.0.0.1;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"127.0.0.1\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615829907\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"Driver={MySQL ODBC 5.3 Unicode Driver};server=%ADDRESS%;user=%USER%;option=3;port=%PORT%;Password=%LOGONPASSWORD%\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 10:38:27",
+        "destination.address": "127.0.0.1",
+        "destination.ip": "127.0.0.1",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server . State: HY090 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Invalid string or buffer length",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 46092,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "127.0.0.1"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T18:00:07.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "Driver={MySQL ODBC 5.3 Unicode Driver};server=127.0.0.1;user=root;option=3;port=3306;Password=1234",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "test",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.dsn": "mysql",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615831206",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.port": "3306",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "root",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "Driver\\={MySQL ODBC 5.3 Unicode Driver}\\;server\\=127.0.0.1\\;user\\=root\\;option\\=3\\;port\\=3306\\;Password\\=1234",
+        "cyberarkpas.audit.extra_details.username": "root",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.0.1.20-root",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T18:00:07Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 11:00:07</Timestamp>\n    <IsoTimestamp>2021-03-15T18:00:07Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.0.1.20-root</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n</Reason>\n    <ExtraDetails>address=Driver\\={MySQL ODBC 5.3 Unicode Driver}\\;server\\=127.0.0.1\\;user\\=root\\;option\\=3\\;port\\=3306\\;Password\\=1234;username=root;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"root\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"Driver={MySQL ODBC 5.3 Unicode Driver};server=127.0.0.1;user=root;option=3;port=3306;Password=1234\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615831206\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"DSN\" Value=\"mysql\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM344E Verifying Password Safe: partner, Folder: Root, Object: Database-MySQL-10.0.1.20-root failed (try #0). Code: 2103, Error: Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 11:00:07",
+        "destination.address": "Driver={MySQL ODBC 5.3 Unicode Driver};server=127.0.0.1;user=root;option=3;port=3306;Password=1234",
+        "destination.domain": "Driver={MySQL ODBC 5.3 Unicode Driver};server=127.0.0.1;user=root;option=3;port=3306;Password=1234",
+        "destination.user.name": "root",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error when verifypass to User root on Server . State: IM002 Native error: 0 Message: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Database-MySQL-10.0.1.20-root",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 50461,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "root"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-15T18:05:16.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615831516",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "3",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "3",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T18:05:16Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 11:05:16</Timestamp>\n    <IsoTimestamp>2021-03-15T18:05:16Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #3). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=3;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"3\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615831516\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #3). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 11:05:16",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "destination.user.name": "ELASTIC.local\\bart",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 55122,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC.local\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-16T09:50:19.000Z",
+        "cyberarkpas.audit.action": "CPM Verify Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615888216",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "4",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.desc": "CPM Verify Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "4",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC.local\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T09:50:19Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 16 02:50:19</Timestamp>\n    <IsoTimestamp>2021-03-16T09:50:19Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>38</MessageID>\n    <Desc>CPM Verify Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Verify Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #4). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=4;username=ELASTIC.local\\bart;</ExtraDetails>\n    <Message>CPM Verify Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC.local\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615888216\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM344E Verifying Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-34.66.114.180-ELASTICbart failed (try #4). Code: 2101, Error: Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). \n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 16 02:50:19",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "destination.user.name": "ELASTIC.local\\bart",
+        "event.action": "cpm verify password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "38",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Error in verifypass to user 34.66.114.180\\ELASTIC.local\\bart on domain 34.66.114.180(\\\\34.66.114.180). Reason: The specified username is invalid. (winRc=2202). ",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-34.66.114.180-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 59407,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC.local\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log b/x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log
new file mode 100644
index 00000000000..1bc88cc1bbe
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log
@@ -0,0 +1 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>411</MessageID>\n    <Desc>Window Title</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Window Title</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.5</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=shutdown.exe, Shutdown Event Tracker;ConnectionComponentId=PSM-RDP;DstHost=dbserver.cyberark.local;ProcessId=4144;ProcessName=shutdown.exe;Protocol=RDP;PSMID=PSMServer_88f6598;RDPOffset=218B;SessionID=a1f46060-1de4-4f56-a8ba-71fdf3140ac1;SrcHost=10.2.0.6;User=Administrator2;VIDOffset=12T;</ExtraDetails>\n    <Message>Window Title</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"411","Desc":"Window Title","Severity":"Info","Issuer":"adm2","Action":"Window Title","SourceUser":"","TargetUser":"","Safe":"Windows","File":"Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2","Station":"10.2.0.5","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=shutdown.exe, Shutdown Event Tracker;ConnectionComponentId=PSM-RDP;DstHost=dbserver.cyberark.local;ProcessId=4144;ProcessName=shutdown.exe;Protocol=RDP;PSMID=PSMServer_88f6598;RDPOffset=218B;SessionID=a1f46060-1de4-4f56-a8ba-71fdf3140ac1;SrcHost=10.2.0.6;User=Administrator2;VIDOffset=12T;","IsoTimestamp":"2021-03-16T17:11:42Z","Message":"Window Title","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WIN-SERVER-LOCAL"},{"Name":"UserName","Value":"Administrator2"},{"Name":"Address","Value":"dbserver.cyberark.local"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"LogonDomain","Value":"DBServer"},{"Name":"SequenceID","Value":"1"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"success"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessReconciliation","Value":"1604944215"},{"Name":"Customer","Value":"EvilCorp"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log-expected.json
new file mode 100644
index 00000000000..365c217d660
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/411_window_title.log-expected.json
@@ -0,0 +1,84 @@
+[
+    {
+        "@timestamp": "2021-03-16T17:11:42.000Z",
+        "cyberarkpas.audit.action": "Window Title",
+        "cyberarkpas.audit.ca_properties.address": "dbserver.cyberark.local",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.customer": "EvilCorp",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_success_reconciliation": "1604944215",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "DBServer",
+        "cyberarkpas.audit.ca_properties.policy_id": "WIN-SERVER-LOCAL",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "1",
+        "cyberarkpas.audit.ca_properties.user_name": "Administrator2",
+        "cyberarkpas.audit.desc": "Window Title",
+        "cyberarkpas.audit.extra_details.command": "shutdown.exe, Shutdown Event Tracker",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-RDP",
+        "cyberarkpas.audit.extra_details.dst_host": "dbserver.cyberark.local",
+        "cyberarkpas.audit.extra_details.process_id": "4144",
+        "cyberarkpas.audit.extra_details.process_name": "shutdown.exe",
+        "cyberarkpas.audit.extra_details.protocol": "RDP",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer_88f6598",
+        "cyberarkpas.audit.extra_details.rdp_offset": "218B",
+        "cyberarkpas.audit.extra_details.session_id": "a1f46060-1de4-4f56-a8ba-71fdf3140ac1",
+        "cyberarkpas.audit.extra_details.src_host": "10.2.0.6",
+        "cyberarkpas.audit.extra_details.user": "Administrator2",
+        "cyberarkpas.audit.extra_details.vid_offset": "12T",
+        "cyberarkpas.audit.file": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T17:11:42Z",
+        "cyberarkpas.audit.issuer": "adm2",
+        "cyberarkpas.audit.message": "Window Title",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>411</MessageID>\n    <Desc>Window Title</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Window Title</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Windows</Safe>\n    <File>Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2</File>\n    <Station>10.2.0.5</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=shutdown.exe, Shutdown Event Tracker;ConnectionComponentId=PSM-RDP;DstHost=dbserver.cyberark.local;ProcessId=4144;ProcessName=shutdown.exe;Protocol=RDP;PSMID=PSMServer_88f6598;RDPOffset=218B;SessionID=a1f46060-1de4-4f56-a8ba-71fdf3140ac1;SrcHost=10.2.0.6;User=Administrator2;VIDOffset=12T;</ExtraDetails>\n    <Message>Window Title</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WIN-SERVER-LOCAL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"Administrator2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"dbserver.cyberark.local\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"DBServer\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1604944215\"></CAProperty>\n      <CAProperty Name=\"Customer\" Value=\"EvilCorp\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "Windows",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.5",
+        "destination.address": "dbserver.cyberark.local",
+        "destination.domain": "dbserver.cyberark.local",
+        "destination.user.name": "Administrator2",
+        "event.action": "window title",
+        "event.category": [
+            "process"
+        ],
+        "event.code": "411",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "access",
+            "info"
+        ],
+        "file.path": "Root\\Operating System-WIN-SERVER-LOCAL-dbserver.cyberark.local-Administrator2",
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.application": "rdp",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "process.name": "shutdown.exe",
+        "process.pid": "4144",
+        "related.ip": [
+            "10.2.0.6",
+            "10.2.0.5"
+        ],
+        "related.user": [
+            "adm2",
+            "Administrator2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.6",
+        "source.ip": "10.2.0.6",
+        "source.user.name": "adm2",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "adm2"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log b/x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log
new file mode 100644
index 00000000000..e10964e76c2
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log
@@ -0,0 +1 @@
+<5>1 2021-03-25T11:29:37Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 07:29:37</Timestamp>\n    <IsoTimestamp>2021-03-25T11:29:37Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>412</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>MSSQL</Safe>\n    <File>Root\\Database-MSSql-epmsvr01.cybr.com-sa</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SHOW DATABASES\\;;ConnectionComponentId=PSM-SQLServerMgmtStudio;DataBase=master;DstHost=tgtsvr01.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=975edc19-ad10-4b42-8098-f26afab40fac;SrcHost=127.0.0.1;TXTOffset=702B;User=sa;VIDOffset=33T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MSSql\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"sa\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"tgtsvr01.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"master\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580240\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011980\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"SQL;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 07:29:37","IsoTimestamp":"2021-03-25T11:29:37Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"412","Desc":"Keystroke logging","Severity":"Info","Issuer":"Administrator","Action":"Keystroke logging","SourceUser":"","TargetUser":"","Safe":"MSSQL","File":"Root\\Database-MSSql-epmsvr01.cybr.com-sa","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"Command=SHOW DATABASES\\;;ConnectionComponentId=PSM-SQLServerMgmtStudio;DataBase=master;DstHost=tgtsvr01.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=975edc19-ad10-4b42-8098-f26afab40fac;SrcHost=127.0.0.1;TXTOffset=702B;User=sa;VIDOffset=33T;","Message":"Keystroke logging","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MSSql"},{"Name":"UserName","Value":"sa"},{"Name":"Address","Value":"tgtsvr01.cybr.com"},{"Name":"Database","Value":"master"},{"Name":"DeviceType","Value":"Database"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616580240"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessChange","Value":"1616011980"},{"Name":"Tags","Value":"SQL;DB"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log-expected.json
new file mode 100644
index 00000000000..685a4a0586a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/412_keystroke_logging.log-expected.json
@@ -0,0 +1,85 @@
+[
+    {
+        "@timestamp": "2021-03-25T11:29:37.000Z",
+        "cyberarkpas.audit.action": "Keystroke logging",
+        "cyberarkpas.audit.ca_properties.address": "tgtsvr01.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "master",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011980",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580240",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "MSSql",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.tags": "SQL;DB",
+        "cyberarkpas.audit.ca_properties.user_name": "sa",
+        "cyberarkpas.audit.desc": "Keystroke logging",
+        "cyberarkpas.audit.extra_details.command": "SHOW DATABASES\\;",
+        "cyberarkpas.audit.extra_details.connection_component_id": "PSM-SQLServerMgmtStudio",
+        "cyberarkpas.audit.extra_details.data_base": "master",
+        "cyberarkpas.audit.extra_details.dst_host": "tgtsvr01.cybr.com",
+        "cyberarkpas.audit.extra_details.protocol": "SQLNet",
+        "cyberarkpas.audit.extra_details.psmid": "PSMServer",
+        "cyberarkpas.audit.extra_details.session_id": "975edc19-ad10-4b42-8098-f26afab40fac",
+        "cyberarkpas.audit.extra_details.src_host": "127.0.0.1",
+        "cyberarkpas.audit.extra_details.txt_offset": "702B",
+        "cyberarkpas.audit.extra_details.user": "sa",
+        "cyberarkpas.audit.extra_details.vid_offset": "33T",
+        "cyberarkpas.audit.file": "Root\\Database-MSSql-epmsvr01.cybr.com-sa",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T11:29:37Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Keystroke logging",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 07:29:37</Timestamp>\n    <IsoTimestamp>2021-03-25T11:29:37Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>412</MessageID>\n    <Desc>Keystroke logging</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Keystroke logging</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>MSSQL</Safe>\n    <File>Root\\Database-MSSql-epmsvr01.cybr.com-sa</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails>Command=SHOW DATABASES\\;;ConnectionComponentId=PSM-SQLServerMgmtStudio;DataBase=master;DstHost=tgtsvr01.cybr.com;Protocol=SQLNet;PSMID=PSMServer;SessionID=975edc19-ad10-4b42-8098-f26afab40fac;SrcHost=127.0.0.1;TXTOffset=702B;User=sa;VIDOffset=33T;</ExtraDetails>\n    <Message>Keystroke logging</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MSSql\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"sa\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"tgtsvr01.cybr.com\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"master\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580240\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011980\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"SQL;DB\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "MSSQL",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 07:29:37",
+        "destination.address": "tgtsvr01.cybr.com",
+        "destination.domain": "tgtsvr01.cybr.com",
+        "destination.user.name": "sa",
+        "event.action": "keystroke logging",
+        "event.category": [
+            "session"
+        ],
+        "event.code": "412",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "file.path": "Root\\Database-MSSql-epmsvr01.cybr.com-sa",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.application": "sqlnet",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "Administrator",
+            "sa"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log b/x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log
new file mode 100644
index 00000000000..d1548afa3c1
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log
@@ -0,0 +1 @@
+<5>1 2021-03-25T10:04:06Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n <audit_record>\n <Rfc5424>yes</Rfc5424>\n <Timestamp>Mar 25 06:04:06</Timestamp>\n <IsoTimestamp>2021-03-25T10:04:06Z</IsoTimestamp>\n <Hostname>VLT01</Hostname>\n <Vendor>Cyber-Ark</Vendor>\n <Product>Vault</Product>\n <Version>12.0.0000</Version>\n <MessageID>414</MessageID>\n <Desc>CPM Verify SSH Key</Desc>\n <Severity>Info</Severity>\n <Issuer>PasswordManager</Issuer>\n <Action>CPM Verify SSH Key</Action>\n <SourceUser></SourceUser>\n <TargetUser></TargetUser>\n <Safe>Linux SSH Keys</Safe>\n <File>Root\\Operating System-UnixSSHKeys-rhel7.cybr.com-firecall1</File>\n <Station>10.0.0.15</Station>\n <Location></Location>\n <Category></Category>\n <RequestId></RequestId>\n <Reason>VerificationPeriod</Reason>\n <ExtraDetails>address=rhel7.cybr.com;username=firecall1;</ExtraDetails>\n <Message>CPM Verify SSH Key</Message>\n <GatewayStation></GatewayStation>\n <CAProperties>\n <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n <CAProperty Name=\"UserName\" Value=\"firecall1\"></CAProperty>\n <CAProperty Name=\"Address\" Value=\"rhel7.cybr.com\"></CAProperty>\n <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n <CAProperty Name=\"SequenceID\" Value=\"2\"></CAProperty>\n <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n <CAProperty Name=\"ExtraPass3Name\" Value=\"Operating System-UnixSSH-rhel7.cybr.com-root\"></CAProperty>\n <CAProperty Name=\"ExtraPass3Folder\" Value=\"Root\"></CAProperty>\n <CAProperty Name=\"ExtraPass3Safe\" Value=\"Linux Root\"></CAProperty>\n <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n <CAProperty Name=\"LastSuccessVerification\" Value=\"1616666646\"></CAProperty>\n <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n <CAProperty Name=\"LastSuccessChange\" Value=\"1582315464\"></CAProperty>\n <CAProperty Name=\"Tags\" Value=\"SSH\"></CAProperty>\n <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n </CAProperties>\n </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 06:04:06","IsoTimestamp":"2021-03-25T10:04:06Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"414","Desc":"CPM Verify SSH Key","Severity":"Info","Issuer":"PasswordManager","Action":"CPM Verify SSH Key","SourceUser":"","TargetUser":"","Safe":"Linux SSH Keys","File":"Root\\Operating System-UnixSSHKeys-rhel7.cybr.com-firecall1","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"VerificationPeriod","ExtraDetails":"address=rhel7.cybr.com;username=firecall1;","Message":"CPM Verify SSH Key","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"firecall1"},{"Name":"Address","Value":"rhel7.cybr.com"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"SequenceID","Value":"2"},{"Name":"CPMStatus","Value":"success"},{"Name":"ExtraPass3Name","Value":"Operating System-UnixSSH-rhel7.cybr.com-root"},{"Name":"ExtraPass3Folder","Value":"Root"},{"Name":"ExtraPass3Safe","Value":"Linux Root"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"VerifyTask"},{"Name":"LastSuccessVerification","Value":"1616666646"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessChange","Value":"1582315464"},{"Name":"Tags","Value":"SSH"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log-expected.json
new file mode 100644
index 00000000000..fe2d5aedaf7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/414_cpm_verify_ssh_key.log-expected.json
@@ -0,0 +1,80 @@
+[
+    {
+        "@timestamp": "2021-03-25T10:04:06.000Z",
+        "cyberarkpas.audit.action": "CPM Verify SSH Key",
+        "cyberarkpas.audit.ca_properties.address": "rhel7.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.extra_pass3_folder": "Root",
+        "cyberarkpas.audit.ca_properties.extra_pass3_name": "Operating System-UnixSSH-rhel7.cybr.com-root",
