diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1b26a2f7b966..5166fcc33ef0 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -29,6 +29,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Libbeat: Do not overwrite agent.*, ecs.version, and host.name. {pull}14407[14407] - Libbeat: Cleanup the x-pack licenser code to use the new license endpoint and the new format. {pull}15091[15091] - Users can now specify `monitoring.cloud.*` to override `monitoring.elasticsearch.*` settings. {issue}14399[14399] {pull}15254[15254] +- Update to ECS 1.4.0. {pull}14844[14844] *Auditbeat* diff --git a/NOTICE.txt b/NOTICE.txt index 3015ace04233..2943c7796bbe 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -1256,8 +1256,8 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------- Dependency: github.com/elastic/ecs -Version: v1.2.0 -Revision: 2eaac192a1ca67edab727d7d9d526c5142ae3eb5 +Version: v1.4.0 +Revision: cc4b36eebec29975f57cd0475c3987c9bde5c15a License type (autodetected): Apache-2.0 ./vendor/github.com/elastic/ecs/LICENSE.txt: -------------------------------------------------------------------- diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc index 4235cae62d31..05b274e0906d 100644 --- a/auditbeat/docs/fields.asciidoc +++ b/auditbeat/docs/fields.asciidoc @@ -3072,6 +3072,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -3112,6 +3119,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -3342,6 +3356,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -3400,6 +3421,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -3584,6 +3612,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -3814,6 +3849,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -3872,6 +3914,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -3984,7 +4033,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -4151,6 +4200,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -4184,12 +4240,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -4215,6 +4272,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -4273,15 +4332,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -4312,8 +4385,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -4401,8 +4474,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -4425,6 +4499,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -4459,7 +4545,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -4467,6 +4553,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -4592,7 +4690,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -4600,6 +4698,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -4621,6 +4726,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -4835,6 +4947,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -4996,6 +5120,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -5018,6 +5149,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -5091,6 +5229,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -5149,6 +5294,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -5179,6 +5331,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -5239,6 +5398,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -5731,6 +5897,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -5753,6 +5926,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -5852,6 +6032,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -5880,6 +6067,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -5902,6 +6096,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -5941,6 +6142,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -6017,6 +6230,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -6030,6 +6254,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -6051,12 +6287,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -6071,6 +6338,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -6119,64 +6405,281 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword -example: 2016-05-23T08:05:34.853Z +example: /usr/bin/ssh -l user 10.0.0.16 -- -*`process.thread.id`*:: +*`process.parent.command_line.text`*:: + -- -Thread ID. - -type: long +type: text -example: 4242 +-- -format: string +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string -- @@ -6201,6 +6704,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -6223,42 +6733,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword +example: ["C:\rta\red_ttp\bin\myapp.exe"] -*`server.address`*:: +-- + +*`registry.data.type`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Standard registry type for encoding contents type: keyword +example: REG_SZ + -- -*`server.as.number`*:: +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. + + +*`source.address`*:: ++ +-- +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -6269,7 +7416,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -6280,10 +7427,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -6293,16 +7447,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -6313,7 +7467,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -6324,7 +7478,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -6335,7 +7489,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -6346,7 +7500,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -6357,7 +7511,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -6370,7 +7524,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -6381,7 +7535,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -6392,39 +7546,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -6433,10 +7587,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -6444,10 +7598,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -6455,10 +7609,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -6468,7 +7622,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -6480,7 +7634,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -6490,7 +7644,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -6499,7 +7653,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -6510,7 +7664,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -6520,7 +7681,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -6529,7 +7690,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -6538,7 +7699,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -6548,7 +7709,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -6557,7 +7718,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -6568,506 +7729,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC - --- - -*`source.bytes`*:: -+ --- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +example: endpoint denial of service -- -*`source.domain`*:: +*`threat.technique.name.text`*:: + -- -Source domain. - -type: keyword +type: text -- -*`source.geo.city_name`*:: +*`threat.technique.reference`*:: + -- -City name. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Montreal - --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.continent_name`*:: -+ -- -Name of the continent. -type: keyword +[float] +=== tls -example: North America +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.country_iso_code`*:: +*`tls.cipher`*:: + -- -Country ISO code. +String indicating the cipher used during the current connection. type: keyword -example: CA +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_name`*:: +*`tls.client.certificate`*:: + -- -Country name. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: MII... -- -*`source.geo.name`*:: +*`tls.client.certificate_chain`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: boston-dc +example: ['MII...', 'MII...'] -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.md5`*:: + -- -Region ISO code. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha1`*:: + -- -Region name. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: Quebec - --- - -*`source.ip`*:: -+ --- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. - -type: ip +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.mac`*:: +*`tls.client.hash.sha256`*:: + -- -MAC address of the source. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + -- -*`source.nat.ip`*:: +*`tls.client.issuer`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. -type: ip +type: keyword + +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`source.nat.port`*:: +*`tls.client.ja3`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: long +type: keyword -format: string +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.packets`*:: +*`tls.client.not_after`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -example: 12 +example: 2021-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.not_before`*:: + -- -Port of the source. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -format: string +example: 1970-01-01T00:00:00.000Z -- -*`source.registered_domain`*:: +*`tls.client.server_name`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. type: keyword -example: google.com +example: www.elastic.co -- -*`source.top_level_domain`*:: +*`tls.client.subject`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: co.uk +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.user.domain`*:: +*`tls.client.supported_ciphers`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Array of ciphers offered by the client during the client hello. type: keyword +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] + -- -*`source.user.email`*:: +*`tls.curve`*:: + -- -User email address. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.full_name`*:: +*`tls.established`*:: + -- -User's full name, if available. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword - -example: Albert Einstein +type: boolean -- -*`source.user.group.domain`*:: +*`tls.next_protocol`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword +example: http/1.1 + -- -*`source.user.group.id`*:: +*`tls.resumed`*:: + -- -Unique identifier for the group on the system/platform. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.name`*:: +*`tls.server.certificate`*:: + -- -Name of the group. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.hash`*:: +*`tls.server.certificate_chain`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.id`*:: +*`tls.server.hash.md5`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.name`*:: +*`tls.server.hash.sha1`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -[float] -=== threat +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). +type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -*`threat.framework`*:: +-- + +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -7153,6 +8230,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -7166,6 +8250,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -7290,6 +8381,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -7348,6 +8446,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -7380,7 +8485,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -7388,6 +8493,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -7410,6 +8522,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -7432,6 +8551,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -7465,6 +8591,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-file_integrity]] == File Integrity fields diff --git a/auditbeat/include/fields.go b/auditbeat/include/fields.go index c349010cbb19..ace56f12c97e 100644 --- a/auditbeat/include/fields.go +++ b/auditbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzsvWt3GzeyKPo9vwJXs9aRlUO1HpYd22fN2VcjOYnu+KFtKTszc3KWCXaDJKJuoAOgRTN33f9+F6rw6gclyhYVZ45m7xWLZDdQKBQK9a6/kJ+PP7w7e/fD/0VOJRHSEFZwQ8ycazLlJSMFVyw35XJEuCELqsmMCaaoYQWZLImZM/L65ILUSv7KcjP65i9kQjUriBTw/TVTmktBDrLDbD/75i/kvGRUM3LNNTdkbkytX+3tzbiZN5Msl9UeK6k2PN9juSZGEt3MZkwbks+pmDH4yg475awsdPbNN7vkii1fEZbrbwgx3JTslX3gG0IKpnPFa8OlgK/I9+4d4t5+9Q0hu0TQir0i2/+34RXThlb19jeEEFKya1a+IrlUDD4r9lvDFSteEaMa/Mosa/aKFNTgx9Z826fUsD07JlnMmQA0sWsmDJGKz7iw6Mu+gfcIubS45hoeKsJ77JNRNLdonipZxRFGdmKe07JcEsVqxTQThosZTORGjNMNbpiWjcpZmP9smryAv5E51URID21JAnpGSBrXtGwYAB2AqWXdlHYaN6ybbMqVNvB+ByzFcsavI1Q1r1nJRYTrg8M57heZSkVoWeIIOsN9Yp9oVdtN3z7cP3i+u/9s9/Dp5f6LV/vPXj09yl48e/qv7WSbSzphpR7cYNxNObFUDF/gnx/x+yu2XEhVDGz0SaONrOwDe4iTmnKlwxpOqCATRhp7JIwktChIxQwlXEylqqgdxH7v1kQu5rIpCziGuRSGckEE03brEBwgX/u/47LEPdCEKka0kRZRVHtIAwCvPYLGhcyvmBoTKgoyvnqhxw4dHUy692hdlzynuMqplLsTqtxPTFy/sge+aHL7c4LfimlNZ+wGBBv2yQxg8XupSClnDg9ADm4st/kOG/iTfdL9PCKyNrzivweys2RyzdnCHgkuCIWn7RdMBaTY6bRRTW4ai7ZSzjRZcDOXjSFURKpvwTAi0syZctyD5LizuRQ5NUwkhG+kBaIilMybiopdxWhBJyUjuqkqqpZEJgcuPYVVUxpel2HtmrBPXNsTP2fLOGE14YIVhAsjiRTh6e6J+JGVpSQ/S1UWyRYZOrvpAKSEzmdCKvaRTuQ1e0UO9g+P+jv3hmtj1+Pe04HSDZ0RRvO5X2X7sP6vrUg/WyOyxcT14db/To8qnTGBlOK4+nH4YqZkU78ihwN0dDln+GbYJXeKHG+lhE7sJiMXnJqFPTyWfxp7v0097YulxTm1h7As7bEbkYIZ/EMqIieaqWu7PUiu0pLZXNqdkooYesU0qRjVjWKVfcANGx7rHk5NuMjLpmDkb4xaNgBr1aSiS0JLLYlqhH3bzat0BhcaLDT71i3VDannlkdOWGTHQNkWfspL7WkPkaQaIew5kYggC1uyPn/eF3OmUuY9p3XNLAXaxcJJDUsFxm4RIBw1TqU0Qhq7536xr8gZTpdbQUBOcdFwbu1BHEX4MksKxAkiE0ZNlpzf4/O3IJK4i7O9ILfjtK737FJ4zjISaSNlvoVkHnXAdUHOIHyK1MI1sdcrMXMlm9mc/Nawxo6vl9qwSpOSXzHydzq9oiPygRUc6aNWMmdaczHzm+Ie100+t0z6jZxpQ/Wc4DrIBaDboQwPIhA5ojBIK/F0sHrOKqZo+ZF7ruPOM/tkmCgiL+qd6pXnunuWXvs5CC/sEZlyppB8uHaIfMKnwIGATemdQNdeprE3mapAOvACHM2V1Pby14Yqe54mjSFj3G5ejGE/7E44ZCRM4wU9mj7b35+2ENFdfmBnX7T0nwT/zYo3d193uG4tiSJhw3sLuNcnjAAZ82Ll8orW8ux/N7FAJ7XA+Uo5Qm8HNaH4FLJDvIJm/JqB2EKFew2fdj/PWVlPm9IeInuo3QrDwGYhyffuQBMutKEid2JMhx9pOzEwJUsk7jol8TplNVXUiSBu+ZoIxgrUPxZzns/7U4WTncvKTmbF62TdZ1Mr+HrOA0tFluS/klPDBCnZ1BBW1WbZ38qplK1dtBu1iV28XNY3bJ/ndnYCog1dakLLhf0n4NaKgnruSRO31Unj+K69zbOIGhF4dsBqfBZJ3E0xYfERuML4tLXxcce6BNDa/Irmc6sS9FGcjuPx7JTNDaD6v5wa20Z2B6bn2X62v6vyw1SM0S0ZpjFSyEo2mlzAlXCLPHMsCI2v4C1Cnhxf7ODBdNKJAyyXQjBQGM+EYUowQ86VNDKXpYP0ydn5DlGyAXWxVmzKPzFNGlEwvMitsKRkaQez3E0qUknFiGBmIdUVkbVVI6WyAo/X8dicllP7AiX2visZoUXFBdfGnsxrL1zZsQpZoSRGDXFqKy6iqqQYkbxkVJXLgP0pCLkBWlnyfAmC5ZxZ0RcWmK19YYqmmgSB5qarspTh1m5thbsScByrh8ochCsHUW+bnLwRvg4E73bRDfTk+OLdDmlg8HIZbxyNwnNAPZ6Js9a6E9I7eHbw/GVrwVLNqOC/A3vM+tfIvYkJ75N5YOoebD9IaenizZuT5FzkJe/I9yfxmxsE/GP3pj0AnkaodkTBDbf0ieToUeeOhQVvKoMKi4K7YjOqChDorLwmhR4lz6MwN+FoAePSaoTTUi6IYrnVdVrq5OXJuRsVb4sIZg82+4V9PIEMDoVmIojx9pmLf74jNc2vmHmidzKYBTXQ2h3r3lRo6bHiVmtSr38oMGMxbeFwErLHklFUaArAZORCVizIrI1G2d8wVZEtb76Saitqu4pNPQdxoIjOAjUeB/ez081wZycs6CagmyUIcEfFgiVmfpvjFCn8qGU6IvIT2Bul0Y1FiBs1KkVcWPB+bQRuAOhIqPV44+LAYBG/QprekFbYwf3ahVPmrTrBFoTj7fl5gvUODg+KT7QoiGYVFYbnwI/ZJ+MkLfYJZegRCjb+lOogbxlJrrldLv+dRYXXLpQpUII1Nw1123E2JUvZqDDHlJalJz7PpS2Hm0m1HNlHvaCgDS9LwoRV+RzdosnQChMF08aSh0WpRdiUl2VgMrSulawVp4aVyzsoO7QoFNN6U3oOUDtqto623IROJglspprwWSMbXS6RmuGdwNcXFi1aVgxMpaTkGmxJZ+cjQv3dJxWhltl/IlpaOskI+WfErBOdwJYXpeU5I4ouPEye7seZ+2KMKGtLfsIqxlGwKxq05eF1Nc54PbagjDMEazwiBauZKJzojXKzFBEIULPdjkXJJvs/7lKlOvtK79UI42RpmL5FBE72Ay0h7ddagPzN/oBWkOCIcOfEbROysz76Xhy1AENi24Bw7vgqjp+15pwxmeXcLD9uSJE+sbLt4O68tbI0o2UfHCkMF0yYTcH0LlHqw2Q9+N5JZebkuGKK53QAyEYYtfzItfyYy2IjqMMpyNnFe2Kn6EF4crwSrE3tpgNpcENPqKBFH1PAsm5XOmdMfqwlD/dF24guxYybpsA7tKQGPvQg2P5/yVYpxdYrsvvd0+z5wdGLp/sjslVSs/WKHD3Lnu0/e3nwgvx/2z0gN8intn/STO36OzL5CaVwj54RcbYClIzklMwUFU1JFTfL9LJbktxeuiAKJpfaib/LgiUGKZwrlHJyZrm4E4inpZTKXQYjsDzMeRQ3462B4JWkni81t394T0Duj7VOQHgnTeLtBD8HR/28gktrxqRfbd9eMZHaSLFb5L29UWzGpdjkSfsAM9x00Hb/82QVXBs6ag6mwZP2nw2bsDaieH0LDOGBNnGenQfByXNEuCxSykKjpTd4eBfc2fn1kf3i7Pz6eRQIOzJQRfMN4Obt8ckqqEnLNmyyLl4Gj/UK3FxalQ81l7NzO5GT4zF+493xZVCKyROWzTJndaFlqrwT1AC9QablAghnJdEDraIJZjoxI6WkBZnQkoocju6UK7awagjo3Uo29kR3MG4XXUtl7iZ0eiFHG8WHJdEUG3b8Pws+UN+8g7zXWvU5vv1Z0t1hG47enqwjdK7ej3O3B6uI33InbZhixcchufL+rjercMz5bM60SSb1OMK5R7CQumaFB1k3Ey+Ohv3/PvpC8JpKhnP64VQqsjWVMpuBbJ/lstqyGv5W8rnrosGoE+d6KZhhqoKruFYs59rqP2DboKiRgsMSom2aSclzopvplH8KI8IzT+bG1K/29vARfMLqPTsZuVRLS6lGojL/idurD6/XyZJoXtXlkhh6FXcVNdiSagP2fww5QWVZSENAEVuwsoS1X745jU7SrVxmzdVW/y6NyGiRhJH1R9j+B6AINp3aA3zN7KxOpnF7+IRdvjndGaHX40rIhfCWqxZYxKF+5E2EgKKaRrJ348EV2See7rxhWIvHiCGgnj832QDJrKKYuBHr0Q583yKbRjOVbZZiUo0MjclSoYnWTo6+nIqB6UJOV3EMKsib0+NzCBnAFZ+GoVJS2e6vjlWUlxtanBX/CUzgZZasD8C0KcsBSfJegdjWxE4D04LQT68pL+mk7AuYx+WEKUNec6ENc9veghfskX8YUcDsm6cKXOTG4kf6MRRTFy+E6/NuXrDc7dUlNVYqGCAehHOD1JPuBE7WB2JO9XxjGjRiCniBncfyyVwqxaw42gpWmqIBGZiGIFRIsUxDH1GwSkjlJ81cIMYYVsELNPzCB7u6cQiQy6WY4l7RsjUnFYW9JqLDg/iA1iGi2kg8zvuObtZ0SSvoSQBDH6oNKbEXcyulojUCgte46AOS8B0KfKflBZUNThmcoP6L1T5QjGMnSB7BVg5DEXDsTRUNwa0xbA+dGRjz4sVwiHwhK8P0puQtM4rnGD6j0/AcKsjrk0MMzrEUMmUmnzMNxphkdMKNdpGREUhLXe2A3lZkJtch7KMNghtXNcKFXCpWSROCRIhsjOYFS2bqQoYwUeJiAv2C/KaL+KozJLVjj3HQOBAEP7rJvapkh+U6guoQdhd3Vw5mzs1x5u3LiCCcC4I+U4cDL0IgrztlS1Lw6ZSpVNEFcxmH8FV7V9njuWuYoMIQJq65kqJq21oibR3/fBEm58XIOzOA/sn7Dz+QswJDbcHh3TvwfcHu+fPn33333YsXL16+7PhsUAzgJTfLj79Hr9Z9Y/U4mYfYeSxW0JUGNA1HJR6iHnNo9C6j2uwedCxfLj5qc+Rw5uPizk499wJY/SHsAsp3Dw6fHj17/t2Ll/t0khdsuj8M8Qav7ABzGsHYhzqx08GX/UC8e4PorecDSUzejWg0h1nFCt60ldhayWterOVU/WLfEJw1P2HmD2eaVkIXekTo741iIzLL61E4yFKRgs+4oaXMGRX9m26he+aaro/k3hblbMmfedzS6xgZvcO+v5JbX94QmhQebIefuMCQXtZPkohQs5xPuTclBygwusKZB5wxUk7TQZIUMqaZn3fOyjoRIOG+QiNmGFq7m1AsLYIMDxrCOhfURmQ8JwTHxfOifYZ5RWcb5Snp2YDJggcVAVpQTSYNL429zgdAM3S2IcgiZTm46KwNQJLXdvPsSX7bDRluXWYLk7pksda8G9yNuOboIwrcBEl2U+wERycVFXQGZiuIbffw9DgJ5tUlbCQJgkoZyWnn6xtYSfLozcFyKD0nT4PTFZ0Ce+38soExk/i42yLjkPu4yLivMXSrFXm2VvxWFGMxJfWe4rfCsBDH9Ri/9Ri/9fXFb6WHxbv5XE54F4cPFcSVsqfHSK7HSK77Aekxkmt9nD1Gcj1Gcv2ZIrmSS+zPFs7VAp1sJqaL13a29Ka/JZCJtSKYasWvqWHk9O2/doZimODUgG7wVYVxQdxQYi9xKwUrSsSNkWSyBEycMigOcP8r3ERg1h3EtoeLzlpJy390iFbRkygf47Qe47Qe47Qe47Qe47Qe47Qe47Qe47Qe47Qe47TWitMqRKuMy+m7C/h4gwfn+5bXxl6qp+8uyG8NU5xp2Csq9IIllSLt7y5Qy1n+GYfgl1AmINZY8WMtrZpmT6skM2awSgIO6wZ9Mi6EhrCHV/D8eMcVbVv6SdLRgS/7MgNIULF8nhsRpw1OKI1XPNVQmtOXx0EY0H+9YIr5KIPC8RaucZw+lPjqeOcuPqbWiu/d+7l9LAhVii49MhDL7n0UbqiVZgAMol1FD8VMo0Ry5H3tVZdOk0h5jAD/v2JLh7Lo+fF7g1ugmS8D2nJsTZbk9clFLNP0AcuT4Fhzes2wjE/KLKq4HPzRTy7Iwr71+uTCDd+1m9lttuQHtjrUPrFKFvzSdk7a5zyZk2NDKi541VQj92UY1y+qarRpVWwc21nGFjgIBewtw969XnoYkYrWYUhqR8vnEC9hfNVgqkktteYTvJELqLZBxdL+y32BFzy43oM1DCjVJMcKai2PaIcis7ykG/N9YgwfRZtS2BDvpS6QYjgU2kNLCBat6fG6s3eDoCdxnBtRzADahDuint0pTOwOB6MYROmtv/hqzUShvXQCUVfAsDxK0gH92ntaxsF+5v9/EAubtLZftlVHS3FJ+FIHdFJjCRfdLlRHST6neJmdvDt++9oeiAmzyLLvl9esGKXMaXtbkzGKE5HFmMQTLoUv9GfFGl1Li2LQL+NhgEHgXGbkLPAqq/E5/bA7pi+mO4bSQ97tOrY3D4M62L1tWSwW2Qrjgd8ZY9ZRlFaZ1yzuIcYDLJ/XIElZzg3rBQQMboLlmhOrjOfzlLGzKfCllsee65yqghUZ+RdT0sfUWVL247szkOBvEpGGUwx4Y4fpdINxjZfzGNP4mSwGSLMF95zRgqmP09IXI97A+TqGO1tOySEpmTFMAZfEmQnM3ApMrrF0Xgx+fEWOj0fk8mREPpyOyIfjETk+HZGT0xE5fd8jWfdxl3w4jX+2vZ4bU+DsDtmlocU5VeSo1nwmkgrrSs4UrZACQ1X4liUHxDIM00gGgvinmsfIDmQOuq+yPz88ODhorVvWA96we1881ia0MoGdzIlRGFfJ0G53xQWYfVGAbcm0JJTQTm1uUPvXeNzFwmfoDsVhUEYGzEA57nTMlTj6z59ef/hnC0eBMz6YxCCnvoqduzBQNblVPmjx8E1ejXAndkBLr77gPe7kaAgpdmvFhYESsfmcQhMFpcmTCSvlgjw9hCguCwE5OHy+M0rIX+rWG5GdByUJqw0yndPaHiuqGTnYh1tkBnP8cnp6uhMl8b/R/Irokuq5U/p+ayRE44SR3VAZuaQTPSI5VYrTGXPqg0YxteRJLNeUsSIdIZfiminn1frFjMgvCt/6RQAJotm1HChTe8M1G7b5D3fiPDpuvhrHTSCKgPxNEkOYBLS8aFxwC4xVa3sk2mcUbqA5aIXOOAVAAy8MM40ianQzObTrPMgcVoA0Ri2cRwiRB7kz6RXYOMbWCElESGIU5SUUtGWKy2HZdxjpj24zZH+PbrM7uc0i/TyMjuBUpZuFiuPj47Zw7NXVj18S/HLcs9KVJTk7t2Icg/SgcWrdGHfMDP7Hsbf2Odrh0ynPmxKMSI1mIzJhOW108ERcU8WZWXr9KCXUihpt9UI7lAMrI6+xr1OELwlX94Aa7LghCRhGE+SMo8QKXUa4CRYtLDtUsE/27cpSSTo0igT4EvzOqLaSvZFhxFg7FiUVK99OZT/VMig4XetJ+7uD7gaDMPwQuoCfazhG7t371x8+vP/Qgm6DZ2M7PRzBxk9yWkPvoZFDtJVJgf7alxeU6I2pX4mPQIpyCXZXDcV5E+9Cq1ovPJYr5ruUAXwidq6ZImxdN8G6UEQAvM3feQRaQHTmh84ZgIWaKbf+J7JGA2y5tENoKcO94hQ2PB07GTkWBaRw51JE3dVhtX32V/sqvEnfqnKOJ/R4abD9hqYrecsLhG3mbvICvWWG7qb2ap/p5wzS65evv62zwUB7ui/r/ZK07oN7LODXLkYTIzMyZrnO3ENjdIN7MCITBMEIWE+jDfZLAZdo2auOTcjPcyZwz2ADsVFMkNe4KHjONNnddXZS58OAVltGEl3y2dyUQ3nqyWrgfdfc0IJWMsuirf6mXBVuWvxqQfXxdfmcVbSDf9Lq4DVAOgfZfrafUo5SspVU+jp8cXMzq5jUmUPnE+8PggE1ku8STBsBjz9hvfYK5Qd8znmC6ppBdlDJsCqCRbNnBOCpzqm9hUK/p2/Ss8WNZuU0KtpU4Oh38NRtKCoakIl2n45HAQG80Qx3n8mrAzEUAxCkTfJWgxEa5Q0u1turWgNrQ/Orj1a62OQNC7MQmCW4ZGCVloDqElx37FOnXN8DCZ8B46O085DLdqdat8oFsE85q2PYanJ8f6XXNCupmGXvmrI8l+AleO0fT8/1daeJxevrNZvU4ZkaShT3BfmHc8VL6VUIzClXPG+dz8AGjqHvYbtLhj2y3Xsy6QsHyY9zPDs0tnnz6HkT+zMCM/c964x3plATPFig/YhZHCO2upPTZBFuPD8U9a3TCHQH87VmXAWZ2NPDmbpRyQgx0m5M75YGfSyNAh5h/uZAY5AJMwsretPQAcDJGEkXPJzM9dTA5nd5KbVd27HfidvRjXkJbkjsrtNg5lYJI2LHBfiYdhAEgIYRnTzmho09+FpYT6klorxilYQ4Eqaho4MbrkgQHwnuuikFU1jkhMcmh+5hnVNhlw4tDu9S72aNrKvPFr1x9CBve3N+OzfaGQ1CXhHWAEgDDZIWvuD25Bp3L0p0cyrIGB/wfTPG0RIcNsKe9TEgZJcWxXhExo7kd4HkGXw15SXbRam5GKM3xvskwoihs14SBoKlC+oSqGGoSk6jmdqtqdYWmbsY6NO+oh3om9iO107zwRm6yA+CxZzP5q6ByjAPBA7ptZfOrkT9WPp+LZ3NQYIYj/yeaia0cxjFnDAawAxwxZG9REp9a5ufqbKHGxpbThsouxXETTm14ueILJi9HAWm1kAwFKFtA5MV5nJ7x4DnwjkiQ7yUa0FbY/vsRjM0YOW0GU5Tg52GEgaRNayWw+5P3T1zMlCeeOPCIlwD61b3xIQOknR+H1lkF+qZaIH9v0NBqtAltxFJbv/IdXUqY90BguwPe/nae72xf0hF7PJA1wCZHzmtvGYK2KzVNIMI4SWdhMIs8fzMRSEXGu99cnba34ej50cv2sjHY33LASuiwtzGr+MwOEivitpwz3F7IUAb7gC7YhQYhm/giJ2ulqjp9xpxuxOKGpPlk9zeqbnLTIqt00PjoOQrk1a9NqklN1xnA53OQ9BIl0+fCVJJbZJWRiMXGWcWMnYpdw6QCRtQC5Gf+o95GnTR6tWd0zKHkhguzamE6A8UFFKLiHOku7BAJPEwZuvehm2BV32PYqWNF3lYQXinkaaHpJKCxzZeJBliextUN79j9qMvQWYkuWKsJk2NnAJeSg9XG6vQ2BEgbePR3ld44nJajtKdjS7IgSDjghqq2W1JZ18ekI/TdKKiRLuXPVjswQVbYUUOKjDSyWkNVlCWygtGmBJpOXHCP0o5Gzktp5SznVE6uT0RfqdQHFjGEhzJKcxllWQsd7uOwlYqlsuqAk4MLU+FNMGmAsNbEaE1Nyg0IUKrkkWTdFrFFIupLEu5QAGBkkJiLUbRG2bAAlbTfM6yBBdhexu1Tq78QFJh500u6sZ89D8KKqQLw/JCZ2PSB6h+y8uSDz6Drh2gkYNBwjl1U7fkBgI+qDBtm5KQ+yDW7UnGz8wqB4o575eJ7qZWUN0Qh/HsA2YXaBhze8p7yR9MrBMxtOqiiKD27oju9YD0Zq9D/72VbK7TdH57g4C3yrUG79Tm2mDWxY9Uz8mTmqk5rTU0CIfG2VMuZkxBoMcOuJ3owt1PRtoNoOgRCQsoWCUFNCVlqBiDyY+b5UDqrC9uOPTX8d9OTh/MnnR2alcTKj8leksH5sHe0Vd8LQL6bM3KB1StVKfQOdCX4RdO1u5Ws2vxSqTZeJFaHmdfdjp/Yki/QSXoqF3w7TiOOdaGGmYVLlpSVY2/TkkegGxbEFM2v7G7FWdJYq5vapkN0oWTU0ASAgFHN3UtldF+jyxOQBaHoVF0KZsZMCfpBaEwbPRRUdeb2l3oeEUfw+0ELGFn5LU7HHncicVoyZzRBghKvH1+1dXXwrqXSTeB9w90AVbToKXIKZQwUYGUf3ISxg2MbIW0boUIcAwzvHAKmX9ManwWXFsyLUCBxgQykJsZVfmcFfG0WIGEhx7wihnF2bUX2scfcW/GfVResJocvCT7L14dPn91sI+VOU9ef/9q/7/95eDw6H9csLyxC8BPxMytboOaq8LvDjL36MG++yOyBakqohuQUKaNVTO0kXXNCv8C/qtV/teD/cz+3wEptPnrYXaQHWaHujZ/PTh82q6WIBtjZbVN8k43xSr2eZYKKNEqZbW1HC2ZkZPo9gXfGjnps+57+0aLID7oWKND4RgoZDylvGwUG2SIYcS1GOP6DDGMuz5jbPqC6Ybr525fBC/40L6hGQAKjSDf8wE7F0vttIy+1eCNnCVacmWPvWxzrOh696qNP6wDdZSIllOzoL4573CYN1IW8tGLpYYG7HNj6mIHq25DP/dm4sryuYFdjLW9fmPzevu/J1dMCVaOyFueK2nn33VL3PWHe/e4Kbh9d6e/j/h2axsV11cfdcJbV3HbaSnpoJ/sA9dXBEaAW0ZxqThG6XTXrx2IRMsSKE0nEbw/aeaUfVgyqNvONIEy/5ypbnXSAPtHIVW1BiWuXMT2OzDy8t9ZAcPesqBRsMODxSosYt8eyYP9/e4VAZX2ucBaNy4BeSkbOHptVdkRAlAUZhXoBCDdtnfYIRYUO4hpZpmAiMtArDnnPi1L32e8o/xo9luTqE73VyDowg3sa02uFGBZgME/CiEOCL83KYBSrXtmyxFYbehVOxOKfaK5IVIVTLl8NifhJPZLZ70sk2JR0eISNNwesq5ZUn3tXkr8YBA++qbCBO3jQ/Pc2U+NvNG89HPIePI2uDhimhmVhNzhU15f9tZgmkT8WCKFeIXMGU+a2msDiQskbAQ4t9ysnPlmGEJzbdJQEUeYbmOCPVJb/jqYneg4e1jPhFk0Q53XcSlnmYbfM/97lsvC3qtOXPVfx7g+jrgw2Fffx3ugo8JN0cJ73I6WcOxLVMWTeXZ6sZO1JQv3RiEZSomOqqFph1yIMCMGc1V0SWKUVrSayhodT6uXC5GMnQX3r4Hv2jRt6FrlwW62f6Bx5VYLiHO9pTaQluB0bdEerOgrjCD2nG6wv8R2ItUnCeKhbHN7SfZARMZhdzhaBWXiu3cwt7X0UjFaLB0lFWxKm9J4Qo+m4eSWxAPoiQObdiy4Ts/KcZT/wqQ+RBay7ag9/lKA6/vs1E2+9bpRsmZ7x5U2TBW02koSduhkotg1euP94xeXWzsYTEl+/PFVVUVmwmnpn9rdf/Zqf39rp8NG+0Eq96TcMSQXkHidVaHB8J2wlnMUeum1hNYroew47rd9EaqJWD0coPYwT7kzBLgAlO/95xviT47hrW6wAiS79QwyEAeiycRy4bbnysVT2F/BkeejAOzYrtqzX54FKuTOOyZPtZY57h1I+aAVItsdhRAN/5mKYs/ijpetmDRnrB+51K1ayaLJ8U6GKc+8bkzeRsvE//r+7O3/ds9C4Jsb0TXv0TsZvuyUK6/J9MuuU4jNt9tqH++sx1NNYDEhXOdunYDAMfQFbHD7DSQG8Qr1BADVMjI/dLu6g9MZhKvzELdSoy/JKJpfeW1O6yGr9aB7824gA/phHKBBO8e6UMaa6+33OzCu2T3gLkilxig+aQxatSpmKGZLQ4jFMJrxt1BrAoZxhkx0XzY1XFbjyk41dr5BK9xYAWYMqxgnBlJ0eKIv2x5qE0UX++iIaG6lWTcciLMiwu1lOwtG15kHRTI3dK9hBc4VvU4CQD3dv1PAOVTm2hSUoVpXiI4NXNRVve/BuDeXFdujpcddcOxYoPrh3PcGK5yfMEkPrNoJ/KFE8MYy088Vr6haukJi9lL/4ex058Z93T7Y3z/olL0OPHLTEKZWlEHo+ns5p3qeVcWzDcH39vQZTtGfVM/pwYZmvfjx+OCGaQ+fPd/cxIfPnt8w9TNX2HYjUz87OByYmovNRUud2bGjmufD1pGxiPC3F6e6Z+Xw2fOnL552alhvDtq3FtjkeFgQZW5oGVdAB+Opt/efH+13wPzCK3jgBg5XJwW3Dp/yrob2QLUJHW6shhUSETw3HgVHpknrSfZQ5rOOu8xaLsTGjNsoptsJtiGiRQ3WdO/zwJqaTXn/v2/KEsZPhaSbLtq9VYjT/Pc7GhMHhFI7iKV6aLaSyHTvRbkkipXsmloCtJo4xPBCSh1IWlv240DC7sHzp50OK4aqGTMfN4jUS5gB0Wo1S72sSi6u9IOlbAAuIQDgiUXLyJ4DUCYdJDu9HQ6aXygXudFyOqBrW3nlJ5BXVPQRJCk+Ty46wgyendUiTdKTAVVAVNl/cB9v0Nh/YDLNA8upUsu0aS6NARG+cUXaH5h6SbNt5cYgjdjroqX6h9R5xYOT17B8DpEp0bFlITs7T1IEMBxQ7eqmtnpKcZf0sK+nvc9X39rnK2zr85W19Pnq2/lssoLSYyufz2/l8zW28fkKWvj01XF/f4UvVt9gl6GceJLyOODngmdcvrJ9xMtUfomyGwS5zr3y71sf/qsuCv/QleB7wciOPn/0n29JyZ1jXDGQZ6TI6IyG32k5k4qbeRVSMrlyPuzE3cHKAjmVy+itKgnVp+bM5xe8PX02AjvLDtB5rZjj1hk5LgoPxjR4J7APvhtisiSlXDCVU+0VzDZwyIwtgOhKgmJZGDuiWU0VNTIUzKYaqxbVilPDyBMt6BV61kcE42Pm9OnHZweHd6nJ/dAWsYc3hv0xdrCHNIGF8yR1K8f9R//5Rhej77/ecjFiMFppT0TdGMynxkb+4fC8PrnABOJv/SEYdHZzMx9wycGkMvaBb1ew8MnooGqCQjOYRZ3mT9u1AkZDwrQbcU5VsaCKjcg1V6ahpe/zr0fkFBpCJ83WsfjS35sJdFmDYIuC3amNssrn3LA8ib+8174NncC+1nw9ieDTi+cfn7dtFo/NWR+bs94dpHU1ucfmrI8a3WNz1odozmrvzw1Bsv2jG9vzTLjk0wTYWNEixOstfODo2EM2Bmnanl9XIdmrInD1uzv4Fi3pftbjVCSUc9IAj2Md8OjTb2i5oEvt+iGNIHTVxb0GTdd1uYAobJckzsQ1V1JUnRwDv39Qz7tRoJs0PmloPGHUYIOFLhY+r/EuSEC8Hm4at5mGuT+6rRyec1P0+e5G2kxKeCJVJhSZUOJPgn/yEe2OSUJS0m8NLcEhGcZMlHpflwhijF3N+lDOBRpUuXB0KHlcsJwXUKXNyq5ARpGxQ4nSzsZLnU1pxctNhca8vyA4PnnivQKKFXNqRqRgE07FiEwVYxNdjMgC00L6Dh58sgd3U26qH2JP5sWdaLttfQlEX15uWASlucXBW/krvWbdFSS5LQ+wBpwtgA06l6ILF+bfg/woO8r2dw8ODnddoZwu9BsUaFbgP/WOu2WsQvg/utB6M9RDQeznc3RvZSOpR6SZNMI0N9E6VQveo/XBEp+bA35dGjnYzw6OsnYx300FSl+6nPAO+/1eKnJSyqYI2X0aRc0kAc7d/OhVhnLeY3OYVazgTTWGtIfrKq3eDrnMiawblPVW5UBMhgPTW6t7Wrirw4hDd3an7WK9ZsjLqhCEi9CfyEkdITDbd8JMt+3p4bP29I/tcx/b5z62z/0qPSWP7XMf2+f+O7fPnRvT8hj/eHl5Dp9XexC+9364EMRkXwrJeJkvc03GjSrHPi2OYc6xSVZtgVRl7AgJ/TDW9x37FyayWGYQ9ne3G9wn2qavtpGbhhR2wCQwaxe9L158txpEFwS7oTN86RRa3IwbofyRlaUkC6nKYhjaDeDyUhpatoM0uxh9YoGFw46dAAfE84Ojp8MIrpiZy03dI9stlOJUnVRjJHJMQIcKzBOWZtYbGbzCWHLTl9LPyAVzJclk3lQ+TDuM7VsWb535vGmrJ7w+uRhqDcXMiNRQjrluzCCaFJsypTYWpfzBDR/rh6SY6+2m5T361d7epJSztJfTXgd216vvoc+561Sy5kFPgXzYk34TnKuPuof3oc+6g/bzDrsDWhtqGr1uv5o71VZo4xQnGvYZHO23Ha2bNRIAXKusLgdgBIjRlbP0Rn/jPt4QEnDa89aHRPVSzmaW5VQsn1PBdeXkDPgyVNNJ4pah9FWMEIBiN8FldGuUQG86N24o/AoprD7pOMyfFpZrKSdY8yBMhBUg/Jhgs01LI3w7bi3Ev5VWtOvV0uisUEgDi2BFOv63obLdpDFEUWe28JUXvh27Jh9oz3h9ctFuXr6ONAQEtwEJc/u9L6pjERl8l26zVpXH0v1aTN5CpMHpGIZSUFytsQwjlLSwV0cY0SWehv7XM8liCQ8YBI1Iad3fQjIttrdNKPoqBYsmJl8xo25Mup+Bmizdh4oekFIaqjGl9UR2euWxWxUNF1SJ8YiMmVL2Hw7/iVoNLQfqbMRmNMlhnnXv63vZ18tOaSqciHChoTiYILSuS1cqPAs1iRrdAJmnVTjSUbCVB/o/sB+DE4DCDCPspYCFBnyr/kHjvVSzjJVUG55jxbtsIqXRRtE6+5v/q4UsrP+UQXpP0pj1xn512B92FYbsKJ1yRCGhzbWNSMgdHBGuvrDrSdwp7pUcme51crhyKRs0PHSp4J4Wl2TSu9LswBi75dDsC4NZY2F7s1/pNR1ETCMGelNsDi9uOldAYC6LHipu2V97GgYWspmalf64mrReu4XN17Ck3eLDIFAmT4SNdS30dV1yg2GBhjRQTj4YQ2qqWr0CztAfq2js1TV2w3pzACIv9dxSkRSbd81Ie9TlRklrLHZKLLrFjnoL8mX5wphzes1CPR2oE4aZqblvNoZJUuixYCKX4HqUigi2AL6giWKVvE4PgSR5yaiAeldtkL+0BCjR0lX4tNfahPn+nXGfvGcu7a76+ZVAISwIXBlvl0GiDKGucBGucfSwsIz7Cj98HCLr3tlzV22o1dEupcdTsQJCQu3VXXGTcqRrTt0wmS/hoxkjH74/0eTZ0eGR3cqnB8+PsoGlZVOaQ6n+bBM6xnayQl/GzU/Yk626joSwvuO01FhclaUhu6zRcPVzKvyVFyq47Ych7buHT/vEcfj0Rhxt+H7y1a3YJ7M7odCLa11kddYBRP3d0Fp8zcZ73+rONq+oDfn5W8zikFyTF+TbiJz/HiTVrM17Ys1EaGYL/J19qrFiElj+HUt21BMIBWY+eHkwkCv99NkQWlu15u6G21tPTLfw4e0nZqjAnqurZ3EcGUaqqsQkk+7EkdMAljrF/aCo3yjVSqxa0QPencyZHCzEdyPooTagV3Jo7P7SLg9ob4ObygN2CyWuVRNwkCeEDd9kvO3XQAztIplh1LWIAKqJr6CARKn9Azc/gaK3774/agj6w4JwqcnpXfLVLZldvpxcOx0Fwz6qqhG+WRVURID+Tyg60pj7QlAoS8rSuXQS3bLmuCc+K3nFj95pvtEtlBdKQN8hfSRq2Zs6LseoyWCZfig5kM7q7DC1kkbmsmx3OaJqwo2iiieEgzWGXclEaCWpUUauoMK0K9U3AoGUlhoa75dLVATiw/pqWScmGZ7/NrI3F5tIeTUiZmFlOeWAWaTNjKzmETtMJSW/rpkokkZMUBkCYIn1EuwtVIT6CLGCLBypvYJpQ87OsVSEHhEoEz4iyZgLrnxlzK/Q/0N51SKtAdP+OnWHV5r1t9Guj/Z8kLjB2wM7MpH23EDcB/Tda/HZsavOC2+6MvZJ78/wve/bMyJjf1jdTyiq8LgTuqkGbqTnnXZuyEHM8uPGQky2jzFeAlq0ojlYQA6IXxw5O8d0VEdNSafz1Ibmj19Mqmjzv2iBo8RIWe7SmZDa2JvPUFFQVaTt98Kw01Iu0s14w6gSWD+cmuB/m3EzbybgebMEAl3Z9gLydnmxay+ZAaHv1fz9f9fvjn78729/ePb2n3sv5mfqH+e/5Uf/+s/f9//a2opAGhuwdmyd+sH97e/ZtVF0OuV59ov4kHTvitr1q18E+SUg5xfyLeFiIhtR/CII+ZbIxiSfoNOwoCV+shQUPzUCCPcX8Yv4ec5EOmZF6zpp5g1MBy8vp8wknVlcf+FRuJASO0c6ZuBcdphtTSCtyi7+mrNFhjCsmNijRipSM8UrZphCQFpArwdTBKQFgf0XRB43WTpymDTb6lvIANstuplKtaCqYMXHL8mRODv3kYGxFLM7rslPzl5WK/lpoPXUy8PsIDvI2lZaTgX9iOrUhhjM2fG7Y3LuucM71Nye+JO7WCwyC0Mm1WwPL2bolLnn+ckuAtf/Ivs0N1WZ1Im+cHwE7ivfGcS/pR3/oSW0FwAOBhLPO2a+L+UCu6XBXy4sKIxbypl3CDQuLmhoTT2EP28hetOxdygcTZaukQY05pf+9tUx087fS11of4DQkJ/5lLfAxmbYd7iEhy5cN8hnXbnu3YFLN/4ycO36H6N85i7g4Yv3sO0J91SzAV6//eY7r13EOxO8R4R9yuBGG5ESKOpXmltJMriIg4T79UluIQgvRPF7qDeBwgsoQKEDLSdMDKV2CEqmsdY5I3/HedJjSEIPjIDhki4tc2qKekRMXo8Ir6+f7/K8qkeEmTzb+fowb/IO4jeUPnGGl877izMo1VniJbpI0xw8Wb+xWMws7o4Qg4mWVGuWj0jNK0Do14dOC3RiGnDNGFRqG3iffndTmQoRXu+Xw69ZzmnpKXgUagBiul5PpcYi2SGIpGCG5Wbkx0ePNAaW3Dribvt+c8KV5a5YQl63S/iFRJbg6vbVKXBQKnKGKYZuqZ2y/lJM+axR8ZqTRDVifQSEjlNJd7F2tQxvq9IjsmATkH64Vd+5MKqBNCREF5dir1awXhjXJ1J6gTKKjN94uhFaKjdsClIyI/h2Sqk1GRraYvX4/K1Djc4SY44njdSaQ7HI+gpjju/ABYOjVVAs/dECrOM6daAL7cOMkDZ0lJ5vwDesIpqlXF8B8tb5XX9rWIMDk9eXb6DYihTYaMgpfq7TYiK5h2FCWSDFwPQHPXIKZuUBjw+IjHl9cnEHC9RjgZDHAiF3B+mxQMj6OHssEPJYIORPXSCkWx8k3L5tY8jnWWgSC8yNw2+moMXb45NV0z+UAWL7JAZB9lGQyPjeAAwPYpsa9Gykrp3wZsuRM2dlPW3KNIE6ahXTGMoVZLMgL1EMjGIliB3hSAsi1YwK/rtrK5AaH4RM4zohyImxghWO82DUFsJVsqkhrKrNcsC8/BFMcRc/tDbisWTGINSPJTMeS2Z8GcT/x5bMcP3mNgTq5dx3vzMrOHwHRH24v9+CTzPFablZN4O3yrjJnGB4W9eJ+wpWdrVBOphBm5SVXMGQUtntnipZtQ24ylXySur0BvdFHGlZM50NZWl4B5MaRzPb2N+CkLJRaPinhn/gRoI/ZFkySOxAO4f9K9oqBsJm/JgtlLZiFu4Tqf8FA69HcBfLigrTkSYHz+/9pNL7TUkYYoyJjzIFvOuNht3vb4kqSsfxBiImFM/nSFBgGWqVGAihPrmsaiq8dGHFJVB4WsTYiftJw4x06E5pRS4IwKJKUTEDM9+Ul8a1CsVUeC9MQQQ4+J/ahQYCGHE9d0kK+wNKa7TFQvIwInRKH0GsibdRi5TC1XERO+XfXB3//UXo8OIiY4dJp9uEf/1SBn9KifZPLs7+iWXZP5Eg+yeWYr96ETaNMvApW47LnSdf3cjc4n21mrfB/aQNLTEPCR1KflYP31nSy93Xkh8Yyr82CmGYSGDJYdb893RUiCENQztAcEzn24ljQddBSFDPkwvoy8q4319DU1z5nSu453OWX+lmU0foxA3v5cS41W6r4Gq/ZirkxvVjdV5Mnh6+LOjLFy+fsqdH+y9f5t8VL2jxLJ+8zF8etdWZZPINrei0bWGHoK42sQbI39dMhOh/JWeKVqBnlFTMGrt2I8mk4WVBNLdv7ClWcjop2R6bTnnOo7OPRFdrWwRDdH7UudxY074zUcDWiBmZy0W6YMiOCzvquoZAEzgw64/IrJQTWvbwgl8PLeSL+odf2vMJIXiD8LUxV/KcCb0xq+sbHN6VaYjtJlLIFIPEwaJd0IxQokPdLYdT8Nu4EVOpWMmKXJyf/oP46d5Y3RSi1sOQtdSaT0oW4/p0XXyCmD43pN7b6WuUxzXN5ywMfJjtP5SQ4DlZMkWkHNm+/zfXK/OcmnkS/+/3jfcIKm1H2mi1B6S/d8LKkqq9mdw7yA4Os5ftqkN370l6ezKgR1unVWmXmR4ePj14QEHEQ9WeJa0tc5i9/KZlLsuZbulU58lXN2vma4kbfophvTqnIurWsUihC5FojYdJOX44wou9hGJdQHQrRRzUvbGfvoZihVNjrwhDl9r3fcapCDealVNCRcC3XVXNMcgISjkCF/Wx0qCnILjR/7mebDJbp0TT5+UvKEWXLtQXkETVDILAUrfuW7okE+asF7i8WkkrwkCUD4eqnwnie7zKfdwlOtSw3CW7ZfjT3kjhw8F+Zv/voB0BzD6xvDH26t0QKo4nWpaNYa2exh4rcfZhljLhYs+vLW129th//t+5//wmncKOpzqrRjiKF7JiVsuxfBCFdJRaQw1QzSteUtUXF7rkWc/Wsg7e6YY7i5JPWs024S9Mt84VFuTSxMg2Zutbq7je7eYNN8BA3Z1O5Z26N/d93PzKVcCyYGzb5Q0B0r72taHdAPC7CdtzFtvwe4TDoAOC0fbh/sHz3f1nu4dPL/dfvNp/9urpUfbi2dN/tSOlzFwxWqxXsvlOGLqEgcnZ6e0b5GDYaNUJAGbQoIiz77ZlbZCDNs0JYJJO9oLdVvh+hCVskDWEwA2qw8ZjksQJFWhQmbCYzP4qDJmEhxBKJkouNPgEfeUfB4S/HSFg2MqOrtdNCfkzol+X+T7r6/sF3anE/kKqKy5mH0OZ841RDvNzJSXVvRHCi7UdaPfmsmJ71Op636TVLmOguZOzPyRf3ShnhwQ9zaDTY2jn64qDWIG55tcStpUq2YjCysmcQc0+vzBqaCA3cJ3CAxAaNNCOXtu94IJUVCxJXdIcy/RRiEf2dcEuUxDc0FjcDby76EOqRugcg0x1L5/SssQpfHcm6WIbQabWtRRFZC2uupIgY4fFLFZ2PLaqR66YCa5gi6EYhcb0KClPNfEGgjkU1vVO1JEzGo0iEfjMqhHJSw6VJ/yjVBQh2SZNaPRlCwlUKyhgiWfnXtQ3MkLP63Es5mDmViEBpLly7Bj/dXZOjOLXnJblckSEJBU1Bkwb0djADUxGFStGZLIMSSDpVK9oNsnyrBjfxdFYr3GghuP/jstQUPLsXOMeS5EUZkx9ef18kov1sknccwN1JhzxuIL2IZ8hl0K4zJfY6tdF5Cs2o1iXRzNtlWY9Sp6HmgFkwkNunlUBMTUyl6pImhFLRS5Pzt2oGB0XM14Qtpzx6yhNuZKK5OKf71xa4BO94370uvLJeQILlkPFsqIhmbM7kzPXY1nHFj789rVzqoWmbnDgCi5fg9DcND7uFzPDmKrIVhhvC/uJT4Oql0IhOoBr31gLfnaqvw9P7lfo8KzE9UjNkbHpzhTpOhxDumhNgCGOTVIoJWaTYIeCX30hQLAt4En3xVoHBouojd0L4pD29OI27mLMN1JCIJATHH7PLyG0vnbFLyw3oIXl8hUVhuc+WduFgrJP+ZyKGXP8LFopfDSokeSa2+Xy31kS4CBIzhQYZ2KhjVhi1c8xpWXpeRXgFuJRDZtJ5SrPuAIr2vCyJEzoRrmw1RWlEizCpjwxMSfNr8vlXQwmyMk3JZBhGBFW48GNCVcH1uzzDKaa8FkjG10ukZrT5CBCFhYtOuhzELRELRsfEeo7p2C3DehcJy2dZIT8M2LW9S5MmyrgqVJ0EdPake7HmfvClWBsC5LC3gyxIE7RYEYT2nrG9v6Brh2uIc14RApmryyoiOh7OkuRxBRbsaMjBVKdrR3DtkoQdHEnroIZLcHRFw1utDFSyEo22odgAN7j1wFA7912CfXHF+92XFOPchkN+Jowms9j0QRE5RlUgmD9hKGDZwfPX3bX3AqIeegYmBZ4P0g5Kxl586adyXDfdWL+BgVioEN/LLHj4vCkqxLMh/KtDl60HZ9D3Y/up2sKQoPjtw0Pj9lwj9lwdwfpMRtufZw9ZsM9ZsNtPhvuM5PRtvvZaL1ErBM0C3QidcnZ+TXUFD47v34eBcKODPRgSWxDGXSCmuwLFPXtS6v6OWUIbPqp8I7FrN4dXwad2BXD5E5aimdWklrxa2oYOX37r7QoSPusgIZVSlqQCS2pyOG0JsUDpCJKNvYQd5Bs19kvnnIfdZsjAqDgydeLgi8rPHTuKg59jgzXcabcXsPmbo4Uh/ZVJG55kAYn9cfN9s60asWcz+ZMm2RSjyOcewQLqWtWBJCbiRc6w5a3+tWgASYM57TAqVRkayplNgMJPstltWX1+K3kczdTtFUHvmCGqQou3FqxnGur5bjoCNA7oSYn2KibSclzopvplH8KI8IzEJ30am8PH8EnrHazk5FLNCIaiSr7J16FQnGTJYbOLYmhV3FXXU1/aBGwkKSkE1ZqVImFNGBDxzJjdu2Xb051iPHcymXWXA31PwvIaJGEkfVH2P4HoAg2nTLsgWpk7SQXt4dP2OWb050Rel+g3pa3T7XAIg71I28CBBS5fgjJ486f0yOe7rxhWIvHiCGgnj832QDJrKKYuBHr0Q583yKbx6bMX5Yg9NiU+bEp8+CePDZlfmzK/NiU+camzK5wOTyXuDn9V7ckv/qy512nmUl/kwryUa1sH0PfC2qoA25BNcllWUJTkFsSXKdcFK6jlKdOqPqKZBm6J/q57ZM+h2x9nw6r56xiipYbLOb92s+RsifprEEe/Cd8Cro/+8S10Tu9Ci2Fq7pYLgm63zShuZJaE8Ug+srVxh+7AeH0+XYOfcnkBT2aPtvfn7atG5s4Ttt91uy7tjZCoLcbIQ5dHh1KMD+/VlwnPEdOMRREyII5M1trydHbFMKVgGBAnitahjSPWPdK10+zTIFxdW8qesU04SYmV6TcM0qolk6T6o14MATrUW07oMIeGCuT87wpqQJ4w5AM+1DFlh1ti6BzgXKM/BAMnVfaleBMi3W3wIBWXLKF9nZDS4cbl2EunUN2bN9zLN1yePhose9qvPbprXj6HXvGJlO2T9nz/Ojld4fFhL2c7h98d0QPnj/9bjJ5cXj03fS28sz3Q5HpFeyJLVaEcNxpoChEq/BBQqXhZMJdCWEzobJ1KRe4/QW3avukSatY+7YWiFXVQIhKuHgsVnX7ekZF3kcOaEOFfRssRPGEiGCcbnfPA/sK1bCC12kHzPYp8jd1E7vgOdNMow2LzRKiqvg3Ro0eGgQ1roJNaVMaaD5Qh7C18KjdyFgS2sVYQbkn4eo8OXJlA3TV6uS5mxa0DEQki432ugzURANJwJQdPpNQgllI5EWtalj+Zc8VvcRqf4NjamQqEoUwSygYkWHNkqlUbJRsgl96YIvRbzDxgk0Y1F0nATIfAOZHW4+WOiw5AaFPUR0AhE+3B2OAe6ZNqI4GM2gGSTVLO7WEk+y69IZxoSWj80LmrDa4uDAbQgwo9sKVA5K5Uic+Yk+3mzJiZ6RZw/U87Fo8lHCk7X2BbRvjVe/uOaktqCSVdF1LKIcXwbS39AaWEIfvcKE21UQG46lnh+wiVwg4douqqMDwKs0GxAQ/3+6++18nfUYnAZf36gHFyF8cv7PWP6Z80J3uCXgxoRpLLaiHDsizLTkh3NCJYO5Xkkzy2m/Q2RQHidV8IVaoDV33hK5gvaFu+LjFVYcaSqe/t7ZjcwV+tv/L5/K3NyQEmLV0i/6uRB4MNcvlFaH2SsKiOcwQKcplV7e4jlMG7j7QICg7zNL65BiH1lKz4jc3aFn41O1RiUkbdOpcMnttkbA9UhJ+eEvgYep2unOr+AcMj3OBfo/hcY/hcY/hcTeEx+E5cduUtmnp4fDBYuR8n8nHGLnHGLnHGLnHGLnHGLnHGLmVMXLYbezPFiPnoCabjJFzV/stsWG0dAFV8dTKEDY2GB+WpEoRoygoQGL21cfLrURH9oX4+Arj5dYX6h4waG6A5v/woLlU1HwMmnsMmnsMmnsMmnsMmnsMmnsMmnsMmnsMmnsMmlsraA4KMyFenTPnMn5zgzPne/S9WDopqdZ8uky7utKSKftnnkus+GHvXTcXMfSTFLLyppZQhXrOyFtuFCPHl5f/7eTvZKpoxbBvuHu0FUgHdQ+kgnW2AXGzY6nKUCeFKycyOx3SjXl2ejEi7374/mfXbdk75ykhuawqyyMcvGj2x0VkhuaG59m3AIYvFOSGzGltGue1t4K7k5J8mYfQAhrR4TS4LV7VNDdbO+1pWD4HUsu+9YpLXH2oT+QnRJfJFRegBYCgQ/O55eOg502WxJufDHgRPfnBXCPYpDyXVV1yjUEzM0lLDx8TBVgNScGEPaFWLUWX4dbOHdxoYVcfgJU6DIcpg7N62igo7uK2hP+O5k5PQS0JEHcafg+7EUL8mNU6IWwNtsvejWEyN1q7qTLxAq8Lhigwggh6BYeq9npEmJWOwQZADeFiZpU/wytsu6yYUVLXKHaWCbh0NsMF+pIoneP/9uzyw2t3vtqaC5Lzxq5iS9IcdVNEpydIoEePvX+6Wk2+FE7KDsIi31Kj+CdyieOEHXSm3aQWW0ae+O72+tXeHjWG5ldZZceEKtEIid67PN7fP9rfCxPsdLGGDwzh64FEghCosT7uIrpSlvrwuEOuNoQ7qGnERL65coSMhDlIo8o/KQbvNELAcbg3HuJIB7bYxivu8/CpDuu9d7x6YPTe5cHRy5c3nWv7+wq0bfBktyJt/6SoWy0MrMDnH3Pa18Zu68bf0IFfH7t3GiPgWtHcW6+8KJ98tVqWP42R236Q4UQAKmi5/J2RmilQzgSEpynZzOay8boZJRXPlQxpK0nbFhDGrYIiGLnmbJHF7rxB7HTblABOEhmeKGYXbzTZjR4DX95vwSb+dx+fNFVSmF0mik7A4a5dzm8NU5xpUtEirCNqeBOaX6Vv6vW74ljoN8h4V2ec4MRR+T7GbxBcHdfmNDU0qcbKhC6oF6tLEyNnzArJYPkNQ0azDxoBPMLnVBQlbl4SzWuY2nUuN5ZgsmcTPZpMXx5Onz777rvJ06OCPqdPc/by8GWxz/bZ0XdPn3fRG2op/jFIDtN3UO2/9wZ177UJgQagF1SM6kY5vxtomiFbxurCYUhsaeXwCwq0q93QQ9/+/nT/+XeU7k/oy/3DyXcJV2hUmXKEnz68uYUb/PThjdcxfby2bmpwRGIvBjulAXMD5PLQ0r6isV6rezIUY50zMlGMYmFfuRCWJCTR+ZxZTca7rmpq5u59Se7Sfmqz5tFTFy3pzCmqjB2zthaLReaihLNcbrWTB6CmNIbvU8BnRZd4ObkSk2fndrV7FoUWr2h7LZexYRztulTQBQOJCdCeXDsfTBJUgOHNM+ldp2MXVukiM3tE015CC6+Aww02TwEHluto7luUAbvmljn5ySOHl4rPuKClPw0BLY0qO6HpnSG4xsBnqOg8tRcaJiCOoIeaNJYVqiXIC3M4b+33O4OXjII1q2aKy4JUjTYwyIS5JousGPCToZ8LHp4wslWL2VZMQrOvb2X2u/4O1e4GTEwnsyp69++/ZLpUJolAt0ihU+NaCo//Mk7o38h6q4Oc8V/GmCzW9iF6oDum2g22wTybohvGsiWwk/HKHjNnK4NqrFaeDodomcQoY3vZsC4uyNjSmB1vPCKLOdyIeAhdJpeGAsVCG9XAJWcPNZab9UJIO0A7DSUYEPnap/LV0dHTPUxD+I/f/tpKS/iLkXULo/6QbO5CrGQBaWrxPAKJ6FDEPKy2H9qU5HCKEPpcScGNVFzM8KS4OuFFYJoTZo+k28wRJkNRnW4PzaGsfSlnLuDOvmpPPTQg+rWBmAm3IVi9msJ903VGh90MRtXwWhiWgkS8oDoAOmrdh4OZyJ+1sXa0FT+39rymWic7ef9NrnD4jvTdaTqy4V5l7bkTHuQQtNUBZwMhWWkoUA+Oo6On/e4bR09bQEHB+E1epjCBI+IQXArw4i+4tsE1pPLmVofYejz+P4DHs0942cUbOp0FEgBR8Am3u5D2XTihiQEDW9AnsPsceWxPT2G+SWPCU6NkMlwsXudhRIwYEYRVtYnwAOj45Ni93clea6WbkgkzC8ZEyyhgFhJlus5F9keHgVkW/BgD9vXEgKFysykiuIDRV/NEuG22OvcuWsfGrwblM4R3xb3V1rsfo9vIY3TbZ0W3bTjwKq1bkcgoKQQtI4i+vfXJpQ+N66ar9jtvhig6FG+x/+01DTK/08fbKazfJ2056TXG/DPI+EnDTOw3nGl3o/rwHFJJ7AmBplReeHXSG2xCByAncMNtrRM7anUHh/2/bWDiHxmT+CcKR/x3j0T8EwQh/tHxh4+hh7eGHn51UYdfa8ChfeojnXmTWHIlk/jtGhczjuGv51g8TlbMN6n2nRiDSOCAu5yzpe9QPZcLYhmMAPeh91pCzZFcVtBez+u4NVVWW2wCqF6/vMNdykL1qAc4yW627pbw87mvqvAALXlTgCLqekBd0ClVvAXUhg2aPwm3odftwiuRuAYS6X/nZUn3nmX75Ami8X+Qk/OfHErJ+wtycPjxAKX5tzS3X/xjhxzXdcl+ZpO/c7P3fP9ZdpAdPAvs5Mnff7x8+2aE7/zA8iu5Q1wpmL2Dw2yfvJUTXrK9g2evD45eODztPd8/ytp9b6XOprTi5abMTO8vCI5PnnglQLFiTs2IFGzCqRiRqWJsoosRWXBRyIXe6SEQn+zBvTlfwPuaKZpEVnphCERiUJnmLBKAgqTkFUUUcDvfyl/pNeuu4IopwR5sDThbABv9xHTh2VEX8qPsKNvfPTg43IW+ejzvQr/J+iHD+Pd+zgT7qxD+jy60XkR6KIj9fI7ucyaM1CPSTBphmptonaoF79H6YAGpzQG/Lo0c7GcHXY6yWVD/q891V1wNlgt+s2sneUUmmJpART6XCj/uYpj+N0GW+Bs+05rtf8KgJ94c7SL7JxAd7gLqvXIEwmXpukrCAkF3GywJBfDOpTbJERpCSQuWH93zfulu1a2RJxD8zyv2eyyAhAPTkgcPWE3N/JUzLHQervhMUZzPqIa1R8e1tIaVk19Z7oVc/PDx1pX8z3CLBczCPoI4PWsUoNMV2hpYXw9p/bWFQqzrLAsGHdyN/sCDW3fj6FBQCyLGMl82cN0dv+RYAJNDc2d812oMjqjzUjZFpN8T+9HbcqDuHXUlpgeQ/9b9imJq3npVE1oUPu4R6ol9hAc++iF9b22pUgpvrRpeyGolLUVELTnGKOAvu59upo9UCnSv2HPmikfBivHcD0zOKzpjA1PTiu/SSV4cHD4d5DBx9jM7Ajk7Dao34slvhaPNv5BjSyZYzBiKAodTEopsMEOzgBJA8i10NvjwjXSWzOEBjMW7b54mLCg8f+eZ1jg6nbnWPT/JbBXN51ywj0lxy5sncy9kyQvrzuX4Oi+5WX5cg5ve/Na6szoaX3fjeudr3XmwMs5ac7QeHRzf86NC5ldAq44hnfrPA8cLf4NCpt3ylO43e671XCrzEa+FV2RKS4i49rc4zrcbmNGK2zaARQa07fYrLSbii91G7A4jK0HY8CuDSFsxleU4d58NOF1yoO44a+fN9Sb9/OmcF5X8hVy+P31vBZsFMZJUtLZMVrP/6MHSkjLIzZIGWc3PSeDpCELmKdfe55Fuf8RPA4OcialMqdVdC1Ak2fOahEDt94Pk6e6N1ycXaV4mD9VFWa6zZVVm7jnMX6UuNVRIsRvf7FhcZYhyXE3pq7emZRb1Q0ykLBkVa6J3GjEC1ve47f15pc4mDS/7U/Z3NNzeWwcvTg/2X26tB877CwIzpMbZYUCsBj94Dm6CRRvFTD5fHxg/C/pVxDJQ4FUzgWpLUNrN0eHf0+8Gxo2/B2GvLbnFQUlKhTdz1fjSrZy1BfTNNNfFeC2LYbZzp8OcYKCWBZojB6dqBnj45850Lgvy09lpfyL7X13T/P4WFUfsT9ap338Pk3kbVn8yxy6//WLGnPz8saJ1zcXMPbv17ZqnKIHYXSQVrfsgg/MFzvvXB3cC2zDwikHJY83M/W5xHHfFRhesLuUS4q7vdeI47oqJoaL9tCnvfcnJwCumvkUO+tyJ280S7i70ffm8OK67YBwvj7fLefhiYFz3Y7xXglI7dA/EscmdLgH2aV2x082QsU8sbwydlDeJnm7Fv8pSXnG6SxsjC65zeZ0qJ/8P/kpO3S9Lkj5HEs37VuvJwFDpLezgCEOusgq65zI0MbWtqHcwqXkDqasmLqcBgMRMOjwnv8k8u2K61zSfO7cmZsIEZ7MrK+JC2RiHFIhQvqJoILIYenQ1dcumSTCWtMLyu8EoCI71mipaMWi6pMiE2SFg31xlEox4gi/sRwzJ4wWAptk1dBurqTIaYxvPzkfetATkzosRBBOAO6cFEhUF4Ua7hhNDKHRJdrWSRZObuyPy0tW6xrPrhrFiYljbTdN+Nrm0pt3WwfL/JJl555apRSHV582M76alvnH5CS3opInMMBw+V/HOs//04Q2ZW+UTumDAdI5aAZKbkJ43quPMaKtJK2b9OWQC+fVhew4kcadS0sbMmTCuAIzPEAlW347b4sR/XsNxcUefxTep6d+x3C53b836PS8ZocalhTvddIjXaWYafhP+go4FHH0ApxeYmRfS/+Y0tNqyQ4/JhBto3kPeuxZx0mJ+wTXr+BQ0M7PNwTK7EywYu3B3aibk2Mduyqlz1oXgU2CSMSOffXI1f3EyS3LpLYxZTeVQbDPkSCHJFnIhSkl9MkdG3oukoBDxGb1YYLyi+fuLEbnmFNXSt6dnhlU/z5li3ytZ6UgyWTKExxWfekjTCCsXkt6LTYSgp49tiSOI1XQRxh8WslaiN1QcAPOLq2jgbP0hgLfByDE4w7OZYjMn43e6TxG/HitC9Iix5KL5tFKU6hWvuHj9xr7ggrtMqBIGWzgof/XCm9dEh51NLkTMaEelKOsiWZbszsPCSNs6rMYO0h24E0//uUPHZjbxLk80XXYdAjJWzRH4gd6/w7wwcvbNYHz5TTz1JwxcTMxXpGvLCzpvU/DV5r/WqMf2UR8U2Rl7FcEkNpQ1kJ/McHbaRXNL07rbYCI2cAx6hE82WG/tr0NuwibX35nly3HQGTCNNmoF/HbGbH+3YkQXLt3HxGrl7e4Wte50ESUrkPKZ4w5QiOWGGNqyHol8H57fKI10p/lyIumOeA9Ukgz5IGTSm+++6KQ38AChaHrdketX0siFfXSj5JHM8OWUkQx2D0SBoz0IPaRT3RcppGMiNv7/AAAA///sEYqk" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mrqW5bdgI3/MrMMohj7E4eVzaHNJJI6dRm8SZOG6ODkzCFGqS0BCgZPfXd7BYPEiCFGnLmV48YxHYD1gsFovFYqFZmmGyJejFSWu9tmOVHm9eTOTw43pNYCP/jeLa3fJ4+K3z82//Xr3wi73eGnNFFd+Fd+Z3rAb5pNUNr3I401t8EfvFCVl8ZRlvyoWR5sVnnm8WMAR6m0Z2b/SgOvXpKIIkQGIca1zYeJcASwGUp/U2eYUxW3dwGQBfNg9mFlDwhVtjFL4rrUtwScS+goyCGSlpRXNzv+7T+sf5z+Sszk/IukoT8hx+0MqTXJwvzfX5SkC+qGsebLXqnFYukf9+I7Qy4NJek1GCbFixBb3fKFYTyVIQTm3Zgp7Q1tdWVOHjAYyWktC0FtIYzntRF9mAiFa7LKm4VEkuduCzWKIqAnHtKwPjJpsmqjgkj2hduFGPWhgQ7qS5B4rCLoL2YYDaH4oRvZaKmiscCFKznJqXyQIVcD8O9ox4DZM66CgXl5oh78iVeWiNVulG1ObfZWq3zOiP/Lsp0+LMe6D90UZD40NlV/DcFT4QZuNlYCoVBd6j0IMBTriY99D4TW2OzJHha7Xls82piSOE3tcW5St4zIyX7L/2RNUSpgV3FzC2VG3eocuzU7jkudmSvyOqblibuulLi6wIEwuYfy4P9uS91wOWs2BxwSqQNzWw04DF+tdjWr9vmrdhudFuAdHoaPQJR4dulLpmsISL2AmvpKJ++3iQT5B61tQlti7hmRXqtBBN5uX3o/7XLiO1nqQ0o4rGRforfjW2QNqqCvtNn6yBZtklFLi0JHXJlElp9hpWwlu9hgrJthZaInzglL/6Z74sb8flIzysxyp6nv0DwnhNj812JwLOS5qzCDQt+ZJepdnrN2+j2tCjrzUFsl65bbThkx0KlM2n5IMWEygkiiycJbZBmnGJYwkw+YCcRQuPylmAYRvot9jjMK5DrvxspAlTp4M1df4EaCVNN7xioGAmgWGFJKgwFSvcFVxO0KbjtaaiooxPHbje/JqKU7PcG73jGK2iUfpWH2UivQFZRYW0sv9Hppf5RqSiSi+rRWEyKIA2Mt/0vJYbUatLsyx4u8iu4gZv6ZTRwGrrmkUih3vtKi0lYpam8E3dOLMChsWrRJk2AKU1znw00HTBhJqJ2qk5DfT+cHiJhzwlP89WZ9qw2WvrvKSQvlKyv/Xa0rIyyLilQYb1OXE63TQhsZKr13Mvt5/NfxEi6+pahNKKy4KuTqyuCQRU/x4VT1w3Tj+eh+/M8soaPSyVyV2JeYWf4hEuxZdu9dbH1+wE4QqXPGBY0oeHphUpG096e4i9154jcFDkh72PK2Ry1fCiD9kfUbd6L17/ZfX61V8X05pzdk4AIXSbxxuSioxF58FYW6SqmUo30xtjUUyofXXnJPCmuWJ1xRScY6Ac/iv8LULXf3fGXtty80RJKIXjWtVXOqhZW40el7kux7cii6udWZM54MBWmFT5/cHVUE1Eh98X6bvIyMV61QfSf+WWpsfrlKfYBxNZT+U/EMzG7fXBUF2+fLBiDj5flnS75VWOZRcvJ86ioMW4kJR0228yxOOb07D/u3YHbYs3vmaQUl8yddwh9nQHBjpj20LcQTqTowJ7ugPA2hBk101x9C4HhAegD9hB9wV2ZA/Cxo2+h+MaurjAoC73q8t390OELn7064rb1MbWAU+bzFoE2O1UsxMREnbL0kYFp5kkYnpij/8jCnHD6ZI2SmRcwkGF7/4/zVeywi93JCxHgp33Qe9JhFS4CmM7HMkhryCWS4yLqX0uMcOlZgM1MRxDXLsGBOGacUw+5koegDul6QZvn5gEUy44BJ8CwpvUjEO2H/ciPz7EIhWtVbNt+TSJSWVQmrgU5xRUmECTlkzpjtV4VgXjBo/7M5OHwvyg/z3B4AdoGni4aQFXyaVxeq+/n1jXEog7z07gfhkcXrWaBK5uJYEzcRZi7rptLbImVfMZCdF8bu4iGW0mur6Nwd5bXFqwz6SLQH4eIL84AB0EPsxENnUtq333A1mQpG6qyjxpEm+HTQE4G/3ixxdMwqy3KgCH0gotGWN62tTT3wbxqL9c0ivbvz2VTsRxS0kbtWGVcjGdJkGR8/p2ji1c5N+Eg4uZZxZPQtc/qtyudu+8QF0wQhVmW8W9aUzXSaYaPsY/nx62buL3/kzCO5dVb4O5JH4b0r/JFVcaJiFnJYeE7ZDqfc8l65wpSKbyx2tLPqst5orZfGkm5INNHSCu8dKAC44HJekT3bJbc2KHYCSM6yY2HVsRS60BKbqMyGZiXxWC2lxCCTmriruAjHv2S4sYBJOekB2nZlv6dbVWrPy1YTX7VItSepFJAhKWV/zatjSM8ceMKL3r6mOhwTXdO/pxI2uQvS6RL7hfMFEw+vrdnYLGXCaGOZznNcNoPLy+HW4nTH+0CdETxoJXze2gKdU7tz0//aIrYISbP7+FIYzaX73sGhPZodHEvvKJYs2mKOkyWQTG2VSyQOmZdL3RRLqEO+lc7ksaL/mLOljLg50u27HiAIZ/3uzVDFygnDyJpjcZ06kXJhYtcF+Rri/P7XmbjA+7/9qhprqojXPr0B4SmMCHMoH5AcJ61WVza6c1j5i5Wdjqt8t1M63vpy41zmP2v4PycB50CIY3LFs5IDo0278NUMQMGn1ODG/e5nvUunCeJQNMuSfdiIRobWiuv0wTkU+u/KPKSBfm4ULSpXgEKQlI/hEx6eEdS056hCOCIumuY9cPysi5Lvqo4hEgPFwyAmJHEApD7Y/IQwh1LFEIaRpu/C8AAP//nwnZCA==" } diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 