+        "cyberarkpas.audit.ca_properties.extra_pass3_safe": "Linux Root",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1582315464",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616666646",
+        "cyberarkpas.audit.ca_properties.last_task": "VerifyTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "2",
+        "cyberarkpas.audit.ca_properties.tags": "SSH",
+        "cyberarkpas.audit.ca_properties.user_name": "firecall1",
+        "cyberarkpas.audit.desc": "CPM Verify SSH Key",
+        "cyberarkpas.audit.extra_details.address": "rhel7.cybr.com",
+        "cyberarkpas.audit.extra_details.username": "firecall1",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-rhel7.cybr.com-firecall1",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T10:04:06Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Verify SSH Key",
+        "cyberarkpas.audit.raw": "<syslog>\n\n <audit_record>\n <Rfc5424>yes</Rfc5424>\n <Timestamp>Mar 25 06:04:06</Timestamp>\n <IsoTimestamp>2021-03-25T10:04:06Z</IsoTimestamp>\n <Hostname>VLT01</Hostname>\n <Vendor>Cyber-Ark</Vendor>\n <Product>Vault</Product>\n <Version>12.0.0000</Version>\n <MessageID>414</MessageID>\n <Desc>CPM Verify SSH Key</Desc>\n <Severity>Info</Severity>\n <Issuer>PasswordManager</Issuer>\n <Action>CPM Verify SSH Key</Action>\n <SourceUser></SourceUser>\n <TargetUser></TargetUser>\n <Safe>Linux SSH Keys</Safe>\n <File>Root\\Operating System-UnixSSHKeys-rhel7.cybr.com-firecall1</File>\n <Station>10.0.0.15</Station>\n <Location></Location>\n <Category></Category>\n <RequestId></RequestId>\n <Reason>VerificationPeriod</Reason>\n <ExtraDetails>address=rhel7.cybr.com;username=firecall1;</ExtraDetails>\n <Message>CPM Verify SSH Key</Message>\n <GatewayStation></GatewayStation>\n <CAProperties>\n <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n <CAProperty Name=\"UserName\" Value=\"firecall1\"></CAProperty>\n <CAProperty Name=\"Address\" Value=\"rhel7.cybr.com\"></CAProperty>\n <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n <CAProperty Name=\"SequenceID\" Value=\"2\"></CAProperty>\n <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n <CAProperty Name=\"ExtraPass3Name\" Value=\"Operating System-UnixSSH-rhel7.cybr.com-root\"></CAProperty>\n <CAProperty Name=\"ExtraPass3Folder\" Value=\"Root\"></CAProperty>\n <CAProperty Name=\"ExtraPass3Safe\" Value=\"Linux Root\"></CAProperty>\n <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n <CAProperty Name=\"LastTask\" Value=\"VerifyTask\"></CAProperty>\n <CAProperty Name=\"LastSuccessVerification\" Value=\"1616666646\"></CAProperty>\n <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n <CAProperty Name=\"LastSuccessChange\" Value=\"1582315464\"></CAProperty>\n <CAProperty Name=\"Tags\" Value=\"SSH\"></CAProperty>\n <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n </CAProperties>\n </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "VerificationPeriod",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Linux SSH Keys",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 06:04:06",
+        "destination.address": "rhel7.cybr.com",
+        "destination.domain": "rhel7.cybr.com",
+        "destination.user.name": "firecall1",
+        "event.action": "cpm verify ssh key",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "414",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "info"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-rhel7.cybr.com-firecall1",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "firecall1"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.0.15",
+        "source.ip": "10.0.0.15",
+        "source.user.name": "PasswordManager",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log b/x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log
new file mode 100644
index 00000000000..8c7361274f6
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log
@@ -0,0 +1 @@
+<5>1 2021-03-11T16:50:17Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:50:17</Timestamp>\n    <IsoTimestamp>2021-03-11T16:50:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>427</MessageID>\n    <Desc>Store SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Store SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:50:17","IsoTimestamp":"2021-03-11T16:50:17Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"427","Desc":"Store SSH Key","Severity":"Info","Issuer":"Administrator","Action":"Store SSH Key","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store SSH Key","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log-expected.json
new file mode 100644
index 00000000000..50385a481b0
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/427_store_ssh_key.log-expected.json
@@ -0,0 +1,49 @@
+[
+    {
+        "@timestamp": "2021-03-11T16:50:17.000Z",
+        "cyberarkpas.audit.action": "Store SSH Key",
+        "cyberarkpas.audit.desc": "Store SSH Key",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:50:17Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store SSH Key",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:50:17</Timestamp>\n    <IsoTimestamp>2021-03-11T16:50:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>427</MessageID>\n    <Desc>Store SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Store SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:50:17",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "store ssh key",
+        "event.code": "427",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log b/x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log
new file mode 100644
index 00000000000..1420d0a428e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log
@@ -0,0 +1,3 @@
+<5>1 2021-03-11T17:43:44Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:43:44</Timestamp>\n    <IsoTimestamp>2021-03-11T17:43:44Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>428</MessageID>\n    <Desc>Retrieve SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Retrieve SSH key)for fun and profit</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <UserReason>for fun and profit</UserReason>\n    <RetrieveAction>Retrieve SSH key</RetrieveAction>\n  </General>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:43:44","IsoTimestamp":"2021-03-11T17:43:44Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"428","Desc":"Retrieve SSH Key","Severity":"Info","Issuer":"Administrator","Action":"Retrieve SSH Key","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"(Action: Retrieve SSH key)for fun and profit","PvwaDetails":{"RetrieveReason":{"General":{"UserReason":"for fun and profit","RetrieveAction":"Retrieve SSH key"}}},"ExtraDetails":"","Message":"Retrieve SSH Key","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T21:08:48Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:08:48</Timestamp>\n    <IsoTimestamp>2021-03-11T21:08:48Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>428</MessageID>\n    <Desc>Retrieve SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Connect)testing(Connection to address: 34.123.103.115)</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <UserReason>testing</UserReason>\n    <RetrieveAction>Connect</RetrieveAction>\n  </General>\n  <ConnectionDetails>\n    <ConnectionAddress>34.123.103.115</ConnectionAddress>\n  </ConnectionDetails>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 13:08:48","IsoTimestamp":"2021-03-11T21:08:48Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"428","Desc":"Retrieve SSH Key","Severity":"Info","Issuer":"Administrator","Action":"Retrieve SSH Key","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"(Action: Connect)testing(Connection to address: 34.123.103.115)","PvwaDetails":{"RetrieveReason":{"General":{"UserReason":"testing","RetrieveAction":"Connect"},"ConnectionDetails":{"ConnectionAddress":"34.123.103.115"}}},"ExtraDetails":"","Message":"Retrieve SSH Key","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-15T13:18:52Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:18:52</Timestamp>\n    <IsoTimestamp>2021-03-15T13:18:52Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>428</MessageID>\n    <Desc>Retrieve SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Retrieve SSH key)</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <RetrieveAction>Retrieve SSH key</RetrieveAction>\n  </General>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:18:52","IsoTimestamp":"2021-03-15T13:18:52Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"428","Desc":"Retrieve SSH Key","Severity":"Info","Issuer":"Administrator","Action":"Retrieve SSH Key","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"(Action: Retrieve SSH key)","PvwaDetails":{"RetrieveReason":{"General":{"RetrieveAction":"Retrieve SSH key"}}},"ExtraDetails":"","Message":"Retrieve SSH Key","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSHKeys"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log-expected.json
new file mode 100644
index 00000000000..23d05a8184d
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/428_retrieve_ssh_key.log-expected.json
@@ -0,0 +1,233 @@
+[
+    {
+        "@timestamp": "2021-03-11T17:43:44.000Z",
+        "cyberarkpas.audit.action": "Retrieve SSH Key",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Retrieve SSH Key",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:43:44Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve SSH Key",
+        "cyberarkpas.audit.pvwa_details.retrieve_reason.general.retrieve_action": "Retrieve SSH key",
+        "cyberarkpas.audit.pvwa_details.retrieve_reason.general.user_reason": "for fun and profit",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:43:44</Timestamp>\n    <IsoTimestamp>2021-03-11T17:43:44Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>428</MessageID>\n    <Desc>Retrieve SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Retrieve SSH key)for fun and profit</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <UserReason>for fun and profit</UserReason>\n    <RetrieveAction>Retrieve SSH key</RetrieveAction>\n  </General>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "(Action: Retrieve SSH key)for fun and profit",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:43:44",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "retrieve ssh key",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "428",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "(Action: Retrieve SSH key)for fun and profit",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T21:08:48.000Z",
+        "cyberarkpas.audit.action": "Retrieve SSH Key",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Retrieve SSH Key",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T21:08:48Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve SSH Key",
+        "cyberarkpas.audit.pvwa_details.retrieve_reason.connection_details.connection_address": "34.123.103.115",
+        "cyberarkpas.audit.pvwa_details.retrieve_reason.general.retrieve_action": "Connect",
+        "cyberarkpas.audit.pvwa_details.retrieve_reason.general.user_reason": "testing",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:08:48</Timestamp>\n    <IsoTimestamp>2021-03-11T21:08:48Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>428</MessageID>\n    <Desc>Retrieve SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Connect)testing(Connection to address: 34.123.103.115)</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <UserReason>testing</UserReason>\n    <RetrieveAction>Connect</RetrieveAction>\n  </General>\n  <ConnectionDetails>\n    <ConnectionAddress>34.123.103.115</ConnectionAddress>\n  </ConnectionDetails>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "(Action: Connect)testing(Connection to address: 34.123.103.115)",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 13:08:48",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "retrieve ssh key",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "428",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "(Action: Connect)testing(Connection to address: 34.123.103.115)",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2618,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-15T13:18:52.000Z",
+        "cyberarkpas.audit.action": "Retrieve SSH Key",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSHKeys",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Retrieve SSH Key",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:18:52Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Retrieve SSH Key",
+        "cyberarkpas.audit.pvwa_details.retrieve_reason.general.retrieve_action": "Retrieve SSH key",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:18:52</Timestamp>\n    <IsoTimestamp>2021-03-15T13:18:52Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>428</MessageID>\n    <Desc>Retrieve SSH Key</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Retrieve SSH Key</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>(Action: Retrieve SSH key)</Reason>\n    <PvwaDetails><RetrieveReason>\n  <General>\n    <RetrieveAction>Retrieve SSH key</RetrieveAction>\n  </General>\n</RetrieveReason></PvwaDetails>\n    <ExtraDetails></ExtraDetails>\n    <Message>Retrieve SSH Key</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSHKeys\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "(Action: Retrieve SSH key)",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:18:52",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "destination.user.name": "adrian",
+        "event.action": "retrieve ssh key",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "428",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.reason": "(Action: Retrieve SSH key)",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "admin",
+            "access"
+        ],
+        "file.path": "Root\\Operating System-UnixSSHKeys-34.123.103.115-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5399,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "34.123.103.115",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator",
+            "adrian"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "source.user.name": "Administrator",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log b/x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log
new file mode 100644
index 00000000000..2101b711cb2
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log
@@ -0,0 +1 @@
+<5>1 2021-03-14T12:06:35Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:06:35</Timestamp>\n    <IsoTimestamp>2021-03-14T12:06:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>449</MessageID>\n    <Desc>Create Discovery Succeeded</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Create Discovery Succeeded</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Status:Success; Discovery:<Windows discovery from ELASTIC.local>; Reason:;</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create Discovery Succeeded</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:06:35","IsoTimestamp":"2021-03-14T12:06:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"449","Desc":"Create Discovery Succeeded","Severity":"Info","Issuer":"Administrator","Action":"Create Discovery Succeeded","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"Status:Success; Discovery:<Windows discovery from ELASTIC.local>; Reason:;","ExtraDetails":"","Message":"Create Discovery Succeeded","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log-expected.json
new file mode 100644
index 00000000000..17b939fab90
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/449_create_discovery_succeeded.log-expected.json
@@ -0,0 +1,42 @@
+[
+    {
+        "@timestamp": "2021-03-14T12:06:35.000Z",
+        "cyberarkpas.audit.action": "Create Discovery Succeeded",
+        "cyberarkpas.audit.desc": "Create Discovery Succeeded",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:06:35Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Create Discovery Succeeded",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:06:35</Timestamp>\n    <IsoTimestamp>2021-03-14T12:06:35Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>449</MessageID>\n    <Desc>Create Discovery Succeeded</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Create Discovery Succeeded</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Status:Success; Discovery:<Windows discovery from ELASTIC.local>; Reason:;</Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create Discovery Succeeded</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "Status:Success; Discovery:<Windows discovery from ELASTIC.local>; Reason:;",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:06:35",
+        "event.action": "create discovery succeeded",
+        "event.code": "449",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log b/x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log
new file mode 100644
index 00000000000..918e0a5df3a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log
@@ -0,0 +1,3 @@
+<5>1 2021-03-08T10:19:42Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 02:19:42","IsoTimestamp":"2021-03-08T10:19:42Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"459","Desc":"General Audit","Severity":"Info","Issuer":"PasswordManager","Action":"General Audit","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"Dual account rotation","ExtraDetails":"DualAccountStatus=Active;Index=2;","Message":"General Audit","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountB"},{"Name":"Address","Value":"components"},{"Name":"SequenceID","Value":"24"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1614868762"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"2"},{"Name":"DualAccountStatus","Value":"Active"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-10T14:38:57Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 06:38:57","IsoTimestamp":"2021-03-10T14:38:57Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"459","Desc":"General Audit","Severity":"Info","Issuer":"PasswordManager","Action":"General Audit","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"Dual account rotation","ExtraDetails":"DualAccountStatus=Active;Index=1;","Message":"General Audit","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountA"},{"Name":"Address","Value":"components"},{"Name":"SequenceID","Value":"27"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1615231204"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"1"},{"Name":"DualAccountStatus","Value":"Active"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
+<5>1 2021-03-14T11:48:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 04:48:26</Timestamp>\n    <IsoTimestamp>2021-03-14T11:48:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>459</MessageID>\n    <Desc>General Audit</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>General Audit</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Dual account rotation</Reason>\n    <ExtraDetails>DualAccountStatus=Active;Index=2;</ExtraDetails>\n    <Message>General Audit</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDesktopLocal\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"x_accountB\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"components\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"25\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"GroupName\" Value=\"WindowsGroup\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615419568\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"Index\" Value=\"2\"></CAProperty>\n      <CAProperty Name=\"DualAccountStatus\" Value=\"Active\"></CAProperty>\n      <CAProperty Name=\"VirtualUsername\" Value=\"virtual\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 04:48:26","IsoTimestamp":"2021-03-14T11:48:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"459","Desc":"General Audit","Severity":"Info","Issuer":"PasswordManager","Action":"General Audit","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"Dual account rotation","ExtraDetails":"DualAccountStatus=Active;Index=2;","Message":"General Audit","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"x_accountB"},{"Name":"Address","Value":"components"},{"Name":"SequenceID","Value":"25"},{"Name":"CPMStatus","Value":"success"},{"Name":"RetriesCount","Value":"-1"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"GroupName","Value":"WindowsGroup"},{"Name":"LastSuccessChange","Value":"1615419568"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"Index","Value":"2"},{"Name":"DualAccountStatus","Value":"Active"},{"Name":"VirtualUsername","Value":"virtual"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log-expected.json
new file mode 100644
index 00000000000..d607b784f41
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/459_general_audit.log-expected.json
@@ -0,0 +1,177 @@
+[
+    {
+        "@timestamp": "2021-03-08T10:19:42.000Z",
+        "cyberarkpas.audit.action": "General Audit",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Active",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.index": "2",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1614868762",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "24",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountB",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "General Audit",
+        "cyberarkpas.audit.extra_details.dual_account_status": "Active",
+        "cyberarkpas.audit.extra_details.index": "2",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T10:19:42Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "General Audit",
+        "cyberarkpas.audit.reason": "Dual account rotation",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 02:19:42",
+        "event.action": "general audit",
+        "event.code": "459",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T14:38:57.000Z",
+        "cyberarkpas.audit.action": "General Audit",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Active",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.index": "1",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615231204",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "27",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountA",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "General Audit",
+        "cyberarkpas.audit.extra_details.dual_account_status": "Active",
+        "cyberarkpas.audit.extra_details.index": "1",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T14:38:57Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "General Audit",
+        "cyberarkpas.audit.reason": "Dual account rotation",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 06:38:57",
+        "event.action": "general audit",
+        "event.code": "459",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountA",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1325,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T11:48:26.000Z",
+        "cyberarkpas.audit.action": "General Audit",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.cpm_status": "success",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.dual_account_status": "Active",
+        "cyberarkpas.audit.ca_properties.group_name": "WindowsGroup",
+        "cyberarkpas.audit.ca_properties.index": "2",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1615419568",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.retries_count": "-1",
+        "cyberarkpas.audit.ca_properties.sequence_id": "25",
+        "cyberarkpas.audit.ca_properties.user_name": "x_accountB",
+        "cyberarkpas.audit.ca_properties.virtual_username": "virtual",
+        "cyberarkpas.audit.desc": "General Audit",
+        "cyberarkpas.audit.extra_details.dual_account_status": "Active",
+        "cyberarkpas.audit.extra_details.index": "2",
+        "cyberarkpas.audit.file": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T11:48:26Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "General Audit",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 04:48:26</Timestamp>\n    <IsoTimestamp>2021-03-14T11:48:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>459</MessageID>\n    <Desc>General Audit</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>General Audit</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Test</Safe>\n    <File>Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>Dual account rotation</Reason>\n    <ExtraDetails>DualAccountStatus=Active;Index=2;</ExtraDetails>\n    <Message>General Audit</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDesktopLocal\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"x_accountB\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"components\"></CAProperty>\n      <CAProperty Name=\"SequenceID\" Value=\"25\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"success\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"-1\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"GroupName\" Value=\"WindowsGroup\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1615419568\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"Index\" Value=\"2\"></CAProperty>\n      <CAProperty Name=\"DualAccountStatus\" Value=\"Active\"></CAProperty>\n      <CAProperty Name=\"VirtualUsername\" Value=\"virtual\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "Dual account rotation",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 04:48:26",
+        "event.action": "general audit",
+        "event.code": "459",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WindowsDesktopLocalAccountsRotationalPolicy-10.0.1.20-x_accountB",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2650,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log b/x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log
new file mode 100644
index 00000000000..3888e2be150
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log
@@ -0,0 +1 @@
+<5>1 2021-03-10T18:14:35Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:14:35","IsoTimestamp":"2021-03-10T18:14:35Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"467","Desc":"The component public key for JWT authentication was updated","Severity":"Info","Issuer":"PasswordManager","Action":"The component public key for JWT authentication was updated","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"The component public key for JWT authentication was updated","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log-expected.json
new file mode 100644
index 00000000000..18f132b64b3
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/467_the_component_public_key_for_jwt_authentication_was_updated.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-10T18:14:35.000Z",
+        "cyberarkpas.audit.action": "The component public key for JWT authentication was updated",
+        "cyberarkpas.audit.desc": "The component public key for JWT authentication was updated",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:14:35Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "The component public key for JWT authentication was updated",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:14:35",
+        "event.action": "the component public key for jwt authentication was updated",
+        "event.code": "467",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log b/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log
new file mode 100644
index 00000000000..2fe8ec3c4c7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log
@@ -0,0 +1,2 @@
+<7>1 2021-03-04T19:10:01Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:01","IsoTimestamp":"2021-03-04T19:10:01Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"479","Desc":"Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.","Severity":"Error","Issuer":"Builtin","Action":"Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.","GatewayStation":""}}}
+Mar 08 07:46:54 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"479","Desc":"Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.","Severity":"Error","Issuer":"Builtin","Action":"Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json
new file mode 100644
index 00000000000..e127969e7f2
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json
@@ -0,0 +1,77 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:10:01.000Z",
+        "cyberarkpas.audit.action": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.",
+        "cyberarkpas.audit.desc": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:01Z",
+        "cyberarkpas.audit.issuer": "Builtin",
+        "cyberarkpas.audit.message": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:01",
+        "event.action": "security warning - the signature hash algorithm of the vault certificate is sha1.",
+        "event.code": "479",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": "error",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T07:46:54.000-02:00",
+        "cyberarkpas.audit.action": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.",
+        "cyberarkpas.audit.desc": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.",
+        "cyberarkpas.audit.issuer": "Builtin",
+        "cyberarkpas.audit.message": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "event.action": "security warning - the signature hash algorithm of the vault certificate is sha1.",
+        "event.code": "479",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": "error",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 760,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log b/x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log
new file mode 100644
index 00000000000..fb620b8f180
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log
@@ -0,0 +1 @@
+<5>1 2021-03-10T08:31:49Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:31:49","IsoTimestamp":"2021-03-10T08:31:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"482","Desc":"Update existing Add Account Bulk Operation succeeded","Severity":"Info","Issuer":"PVWAAppUser","Action":"Update existing Add Account Bulk Operation succeeded","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Update existing Add Account Bulk Operation succeeded","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log-expected.json
new file mode 100644
index 00000000000..51dc1afc051
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/482_update_existing_add_account_bulk_operation_succeeded.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-10T08:31:49.000Z",
+        "cyberarkpas.audit.action": "Update existing Add Account Bulk Operation succeeded",
+        "cyberarkpas.audit.desc": "Update existing Add Account Bulk Operation succeeded",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:31:49Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Update existing Add Account Bulk Operation succeeded",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:31:49",
+        "event.action": "update existing add account bulk operation succeeded",
+        "event.code": "482",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log b/x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log
new file mode 100644
index 00000000000..283cc15f94e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log
@@ -0,0 +1,2 @@
+<7>1 2021-03-10T18:42:36Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:42:36","IsoTimestamp":"2021-03-10T18:42:36Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"4","Desc":"User Authentication","Severity":"Error","Issuer":"Administrator","Action":"User Authentication","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"User Authentication","GatewayStation":""}}}
+<7>1 2021-03-11T18:03:43Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:03:43</Timestamp>\n    <IsoTimestamp>2021-03-11T18:03:43Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>4</MessageID>\n    <Desc>User Authentication</Desc>\n    <Severity>Error</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>User Authentication</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>User Authentication</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 10:03:43","IsoTimestamp":"2021-03-11T18:03:43Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"4","Desc":"User Authentication","Severity":"Error","Issuer":"Administrator","Action":"User Authentication","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"User Authentication","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log-expected.json
new file mode 100644
index 00000000000..4e6f09eab4a
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/4_user_authentication.log-expected.json
@@ -0,0 +1,114 @@
+[
+    {
+        "@timestamp": "2021-03-10T18:42:36.000Z",
+        "cyberarkpas.audit.action": "User Authentication",
+        "cyberarkpas.audit.desc": "User Authentication",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:42:36Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "User Authentication",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:42:36",
+        "event.action": "authentication_failure",
+        "event.category": [
+            "authentication"
+        ],
+        "event.code": "4",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T18:03:43.000Z",
+        "cyberarkpas.audit.action": "User Authentication",
+        "cyberarkpas.audit.desc": "User Authentication",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T18:03:43Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "User Authentication",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:03:43</Timestamp>\n    <IsoTimestamp>2021-03-11T18:03:43Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>4</MessageID>\n    <Desc>User Authentication</Desc>\n    <Severity>Error</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>User Authentication</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>User Authentication</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 10:03:43",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "authentication_failure",
+        "event.category": [
+            "authentication"
+        ],
+        "event.code": "4",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "error"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 584,
+        "log.syslog.priority": "7",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log b/x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log
new file mode 100644
index 00000000000..f3d9bd31a39
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log
@@ -0,0 +1,6 @@
+<5>1 2021-03-08T18:24:50Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:24:50","IsoTimestamp":"2021-03-08T18:24:50Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"50","Desc":"Store File","Severity":"Info","Issuer":"PVWAAppUser","Action":"Store File","SourceUser":"","TargetUser":"","Safe":"PVWAPrivateUserPrefs","File":"Root\\YWRtaW5pc3RyYXRvcg==","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store File","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:21Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:21","IsoTimestamp":"2021-03-10T09:11:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"50","Desc":"Store File","Severity":"Info","Issuer":"Administrator","Action":"Store File","SourceUser":"","TargetUser":"","Safe":"PSMPConf","File":"Root\\syntaxparser-conf.json.1.1","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store File","GatewayStation":""}}}
+<5>1 2021-03-10T18:36:22Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:36:22","IsoTimestamp":"2021-03-10T18:36:22Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"50","Desc":"Store File","Severity":"Info","Issuer":"Administrator","Action":"Store File","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"Root\\PVConfiguration.xml","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store File","GatewayStation":""}}}
+<5>1 2021-03-10T22:17:56Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:17:56","IsoTimestamp":"2021-03-10T22:17:56Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"50","Desc":"Store File","Severity":"Info","Issuer":"Administrator","Action":"Store File","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"ROOT\\PVConfiguration.xml","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store File","GatewayStation":""}}}
+<5>1 2021-03-11T17:38:27Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:27</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>50</MessageID>\n    <Desc>Store File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Store File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File>root\\87012dcc-8290-11eb-949e-080027efd402.SSH.txt</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store File</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:27","IsoTimestamp":"2021-03-11T17:38:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"50","Desc":"Store File","Severity":"Info","Issuer":"PSMPApp_VAGRANT","Action":"Store File","SourceUser":"","TargetUser":"","Safe":"PSMRecordings","File":"root\\87012dcc-8290-11eb-949e-080027efd402.SSH.txt","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store File","GatewayStation":""}}}
+<5>1 2021-03-11T19:45:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:45:26</Timestamp>\n    <IsoTimestamp>2021-03-11T19:45:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>50</MessageID>\n    <Desc>Store File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Store File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PVWAConfig</Safe>\n    <File>Root\\PVConfiguration.xml</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 11:45:26","IsoTimestamp":"2021-03-11T19:45:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"50","Desc":"Store File","Severity":"Info","Issuer":"Administrator","Action":"Store File","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"Root\\PVConfiguration.xml","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Store File","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log-expected.json
new file mode 100644
index 00000000000..7b217c835ff
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/50_store_file.log-expected.json
@@ -0,0 +1,278 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:24:50.000Z",
+        "cyberarkpas.audit.action": "Store File",
+        "cyberarkpas.audit.desc": "Store File",
+        "cyberarkpas.audit.file": "Root\\YWRtaW5pc3RyYXRvcg==",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:24:50Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Store File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAPrivateUserPrefs",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:24:50",
+        "event.action": "store file",
+        "event.code": "50",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\YWRtaW5pc3RyYXRvcg==",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:21.000Z",
+        "cyberarkpas.audit.action": "Store File",
+        "cyberarkpas.audit.desc": "Store File",
+        "cyberarkpas.audit.file": "Root\\syntaxparser-conf.json.1.1",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:21",
+        "event.action": "store file",
+        "event.code": "50",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\syntaxparser-conf.json.1.1",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 597,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T18:36:22.000Z",
+        "cyberarkpas.audit.action": "Store File",
+        "cyberarkpas.audit.desc": "Store File",
+        "cyberarkpas.audit.file": "Root\\PVConfiguration.xml",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:36:22Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:36:22",
+        "event.action": "store file",
+        "event.code": "50",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PVConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1194,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:17:56.000Z",
+        "cyberarkpas.audit.action": "Store File",
+        "cyberarkpas.audit.desc": "Store File",
+        "cyberarkpas.audit.file": "ROOT\\PVConfiguration.xml",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:17:56Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:17:56",
+        "event.action": "store file",
+        "event.code": "50",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "ROOT\\PVConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1782,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:27.000Z",
+        "cyberarkpas.audit.action": "Store File",
+        "cyberarkpas.audit.desc": "Store File",
+        "cyberarkpas.audit.file": "root\\87012dcc-8290-11eb-949e-080027efd402.SSH.txt",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:27Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.message": "Store File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:27</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>50</MessageID>\n    <Desc>Store File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Store File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMRecordings</Safe>\n    <File>root\\87012dcc-8290-11eb-949e-080027efd402.SSH.txt</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store File</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMRecordings",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:27",
+        "event.action": "store file",
+        "event.code": "50",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "root\\87012dcc-8290-11eb-949e-080027efd402.SSH.txt",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2374,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T19:45:26.000Z",
+        "cyberarkpas.audit.action": "Store File",
+        "cyberarkpas.audit.desc": "Store File",
+        "cyberarkpas.audit.file": "Root\\PVConfiguration.xml",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T19:45:26Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Store File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:45:26</Timestamp>\n    <IsoTimestamp>2021-03-11T19:45:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>50</MessageID>\n    <Desc>Store File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Store File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PVWAConfig</Safe>\n    <File>Root\\PVConfiguration.xml</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Store File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 11:45:26",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "store file",
+        "event.code": "50",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PVConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3898,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log b/x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log
new file mode 100644
index 00000000000..8cd3214a84f
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log
@@ -0,0 +1,2 @@
+<5>1 2021-03-04T19:10:05Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:05","IsoTimestamp":"2021-03-04T19:10:05Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"51","Desc":"Retrieve File","Severity":"Info","Issuer":"PasswordManager","Action":"Retrieve File","SourceUser":"","TargetUser":"","Safe":"PasswordManagerShared","File":"Root\\Policies\\Policy-GenericWebApp.ini","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Retrieve File","GatewayStation":""}}}
+<5>1 2021-03-04T19:11:23Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:11:23","IsoTimestamp":"2021-03-04T19:11:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"51","Desc":"Retrieve File","Severity":"Info","Issuer":"Prov_COMPONENTS","Action":"Retrieve File","SourceUser":"","TargetUser":"","Safe":"AppProviderConf","File":"Root\\main_appprovider.conf.Win64.11.04","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Retrieve File","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log-expected.json
new file mode 100644
index 00000000000..d6498eae71e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/51_retrieve_file.log-expected.json
@@ -0,0 +1,84 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:10:05.000Z",
+        "cyberarkpas.audit.action": "Retrieve File",
+        "cyberarkpas.audit.desc": "Retrieve File",
+        "cyberarkpas.audit.file": "Root\\Policies\\Policy-GenericWebApp.ini",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:05Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Retrieve File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PasswordManagerShared",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:05",
+        "event.action": "retrieve file",
+        "event.code": "51",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Policies\\Policy-GenericWebApp.ini",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-04T19:11:23.000Z",
+        "cyberarkpas.audit.action": "Retrieve File",
+        "cyberarkpas.audit.desc": "Retrieve File",
+        "cyberarkpas.audit.file": "Root\\main_appprovider.conf.Win64.11.04",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:11:23Z",
+        "cyberarkpas.audit.issuer": "Prov_COMPONENTS",
+        "cyberarkpas.audit.message": "Retrieve File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "AppProviderConf",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:11:23",
+        "event.action": "retrieve file",
+        "event.code": "51",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\main_appprovider.conf.Win64.11.04",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 625,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log b/x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log
new file mode 100644
index 00000000000..d9d8af79da4
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log
@@ -0,0 +1,10 @@
+<5>1 2021-03-08T18:32:43Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:32:43","IsoTimestamp":"2021-03-08T18:32:43Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"Test","File":"Root\\Operating System-WinDesktopLocal-Address-adriansr","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDesktopLocal"},{"Name":"UserName","Value":"adriansr"},{"Name":"Address","Value":"components"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-08T18:38:21Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:38:21","IsoTimestamp":"2021-03-08T18:38:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"VaultInternal","File":"Root\\Operating System-WinServerLocal-components-adriansr","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinServerLocal"},{"Name":"UserName","Value":"adriansr"},{"Name":"Address","Value":"components"},{"Name":"LogonDomain","Value":"COMPONENTS"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-08T19:20:04Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 11:20:04","IsoTimestamp":"2021-03-08T19:20:04Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"PasswordManager","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"PasswordManager_workspace","File":"Root\\Test_4","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":""}}}
+<5>1 2021-03-11T18:59:57Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:59:57</Timestamp>\n    <IsoTimestamp>2021-03-11T18:59:57Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_ASR-WIN</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMSessions</Safe>\n    <File>Root\\c89ca3ba9c76f820fdc58e86f2c854f99d232fcd</File>\n    <Station>35.192.121.42</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 10:59:57","IsoTimestamp":"2021-03-11T18:59:57Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"PSMApp_ASR-WIN","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"PSMSessions","File":"Root\\c89ca3ba9c76f820fdc58e86f2c854f99d232fcd","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":""}}}
+<5>1 2021-03-11T19:32:12Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:32:12</Timestamp>\n    <IsoTimestamp>2021-03-11T19:32:12Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_VAGRANT.LiveSessions</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"_PSMLiveSessions_1\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_2\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_3\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_4\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_5\" Value=\"\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 11:32:12","IsoTimestamp":"2021-03-11T19:32:12Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"PSMPLiveSessions","File":"Root\\PSMPApp_VAGRANT.LiveSessions","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"_PSMLiveSessions_1","Value":""},{"Name":"_PSMLiveSessions_2","Value":""},{"Name":"_PSMLiveSessions_3","Value":""},{"Name":"_PSMLiveSessions_4","Value":""},{"Name":"_PSMLiveSessions_5","Value":""}]}}}}
+<5>1 2021-03-11T21:06:40Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:06:40</Timestamp>\n    <IsoTimestamp>2021-03-11T21:06:40Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-PSMConnect</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"PSMConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"35.192.121.42\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 13:06:40","IsoTimestamp":"2021-03-11T21:06:40Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\Operating System-WinDomain-35.192.121.42-PSMConnect","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"PSMConnect"},{"Name":"Address","Value":"35.192.121.42"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<5>1 2021-03-11T21:06:50Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:06:50</Timestamp>\n    <IsoTimestamp>2021-03-11T21:06:50Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSM-ASR-CYBERARK-WI</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.128.0.65\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"ASR-CYBERARK-WI\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 13:06:50","IsoTimestamp":"2021-03-11T21:06:50Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSM-ASR-CYBERARK-WI","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"UserName","Value":"PSMConnect"},{"Name":"Address","Value":"10.128.0.65"},{"Name":"LogonDomain","Value":"ASR-CYBERARK-WI"}]}}}}
+<5>1 2021-03-14T12:10:17Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:10:17</Timestamp>\n    <IsoTimestamp>2021-03-14T12:10:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSMAdmin</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMAdminConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"169.254.180.25\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"VAGRANT-2012-R2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:10:17","IsoTimestamp":"2021-03-14T12:10:17Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"PSM","File":"Root\\PSMAdmin","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"UserName","Value":"PSMAdminConnect"},{"Name":"Address","Value":"169.254.180.25"},{"Name":"LogonDomain","Value":"VAGRANT-2012-R2"}]}}}}
+<5>1 2021-03-15T15:09:00Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:09:00</Timestamp>\n    <IsoTimestamp>2021-03-15T15:09:00Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-Oracle-10.128.0.7-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.128.0.7\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 08:09:00","IsoTimestamp":"2021-03-15T15:09:00Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-Oracle-10.128.0.7-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"Oracle"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"10.128.0.7"},{"Name":"Port","Value":"3306"},{"Name":"Database","Value":"test"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
+<5>1 2021-03-15T15:13:59Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:13:59</Timestamp>\n    <IsoTimestamp>2021-03-15T15:13:59Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.128.0.7-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.128.0.7\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 08:13:59","IsoTimestamp":"2021-03-15T15:13:59Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"52","Desc":"Delete File","Severity":"Info","Issuer":"Administrator","Action":"Delete File","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Database-MySQL-10.128.0.7-adrian","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Delete File","GatewayStation":"10.0.1.20","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"MySQL"},{"Name":"UserName","Value":"adrian"},{"Name":"Address","Value":"10.128.0.7"},{"Name":"Port","Value":"3306"},{"Name":"Database","Value":"test"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Database"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log-expected.json
new file mode 100644
index 00000000000..571cc11784d
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/52_delete_file.log-expected.json
@@ -0,0 +1,502 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:32:43.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDesktopLocal",
+        "cyberarkpas.audit.ca_properties.user_name": "adriansr",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:32:43Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Test",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:32:43",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WinDesktopLocal-Address-adriansr",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T18:38:21.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.address": "components",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.logon_domain": "COMPONENTS",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinServerLocal",
+        "cyberarkpas.audit.ca_properties.user_name": "adriansr",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinServerLocal-components-adriansr",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:38:21Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "VaultInternal",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:38:21",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WinServerLocal-components-adriansr",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 871,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T19:20:04.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\Test_4",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T19:20:04Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PasswordManager_workspace",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 11:20:04",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Test_4",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1796,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T18:59:57.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\c89ca3ba9c76f820fdc58e86f2c854f99d232fcd",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T18:59:57Z",
+        "cyberarkpas.audit.issuer": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 10:59:57</Timestamp>\n    <IsoTimestamp>2021-03-11T18:59:57Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_ASR-WIN</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMSessions</Safe>\n    <File>Root\\c89ca3ba9c76f820fdc58e86f2c854f99d232fcd</File>\n    <Station>35.192.121.42</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 11 10:59:57",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\c89ca3ba9c76f820fdc58e86f2c854f99d232fcd",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2391,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T19:32:12.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.__psm_live_sessions_1": "",
+        "cyberarkpas.audit.ca_properties.__psm_live_sessions_2": "",
+        "cyberarkpas.audit.ca_properties.__psm_live_sessions_3": "",
+        "cyberarkpas.audit.ca_properties.__psm_live_sessions_4": "",
+        "cyberarkpas.audit.ca_properties.__psm_live_sessions_5": "",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\PSMPApp_VAGRANT.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T19:32:12Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:32:12</Timestamp>\n    <IsoTimestamp>2021-03-11T19:32:12Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_VAGRANT.LiveSessions</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"_PSMLiveSessions_1\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_2\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_3\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_4\" Value=\"\"></CAProperty>\n      <CAProperty Name=\"_PSMLiveSessions_5\" Value=\"\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 11:32:12",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMPApp_VAGRANT.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3907,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T21:06:40.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.address": "35.192.121.42",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMConnect",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-PSMConnect",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T21:06:40Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:06:40</Timestamp>\n    <IsoTimestamp>2021-03-11T21:06:40Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-PSMConnect</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"PSMConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"35.192.121.42\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 13:06:40",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-PSMConnect",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6037,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T21:06:50.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.address": "10.128.0.65",
+        "cyberarkpas.audit.ca_properties.logon_domain": "ASR-CYBERARK-WI",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMConnect",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\PSM-ASR-CYBERARK-WI",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T21:06:50Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:06:50</Timestamp>\n    <IsoTimestamp>2021-03-11T21:06:50Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSM-ASR-CYBERARK-WI</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.128.0.65\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"ASR-CYBERARK-WI\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 13:06:50",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSM-ASR-CYBERARK-WI",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8223,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:10:17.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.address": "169.254.180.25",
+        "cyberarkpas.audit.ca_properties.logon_domain": "VAGRANT-2012-R2",
+        "cyberarkpas.audit.ca_properties.user_name": "PSMAdminConnect",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\PSMAdmin",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:10:17Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:10:17</Timestamp>\n    <IsoTimestamp>2021-03-14T12:10:17Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSM</Safe>\n    <File>Root\\PSMAdmin</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"UserName\" Value=\"PSMAdminConnect\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"169.254.180.25\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"VAGRANT-2012-R2\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSM",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:10:17",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMAdmin",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 10117,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-15T15:09:00.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.address": "10.128.0.7",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "test",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.policy_id": "Oracle",
+        "cyberarkpas.audit.ca_properties.port": "3306",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\Database-Oracle-10.128.0.7-adrian",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T15:09:00Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:09:00</Timestamp>\n    <IsoTimestamp>2021-03-15T15:09:00Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-Oracle-10.128.0.7-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"Oracle\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.128.0.7\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 15 08:09:00",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Database-Oracle-10.128.0.7-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12005,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-15T15:13:59.000Z",
+        "cyberarkpas.audit.action": "Delete File",
+        "cyberarkpas.audit.ca_properties.address": "10.128.0.7",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.database": "test",
+        "cyberarkpas.audit.ca_properties.device_type": "Database",
+        "cyberarkpas.audit.ca_properties.policy_id": "MySQL",
+        "cyberarkpas.audit.ca_properties.port": "3306",
+        "cyberarkpas.audit.ca_properties.user_name": "adrian",
+        "cyberarkpas.audit.desc": "Delete File",
+        "cyberarkpas.audit.file": "Root\\Database-MySQL-10.128.0.7-adrian",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T15:13:59Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Delete File",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 08:13:59</Timestamp>\n    <IsoTimestamp>2021-03-15T15:13:59Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>52</MessageID>\n    <Desc>Delete File</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Delete File</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Database-MySQL-10.128.0.7-adrian</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Delete File</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"MySQL\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"adrian\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"10.128.0.7\"></CAProperty>\n      <CAProperty Name=\"Port\" Value=\"3306\"></CAProperty>\n      <CAProperty Name=\"Database\" Value=\"test\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Database\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 15 08:13:59",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "delete file",
+        "event.code": "52",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Database-MySQL-10.128.0.7-adrian",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 14321,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log b/x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log
new file mode 100644
index 00000000000..2131bafce3e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log
@@ -0,0 +1 @@
+<7>1 2021-03-25T12:00:08Z VLT01 {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 08:00:08</Timestamp>\n    <IsoTimestamp>2021-03-25T12:00:08Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>57</MessageID>\n    <Desc>CPM Change Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Change Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux Accounts</Safe>\n    <File>Root\\Operating System-UnixSSH-rhel7.cybr.com-firecall2</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002</Reason>\n    <ExtraDetails>address=rhel7.cybr.com;username=firecall2;</ExtraDetails>\n    <Message>CPM Change Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"firecall2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"rhel7.cybr.com\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"ExtraPass3Name\" Value=\"Operating System-UnixSSH-rhel7.cybr.com-root\"></CAProperty>\n      <CAProperty Name=\"ExtraPass3Folder\" Value=\"Root\"></CAProperty>\n      <CAProperty Name=\"ExtraPass3Safe\" Value=\"Linux Root\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1616673608\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580255\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011989\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1576120341\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"No\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"SSH\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 25 08:00:08","IsoTimestamp":"2021-03-25T12:00:08Z","Hostname":"VLT01","Vendor":"Cyber-Ark","Product":"Vault","Version":"12.0.0000","MessageID":"57","Desc":"CPM Change Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Change Password Failed","SourceUser":"","TargetUser":"","Safe":"Linux Accounts","File":"Root\\Operating System-UnixSSH-rhel7.cybr.com-firecall2","Station":"10.0.0.15","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002","ExtraDetails":"address=rhel7.cybr.com;username=firecall2;","Message":"CPM Change Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"firecall2"},{"Name":"Address","Value":"rhel7.cybr.com"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"ResetImmediately","Value":"ChangeTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"ExtraPass3Name","Value":"Operating System-UnixSSH-rhel7.cybr.com-root"},{"Name":"ExtraPass3Folder","Value":"Root"},{"Name":"ExtraPass3Safe","Value":"Linux Root"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1616673608"},{"Name":"LastTask","Value":"ChangeTask"},{"Name":"LastSuccessVerification","Value":"1616580255"},{"Name":"CPMErrorDetails","Value":"Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"LastSuccessChange","Value":"1616011989"},{"Name":"LastSuccessReconciliation","Value":"1576120341"},{"Name":"UseSudoOnReconcile","Value":"No"},{"Name":"Tags","Value":"SSH"},{"Name":"Privcloud","Value":"privcloud"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log-expected.json
new file mode 100644
index 00000000000..eaf206946a9
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/57_cpm_change_password_failed.log-expected.json
@@ -0,0 +1,85 @@
+[
+    {
+        "@timestamp": "2021-03-25T12:00:08.000Z",
+        "cyberarkpas.audit.action": "CPM Change Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "rhel7.cybr.com",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.extra_pass3_folder": "Root",
+        "cyberarkpas.audit.ca_properties.extra_pass3_name": "Operating System-UnixSSH-rhel7.cybr.com-root",
+        "cyberarkpas.audit.ca_properties.extra_pass3_safe": "Linux Root",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1616673608",
+        "cyberarkpas.audit.ca_properties.last_success_change": "1616011989",
+        "cyberarkpas.audit.ca_properties.last_success_reconciliation": "1576120341",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1616580255",
+        "cyberarkpas.audit.ca_properties.last_task": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.privcloud": "privcloud",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ChangeTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.tags": "SSH",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "No",
+        "cyberarkpas.audit.ca_properties.user_name": "firecall2",
+        "cyberarkpas.audit.desc": "CPM Change Password Failed",
+        "cyberarkpas.audit.extra_details.address": "rhel7.cybr.com",
+        "cyberarkpas.audit.extra_details.username": "firecall2",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-rhel7.cybr.com-firecall2",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-25T12:00:08Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Change Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 25 08:00:08</Timestamp>\n    <IsoTimestamp>2021-03-25T12:00:08Z</IsoTimestamp>\n    <Hostname>VLT01</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>12.0.0000</Version>\n    <MessageID>57</MessageID>\n    <Desc>CPM Change Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Change Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>Linux Accounts</Safe>\n    <File>Root\\Operating System-UnixSSH-rhel7.cybr.com-firecall2</File>\n    <Station>10.0.0.15</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002</Reason>\n    <ExtraDetails>address=rhel7.cybr.com;username=firecall2;</ExtraDetails>\n    <Message>CPM Change Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"firecall2\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"rhel7.cybr.com\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"ExtraPass3Name\" Value=\"Operating System-UnixSSH-rhel7.cybr.com-root\"></CAProperty>\n      <CAProperty Name=\"ExtraPass3Folder\" Value=\"Root\"></CAProperty>\n      <CAProperty Name=\"ExtraPass3Safe\" Value=\"Linux Root\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1616673608\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ChangeTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1616580255\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"LastSuccessChange\" Value=\"1616011989\"></CAProperty>\n      <CAProperty Name=\"LastSuccessReconciliation\" Value=\"1576120341\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"No\"></CAProperty>\n      <CAProperty Name=\"Tags\" Value=\"SSH\"></CAProperty>\n      <CAProperty Name=\"Privcloud\" Value=\"privcloud\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "Linux Accounts",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.0.15",
+        "cyberarkpas.audit.timestamp": "Mar 25 08:00:08",
+        "destination.address": "rhel7.cybr.com",
+        "destination.domain": "rhel7.cybr.com",
+        "event.action": "cpm change password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "57",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Execution error. EXT01::A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error code:9002",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-rhel7.cybr.com-firecall2",
+        "fileset.name": "audit",
+        "host.name": "VLT01",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "observer.hostname": "VLT01",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "12.0.0000",
+        "related.ip": [
+            "10.0.0.15"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "firecall2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.0.15",
+        "source.ip": "10.0.0.15",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "firecall2"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log b/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log
new file mode 100644
index 00000000000..9b834634185
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log
@@ -0,0 +1,3 @@
+<5>1 2021-03-04T19:25:02Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:25:02","IsoTimestamp":"2021-03-04T19:25:02Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"59","Desc":"Clear Safe History","Severity":"Info","Issuer":"PasswordManager","Action":"Clear Safe History","SourceUser":"","TargetUser":"","Safe":"PasswordManager_workspace","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Clear Safe History","GatewayStation":""}}}
+Mar 08 03:10:31 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"59","Desc":"Clear Safe History","Severity":"Info","Issuer":"PasswordManager","Action":"Clear Safe History","SourceUser":"","TargetUser":"","Safe":"PasswordManager_workspace","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Clear Safe History","GatewayStation":""}}}
+<5>1 2021-03-09T09:00:47Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 01:00:47","IsoTimestamp":"2021-03-09T09:00:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"59","Desc":"Clear Safe History","Severity":"Info","Issuer":"Batch","Action":"Clear Safe History","SourceUser":"","TargetUser":"","Safe":"System","File":"","Station":"0.0.0.0","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Clear Safe History","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json
new file mode 100644
index 00000000000..21d71f71183
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json
@@ -0,0 +1,116 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:25:02.000Z",
+        "cyberarkpas.audit.action": "Clear Safe History",
+        "cyberarkpas.audit.desc": "Clear Safe History",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:25:02Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Clear Safe History",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PasswordManager_workspace",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:25:02",
+        "event.action": "clear safe history",
+        "event.code": "59",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T03:10:31.000-02:00",
+        "cyberarkpas.audit.action": "Clear Safe History",
+        "cyberarkpas.audit.desc": "Clear Safe History",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Clear Safe History",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "PasswordManager_workspace",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "event.action": "clear safe history",
+        "event.code": "59",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 604,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-09T09:00:47.000Z",
+        "cyberarkpas.audit.action": "Clear Safe History",
+        "cyberarkpas.audit.desc": "Clear Safe History",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T09:00:47Z",
+        "cyberarkpas.audit.issuer": "Batch",
+        "cyberarkpas.audit.message": "Clear Safe History",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "System",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "0.0.0.0",
+        "cyberarkpas.audit.timestamp": "Mar 09 01:00:47",
+        "event.action": "clear safe history",
+        "event.code": "59",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1110,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "0.0.0.0"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "0.0.0.0",
+        "source.ip": "0.0.0.0",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log b/x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log
new file mode 100644
index 00000000000..2a5483207bf
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log
@@ -0,0 +1,9 @@
+<7>1 2021-03-11T21:12:22Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:12:22</Timestamp>\n    <IsoTimestamp>2021-03-11T21:12:22Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615497142\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 13:12:22","IsoTimestamp":"2021-03-11T21:12:22Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n","ExtraDetails":"address=34.66.114.180;username=ELASTIC\\bart;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615497142"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Parameter Reconcile account is mandatory but has an empty value or is not defined"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-14T13:18:15Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:18:15</Timestamp>\n    <IsoTimestamp>2021-03-14T13:18:15Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #2). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=2;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"2\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615727895\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:18:15","IsoTimestamp":"2021-03-14T13:18:15Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #2). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n","ExtraDetails":"address=34.66.114.180;retriescount=2;username=ELASTIC\\bart;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"2"},{"Name":"LastFailDate","Value":"1615727895"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Parameter Reconcile account is mandatory but has an empty value or is not defined"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-14T13:46:13Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:46:13</Timestamp>\n    <IsoTimestamp>2021-03-14T13:46:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:46:13","IsoTimestamp":"2021-03-14T13:46:13Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n","ExtraDetails":"address=34.123.103.115;username=testark;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615729572"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-14T14:49:11Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 07:49:11</Timestamp>\n    <IsoTimestamp>2021-03-14T14:49:11Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #3). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=3;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"3\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615733350\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 07:49:11","IsoTimestamp":"2021-03-14T14:49:11Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #3). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n","ExtraDetails":"address=34.66.114.180;retriescount=3;username=ELASTIC\\bart;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"3"},{"Name":"LastFailDate","Value":"1615733350"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Parameter Reconcile account is mandatory but has an empty value or is not defined"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T10:12:18Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:18</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:18Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #4). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=4;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615803137\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:12:18","IsoTimestamp":"2021-03-15T10:12:18Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #4). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n","ExtraDetails":"address=34.66.114.180;retriescount=4;username=ELASTIC\\bart;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"4"},{"Name":"LastFailDate","Value":"1615803137"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Parameter Reconcile account is mandatory but has an empty value or is not defined"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T10:12:19Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:19</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:19Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;retriescount=1;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615803137\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 03:12:19","IsoTimestamp":"2021-03-15T10:12:19Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n","ExtraDetails":"address=34.123.103.115;retriescount=1;username=testark;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"1"},{"Name":"LastFailDate","Value":"1615803137"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T12:57:13Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 05:57:13</Timestamp>\n    <IsoTimestamp>2021-03-15T12:57:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=5;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"(CPM)MaxRetries\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"5\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813031\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 05:57:13","IsoTimestamp":"2021-03-15T12:57:13Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n","ExtraDetails":"address=34.66.114.180;retriescount=5;username=ELASTIC\\bart;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"WinDomain"},{"Name":"UserName","Value":"ELASTIC\\bart"},{"Name":"Address","Value":"34.66.114.180"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"CPMDisabled","Value":"(CPM)MaxRetries"},{"Name":"RetriesCount","Value":"5"},{"Name":"LastFailDate","Value":"1615813031"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LogonDomain","Value":"34.66.114.180"},{"Name":"CPMErrorDetails","Value":"Parameter Reconcile account is mandatory but has an empty value or is not defined"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T13:04:27Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:04:27</Timestamp>\n    <IsoTimestamp>2021-03-15T13:04:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813465\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 06:04:27","IsoTimestamp":"2021-03-15T13:04:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n","ExtraDetails":"address=34.123.103.115;username=testark;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"0"},{"Name":"LastFailDate","Value":"1615813465"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"}]}}}}
+<7>1 2021-03-15T14:44:37Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:44:37</Timestamp>\n    <IsoTimestamp>2021-03-15T14:44:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;retriescount=1;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615819476\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 15 07:44:37","IsoTimestamp":"2021-03-15T14:44:37Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"60","Desc":"CPM Reconcile Password Failed","Severity":"Error","Issuer":"PasswordManager","Action":"CPM Reconcile Password Failed","SourceUser":"","TargetUser":"","Safe":"partner","File":"Root\\Operating System-UnixSSH-34.123.103.115-testark","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n","ExtraDetails":"address=34.123.103.115;retriescount=1;username=testark;","Message":"CPM Reconcile Password Failed","GatewayStation":"","CAProperties":{"CAProperty":[{"Name":"PolicyID","Value":"UnixSSH"},{"Name":"UserName","Value":"testark"},{"Name":"Address","Value":"34.123.103.115"},{"Name":"ResetImmediately","Value":"ReconcileTask"},{"Name":"CPMStatus","Value":"failure"},{"Name":"RetriesCount","Value":"1"},{"Name":"LastFailDate","Value":"1615819476"},{"Name":"LastTask","Value":"ReconcileTask"},{"Name":"LastSuccessVerification","Value":"1615803764"},{"Name":"CPMErrorDetails","Value":"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031"},{"Name":"CreationMethod","Value":"PVWA"},{"Name":"DeviceType","Value":"Operating System"},{"Name":"UseSudoOnReconcile","Value":"Yes"}]}}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log-expected.json
new file mode 100644
index 00000000000..3b1ee72f9de
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/60_cpm_reconcile_password_failed.log-expected.json
@@ -0,0 +1,756 @@
+[
+    {
+        "@timestamp": "2021-03-11T21:12:22.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615497142",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC\\bart",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T21:12:22Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 13:12:22</Timestamp>\n    <IsoTimestamp>2021-03-11T21:12:22Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615497142\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #0). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 11 13:12:22",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "ELASTIC\\bart"
+    },
+    {
+        "@timestamp": "2021-03-14T13:18:15.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615727895",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "2",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC\\bart",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "2",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:18:15Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:18:15</Timestamp>\n    <IsoTimestamp>2021-03-14T13:18:15Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #2). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=2;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"2\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615727895\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #2). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:18:15",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3917,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "ELASTIC\\bart"
+    },
+    {
+        "@timestamp": "2021-03-14T13:46:13.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615729572",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.username": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:46:13Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:46:13</Timestamp>\n    <IsoTimestamp>2021-03-14T13:46:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615729572\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:46:13",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7864,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.123.103.115"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "testark"
+    },
+    {
+        "@timestamp": "2021-03-14T14:49:11.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615733350",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "3",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC\\bart",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "3",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T14:49:11Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 07:49:11</Timestamp>\n    <IsoTimestamp>2021-03-14T14:49:11Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #3). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=3;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"3\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615733350\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #3). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 07:49:11",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 11884,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "ELASTIC\\bart"
+    },
+    {
+        "@timestamp": "2021-03-15T10:12:18.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615803137",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "4",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC\\bart",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "4",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:12:18Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:18</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:18Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #4). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=4;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"4\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615803137\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #4). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:12:18",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 15847,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "ELASTIC\\bart"
+    },
+    {
+        "@timestamp": "2021-03-15T10:12:19.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615803137",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "1",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.retriescount": "1",
+        "cyberarkpas.audit.extra_details.username": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T10:12:19Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 03:12:19</Timestamp>\n    <IsoTimestamp>2021-03-15T10:12:19Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;retriescount=1;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615803137\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 03:12:19",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 19810,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.123.103.115"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "testark"
+    },
+    {
+        "@timestamp": "2021-03-15T12:57:13.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.cpm_disabled": "(CPM)MaxRetries",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615813031",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.logon_domain": "34.66.114.180",
+        "cyberarkpas.audit.ca_properties.policy_id": "WinDomain",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "5",
+        "cyberarkpas.audit.ca_properties.user_name": "ELASTIC\\bart",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.66.114.180",
+        "cyberarkpas.audit.extra_details.retriescount": "5",
+        "cyberarkpas.audit.extra_details.username": "ELASTIC\\bart",
+        "cyberarkpas.audit.file": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T12:57:13Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 05:57:13</Timestamp>\n    <IsoTimestamp>2021-03-15T12:57:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n</Reason>\n    <ExtraDetails>address=34.66.114.180;retriescount=5;username=ELASTIC\\bart;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"WinDomain\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"ELASTIC\\bart\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"CPMDisabled\" Value=\"(CPM)MaxRetries\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"5\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813031\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LogonDomain\" Value=\"34.66.114.180\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"Parameter Reconcile account is mandatory but has an empty value or is not defined\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask,Failure. Failure Description: CACPM406E Reconciling Master Safe: partner, Folder: Root, Object: Operating System-WinDomain-35.192.121.42-ELASTICbart failed (try #5). Code: 2101, Error: Parameter Reconcile account is mandatory but has an empty value or is not defined\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 05:57:13",
+        "destination.address": "34.66.114.180",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 38.6583,
+        "destination.geo.location.lon": -77.2481,
+        "destination.geo.region_iso_code": "US-VA",
+        "destination.geo.region_name": "Virginia",
+        "destination.ip": "34.66.114.180",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "Parameter Reconcile account is mandatory but has an empty value or is not defined",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-WinDomain-35.192.121.42-ELASTICbart",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 23876,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.66.114.180"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "ELASTIC\\bart"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "ELASTIC\\bart"
+    },
+    {
+        "@timestamp": "2021-03-15T13:04:27.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615813465",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "0",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.username": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T13:04:27Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 06:04:27</Timestamp>\n    <IsoTimestamp>2021-03-15T13:04:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"0\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615813465\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #0). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 06:04:27",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 27968,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.123.103.115"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "testark"
+    },
+    {
+        "@timestamp": "2021-03-15T14:44:37.000Z",
+        "cyberarkpas.audit.action": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.ca_properties.address": "34.123.103.115",
+        "cyberarkpas.audit.ca_properties.cpm_error_details": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "cyberarkpas.audit.ca_properties.cpm_status": "failure",
+        "cyberarkpas.audit.ca_properties.creation_method": "PVWA",
+        "cyberarkpas.audit.ca_properties.device_type": "Operating System",
+        "cyberarkpas.audit.ca_properties.last_fail_date": "1615819476",
+        "cyberarkpas.audit.ca_properties.last_success_verification": "1615803764",
+        "cyberarkpas.audit.ca_properties.last_task": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.policy_id": "UnixSSH",
+        "cyberarkpas.audit.ca_properties.reset_immediately": "ReconcileTask",
+        "cyberarkpas.audit.ca_properties.retries_count": "1",
+        "cyberarkpas.audit.ca_properties.use_sudo_on_reconcile": "Yes",
+        "cyberarkpas.audit.ca_properties.user_name": "testark",
+        "cyberarkpas.audit.desc": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.extra_details.address": "34.123.103.115",
+        "cyberarkpas.audit.extra_details.retriescount": "1",
+        "cyberarkpas.audit.extra_details.username": "testark",
+        "cyberarkpas.audit.file": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-15T14:44:37Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "CPM Reconcile Password Failed",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 15 07:44:37</Timestamp>\n    <IsoTimestamp>2021-03-15T14:44:37Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>60</MessageID>\n    <Desc>CPM Reconcile Password Failed</Desc>\n    <Severity>Error</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>CPM Reconcile Password Failed</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>partner</Safe>\n    <File>Root\\Operating System-UnixSSH-34.123.103.115-testark</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason>ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n</Reason>\n    <ExtraDetails>address=34.123.103.115;retriescount=1;username=testark;</ExtraDetails>\n    <Message>CPM Reconcile Password Failed</Message>\n    <GatewayStation></GatewayStation>\n    <CAProperties>\n      <CAProperty Name=\"PolicyID\" Value=\"UnixSSH\"></CAProperty>\n      <CAProperty Name=\"UserName\" Value=\"testark\"></CAProperty>\n      <CAProperty Name=\"Address\" Value=\"34.123.103.115\"></CAProperty>\n      <CAProperty Name=\"ResetImmediately\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"CPMStatus\" Value=\"failure\"></CAProperty>\n      <CAProperty Name=\"RetriesCount\" Value=\"1\"></CAProperty>\n      <CAProperty Name=\"LastFailDate\" Value=\"1615819476\"></CAProperty>\n      <CAProperty Name=\"LastTask\" Value=\"ReconcileTask\"></CAProperty>\n      <CAProperty Name=\"LastSuccessVerification\" Value=\"1615803764\"></CAProperty>\n      <CAProperty Name=\"CPMErrorDetails\" Value=\"First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\"></CAProperty>\n      <CAProperty Name=\"CreationMethod\" Value=\"PVWA\"></CAProperty>\n      <CAProperty Name=\"DeviceType\" Value=\"Operating System\"></CAProperty>\n      <CAProperty Name=\"UseSudoOnReconcile\" Value=\"Yes\"></CAProperty>\n    </CAProperties>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.reason": "ImmediateTask. Failure Description: CACPM406E Reconciling Password Safe: partner, Folder: Root, Object: Operating System-UnixSSH-34.123.103.115-testark failed (try #1). Code: 8031, Error: First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031\n",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "partner",
+        "cyberarkpas.audit.severity": "Error",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 15 07:44:37",
+        "destination.address": "34.123.103.115",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.123.103.115",
+        "event.action": "cpm reconcile password failed",
+        "event.category": [
+            "iam"
+        ],
+        "event.code": "60",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "failure",
+        "event.reason": "First login - Reconcile account is not set or password is empty. Please link reconcile account to the target account or set the password. code: 8031",
+        "event.severity": 7,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "user",
+            "change",
+            "error"
+        ],
+        "file.path": "Root\\Operating System-UnixSSH-34.123.103.115-testark",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 32131,
+        "log.syslog.priority": "7",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20",
+            "34.123.103.115"
+        ],
+        "related.user": [
+            "PasswordManager",
+            "testark"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager",
+        "user.target.name": "testark"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log b/x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log
new file mode 100644
index 00000000000..0d2f4d0e96e
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log
@@ -0,0 +1,8 @@
+<5>1 2021-03-10T09:11:54Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:54","IsoTimestamp":"2021-03-10T09:11:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"PSMPApp_localhost.localdomain","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"PSMPLiveSessions","File":"Root\\PSMPApp_localhost.localdomain.LiveSessions","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":""}}}
+<5>1 2021-03-10T17:58:05Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 09:58:05","IsoTimestamp":"2021-03-10T17:58:05Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"Administrator","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"PSMNotifications","File":"Root\\SessionControl","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":""}}}
+<5>1 2021-03-10T18:46:47Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:46:47","IsoTimestamp":"2021-03-10T18:46:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"PSMApp_VAGRANT","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"PSMLiveSessions","File":"Root\\PSMServer.LiveSessions","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":""}}}
+<5>1 2021-03-10T22:20:12Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:20:12","IsoTimestamp":"2021-03-10T22:20:12Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"PSMApp_ASR-WIN","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"PSMLiveSessions","File":"Root\\PSM-ASR-CYBERARK-WI.LiveSessions","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":""}}}
+<5>1 2021-03-11T16:50:29Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:50:29</Timestamp>\n    <IsoTimestamp>2021-03-11T16:50:29Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMSessions</Safe>\n    <File>Root\\ec7c3e3bd11069dd20a491a6b11bbe293bf4780b</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:50:29","IsoTimestamp":"2021-03-11T16:50:29Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"PVWAAppUser","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"PSMSessions","File":"Root\\ec7c3e3bd11069dd20a491a6b11bbe293bf4780b","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:58Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:58</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:58Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_VAGRANT.LiveSessions</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:58","IsoTimestamp":"2021-03-11T16:59:58Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"PSMPApp_VAGRANT","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"PSMPLiveSessions","File":"Root\\PSMPApp_VAGRANT.LiveSessions","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":""}}}
+<5>1 2021-03-14T12:07:32Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:07:32</Timestamp>\n    <IsoTimestamp>2021-03-14T12:07:32Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>AccountsFeedDiscoveryLogs</Safe>\n    <File>Root\\Windows discovery from ELASTIC.local_PasswordManager_UID1.log</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:07:32","IsoTimestamp":"2021-03-14T12:07:32Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"PasswordManager","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"AccountsFeedDiscoveryLogs","File":"Root\\Windows discovery from ELASTIC.local_PasswordManager_UID1.log","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-14T12:57:27Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:27</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_SSH</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_SSH.LiveSessions</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:27","IsoTimestamp":"2021-03-14T12:57:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"62","Desc":"Create File Version","Severity":"Info","Issuer":"PSMPApp_SSH","Action":"Create File Version","SourceUser":"","TargetUser":"","Safe":"PSMPLiveSessions","File":"Root\\PSMPApp_SSH.LiveSessions","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Create File Version","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log-expected.json
new file mode 100644
index 00000000000..0656cfa58ab
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/62_create_file_version.log-expected.json
@@ -0,0 +1,382 @@
+[
+    {
+        "@timestamp": "2021-03-10T09:11:54.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\PSMPApp_localhost.localdomain.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:54Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_localhost.localdomain",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:54",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMPApp_localhost.localdomain.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T17:58:05.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\SessionControl",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T17:58:05Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMNotifications",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 09:58:05",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\SessionControl",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 664,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T18:46:47.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\PSMServer.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:46:47Z",
+        "cyberarkpas.audit.issuer": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:46:47",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMServer.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1284,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:20:12.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:20:12Z",
+        "cyberarkpas.audit.issuer": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:20:12",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSM-ASR-CYBERARK-WI.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1912,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:50:29.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\ec7c3e3bd11069dd20a491a6b11bbe293bf4780b",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:50:29Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:50:29</Timestamp>\n    <IsoTimestamp>2021-03-11T16:50:29Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PVWAAppUser</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMSessions</Safe>\n    <File>Root\\ec7c3e3bd11069dd20a491a6b11bbe293bf4780b</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:50:29",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\ec7c3e3bd11069dd20a491a6b11bbe293bf4780b",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2550,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:58.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\PSMPApp_VAGRANT.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:58Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:58</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:58Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_VAGRANT.LiveSessions</File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:58",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMPApp_VAGRANT.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4100,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:07:32.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\Windows discovery from ELASTIC.local_PasswordManager_UID1.log",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:07:32Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:07:32</Timestamp>\n    <IsoTimestamp>2021-03-14T12:07:32Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PasswordManager</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>AccountsFeedDiscoveryLogs</Safe>\n    <File>Root\\Windows discovery from ELASTIC.local_PasswordManager_UID1.log</File>\n    <Station>10.0.1.20</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "AccountsFeedDiscoveryLogs",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:07:32",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Windows discovery from ELASTIC.local_PasswordManager_UID1.log",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5652,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:27.000Z",
+        "cyberarkpas.audit.action": "Create File Version",
+        "cyberarkpas.audit.desc": "Create File Version",
+        "cyberarkpas.audit.file": "Root\\PSMPApp_SSH.LiveSessions",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:27Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_SSH",
+        "cyberarkpas.audit.message": "Create File Version",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:27</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:27Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>62</MessageID>\n    <Desc>Create File Version</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_SSH</Issuer>\n    <Action>Create File Version</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PSMPLiveSessions</Safe>\n    <File>Root\\PSMPApp_SSH.LiveSessions</File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Create File Version</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PSMPLiveSessions",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:27",
+        "event.action": "create file version",
+        "event.code": "62",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PSMPApp_SSH.LiveSessions",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 7298,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log b/x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log
new file mode 100644
index 00000000000..82be0d698c1
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log
@@ -0,0 +1,12 @@
+{"format":"elastic","version":"1.0","raw":"<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>7</MessageID>\n    <Desc>Logon</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.2.0.6</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logon</Message>\n    <GatewayStation>10.2.0.3</GatewayStation>\n  </audit_record>\n</syslog>","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.6.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"adm2","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.2.0.6","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":"10.2.0.3","IsoTimestamp":"2021-03-16T15:01:00Z"}}}
+<5>1 2021-03-04T19:10:05Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:05","IsoTimestamp":"2021-03-04T19:10:05Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PasswordManager","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-04T19:10:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:20","IsoTimestamp":"2021-03-04T19:10:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"SCIM-user","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-04T19:11:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:11:20","IsoTimestamp":"2021-03-04T19:11:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PVWAGWUser","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-04T19:11:23Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:11:23","IsoTimestamp":"2021-03-04T19:11:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"Prov_COMPONENTS","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-05T10:18:50Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 05 02:18:50","IsoTimestamp":"2021-03-05T10:18:50Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PVWAAppUser","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-08T18:07:51Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:07:51","IsoTimestamp":"2021-03-08T18:07:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"Administrator","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-09T08:32:51Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 00:32:51","IsoTimestamp":"2021-03-09T08:32:51Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"Administrator","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-09T10:14:58Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 09 02:14:58","IsoTimestamp":"2021-03-09T10:14:58Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"Administrator","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"37.223.7.45","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":"10.0.1.20"}}}
+<5>1 2021-03-10T09:11:48Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:48","IsoTimestamp":"2021-03-10T09:11:48Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PSMP_ADB_localhost.localdomain","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:48Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:48","IsoTimestamp":"2021-03-10T09:11:48Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PSMPApp_localhost.localdomain","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:49Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:49","IsoTimestamp":"2021-03-10T09:11:49Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PSMPGW_localhost.localdomain","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log-expected.json
new file mode 100644
index 00000000000..8702306a8d5
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/7_logon.log-expected.json
@@ -0,0 +1,659 @@
+[
+    {
+        "@timestamp": "2021-03-16T15:01:00.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.gateway_station": "10.2.0.3",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-16T15:01:00Z",
+        "cyberarkpas.audit.issuer": "adm2",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.raw": "<syslog>\n  <audit_record>\n    <Rfc5424>no</Rfc5424>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.6.0000</Version>\n    <MessageID>7</MessageID>\n    <Desc>Logon</Desc>\n    <Severity>Info</Severity>\n    <Issuer>adm2</Issuer>\n    <Action>Logon</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.2.0.6</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logon</Message>\n    <GatewayStation>10.2.0.3</GatewayStation>\n  </audit_record>\n</syslog>",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.2.0.6",
+        "destination.address": "10.2.0.3",
+        "destination.ip": "10.2.0.3",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.direction": "internal",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.6.0000",
+        "related.ip": [
+            "10.2.0.6",
+            "10.2.0.3"
+        ],
+        "related.user": [
+            "adm2"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.2.0.6",
+        "source.ip": "10.2.0.6",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "adm2"
+    },
+    {
+        "@timestamp": "2021-03-04T19:10:05.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:05Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:05",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1132,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-04T19:10:20.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:20Z",
+        "cyberarkpas.audit.issuer": "SCIM-user",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:20",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1671,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "SCIM-user"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "SCIM-user"
+    },
+    {
+        "@timestamp": "2021-03-04T19:11:20.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:11:20Z",
+        "cyberarkpas.audit.issuer": "PVWAGWUser",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:11:20",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2204,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-04T19:11:23.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:11:23Z",
+        "cyberarkpas.audit.issuer": "Prov_COMPONENTS",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:11:23",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2738,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Prov_COMPONENTS"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Prov_COMPONENTS"
+    },
+    {
+        "@timestamp": "2021-03-05T10:18:50.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-05T10:18:50Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 05 02:18:50",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3277,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAAppUser"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAAppUser"
+    },
+    {
+        "@timestamp": "2021-03-08T18:07:51.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:07:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:07:51",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3812,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-09T08:32:51.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T08:32:51Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 09 00:32:51",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4358,
+        "log.syslog.priority": "5",
+        "network.direction": "inbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-09T10:14:58.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-09T10:14:58Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "37.223.7.45",
+        "cyberarkpas.audit.timestamp": "Mar 09 02:14:58",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4908,
+        "log.syslog.priority": "5",
+        "network.direction": "inbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "37.223.7.45",
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "37.223.7.45",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "37.223.7.45",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:48.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:48Z",
+        "cyberarkpas.audit.issuer": "PSMP_ADB_localhost.localdomain",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:48",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5456,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMP_ADB_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMP_ADB_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:48.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:48Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_localhost.localdomain",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:48",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6014,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPApp_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPApp_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:49.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:49Z",
+        "cyberarkpas.audit.issuer": "PSMPGW_localhost.localdomain",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:49",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6571,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPGW_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPGW_localhost.localdomain"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log b/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log
new file mode 100644
index 00000000000..308e66ee8c0
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log
@@ -0,0 +1,18 @@
+<5>1 2021-03-04T19:16:19Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:16:19","IsoTimestamp":"2021-03-04T19:16:19Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PVWAGWUser","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-04T19:16:19Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:16:19","IsoTimestamp":"2021-03-04T19:16:19Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PVWAAppUser","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+Mar 08 02:54:46 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PVWAGWUser","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T08:29:19Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:29:19","IsoTimestamp":"2021-03-10T08:29:19Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"Prov_COMPONENTS","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T08:29:28Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:29:28","IsoTimestamp":"2021-03-10T08:29:28Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PasswordManager","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:52Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:52","IsoTimestamp":"2021-03-10T09:11:52Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMPApp_localhost.localdomain","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:52Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:52","IsoTimestamp":"2021-03-10T09:11:52Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMPGW_localhost.localdomain","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:55Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:55","IsoTimestamp":"2021-03-10T09:11:55Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMP_ADB_localhost.localdomain","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T18:46:47Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:46:47","IsoTimestamp":"2021-03-10T18:46:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMApp_VAGRANT","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T18:46:47Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:46:47","IsoTimestamp":"2021-03-10T18:46:47Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMGw_VAGRANT","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T22:20:12Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:20:12","IsoTimestamp":"2021-03-10T22:20:12Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMApp_ASR-WIN","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-10T22:20:12Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:20:12","IsoTimestamp":"2021-03-10T22:20:12Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMGw_ASR-WIN","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:54Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:54</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:54Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:54","IsoTimestamp":"2021-03-11T16:59:54Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMPApp_VAGRANT","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-11T16:59:55Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:55</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:55Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPGW_VAGRANT</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 08:59:55","IsoTimestamp":"2021-03-11T16:59:55Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMPGW_VAGRANT","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-11T20:10:33Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:10:33</Timestamp>\n    <IsoTimestamp>2021-03-11T20:10:33Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_ASR-WIN</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.66.114.180</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 12:10:33","IsoTimestamp":"2021-03-11T20:10:33Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMApp_ASR-WIN","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"34.66.114.180","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:25Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:25</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPGW_SSH</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:25","IsoTimestamp":"2021-03-14T12:57:25Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMPGW_SSH","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:25Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:25</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_SSH</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:25","IsoTimestamp":"2021-03-14T12:57:25Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMPApp_SSH","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:25Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:25</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMP_ADB_asr-cyberark-psm-ssh</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:25","IsoTimestamp":"2021-03-14T12:57:25Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"88","Desc":"Set Password","Severity":"Info","Issuer":"PSMP_ADB_asr-cyberark-psm-ssh","Action":"Set Password","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Set Password","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json
new file mode 100644
index 00000000000..40989a6cec0
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json
@@ -0,0 +1,781 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:16:19.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:16:19Z",
+        "cyberarkpas.audit.issuer": "PVWAGWUser",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:16:19",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-04T19:16:19.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:16:19Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:16:19",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 556,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-08T02:54:46.000-02:00",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.issuer": "PVWAGWUser",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1113,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T08:29:19.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:29:19Z",
+        "cyberarkpas.audit.issuer": "Prov_COMPONENTS",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:29:19",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1571,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T08:29:28.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:29:28Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:29:28",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2132,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:52.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:52Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_localhost.localdomain",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:52",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2693,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:52.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:52Z",
+        "cyberarkpas.audit.issuer": "PSMPGW_localhost.localdomain",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:52",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3272,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:55.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:55Z",
+        "cyberarkpas.audit.issuer": "PSMP_ADB_localhost.localdomain",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:55",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3850,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T18:46:47.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:46:47Z",
+        "cyberarkpas.audit.issuer": "PSMApp_VAGRANT",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:46:47",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4430,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T18:46:47.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:46:47Z",
+        "cyberarkpas.audit.issuer": "PSMGw_VAGRANT",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:46:47",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4994,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:20:12.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:20:12Z",
+        "cyberarkpas.audit.issuer": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:20:12",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5557,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:20:12.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:20:12Z",
+        "cyberarkpas.audit.issuer": "PSMGw_ASR-WIN",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:20:12",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6121,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:54.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:54Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_VAGRANT",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:54</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:54Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_VAGRANT</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:54",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6684,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T16:59:55.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T16:59:55Z",
+        "cyberarkpas.audit.issuer": "PSMPGW_VAGRANT",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 08:59:55</Timestamp>\n    <IsoTimestamp>2021-03-11T16:59:55Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPGW_VAGRANT</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 08:59:55",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8094,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T20:10:33.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T20:10:33Z",
+        "cyberarkpas.audit.issuer": "PSMApp_ASR-WIN",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 12:10:33</Timestamp>\n    <IsoTimestamp>2021-03-11T20:10:33Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMApp_ASR-WIN</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.66.114.180</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.66.114.180",
+        "cyberarkpas.audit.timestamp": "Mar 11 12:10:33",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 9502,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.66.114.180"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.66.114.180",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "34.66.114.180",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:25.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:25Z",
+        "cyberarkpas.audit.issuer": "PSMPGW_SSH",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:25</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPGW_SSH</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:25",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 10910,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:25.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:25Z",
+        "cyberarkpas.audit.issuer": "PSMPApp_SSH",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:25</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPApp_SSH</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:25",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 12310,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:25.000Z",
+        "cyberarkpas.audit.action": "Set Password",
+        "cyberarkpas.audit.desc": "Set Password",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:25Z",
+        "cyberarkpas.audit.issuer": "PSMP_ADB_asr-cyberark-psm-ssh",
+        "cyberarkpas.audit.message": "Set Password",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:25</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:25Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>88</MessageID>\n    <Desc>Set Password</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMP_ADB_asr-cyberark-psm-ssh</Issuer>\n    <Action>Set Password</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Set Password</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:25",
+        "event.action": "set password",
+        "event.code": "88",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 13712,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log b/x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log
new file mode 100644
index 00000000000..55eeab9c1a7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log
@@ -0,0 +1,15 @@
+<5>1 2021-03-08T18:19:15Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:19:15","IsoTimestamp":"2021-03-08T18:19:15Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-08T18:59:23Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:59:23","IsoTimestamp":"2021-03-08T18:59:23Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T08:28:28Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:28:28","IsoTimestamp":"2021-03-10T08:28:28Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"PasswordManager","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T08:28:29Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:28:29","IsoTimestamp":"2021-03-10T08:28:29Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Prov_COMPONENTS","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T08:28:30Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:28:30","IsoTimestamp":"2021-03-10T08:28:30Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"PVWAGWUser","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T08:28:30Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 00:28:30","IsoTimestamp":"2021-03-10T08:28:30Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"PVWAAppUser","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T09:11:33Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:11:33","IsoTimestamp":"2021-03-10T09:11:33Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T09:12:20Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:12:20","IsoTimestamp":"2021-03-10T09:12:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"PSMP_ADB_localhost.localdomain","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T09:12:27Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 01:12:27","IsoTimestamp":"2021-03-10T09:12:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"PSMPGW_localhost.localdomain","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-10T22:17:27Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:17:27","IsoTimestamp":"2021-03-10T22:17:27Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-11T17:38:13Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:13</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:38:13","IsoTimestamp":"2021-03-11T17:38:13Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":"81.32.170.205"}}}
+<5>1 2021-03-11T17:48:28Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:28</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:48:28","IsoTimestamp":"2021-03-11T17:48:28Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.2.2","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":"81.32.170.205"}}}
+<5>1 2021-03-11T17:49:06Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:49:06</Timestamp>\n    <IsoTimestamp>2021-03-11T17:49:06Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPGW_VAGRANT</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 09:49:06","IsoTimestamp":"2021-03-11T17:49:06Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"PSMPGW_VAGRANT","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-14T12:57:20Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:20</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 05:57:20","IsoTimestamp":"2021-03-14T12:57:20Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"34.71.250.247","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":""}}}
+<5>1 2021-03-14T13:49:36Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:36</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 14 06:49:36","IsoTimestamp":"2021-03-14T13:49:36Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"8","Desc":"Logoff","Severity":"Info","Issuer":"Administrator","Action":"Logoff","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logoff","GatewayStation":"34.71.250.247"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log-expected.json
new file mode 100644
index 00000000000..57d8a3fe68f
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/8_logoff.log-expected.json
@@ -0,0 +1,845 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:19:15.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:19:15Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:19:15",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-08T18:59:23.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:59:23Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:59:23",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 540,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-10T08:28:28.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:28:28Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:28:28",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1080,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-10T08:28:29.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:28:29Z",
+        "cyberarkpas.audit.issuer": "Prov_COMPONENTS",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:28:29",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1622,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "Prov_COMPONENTS"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Prov_COMPONENTS"
+    },
+    {
+        "@timestamp": "2021-03-10T08:28:30.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:28:30Z",
+        "cyberarkpas.audit.issuer": "PVWAGWUser",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:28:30",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2164,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-10T08:28:30.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T08:28:30Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 10 00:28:30",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 2701,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAAppUser"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAAppUser"
+    },
+    {
+        "@timestamp": "2021-03-10T09:11:33.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:11:33Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:11:33",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3239,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-10T09:12:20.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:12:20Z",
+        "cyberarkpas.audit.issuer": "PSMP_ADB_localhost.localdomain",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:12:20",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 3783,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMP_ADB_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMP_ADB_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T09:12:27.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T09:12:27Z",
+        "cyberarkpas.audit.issuer": "PSMPGW_localhost.localdomain",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 01:12:27",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4344,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPGW_localhost.localdomain"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPGW_localhost.localdomain"
+    },
+    {
+        "@timestamp": "2021-03-10T22:17:27.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:17:27Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:17:27",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 4903,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:38:13.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:38:13Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:38:13</Timestamp>\n    <IsoTimestamp>2021-03-11T17:38:13Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:38:13",
+        "destination.address": "81.32.170.205",
+        "destination.geo.city_name": "Barcelona",
+        "destination.geo.continent_name": "Europe",
+        "destination.geo.country_iso_code": "ES",
+        "destination.geo.country_name": "Spain",
+        "destination.geo.location.lat": 41.3891,
+        "destination.geo.location.lon": 2.1611,
+        "destination.geo.region_iso_code": "ES-B",
+        "destination.geo.region_name": "Barcelona",
+        "destination.ip": "81.32.170.205",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 5447,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:48:28.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.gateway_station": "81.32.170.205",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:48:28Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:48:28</Timestamp>\n    <IsoTimestamp>2021-03-11T17:48:28Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>10.0.2.2</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation>81.32.170.205</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.2.2",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:48:28",
+        "destination.address": "81.32.170.205",
+        "destination.geo.city_name": "Barcelona",
+        "destination.geo.continent_name": "Europe",
+        "destination.geo.country_iso_code": "ES",
+        "destination.geo.country_name": "Spain",
+        "destination.geo.location.lat": 41.3891,
+        "destination.geo.location.lon": 2.1611,
+        "destination.geo.region_iso_code": "ES-B",
+        "destination.geo.region_name": "Barcelona",
+        "destination.ip": "81.32.170.205",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 6833,
+        "log.syslog.priority": "5",
+        "network.direction": "outbound",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.2.2",
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-11T17:49:06.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T17:49:06Z",
+        "cyberarkpas.audit.issuer": "PSMPGW_VAGRANT",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 09:49:06</Timestamp>\n    <IsoTimestamp>2021-03-11T17:49:06Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>PSMPGW_VAGRANT</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 11 09:49:06",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 8217,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "related.user": [
+            "PSMPGW_VAGRANT"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PSMPGW_VAGRANT"
+    },
+    {
+        "@timestamp": "2021-03-14T12:57:20.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T12:57:20Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 05:57:20</Timestamp>\n    <IsoTimestamp>2021-03-14T12:57:20Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>34.71.250.247</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation></GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "34.71.250.247",
+        "cyberarkpas.audit.timestamp": "Mar 14 05:57:20",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 9587,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "34.71.250.247",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 37.751,
+        "source.geo.location.lon": -97.822,
+        "source.ip": "34.71.250.247",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    },
+    {
+        "@timestamp": "2021-03-14T13:49:36.000Z",
+        "cyberarkpas.audit.action": "Logoff",
+        "cyberarkpas.audit.desc": "Logoff",
+        "cyberarkpas.audit.gateway_station": "34.71.250.247",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-14T13:49:36Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Logoff",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 14 06:49:36</Timestamp>\n    <IsoTimestamp>2021-03-14T13:49:36Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>8</MessageID>\n    <Desc>Logoff</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Logoff</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe></Safe>\n    <File></File>\n    <Station>81.32.170.205</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Logoff</Message>\n    <GatewayStation>34.71.250.247</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 14 06:49:36",
+        "destination.address": "34.71.250.247",
+        "destination.geo.continent_name": "North America",
+        "destination.geo.country_iso_code": "US",
+        "destination.geo.country_name": "United States",
+        "destination.geo.location.lat": 37.751,
+        "destination.geo.location.lon": -97.822,
+        "destination.ip": "34.71.250.247",
+        "event.action": "logoff",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "8",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "end"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 10955,
+        "log.syslog.priority": "5",
+        "network.direction": "external",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205",
+            "34.71.250.247"
+        ],
+        "related.user": [
+            "Administrator"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "Administrator"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log b/x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log
new file mode 100644
index 00000000000..f3062f7ea56
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log
@@ -0,0 +1,4 @@
+<5>1 2021-03-08T18:24:50Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 08 10:24:50","IsoTimestamp":"2021-03-08T18:24:50Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"98","Desc":"Open File (Write Only)","Severity":"Info","Issuer":"PVWAAppUser","Action":"Open File (Write Only)","SourceUser":"","TargetUser":"","Safe":"PVWAPrivateUserPrefs","File":"Root\\YWRtaW5pc3RyYXRvcg==","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Open File (Write Only)","GatewayStation":""}}}
+<5>1 2021-03-10T18:44:08Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 10:44:08","IsoTimestamp":"2021-03-10T18:44:08Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"98","Desc":"Open File (Write Only)","Severity":"Info","Issuer":"Administrator","Action":"Open File (Write Only)","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"ROOT\\PVConfiguration.xml","Station":"81.32.170.205","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Open File (Write Only)","GatewayStation":""}}}
+<5>1 2021-03-10T22:17:40Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 10 14:17:40","IsoTimestamp":"2021-03-10T22:17:40Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"98","Desc":"Open File (Write Only)","Severity":"Info","Issuer":"Administrator","Action":"Open File (Write Only)","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"ROOT\\PVConfiguration.xml","Station":"35.192.121.42","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Open File (Write Only)","GatewayStation":""}}}
+<5>1 2021-03-11T19:45:26Z VAULT {"format":"elastic","version":"1.0","raw":"<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:45:26</Timestamp>\n    <IsoTimestamp>2021-03-11T19:45:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>98</MessageID>\n    <Desc>Open File (Write Only)</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Open File (Write Only)</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PVWAConfig</Safe>\n    <File>Root\\PVConfiguration.xml</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Open File (Write Only)</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 11 11:45:26","IsoTimestamp":"2021-03-11T19:45:26Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"98","Desc":"Open File (Write Only)","Severity":"Info","Issuer":"Administrator","Action":"Open File (Write Only)","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"Root\\PVConfiguration.xml","Station":"127.0.0.1","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Open File (Write Only)","GatewayStation":"10.0.1.20"}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log-expected.json
new file mode 100644
index 00000000000..cff0fe7eb5f
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/98_open_file_write_only.log-expected.json
@@ -0,0 +1,187 @@
+[
+    {
+        "@timestamp": "2021-03-08T18:24:50.000Z",
+        "cyberarkpas.audit.action": "Open File (Write Only)",
+        "cyberarkpas.audit.desc": "Open File (Write Only)",
+        "cyberarkpas.audit.file": "Root\\YWRtaW5pc3RyYXRvcg==",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-08T18:24:50Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Open File (Write Only)",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAPrivateUserPrefs",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 08 10:24:50",
+        "event.action": "open file (write only)",
+        "event.code": "98",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\YWRtaW5pc3RyYXRvcg==",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T18:44:08.000Z",
+        "cyberarkpas.audit.action": "Open File (Write Only)",
+        "cyberarkpas.audit.desc": "Open File (Write Only)",
+        "cyberarkpas.audit.file": "ROOT\\PVConfiguration.xml",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T18:44:08Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Open File (Write Only)",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "81.32.170.205",
+        "cyberarkpas.audit.timestamp": "Mar 10 10:44:08",
+        "event.action": "open file (write only)",
+        "event.code": "98",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "ROOT\\PVConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 633,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "81.32.170.205"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "81.32.170.205",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.country_name": "Spain",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "81.32.170.205",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-10T22:17:40.000Z",
+        "cyberarkpas.audit.action": "Open File (Write Only)",
+        "cyberarkpas.audit.desc": "Open File (Write Only)",
+        "cyberarkpas.audit.file": "ROOT\\PVConfiguration.xml",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-10T22:17:40Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Open File (Write Only)",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "35.192.121.42",
+        "cyberarkpas.audit.timestamp": "Mar 10 14:17:40",
+        "event.action": "open file (write only)",
+        "event.code": "98",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "ROOT\\PVConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1261,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "35.192.121.42"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "35.192.121.42",
+        "source.geo.continent_name": "North America",
+        "source.geo.country_iso_code": "US",
+        "source.geo.country_name": "United States",
+        "source.geo.location.lat": 38.6583,
+        "source.geo.location.lon": -77.2481,
+        "source.geo.region_iso_code": "US-VA",
+        "source.geo.region_name": "Virginia",
+        "source.ip": "35.192.121.42",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-11T19:45:26.000Z",
+        "cyberarkpas.audit.action": "Open File (Write Only)",
+        "cyberarkpas.audit.desc": "Open File (Write Only)",
+        "cyberarkpas.audit.file": "Root\\PVConfiguration.xml",
+        "cyberarkpas.audit.gateway_station": "10.0.1.20",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-11T19:45:26Z",
+        "cyberarkpas.audit.issuer": "Administrator",
+        "cyberarkpas.audit.message": "Open File (Write Only)",
+        "cyberarkpas.audit.raw": "<syslog>\n\n  <audit_record>\n    <Rfc5424>yes</Rfc5424>\n    <Timestamp>Mar 11 11:45:26</Timestamp>\n    <IsoTimestamp>2021-03-11T19:45:26Z</IsoTimestamp>\n    <Hostname>VAULT</Hostname>\n    <Vendor>Cyber-Ark</Vendor>\n    <Product>Vault</Product>\n    <Version>11.7.0000</Version>\n    <MessageID>98</MessageID>\n    <Desc>Open File (Write Only)</Desc>\n    <Severity>Info</Severity>\n    <Issuer>Administrator</Issuer>\n    <Action>Open File (Write Only)</Action>\n    <SourceUser></SourceUser>\n    <TargetUser></TargetUser>\n    <Safe>PVWAConfig</Safe>\n    <File>Root\\PVConfiguration.xml</File>\n    <Station>127.0.0.1</Station>\n    <Location></Location>\n    <Category></Category>\n    <RequestId></RequestId>\n    <Reason></Reason>\n    <ExtraDetails></ExtraDetails>\n    <Message>Open File (Write Only)</Message>\n    <GatewayStation>10.0.1.20</GatewayStation>\n  </audit_record>\n\n</syslog>",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "127.0.0.1",
+        "cyberarkpas.audit.timestamp": "Mar 11 11:45:26",
+        "destination.address": "10.0.1.20",
+        "destination.ip": "10.0.1.20",
+        "event.action": "open file (write only)",
+        "event.code": "98",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\PVConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1889,
+        "log.syslog.priority": "5",
+        "network.direction": "internal",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "127.0.0.1",
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "127.0.0.1",
+        "source.ip": "127.0.0.1",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log b/x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log
new file mode 100644
index 00000000000..ad94c953cc7
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log
@@ -0,0 +1 @@
+<5>1 2021-03-04T19:10:05Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 11:10:05","IsoTimestamp":"2021-03-04T19:10:05Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"99","Desc":"Open File","Severity":"Info","Issuer":"PVWAAppUser","Action":"Open File","SourceUser":"","TargetUser":"","Safe":"PVWAConfig","File":"Root\\EPMConfiguration.xml","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Open File","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log-expected.json
new file mode 100644
index 00000000000..431b5c10a27
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/99_open_file.log-expected.json
@@ -0,0 +1,43 @@
+[
+    {
+        "@timestamp": "2021-03-04T19:10:05.000Z",
+        "cyberarkpas.audit.action": "Open File",
+        "cyberarkpas.audit.desc": "Open File",
+        "cyberarkpas.audit.file": "Root\\EPMConfiguration.xml",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T19:10:05Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Open File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PVWAConfig",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 11:10:05",
+        "event.action": "open file",
+        "event.code": "99",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\EPMConfiguration.xml",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log b/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log
new file mode 100644
index 00000000000..e454ec622b8
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log
@@ -0,0 +1 @@
+Mar 08 03:41:01 VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"no","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"51","Desc":"Retrieve File","Severity":"Info","Issuer":"PasswordManager","Action":"Retrieve File","SourceUser":"","TargetUser":"","Safe":"PasswordManagerShared","File":"Root\\Policies\\Policy-BusinessWebsite.ini","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Retrieve File","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json
new file mode 100644
index 00000000000..14b87c8867c
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json
@@ -0,0 +1,40 @@
+[
+    {
+        "@timestamp": "2021-03-08T03:41:01.000-02:00",
+        "cyberarkpas.audit.action": "Retrieve File",
+        "cyberarkpas.audit.desc": "Retrieve File",
+        "cyberarkpas.audit.file": "Root\\Policies\\Policy-BusinessWebsite.ini",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Retrieve File",
+        "cyberarkpas.audit.rfc5424": false,
+        "cyberarkpas.audit.safe": "PasswordManagerShared",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "event.action": "retrieve file",
+        "event.code": "51",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Policies\\Policy-BusinessWebsite.ini",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log b/x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log
new file mode 100644
index 00000000000..f5774af5ef9
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log
@@ -0,0 +1,4 @@
+<5>1 2021-03-04T17:27:14Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 09:27:14","IsoTimestamp":"2021-03-04T17:27:14Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PVWAGWUser","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-04T17:27:21Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 09:27:21","IsoTimestamp":"2021-03-04T17:27:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PasswordManager","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
+<5>1 2021-03-04T17:27:21Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 09:27:21","IsoTimestamp":"2021-03-04T17:27:21Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"51","Desc":"Retrieve File","Severity":"Info","Issuer":"PasswordManager","Action":"Retrieve File","SourceUser":"","TargetUser":"","Safe":"PasswordManagerShared","File":"Root\\Policies\\Policy-GenericWebApp.ini","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Retrieve File","GatewayStation":""}}}
+<5>1 2021-03-04T17:27:33Z VAULT {"format":"elastic","version":"1.0","syslog":{"audit_record":{"Rfc5424":"yes","Timestamp":"Mar 04 09:27:33","IsoTimestamp":"2021-03-04T17:27:33Z","Hostname":"VAULT","Vendor":"Cyber-Ark","Product":"Vault","Version":"11.7.0000","MessageID":"7","Desc":"Logon","Severity":"Info","Issuer":"PVWAAppUser","Action":"Logon","SourceUser":"","TargetUser":"","Safe":"","File":"","Station":"10.0.1.20","Location":"","Category":"","RequestId":"","Reason":"","ExtraDetails":"","Message":"Logon","GatewayStation":""}}}
diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log-expected.json
new file mode 100644
index 00000000000..f3c5e458aef
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/audit/test/rfc5424syslog.log-expected.json
@@ -0,0 +1,193 @@
+[
+    {
+        "@timestamp": "2021-03-04T17:27:14.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T17:27:14Z",
+        "cyberarkpas.audit.issuer": "PVWAGWUser",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 09:27:14",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 0,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAGWUser"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAGWUser"
+    },
+    {
+        "@timestamp": "2021-03-04T17:27:21.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T17:27:21Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 09:27:21",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 534,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PasswordManager"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PasswordManager"
+    },
+    {
+        "@timestamp": "2021-03-04T17:27:21.000Z",
+        "cyberarkpas.audit.action": "Retrieve File",
+        "cyberarkpas.audit.desc": "Retrieve File",
+        "cyberarkpas.audit.file": "Root\\Policies\\Policy-GenericWebApp.ini",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T17:27:21Z",
+        "cyberarkpas.audit.issuer": "PasswordManager",
+        "cyberarkpas.audit.message": "Retrieve File",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.safe": "PasswordManagerShared",
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 09:27:21",
+        "event.action": "retrieve file",
+        "event.code": "51",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "file.path": "Root\\Policies\\Policy-GenericWebApp.ini",
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1073,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ]
+    },
+    {
+        "@timestamp": "2021-03-04T17:27:33.000Z",
+        "cyberarkpas.audit.action": "Logon",
+        "cyberarkpas.audit.desc": "Logon",
+        "cyberarkpas.audit.iso_timestamp": "2021-03-04T17:27:33Z",
+        "cyberarkpas.audit.issuer": "PVWAAppUser",
+        "cyberarkpas.audit.message": "Logon",
+        "cyberarkpas.audit.rfc5424": true,
+        "cyberarkpas.audit.severity": "Info",
+        "cyberarkpas.audit.station": "10.0.1.20",
+        "cyberarkpas.audit.timestamp": "Mar 04 09:27:33",
+        "event.action": "authentication_success",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.code": "7",
+        "event.dataset": "cyberarkpas.audit",
+        "event.kind": "event",
+        "event.module": "cyberarkpas",
+        "event.outcome": "success",
+        "event.severity": 2,
+        "event.timezone": "-02:00",
+        "event.type": [
+            "start"
+        ],
+        "fileset.name": "audit",
+        "host.name": "VAULT",
+        "input.type": "log",
+        "log.offset": 1698,
+        "log.syslog.priority": "5",
+        "observer.hostname": "VAULT",
+        "observer.product": "Vault",
+        "observer.vendor": "Cyber-Ark",
+        "observer.version": "11.7.0000",
+        "related.ip": [
+            "10.0.1.20"
+        ],
+        "related.user": [
+            "PVWAAppUser"
+        ],
+        "service.type": "cyberarkpas",
+        "source.address": "10.0.1.20",
+        "source.ip": "10.0.1.20",
+        "tags": [
+            "cyberarkpas.audit",
+            "forwarded"
+        ],
+        "user.name": "PVWAAppUser"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/cyberarkpas/fields.go b/x-pack/filebeat/module/cyberarkpas/fields.go
new file mode 100644
index 00000000000..2e48ca8da6d
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/fields.go
@@ -0,0 +1,23 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT.
+
+package cyberarkpas
+
+import (
+	"github.com/elastic/beats/v7/libbeat/asset"
+)
+
+func init() {
+	if err := asset.SetFields("filebeat", "cyberarkpas", asset.ModuleFieldsPri, AssetCyberarkpas); err != nil {
+		panic(err)
+	}
+}
+
+// AssetCyberarkpas returns asset data.
+// This is the base64 encoded gzipped contents of module/cyberarkpas.
+func AssetCyberarkpas() string {
+	return "eJy0V0tv2zgQvudXzDEF6iDPLqJDASPZoFnEiBF72+5ejDE5kohQosChrOjfF9TDiWUpTeyUJ4uP+b55j0fwSGUAolySRfuYIR8AOOU0BXDlN8f2Eabj2QGAJBZWZU6ZNICvBwDw8hmEirTkowNofgXVjRGkmFAXwC9XZhRAZE2eNTuSQsy1W1TvAwhRMzVHrcjm81ku5lK59e6rMvpB60dbmrXrquENU6tWSlNEEsZCEDPMSORWuRLGnsML/dv10g5bvIVH2zhq2T1SWRgrO2cbHMcvP8GE4GKqTQGWhLHyqBdU4CKzJiPrFHEvdqjROUrpdXQhTJ46SMihRIdDYI4iY8tddZzHtJZRiYTD0Nj11siSRkcSvD7on/CnfiJe6u6GZodOCVihzglcjA6k4kxjyYDDXhBGEvfToSdncSHJodJ7OGGWkVChErU8aOT1xcIAj1Bp2sc3lUsaOIc2IleJ7AeL0FGB5aKy5kDcq+x3kLfTFrCgJWCWaSUqeZCgiFVKcDj9/mM8EAexYed/7aN0K+MzqBTyLCMfkNxRGoCeMMl8CZ38N7q6n0z/nf/90MtJsVk4lRA7TLrq18Qkui7jLVZrCRWt29k9zNsdCI1N0MHhw80VnJ2dXX4a5Hp6fHI2+jI6vZifHAfnfwUnl/8PcOac7D5W/O5LNORMForYQGGNo+ewPYJ5rBgUQ845al1WR+vbGVmvE8lqe539/T7XRgwH3BvZNsF914iqy9D6a7D8AKgoNZYWuDQrCuD8+PJLF8qIRVVYeLtTVQJSSU99R616CTFjtHNE/7aNMByyT3OV1mHkryH7IPM3r4lF3eQGMq6ht1BdFu9rAkYS3F6/o7Rl1shcuI8s+pYyS0yp44pEgzAAvyo+ssB3SruvcG8xgsViVwN87RwCPGABPyd3vprUaWdVpFLUrwwdft2nuoTGcFDElMLP2d286hMQI4OkZR5FKo2AUlxq2hLx51PIEvJAfXD01I2hreCsnwOljixJWD4Xq64qqbFJL8k1k1BcnJ+e91JZGqMJuzQ32PyIycVUu4dL1iZqa78wSaYVMRTKxfBwc+VhBttA2RkNW3qM4UfPCzMMB+YFphX52XofwFbGOwoHm9wKWnj3fZSqnV73ru6197QUWpP4vLO0CQcF8jOVI7gxtq4rTMy+l30G53twobSGZf3YEmoQWvlUbset22k/8dq/f8qOnn+sRPyqTv28Xh213joPbExbk8kErq/h27dgMglmsybnBrPrnzyF0wtoJ6xelitKpdnZcG/oXjVAv4lWZHmvf6ZvQK8QNhx7dPArAAD//75ppq4="
+}
diff --git a/x-pack/filebeat/module/cyberarkpas/module.yml b/x-pack/filebeat/module/cyberarkpas/module.yml
new file mode 100644
index 00000000000..411b4945cde
--- /dev/null
+++ b/x-pack/filebeat/module/cyberarkpas/module.yml
@@ -0,0 +1,3 @@
+dashboards:
+  - id: eb12ef60-96f6-11eb-bbf8-d77aef8ad7a6
+    file: Filebeat-cyberarkpas-audit.json
diff --git a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled
new file mode 100644
index 00000000000..3e78f4a0f35
--- /dev/null
+++ b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled
@@ -0,0 +1,27 @@
+# Module: cyberarkpas
+# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cyberarkpas.html
+
+- module: cyberarkpas
+  audit:
+    enabled: true
+
+    # Set which input to use between tcp (default), udp, or file.
+    #
+    # var.input: tcp
+
+    # var.syslog_host: localhost
+    # var.syslog_port: 9301
+
+    # With tcp input, set the optional tls configuration:
+    #var.ssl:
+    #  enabled: true
+    #  certificate: /path/to/cert.pem
+    #  key: /path/to/privatekey.pem
+    #  key_passphrase: 'password for my key'
+
+    # Uncoment to keep the original syslog event under event.original.
+    # var.preserve_original_event: true
+
+    # Set paths for the log files when file input is used.
+    # var.paths:
+