138b696174e2..15ca88e10ff1 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -5202,6 +5202,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -5242,6 +5249,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -5472,6 +5486,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -5530,6 +5551,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -5714,6 +5742,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -5944,6 +5979,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -6002,6 +6044,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -6114,7 +6163,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -6281,6 +6330,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -6314,12 +6370,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -6345,6 +6402,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -6403,15 +6462,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -6442,8 +6515,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -6531,8 +6604,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -6555,6 +6629,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -6589,7 +6675,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -6597,6 +6683,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -6722,7 +6820,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -6730,6 +6828,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -6751,6 +6856,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -6965,6 +7077,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -7126,6 +7250,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -7148,6 +7279,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -7221,6 +7359,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -7279,6 +7424,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -7309,6 +7461,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -7369,6 +7528,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -7861,6 +8027,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -7883,6 +8056,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -7982,6 +8162,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -8010,6 +8197,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -8032,6 +8226,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -8071,6 +8272,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -8147,6 +8360,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -8160,6 +8384,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -8181,12 +8417,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -8201,6 +8468,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -8249,64 +8535,281 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword -example: 2016-05-23T08:05:34.853Z +example: /usr/bin/ssh -l user 10.0.0.16 -- -*`process.thread.id`*:: +*`process.parent.command_line.text`*:: + -- -Thread ID. - -type: long +type: text -example: 4242 +-- -format: string +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string -- @@ -8331,6 +8834,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -8353,42 +8863,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword + +example: ["C:\rta\red_ttp\bin\myapp.exe"] + +-- + +*`registry.data.type`*:: ++ +-- +Standard registry type for encoding contents + +type: keyword + +example: REG_SZ + +-- + +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. -*`server.address`*:: +*`source.address`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. type: keyword -- -*`server.as.number`*:: +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -8399,7 +9546,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -8410,10 +9557,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -8423,16 +9577,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -8443,7 +9597,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -8454,7 +9608,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -8465,7 +9619,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -8476,7 +9630,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -8487,7 +9641,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -8500,7 +9654,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -8511,7 +9665,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -8522,39 +9676,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -8563,10 +9717,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -8574,10 +9728,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -8585,10 +9739,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -8598,7 +9752,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -8610,7 +9764,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -8620,7 +9774,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -8629,7 +9783,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -8640,7 +9794,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -8650,7 +9811,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -8659,7 +9820,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -8668,7 +9829,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -8678,7 +9839,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -8687,7 +9848,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -8698,506 +9859,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC - --- - -*`source.bytes`*:: -+ --- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +example: endpoint denial of service -- -*`source.domain`*:: +*`threat.technique.name.text`*:: + -- -Source domain. - -type: keyword +type: text -- -*`source.geo.city_name`*:: +*`threat.technique.reference`*:: + -- -City name. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Montreal - --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.continent_name`*:: -+ -- -Name of the continent. -type: keyword +[float] +=== tls -example: North America +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.country_iso_code`*:: +*`tls.cipher`*:: + -- -Country ISO code. +String indicating the cipher used during the current connection. type: keyword -example: CA +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_name`*:: +*`tls.client.certificate`*:: + -- -Country name. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: MII... -- -*`source.geo.name`*:: +*`tls.client.certificate_chain`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: boston-dc +example: ['MII...', 'MII...'] -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.md5`*:: + -- -Region ISO code. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha1`*:: + -- -Region name. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: Quebec +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.ip`*:: +*`tls.client.hash.sha256`*:: + -- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. -type: ip +type: keyword + +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -- -*`source.mac`*:: +*`tls.client.issuer`*:: + -- -MAC address of the source. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. type: keyword +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com + -- -*`source.nat.ip`*:: +*`tls.client.ja3`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: ip +type: keyword + +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.nat.port`*:: +*`tls.client.not_after`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -format: string +example: 2021-01-01T00:00:00.000Z -- -*`source.packets`*:: +*`tls.client.not_before`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -example: 12 +example: 1970-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.server_name`*:: + -- -Port of the source. +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. -type: long +type: keyword -format: string +example: www.elastic.co -- -*`source.registered_domain`*:: +*`tls.client.subject`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: google.com +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.top_level_domain`*:: +*`tls.client.supported_ciphers`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Array of ciphers offered by the client during the client hello. type: keyword -example: co.uk +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] -- -*`source.user.domain`*:: +*`tls.curve`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.email`*:: +*`tls.established`*:: + -- -User email address. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword +type: boolean -- -*`source.user.full_name`*:: +*`tls.next_protocol`*:: + -- -User's full name, if available. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword -example: Albert Einstein +example: http/1.1 -- -*`source.user.group.domain`*:: +*`tls.resumed`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.id`*:: +*`tls.server.certificate`*:: + -- -Unique identifier for the group on the system/platform. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.group.name`*:: +*`tls.server.certificate_chain`*:: + -- -Name of the group. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.hash`*:: +*`tls.server.hash.md5`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.id`*:: +*`tls.server.hash.sha1`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 9E393D93138888D288266C2D915214D1D1CCEB2A + -- -*`source.user.name`*:: +*`tls.server.hash.sha256`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -- -[float] -=== threat - -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). - - -*`threat.framework`*:: +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -9283,6 +10360,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -9296,6 +10380,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -9420,6 +10511,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -9478,6 +10576,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -9510,7 +10615,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -9518,6 +10623,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -9540,6 +10652,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -9562,6 +10681,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -9595,6 +10721,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-elasticsearch]] == elasticsearch fields diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index 6c1ff0d820be..5ebc75b7aae2 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzsvft3G7eSIPx7/gp8uuesrAzVelh2bO/OzKcrOYn2+qGxlMncu9kjgt0giagb6ABo0cx3vv99D6rw6gclyhYd564yc65FshsoFAqFetdfyM/HH96dvfvh/yGnkghpCCu4IWbONZnykpGCK5abcjki3JAF1WTGBFPUsIJMlsTMGXl9ckFqJX9luRl98xcyoZoVRAr4/oYpzaUgB9lhtp998xdyXjKqGbnhmhsyN6bWr/b2ZtzMm0mWy2qPlVQbnu+xXBMjiW5mM6YNyedUzBh8ZYedclYWOvvmm11yzZavCMv1N4QYbkr2yj7wDSEF07niteFSwFfke/cOcW+/+oaQXSJoxV6R7f/X8IppQ6t6+xtCCCnZDStfkVwqBp8V+63hihWviFENfmWWNXtFCmrwY2u+7VNq2J4dkyzmTACa2A0ThkjFZ1xY9GXfwHuEXFpccw0PFeE99tEomls0T5Ws4ggjOzHPaVkuiWK1YpoJw8UMJnIjxukGN0zLRuUszH82TV7A38icaiKkh7YkAT0jJI0bWjYMgA7A1LJuSjuNG9ZNNuVKG3i/A5ZiOeM3Eaqa16zkIsL1weEc94tMpSK0LHEEneE+sY+0qu2mbx/uHzzf3X+2e/j0cv/Fq/1nr54eZS+ePf3HdrLNJZ2wUg9uMO6mnFgqhi/wzyv8/potF1IVAxt90mgjK/vAHuKkplzpsIYTKsiEkcYeCSMJLQpSMUMJF1OpKmoHsd+7NZGLuWzKAo5hLoWhXBDBtN06BAfI1/53XJa4B5pQxYg20iKKag9pAOC1R9C4kPk1U2NCRUHG1y/02KGjg0n3Hq3rkucUVzmVcndClfuJiZtX9sAXTW5/TvBbMa3pjN2CYMM+mgEsfi8VKeXM4QHIwY3lNt9hA3+yT7qfR0TWhlf890B2lkxuOFvYI8EFofC0/YKpgBQ7nTaqyU1j0VbKmSYLbuayMYSKSPUtGEZEmjlTjnuQHHc2lyKnhomE8I20QFSEknlTUbGrGC3opGREN1VF1ZLI5MClp7BqSsPrMqxdE/aRa3vi52wZJ6wmXLCCcGEkkSI83T0RP7KylORnqcoi2SJDZ7cdgJTQ+UxIxa7oRN6wV+Rg//Cov3NvuDZ2Pe49HSjd0BlhNJ/7VbYP6//aivSzNSJbTNwcbv3v9KjSGRNIKY6rH4cvZko29StyOEBHl3OGb4ZdcqfI8VZK6MRuMnLBqVnYw2P5p7H329TTvlhanFN7CMvSHrsRKZjBP6QicqKZurHbg+QqLZnNpd0pqYih10yTilHdKFbZB9yw4bHu4dSEi7xsCkb+yqhlA7BWTSq6JLTUkqhG2LfdvEpncKHBQrNv3VLdkHpueeSERXYMlG3hp7zUnvYQSaoRwp4TiQiysCXr8+d9MWcqZd5zWtfMUqBdLJzUsFRg7BYBwlHjVEojpLF77hf7ipzhdLkVBOQUFw3n1h7EUYQvs6RAnCAyYdRkyfk9Pn8LIom7ONsLcjtO63rPLoXnLCORNlLmW0jmUQdcF+QMwqdILVwTe70SM1eymc3Jbw1r7Ph6qQ2rNCn5NSN/o9NrOiIfWMGRPmolc6Y1FzO/Ke5x3eRzy6TfyJk2VM8JroNcALodyvAgApEjCoO0Ek8Hq+esYoqWV9xzHXee2UfDRBF5Ue9UrzzX3bP02s9BeGGPyJQzheTDtUPkEz4FDgRsSu8EuvYyjb3JVAXSgRfgaK6ktpe/NlTZ8zRpDBnjdvNiDPthd8IhI2EaL+jR9Nn+/rSFiO7yAzv7rKX/JPhvVry5/7rDdWtJFAkb3lvAvT5hBMiYFyuXV7SWZ/93Ewt0Ugucr5Qj9HZQE4pPITvEK2jGbxiILVS41/Bp9/OclfW0Ke0hsofarTAMbBaSfO8ONOFCGypyJ8Z0+JG2EwNTskTirlMSr1NWU0WdCOKWr4lgrED9YzHn+bw/VTjZuazsZFa8TtZ9NrWCr+c8sFRkSf4rOTVMkJJNDWFVbZb9rZxK2dpFu1Gb2MXLZX3L9nluZycg2tClJrRc2H8Cbq0oqOeeNHFbnTSO79rbPIuoEYFnB6zGZ5HE3RQTFh+BK4xPWxsfd6xLAK3Nr2g+typBH8XpOB7PTtncAKr/06mxbWR3YHqe7Wf7uyo/TMUY3ZJhGiOFrGSjyQVcCXfIM8eC0PgK3iLkyfHFDh5MJ504wHIpBAOF8UwYpgQz5FxJI3NZOkifnJ3vECUbUBdrxab8I9OkEQXDi9wKS0qWdjDL3aQilVSMCGYWUl0TWVs1Uior8Hgdj81pObUvUGLvu5IRWlRccG3sybzxwpUdq5AVSmLUEKe24iKqSooRyUtGVbkM2J+CkBuglSXPlyBYzpkVfWGB2doXpmiqSRBobrsqSxlu7dZWuCsBx7F6qMxBuHIQ9bbJyRvh60DwbhfdQE+OL97tkAYGL5fxxtEoPAfU45k4a607Ib2DZwfPX7YWLNWMCv47sMesf408mJjwPpkHpu7B9oOUli7evDlJzkVe8o58fxK/uUXAP3Zv2gPgaYRqRxTccEufSI4ede5YWPCmMqiwKLgrNqOqAIHOymtS6FHyPApzE44WMC6tRjgt5YIolltdp6VOXp6cu1Hxtohg9mCzX9jHE8jgUGgmghhvn7n4+ztS0/yamSd6J4NZUAOt3bHuTYWWHitutSb1+ocCMxbTFg4nIXssGUWFpgBMRi5kxYLM2miU/Q1TFdny5iuptqK2q9jUcxAHiugsUONxcD873Qx3dsKCbgK6WYIAd1QsWGLmtzlOkcKPWqYjIj+BvVEa3ViEuFGjUsSFBe/XRuAGgI6EWo83Lg4MFvErpOkNaYUd3K9dOGXeqhNsQTjenp8nWO/g8KD4RIuCaFZRYXgO/Jh9NE7SYh9Rhh6hYONPqQ7ylpHkhtvl8t9ZVHjtQpkCJVhz01C3HWdTspSNCnNMaVl64vNc2nK4mVTLkX3UCwra8LIkTFiVz9EtmgytMFEwbSx5WJRahE15WQYmQ+tayVpxali5vIeyQ4tCMa03pecAtaNm62jLTehkksBmqgmfNbLR5RKpGd4JfH1h0aJlxcBUSkquwZZ0dj4i1N99UhFqmf1HoqWlk4yQv0fMOtEJbHlRWp4zoujCw+Tpfpy5L8aIsrbkJ6xiHAW7okFbHl5X44zXYwvKOEOwxiNSsJqJwoneKDdLEYEANdvtWJRssv/rLlWqs6/0Xo0wTpaG6TtE4GQ/0BLSfq0FyF/tD2gFCY4Id07cNiE766PvxVELMCS2DQjnjq/i+FlrzhmTWc7N8mpDivSJlW0Hd+etlaUZLfvgSGG4YMJsCqZ3iVIfJuvB904qMyfHFVM8pwNANsKo5RXX8iqXxUZQh1OQs4v3xE7Rg/DkeCVYm9pNB9Lghp5QQYs+poBl3a10zpi8qiUP90XbiC7FjJumwDu0pAY+9CDY/v/IVinF1iuy+93T7PnB0Yun+yOyVVKz9YocPcue7T97efCC/P/bPSA3yKe2f9JM7fo7MvkJpXCPnhFxtgKUjOSUzBQVTUkVN8v0sluS3F66IAoml9qJv8uCJQYpnCuUcnJmubgTiKellMpdBiOwPMx5FDfjrYHglaSeLzW3f3hPQO6PtU5AeCdN4u0EPwdH/byCS2vGpF9t314xkdpIsVvkvb1RbMal2ORJ+wAz3HbQdv/jZBVcGzpqDqbBk/YfDZuwNqJ4fQcM4YE2cZ6dB8HJc0S4LFLKQqOlN3h4F9zZ+c2R/eLs/OZ5FAg7MlBF8w3g5u3xySqoScs2bLIuXgaP9QrcXFqVDzWXs3M7kZPjMX7j3fFlUIrJE5bNMmd1oWWqvBPUAL1BpuUCCGcl0QOtoglmOjEjpaQFmdCSihyO7pQrtrBqCOjdSjb2RHcwbhddS2XuJ3R6IUcbxYcl0RQbdvw/Cz5Q37yHvNda9Tm+/UnS3WEbjt6erCN0rt6Pc7cHq4jfcidtmGLF1ZBc+XDXm1U45nw2Z9okk3oc4dwjWEhds8KDrJuJF0fD/n8ffSF4TSXDOf1wKhXZmkqZzUC2z3JZbVkNfyv53HXRYNSJc70UzDBVwVVcK5ZzbfUfsG1Q1EjBYQnRNs2k5DnRzXTKP4YR4Zknc2PqV3t7+Ag+YfWenYxcqqWlVCNRmf/I7dWH1+tkSTSv6nJJDL2Ou4oabEm1Afs/hpygsiykIaCILVhZwtov35xGJ+lWLrPmeqt/l0ZktEjCyPoKtv8LUASbTu0BvmF2VifTuD18wi7fnO6M0OtxLeRCeMtVCyziUD/yJkJAUU0j2bvx4IrsE0933jCsxWPEEFDPn5tsgGRWUUzciPVoB75vkU2jmco2SzGpRobGZKnQRGsnR19OxcB0IaerOAYV5M3p8TmEDOCKT8NQKals91fHKsrLDS3Oiv8EJvAyS9YHYNqU5YAk+aBAbGtip4FpQeinN5SXdFL2BczjcsKUIa+50Ia5bW/BC/bIP4woYPbNUwUucmPxI/0YiqmLF8L1eTcvWO726pIaKxUMEA/CuUHqSXcCJ+sDMad6vjENGjEFvMDOY/lkLpViVhxtBStN0YAMTEMQKqRYpqGPKFglpPKTZi4QYwyr4AUafuGDXd04BMjlUkxxr2jZmpOKwl4T0eFBfEDrEFFtJB7nfUc3a7qkFfQkgKEP1YaU2Iu5lVLRGgHBa1z0AUn4DgW+0/KCyganDE5Q/8VqHyjGsRMkj2Arh6EIOPamiobg1hi2h84MjHnxYjhEvpCVYXpT8pYZxXMMn9FpeA4V5PXJIQbnWAqZMpPPmQZjTDI64Ua7yMgIpKWudkBvKzKT6xD20QbBjasa4UIuFaukCUEiRDZG84IlM3UhQ5gocTGBfkF+00V81RmS2rHHOGgcCIIf3eReVbLDch1BdQi7j7srBzPn5jjz9mVEEM4FQZ+pw4EXIZDXnbIlKfh0ylSq6IK5jEP4qr2r7PHcNUxQYQgTN1xJUbVtLZG2jn++CJPzYuSdGUD/5P2HH8hZgaG24PDuHfi+YPf8+fPvvvvuxYsXL192fDYoBvCSm+XV79Gr9dBYPU7mIXYeixV0pQFNw1GJh6jHHBq9y6g2uwcdy5eLj9ocOZz5uLizU8+9AFZ/CLuA8t2Dw6dHz55/9+LlPp3kBZvuD0O8wSs7wJxGMPahTux08GU/EO/BIHrr+UASk3crGs1hVrGCN20ltlbyhhdrOVU/2zcEZ81PmPnDmaaV0IUeEfp7o9iIzPJ6FA6yVKTgM25oKXNGRf+mW+ieuabrI3mwRTlb8icet/Q6RkbvsO+v5NaXt4QmhQfb4ScuMKSX9ZMkItQs51PuTckBCoyucOYBZ4yU03SQJIWMaebnnbOyTgRIuK/QiBmG1u4mFEuLIMODhrDOBbURGc8JwXHxvGifYV7R2UZ5Sno2YLLgQUWAFlSTScNLY6/zAdAMnW0IskhZDi46awOQ5LXdPnuS33ZLhluX2cKkLlmsNe8GdyOuOfqIAjdBkt0UO8HRSUUFnYHZCmLbPTw9ToJ5dQkbSYKgUkZy2vn6FlaSPHp7sBxKz8nT4HRFp8BeO79sYMwkPu6uyDjkPi4y7msM3WpFnq0VvxXFWExJfaD4rTAsxHE9xm89xm99ffFb6WHxbj6XE97F4ZcK4krZ02Mk12Mk18OA9BjJtT7OHiO5HiO5/kyRXMkl9mcL52qBTjYT08VrO1t6098RyMRaEUy14jfUMHL69h87QzFMcGpAN/iqwrggbiixl7iVghUl4sZIMlkCJk4ZFAd4+BVuIjDrHmLbl4vOWknLf3SIVtGTKB/jtB7jtB7jtB7jtB7jtB7jtB7jtB7jtB7jtB7jtNaK0ypEq4zL6bsL+HiLB+f7ltfGXqqn7y7Ibw1TnGnYKyr0giWVIu3vLlDLWf4Zh+CXUCYg1ljxYy2tmmZPqyQzZrBKAg7rBn0yLoSGsIdX8Px4xxVtW/pJ0tGBL/syA0hQsXyeGxGnDU4ojVc81VCa05fHQRjQf71givkog8LxFq5xnD6U+Op45z4+ptaKH9z7uX0sCFWKLj0yEMvufRRuqJVmAAyiXUUPxUyjRHLkfe1Vl06TSHmMAP+/ZkuHsuj58XuDW6CZLwPacmxNluT1yUUs0/QBy5PgWHN6w7CMT8osqrgc/NFPLsjCvvX65MIN37Wb2W225Ae2OtQ+sUoW/NJ2TtrnPJmTY0MqLnjVVCP3ZRjXL6pqtGlVbBzbWcYWOAgF7C3D3r1eehiRitZhSGpHy+cQL2F81WCqSS215hO8kQuotkHF0v7LfYEXPLjegzUMKNUkxwpqLY9ohyKzvKQb831iDB9Fm1LYEO+lLpBiOBTaQ0sIFq3p8bqzd4OgJ3GcG1HMANqEO6Ke3SlM7A4HoxhE6a2/+GrNRKG9dAJRV8CwPErSAf3ae1rGwX7m/38QC5u0tl+2VUdLcUn4Ugd0UmMJF90uVEdJPqd4mZ28O3772h6ICbPIsu+XN6wYpcxpe1uTMYoTkcWYxBMuhS/0Z8UaXUuLYtAv42GAQeBcZuQs8Cqr8Tn9sDumL6Y7htJD3u06tjcPgzrYvW1ZLBbZCuOB3xlj1lGUVpnXLO4hxgMsnzcgSVnODesFBAxuguWaE6uM5/OUsbMp8KWWx57rnKqCFRn5B1PSx9RZUvbjuzOQ4G8SkYZTDHhjh+l0g3GNl/MY0/iJLAZIswX3nNGCqatp6YsRb+B8HcOdLafkkJTMGKaAS+LMBGZuBSbXWDovBj++IsfHI3J5MiIfTkfkw/GIHJ+OyMnpiJy+75Gs+7hLPpzGP9tez40pcHaH7NLQ4pwqclRrPhNJhXUlZ4pWSIGhKnzLkgNiGYZpJANB/FPNY2QHMgfdV9mfHx4cHLTWLesBb9iDLx5rE1qZwE7mxCiMq2Rot7vmAsy+KMC2ZFoSSminNjeo/Ws87mLhM3SH4jAoIwNmoBx3OuZKHP3HT68//L2Fo8AZv5jEIKe+ip27MFA1uVM+aPHwTV6NcCd2QEuvvuA97uRoCCl2a8WFgRKx+ZxCEwWlyZMJK+WCPD2EKC4LATk4fL4zSshf6tYbkZ0HJQmrDTKd09oeK6oZOdiHW2QGc/xyenq6EyXxv9L8muiS6rlT+n5rJETjhJHdUBm5pBM9IjlVitMZc+qDRjG15Eks15SxIh0hl+KGKefV+sWMyC8K3/pFAAmi2bUcKFN7yzUbtvkPd+I8Om6+GsdNIIqA/E0SQ5gEtLxoXHALjFVreyTaZxRuoDlohc44BUADLwwzjSJqdDM5tOs8yBxWgDRGLZxHCJEHuTPpFdg4xtYISURIYhTlJRS0ZYrLYdl3GOmPbjNkf49us3u5zSL9fBkdwalKtwsVx8fHbeHYq6tXnxP8ctyz0pUlOTu3YhyD9KBxat0Yd8wM/sext/Y52uHTKc+bEoxIjWYjMmE5bXTwRNxQxZlZev0oJdSKGm31QjuUAysjr7GvU4QvCVf3gBrsuCEJGEYT5IyjxApdRrgJFi0sO1Swj/btylJJOjSKBPgS/M6otpK9kWHEWDsWJRUr305lP9UyKDhd60n7u4PuBoMw/CV0AT/XcIzcu/evP3x4/6EF3QbPxnZ6OIKNn+S0ht5DI4doK5MC/bUvLyjRG1O/Eh+BFOUS7K4aivMm3oVWtV54LFfMdykD+ETsXDNF2LpugnWhiAB4m7/zCLSA6MwPnTMACzVTbv1PZI0G2HJph9BShnvFKWx4OnYyciwKSOHOpYi6q8Nq++yv9lV4k75V5RxP6PHSYPsNTVfylhcI28zd5gV6ywzdTe3VPtPPGaTXL19/V2eDgfZ0n9f7JWndB/dYwK9djCZGZmTMcp25h8boBvdgRCYIghGwnkYb7JcCLtGyVx2bkJ/nTOCewQZio5ggr3FR8Jxpsrvr7KTOhwGttowkuuSzuSmH8tST1cD7rrmhBa1klkVb/U25Kty0+NWC6uPr8jmraAf/pNXBa4B0DrL9bD+lHKVkK6n0dfji9mZWMakzh84n3h8EA2ok3yWYNgIef8J67RXKD/ic8wTVNYPsoJJhVQSLZs8IwFOdU3sLhX5P36RnixvNymlUtKnA0e/hqdtQVDQgE+0+HY8CAnirGe4hk1cHYigGIEib5K0GIzTKG1yst1e1BtaG5tdXVrrY5A0LsxCYJbhkYJWWgOoSXHfsY6dc3xcSPgPGR2nnIZftTrVulQtgH3NWx7DV5Pj+Sm9oVlIxy941ZXkuwUvw2j+enuubThOL1zdrNqnDMzWUKO4L8g/nipfSqxCYU6543jqfgQ0cQ9/DdpcMe2S792TSFw6SH+d4dmhs8+bR8yb2ZwRm7nvWGe9MoSZ4sED7EbM4Rmx1J6fJItx4fijqW6cR6A7ma824CjKxp4czdaOSEWKk3ZjeLQ36WBoFPML8zYHGIBNmFlb0pqEDgJMxki54OJnrqYHN7/JSaru2Y78Td6Mb8xLckNhdp8HMrRJGxI4L8DHtIAgADSM6ecwNG3vwtbCeUktEecUqCXEkTENHBzdckSA+EtxNUwqmsMgJj00O3cM6p8IuHVoc3qfezRpZV58seuPoQd725vx2brQzGoS8IqwBkAYaJC18we3JNe5elOjmVJAxPuD7ZoyjJThshD3rY0DILi2K8YiMHcnvAskz+GrKS7aLUnMxRm+M90mEEUNnvSQMBEsX1CVQw1CVnEYztVtTrS0ydzHQp31FO9A3sR2vneaDM3SRHwSLOZ/NXQOVYR4IHNJrL51difqx9P1aOpuDBDEe+T3VTGjnMIo5YTSAGeCKI3uJlPrWNj9TZQ83NLacNlB2K4ibcmrFzxFZMHs5CkytgWAoQtsGJivM5faOAc+Fc0SGeCnXgrbG9tmNZmjAymkznKYGOw0lDCJrWC2HPZy6e+ZkoDzxxoVFuAbWre6JCR0k6fw+ssgu1DPRAvt/h4JUoUtuI5Lc/pHr6lTGugME2R/28rX3emP/kIrY5YGuATI/clp5wxSwWatpBhHCSzoJhVni+ZmLQi403vvk7LS/D0fPj160kY/H+o4DVkSFuY1fx2FwkF4VteGe4/ZCgDbcAXbFKDAM38ARO10tUdPvNeJ2JxQ1Jssnub1Tc5eZFFunh8ZByVcmrXptUktuuM4GOp2HoJEunz4TpJLaJK2MRi4yzixk7FLuHCATNqAWIj/1H/M06KLVqzunZQ4lMVyaUwnRHygopBYR50h3YYFI4mHM1r0N2wKv+h7FShsv8rCC8E4jTQ9JJQWPbbxIMsT2NqhufsfsR1+CzEhyzVhNmho5BbyUHq42VqGxI0DaxqO9r/DE5bQcpTsbXZADQcYFNVSzu5LOPj8gH6fpREWJdi97sNiDC7bCihxUYKST0xqsoCyVF4wwJdJy4oR/lHI2clpOKWc7o3RyeyL8TqE4sIwlOJJTmMsqyVjudh2FrVQsl1UFnBhangppgk0FhrciQmtuUGhChFYliybptIopFlNZlnKBAgIlhcRajKI3zIAFrKb5nGUJLsL2NmqdXPmBpMLOm1zUjbnyPwoqpAvD8kJnY9IHqH7Ly5IPPoOuHaCRg0HCOXVTt+QGAj6oMG2bkpD7INbtScbPzCoHijnvl4nuplZQ3RCH8ewDZhdoGHN7ynvJH0ysEzG06qKIoPbuiO71gPRmr0P/vZVsbtJ0fnuDgLfKtQbv1ObaYNbFj1TPyZOaqTmtNTQIh8bZUy5mTEGgxw64nejC3U9G2g2g6BEJCyhYJQU0JWWoGIPJj5vlQOqsL2449NfxX09Ov5g96ezUriZUfkr0lg7Mg72jr/laBPTJmpUPqFqpTqFzoC/DL5ys3a1m1+KVSLPxIrU8zr7sdP7EkH6LStBRu+DbcRxzrA01zCpctKSqGn+dkjwA2bYgpmx+Y3crzpLEXN/WMhukCyengCQEAo5u6loqo/0eWZyALA5Do+hSNjNgTtILQmHY6KOirje1u9Dxij6G2wlYws7Ia3c48rgTi9GSOaMNEJR4+/yqq6+FdS+TbgLvH+gCrKZBS5FTKGGiAin/5CSMWxjZCmndChHgGGZ44RQyv0pqfBZcWzItQIHGBDKQmxlV+ZwV8bRYgYSHHvCKGcXZjRfax1e4N+M+Ki9YTQ5ekv0Xrw6fvzrYx8qcJ6+/f7X/3/5ycHj03y9Y3tgF4Cdi5la3Qc1V4XcHmXv0YN/9EdmCVBXRDUgo08aqGdrIumaFfwH/1Sr/14P9zP7fASm0+dfD7CA7zA51bf714PBpu1qCbIyV1TbJO90Uq9jnWSqgRKuU1dZytGRGTqLbF3xr5KTPuu/tGy2C+KBjjQ6FY6CQ8ZTyslFskCGGEddijOszxDDu+oyx6QumG66fu30RvOBD+4ZmACg0gnzPB+xcLLXTMvpWgzdylmjJlT32ss2xouvdqzb+sA7UUSJaTs2C+ua8w2HeSFnIRy+WGhqwz42pix2sug393JuJK8vnBnYx1vb6jc3r7X9PrpkSrByRtzxX0s6/65a46w/37nFTcPvuTn8f8e3WNiqur690wltXcdtpKemgn+wD19cERoBbRnGpOEbpdNevHYhEyxIoTScRvD9p5pR9WDKo2840gTL/nKluddIA+5WQqlqDElcuYvsdGHn576yAYe9Y0CjY4cFiFRaxb4/kwf5+94qASvtcYK0bl4C8lA0cvbaq7AgBKAqzCnQCkG7bO+wQC4odxDSzTEDEZSDWnHOflqXvM95RfjT7rUlUp4crEHThBva1JlcKsCzA4B+FEAeE35sUQKnWPbPlCKw29LqdCcU+0twQqQqmXD6bk3AS+6WzXpZJsahocQkabg9ZNyypvvYgJX4wCB99U2GC9vGhee7sp0beal76OWQ8eRtcHDHNjEpC7vApry97azBNIn4skUK8QuaMJ03ttYHEBRI2ApxbblbOfDMMobk2aaiII0y3McEeqS1/HcxOdJw9rGfCLJqhzuu4lLNMw++Z/z3LZWHvVSeu+q9jXB9HXBjsq+/jPdBR4aZo4T1uR0s49iWq4sk8O73YydqShXujkAylREfV0LRDLkSYEYO5KrokMUorWk1ljY6n1cuFSMbOgvvXwHdtmjZ0rfJgt9s/0LhypwXEud5SG0hLcLqxaA9W9BVGEHtON9hfYjuR6pME8VC2ub0keyAi47A7HK2CMvHdO5jbWnqpGC2WjpIKNqVNaTyhR9NwckviAfTEgU07FlynZ+U4yn9hUh8iC9l21B5/KcD1fXbqJt963ShZs73jShumClptJQk7dDJR7Aa98f7xi8utHQymJD/++KqqIjPhtPRP7e4/e7W/v7XTYaP9IJUHUu4YkgtIvM6q0GD4TljLOQq99EZC65VQdhz3274I1USsHg5Qe5in3BkCXADK9/7zLfEnx/BWN1gBkt16BhmIA9FkYrlw23Pl4insr+DI81EAdmxX7dkvzwIVcucdk6dayxz3DqR80AqR7Y5CiIb/TEWxZ3HHy1ZMmjPWj1zqVq1k0eR4J8OUZ143Jm+jZeJ/fX/29n+7ZyHwzY3omvfonQxfdsqV12T6ZdcpxObbbbWPd9bjqSawmBCuc79OQOAY+gw2uP0GEoN4hXoCgGoZmR+6Xd3B6QzC1XmIW6nRl2QUza+9Nqf1kNV60L15P5AB/TAO0KCdY10oY8319vsdGNfsHnAfpFJjFJ80Bq1aFTMUs6UhxGIYzfhbqDUBwzhDJrovmxouq3Flpxo736AVbqwAM4ZVjBMDKTo80ZdtD7WJoot9dEQ0t9KsGw7EWRHh9rKdBaPrzIMimRu617AC54peJwGgnu7fKeAcKnNtCspQrStExwYu6qre92Dcm8uK7dHS4y44dixQ/XDuB4MVzk+YpAdW7QT+UCJ4Y5np54pXVC1dITF7qf9wdrpz675uH+zvH3TKXgceuWkIUyvKIHT9vZxTPc+q4tmG4Ht7+gyn6E+q5/RgQ7Ne/Hh8cMu0h8+eb27iw2fPb5n6mStsu5Gpnx0cDkzNxeaipc7s2FHN82HryFhE+NuLU92zcvjs+dMXTzs1rDcH7VsLbHI8LIgyN7SMK6CD8dTb+8+P9jtgfuYVPHADh6uTgluHT3lXQ/tCtQkdbqyGFRIRPDceBUemSetJ9lDms467zFouxMaM2yim2wm2IaJFDdZ07/PAmppNef+/b8oSxk+FpNsu2r1ViNP893saEweEUjuIpXpotpLIdO9FuSSKleyGWgK0mjjE8EJKHUhaW/bjQMLuwfOnnQ4rhqoZM1cbROolzIBotZqlXlYlF9f6i6VsAC4hAOCJRcvIngNQJh0kO70dDppfKBe50XI6oGtbeeUnkFdU9BEkKT5PLjrCDJ6d1SJN0pMBVUBU2X9wH2/R2H9gMs0Dy6lSy7RpLo0BEb5xRdofmHpJs23lxiCN2OuipfqH1HnFg5PXsHwOkSnRsWUhOztPUgQwHFDt6qa2ekpxn/Swr6e9z1ff2ucrbOvzlbX0+erb+WyygtJjK59Pb+XzNbbx+Qpa+PTVcX9/hS9W32CXoZx4kvI44OeCZ1y+sn3Ey1R+ibIbBLnOvfLPWx/+qy4K/6UrwfeCkR19/ug/35GSO8e4YiDPSJHRGQ2/03ImFTfzKqRkcuV82Im7g5UFciqX0VtVEqpPzZnPL3h7+mwEdpYdoPNaMcetM3JcFB6MafBOYB98N8RkSUq5YCqn2iuYbeCQGVsA0ZUExbIwdkSzmipqZCiYTTVWLaoVp4aRJ1rQa/SsjwjGx8zp06tnB4f3qcn9pS1iX94Y9sfYwb6kCSycJ6lbOe4/+s+3uhh9//WWixGD0Up7IurGYD41NvIPh+f1yQUmEH/rD8Ggs5ub+YBLDiaVsQ98u4KFT0YHVRMUmsEs6jR/2q4VMBoSpt2Ic6qKBVVsRG64Mg0tfZ9/PSKn0BA6abaOxZf+1kygyxoEWxTsXm2UVT7nhuVJ/OWD9m3oBPa15utJBB9fPL963rZZPDZnfWzOen+Q1tXkHpuzPmp0j81Zv0RzVnt/bgiS7R/d2J5nwiWfJsDGihYhXm/hA0fHHrIxSNP2/LoKyV4Vgavf3cF3aEkPsx6nIqGckwZ4HOuAR59+Q8sFXWrXD2kEoasu7jVouq7LBURhuyRxJm64kqLq5Bj4/YN63o0C3aTxSUPjCaMGGyx0sfBpjXdBAuL1cNO4zTTM/dFt5fCcm6LPd7fSZlLCE6kyociEEn8S/KOPaHdMEpKSfmtoCQ7JMGai1Pu6RBBj7GrWh3Iu0KDKhaNDyeOC5byAKm1WdgUyiowdSpR2Nl7qbEorXm4qNOb9BcHxyRPvFVCsmFMzIgWbcCpGZKoYm+hiRBaYFtJ38OCTPbibclP9EHsyL+5E223rSyD68nLDIijNLQ7eyl/pDeuuIMlt+QJrwNkC2KBzKbpwYf49yI+yo2x/9+DgcNcVyulCv0GBZgX+U++4W8YqhP9XF1pvhvpSEPv5HN1b2UjqEWkmjTDNbbRO1YL3aH2wxOfmgF+XRg72s4OjrF3Md1OB0pcuJ7zDfr+XipyUsilCdp9GUTNJgHM3P3qVoZz32BxmFSt4U40h7eGmSqu3Qy5zIusGZb1VORCT4cD01uqeFu7qMOLQnd1pu1ivGfKyKgThIvQnclJHCMz2nTDTbXt6+Kw9/WP73Mf2uY/tc79KT8lj+9zH9rn/zO1z58a0PMY/Xl6ew+fVHoTvvR8uBDHZl0IyXubLXJNxo8qxT4tjmHNsklVbIFUZO0JCP4z1fcf+hYkslhmE/d3vBveJtumrbeSmIYUdMAnM2kXvixffrQbRBcFu6AxfOoUWN+NWKH9kZSnJQqqyGIZ2A7i8lIaW7SDNLkafWGDhsGMnwAHx/ODo6TCCK2bmclP3yHYLpThVJ9UYiRwT0KEC84SlmfVGBq8wltz0pfQzcsFcSTKZN5UP0w5j+5bFW2c+b9rqCa9PLoZaQzEzIjWUY64bM4gmxaZMqY1FKX9ww8f6ISnmertpeY9+tbc3KeUs7eW014Hd9er70ufcdSpZ86CnQH7Zk34bnKuPuof3S591B+2nHXYHtDbUNHrdfjX3qq3QxilONOwzONpvO1o3ayQAuFZZXQ7ACBCjK2fpjf7GfbwlJOC0560PieqlnM0sy6lYPqeC68rJGfBlqKaTxC1D6asYIQDFboLL6M4ogd50btxQ+BVSWH3ScZg/LSzXUk6w5kGYCCtA+DHBZpuWRvh23FqIfyutaNerpdFZoZAGFsGKdPxvQ2W7SWOIos5s4SsvfDt2TT7QnvH65KLdvHwdaQgIbgMS5vZ7X1THIjL4Lt1mrSqPpfu1mLyFSIPTMQyloLhaYxlGKGlhr44woks8Df2vZ5LFEh4wCBqR0rq/hWRabG+bUPRVChZNTL5iRt2YdD8DNVm6DxU9IKU0VGNK64ns9MpjtyoaLqgS4xEZM6XsPxz+J2o1tByosxGb0SSHeda9rx9kXy87palwIsKFhuJggtC6Ll2p8CzUJGp0A2SeVuFIR8FWHuj/wH4MTgAKM4ywlwIWGvCt+geN91LNMlZSbXiOFe+yiZRGG0Xr7K/+rxaysP5TBuk9SWPWW/vVYX/YVRiyo3TKEYWENtc2IiF3cES4+sKuJ3GnuFdyZLrXyeHKpWzQ8NClggdaXJJJ70qzA2PslkOzLwxmjYXtzX6lN3QQMY0Y6E2xOby46VwBgbkseqi4Y3/taRhYyGZqVvrjatJ67RY2X8OSdosPg0CZPBE21rXQ13XJDYYFGtJAOflgDKmpavUKOEN/rKKxV9fYDevNAYi81HNLRVJs3jUj7VGXGyWtsdgpsegWO+otyJflC2PO6Q0L9XSgThhmpua+2RgmSaHHgolcgutRKiLYAviCJopV8iY9BJLkJaMC6l21Qf7cEqBES1fh015rE+b7d8Z98p65tLvqp1cChbAgcGW8XQaJMoS6wkW4xtHDwjLuK/xwNUTWvbPnrtpQq6NdSo+nYgWEhNqru+Im5Ug3nLphMl/CRzNGPnx/osmzo8Mju5VPD54fZQNLy6Y0h1L92SZ0jO1khb6Mm5+wJ1t1HQlhfcdpqbG4KktDdlmj4ernVPgrL1Rw2w9D2ncPn/aJ4/DprTja8P3kq1uxj2Z3QqEX17rI6qwDiPq7obX4mo0PvtWdbV5RG/LTt5jFIbkmL8i3ETn/EiTVrM17Ys1EaGYL/J19rLFiElj+HUt21BMIBWY+eHkwkCv99NkQWlu15u6H2ztPTLfw4d0nZqjAnqurZ3EcGUaqqsQkk+7EkdMAljrF/aCo3yjVSqxa0QPencyZHCzEdyvooTagV3Jo7P7SLg9ob4PbygN2CyWuVRNwkCeEDd9kvO3XQAztIplh1LWIAKqJr6CARKn9Azc/gaK3774/agj6w4JwqcnpXfLVHZldvpxcOx0Fwz6qqhG+WRVURID+Tyg60pj7QlAoS8rSuXQS3bLmuCc+KXnFj95pvtEtlBdKQN8jfSRq2Zs6LseoyWCZfig5kM7q7DC1kkbmsmx3OaJqwo2iiieEgzWGXclEaCWpUUauoMK0K9U3AoGUlhoa75dLVATiw/p6WScmGZ7/NrI3F5tIeT0iZmFlOeWAWaTNjKzmETtMJSW/bpgokkZMUBkCYIn1EuwtVIT6CLGCLBypvYJpQ87OsVSEHhEoEz4iyZgLrnxlzK/Q/0N51SKtAdP+OnWHV5r1t9Guj/Z8kLjB2wM7MpH23EDcB/Tda/HZsavOC2+6MvZJ78/wve/bMyJjf1jdTyiq8LgTuqkGbqTnnXZuyEHM8mpjISbbxxgvAS1a0RwsIAfEL46cnWM6qqOmpNN5akPzxy8mVbT5X7TAUWKkLHfpTEht7M1nqCioKtL2e2HYaSkX6Wa8YVQJrB9OTfC/zbiZNxPwvFkCga5sewF5u7zYtZfMgND3av7+X/S7ox//5e0Pz97+fe/F/Ez91/lv+dE//uP3/X9tbUUgjQ1YO7ZO/eD+9vfs2ig6nfI8+0V8SLp3Re361S+C/BKQ8wv5lnAxkY0ofhGEfEtkY5JP0GlY0BI/WQqKnxoBhPuL+EX8PGciHbOidZ008wamg5eXU2aSziyuv/AoXEiJnSMdM3AuO8y2JpBWZRd/w9kiQxhWTOxRIxWpmeIVM0whIC2g14MpAtKCwP4LIo+bLB05TJpt9S1kgO0W3UylWlBVsOLqc3Ikzs59ZGAsxeyOa/KTs5fVSn4caD318jA7yA6ytpWWU0GvUJ3aEIM5O353TM49d3iHmtsTf3IXi0VmYcikmu3hxQydMvc8P9lF4PpfZB/npiqTOtEXjo/AfeU7g/i3tOM/tIT2AsDBQOJ5x8z3pVxgtzT4y4UFhXFLOfMOgcbFBQ2tqYfw5y1Ebzr2DoWjydI10oDG/NLfvjpm2vl7qQvtDxAa8jOf8hbY2Az7Hpfw0IXrBvmkK9e9O3Dpxl8Grl3/Y5TP3AU8fPEetj3hnmo2wOu333zntYt4Z4L3iLCPGdxoI1ICRf1KcytJBhdxkHC/PsktBOGFKH4P9SZQeAEFKHSg5YSJodQOQck01jpn5G84T3oMSeiBETBc0qVlTk1Rj4jJ6xHh9c3zXZ5X9Ygwk2c7Xx/mTd5B/IbSJ87w0nl/cQalOku8RBdpmoMn6zcWi5nF3RFiMNGSas3yEal5BQj9+tBpgU5MA64Zg0ptA+/T724rUyHC6/1y+DXLOS09BY9CDUBM1+up1FgkOwSRFMyw3Iz8+OiRxsCSO0fcbd9vTriy3BVLyOt2Cb+QyBJc3b46BQ5KRc4wxdAttVPWX4opnzUqXnOSqEasj4DQcSrpLtauluFtVXpEFmwC0g+36jsXRjWQhoTo4lLs1QrWC+P6REovUEaR8RtPN0JL5YZNQUpmBN9OKbUmQ0NbrB6fv3Wo0VlizPGkkVpzKBZZX2HM8R24YHC0CoqlP1qAdVynDnShfZgR0oaO0vMt+IZVRLOU6ytA3jq/628Na3Bg8vryDRRbkQIbDTnFz3VaTCT3MEwoC6QYmP6gR07BrDzg8QGRMa9PLu5hgXosEPJYIOT+ID0WCFkfZ48FQh4LhPypC4R064OE27dtDPk0C01igbl1+M0UtHh7fLJq+i9lgNg+iUGQfRQkMr43AMOD2KYGPRupaye82XLkzFlZT5syTaCOWsU0hnIF2SzISxQDo1gJYkc40oJINaOC/+7aCqTGByHTuE4IcmKsYIXjPBi1hXCVbGoIq2qzHDAvX4Ep7uKH1kY8lswYhPqxZMZjyYzPg/j/2pIZrt/chkC9nPvud2YFh++AqA/391vwaaY4LTfrZvBWGTeZEwzv6jrxUMHKrjZIBzNok7KSKxhSKrvdUyWrtgFXuUpeSZ3e4L6IIy1rprOhLA3vYFLjaGYb+1sQUjYKDf/U8A/cSPCHLEsGiR1o57B/RVvFQNiMH7OF0lbMwkMi9T9h4PUI7mJZUWE60uTg+X2YVHq/KQlDjDHxUaaAd73RsPv9HVFF6TjeQMSE4vkcCQosQ60SAyHUJ5dVTYWXLqy4BApPixg7cT9pmJEO3SmtyAUBWFQpKmZg5pvy0rhWoZgK74UpiAAH/1O70EAAI67nPklhf0BpjbZYSL6MCJ3SRxBr4m3UIqVwdVzETvm3V8d/fxE6vLjI2GHS6TbhX7+UwZ9Sov2Ti7N/Yln2TyTI/oml2K9ehE2jDHzKluNy58lXtzK3eF+t5m1wP2lDS8xDQoeSn9XDd5b0cve15AeG8q+NQhgmElhymDX/PR0VYkjD0A4QHNP5duJY0HUQEtTz5AL6vDLuD9fQFFd+7wru+Zzl17rZ1BE6ccN7OTFutdsquNpvmAq5cf1YnReTp4cvC/ryxcun7OnR/suX+XfFC1o8yycv85dHbXUmmXxDKzptW9ghqKtNrAHy9zUTIfpfyZmiFegZJRWzxq7dSDJpeFkQze0be4qVnE5KtsemU57z6Owj0dXaFsEQnVc6lxtr2ncmCtgaMSNzuUgXDNlxYUdd1xBoAgdm/RGZlXJCyx5e8OuhhXxW//BLez4hBG8QvjbmSp4zoTdmdX2Dw7syDbHdRAqZYpA4WLQLmhFKdKi75XAKfhs3YioVK1mRi/PT/yJ+ujdWN4Wo9TBkLbXmk5LFuD5dFx8hps8Nqfd2+hrlcU3zOQsDH2b7X0pI8JwsmSJSjmzf/5vrlXlOzTyJ//f7xnsElbYjbbTaA9LfO2FlSdXeTO4dZAeH2ct21aH79yS9OxnQo63TqrTLTA8Pnx58QUHEQ9WeJa0tc5i9/KZlLsuZbulU58lXt2vma4kbfophvTqnIurWsUihC5FojYdJOX44wou9hGJdQHQrRRzUvbGfvoZihVNjrwhDl9r3fcapCDealVNCRcC3XVXNMcgISjkCF/Wx0qCnILjR/7mebDJbp0TTp+UvKEWXLtQXkETVDILAUrfuW7okE+asF7i8WkkrwkCUD4eqnwnie7zKfdwlOtSw3CW7ZfjT3kjhw8F+Zv/voB0BzD6yvDH26t0QKo4nWpaNYa2exh4rcfZhljLhYs+vLW129th//p+5//wmncKOpzqrRjiKF7JiVsuxfBCFdJRaQw1QzSteUtUXF7rkWc/Wsg7e64Y7i5JPWs024S9Mt84VFuTSxMg2Zus7q7je7+YNN8BA3Z1O5Z26N/dD3PzKVcCyYGzb5Q0B0r72taHdAPD7CdtzFtvwe4TDoAOC0fbh/sHz3f1nu4dPL/dfvNp/9urpUfbi2dN/tCOlzFwxWqxXsvleGLqEgcnZ6d0b5GDYaNUJAGbQoIiz77ZlbZCDNs0JYJJO9oLdVvh+hCVskDWEwA2qw8ZjksQJFWhQmbCYzP4qDJmEhxBKJkouNPgEfeUfB4S/HSFg2MqOrtdNCfkzol+X+SHr6/sF3avE/kKqay5mV6HM+cYoh/m5kpLq3gjhxdoOtHtzWbE9anW9b9JqlzHQ3MnZH5KvbpWzQ4KeZtDpMbTzdcVBrMBc8xsJ20qVbERh5WTOoGafXxg1NJAbuE7hAQgNGmhHr+1ecEEqKpakLmmOZfooxCP7umCXKQhuaCzuBt5d9CFVI3SOQaa6l09pWeIUvjuTdLGNIFPrWooishZXXUmQscNiFis7HlvVI1fMBFewxVCMQmN6lJSnmngDwRwK63on6sgZjUaRCHxm1YjkJYfKE/5RKoqQbJMmNPqyhQSqFRSwxLNzL+obGaHn9TgWczBzq5AA0lw5doz/OjsnRvEbTstyOSJCkooaA6aNaGzgBiajihUjMlmGJJB0qlc0m2R5Vozv42is1zhQw/F/x2UoKHl2rnGPpUgKM6a+vH4+ycV62STuuYE6E454XEH7kM+QSyFc5kts9esi8hWbUazLo5m2SrMeJc9DzQAy4SE3z6qAmBqZS1UkzYilIpcn525UjI6LGS8IW874TZSmXElFcvH3dy4t8InecT96XfnkPIEFy6FiWdGQzNmdyZnrsaxjCx9++9o51UJTNzhwBZevQWhuGh/3i5lhTFVkK4y3hf3Ep0HVS6EQHcC1b6wFPzvV34cn9yt0eFbieqTmyNh0Z4p0HY4hXbQmwBDHJimUErNJsEPBr74QINgW8KT7Yq0Dg0XUxu4FcUh7enEbdzHmGykhEMgJDr/nlxBaX7viF5Yb0MJy+YoKw3OfrO1CQdnHfE7FjDl+Fq0UPhrUSHLD7XL57ywJcBAkZwqMM7HQRiyx6ueY0rL0vApwC/Gohs2kcpVnXIEVbXhZEiZ0o1zY6opSCRZhU56YmJPm1+XyPgYT5OSbEsgwjAir8eDGhKsDa/Z5BlNN+KyRjS6XSM1pchAhC4sWHfQ5CFqilo2PCPWdU7DbBnSuk5ZOMkL+HjHrehemTRXwVCm6iGntSPfjzH3hSjC2BUlhb4ZYEKdoMKMJbT1je/9A1w7XkGY8IgWzVxZURPQ9naVIYoqt2NGRAqnO1o5hWyUIurgTV8GMluDoiwY32hgpZCUb7UMwAO/x6wCg9267hPrji3c7rqlHuYwGfE0YzeexaAKi8gwqQbB+wtDBs4PnL7trbgXEfOkYmBZ4P0g5Kxl586adyfDQdWL+CgVioEN/LLHj4vCkqxLMh/KtDl60HZ9D3Y8epmsKQoPjtw0Pj9lwj9lw9wfpMRtufZw9ZsM9ZsNtPhvuE5PRtvvZaL1ErBM0C3QidcnZ+Q3UFD47v3keBcKODPTFktiGMugENdlnKOrbl1b1c8oQ2PRT4R2LWb07vgw6sSuGyZ20FM+sJLXiN9Qwcvr2H2lRkPZZAQ2rlLQgE1pSkcNpTYoHSEWUbOwh7iDZrrNfPOUh6jZHBEDBk68XBZ9XeOjcVRz6FBmu40y5u4bN/RwpDu2rSNzyIA1O6qvN9s60asWcz+ZMm2RSjyOcewQLqWtWBJCbiRc6w5a3+tWgASYM57TAqVRkayplNgMJPstltWX1+K3kczdTtFUHvmCGqQou3FqxnGur5bjoCNA7oSYn2KibSclzopvplH8MI8IzEJ30am8PH8EnrHazk5FLNCIaiSr7R16FQnGTJYbOLYmh13FXXU1/aBGwkKSkE1ZqVImFNGBDxzJjdu2Xb051iPHcymXWXA/1PwvIaJGEkfUVbP8XoAg2nTLsgWpk7SQXt4dP2OWb050Rel+g3pa3T7XAIg71I28CBBS5fgjJ486f0yOe7rxhWIvHiCGgnj832QDJrKKYuBHr0Q583yKbx6bMn5cg9NiU+bEp8+CePDZlfmzK/NiU+damzK5wOTyXuDn9V3ckv/qy512nmUl/kwryUa1sH0PfC2qoA25BNcllWUJTkDsSXKdcFK6jlKdOqPqKZBm6J/q57ZM+h2x9nw6r56xiipYbLOb92s+RsifprEEe/Cd8Cro/+8i10Tu9Ci2Fq7pYLgm63zShuZJaE8Ug+srVxh+7AeH0+XYOfcnkBT2aPtvfn7atG5s4Ttt91uy7tjZCoLcbIQ5dHh1KMD+/VlwnPEdOMRREyII5M1trydHbFMKVgGBAnitahjSPWPdK10+zTIFxdW8qes004SYmV6TcM0qolk6T6o14MATrUW07oMIeGCuT87wpqQJ4w5AM+1DFlh1ti6BzgXKM/BAMnVfaleBMi3W3wIBWXLKF9nZDS4cbl2EunUN2bN9zLN1yePhose9qvPbprXj6HXvGJlO2T9nz/Ojld4fFhL2c7h98d0QPnj/9bjJ5cXj03fSu8swPQ5HpFeyJLVaEcNxpoChEq/BBQqXhZMJdCWEzobJ1KRe4/QW3avukSatY+7YWiFXVQIhKuHgsVnX7ekZF3kcOaEOFfRssRPGEiGCcbnfPA/sK1bCC12kHzPYp8jd1E7vgOdNMow2LzRKiqvhXRo0eGgQ1roJNaVMaaD5Qh7C18KjdyFgS2sVYQbkn4eo8OXJlA3TV6uS5mxa0DEQki432ugzURANJwJQdPpNQgllI5EWtalj+Zc8VvcRqf4NjamQqEoUwSygYkWHNkqlUbJRsgl96YIvRbzDxgk0Y1F0nATIfAOZHW4+WOiw5AaFPUR0AhE+3B2OAe6ZNqI4GM2gGSTVLO7WEk+y69IZxoSWj80LmrDa4uDAbQgwo9sKVA5K5Uic+Yk+3mzJiZ6RZw/U87Fo8lHCk7X2BbRvjVe/uOaktqCSVdF1LKIcXwbS39AaWEIfvcKE21UQG46lnh+wiVwg4douqqMDwKs0GxAQ/3+6++6+TPqOTgMsH9YBi5C+O31nrH1M+6F73BLyYUI2lFtRDB+TZlpwQbuhEMPcrSSZ57TfobIqDxGq+ECvUhq57Qlew3lA3fNziqkMNpdPfW9uxuQI/2//pc/nbGxICzFq6RX9XIg+GmuXymlB7JWHRHGaIFOWyq1vcxCkDdx9oEJQdZml9coxDa6lZ8ZtbtCx86u6oxKQNOnUumb22SNgeKQk/vCPwMHU73btV/BcMj3OBfo/hcY/hcY/hcbeEx+E5cduUtmnp4fCLxcj5PpOPMXKPMXKPMXKPMXKPMXKPMXIrY+Sw29ifLUbOQU02GSPnrvY7YsNo6QKq4qmVIWxsMD4sSZUiRlFQgMTsq4+XW4mO7DPx8RXGy60v1H3BoLkBmv/Dg+ZSUfMxaO4xaO4xaO4xaO4xaO4xaO4xaO4xaO4xaO4xaG6toDkozIR4dc6cy/jNLc6c79H3YumkpFrz6TLt6kpLpuyfeS6x4oe9d91cxNCPUsjKm1pCFeo5I2+5UYwcX17+t5O/kamiFcO+4e7RViAd1D2QCtbZBsTNjqUqQ50UrpzI7HRIN+bZ6cWIvPvh+59dt2XvnKeE5LKqLI9w8KLZHxeRGZobnmffAhi+UJAbMqe1aZzX3gruTkryZR5CC2hEh9PgtnhV09xs7bSnYfkcSC371isucfWhPpGfEF0m11yAFgCCDs3nlo+DnjdZEm9+MuBF9OQHc41gk/JcVnXJNQbNzCQtPXxMFGA1JAUT9oRatRRdhls793CjhV39AqzUYThMGZzV00ZBcRe3Jfx3NHd6CmpJgLjT8HvYjRDix6zWCWFrsF32bgyTudHaTZWJF3hdMESBEUTQKzhUtdcjwqx0DDYAaggXM6v8GV5h22XFjJK6RrGzTMClsxku0JdE6Rz/t2eXH16789XWXJCcN3YVW5LmqJsiOj1BAj167P3d1WrypXBSdhAW+ZYaxT+SSxwn7KAz7Sa12DLyxHe316/29qgxNL/OKjsmVIlGSPTe5fH+/tH+Xphgp4s1fGAIX19IJAiBGuvjLqIrZalfHnfI1YZwBzWNmMg3V46QkTAHaVT5J8XgvUYIOA73xpc40oEttvGK+zx8qsN6HxyvHhi9d3lw9PLlbefa/r4CbRs82a1I2z8p6lYLAyvw+cec9rWx27rxN3Tg18fuvcYIuFY099YrL8onX62W5U9j5LYfZDgRgApaLn9npGYKlDMB4WlKNrO5bLxuRknFcyVD2krStgWEcaugCEZuOFtksTtvEDvdNiWAk0SGJ4rZxRtNdqPHwJf3W7CJ/93HJ02VFGaXiaITcLhrl/NbwxRnmlS0COuIGt6E5tfpm3r9rjgW+g0y3tUZJzhxVL6P8RsEV8e1OU0NTaqxMqEL6sXq0sTIGbNCMlh+w5DR7INGAI/wORVFiZuXRPMapnady40lmOzZRI8m05eH06fPvvtu8vSooM/p05y9PHxZ7LN9dvTd0+dd9IZain8MksP0HVT7771B3XttQqAB6AUVo7pRzu8GmmbIlrG6cBgSW1o5/IIC7Wo39NC3vz/df/4dpfsT+nL/cPJdwhUaVaYc4acPb+7gBj99eON1TB+vrZsaHJHYi8FOacDcALk8tLSvaKzX6p4MxVjnjEwUo1jYVy6EJQlJdD5nVpPxrquamrl7X5L7tJ/arHn01EVLOnOKKmPHrK3FYpG5KOEsl1vt5AGoKY3h+xTwWdElXk6uxOTZuV3tnkWhxSvaXstlbBhHuy4VdMFAYgK0J9fOB5MEFWB480x61+nYhVW6yMwe0bSX0MIr4HCDzVPAgeU6mvsWZcCuuWVOfvLI4aXiMy5o6U9DQEujyk5oemcIrjHwGSo6T+2FhgmII+ihJo1lhWoJ8sIczlv7/c7gJaNgzaqZ4rIgVaMNDDJhrskiKwb8ZOjngocnjGzVYrYVk9Ds61uZ/a6/Q7W7ARPTyayK3v2HL5kulUki0C1S6NS4lsLjv4wT+jey3uogZ/yXMSaLtX2IHuiOqXaDbTDPpuiGsWwJ7GS8ssfM2cqgGquVp8MhWiYxytheNqyLCzK2NGbHG4/IYg43Ih5Cl8mloUCx0EY1cMnZQ43lZr0Q0g7QTkMJBkS+9ql8dXT0dA/TEP79t39tpSX8xci6hVF/SDZ3IVaygDS1eB6BRHQoYh5W2w9tSnI4RQh9rqTgRiouZnhSXJ3wIjDNCbNH0m3mCJOhqE63h+ZQ1r6UMxdwZ1+1px4aEP3aQMyE2xCsXk3hvuk6o8NuBqNqeC0MS0EiXlAdAB217sPBTORP2lg72oqfW3teU62TnXz4Jlc4fEf67jQd2XCvsvbcCQ9yCNrqgLOBkKw0FKgHx9HR0373jaOnLaCgYPwmL1OYwBFxCC4FePEXXNvgGlJ5c6tDbD0e/+/A49lHvOziDZ3OAgmAKPiE211I+y6c0MSAgS3oE9h9jjy2p6cw36Qx4alRMhkuFq/zMCJGjAjCqtpEeAB0fHLs3u5kr7XSTcmEmQVjomUUMAuJMl3nIvujw8AsC36MAft6YsBQudkUEVzA6Kt5Itw2W517F61j41eD8hnCu+Leauvdj9Ft5DG67ZOi2zYceJXWrUhklBSClhFE39365NKHxnXTVfudN0MUHYq32P/2hgaZ3+nj7RTW75O2nPQGY/4ZZPykYSb2G860u1F9eA6pJPaEQFMqL7w66Q02oQOQE7jhttaJHbW6h8P+nzYw8Y+MSfwThSP+s0ci/gmCEP/o+MPH0MM7Qw+/uqjDrzXg0D51RWfeJJZcySR+u8bFjGP46zkWj5MV802qfSfGIBI44C7nbOk7VM/lglgGI8B96L2WUHMklxW01/M6bk2V1RabAKrXL+9xl7JQPeoLnGQ3W3dL+PncV1X4Ai15U4Ai6npAXdApVbwF1IYNmj8Jt6E37cIrkbgGEul/52VJ955l++QJovG/k5PznxxKyfsLcnB4dYDS/Fua2y/+a4cc13XJfmaTv3Gz93z/WXaQHTwL7OTJ3368fPtmhO/8wPJruUNcKZi9g8Nsn7yVE16yvYNnrw+OXjg87T3fP8rafW+lzqa04uWmzEzvLwiOT554JUCxYk7NiBRswqkYkalibKKLEVlwUciF3ukhEJ/swb05X8D7mimaRFZ6YQhEYlCZ5iwSgIKk5BVFFHA738pf6Q3rruCaKcG+2BpwtgA2+onpwrOjLuRH2VG2v3twcLgLffV43oV+k/VDhvHv/ZwJ9lch/L+60HoR6UtB7OdzdJ8zYaQekWbSCNPcRutULXiP1gcLSG0O+HVp5GA/O+hylM2C+p99rrviarBc8JtdO8krMsHUBCryuVT4cRfD9L8JssRf8ZnWbP8Gg554c7SL7J9AdLgLqPfKEQiXpesqCQsE3W2wJBTAO5faJEdoCCUtWH50z/ulu1W3Rp5A8D+v2O+xABIOTEsePGA1NfNXzrDQebjiM0VxPqMa1h4d19IaVk5+ZbkXcvHD1Z0r+bdwiwXMwj6COD1rFKDTFdoaWF8Paf21hUKs6ywLBh3cjf7Ag1t36+hQUAsixjJfNnDdHb/kWACTQ3NnfNdqDI6o81I2RaTfE/vR23Kg7h11JaYHkP/W/Ypiat56VRNaFD7uEeqJXcEDV35I31tbqpTCW6uGF7JaSUsRUUuOMQr4y+7H2+kjlQLdK/acueJRsGI89wOT84rO2MDUtOK7dJIXB4dPBzlMnP3MjkDOToPqjXjyW+Fo8y/k2JIJFjOGosDhlIQiG8zQLKAEkHwHnQ0+fCudJXN4AGPx7tunCQsKz997pjWOTmeudc9PMltF8zkX7Copbnn7ZO6FLHlh3bkcX+clN8urNbjp7W+tO6uj8XU3rne+1p0HK+OsNUfr0cHxPT8qZH4NtOoY0qn/PHC88DcoZNotT+l+s+daz6UyV3gtvCJTWkLEtb/Fcb7dwIxW3LYBLDKgbbdfaTERX+w2YncYWQnChl8ZRNqKqSzHuf9swOmSA3XPWTtvrjfpp0/nvKjkL+Ty/el7K9gsiJGkorVlspr9ew+WlpRBbpc0yGp+TgJPRxAyT7n2Po90+yN+GhjkTExlSq3uWoAiyZ7XJARqvx8kT3dvvD65SPMyeaguynKdLasyc89h/ip1qaFCit34ZsfiKkOU42pKX701LbOoH2IiZcmoWBO904gRsL7Hbe/PK3U2aXjZn7K/o+H23jp4cXqw/3JrPXDeXxCYITXODgNiNfjBc3AbLNooZvL5+sD4WdCvIpaBAq+bCVRbgtJujg7/ln43MG78PQh7bcktDkpSKrydq8aX7uSsLaBvp7kuxmtZDLOdex3mBAO1LNAcOThVM8DDP3Wmc1mQn85O+xPZ/9U1zR9uUXHE/mSd+v0PMJm3YfUnc+zy289mzMnPVxWtay5m7tmtb9c8RQnE7iKpaN0HGZwvcN6/PrgT2IaBVwxKHmtmHnaL47grNrpgdSmXEHf9oBPHcVdMDBXtp0354EtOBl4x9R1y0KdO3G6WcH+h7/PnxXHdBeN4ebxdzsMXA+O6H+O9EpTaoXsgjk3udQmwj+uKnW6GjH1keWPopLxN9HQr/lWW8prTXdoYWXCdy5tUOfmf+Cs5db8sSfocSTTvO60nA0Olt7CDIwy5yironsvQxNS2ot7DpOYNpK6auJwGABIz6fCc/Dbz7IrpXtN87tyamAkTnM2urIgLZWMcUiBC+Yqigchi6NHV1C2bJsFY0grL7wajIDjWa6poxaDpkiITZoeAfXOVSTDiCb6wHzEkjxcAmmY30G2spspojG08Ox950xKQOy9GEEwA7pwWSFQUhBvtGk4ModAl2dVKFk1u7o/IS1frGs+uG8aKiWFtt037yeTSmnZbB8v/k2TmnTumFoVUnzYzvpuW+sblJ7SgkyYyw3D4XMV7z/7ThzdkbpVP6IIB0zlqBUhuQ3reqI4zo60mrZj155AJ5NeH7TmQxJ1KSRszZ8K4AjA+Q8SztVLOIhd7I2eYemYBxiiI2/wXpX+85KLtnmgts5SzzD6WJTkaQ6hV7LeGK1ZEJeIOhMPcnTaIFhTAgmK0yNKsmlaOH51oWTaGwYXgYyMByDBDEtT1ioz3bqjaK+VszzVfKOVsnPXX6TKO2l06PnuxF61WHL0ly5lzE/l1k71YznYASDmdatbmKUkiyqdtA47ZLkcEe4FtEwnt+passkurh8KQpVwckSzmTAAW7CGPPABzs9yB3NamkI3ZtqfB/s2U2m6Dx0XdmNTSG8EBqeBOrMAAWDOns19xr8AT7juLpelfgEqZ5G2G5mxhDm8tGtspxkRiiXmX/oaTa6wx7fnh97xk4GtEBuHIvb0pSw2nleZgc344EnEDEvbRKBpts3hbcqm4WQ6D4n99MFD8gCHzAOZpxUV3QICbnpvlFSiID8nA5k1FkVbBR+knun1TNg6Gn6gDhheaayVn6uFObrfjoxt+gG1NSzob7MqSDjbM7uFVP8PQVs+NqTPFdC2FZpm7/q5KJmadK2vAOdx6dSKLZZb2j7nVh9IJQ7xb24kmxrDm/iurVaRuwHd/B1vgWQ7RUaHvKRMFnuOGwlyAwPdQVhraED91JYumXC/2oPXorWi3pH4FnnRDq3qtwXPFaKxVeOvo6CHKqDHqQaMb0nEjeTurldUomLjhSgqwi9xQxe1p1mShuDFMQIU/GGFbk/958f4d7I09WDOoi6H4TQycHShyCQUMYngK3LKQto6d8ILI6W6g9rjueurGX/C8qrOkx8c9kHF28vbcNe/oD9nz6K4/pIktAMOQs08f8oc4ZGtM+nvT7YezjoXDkuK8maw8vfH7W6w7aRSEHzHrzdUSEsnQ1XvHNPb44yD9wZn4rWENw0PYm6NIuzzfOYcfC0Jj+lNBeRgDDWX6Rvv7rSYMRXjRnyiXQjcVU1dtVvxJW+TUaBgvTYVI59Pst4ZBsETaee5T1+ZHc4aeLr1e0+k1vTe9Glnz/PMw8Tc7sRto9d5+xuJxgri1DpsPfx5wIqcn+cb0FdOazgbsudds+RCIu2bLESayWPnEF0G2Jx9/d9oF1BvxrHslTJNS5te9e5N8wrl1uGgMU+QJtJ9nWrNiB6cgcYoeDHNGC6Z0b27INFxv8mOflyinDhAc1EWluvbRye6MQiG3GPCL/239j2u2/LdX5H8AHv9tK/vm/wQAAP//0q6oYQ==" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mrq+5bRuJv9+nwCgPTjo207Qvd55Obnpx27hN4kzd3D0qEAlRPJGESoB21E9/g93FPxGiKFmZuT50YhHY32KxWACLxcKItKBkS9CKy2i+tn2Vn29cTJTw1/WawEb+A6e5O/J4+K3z8w//vnnhJ3uzNa4019VDeGf+QXSgn7xdV20JZ3qzd/Jxdslm70VR9c0MtXn2tipXM+gCs01jD9+ZTnXm01EETYDEOHZxYeNdAiwNUJ7W99m3FLO1hcsA9LJ5MLKAgi8c9VH4rrQpUSkmH1vIKFiwhre8xPt1P9/+fv9HdteVl+y2zTP2HH4wxpN9ur/C6/OthHxRyyrYanUlb10i/8eVNMagUvaajJZsJeoN2P1ei44pkYNympUt2Amz+trINnw8QPBGMZ53UuHC+VF2dbFHRduHImsrpbNSPoDP4opMEajr0Bigm2yaqlKXfMXVhev15AoDwp2M9MBQ2EnQPgzQ+UMxZuZS2VWaOoJ1ouT4MllgAk6T4GARb2ByB52U4pURyDVb4ENrvM1XssM/r3K7ZSZ/5L+wTCSZ10D7jY2GpofKFvDcFT0QZuNlYCjVNd2jMJ0BTriU9xD9pjZH5kj3Rby8tTk1qYfI+xpRXsBjZlUj/rInqpYwryt3AWPD9eqaXJ47hZuqxC35NdNdL2Lq2JaIrAwTC+Af84Mtee3tgJUsrLhgFij7DsSJYKn2DYQ2bJuRbVhutFlANNkbQ8LJrhulbgSs4CJ2VrVKc799PCgnSD2LdZmty6rCKnVey77w+vvG/Gmnkc4MUl5wzdMq/Z6+4logj6rCftMna+BFMYcCc0vSlMyFUrjXsBoetRoqZJtOGo3wgVP+6h9+ufoyrh/hYT1VMePsFwjjxRbjdicBXjW8FAlo3lRXfJEXr777PmkNPfqtocBub9w2GuVku4J08xn70agJFJJ1EY4Sy5ARXOZEAkI+oGfJwqN6FmBYBv0WexzGNciVPxppwtDZwZo6fgK0huerqhVgYCaBUYUsqDAVK9wVzCdY0/FaU1FJx6d23GB8TcXpROkXveMYUdEkfWuPCpmvQVfJIN3YvxPDC78xpbk202pdYwYFsEb4zYxrtZKdnuO04NdFdhZHvCtnjPbMto4tljjci6tERgSnpvBN3bSwAoGlqySFtgfKWJzj0cDSBQPqSNSdmtNAT4ejSzzsGfvj7ubOLGwezeq84ZC+Uol/DniJVhlsfKXB9ttz5mw6spBZzTXzudfbt/hXgshtu5ShttK0YKoza2sCBTW/J9WT5o2f3tyH78xWrV30iFxl24byCj+jI1xOL92arY+vuROEK13ygP2avr9rokjZdNLbQ+JdeonAQZHv9iGuVNmir+oh5LBH3ew9e/X3m1ff/mM2jZ27ewYIods8zUguC5EcB2O8KN0Jna+mM2NRMNS+3ToNXPcL0bVCwzkG6eFv4W8Juv67W+zFKzdPlIVaOG5VfaWDljVielzndiW+kUXa7Bw1mAMJbCSmyh92roHqEzb8VKSPsmCfbm+GQOb/asPz8zXKUxyCyWJg8p8IZuP2hmBkLr95smEOPs8bvtlUbUllZ99MHEUBxzSRNHwzZBni8fE07P+O74C3NPOdgJT6SujzdrGnu6ejC7Gp5RbSmZwV2NPdA2wWgmLZ12dvckB4D/SBddCpwI7sQdj0ou/puEiXJhiy5X52+eh+SNClj35ecZva1DzgabOjJgHxZeqykxAy8UXkvQ5OM1li6Ukt/q+s5briV7zXsqgUHFT45v+KX9kNfdmysBwLdt4HvScJUuEsTHw4kvu8glQuQxdTfC5xhEvNBmpSOIZcOgaCcM00ZjXmSt4D9xPPV3T7BBNMueAQegqIblKLCrL9uBf56SEWpXmn+03k02SYyqDBuBTnFNSUQJM3QpuGdXRWBf0Gj/sLzEOBP5g/Lyn4AVgDDzev4Sq5Qqf37cdL61oCda+KS7hfBodXEUvg6tYKJJMWIeWu23Sy6HN9vCAhms+NXSJjlomubWOwJ6tLBHuhXATy8wD5xQHoIPDhSGSsa0Xtmx/ogmJd37b4pEmaD5sC8Gj0T7+/oyTMZqsCcKStwMmY0PO+m/42iEf9j0t6Zdv3yJVTcdpS8l6vRKtdTCcmKLJmrZalt2LvZIkZ3SASqD10flHb4nXVxscTUTNrWWamWBakCEqJlg7Lxy4UxAIHbLCZaBsglUHVCnoOhRdZGJwbpc7jCyXrXguYEOxRJTDpEIIzpWv2+eUD717WsnxJYa+1LD9nw3ZSwiu67H2uxt5jFJdNXbjbZFnSMZFtN3vJIGOVKZhgUi6XSsQ2JciDdFo3IE1KvYBPdGFfgElWjO+eLZnNLm/OJSGjuUgRE2Z3lHrQ2wBMDUYD8kLpQvb6wowG82/RdRcxe1W76XXo6fXswKrgoFSAAMaL7vSX7ysMhoeJJs4+BqKUQTpEOvmObx5jokED8ZlJDC+mI3MEV/Q6ENnDn6tawFkjGghS97hTtgpGK8+jSw5PVxEiyMQX3XHvm8XZEk54t2lW7NezsWIJusQ3gBOl5dhhwZ5lz2GDeE4DtuobjroKZ5QWaLxTvjobFmiHDbto3nSy7M43cndjEYl8wmwta16qQ8TS5h6qWoRUV6+03mQ2YCOj6W9ei7bcmbISh8NR1YUsttli651Yo2coO7fFD+92vIvRtXlYZf8WaTffyLAHI/aMhdjZQh+5JnI2h0hhJLKze7hWSnWIhW5k0dfTYg+ioqNiN6o+1/a1hUnE6WbEFOp4QpRxrbuzRjeEdL16k9fK7CiCCEz2wLvKjGbFHrtKa9Ga/SNSuFDs1/u7D9A3ZmCVkG66q4I3FOw9r+A4AfIC+/CUR3xTlSK3giUnzUAxXZqeduMvqrzZgKv8eOW6ffP+I/i/UyQHJ7rTSeKOLCZZnk7yF08yosn/6ncyY0zycBhVXPWLvaPX/z7i3QmjICzFbIAVLRJZauo9AGOGPxIZEhftn73oBQ7CAUYRPjV3EMPSgtCYIRRkXTd15wmn/XGtcaSYf10l8sCpvhHdPDbFJ3URbaOBXpgdh0VRfH/2AoIlwDXzxLZZau4yQ6yva75c86P1VcsN3W0/WRK/GWAitL9vn9B4BPBdS9I8/3hAINonSXrHsxFK8TLhz12L7TkEtxbbS8xtZNYnBWUHNCMfv9PuAlJrW9O9l6dFLfP1YN5kJ4xbkgUEzj7PZbMx+1pRvEAI5iEGPKwEL/yzzx4b7ttOA//RpsWTS2IEidLteOUv85EkLt37KD7xAP43+2Ettq+v2Q8gx9ez7G//CwAA//8DMvbF" } diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc index 91be9bc8c08e..a6f17212ba19 100644 --- a/heartbeat/docs/fields.asciidoc +++ b/heartbeat/docs/fields.asciidoc @@ -505,6 +505,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -545,6 +552,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -775,6 +789,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -833,6 +854,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -1017,6 +1045,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -1247,6 +1282,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -1305,6 +1347,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -1417,7 +1466,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -1584,6 +1633,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -1617,12 +1673,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -1648,6 +1705,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -1706,15 +1765,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -1745,8 +1818,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -1834,8 +1907,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -1858,6 +1932,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -1892,7 +1978,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -1900,6 +1986,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -2025,7 +2123,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -2033,6 +2131,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -2054,6 +2159,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -2268,6 +2380,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -2429,6 +2553,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -2451,6 +2582,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -2524,6 +2662,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -2582,6 +2727,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -2612,6 +2764,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -2672,6 +2831,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -3164,6 +3330,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -3186,6 +3359,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -3285,6 +3465,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -3313,6 +3500,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -3335,6 +3529,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -3374,6 +3575,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -3450,6 +3663,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -3463,6 +3687,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -3484,12 +3720,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -3504,6 +3771,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -3552,64 +3838,281 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword -example: 2016-05-23T08:05:34.853Z +example: /usr/bin/ssh -l user 10.0.0.16 -- -*`process.thread.id`*:: +*`process.parent.command_line.text`*:: + -- -Thread ID. - -type: long +type: text -example: 4242 +-- -format: string +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string -- @@ -3634,6 +4137,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -3656,42 +4166,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword +example: ["C:\rta\red_ttp\bin\myapp.exe"] -*`server.address`*:: +-- + +*`registry.data.type`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Standard registry type for encoding contents type: keyword +example: REG_SZ + -- -*`server.as.number`*:: +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. + + +*`source.address`*:: ++ +-- +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -3702,7 +4849,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -3713,10 +4860,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -3726,16 +4880,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -3746,7 +4900,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -3757,7 +4911,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -3768,7 +4922,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -3779,7 +4933,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -3790,7 +4944,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -3803,7 +4957,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -3814,7 +4968,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -3825,39 +4979,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -3866,10 +5020,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -3877,10 +5031,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -3888,10 +5042,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -3901,7 +5055,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -3913,7 +5067,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -3923,7 +5077,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -3932,7 +5086,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -3943,7 +5097,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -3953,7 +5114,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -3962,7 +5123,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -3971,7 +5132,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -3981,7 +5142,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -3990,7 +5151,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -4001,506 +5162,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC - --- - -*`source.bytes`*:: -+ --- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +example: endpoint denial of service -- -*`source.domain`*:: +*`threat.technique.name.text`*:: + -- -Source domain. - -type: keyword +type: text -- -*`source.geo.city_name`*:: +*`threat.technique.reference`*:: + -- -City name. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Montreal - --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.continent_name`*:: -+ -- -Name of the continent. -type: keyword +[float] +=== tls -example: North America +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.country_iso_code`*:: +*`tls.cipher`*:: + -- -Country ISO code. +String indicating the cipher used during the current connection. type: keyword -example: CA +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_name`*:: +*`tls.client.certificate`*:: + -- -Country name. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: MII... -- -*`source.geo.name`*:: +*`tls.client.certificate_chain`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: boston-dc +example: ['MII...', 'MII...'] -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.md5`*:: + -- -Region ISO code. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha1`*:: + -- -Region name. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: Quebec - --- - -*`source.ip`*:: -+ --- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. - -type: ip +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.mac`*:: +*`tls.client.hash.sha256`*:: + -- -MAC address of the source. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + -- -*`source.nat.ip`*:: +*`tls.client.issuer`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. -type: ip +type: keyword + +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`source.nat.port`*:: +*`tls.client.ja3`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: long +type: keyword -format: string +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.packets`*:: +*`tls.client.not_after`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -example: 12 +example: 2021-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.not_before`*:: + -- -Port of the source. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -format: string +example: 1970-01-01T00:00:00.000Z -- -*`source.registered_domain`*:: +*`tls.client.server_name`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. type: keyword -example: google.com +example: www.elastic.co -- -*`source.top_level_domain`*:: +*`tls.client.subject`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: co.uk +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.user.domain`*:: +*`tls.client.supported_ciphers`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Array of ciphers offered by the client during the client hello. type: keyword +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] + -- -*`source.user.email`*:: +*`tls.curve`*:: + -- -User email address. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.full_name`*:: +*`tls.established`*:: + -- -User's full name, if available. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword - -example: Albert Einstein +type: boolean -- -*`source.user.group.domain`*:: +*`tls.next_protocol`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword +example: http/1.1 + -- -*`source.user.group.id`*:: +*`tls.resumed`*:: + -- -Unique identifier for the group on the system/platform. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.name`*:: +*`tls.server.certificate`*:: + -- -Name of the group. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.hash`*:: +*`tls.server.certificate_chain`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.id`*:: +*`tls.server.hash.md5`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.name`*:: +*`tls.server.hash.sha1`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -[float] -=== threat +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). +type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -*`threat.framework`*:: +-- + +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -4586,6 +5663,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -4599,6 +5683,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -4723,6 +5814,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -4781,6 +5879,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -4813,7 +5918,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -4821,6 +5926,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -4843,6 +5955,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -4865,6 +5984,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -4898,6 +6024,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-host-processor]] == Host fields diff --git a/heartbeat/include/fields.go b/heartbeat/include/fields.go index a0cecd709e52..fbfeda42cea5 100644 --- a/heartbeat/include/fields.go +++ b/heartbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzsvWt3GzeyKPo9vwJXs9aRlU21HpYd22fts69GchLd8UPbUnZm5uQsEewGSUTdQAdAi2buvf/9LFTh1Q9KlC06zhxl7zUWyW6gUCgU6l1/IT8ff3h39u6H/4ucSiKkIazghpg512TKS0YKrlhuyuWIcEMWVJMZE0xRwwoyWRIzZ+T1yQWplfyV5Wb0zV/IhGpWECng+xumNJeCHGSH2X72zV/IecmoZuSGa27I3Jhav9rbm3EzbyZZLqs9VlJteL7Hck2MJLqZzZg2JJ9TMWPwlR12yllZ6Oybb3bJNVu+IizX3xBiuCnZK/vAN4QUTOeK14ZLAV+R7907xL396htCdomgFXtFtv9vwyumDa3q7W8IIaRkN6x8RXKpGHxW7LeGK1a8IkY1+JVZ1uwVKajBj635tk+pYXt2TLKYMwFoYjdMGCIVn3Fh0Zd9A+8RcmlxzTU8VIT32EejaG7RPFWyiiOM7MQ8p2W5JIrVimkmDBczmMiNGKcb3DAtG5WzMP/ZNHkBfyNzqomQHtqSBPSMkDRuaNkwADoAU8u6Ke00blg32ZQrbeD9DliK5YzfRKhqXrOSiwjXB4dz3C8ylYrQssQRdIb7xD7Sqrabvn24f/B8d//Z7uHTy/0Xr/afvXp6lL149vSf28k2l3TCSj24wbibcmKpGL7AP6/w+2u2XEhVDGz0SaONrOwDe4iTmnKlwxpOqCATRhp7JIwktChIxQwlXEylqqgdxH7v1kQu5rIpCziGuRSGckEE03brEBwgX/vfcVniHmhCFSPaSIsoqj2kAYDXHkHjQubXTI0JFQUZX7/QY4eODibde7SuS55TXOVUyt0JVe4nJm5e2QNfNLn9OcFvxbSmM3YLgg37aAaw+L1UpJQzhwcgBzeW23yHDfzJPul+HhFZG17x3wPZWTK54WxhjwQXhMLT9gumAlLsdNqoJjeNRVspZ5osuJnLxhAqItW3YBgRaeZMOe5BctzZXIqcGiYSwjfSAlERSuZNRcWuYrSgk5IR3VQVVUsikwOXnsKqKQ2vy7B2TdhHru2Jn7NlnLCacMEKwoWRRIrwdPdE/MjKUpKfpSqLZIsMnd12AFJC5zMhFbuiE3nDXpGD/cOj/s694drY9bj3dKB0Q2eE0XzuV9k+rP9zK9LP1ohsMXFzuPW/0qNKZ0wgpTiufhy+mCnZ1K/I4QAdXc4Zvhl2yZ0ix1spoRO7ycgFp2ZhD4/ln8beb1NP+2JpcU7tISxLe+xGpGAG/5CKyIlm6sZuD5KrtGQ2l3anpCKGXjNNKkZ1o1hlH3DDhse6h1MTLvKyKRj5K6OWDcBaNanoktBSS6IaYd928yqdwYUGC82+dUt1Q+q55ZETFtkxULaFn/JSe9pDJKlGCHtOJCLIwpasz5/3xZyplHnPaV0zS4F2sXBSw1KBsVsECEeNUymNkMbuuV/sK3KG0+VWEJBTXDScW3sQRxG+zJICcYLIhFGTJef3+PwtiCTu4mwvyO04res9uxSes4xE2kiZbyGZRx1wXZAzCJ8itXBN7PVKzFzJZjYnvzWssePrpTas0qTk14z8jU6v6Yh8YAVH+qiVzJnWXMz8prjHdZPPLZN+I2faUD0nuA5yAeh2KMODCESOKAzSSjwdrJ6ziilaXnHPddx5Zh8NE0XkRb1TvfJcd8/Saz8H4YU9IlPOFJIP1w6RT/gUOBCwKb0T6NrLNPYmUxVIB16Ao7mS2l7+2lBlz9OkMWSM282LMeyH3QmHjIRpvKBH02f7+9MWIrrLD+zss5b+k+C/WfHm/usO160lUSRseG8B9/qEESBjXqxcXtFanv3fTSzQSS1wvlKO0NtBTSg+hewQr6AZv2EgtlDhXsOn3c9zVtbTprSHyB5qt8IwsFlI8r070IQLbajInRjT4UfaTgxMyRKJu05JvE5ZTRV1IohbviaCsQL1j8Wc5/P+VOFk57Kyk1nxOln32dQKvp7zwFKRJfmv5NQwQUo2NYRVtVn2t3IqZWsX7UZtYhcvl/Ut2+e5nZ2AaEOXmtByYf8JuLWioJ570sRtddI4vmtv8yyiRgSeHbAan0USd1NMWHwErjA+bW183LEuAbQ2v6L53KoEfRSn43g8O2VzA6j+L6fGtpHdgel5tp/t76r8MBVjdEuGaYwUspKNJhdwJdwhzxwLQuMreIuQJ8cXO3gwnXTiAMulEAwUxjNhmBLMkHMljcxl6SB9cna+Q5RsQF2sFZvyj0yTRhQML3IrLClZ2sEsd5OKVFIxIphZSHVNZG3VSKmswON1PDan5dS+QIm970pGaFFxwbWxJ/PGC1d2rEJWKIlRQ5zaiouoKilGJC8ZVeUyYH8KQm6AVpY8X4JgOWdW9IUFZmtfmKKpJkGgue2qLGW4tVtb4a4EHMfqoTIH4cpB1NsmJ2+ErwPBu110Az05vni3QxoYvFzGG0ej8BxQj2firLXuhPQOnh08f9lasFQzKvjvwB6z/jXyYGLC+2QemLoH2w9SWrp48+YkORd5yTvy/Un85hYB/9i9aQ+ApxGqHVFwwy19Ijl61LljYcGbyqDCouCu2IyqAgQ6K69JoUfJ8yjMTThawLi0GuG0lAuiWG51nZY6eXly7kbF2yKC2YPNfmEfTyCDQ6GZCGK8febiH+9ITfNrZp7onQxmQQ20dse6NxVaeqy41ZrU6x8KzFhMWzichOyxZBQVmgIwGbmQFQsya6NR9jdMVWTLm6+k2orarmJTz0EcKKKzQI3Hwf3sdDPc2QkLugnoZgkC3FGxYImZ3+Y4RQo/apmOiPwE9kZpdGMR4kaNShEXFrxfG4EbADoSaj3euDgwWMSvkKY3pBV2cL924ZR5q06wBeF4e36eYL2Dw4PiEy0KollFheE58GP20ThJi31EGXqEgo0/pTrIW0aSG26Xy39nUeG1C2UKlGDNTUPddpxNyVI2KswxpWXpic9zacvhZlItR/ZRLyhow8uSMGFVPke3aDK0wkTBtLHkYVFqETblZRmYDK1rJWvFqWHl8h7KDi0KxbTelJ4D1I6araMtN6GTSQKbqSZ81shGl0ukZngn8PWFRYuWFQNTKSm5BlvS2fmIUH/3SUWoZfYfiZaWTjJC/hEx60QnsOVFaXnOiKILD5On+3HmvhgjytqSn7CKcRTsigZteXhdjTNejy0o4wzBGo9IwWomCid6o9wsRQQC1Gy3Y1Gyyf6Pu1Spzr7SezXCOFkapu8QgZP9QEtI+7UWIH+1P6AVJDgi3Dlx24TsrI++F0ctwJDYNiCcO76K42etOWdMZjk3y6sNKdInVrYd3J23VpZmtOyDI4XhggmzKZjeJUp9mKwH3zupzJwcV0zxnA4A2Qijlldcy6tcFhtBHU5Bzi7eEztFD8KT45VgbWo3HUiDG3pCBS36mAKWdbfSOWPyqpY83BdtI7oUM26aAu/Qkhr40INg+/8lW6UUW6/I7ndPs+cHRy+e7o/IVknN1ity9Cx7tv/s5cEL8v9v94DcIJ/a/kkztevvyOQnlMI9ekbE2QpQMpJTMlNUNCVV3CzTy25JcnvpgiiYXGon/i4LlhikcK5QysmZ5eJOIJ6WUip3GYzA8jDnUdyMtwaCV5J6vtTc/uE9Abk/1joB4Z00ibcT/Bwc9fMKLq0Zk361fXvFRGojxW6R9/ZGsRmXYpMn7QPMcNtB2/3Pk1VwbeioOZgGT9p/NmzC2oji9R0whAfaxHl2HgQnzxHhskgpC42W3uDhXXBn5zdH9ouz85vnUSDsyEAVzTeAm7fHJ6ugJi3bsMm6eBk81itwc2lVPtRczs7tRE6Ox/iNd8eXQSkmT1g2y5zVhZap8k5QA/QGmZYLIJyVRA+0iiaY6cSMlJIWZEJLKnI4ulOu2MKqIaB3K9nYE93BuF10LZW5n9DphRxtFB+WRFNs2PH/LPhAffMe8l5r1ef49idJd4dtOHp7so7QuXo/zt0erCJ+y520YYoVV0Ny5cNdb1bhmPPZnGmTTOpxhHOPYCF1zQoPsm4mXhwN+/999IXgNZUM5/TDqVRkayplNgPZPstltWU1/K3kc9dFg1EnzvVSMMNUBVdxrVjOtdV/wLZBUSMFhyVE2zSTkudEN9Mp/xhGhGeezI2pX+3t4SP4hNV7djJyqZaWUo1EZf4jt1cfXq+TJdG8qsslMfQ67ipqsCXVBuz/GHKCyrKQhoAitmBlCWu/fHManaRbucya663+XRqR0SIJI+sr2P4vQBFsOrUH+IbZWZ1M4/bwCbt8c7ozQq/HtZAL4S1XLbCIQ/3ImwgBRTWNZO/GgyuyTzzdecOwFo8RQ0A9f26yAZJZRTFxI9ajHfi+RTaNZirbLMWkGhkak6VCE62dHH05FQPThZyu4hhUkDenx+cQMoArPg1DpaSy3V8dqygvN7Q4K/4TmMDLLFkfgGlTlgOS5IMCsa2JnQamBaGf3lBe0knZFzCPywlThrzmQhvmtr0FL9gj/zCigNk3TxW4yI3Fj/RjKKYuXgjX5928YLnbq0tqrFQwQDwI5wapJ90JnKwPxJzq+cY0aMQU8AI7j+WTuVSKWXG0Faw0RQMyMA1BqJBimYY+omCVkMpPmrlAjDGsghdo+IUPdnXjECCXSzHFvaJla04qCntNRIcH8QGtQ0S1kXic9x3drOmSVtCTAIY+VBtSYi/mVkpFawQEr3HRByThOxT4TssLKhucMjhB/RerfaAYx06QPIKtHIYi4NibKhqCW2PYHjozMObFi+EQ+UJWhulNyVtmFM8xfEan4TlUkNcnhxicYylkykw+ZxqMMcnohBvtIiMjkJa62gG9rchMrkPYRxsEN65qhAu5VKySJgSJENkYzQuWzNSFDGGixMUE+gX5TRfxVWdIasce46BxIAh+dJN7VckOy3UE1SHsPu6uHMycm+PM25cRQTgXBH2mDgdehEBed8qWpODTKVOpogvmMg7hq/aussdz1zBBhSFM3HAlRdW2tUTaOv75IkzOi5F3ZgD9k/cffiBnBYbagsO7d+D7gt3z58+/++67Fy9evHzZ8dmgGMBLbpZXv0ev1kNj9TiZh9h5LFbQlQY0DUclHqIec2j0LqPa7B50LF8uPmpz5HDm4+LOTj33Alj9IewCyncPDp8ePXv+3YuX+3SSF2y6PwzxBq/sAHMawdiHOrHTwZf9QLwHg+it5wNJTN6taDSHWcUK3rSV2FrJG16s5VT9bN8QnDU/YeYPZ5pWQhd6ROjvjWIjMsvrUTjIUpGCz7ihpcwZFf2bbqF75pquj+TBFuVsyZ943NLrGBm9w76/kltf3hKaFB5sh5+4wJBe1k+SiFCznE+5NyUHKDC6wpkHnDFSTtNBkhQyppmfd87KOhEg4b5CI2YYWrubUCwtggwPGsI6F9RGZDwnBMfF86J9hnlFZxvlKenZgMmCBxUBWlBNJg0vjb3OB0AzdLYhyCJlObjorA1Aktd2++xJftstGW5dZguTumSx1rwb3I245ugjCtwESXZT7ARHJxUVdAZmK4ht9/D0OAnm1SVsJAmCShnJaefrW1hJ8ujtwXIoPSdPg9MVnQJ77fyygTGT+Li7IuOQ+7jIuK8xdKsVebZW/FYUYzEl9YHit8KwEMf1GL/1GL/19cVvpYfFu/lcTngXh18qiCtlT4+RXI+RXA8D0mMk1/o4e4zkeozk+jNFciWX2J8tnKsFOtlMTBev7WzpTX9HIBNrRTDVit9Qw8jp23/uDMUwwakB3eCrCuOCuKHEXuJWClaUiBsjyWQJmDhlUBzg4Ve4icCse4htXy46ayUt/9EhWkVPonyM03qM03qM03qM03qM03qM03qM03qM03qM03qM01orTqsQrTIup+8u4OMtHpzvW14be6mevrsgvzVMcaZhr6jQC5ZUirS/u0AtZ/lnHIJfQpmAWGPFj7W0apo9rZLMmMEqCTisG/TJuBAawh5ewfPjHVe0beknSUcHvuzLDCBBxfJ5bkScNjihNF7xVENpTl8eB2FA//WCKeajDArHW7jGcfpQ4qvjnfv4mForfnDv5/axIFQpuvTIQCy791G4oVaaATCIdhU9FDONEsmR97VXXTpNIuUxAvz/mi0dyqLnx+8NboFmvgxoy7E1WZLXJxexTNMHLE+CY83pDcMyPimzqOJy8Ec/uSAL+9brkws3fNduZrfZkh/Y6lD7xCpZ8EvbOWmf82ROjg2puOBVU43cl2Fcv6iq0aZVsXFsZxlb4CAUsLcMe/d66WFEKlqHIakdLZ9DvITxVYOpJrXUmk/wRi6g2gYVS/sv9wVe8OB6D9YwoFSTHCuotTyiHYrM8pJuzPeJMXwUbUphQ7yXukCK4VBoDy0hWLSmx+vO3g2CnsRxbkQxA2gT7oh6dqcwsTscjGIQpbf+4qs1E4X20glEXQHD8ihJB/Rr72kZB/uZ//9BLGzS2n7ZVh0txSXhSx3QSY0lXHS7UB0l+ZziZXby7vjta3sgJswiy75f3rBilDKn7W1NxihORBZjEk+4FL7QnxVrdC0tikG/jIcBBoFzmZGzwKusxuf0w+6YvpjuGEoPebfr2N48DOpg97ZlsVhkK4wHfmeMWUdRWmVes7iHGA+wfN6AJGU5N6wXEDC4CZZrTqwyns9Txs6mwJdaHnuuc6oKVmTkn0xJH1NnSdmP785Agr9JRBpOMeCNHabTDcY1Xs5jTOMnshggzRbcc0YLpq6mpS9GvIHzdQx3tpySQ1IyY5gCLokzE5i5FZhcY+m8GPz4ihwfj8jlyYh8OB2RD8cjcnw6IienI3L6vkey7uMu+XAa/2x7PTemwNkdsktDi3OqyFGt+UwkFdaVnClaIQWGqvAtSw6IZRimkQwE8U81j5EdyBx0X2V/fnhwcNBat6wHvGEPvnisTWhlAjuZE6MwrpKh3e6aCzD7ogDbkmlJKKGd2tyg9q/xuIuFz9AdisOgjAyYgXLc6ZgrcfSfP73+8I8WjgJn/GISg5z6KnbuwkDV5E75oMXDN3k1wp3YAS29+oL3uJOjIaTYrRUXBkrE5nMKTRSUJk8mrJQL8vQQorgsBOTg8PnOKCF/qVtvRHYelCSsNsh0Tmt7rKhm5GAfbpEZzPHL6enpTpTE/0rza6JLqudO6futkRCNE0Z2Q2Xkkk70iORUKU5nzKkPGsXUkiexXFPGinSEXIobppxX6xczIr8ofOsXASSIZtdyoEztLdds2OY/3Inz6Lj5ahw3gSgC8jdJDGES0PKiccEtMFat7ZFon1G4geagFTrjFAANvDDMNIqo0c3k0K7zIHNYAdIYtXAeIUQe5M6kV2DjGFsjJBEhiVGUl1DQlikuh2XfYaQ/us2Q/T26ze7lNov082V0BKcq3S5UHB8ft4Vjr65efU7wy3HPSleW5OzcinEM0oPGqXVj3DEz+B/H3trnaIdPpzxvSjAiNZqNyITltNHBE3FDFWdm6fWjlFArarTVC+1QDqyMvMa+ThG+JFzdA2qw44YkYBhNkDOOEit0GeEmWLSw7FDBPtq3K0sl6dAoEuBL8Duj2kr2RoYRY+1YlFSsfDuV/VTLoOB0rSft7w66GwzC8JfQBfxcwzFy796//vDh/YcWdBs8G9vp4Qg2fpLTGnoPjRyirUwK9Ne+vKBEb0z9SnwEUpRLsLtqKM6beBda1XrhsVwx36UM4BOxc80UYeu6CdaFIgLgbf7OI9ACojM/dM4ALNRMufU/kTUaYMulHUJLGe4Vp7Dh6djJyLEoIIU7lyLqrg6r7bO/2lfhTfpWlXM8ocdLg+03NF3JW14gbDN3mxfoLTN0N7VX+0w/Z5Bev3z9XZ0NBtrTfV7vl6R1H9xjAb92MZoYmZExy3XmHhqjG9yDEZkgCEbAehptsF8KuETLXnVsQn6eM4F7BhuIjWKCvMZFwXOmye6us5M6Hwa02jKS6JLP5qYcylNPVgPvu+aGFrSSWRZt9TflqnDT4lcLqo+vy+esoh38k1YHrwHSOcj2s/2UcpSSraTS1+GL25tZxaTOHDqfeH8QDKiRfJdg2gh4/AnrtVcoP+BzzhNU1wyyg0qGVREsmj0jAE91Tu0tFPo9fZOeLW40K6dR0aYCR7+Hp25DUdGATLT7dDwKCOCtZriHTF4diKEYgCBtkrcajNAob3Cx3l7VGlgbml9fWelikzcszEJgluCSgVVaAqpLcN2xj51yfV9I+AwYH6Wdh1y2O9W6VS6AfcxZHcNWk+P7K72hWUnFLHvXlOW5BC/Ba/94eq5vOk0sXt+s2aQOz9RQorgvyD+cK15Kr0JgTrnieet8BjZwDH0P210y7JHt3pNJXzhIfpzj2aGxzZtHz5vYnxGYue9ZZ7wzhZrgwQLtR8ziGLHVnZwmi3Dj+aGob51GoDuYrzXjKsjEnh7O1I1KRoiRdmN6tzToY2kU8AjzNwcag0yYWVjRm4YOAE7GSLrg4WSupwY2v8tLqe3ajv1O3I1uzEtwQ2J3nQYzt0oYETsuwMe0gyAANIzo5DE3bOzB18J6Si0R5RWrJMSRMA0dHdxwRYL4SHA3TSmYwiInPDY5dA/rnAq7dGhxeJ96N2tkXX2y6I2jB3nbm/PbudHOaBDyirAGQBpokLTwBbcn17h7UaKbU0HG+IDvmzGOluCwEfasjwEhu7QoxiMydiS/CyTP4KspL9kuSs3FGL0x3icRRgyd9ZIwECxdUJdADUNVchrN1G5NtbbI3MVAn/YV7UDfxHa8dpoPztBFfhAs5nw2dw1UhnkgcEivvXR2JerH0vdr6WwOEsR45PdUM6GdwyjmhNEAZoArjuwlUupb2/xMlT3c0Nhy2kDZrSBuyqkVP0dkwezlKDC1BoKhCG0bmKwwl9s7BjwXzhEZ4qVcC9oa22c3mqEBK6fNcJoa7DSUMIisYbUc9nDq7pmTgfLEGxcW4RpYt7onJnSQpPP7yCK7UM9EC+z/HQpShS65jUhy+0euq1MZ6w4QZH/Yy9fe6439Qypilwe6Bsj8yGnlDVPAZq2mGUQIL+kkFGaJ52cuCrnQeO+Ts9P+Phw9P3rRRj4e6zsOWBEV5jZ+HYfBQXpV1IZ7jtsLAdpwB9gVo8AwfANH7HS1RE2/14jbnVDUmCyf5PZOzV1mUmydHhoHJV+ZtOq1SS254Tob6HQegka6fPpMkEpqk7QyGrnIOLOQsUu5c4BM2IBaiPzUf8zToItWr+6cljmUxHBpTiVEf6CgkFpEnCPdhQUiiYcxW/c2bAu86nsUK228yMMKwjuNND0klRQ8tvEiyRDb26C6+R2zH30JMiPJNWM1aWrkFPBSerjaWIXGjgBpG4/2vsITl9NylO5sdEEOBBkX1FDN7ko6+/yAfJymExUl2r3swWIPLtgKK3JQgZFOTmuwgrJUXjDClEjLiRP+UcrZyGk5pZztjNLJ7YnwO4XiwDKW4EhOYS6rJGO523UUtlKxXFYVcGJoeSqkCTYVGN6KCK25QaEJEVqVLJqk0yqmWExlWcoFCgiUFBJrMYreMAMWsJrmc5YluAjb26h1cuUHkgo7b3JRN+bK/yiokC4MywudjUkfoPotL0s++Ay6doBGDgYJ59RN3ZIbCPigwrRtSkLug1i3Jxk/M6scKOa8Xya6m1pBdUMcxrMPmF2gYcztKe8lfzCxTsTQqosigtq7I7rXA9KbvQ7991ayuUnT+e0NAt4q1xq8U5trg1kXP1I9J09qpua01tAgHBpnT7mYMQWBHjvgdqILdz8ZaTeAokckLKBglRTQlJShYgwmP26WA6mzvrjh0F/Hfz05/WL2pLNTu5pQ+SnRWzowD/aOvuZrEdAna1Y+oGqlOoXOgb4Mv3CydreaXYtXIs3Gi9TyOPuy0/kTQ/otKkFH7YJvx3HMsTbUMKtw0ZKqavx1SvIAZNuCmLL5jd2tOEsSc31by2yQLpycApIQCDi6qWupjPZ7ZHECsjgMjaJL2cyAOUkvCIVho4+Kut7U7kLHK/oYbidgCTsjr93hyONOLEZL5ow2QFDi7fOrrr4W1r1Mugm8f6ALsJoGLUVOoYSJCqT8k5MwbmFkK6R1K0SAY5jhhVPI/Cqp8Vlwbcm0AAUaE8hAbmZU5XNWxNNiBRIeesArZhRnN15oH1/h3oz7qLxgNTl4SfZfvDp8/upgHytznrz+/tX+f/vLweHRf79geWMXgJ+ImVvdBjVXhd8dZO7Rg333R2QLUlVENyChTBurZmgj65oV/gX8V6v83w/2M/t/B6TQ5t8Ps4PsMDvUtfn3g8On7WoJsjFWVtsk73RTrGKfZ6mAEq1SVlvL0ZIZOYluX/CtkZM+6763b7QI4oOONToUjoFCxlPKy0axQYYYRlyLMa7PEMO46zPGpi+Ybrh+7vZF8IIP7RuaAaDQCPI9H7BzsdROy+hbDd7IWaIlV/bYyzbHiq53r9r4wzpQR4loOTUL6pvzDod5I2UhH71YamjAPjemLnaw6jb0c28mriyfG9jFWNvrNzavt/89uWZKsHJE3vJcSTv/rlvirj/cu8dNwe27O/19xLdb26i4vr7SCW9dxW2npaSDfrIPXF8TGAFuGcWl4hil012/diASLUugNJ1E8P6kmVP2YcmgbjvTBMr8c6a61UkD7FdCqmoNSly5iO13YOTlv7MChr1jQaNghweLVVjEvj2SB/v73SsCKu1zgbVuXALyUjZw9NqqsiMEoCjMKtAJQLpt77BDLCh2ENPMMgERl4FYc859Wpa+z3hH+dHstyZRnR6uQNCFG9jXmlwpwLIAg38UQhwQfm9SAKVa98yWI7Da0Ot2JhT7SHNDpCqYcvlsTsJJ7JfOelkmxaKixSVouD1k3bCk+tqDlPjBIHz0TYUJ2seH5rmznxp5q3np55Dx5G1wccQ0MyoJucOnvL7srcE0ifixRArxCpkznjS11wYSF0jYCHBuuVk5880whObapKEijjDdxgR7pLb8dTA70XH2sJ4Js2iGOq/jUs4yDb9n/vcsl4W9V5246r+OcX0ccWGwr76P90BHhZuihfe4HS3h2Jeoiifz7PRiJ2tLFu6NQjKUEh1VQ9MOuRBhRgzmquiSxCitaDWVNTqeVi8XIhk7C+5fA9+1adrQtcqD3W7/QOPKnRYQ53pLbSAtwenGoj1Y0VcYQew53WB/ie1Eqk8SxEPZ5vaS7IGIjMPucLQKysR372Bua+mlYrRYOkoq2JQ2pfGEHk3DyS2JB9ATBzbtWHCdnpXjKP+FSX2ILGTbUXv8pQDX99mpm3zrdaNkzfaOK22YKmi1lSTs0MlEsRv0xvvHLy63djCYkvz446uqisyE09I/tbv/7NX+/tZOh432g1QeSLljSC4g8TqrQoPhO2Et5yj00hsJrVdC2XHcb/siVBOxejhA7WGecmcIcAEo3/vPt8SfHMNb3WAFSHbrGWQgDkSTieXCbc+Vi6ewv4Ijz0cB2LFdtWe/PAtUyJ13TJ5qLXPcO5DyQStEtjsKIRr+MxXFnsUdL1sxac5YP3KpW7WSRZPjnQxTnnndmLyNlon/+f3Z2//lnoXANzeia96jdzJ82SlXXpPpl12nEJtvt9U+3lmPp5rAYkK4zv06AYFj6DPY4PYbSAziFeoJAKplZH7odnUHpzMIV+chbqVGX5JRNL/22pzWQ1brQffm/UAG9MM4QIN2jnWhjDXX2+93YFyze8B9kEqNUXzSGLRqVcxQzJaGEIthNONvodYEDOMMmei+bGq4rMaVnWrsfINWuLECzBhWMU4MpOjwRF+2PdQmii720RHR3EqzbjgQZ0WE28t2FoyuMw+KZG7oXsMKnCt6nQSAerp/p4BzqMy1KShDta4QHRu4qKt634Nxby4rtkdLj7vg2LFA9cO5HwxWOD9hkh5YtRP4Q4ngjWWmnyteUbV0hcTspf7D2enOrfu6fbC/f9Apex145KYhTK0og9D193JO9Tyrimcbgu/t6TOcoj+pntODDc168ePxwS3THj57vrmJD589v2XqZ66w7UamfnZwODA1F5uLljqzY0c1z4etI2MR4W8vTnXPyuGz509fPO3UsN4ctG8tsMnxsCDK3NAyroAOxlNv7z8/2u+A+ZlX8MANHK5OCm4dPuVdDe0L1SZ0uLEaVkhE8Nx4FByZJq0n2UOZzzruMmu5EBszbqOYbifYhogWNVjTvc8Da2o25f3/vilLGD8Vkm67aPdWIU7z3+9pTBwQSu0gluqh2Uoi070X5ZIoVrIbagnQauIQwwspdSBpbdmPAwm7B8+fdjqsGKpmzFxtEKmXMAOi1WqWelmVXFzrL5ayAbiEAIAnFi0jew5AmXSQ7PR2OGh+oVzkRsvpgK5t5ZWfQF5R0UeQpPg8uegIM3h2Vos0SU8GVAFRZf/BfbxFY/+ByTQPLKdKLdOmuTQGRPjGFWl/YOolzbaVG4M0Yq+LluofUucVD05ew/I5RKZEx5aF7Ow8SRHAcEC1q5va6inFfdLDvp72Pl99a5+vsK3PV9bS56tv57PJCkqPrXw+vZXP19jG5yto4dNXx/39Fb5YfYNdhnLiScrjgJ8LnnH5yvYRL1P5JcpuEOQ698q/bn34r7oo/JeuBN8LRnb0+aP/fEdK7hzjioE8I0VGZzT8TsuZVNzMq5CSyZXzYSfuDlYWyKlcRm9VSag+NWc+v+Dt6bMR2Fl2gM5rxRy3zshxUXgwpsE7gX3w3RCTJSnlgqmcaq9gtoFDZmwBRFcSFMvC2BHNaqqokaFgNtVYtahWnBpGnmhBr9GzPiIYHzOnT6+eHRzepyb3l7aIfXlj2B9jB/uSJrBwnqRu5bj/6D/f6mL0/ddbLkYMRivtiagbg/nU2Mg/HJ7XJxeYQPytPwSDzm5u5gMuOZhUxj7w7QoWPhkdVE1QaAazqNP8abtWwGhImHYjzqkqFlSxEbnhyjS09H3+9YicQkPopNk6Fl/6WzOBLmsQbFGwe7VRVvmcG5Yn8ZcP2rehE9jXmq8nEXx88fzqedtm8dic9bE56/1BWleTe2zO+qjRPTZn/RLNWe39uSFItn90Y3ueCZd8mgAbK1qEeL2FDxwde8jGIE3b8+sqJHtVBK5+dwffoSU9zHqcioRyThrgcawDHn36DS0XdKldP6QRhK66uNeg6bouFxCF7ZLEmbjhSoqqk2Pg9w/qeTcKdJPGJw2NJ4wabLDQxcKnNd4FCYjXw03jNtMw90e3lcNzboo+391Km0kJT6TKhCITSvxJ8I8+ot0xSUhK+q2hJTgkw5iJUu/rEkGMsatZH8q5QIMqF44OJY8LlvMCqrRZ2RXIKDJ2KFHa2XipsymteLmp0Jj3FwTHJ0+8V0CxYk7NiBRswqkYkalibKKLEVlgWkjfwYNP9uBuyk31Q+zJvLgTbbetL4Hoy8sNi6A0tzh4K3+lN6y7giS35QusAWcLYIPOpejChfn3ID/KjrL93YODw11XKKcL/QYFmhX4T73jbhmrEP73LrTeDPWlIPbzObq3spHUI9JMGmGa22idqgXv0fpgic/NAb8ujRzsZwdHWbuY76YCpS9dTniH/X4vFTkpZVOE7D6NomaSAOdufvQqQznvsTnMKlbwphpD2sNNlVZvh1zmRNYNynqrciAmw4HprdU9LdzVYcShO7vTdrFeM+RlVQjCRehP5KSOEJjtO2Gm2/b08Fl7+sf2uY/tcx/b536VnpLH9rmP7XP/ldvnzo1peYx/vLw8h8+rPQjfez9cCGKyL4VkvMyXuSbjRpVjnxbHMOfYJKu2QKoydoSEfhjr+479CxNZLDMI+7vfDe4TbdNX28hNQwo7YBKYtYveFy++Ww2iC4Ld0Bm+dAotbsatUP7IylKShVRlMQztBnB5KQ0t20GaXYw+scDCYcdOgAPi+cHR02EEV8zM5abuke0WSnGqTqoxEjkmoEMF5glLM+uNDF5hLLnpS+ln5IK5kmQybyofph3G9i2Lt8583rTVE16fXAy1hmJmRGoox1w3ZhBNik2ZUhuLUv7gho/1Q1LM9XbT8h79am9vUspZ2stprwO769X3pc+561Sy5kFPgfyyJ/02OFcfdQ/vlz7rDtpPO+wOaG2oafS6/WruVVuhjVOcaNhncLTfdrRu1kgAcK2yuhyAESBGV87SG/2N+3hLSMBpz1sfEtVLOZtZllOxfE4F15WTM+DLUE0niVuG0lcxQgCK3QSX0Z1RAr3p3Lih8CuksPqk4zB/WliupZxgzYMwEVaA8GOCzTYtjfDtuLUQ/1Za0a5XS6OzQiENLIIV6fjfhsp2k8YQRZ3Zwlde+HbsmnygPeP1yUW7efk60hAQ3AYkzO33vqiORWTwXbrNWlUeS/drMXkLkQanYxhKQXG1xjKMUNLCXh1hRJd4GvpfzySLJTxgEDQipXV/C8m02N42oeirFCyamHzFjLox6X4GarJ0Hyp6QEppqMaU1hPZ6ZXHblU0XFAlxiMyZkrZfzj8T9RqaDlQZyM2o0kO86x7Xz/Ivl52SlPhRIQLDcXBBKF1XbpS4VmoSdToBsg8rcKRjoKtPND/gf0YnAAUZhhhLwUsNOBb9Q8a76WaZayk2vAcK95lEymNNorW2V/9Xy1kYf2nDNJ7ksast/arw/6wqzBkR+mUIwoJba5tRELu4Ihw9YVdT+JOca/kyHSvk8OVS9mg4aFLBQ+0uCST3pVmB8bYLYdmXxjMGgvbm/1Kb+ggYhox0Jtic3hx07kCAnNZ9FBxx/7a0zCwkM3UrPTH1aT12i1svoYl7RYfBoEyeSJsrGuhr+uSGwwLNKSBcvLBGFJT1eoVcIb+WEVjr66xG9abAxB5qeeWiqTYvGtG2qMuN0paY7FTYtEtdtRbkC/LF8ac0xsW6ulAnTDMTM19szFMkkKPBRO5BNejVESwBfAFTRSr5E16CCTJS0YF1Ltqg/y5JUCJlq7Cp73WJsz374z75D1zaXfVT68ECmFB4Mp4uwwSZQh1hYtwjaOHhWXcV/jhaoise2fPXbWhVke7lB5PxQoICbVXd8VNypFuOHXDZL6Ej2aMfPj+RJNnR4dHdiufHjw/ygaWlk1pDqX6s03oGNvJCn0ZNz9hT7bqOhLC+o7TUmNxVZaG7LJGw9XPqfBXXqjgth+GtO8ePu0Tx+HTW3G04fvJV7diH83uhEIvrnWR1VkHEPV3Q2vxNRsffKs727yiNuSnbzGLQ3JNXpBvI3L+LUiqWZv3xJqJ0MwW+Dv7WGPFJLD8O5bsqCcQCsx88PJgIFf66bMhtLZqzd0Pt3eemG7hw7tPzFCBPVdXz+I4MoxUVYlJJt2JI6cBLHWK+0FRv1GqlVi1oge8O5kzOViI71bQQ21Ar+TQ2P2lXR7Q3ga3lQfsFkpcqybgIE8IG77JeNuvgRjaRTLDqGsRAVQTX0EBiVL7B25+AkVv331/1BD0hwXhUpPTu+SrOzK7fDm5djoKhn1UVSN8syqoiAD9n1B0pDH3haBQlpSlc+kkumXNcU98UvKKH73TfKNbKC+UgL5H+kjUsjd1XI5Rk8Ey/VByIJ3V2WFqJY3MZdnuckTVhBtFFU8IB2sMu5KJ0EpSo4xcQYVpV6pvBAIpLTU03i+XqAjEh/X1sk5MMjz/bWRvLjaR8npEzMLKcsoBs0ibGVnNI3aYSkp+3TBRJI2YoDIEwBLrJdhbqAj1EWIFWThSewXThpydY6kIPSJQJnxEkjEXXPnKmF+h/4fyqkVaA6b9deoOrzTrb6NdH+35IHGDtwd2ZCLtuYG4D+i71+KzY1edF950ZeyT3p/he9+3Z0TG/rC6n1BU4XEndFMN3EjPO+3ckIOY5dXGQky2jzFeAlq0ojlYQA6IXxw5O8d0VEdNSafz1Ibmj19Mqmjzv2iBo8RIWe7SmZDa2JvPUFFQVaTt98Kw01Iu0s14w6gSWD+cmuB/m3EzbybgebMEAl3Z9gLydnmxay+ZAaHv1fz9v+l3Rz/+29sfnr39x96L+Zn6+/lv+dE///P3/X9vbUUgjQ1YO7ZO/eD+9vfs2ig6nfI8+0V8SLp3Re361S+C/BKQ8wv5lnAxkY0ofhGEfEtkY5JP0GlY0BI/WQqKnxoBhPuL+EX8PGciHbOidZ008wamg5eXU2aSziyuv/AoXEiJnSMdM3AuO8y2JpBWZRd/w9kiQxhWTOxRIxWpmeIVM0whIC2g14MpAtKCwP4LIo+bLB05TJpt9S1kgO0W3UylWlBVsOLqc3Ikzs59ZGAsxeyOa/KTs5fVSn4caD318jA7yA6ytpWWU0GvUJ3aEIM5O353TM49d3iHmtsTf3IXi0VmYcikmu3hxQydMvc8P9lF4PpfZB/npiqTOtEXjo/AfeU7g/i3tOM/tIT2AsDBQOJ5x8z3pVxgtzT4y4UFhXFLOfMOgcbFBQ2tqYfw5y1Ebzr2DoWjydI10oDG/NLfvjpm2vl7qQvtDxAa8jOf8hbY2Az7Hpfw0IXrBvmkK9e9O3Dpxl8Grl3/Y5TP3AU8fPEetj3hnmo2wOu333zntYt4Z4L3iLCPGdxoI1ICRf1KcytJBhdxkHC/PsktBOGFKH4P9SZQeAEFKHSg5YSJodQOQck01jpn5G84T3oMSeiBETBc0qVlTk1Rj4jJ6xHh9c3zXZ5X9Ygwk2c7Xx/mTd5B/IbSJ87w0nl/cQalOku8RBdpmoMn6zcWi5nF3RFiMNGSas3yEal5BQj9+tBpgU5MA64Zg0ptA+/T724rUyHC6/1y+DXLOS09BY9CDUBM1+up1FgkOwSRFMyw3Iz8+OiRxsCSO0fcbd9vTriy3BVLyOt2Cb+QyBJc3b46BQ5KRc4wxdAttVPWX4opnzUqXnOSqEasj4DQcSrpLtauluFtVXpEFmwC0g+36jsXRjWQhoTo4lLs1QrWC+P6REovUEaR8RtPN0JL5YZNQUpmBN9OKbUmQ0NbrB6fv3Wo0VlizPGkkVpzKBZZX2HM8R24YHC0CoqlP1qAdVynDnShfZgR0oaO0vMt+IZVRLOU6ytA3jq/628Na3Bg8vryDRRbkQIbDTnFz3VaTCT3MEwoC6QYmP6gR07BrDzg8QGRMa9PLu5hgXosEPJYIOT+ID0WCFkfZ48FQh4LhPypC4R064OE27dtDPk0C01igbl1+M0UtHh7fLJq+i9lgNg+iUGQfRQkMr43AMOD2KYGPRupaye82XLkzFlZT5syTaCOWsU0hnIF2SzISxQDo1gJYkc40oJINaOC/+7aCqTGByHTuE4IcmKsYIXjPBi1hXCVbGoIq2qzHDAvX4Ep7uKH1kY8lswYhPqxZMZjyYzPg/j/2JIZrt/chkC9nPvud2YFh++AqA/391vwaaY4LTfrZvBWGTeZEwzv6jrxUMHKrjZIBzNok7KSKxhSKrvdUyWrtgFXuUpeSZ3e4L6IIy1rprOhLA3vYFLjaGYb+1sQUjYKDf/U8A/cSPCHLEsGiR1o57B/RVvFQNiMH7OF0lbMwkMi9b9g4PUI7mJZUWE60uTg+X2YVHq/KQlDjDHxUaaAd73RsPv9HVFF6TjeQMSE4vkcCQosQ60SAyHUJ5dVTYWXLqy4BApPixg7cT9pmJEO3SmtyAUBWFQpKmZg5pvy0rhWoZgK74UpiAAH/1O70EAAI67nPklhf0BpjbZYSL6MCJ3SRxBr4m3UIqVwdVzETvm3V8d/fxE6vLjI2GHS6TbhX7+UwZ9Sov2Ti7N/Yln2TyTI/oml2K9ehE2jDHzKluNy58lXtzK3eF+t5m1wP2lDS8xDQoeSn9XDd5b0cve15AeG8q+NQhgmElhymDX/PR0VYkjD0A4QHNP5duJY0HUQEtTz5AL6vDLuD9fQFFd+7wru+Zzl17rZ1BE6ccN7OTFutdsquNpvmAq5cf1YnReTp4cvC/ryxcun7OnR/suX+XfFC1o8yycv85dHbXUmmXxDKzptW9ghqKtNrAHy9zUTIfpfyZmiFegZJRWzxq7dSDJpeFkQze0be4qVnE5KtsemU57z6Owj0dXaFsEQnVc6lxtr2ncmCtgaMSNzuUgXDNlxYUdd1xBoAgdm/RGZlXJCyx5e8OuhhXxW//BLez4hBG8QvjbmSp4zoTdmdX2Dw7syDbHdRAqZYpA4WLQLmhFKdKi75XAKfhs3YioVK1mRi/PTvxM/3Rurm0LUehiyllrzScliXJ+ui48Q0+eG1Hs7fY3yuKb5nIWBD7P9LyUkeE6WTBEpR7bv/831yjynZp7E//t94z2CStuRNlrtAenvnbCypGpvJvcOsoPD7GW76tD9e5LenQzo0dZpVdplpoeHTw++oCDioWrPktaWOcxeftMyl+VMt3Sq8+Sr2zXztcQNP8WwXp1TEXXrWKTQhUi0xsOkHD8c4cVeQrEuILqVIg7q3thPX0OxwqmxV4ShS+37PuNUhBvNyimhIuDbrqrmGGQEpRyBi/pYadBTENzo/1xPNpmtU6Lp0/IXlKJLF+oLSKJqBkFgqVv3LV2SCXPWC1xeraQVYSDKh0PVzwTxPV7lPu4SHWpY7pLdMvxpb6Tw4WA/s/930I4AZh9Z3hh79W4IFccTLcvGsFZPY4+VOPswS5lwsefXljY7e+w//6/cf36TTmHHU51VIxzFC1kxq+VYPohCOkqtoQao5hUvqeqLC13yrGdrWQfvdcOdRcknrWab8BemW+cKC3JpYmQbs/WdVVzvd/OGG2Cg7k6n8k7dm/shbn7lKmBZMLbt8oYAaV/72tBuAPj9hO05i234PcJh0AHBaPtw/+D57v6z3cOnl/svXu0/e/X0KHvx7Ok/25FSZq4YLdYr2XwvDF3CwOTs9O4NcjBstOoEADNoUMTZd9uyNshBm+YEMEkne8FuK3w/whI2yBpC4AbVYeMxSeKECjSoTFhMZn8VhkzCQwglEyUXGnyCvvKPA8LfjhAwbGVH1+umhPwZ0a/L/JD19f2C7lVifyHVNRezq1DmfGOUw/xcSUl1b4TwYm0H2r25rNgetbreN2m1yxho7uTsD8lXt8rZIUFPM+j0GNr5uuIgVmCu+Y2EbaVKNqKwcjJnULPPL4waGsgNXKfwAIQGDbSj13YvuCAVFUtSlzTHMn0U4pF9XbDLFAQ3NBZ3A+8u+pCqETrHIFPdy6e0LHEK351JuthGkKl1LUURWYurriTI2GExi5Udj63qkStmgivYYihGoTE9SspTTbyBYA6Fdb0TdeSMRqNIBD6zakTykkPlCf8oFUVItkkTGn3ZQgLVCgpY4tm5F/WNjNDzehyLOZi5VUgAaa4cO8Z/nZ0To/gNp2W5HBEhSUWNAdNGNDZwA5NRxYoRmSxDEkg61SuaTbI8K8b3cTTWaxyo4fi/4zIUlDw717jHUiSFGVNfXj+f5GK9bBL33ECdCUc8rqB9yGfIpRAu8yW2+nUR+YrNKNbl0UxbpVmPkuehZgCZ8JCbZ1VATI3MpSqSZsRSkcuTczcqRsfFjBeELWf8JkpTrqQiufjHO5cW+ETvuB+9rnxynsCC5VCxrGhI5uzO5Mz1WNaxhQ+/fe2caqGpGxy4gsvXIDQ3jY/7xcwwpiqyFcbbwn7i06DqpVCIDuDaN9aCn53q78OT+xU6PCtxPVJzZGy6M0W6DseQLloTYIhjkxRKidkk2KHgV18IEGwLeNJ9sdaBwSJqY/eCOKQ9vbiNuxjzjZQQCOQEh9/zSwitr13xC8sNaGG5fEWF4blP1nahoOxjPqdixhw/i1YKHw1qJLnhdrn8d5YEOAiSMwXGmVhoI5ZY9XNMaVl6XgW4hXhUw2ZSucozrsCKNrwsCRO6US5sdUWpBIuwKU9MzEnz63J5H4MJcvJNCWQYRoTVeHBjwtWBNfs8g6kmfNbIRpdLpOY0OYiQhUWLDvocBC1Ry8ZHhPrOKdhtAzrXSUsnGSH/iJh1vQvTpgp4qhRdxLR2pPtx5r5wJRjbgqSwN0MsiFM0mNGEtp6xvX+ga4drSDMekYLZKwsqIvqezlIkMcVW7OhIgVRna8ewrRIEXdyJq2BGS3D0RYMbbYwUspKN9iEYgPf4dQDQe7ddQv3xxbsd19SjXEYDviaM5vNYNAFReQaVIFg/Yejg2cHzl901twJivnQMTAu8H6SclYy8edPOZHjoOjF/hQIx0KE/lthxcXjSVQnmQ/lWBy/ajs+h7kcP0zUFocHx24aHx2y4x2y4+4P0mA23Ps4es+Ees+E2nw33iclo2/1stF4i1gmaBTqRuuTs/AZqCp+d3zyPAmFHBvpiSWxDGXSCmuwzFPXtS6v6OWUIbPqp8I7FrN4dXwad2BXD5E5aimdWklrxG2oYOX37z7QoSPusgIZVSlqQCS2pyOG0JsUDpCJKNvYQd5Bs19kvnvIQdZsjAqDgydeLgs8rPHTuKg59igzXcabcXcPmfo4Uh/ZVJG55kAYn9dVme2datWLOZ3OmTTKpxxHOPYKF1DUrAsjNxAudYctb/WrQABOGc1rgVCqyNZUym4EEn+Wy2rJ6/FbyuZsp2qoDXzDDVAUXbq1YzrXVclx0BOidUJMTbNTNpOQ50c10yj+GEeEZiE56tbeHj+ATVrvZycglGhGNRJX9I69CobjJEkPnlsTQ67irrqY/tAhYSFLSCSs1qsRCGrChY5kxu/bLN6c6xHhu5TJrrof6nwVktEjCyPoKtv8LUASbThn2QDWydpKL28Mn7PLN6c4IvS9Qb8vbp1pgEYf6kTcBAopcP4TkcefP6RFPd94wrMVjxBBQz5+bbIBkVlFM3Ij1aAe+b5HNY1Pmz0sQemzK/NiUeXBPHpsyPzZlfmzKfGtTZle4HJ5L3Jz+qzuSX33Z867TzKS/SQX5qFa2j6HvBTXUAbegmuSyLKEpyB0JrlMuCtdRylMnVH1FsgzdE/3c9kmfQ7a+T4fVc1YxRcsNFvN+7edI2ZN01iAP/hM+Bd2ffeTa6J1ehZbCVV0slwTdb5rQXEmtiWIQfeVq44/dgHD6fDuHvmTygh5Nn+3vT9vWjU0cp+0+a/ZdWxsh0NuNEIcujw4lmJ9fK64TniOnGAoiZMGcma215OhtCuFKQDAgzxUtQ5pHrHul66dZpsC4ujcVvWaacBOTK1LuGSVUS6dJ9UY8GIL1qLYdUGEPjJXJed6UVAG8YUiGfahiy462RdC5QDlGfgiGzivtSnCmxbpbYEArLtlCe7uhpcONyzCXziE7tu85lm45PHy02Hc1Xvv0Vjz9jj1jkynbp+x5fvTyu8Niwl5O9w++O6IHz59+N5m8ODz6bnpXeeaHocj0CvbEFitCOO40UBSiVfggodJwMuGuhLCZUNm6lAvc/oJbtX3SpFWsfVsLxKpqIEQlXDwWq7p9PaMi7yMHtKHCvg0WonhCRDBOt7vngX2FaljB67QDZvsU+Zu6iV3wnGmm0YbFZglRVfwro0YPDYIaV8GmtCkNNB+oQ9haeNRuZCwJ7WKsoNyTcHWeHLmyAbpqdfLcTQtaBiKSxUZ7XQZqooEkYMoOn0kowSwk8qJWNSz/sueKXmK1v8ExNTIViUKYJRSMyLBmyVQqNko2wS89sMXoN5h4wSYM6q6TAJkPAPOjrUdLHZacgNCnqA4AwqfbgzHAPdMmVEeDGTSDpJqlnVrCSXZdesO40JLReSFzVhtcXJgNIQYUe+HKAclcqRMfsafbTRmxM9Ks4Xoedi0eSjjS9r7Ato3xqnf3nNQWVJJKuq4llMOLYNpbegNLiMN3uFCbaiKD8dSzQ3aRKwQcu0VVVGB4lWYDYoKfb3ff/ddJn9FJwOWDekAx8hfH76z1jykfdK97Al5MqMZSC+qhA/JsS04IN3QimPuVJJO89ht0NsVBYjVfiBVqQ9c9oStYb6gbPm5x1aGG0unvre3YXIGf7f/yufztDQkBZi3dor8rkQdDzXJ5Tai9krBoDjNEinLZ1S1u4pSBuw80CMoOs7Q+OcahtdSs+M0tWhY+dXdUYtIGnTqXzF5bJGyPlIQf3hF4mLqd7t0q/guGx7lAv8fwuMfwuMfwuFvC4/CcuG1K27T0cPjFYuR8n8nHGLnHGLnHGLnHGLnHGLnHGLmVMXLYbezPFiPnoCabjJFzV/sdsWG0dAFV8dTKEDY2GB+WpEoRoygoQGL21cfLrURH9pn4+Arj5dYX6r5g0NwAzf/hQXOpqPkYNPcYNPcYNPcYNPcYNPcYNPcYNPcYNPcYNPcYNLdW0BwUZkK8OmfOZfzmFmfO9+h7sXRSUq35dJl2daUlU/bPPJdY8cPeu24uYuhHKWTlTS2hCvWckbfcKEaOLy//28nfyFTRimHfcPdoK5AO6h5IBetsA+Jmx1KVoU4KV05kdjqkG/Ps9GJE3v3w/c+u27J3zlNCcllVlkc4eNHsj4vIDM0Nz7NvAQxfKMgNmdPaNM5rbwV3JyX5Mg+hBTSiw2lwW7yqaW62dtrTsHwOpJZ96xWXuPpQn8hPiC6Tay5ACwBBh+Zzy8dBz5ssiTc/GfAievKDuUawSXkuq7rkGoNmZpKWHj4mCrAakoIJe0KtWoouw62de7jRwq5+AVbqMBymDM7qaaOguIvbEv47mjs9BbUkQNxp+D3sRgjxY1brhLA12C57N4bJ3GjtpsrEC7wuGKLACCLoFRyq2usRYVY6BhsANYSLmVX+DK+w7bJiRkldo9hZJuDS2QwX6EuidI7/27PLD6/d+WprLkjOG7uKLUlz1E0RnZ4ggR499v7hajX5UjgpOwiLfEuN4h/JJY4TdtCZdpNabBl54rvb61d7e9QYml9nlR0TqkQjJHrv8nh//2h/L0yw08UaPjCEry8kEoRAjfVxF9GVstQvjzvkakO4g5pGTOSbK0fISJiDNKr8k2LwXiMEHId740sc6cAW23jFfR4+1WG9D45XD4zeuzw4evnytnNtf1+Btg2e7Fak7Z8UdauFgRX4/GNO+9rYbd34Gzrw62P3XmMEXCuae+uVF+WTr1bL8qcxctsPMpwIQAUtl78zUjMFypmA8DQlm9lcNl43o6TiuZIhbSVp2wLCuFVQBCM3nC2y2J03iJ1umxLASSLDE8Xs4o0mu9Fj4Mv7LdjE/+7jk6ZKCrPLRNEJONy1y/mtYYozTSpahHVEDW9C8+v0Tb1+VxwL/QYZ7+qME5w4Kt/H+A2Cq+PanKaGJtVYmdAF9WJ1aWLkjFkhGSy/Ycho9kEjgEf4nIqixM1LonkNU7vO5cYSTPZsokeT6cvD6dNn3303eXpU0Of0ac5eHr4s9tk+O/ru6fMuekMtxT8GyWH6Dqr9996g7r02IdAA9IKKUd0o53cDTTNky1hdOAyJLa0cfkGBdrUbeujb35/uP/+O0v0Jfbl/OPku4QqNKlOO8NOHN3dwg58+vPE6po/X1k0NjkjsxWCnNGBugFweWtpXNNZrdU+GYqxzRiaKUSzsKxfCkoQkOp8zq8l411VNzdy9L8l92k9t1jx66qIlnTlFlbFj1tZischclHCWy6128gDUlMbwfQr4rOgSLydXYvLs3K52z6LQ4hVtr+UyNoyjXZcKumAgMQHak2vng0mCCjC8eSa963TswipdZGaPaNpLaOEVcLjB5ingwHIdzX2LMmDX3DInP3nk8FLxGRe09KchoKVRZSc0vTME1xj4DBWdp/ZCwwTEEfRQk8ayQrUEeWEO5639fmfwklGwZtVMcVmQqtEGBpkw12SRFQN+MvRzwcMTRrZqMduKSWj29a3MftffodrdgInpZFZF7/7Dl0yXyiQR6BYpdGpcS+HxX8YJ/RtZb3WQM/7LGJPF2j5ED3THVLvBNphnU3TDWLYEdjJe2WPmbGVQjdXK0+EQLZMYZWwvG9bFBRlbGrPjjUdkMYcbEQ+hy+TSUKBYaKMauOTsocZys14IaQdop6EEAyJf+1S+Ojp6uodpCP/x27+30hL+YmTdwqg/JJu7ECtZQJpaPI9AIjoUMQ+r7Yc2JTmcIoQ+V1JwIxUXMzwprk54EZjmhNkj6TZzhMlQVKfbQ3Moa1/KmQu4s6/aUw8NiH5tIGbCbQhWr6Zw33Sd0WE3g1E1vBaGpSARL6gOgI5a9+FgJvInbawdbcXPrT2vqdbJTj58kyscviN9d5qObLhXWXvuhAc5BG11wNlASFYaCtSD4+joab/7xtHTFlBQMH6TlylM4Ig4BJcCvPgLrm1wDam8udUhth6P/w/g8ewjXnbxhk5ngQRAFHzC7S6kfRdOaGLAwBb0Cew+Rx7b01OYb9KY8NQomQwXi9d5GBEjRgRhVW0iPAA6Pjl2b3ey11rppmTCzIIx0TIKmIVEma5zkf3RYWCWBT/GgH09MWCo3GyKCC5g9NU8EW6brc69i9ax8atB+QzhXXFvtfXux+g28hjd9knRbRsOvErrViQySgpBywii7259culD47rpqv3OmyGKDsVb7H97Q4PM7/Txdgrr90lbTnqDMf8MMn7SMBP7DWfa3ag+PIdUEntCoCmVF16d9Aab0AHICdxwW+vEjlrdw2H/LxuY+EfGJP6JwhH/1SMR/wRBiH90/OFj6OGdoYdfXdTh1xpwaJ+6ojNvEkuuZBK/XeNixjH89RyLx8mK+SbVvhNjEAkccJdztvQdqudyQSyDEeA+9F5LqDmSywra63kdt6bKaotNANXrl/e4S1moHvUFTrKbrbsl/Hzuqyp8gZa8KUARdT2gLuiUKt4CasMGzZ+E29CbduGVSFwDifS/87Kke8+yffIE0fjfycn5Tw6l5P0FOTi8OkBp/i3N7Rd/3yHHdV2yn9nkb9zsPd9/lh1kB88CO3nytx8v374Z4Ts/sPxa7hBXCmbv4DDbJ2/lhJds7+DZ64OjFw5Pe8/3j7J231upsymteLkpM9P7C4LjkydeCVCsmFMzIgWbcCpGZKoYm+hiRBZcFHKhd3oIxCd7cG/OF/C+ZoomkZVeGAKRGFSmOYsEoCApeUURBdzOt/JXesO6K7hmSrAvtgacLYCNfmK68OyoC/lRdpTt7x4cHO5CXz2ed6HfZP2QYfx7P2eC/VUI/3sXWi8ifSmI/XyO7nMmjNQj0kwaYZrbaJ2qBe/R+mABqc0Bvy6NHOxnB12OsllQ/6vPdVdcDZYLfrNrJ3lFJpiaQEU+lwo/7mKY/jdBlvgrPtOa7X/AoCfeHO0i+ycQHe4C6r1yBMJl6bpKwgJBdxssCQXwzqU2yREaQkkLlh/d837pbtWtkScQ/M8r9nssgIQD05IHD1hNzfyVMyx0Hq74TFGcz6iGtUfHtbSGlZNfWe6FXPxwdedK/ke4xQJmYR9BnJ41CtDpCm0NrK+HtP7aQiHWdZYFgw7uRn/gwa27dXQoqAURY5kvG7jujl9yLIDJobkzvms1BkfUeSmbItLvif3obTlQ9466EtMDyH/rfkUxNW+9qgktCh/3CPXEruCBKz+k760tVUrhrVXDC1mtpKWIqCXHGAX8Zffj7fSRSoHuFXvOXPEoWDGe+4HJeUVnbGBqWvFdOsmLg8Ongxwmzn5mRyBnp0H1Rjz5rXC0+RdybMkEixlDUeBwSkKRDWZoFlACSL6DzgYfvpXOkjk8gLF49+3ThAWF5+890xpHpzPXuucnma2i+ZwLdpUUt7x9MvdClryw7lyOr/OSm+XVGtz09rfWndXR+Lob1ztf686DlXHWmqP16OD4nh8VMr8GWnUM6dR/Hjhe+BsUMu2Wp3S/2XOt51KZK7wWXpEpLSHi2t/iON9uYEYrbtsAFhnQttuvtJiIL3YbsTuMrARhw68MIm3FVJbj3H824HTJgbrnrJ0315v006dzXlTyF3L5/vS9FWwWxEhS0doyWc3+owdLS8ogt0saZDU/J4GnIwiZp1x7n0e6/RE/DQxyJqYypVZ3LUCRZM9rEgK13w+Sp7s3Xp9cpHmZPFQXZbnOllWZuecwf5W61FAhxW58s2NxlSHKcTWlr96allnUDzGRsmRUrIneacQIWN/jtvfnlTqbNLzsT9nf0XB7bx28OD3Yf7m1HjjvLwjMkBpnhwGxGvzgObgNFm0UM/l8fWD8LOhXEctAgdfNBKotQWk3R4d/S78bGDf+HoS9tuQWByUpFd7OVeNLd3LWFtC301wX47UshtnOvQ5zgoFaFmiOHJyqGeDhnzrTuSzIT2en/Yns/+qa5g+3qDhif7JO/f4HmMzbsPqTOXb57Wcz5uTnq4rWNRcz9+zWt2ueogRid5FUtO6DDM4XOO9fH9wJbMPAKwYljzUzD7vFcdwVG12wupRLiLt+0InjuCsmhor206Z88CUnA6+Y+g456FMnbjdLuL/Q9/nz4rjugnG8PN4u5+GLgXHdj/FeCUrt0D0Qxyb3ugTYx3XFTjdDxj6yvDF0Ut4meroV/ypLec3pLm2MLLjO5U2qnPw/+Cs5db8sSfocSTTvO60nA0Olt7CDIwy5yironsvQxNS2ot7DpOYNpK6auJwGABIz6fCc/Dbz7IrpXtN87tyamAkTnM2urIgLZWMcUiBC+Yqigchi6NHV1C2bJsFY0grL7wajIDjWa6poxaDpkiITZoeAfXOVSTDiCb6wHzEkjxcAmmY30G2spspojG08Ox950xKQOy9GEEwA7pwWSFQUhBvtGk4ModAl2dVKFk1u7o/IS1frGs+uG8aKiWFtt037yeTSmnZbB8v/k2TmnTumFoVUnzYzvpuW+sblJ7SgkyYyw3D4XMV7z/7ThzdkbpVP6IIB0zlqBUhuQ3reqI4zo60mrZj155AJ5NeH7TmQxJ1KSRszZ8K4AjA+QyRYfTtui60TdErMGVUGPBMuPWarw7tWsB339ErmvdJyD7O6t9vW+tUcPzHErdqvW+b0++YnNe3uLwNRCZ8/SWt3hm/yz9UtWrNB6N2vckLOTgmNBZjC7g6st3DMsQdFuo09GC6loWWSSkUM02ZorO5eklaQbuvrgSyZwblPPTvnwqf951IUekAuTMPiyR1SQqPKrPdCVzpYa0uOXXJso0of6Z7GDJKxyevxiIxNqe0/c2PsR3tJwN96PLBNiW1mnYV0wsc/cSGp09BHKeG16Xbe3pmufnjFtYacOj5N2vi1hgsvWZo8Ox9YJa97a+QrabBjOzq/FcqzFKo2JN4fN2qNB+mnvB4PpQwrpmV5g3XDfSZ08PK4LlvgRBxWVVp0r9hvDVes6O3Lp5gnRWH5vlR2EzyfwxZxN7Tkhe92GNo8SUh2jBG6fT1jzvLrqy4r+ATQjomR10x4AQ8rC/CqKQ0VDBoLES5u5DUrfIjqFCfXkAGZNMfD5nRJnXrXncs+7O9AYkmxZOT03QUGuA8sDVyrNe0zPoumK0XFbM1TAo5WeB5lAavfxyJtIKOCpGlc4RCNWcFzBzNc4vCUFTldKyL3MHztBRzBPhrgJ0VTsgJfzr7xN7tuqopCvp+/2t86AnC/rHmjx3HI3Tf61nk76xhSOzCGwfdWdaI6dfBiUkGgTdzhJPUAK/xgqrzLocFd52ZOxpUsgO2V42zrDmFhgGC5MGyWNNu8816NWlAADLMbdJPnjBWJvTv6ixZ9inq4iaeUl6wIm+4YUbLplmVDJ7amXnPD4xhrbHgENZmo5UxYvSNf7RX20PdQvBIaEf082PhzxbWgTB81twpgQQjy9wdmj8NWumofYF7wl1v2R8lknj3J/Fo/Swj14v3J3y6eWVX149qsyY8xjKMVm5JOFPr8tlGwimLvvSudk/zmgpR0yaCThSiIUbzGa2fd3XBljAa3pAvIHcCQcFMlBMO0oRMovEqTLiXkhlOPNvuQY0G94bAziBRJGFsyiJEt1Ged14eWTW4jRHIbMfYWv5ogPUWaMrFnbtm9YiJXS+zdBNu2JlniQMMbs8p+ECmjRZB3sdCcKYPFXdmVkOYKpLqrCfQoHpRjVhHqa6pK7su7WmkDzW3OjuK2cFunE6KYBTNmawIGhVzuBdcbah4Qqj/8/M6pKPScXrONneApF/b4WlDDZMnBLBWjxTI5oK4KSm/giN+v5qD68Apj6lTAubw8v6eRyo0wjPhV4o2d5n6HM1oSyRriTZJ/QD5VuLlwAk2jymDrcagZOAxM11LoPp/okuFtBD2RxXJtWr6LcpIMv/6Afe1yDYT4/36kOtRwAZuYXzwsINgs2m2k/TMalQ1MeMspFOmat898ilVMHR0Wm4YXcccC3nANOl8YmkxlWcoFwkqV4jfAHKdQDSmXwjBhMvLG6l7csMpnd0L+vtOhoMCeVMhQ+xe5LJZ+IPuGnsuFeHB2Ckfq8/ipt2J8Gjv9/3oLD8zHFV8hU660gYawdgccE8BiiKg1LJRVayFHszdaJDJ41PmF8Fg6yKXKkkk7bLo3YI9tt9h073Esu8GncTJfe0O5GnKw0VJheTpKasWgWIWZ8yEmbv9zmmghGY5kT9OyU6bKgDEY7mzR1oo72yQBEKzQaM/h13LTDE3mSe3qXixvXXqT6Sa1VThagCm4ZbAb4N34H6LxkRLIBinBHnl21a0Cmc55FyXcSgfamfxQynWF3VLOM8Ax+pxilaD3NQp2Q5N5Cr+aM1q0lIbPQHNbWvY8PkV4MLCmX1rkDzB3vAbs2UxuCTCyuN1qcX+7H3HnbtGd/+w75wWQT7Qc9TQaxYzi7IYVwavvDMwACnGwZMPAAAN6cG6dguejPTyhtEozkwtLTyhA9oZLy4ZfnpynthJqDKtqk5HXonDiJxZBDfy7N1rBnQugdUF8zXfB10LFTq/keZXqlWcnb8/X1Cfdm+Q++uTZOfqF1lMlfcX5nrh9L0/CO9wlPiV2ceR1PpcffCl7y+8ewg4dRiYfEgb5gdWWHtpS/poy/kNboL25L093256/e9n48nvvuJ3Cs/JPsfUlNUXJGvaEzuOfZU+AAuF4xh+CRjpWtZPP1QIf2Co+yOZTy3iHWd9DbYvOoK+F+W1Arb4Fo1HNsZ+0YXXEHpRGtSyxjd6vBVH/OwAA//9D/4SK" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/2nu63cdz4999fQfge7gOJcXuHA37dhyu2ybbrXnY32GTbR4eRaJsXWRQkKlkX/eMLzgy/JEqWHS8uBZqHu7VNzZAzw/kiNWNImlOxJVjFWWSvLa+y0+2LiRT+ulkTCOQ/cLLdUcbDh87fffjH5ffe2JvQWGqu5WP4zvyjqEE+efkgyzWc6c2u1NPsjM3ei1y22xlK8+ydXG9mwAITprHHnwxTnfp0EEESoDCOdS7sfZcAlwZUHtbP8x/pztYOXgagzubBzgIIfnDEo7CvtBkhG6aeSqgomLMtL/ka36/76+LTze38Y70+Y4sym7Pv4AujPNnnm3N8fb5UUC9qJYNQq17z0hXyf9ooowxkY1+T0YptRFGB3m+1qFkjMhBO49mCnjDeV6XKsHmA4NuG8axWDTrOT6ou8gERLR/zeSkbPV+rR8hZnJMqAnHtKwNMk00TVWLJV/QuHNeTHgZcdzLUA0VhjaBtDFD7QzFmbKmqpSZGsFqsOXYmC1TAcRTsOfEGTeZQJ6l4bgjymt1jozVeZhtV48fzzIbMlI/8C46JKPMrwL6wt6GpUdk9tLuiBmH2vgxspaKg9ygMMyAJl8oeYt7U1sgcYV80l3e2piZxiLKvEeR7aGYmt+Jf9kTVAuaFdC9gVFxvXlPKszN4K9cYkr9mum5FDB3XEoFVYWEB/LDcu5JfvR6wlAWPC6zAuq2BnIgstb4e0fprM7QNx40uC4AmudEHnGTdKHRD4AZexJ7LstHch4976QSlZ/FZZp9lMrdCnRWqzb38XpiP1ozUZpPynGueFun39Cv6Aln0KMSbvlgDz/MlDFhakGZkJpoGYw0r4dGq4YF5VSsjEf7ilH/1D385/zIuH+FhPT1i9tnf4BovrhjDnQRyueVrkUDNt/Kc32f5q59+TmpDj31hILDFpQujkU6WFSSb37A3RkxgkCrycJfYCRnCzR1JgMh75Cw5eFTOAhx2gj7EHkfjFuTGH4xpwtbp4Jq6fwJsW55tZClAwUxCRg/Mgwem4gqjguUEbTr+1FSsJONTGdfbX1Px1GLtnd5xHNHQJHyrj3KVPYCskkK6tJ8T2wt/Y43m2pjVosAKCqCN8Dezr5uNqvUSzYL3i6wVR3znThkNWFs3LZY43IsfiZQImqawp26aWAHB0o8kiTaAymicw7GBpgs21IFYO09OQ3o8OnqJh33Dbj9efjSOzZPxzrccylc24s+9uUReBhv3NNiwPmdOp+MU5lZyjT33cvsOPyWALMqVCqWVzIJ5nFldEwio+T4pnmQ33l7chH1mZWmdHpE1892W6gp/Q0e4nDrdmtDHP9m5hKtc8YBhSR9mTXRTNl30dh95V54icFDk2d7Hq5r5fSuLPso+R531nr36/8tXP/5pNm06H28YYAjT5umJZCoXyX0wNpdG10Jnm+mTsVjwqn25cxL40N6LuhQazjFIDn8Lv0vA9b87Zy/23DxQFkrhuFb1D+3VrNGkx2WuS/FK5Wm1c9BmDihQKSyV32euQdUmdPixmK5Vzj4vLvuIzH+bimenW5SH2Eem8p7KfyYye2+vj4zU5Q/PVszBz8strypZrmns7IeJuyiYMRmSLa/6U4b7+Hga9uLmHcwtPflaQEn9RujTstjDHWB0LqpC7aCcyUkRe7gDiI0jKFZtcfIlB4AHUO/xg45F7MDuRZt2+p6PF+GSgSFd7q3LtfsiAZd+9HbFBbUpO+Bhs4OMgPgy1e0kDHPxRWStDk4zWcL1pBX/rgr1IPk5b7XKZQMHFX75f8df2SX9smPhOBZE3nuzJwlQoRWmeTiQQ1lBGjfHFFN8LnFASs1e1KTrGGrlJhBc10zjlGOp5AF0b3m2obdPsMCUuxxCrYDoTWohodqP68hPjVgazWvdVlFOk2Epgy3eS3FJQU0FNPlWaLOwms6qgG/Q3F9gHQr8wnw8o8sPMDXIcPMCXiVvMOm9uD6zqSUQd5mfwftlcHgVTQlS3boByqRJSLXrqlrlbaYPJyTc5nN7l8AYN9GtbQzt0eISof22cTeQvwswf78HdXDx4UDM+KwltV9+IAsNq9uyxJYm6XnYEoAHY//86YqKMJtQBdCRtMJMxoietfX03iAe6z9d0Su7vifeOBGnkJK3eiNK7e50YoEil/XtHFvM6DrURvBaw8kEVWeadXTXgNqh0YPKezBzD1jp6ThbP6zxg0TcEL9GcFq+WaS4GZN++MmQRNxJW/LnxhYRNngb+3d1zxaXjDeuz7njbmK9eRvdokyzsTeHW6V5EVTyYlo0OgWry0sW1YiIvk4UaUrivrTqXJa2mm6myrxJ+IVhVRa2x0to62Lee6DrHUxiyRuqOdnWhS20Eh1Z3umsujtjd7pozP82WpuPxkjAv5u7BJuC3MyUhXSqlxy5kPDQ0L5MimaTOG9s5gUqPTgsL9eQm7BjZcxg95CRycV1YpWy6q1RDspgJ3d0PTrLRTireCb2PO4sggdVHWV1l6rEWYtGFY8iZ7JyBUbdKQ81eYdDxHSoEsk93RnKe3w5Jj2JdeRVbZhg9VwGFRWhRjyWhxGOElrB6wu+aEM/ztiI7GHZVQVHTO0N0+pBlNbBw4K9ctsWmpdCtU2xY7J8VA8it1ULVoi8gQJ81O+HNwLLAfo31hfXmP+EwdYGMiOKhWCXH27oEnJ/aXC0WvG+4jNkWsINl4kaWG4F3Y0CX6DC+wrYuBB9VPA0NdXjbrAA5obmjO3jzCjjcooyDwbD19bBKcUXDfokbwuR48Pz/7OWvWm3Ww7vFFnT/p4EgH6ZaNE9HLbfos+u4wKbUFkI7zCIrYROJ+Sqc5ov1rRxsokcDirf5JWSJVWgpfvmyHWpN+xuq3JQe8XdfLbHWUgILFzdE/V0u+qjIDcxvFsN3f5E2E3Gnxc99SXqdIhXXBYid0wnRRQw3ahsVij10FYTGe5hTGC4n2qAKDpMGObIizVhp7ZD3iS0Zbf55YBZqHWfNKMOmHOCrP3A4qXASiqiDekFa9zmf5RPZtWTyh6aXwJBvfl48dvNLyZU/TJZNVkYaRoNMCVExLDoS94hwZDEHsyVzk6+umEF34ma1SAJupYVmp2p3KDuAEmWdCeyZzLMWapAYFzHVEyV2P6Sj5JbsplBpIJ64FwvIn+NLQCiVUT6eefx1LLZmCCyMWHsLX5YIK1EYusQK46GV9SZFW4ZG7ZNFEvfg2SyTAaSEQnkPhUa9o0slV6CVxd3ImKRHzMkqG95XUjonGBEgmtKt1EehVj4bRP3ijRuVtRraN/EwpZQ0+Z1xfUJZ/WH71/XgOur7eCVLM32NVN1yIKNWdSC57tgg1IR7h5gT98Xs1Ht9Qqtq9DBub29PjBJRRDShB9ybwyawzanzySyCe5NUN+FHevc3JBD09aFy/UQaRKboXs/fUgMxwT6XuW7ybK8T3KixoldgP3ocgJB7N873rgS4pATs4uHBbicha0DjRGnHdNgsIFv/2Qcel9s4j0fUhWrCabdpvQi9izgSmLTSgearVRRqCfqIF7X8hGU40q6d8ZLPWdXJvaSUOyBgjGJ12hsIXvjiIJC7Rtyle8sIPNEs1FP5cnVKWyp5+lTm8U4Tp3+u7dwp3yo9jf12LvfQSNQqwSwxxBGDU+1CWvLqMm7/fNCBkPpXAi3Jc1c1fMAaUdN9wD21HakpnvDseqzXHlktvRzTa1ZgNGqxq4vnFW1gFrJeiNTStz8USSaK4GQzG7adbokaEgGg80u46i4wyYFE8HGR2YfvhRLk0JmRW15kMqbKm8qZFIcwnF8pSlK2CV0N/4hGf8nCewrSoLZ8mLZba4U4twnCaNy0FDKD71c6isSap6ExuhriiFH7yU6dilkVsKXG8HzKGh4Bpljb9nq+JDgLsEafmmIn1DuaAbM3gysBCRZiFuR9jf88JwbiZ3/2zlnHZAjM0e9iKYWupbiUeTuVJ8SzDAVRnOZpycDCujk2jqcnr3tYQUl6njIbow8oQPZAxd247y9uA5zJVxrsa30nL0tc3I/sbeY0989aLmkI4DIQLxkW/BSpJjiSpltw7hycfH+emI8SU+yQ+LJxTWeC00LJW0j1567fdBJwgfkklwxszj2NtuoT7ZDrNF3p8hDO8jsU6AgP4nKyEPs5U/08U+dgbbpvizkttl/B+X4soM5blBYVX5Mri9oacUm5BM6w5+VT4DqN7bMzanDQEf6l5IVT6r5MDPeUdYHhG3+MOilKL+vEFaPUNSHOeZTo0XlqQeduYxKjMn7Ugj1nwAAAP//zfvS7g==" } diff --git a/journalbeat/docs/fields.asciidoc b/journalbeat/docs/fields.asciidoc index 2fa79ad845cd..4e1188b88997 100644 --- a/journalbeat/docs/fields.asciidoc +++ b/journalbeat/docs/fields.asciidoc @@ -1072,6 +1072,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -1112,6 +1119,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -1342,6 +1356,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -1400,6 +1421,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -1584,6 +1612,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -1814,6 +1849,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -1872,6 +1914,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -1984,7 +2033,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -2151,6 +2200,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -2184,12 +2240,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -2215,6 +2272,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -2273,15 +2332,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -2312,8 +2385,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -2401,8 +2474,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -2425,6 +2499,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -2459,7 +2545,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -2467,6 +2553,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -2592,7 +2690,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -2600,6 +2698,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -2621,6 +2726,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -2835,6 +2947,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -2996,6 +3120,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -3018,6 +3149,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -3091,6 +3229,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -3149,6 +3294,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -3179,6 +3331,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -3239,6 +3398,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -3731,6 +3897,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -3753,6 +3926,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -3852,6 +4032,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -3880,6 +4067,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -3902,6 +4096,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -3941,6 +4142,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -4017,6 +4230,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -4030,6 +4254,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -4051,12 +4287,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -4071,6 +4338,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -4119,64 +4405,281 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword -example: 2016-05-23T08:05:34.853Z +example: /usr/bin/ssh -l user 10.0.0.16 -- -*`process.thread.id`*:: +*`process.parent.command_line.text`*:: + -- -Thread ID. - -type: long +type: text -example: 4242 +-- -format: string +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string -- @@ -4201,6 +4704,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -4223,42 +4733,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword +example: ["C:\rta\red_ttp\bin\myapp.exe"] -*`server.address`*:: +-- + +*`registry.data.type`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Standard registry type for encoding contents type: keyword +example: REG_SZ + -- -*`server.as.number`*:: +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. + + +*`source.address`*:: ++ +-- +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -4269,7 +5416,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -4280,10 +5427,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -4293,16 +5447,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -4313,7 +5467,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -4324,7 +5478,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -4335,7 +5489,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -4346,7 +5500,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -4357,7 +5511,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -4370,7 +5524,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -4381,7 +5535,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -4392,39 +5546,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -4433,10 +5587,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -4444,10 +5598,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -4455,10 +5609,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -4468,7 +5622,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -4480,7 +5634,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -4490,7 +5644,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -4499,7 +5653,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -4510,7 +5664,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -4520,7 +5681,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -4529,7 +5690,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -4538,7 +5699,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -4548,7 +5709,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -4557,7 +5718,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -4568,506 +5729,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC - --- - -*`source.bytes`*:: -+ --- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +example: endpoint denial of service -- -*`source.domain`*:: +*`threat.technique.name.text`*:: + -- -Source domain. - -type: keyword +type: text -- -*`source.geo.city_name`*:: +*`threat.technique.reference`*:: + -- -City name. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Montreal - --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.continent_name`*:: -+ -- -Name of the continent. -type: keyword +[float] +=== tls -example: North America +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.country_iso_code`*:: +*`tls.cipher`*:: + -- -Country ISO code. +String indicating the cipher used during the current connection. type: keyword -example: CA +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_name`*:: +*`tls.client.certificate`*:: + -- -Country name. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: MII... -- -*`source.geo.name`*:: +*`tls.client.certificate_chain`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: boston-dc +example: ['MII...', 'MII...'] -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.md5`*:: + -- -Region ISO code. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha1`*:: + -- -Region name. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: Quebec - --- - -*`source.ip`*:: -+ --- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. - -type: ip +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.mac`*:: +*`tls.client.hash.sha256`*:: + -- -MAC address of the source. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + -- -*`source.nat.ip`*:: +*`tls.client.issuer`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. -type: ip +type: keyword + +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`source.nat.port`*:: +*`tls.client.ja3`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: long +type: keyword -format: string +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.packets`*:: +*`tls.client.not_after`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -example: 12 +example: 2021-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.not_before`*:: + -- -Port of the source. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -format: string +example: 1970-01-01T00:00:00.000Z -- -*`source.registered_domain`*:: +*`tls.client.server_name`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. type: keyword -example: google.com +example: www.elastic.co -- -*`source.top_level_domain`*:: +*`tls.client.subject`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: co.uk +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.user.domain`*:: +*`tls.client.supported_ciphers`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Array of ciphers offered by the client during the client hello. type: keyword +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] + -- -*`source.user.email`*:: +*`tls.curve`*:: + -- -User email address. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.full_name`*:: +*`tls.established`*:: + -- -User's full name, if available. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword - -example: Albert Einstein +type: boolean -- -*`source.user.group.domain`*:: +*`tls.next_protocol`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword +example: http/1.1 + -- -*`source.user.group.id`*:: +*`tls.resumed`*:: + -- -Unique identifier for the group on the system/platform. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.name`*:: +*`tls.server.certificate`*:: + -- -Name of the group. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.hash`*:: +*`tls.server.certificate_chain`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.id`*:: +*`tls.server.hash.md5`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.name`*:: +*`tls.server.hash.sha1`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -[float] -=== threat +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). +type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -*`threat.framework`*:: +-- + +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -5153,6 +6230,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -5166,6 +6250,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -5290,6 +6381,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -5348,6 +6446,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -5380,7 +6485,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -5388,6 +6493,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -5410,6 +6522,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -5432,6 +6551,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -5465,6 +6591,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-host-processor]] == Host fields diff --git a/journalbeat/include/fields.go b/journalbeat/include/fields.go index e823e3bfe169..6a0700591928 100644 --- a/journalbeat/include/fields.go +++ b/journalbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzsvft3GzeyIPx7/gp8mnNWdi7Velh+7rl7P43kJNqxHV1LuZmZzR4R7AZJRN1AB0CLZr7z/e97UIVXPyhRtqg4s8q9ZyyS3UChUCjUu/5Cfj76+OH0w/f/DzmRREhDWMENMXOuyZSXjBRcsdyUyxHhhiyoJjMmmKKGFWSyJGbOyNvjc1Ir+SvLzeibv5AJ1awgUsD310xpLgXZzw6yveybv5CzklHNyDXX3JC5MbV+s7s742beTLJcVruspNrwfJflmhhJdDObMW1IPqdixuArO+yUs7LQ2Tff7JArtnxDWK6/IcRwU7I39oFvCCmYzhWvDZcCviLfuXeIe/vNN4TsEEEr9oZs/7+GV0wbWtXb3xBCSMmuWfmG5FIx+KzYbw1XrHhDjGrwK7Os2RtSUIMfW/Ntn1DDdu2YZDFnAtDErpkwRCo+48KiL/sG3iPkwuKaa3ioCO+xT0bR3KJ5qmQVRxjZiXlOy3JJFKsV00wYLmYwkRsxTje4YVo2Kmdh/tNp8gL+RuZUEyE9tCUJ6BkhaVzTsmEAdACmlnVT2mncsG6yKVfawPsdsBTLGb+OUNW8ZiUXEa6PDue4X2QqFaFliSPoDPeJfaJVbTd9+2Bv/8XO3vOdg2cXe6/e7D1/8+wwe/X82T+3k20u6YSVenCDcTflxFIxfIF/XuL3V2y5kKoY2OjjRhtZ2Qd2ESc15UqHNRxTQSaMNPZIGEloUZCKGUq4mEpVUTuI/d6tiZzPZVMWcAxzKQzlggim7dYhOEC+9r+jssQ90IQqRrSRFlFUe0gDAG89gsaFzK+YGhMqCjK+eqXHDh0dTLr3aF2XPKe4yqmUOxOq3E9MXL+xB75ocvtzgt+KaU1n7AYEG/bJDGDxO6lIKWcOD0AObiy3+Q4b+JN90v08IrI2vOK/B7KzZHLN2cIeCS4IhaftF0wFpNjptFFNbhqLtlLONFlwM5eNIVREqm/BMCLSzJly3IPkuLO5FDk1TCSEb6QFoiKUzJuKih3FaEEnJSO6qSqqlkQmBy49hVVTGl6XYe2asE9c2xM/Z8s4YTXhghWECyOJFOHp7on4gZWlJD9LVRbJFhk6u+kApITOZ0Iqdkkn8pq9Ift7B4f9nXvHtbHrce/pQOmGzgij+dyvsn1Y/9dWpJ+tEdli4vpg63+nR5XOmEBKcVz9KHwxU7Kp35CDATq6mDN8M+ySO0WOt1JCJ3aTkQtOzcIeHss/jb3fpp72xdLinNpDWJb22I1IwQz+IRWRE83Utd0eJFdpyWwu7U5JRQy9YppUjOpGsco+4IYNj3UPpyZc5GVTMPJXRi0bgLVqUtEloaWWRDXCvu3mVTqDCw0Wmn3rluqG1HPLIycssmOgbAs/5aX2tIdIUo0Q9pxIRJCFLVmfP++LOVMp857TumaWAu1i4aSGpQJjtwgQjhqnUhohjd1zv9g35BSny60gIKe4aDi39iCOInyZJQXiBJEJoyZLzu/R2XsQSdzF2V6Q23Fa17t2KTxnGYm0kTLfQjKPOuC6IGcQPkVq4ZrY65WYuZLNbE5+a1hjx9dLbVilScmvGPkbnV7REfnICo70USuZM625mPlNcY/rJp9bJv1OzrShek5wHeQc0O1QhgcRiBxRGKSVeDpYPWcVU7S85J7ruPPMPhkmisiLeqd65bnunqW3fg7CC3tEppwpJB+uHSKf8ClwIGBT+mmgay/T2JtMVSAdeAGO5kpqe/lrQ5U9T5PGkDFuNy/GsB92JxwyEqbxih5On+/tTVuI6C4/sLMvWvpPgv9mxZu7rztct5ZEkbDhvQXc6xNGgIx5sXJ5RWt59n83sUAntcD5SjlCbwc1ofgUskO8gmb8moHYQoV7DZ92P89ZWU+b0h4ie6jdCsPAZiHJd+5AEy60oSJ3YkyHH2k7MTAlSyTuOiXxOmU1VdSJIG75mgjGCtQ/FnOez/tThZOdy8pOZsXrZN2nUyv4es4DS0WW5L+SU8MEKdnUEFbVZtnfyqmUrV20G7WJXbxY1jdsn+d2dgKiDV1qQsuF/Sfg1oqCeu5JE7fVSeP4rr3Ns4gaEXh2wGp8FkncTTFh8RG4wvi0tfFxx7oE0Nr8iuZzqxL0UZyO4/HslM0NoPq/nBrbRnYHphfZXra3o/KDVIzRLRmmMVLISjaanMOVcIs8cyQIja/gLUKeHJ0/xYPppBMHWC6FYKAwngrDlGCGnClpZC5LB+mT07OnRMkG1MVasSn/xDRpRMHwIrfCkpKlHcxyN6lIJRUjgpmFVFdE1laNlMoKPF7HY3NaTu0LlNj7rmSEFhUXXBt7Mq+9cGXHKmSFkhg1xKmtuIiqkmJE8pJRVS4D9qcg5AZoZcnzJQiWc2ZFX1hgtvaFKZpqEgSam67KUoZbu7UV7krAcaweKnMQrhxEvW1y8kb4OhC820U30JOj8w9PSQODl8t442gUngPq8UycttadkN7+8/0Xr1sLlmpGBf8d2GPWv0buTUz4MZkHpu7B9r2Uli7evTtOzkVe8o58fxy/uUHAP3Jv2gPgaYRqRxTccEufSI4ede5YWPCmMqiwKLgrNqOqAIHOymtS6FHyPApzE44WMC6tRjgt5YIolltdp6VOXhyfuVHxtohg9mCzX9jHE8jgUGgmghhvnzn/xwdS0/yKmSf6aQazoAZau2PdmwotPVbcak3q9Q8FZiymLRxOQvZYMooKTQGYjJzLigWZtdEo+xumKrLlzVdSbUVtV7Gp5yAOFNFZoMbj4H52uhnu7IQF3QR0swQB7qhYsMTMb3OcIoUftUxHRH4Ce6M0urEIcaNGpYgLC96vjcANAB0JtR5vXBwYLOJXSNMb0go7uF87cMq8VSfYgnC8XT9PsN7B4UHxiRYF0ayiwvAc+DH7ZJykxT6hDD1CwcafUh3kLSPJNbfL5b+zqPDahTIFSrDmpqFuO06nZCkbFeaY0rL0xOe5tOVwM6mWI/uoFxS04WVJmLAqn6NbNBlaYaJg2ljysCi1CJvysgxMhta1krXi1LByeQdlhxaFYlpvSs8BakfN1tGWm9DJJIHNVBM+a2SjyyVSM7wT+PrCokXLioGplJRcgy3p9GxEqL/7pCLUMvtPREtLJxkh/4iYdaIT2PKitDxnRNGFh8nT/ThzX4wRZW3JT1jFOAp2RYO2PLyuxhmvxxaUcYZgjUekYDUThRO9UW6WIgIBarbbsSjZZP/XXapUZ1/pvRphnCwN07eIwMl+oCWk/VoLkL/aH9AKEhwR7py4bUJ21kffq8MWYEhsGxDOHV/F8bPWnDMms5yb5eWGFOljK9sO7s57K0szWvbBkcJwwYTZFEwfEqU+TNaD74NUZk6OKqZ4TgeAbIRRy0uu5WUui42gDqcgp+c/EjtFD8Ljo5VgbWo3HUiDG3pMBS36mAKWdbvSOWPyspY83BdtI7oUM26aAu/Qkhr40INg+/8jW6UUW2/Izstn2Yv9w1fP9kZkq6Rm6w05fJ4933v+ev8V+f+3e0BukE9t/6SZ2vF3ZPITSuEePSPibAUoGckpmSkqmpIqbpbpZbckub10QRRMLrVjf5cFSwxSOFco5eTMcnEnEE9LKZW7DEZgeZjzKG7GWwPBK0k9X2pu//CegNwfa52A8EGaxNsJfg6O+nkFl9aMSb/avr1iIrWRYqfIe3uj2IxLscmT9hFmuOmg7fzn8Sq4NnTUHEyDJ+0/GzZhbUTx+hYYwgNt4jw9C4KT54hwWaSUhUZLb/DwLrjTs+tD+8Xp2fWLKBB2ZKCK5hvAzfuj41VQk5Zt2GRdvAwe6xW4ubAqH2oup2d2IifHY/zGh6OLoBSTJyybZc7qQstUeSeoAXqDTMsFEM5KogdaRRPMdGJGSkkLMqElFTkc3SlXbGHVENC7lWzsie5g3C66lsrcTej0Qo42ig9Loik27Ph/FnygvnkHea+16jN8+7Oku4M2HL09WUfoXL0fZ24PVhG/5U7aMMWKyyG58v6uN6twzPlszrRJJvU4wrlHsJC6ZoUHWTcTL46G/f8u+kLwmkqGc/rhVCqyNZUym4Fsn+Wy2rIa/lbyueuiwagT53opmGGqgqu4Vizn2uo/YNugqJGCwxKibZpJyXOim+mUfwojwjNP5sbUb3Z38RF8wuo9TzNyoZaWUo1EZf4Tt1cfXq+TJdG8qsslMfQq7ipqsCXVBuz/GHKCyrKQhoAitmBlCWu/eHcSnaRbucyaq63+XRqR0SIJI+tL2P4HoAg2ndoDfM3srE6mcXv4hF28O3k6Qq/HlZAL4S1XLbCIQ/3ImwgBRTWNZO/GgyuyTzzdecOwFo8RQ0A9f26yAZJZRTFxI9ajHfi+RTaNZirbLMWkGhkak6VCE62dHH05FQPThZyu4hhUkHcnR2cQMoArPglDpaSy3V8dqygvN7Q4K/4TmMDLLFkfgGlTlgOS5L0Csa2JnQamBaGfXlNe0knZFzCPyglThrzlQhvmtr0FL9gj/zCigNk3TxW4yI3Fj/RjKKYuXgjX5928YLnbrUtqrFQwQDwI5wapJ90JnKwPxJzq+cY0aMQU8AI7j+WTuVSKWXG0Faw0RQMyMA1BqJBimYY+omCVkMpPmrlAjDGsghdo+IUPdnXjECCXSzHFvaJla04qCntNRIcH8QGtQ0S1kXicHzu6WdMlraAnAQx9qDakxJ7PrZSK1ggIXuOiD0jCdyjwnZYXVDY4ZXCC+i9W+0Axjp0geQRbOQxFwLE3VTQEt8awPXRmYMyLF8Mh8oWsDNObkvfMKJ5j+IxOw3OoIG+PDzA4x1LIlJl8zjQYY5LRCTfaRUZGIC11tQN6W5GZXIewjzYIblzVCBdyqVglTQgSIbIxmhcsmakLGcJEiYsJ9Avymy7iq86Q1I49xkHjQBD86Cb3qpIdlusIqkPYXdxdOZg5N8eZty8ignAuCPpMHQ68CIG87pQtScGnU6ZSRRfMZRzCV+1dZY/njmGCCkOYuOZKiqpta4m0dfTzeZicFyPvzAD6Jz9+/J6cFhhqCw7v3oHvC3YvXrx4+fLlq1evXr/u+GxQDOAlN8vL36NX676xepTMQ+w8FivoSgOahqMSD1GPOTR6h1FtdvY7li8XH7U5cjj1cXGnJ557Aaz+EHYB5Tv7B88On794+er1Hp3kBZvuDUO8wSs7wJxGMPahTux08GU/EO/eIHrv+UASk3cjGs1BVrGCN20ltlbymhdrOVW/2DcEZ81PmPnDmaaV0IUeEfp7o9iIzPJ6FA6yVKTgM25oKXNGRf+mW+ieuabrI7m3RTlb8mcet/Q6RkbvsO+v5NaXN4QmhQfb4ScuMKSX9ZMkItQs51PuTckBCoyucOYBZ4yU03SQJIWMaebnnbOyTgRIuK/QiBmG1u4mFEuLIMODhrDOBbURGc8JwXHxvGifYV7R2UZ5Sno2YLLgQUWAFlSTScNLY6/zAdAMnW0IskhZDi46awOQ5LXdPHuS33ZDhluX2cKkLlmsNe8GdyOuOfqIAjdBkt0UO8HRSUUFnYHZCmLbPTw9ToJ5dQkbSYKgUkZy0vn6BlaSPHpzsBxKz8nT4HRFp8BuO79sYMwkPu62yDjkPi4y7msM3WpFnq0VvxXFWExJvaf4rTAsxHE9xm89xm99ffFb6WHxbj6XE97F4UMFcaXs6TGS6zGS635AeozkWh9nj5Fcj5Fcf6ZIruQS+7OFc7VAJ5uJ6eK1nS296W8JZGKtCKZa8WtqGDl5/8+nQzFMcGpAN/iqwrggbiixl7iVghUl4sZIMlkCJk4YFAe4/xVuIjDrDmLbw0VnraTlPzpEq+hJlI9xWo9xWo9xWo9xWo9xWo9xWo9xWo9xWo9xWo9xWmvFaRWiVcbl5MM5fLzBg/Ndy2tjL9WTD+fkt4YpzjTsFRV6wZJKkfZ3F6jlLP+MQ/BLKBMQa6z4sZZWTbOnVZIZM1glAYd1gz4ZF0JD2MMbeH781BVtW/pJ0tGBL/syA0hQsXyeGxGnDU4ojVc81VCa05fHQRjQf71givkog8LxFq5xnD6U+Or46V18TK0V37v3c/tIEKoUXXpkIJbd+yjcUCvNABhEu4oeiplGieTI+9qrLp0mkfIYAf5/xZYOZdHz4/cGt0AzXwa05diaLMnb4/NYpukjlifBseb0mmEZn5RZVHE5+KOfXJCFfevt8bkbvms3s9tsyQ9sdah9YpUs+KXtnLTPeTInR4ZUXPCqqUbuyzCuX1TVaNOq2Di2s4wtcBAK2FuGvXu99DAiFa3DkNSOls8hXsL4qsFUk1pqzSd4IxdQbYOKpf2X+wIveHC9B2sYUKpJjhXUWh7RDkVmeUk35vvEGD6KNqWwId5LXSDFcCi0h5YQLFrT43WnHwZBT+I4N6KYAbQJd0Q9u1OY2B0ORjGI0lt/8dWaiUJ76QSiroBheZSkA/q197SM/b3M//8gFjZpbb9oq46W4pLwpQ7opMYSLrpdqI6SfE7xMjv+cPT+rT0QE2aRZd8vr1kxSpnT9rYmYxQnIosxiSdcCl/oz4o1upYWxaBfxsMAg8C5zMhp4FVW43P6YXdMX0x3DKWHvNt1bG8eBnWwe9uyWCyyFcYDvzPGrKMorTKvWdxDjAdYPq9BkrKcG9YLCBjcBMs1J1YZz+cpY2dT4Estjz3XOVUFKzLyT6akj6mzpOzHd2cgwd8kIg2nGPDGDtPpBuMaL+YxpvEzWQyQZgvuOaMFU5fT0hcj3sD5OoI7W07JASmZMUwBl8SZCczcCkyusXReDH58Q46ORuTieEQ+nozIx6MROToZkeOTETn5sUey7uMO+XgS/2x7PTemwNkdsktDi3OqyFGt+UwkFdaVnClaIQWGqvAtSw6IZRimkQwE8U81j5EdyBx0X2V/cbC/v99at6wHvGH3vnisTWhlAjuZE6MwrpKh3e6KCzD7ogDbkmlJKKGd2tyg9q/xuIuFz9AdisOgjAyYgXLc6ZgrcfSfP739+I8WjgJnfDCJQU59FTt3YaBqcqt80OLhm7wa4U7sgJZefcF73MnREFLs1IoLAyVi8zmFJgpKkycTVsoFeXYAUVwWArJ/8OLpKCF/qVtvRHYelCSsNsh0Tmt7rKhmZH8PbpEZzPHLycnJ0yiJ/5XmV0SXVM+d0vdbIyEaJ4zshsrIBZ3oEcmpUpzOmFMfNIqpJU9iuaaMFekIuRTXTDmv1i9mRH5R+NYvAkgQza7lQJnaG67ZsM1/uBPn0XHz1ThuAlEE5G+SGMIkoOVF44JbYKxa2yPRPqNwA81BK3TGKQAaeGGYaRRRo5vJgV3nfuawAqQxauE8Qog8yJ1Jr8DGMbZGSCJCEqMoL6GgLVNcDsu+w0h/dJsh+3t0m93JbRbp52F0BKcq3SxUHB0dtYVjr65efknwy1HPSleW5PTMinEM0oPGqXVj3DEz+B/H3trnaIdPpzxvSjAiNZqNyITltNHBE3FNFWdm6fWjlFArarTVC+1QDqyMvMW+ThG+JFzdA2qw44YkYBhNkDOOEit0GeEmWLSw7FDBPtm3K0sl6dAoEuBL8Duj2kr2RoYRY+1YlFSsfDuV/VTLoOB0rSft7/a7GwzC8EPoAn6u4Ri5Dz++/fjxx48t6DZ4NrbTwxFs/CSnNfQeGjlEW5kU6K99eUGJ3pj6lfgIpCiXYHfVUJw38S60qvXCY7livksZwCdi55opwtZ1E6wLRQTA2/ydR6AFRGd+6JwBWKiZcut/Ims0wJZLO4SWMtwrTmHD0/E0I0eigBTuXIqouzqsts/+al+FN+lbVc7xhB4vDbbf0HQlb3mBsM3cTV6g98zQndRe7TP9nEF6/fL1t3U2GGhP92W9X5LWfXCPBfzaxWhiZEbGLNeZe2iMbnAPRmSCIBgB62m0wX4p4BIte9WxCfl5zgTuGWwgNooJ8hoXBc+ZJjs7zk7qfBjQastIoks+m5tyKE89WQ2875obWtBKZlm01d+Uq8JNi18tqD6+Lp+zinbwT1odvAZIZz/by/ZSylFKtpJK34Yvbm5mFZM6c+h84v1BMKBG8l2CaSPg8Ses116h/IDPOU9QXTPIDioZVkWwaPaMADzVObW3UOj39E16trjRrJxGRZsKHP0OnroNRUUDMtHu0/EoIIA3muHuM3l1IIZiAIK0Sd5qMEKjvMHFentVa2BtaH51aaWLTd6wMAuBWYJLBlZpCaguwXXHPnXK9T2Q8BkwPko7D7lsd6p1q1wA+5SzOoatJsf3V3pNs5KKWfahKcszCV6Ct/7x9Fxfd5pYvL1es0kdnqmhRHFfkH84V7yUXoXAnHLF89b5DGzgCPoetrtk2CPbvSeTvnCQ/DjHs0NjmzePnnexPyMwc9+zznhnCjXBgwXaj5jFMWKrOzlNFuHG80NR3zqNQHcwX2vGVZCJPT2cqRuVjBAj7cb0bmnQx9Io4BHmbw40Bpkws7CiNw0dAJyMkXTBw8lcTw1sfpeXUtu1HfmduB3dmJfghsTuOg1mbpUwInZcgI9pB0EAaBjRyWNu2NiDr4X1lFoiyitWSYgjYRo6OrjhigTxkeCum1IwhUVOeGxy6B7WORV26dDi8C71btbIuvps0RtHD/K2N+e3c6Od0SDkFWENgDTQIGnhC25PrnH3okQ3p4KM8QHfN2McLcFhI+xZHwNCdmhRjEdk7Eh+B0iewVdTXrIdlJqLMXpjvE8ijBg66yVhIFi6oC6BGoaq5DSaqZ2aam2RuYOBPu0r2oG+ie146zQfnKGL/CBYzPls7hqoDPNA4JBee+nsStSPpe/X0tkcJIjxyO+pZkI7h1HMCaMBzABXHNlLpNS3tvmZKnu4obHltIGyW0HclFMrfo7IgtnLUWBqDQRDEdo2MFlhLrd3DHgunCMyxEu5FrQ1ts9uNEMDVk6b4TQ12GkoYRBZw2o57P7U3VMnA+WJNy4swjWwbnVPTOggSef3kUV2oZ6JFtj/OxSkCl1yG5Hk9o9cV6cy1h0gyP6wl6+91xv7h1TELg90DZD5kdPKa6aAzVpNM4gQXtJJKMwSz89cFHKh8d4npyf9fTh8cfiqjXw81rccsCIqzG38Og6Dg/SqqA33HLcXArThDrArRoFh+AaO2OlqiZp+rxG3O6GoMVk+ye2dmrvMpNg6PTQOSr4yadVrk1pyw3U20Ok8BI10+fSpIJXUJmllNHKRcWYhY5dy5wCZsAG1EPmp/5inQRetXt05LXMoieHSnEqI/kBBIbWIOEe6CwtEEg9jtu5t2BZ41fcoVtp4kYcVhHcaaXpIKil4bONFkiG2t0F18ztmP/oSZEaSK8Zq0tTIKeCl9HC1sQqNHQHSNh7tfYUnLqflKN3Z6IIcCDIuqKGa3ZZ09uUB+ThNJypKtHvZg8UeXLAVVuSgAiOdnNZgBWWpvGCEKZGWEyf8o5SzkdNySjl7OkontyfC7xSKA8tYgiM5hbmskozlbtdR2ErFcllVwImh5amQJthUYHgrIrTmBoUmRGhVsmiSTquYYjGVZSkXKCBQUkisxSh6wwxYwGqaz1mW4CJsb6PWyZUfSCrsvMlF3ZhL/6OgQrowLC90NiZ9gOr3vCz54DPo2gEa2R8knBM3dUtuIOCDCtO2KQm5D2LdnmT8zKxyoJjzfpnobmoF1Q1xGM8+YHaBhjG3p7yX/MHEOhFDqy6KCGrvjuheD0hv9jr031vJ5jpN57c3CHirXGvwTm2uDWZd/ED1nDypmZrTWkODcGicPeVixhQEejwFtxNduPvJSLsBFD0iYQEFq6SApqQMFWMw+XGzHEid9cUNh/46+uvxyYPZk05P7GpC5adEb+nAPNg7+oqvRUCfrVn5gKqV6hQ6B/oy/MLJ2t1qdi1eiTQbL1LL4+zLTudPDOk3qAQdtQu+Hccxx9pQw6zCRUuqqvHXKckDkG0LYsrmN3a34ixJzPVNLbNBunByCkhCIODopq6lMtrvkcUJyOIwNIouZTMD5iS9IBSGjT4q6npTuwsdr+gjuJ2AJTwdee0ORx53YjFaMme0AYISb59fdfW1sO5l0k3g/SNdgNU0aClyCiVMVCDln5yEcQMjWyGtWyECHMMML5xC5pdJjc+Ca0umBSjQmEAGcjOjKp+zIp4WK5Dw0ANeMaM4u/ZC+/gS92bcR+U5q8n+a7L36s3Bizf7e1iZ8/jtd2/2/ttf9g8O//s5yxu7APxEzNzqNqi5KvxuP3OP7u+5PyJbkKoiugEJZdpYNUMbWdes8C/gv1rl/76/l9n/2yeFNv9+kO1nB9mBrs2/7x88a1dLkI2xstomeaebYhX7PE0FlGiVstpajpbMyEl0+4JvjZz0Wfe9faNFEB90rNGhcAwUMp5SXjaKDTLEMOJajHF9hhjGXZ8xNn3BdMP1c7fPgxd8aN/QDACFRpDv+YCd86V2WkbfavBOzhItubLHXrY5VnS9e9XGH9aBOkpEy6lZUN+cdzjMGykL+ej5UkMD9rkxdfEUq25DP/dm4sryuYFdjLW9fmPzevvfkyumBCtH5D3PlbTz77gl7vjDvXPUFNy++7S/j/h2axsV11eXOuGtq7jttJR00E/2kesrAiPALaO4VByjdLrr1w5EomUJlKaTCN6fNHPKPiwZ1G1nmkCZf85UtzppgP1SSFWtQYkrF7H9AYy8/HdWwLC3LGgU7PBgsQqL2LNHcn9vr3tFQKV9LrDWjUtAXsoGjl5bVXaEABSFWQU6AUi37R12iAXFDmKaWSYg4jIQa865T8vS9xnvKD+a/dYkqtP9FQg6dwP7WpMrBVgWYPCPQogDwu9NCqBU657ZcgRWG3rVzoRin2huiFQFUy6fzUk4if3SWS/LpFhUtLgEDbeHrGuWVF+7lxI/GISPvqkwQfv40Dx39lMjbzQv/RwynrwNLo6YZkYlIXf4lNeXvTWYJhE/lkghXiFzxpOm9tpA4gIJGwHOLTcrZ74ZhtBcmzRUxBGm25hgj9SWvw5mJzrOHtYzYRbNUOd1XMpZpuH3zP+e5bKw96oTV/3XMa6PIy4M9tX38R7oqHBTtPAet6MlHPsSVfFknp6cP83akoV7o5AMpURH1dC0Qy5EmBGDuSq6JDFKK1pNZY2Op9XLhUjGzoL718DLNk0bulZ5sJvtH2hcudUC4lxvqQ2kJThdW7QHK/oKI4g9pxvsL7GdSPVJgngo29xekj0QkXHYHY5WQZn47h3MbS29VIwWS0dJBZvSpjSe0KNpOLkl8QB64sCmHQuu07NyFOW/MKkPkYVsO2qPvxTg+j49cZNvvW2UrNnuUaUNUwWttpKEHTqZKHaN3nj/+PnF1lMMpiQ//PCmqiIz4bT0T+3sPX+zt7f1tMNG+0Eq96TcMSQXkHidVaHB8J2wljMUeum1hNYroew47rd9EaqJWD0coPYwT7kzBLgAlO/85xviT47grW6wAiS79QwyEAeiycRy4bbnysVT2F/BkeejAOzYrtqzX54FKuTOOyZPtZY57h1I+aAVItsdhRAN/5mKYtfijpetmDRnrB+51K1ayaLJ8U6GKU+9bkzeR8vE//ru9P3/ds9C4Jsb0TXv0U8zfNkpV16T6ZddpxCbb7fVPt5Zj6eawGJCuM7dOgGBY+gL2OD2O0gM4hXqCQCqZWR+6HZ1B6czCFfnIW6lRl+SUTS/8tqc1kNW60H35t1ABvTDOECDdo51oYw119vvd2Bcs3vAXZBKjVF80hi0alXMUMyWhhCLYTTjb6HWBAzjDJnovmxquKzGlZ1q7HyDVrixAswYVjFODKTo8ERftj3UJoou9tER0dxKs244EGdFhNvLdhaMrjMPimRu6F7DCpwrep0EgHq6f6eAc6jMtSkoQ7WuEB0buKiret+DcXcuK7ZLS4+74NixQPXDue8NVjg/YZIeWLUT+EOJ4I1lpp8pXlG1dIXE7KX+/enJ0xv3dXt/b2+/U/Y68MhNQ5haUQah6+/lnOp5VhXPNwTf+5PnOEV/Uj2n+xua9fyHo/0bpj14/mJzEx88f3HD1M9dYduNTP18/2Bgai42Fy11aseOap4PW0fGIsLfXpzqnpWD5y+evXrWqWG9OWjfW2CT42FBlLmhZVwBHYyn3t57cbjXAfMLr+CBGzhcnRTcOnzKuxraA9UmdLixGlZIRPDceBQcmSatJ9lDmc867jJruRAbM26jmG4n2IaIFjVY073PA2tqNuX9/64pSxg/FZJuumh3VyFO89/vaEwcEErtIJbqodlKItP9KMolUaxk19QSoNXEIYYXUupA0tqyHwcSdvdfPOt0WDFUzZi53CBSL2AGRKvVLPWyKrm40g+WsgG4hACAJxYtI3sOQJl0kDzt7XDQ/EK5yI2W0wFd28orP4G8oqKPIEnxeXLeEWbw7KwWaZKeDKgCosr+vft4g8b+PZNpHlhOlVqmTXNpDIjwjSvS/sDUS5ptKzcGacReFy3VP6TOKx6cvIblc4hMiY4tC9npWZIigOGAakc3tdVTirukh3097X2++tY+X2Fbn6+spc9X385nkxWUHlv5fH4rn6+xjc9X0MKnr477+yt8sfoGuwjlxJOUxwE/Fzzj8pXtI16m8kuU3SDIde6Vf9368F91UfiHrgTfC0Z29PmD/3xLSu4c44qBPCNFRmc0/E7LmVTczKuQksmV82En7g5WFsipXEZvVUmoPjVnPr/g/cnzEdhZngKd14o5bp2Ro6LwYEyDdwL74LshJktSygVTOdVewWwDh8zYAoiuJCiWhbEjmtVUUSNDwWyqsWpRrTg1jDzRgl6hZ31EMD5mTp9dPt8/uEtN7oe2iD28MeyPsYM9pAksnCepWznuP/jPN7oYff/1losRg9FKeyLqxmA+NTbyD4fn7fE5JhB/6w/BoLObm/mASw4mlbEPfLuChU9GB1UTFJrBLOo0f9quFTAaEqbdiHOqigVVbESuuTINLX2ffz0iJ9AQOmm2jsWX/tZMoMsaBFsU7E5tlFU+54blSfzlvfZt6AT2tebrSQSfXr24fNG2WTw2Z31sznp3kNbV5B6bsz5qdI/NWR+iOau9PzcEyfYPbmzPM+GSTxNgY0WLEK+38IGjYw/ZGKRpe35dhWSvisDV7+7gW7Sk+1mPU5FQzkkDPI50wKNPv6Hlgi6164c0gtBVF/caNF3X5QKisF2SOBPXXElRdXIM/P5BPe9GgW7S+KSh8YRRgw0Wulj4vMa7IAHxerhp3GYa5v7gtnJ4zk3R54cbaTMp4YlUmVBkQok/Cf7JR7Q7JglJSb81tASHZBgzUep9XSKIMXY160M5F2hQ5cLRoeRxwXJeQJU2K7sCGUXGDiVKOxsvdTalFS83FRrz4znB8ckT7xVQrJhTMyIFm3AqRmSqGJvoYkQWmBbSd/Dgkz24m3JT/RB7Mi/uRNtt60sg+vJywyIozS0O3stf6TXrriDJbXmANeBsAWzQuRRduDD/HuSH2WG2t7O/f7DjCuV0od+gQLMC/6l33C1jFcL/3oXWm6EeCmI/n6N7KxtJPSLNpBGmuYnWqVrwHq0PlvjcHPDr0sj+XrZ/mLWL+W4qUPrC5YR32O93UpHjUjZFyO7TKGomCXDu5kevMpTzHpuDrGIFb6oxpD1cV2n1dshlTmTdoKy3KgdiMhyY3lrd08JdHUYcurM7bRfrNUNeVoUgnIf+RE7qCIHZvhNmum3PDp63p39sn/vYPvexfe5X6Sl5bJ/72D73X7l97tyYlsf4h4uLM/i82oPwnffDhSAm+1JIxst8mWsyblQ59mlxDHOOTbJqC6QqY0dI6Iexvu/YvzCRxTKDsL+73eA+0TZ9tY3cNKSwAyaBWbvoffXq5WoQXRDshs7whVNocTNuhPIHVpaSLKQqi2FoN4DLC2lo2Q7S7GL0iQUWDjt2AhwQz/cPnw0juGJmLjd1j2y3UIpTdVKNkcgxAR0qME9YmllvZPAKY8lNX0o/I+fMlSSTeVP5MO0wtm9ZvHXq86atnvD2+HyoNRQzI1JDOea6MYNoUmzKlNpYlPJHN3ysH5JirreblvfoN7u7k1LO0l5Oux3YXa++hz7nrlPJmgc9BfJhT/pNcK4+6h7ehz7rDtrPO+wOaG2oafS6/WruVFuhjVOcaNhncLjXdrRu1kgAcK2yuuyDESBGV87SG/2d+3hDSMBJz1sfEtVLOZtZllOxfE4F15WTM+DLUE0niVuG0lcxQgCK3QSX0a1RAr3p3Lih8CuksPqk4zB/WliupZxgzYMwEVaA8GOCzTYtjfDtuLUQ/1Za0a5XS6OzQiENLIIV6fjfhsp2k8YQRZ3Zwlde+HbsmnygPePt8Xm7efk60hAQ3AYkzO0ffVEdi8jgu3Sbtao8lu7XYvIWIg1OxzCUguJqjWUYoaSFvTrCiC7xNPS/nkkWS3jAIGhESuv+FpJpsb1tQtFXKVg0MfmKGXVj0v0M1GTpPlT0gJTSUI0prSfytFceu1XRcEGVGI/ImCll/+HwP1GroeVAnY3YjCY5zLPufX0v+3rRKU2FExEuNBQHE4TWdelKhWehJlGjGyDztApHOgq28kD/B/ZjcAJQmGGEvRSw0IBv1T9ovJdqlrGSasNzrHiXTaQ02ihaZ3/1f7WQhfWfMkjvSRqz3tivDvvDrsKQHaVTjigktLm2EQm5gyPC1Rd2PYk7xb2SI9O9Tg5WLmWDhocuFdzT4pJMeleaHRhjtxyafWEwayxsb/YrvaaDiGnEQG+KzeHFTecKCMxl0UPFLftrT8PAQjZTs9IfV5PWa7ew+RqWtFt8GATK5Imwsa6Fvq5LbjAs0JAGyskHY0hNVatXwCn6YxWNvbrGblhvDkDkpZ5bKpJi864ZaY+63ChpjcVOiUW32FFvQb4sXxhzTq9ZqKcDdcIwMzX3zcYwSQo9FkzkElyPUhHBFsAXNFGsktfpIZAkLxkVUO+qDfKXlgAlWroKn/ZamzDfvzPuk/fMpd1VP78SKIQFgSvj/TJIlCHUFS7CNY4eFpZxX+GHyyGy7p09d9WGWh3tUno8FSsgJNRe3RU3KUe65tQNk/kSPpox8vG7Y02eHx4c2q18tv/iMBtYWjalOZTqzzahY2wnK/Rl3PyEPdmq60gI6ztKS43FVVkasssaDVc/p8JfeaGC214Y0r578KxPHAfPbsTRhu8nX92KfTI7Ewq9uNZFVmcdQNQvh9biazbe+1Z3tnlFbcjP32IWh+SavCLfRuT8W5BUszbviTUToZkt8Hf2qcaKSWD5dyzZUU8gFJh5//X+QK70s+dDaG3Vmrsbbm89Md3Ch7efmKECe66unsVxZBipqhKTTLoTR04DWOoU94OifqNUK7FqRQ94dzJncrAQ342gh9qAXsmhsftLuzygvQ1uKg/YLZS4Vk3AQZ4QNnyT8bZfAzG0i2SGUdciAqgmvoICEqX2D9z8BIrevvv+qCHoDwvCpSanD8lXt2R2+XJy7XQUDPuoqkb4ZlVQEQH6P6HoSGPuC0GhLClL59JJdMua4574rOQVP3qn+Ua3UF4oAX2H9JGoZW/quByhJoNl+qHkQDqrs8PUShqZy7Ld5YiqCTeKKp4QDtYYdiUToZWkRhm5ggrTrlTfCARSWmpovF8uURGID+urZZ2YZHj+28jeXGwi5dWImIWV5ZQDZpE2M7KaR+wwlZT8umaiSBoxQWUIgCXWS7C3UBHqI8QKsnCkdgumDTk9w1IRekSgTPiIJGMuuPKVMb9C/w/lVYu0Bkz769QdXmnW30a7PtrzQeIGbw/syETacwNxH9B3r8Vnx646L7zpytgnvT/D975vz4iM/WF1P6GowuNO6KYauJFedNq5IQcxy8uNhZhsH2G8BLRoRXOwgBwQvzhyeobpqI6akk7nqQ3NH7+YVNHmf9ECR4mRstyhMyG1sTefoaKgqkjb74Vhp6VcpJvxjlElsH44NcH/NuNm3kzA82YJBLqy7Qbk7fBix14yA0Lfm/mP/6Y/HP7wb++/f/7+H7uv5qfq72e/5Yf//M/f9/69tRWBNDZg7dg68YP729+za6PodMrz7BfxMeneFbXrN78I8ktAzi/kW8LFRDai+EUQ8i2RjUk+QadhQUv8ZCkofmoEEO4v4hfx85yJdMyK1nXSzBuYDl5eTplJOrO4/sKjcCEldo50zMC57DDbmkBalV38NWeLDGFYMbFHjVSkZopXzDCFgLSAXg+mCEgLAvsviDxusnTkMGm21beQAbZbdDOVakFVwYrLL8mROD3zkYGxFLM7rslPzl5WK/lpoPXU64NsP9vP2lZaTgW9RHVqQwzm9OjDETnz3OEDam5P/MldLBaZhSGTaraLFzN0ytz1/GQHget/kX2am6pM6kSfOz4C95XvDOLf0o7/0BLaCwAHA4nnAzPflXKB3dLgLxcWFMYt5cw7BBoXFzS0ph7CX7QQvenYOxSOJkvXSAMa80t/++qYaefvpS6030NoyM98yltgYzPsO1zCQxeuG+Szrlz37sClG38ZuHb9j1E+cxfw8MV70PaEe6rZAK/ffvfSaxfxzgTvEWGfMrjRRqQEivqV5laSDC7iIOF+fZJbCMILUfwe6k2g8BwKUOhAywkTQ6kdgpJprHXOyN9wnvQYktADI2C4pEvLnJqiHhGT1yPC6+sXOzyv6hFhJs+efn2YN3kH8RtKnzjFS+fH81Mo1VniJbpI0xw8Wb+zWMws7g4Rg4mWVGuWj0jNK0Do14dOC3RiGnDNGFRqG/gx/e6mMhUivN4vh1+znNPSU/Ao1ADEdL2eSo1FskMQScEMy83Ij48eaQwsuXXEnfb95oQry12xhLxul/ALiSzB1e2rU+CgVOQMUwzdUjtl/aWY8lmj4jUniWrE+ggIHaeS7mLtahneVqVHZMEmIP1wq75zYVQDaUiILi7Fbq1gvTCuT6T0AmUUGb/xdCO0VG7YFKRkRvDtlFJrMjS0xerR2XuHGp0lxhxPGqk1h2KR9RXGHN+BCwZHq6BY+qMFWMd16kAX2ocZIW3oKD3fgG9YRTRLub4C5L3zu/7WsAYHJm8v3kGxFSmw0ZBT/FynxURyD8OEskCKgekPeuQUzMoDHh8QGfP2+PwOFqjHAiGPBULuDtJjgZD1cfZYIOSxQMifukBItz5IuH3bxpDPs9AkFpgbh99MQYv3R8erpn8oA8T2cQyC7KMgkfG9ARgexDY16NlIXTvhzZYjZ87KetqUaQJ11CqmMZQryGZBXqIYGMVKEDvCkRZEqhkV/HfXViA1PgiZxnVCkBNjBSsc58GoLYSrZFNDWFWb5YB5+RJMcefftzbisWTGINSPJTMeS2Z8GcT/15bMcP3mNgTqxdx3vzMrOHwHRH2wt9eCTzPFablZN4O3yrjJnGB4W9eJ+wpWdrVBOphBm5SVXMGQUtntnipZtQ24ylXySur0BvdFHGlZM50NZWl4B5MaRzPb2N+CkLJRaPinhn/gRoI/ZFkySOxAO4f9K9oqBsJm/JgtlLZiFu4Tqf8FA69HcOfLigrTkSYHz+/9pNL7TUkYYoyJjzIFvOuNht3vb4kqSsfxBiImFM/nSFBgGWqVGAihPrmsaiq8dGHFJVB4WsTYiftJw4x06E5pRS4IwKJKUTEDM9+Ul8a1CsVUeC9MQQQ4+J/ahQYCGHE9d0kK+wNKa7TFQvIwInRKH0GsibdRi5TC1XEeO+XfXB3/x/PQ4cVFxg6TTrcJ//qlDP6UEu2fXJz9E8uyfyJB9k8sxX71ImwaZeBTthyXO0u+upG5xftqNW+D+0kbWmIeEjqU/KwevtOkl7uvJT8wlH9tFMIwkcCSw6z57+moEEMahnaA4JjOtxPHgq6DkKCeJxfQl5Vxv7+GprjyO1dwz+csv9LNpo7QsRvey4lxq91WwdV+zVTIjevH6ryaPDt4XdDXr14/Y88O916/zl8Wr2jxPJ+8zl8fttWZZPINreikbWGHoK42sQbIf6yZCNH/Ss4UrUDPKKmYNXbtRpJJw8uCaG7f2FWs5HRSsl02nfKcR2cfia7WtgiG6LzUudxY075TUcDWiBmZy0W6YMiOCzvquoZAEzgw64/IrJQTWvbwgl8PLeSL+odf2PMJIXiD8LUxV/KcCb0xq+s7HN6VaYjtJlLIFIPEwaJd0IxQokPdLYdT8Nu4EVOpWMmKnJ+d/J346d5Z3RSi1sOQtdSaT0oW4/p0XXyCmD43pN592tcoj2qaz1kY+CDbeyghwXOyZIpIObJ9/2+uV+YZNfMk/t/vG+8RVNqOtNFqF0h/95iVJVW7M7m7n+0fZK/bVYfu3pP09mRAj7ZOq9IuMz04eLb/gIKIh6o9S1pb5iB7/U3LXJYz3dKpzpKvbtbM1xI3/BTDenVORdStY5FCFyLRGg+TcvxwhBe7CcW6gOhWijioe2M/fQ3FCqfGXhGGLrXv+4xTEW40K6eEioBvu6qaY5ARlHIELupjpUFPQXCj/3M92WS2Tommz8tfUIouXagvIImqGQSBpW7d93RJJsxZL3B5tZJWhIEoHw5VPxPE93iV+7hDdKhhuUN2yvCnvZHCh/29zP7ffjsCmH1ieWPs1bshVBxNtCwbw1o9jT1W4uzDLGXCxa5fW9rs7LH//L9y//lNOoUdT3VWjXAUz2XFrJZj+SAK6Si1hhqgmle8pKovLnTJs56tZR280w13GiWftJptwl+Ybp0rLMiliZFtzNa3VnG9280bboCBujudyjt1b+77uPmVq4Blwdi2yxsCpH3ta0O7AeB3E7bnLLbh9wiHQQcEo+2Dvf0XO3vPdw6eXey9erP3/M2zw+zV82f/bEdKmblitFivZPOdMHQBA5PTk9s3yMGw0aoTAMygQRFn32nL2iAHbZoTwCSd7AW7rfD9CEvYIGsIgRtUh43HJIljKtCgMmExmf1NGDIJDyGUTJRcaPAJ+so/Dgh/O0LAsJUdXa+bEvJnRL8u833W1/cLulOJ/YVUV1zMLkOZ841RDvNzJSXVvRHCi7UdaHfnsmK71Op636TVLmOguZOzPyZf3ShnhwQ9zaDTY2jn64qDWIG55tcStpUq2YjCysmcQc0+vzBqaCA3cJ3CAxAaNNCOXtu94IJUVCxJXdIcy/RRiEf2dcEuUhDc0FjcDby76EOqRugcg0x1L5/SssQpfHcm6WIbQabWtRRFZC2uupIgY4fFLFZ2PLKqR66YCa5gi6EYhcb0KClPNfEGgjkU1vVO1JEzGo0iEfjMqhHJSw6VJ/yjVBQh2SZNaPRlCwlUKyhgiadnXtQ3MkLP63Es5mDmViEBpLly7Bj/dXpGjOLXnJblckSEJBU1Bkwb0djADUxGFStGZLIMSSDpVG9oNsnyrBjfxdFYr3GghuP/jspQUPL0TOMeS5EUZkx9ef18kvP1sknccwN1JhzxuIL2IZ8hl0K4zJfY6tdF5Cs2o1iXRzNtlWY9Sp6HmgFkwkNunlUBMTUyl6pImhFLRS6Oz9yoGB0XM14Qtpzx6yhNuZKK5PwfH1xa4BP91P3odeXjswQWLIeKZUVDMmd3Jmeux7KOLXz47WvnVAtN3eDAFVy+BqG5aXzcL2aGMVWRrTDeFvYTnwZVL4VCdADXvrEW/OxUfx+e3K/Q4VmJ65GaI2PTnSnSdTiGdN6aAEMcm6RQSswmwQ4Fv/pCgGBbwJPui7UODBZRG7sXxCHt6cVt3MGYb6SEQCDHOPyuX0Jofe2KX1huQAvL5SsqDM99srYLBWWf8jkVM+b4WbRS+GhQI8k1t8vlv7MkwEGQnCkwzsRCG7HEqp9jSsvS8yrALcSjGjaTylWecQVWtOFlSZjQjXJhqytKJViETXliYk6aX5fLuxhMkJNvSiDDMCKsxoMbE64OrNnnGUw14bNGNrpcIjWnyUGELCxadNDnIGiJWjY+ItR3TsFuG9C5Tlo6yQj5R8Ss612YNlXAU6XoIqa1I92PM/eFK8HYFiSFvRliQZyiwYwmtPWM7f0DXTtcQ5rxiBTMXllQEdH3dJYiiSm2YkdHCqQ6WzuGbZUg6OJOXAUzWoKjLxrcaGOkkJVstA/BALzHrwOA3rvtEuqPzj88dU09ymU04GvCaD6PRRMQladQCYL1E4b2n++/eN1dcysg5qFjYFrgfS/lrGTk3bt2JsN914n5KxSIgQ79scSOi8OTrkowH8q32n/VdnwOdT+6n64pCA2O3zY8PGbDPWbD3R2kx2y49XH2mA33mA23+Wy4z0xG2+5no/USsY7RLNCJ1CWnZ9dQU/j07PpFFAg7MtCDJbENZdAJarIvUNS3L6zq55QhsOmnwjsWs/pwdBF0YlcMkztpKZ5ZSWrFr6lh5OT9P9OiIO2zAhpWKWlBJrSkIofTmhQPkIoo2dhD3EGyXWe/eMp91G2OCICCJ18vCr6s8NCZqzj0OTJcx5lyew2buzlSHNpXkbjlQRqc1Jeb7Z1p1Yo5n82ZNsmkHkc49wgWUtesCCA3Ey90hi1v9atBA0wYzmmBU6nI1lTKbAYSfJbLasvq8VvJ526maKsOfMEMUxVcuLViOddWy3HREaB3Qk1OsFE3k5LnRDfTKf8URoRnIDrpze4uPoJPWO3maUYu0IhoJKrsn3gVCsVNlhg6tySGXsVddTX9oUXAQpKSTlipUSUW0oANHcuM2bVfvDvRIcZzK5dZczXU/ywgo0USRtaXsP0PQBFsOmXYA9XI2kkubg+fsIt3J09H6H2BelvePtUCizjUj7wJEFDk+iEkjzt/To94uvOGYS0eI4aAev7cZAMks4pi4kasRzvwfYtsHpsyf1mC0GNT5semzIN78tiU+bEp82NT5hubMrvC5fBc4ub0X92S/OrLnnedZib9TSrIR7WyfQx9L6ihDrgF1SSXZQlNQW5JcJ1yUbiOUp46oeorkmXonujntk/6HLL1fTqsnrOKKVpusJj3Wz9Hyp6kswZ58J/wKej+7BPXRj/tVWgpXNXFcknQ/aYJzZXUmigG0VeuNv7YDQinz7dz6Esmr+jh9Pne3rRt3djEcdrus2bftbURAr3dCHHo8uhQgvn5teI64TlyiqEgQhbMmdlaS47ephCuBAQD8lzRMqR5xLpXun6aZQqMq3tT0SumCTcxuSLlnlFCtXSaVG/EgyFYj2rbARX2wFiZnOdNSRXAG4Zk2IcqtuxoWwSdC5Rj5Idg6LzSrgRnWqy7BQa04pIttLcbWjrcuAxz6RyyY/ueY+mWw8NHi31X47VPb8Wzl+w5m0zZHmUv8sPXLw+KCXs93dt/eUj3Xzx7OZm8Ojh8Ob2tPPP9UGR6BXtiixUhHHcaKArRKnyQUGk4mXBXQthMqGxdygVuf8Gt2j5p0irWvq0FYlU1EKISLh6LVd2+nlGR95ED2lBh3wYLUTwhIhin293zwL5CNazgbdoBs32K/E3dxC54zjTTaMNis4SoKv6VUaOHBkGNq2BT2pQGmg/UIWwtPGo3MpaEdjFWUO5JuDpPjlzZAF21OnnupAUtAxHJYqO9LgM10UASMGWHzySUYBYSeVGrGpZ/2XNFL7Ha3+CYGpmKRCHMEgpGZFizZCoVGyWb4Jce2GL0G0y8YBMGdddJgMwHgPnR1qOlDktOQOhTVAcA4dPtwRjgnmkTqqPBDJpBUs3STi3hJLsuvWFcaMnovJA5qw0uLsyGEAOKvXDlgGSu1ImP2NPtpozYGWnWcD0PuxYPJRxpe19g28Z41bt7TmoLKkklXdcSyuFFMO0tvYElxOE7XKhNNZHBeOp5SnaQKwQcu0VVVGB4lWYDYoKfb2fP/ddJn9FJwOW9ekAx8hfH76z1jykfdKd7Al5MqMZSC+qhA/JsS04IN3QimPuVJJO89Rt0OsVBYjVfiBVqQ9c9oStYb6gbPm5x1aGG0unvre3YXIGf7f/yufztDQkBZi3dor8rkQdDzXJ5Rai9krBoDjNEinLZ1S2u45SBuw80CMoOsrQ+OcahtdSs+M0NWhY+dXtUYtIGnTqXzG5bJGyPlIQf3hJ4mLqd7twq/gHD41yg32N43GN43GN43A3hcXhO3DalbVp6OHywGDnfZ/IxRu4xRu4xRu4xRu4xRu4xRm5ljBx2G/uzxcg5qMkmY+Tc1X5LbBgtXUBVPLUyhI0NxoclqVLEKAoKkJh99fFyK9GRfSE+vsJ4ufWFugcMmhug+T88aC4VNR+D5h6D5h6D5h6D5h6D5h6D5h6D5h6D5h6D5h6D5tYKmoPCTIhX58y5iN/c4Mz5Dn0vlk5KqjWfLtOurrRkyv6Z5xIrfth7181FDP0khay8qSVUoZ4z8p4bxcjRxcV/O/4bmSpaMewb7h5tBdJB3QOpYJ1tQNzsWKoy1EnhyonMTod0Y56enI/Ih++/+9l1W/bOeUpILqvK8ggHL5r9cRGZobnhefYtgOELBbkhc1qbxnntreDupCRf5iG0gEZ0OA1ui1c1zc3W0/Y0LJ8DqWXfesUlrj7UJ/ITosvkigvQAkDQofnc8nHQ8yZL4s1PBryInvxgrhFsUp7Lqi65xqCZmaSlh4+JAqyGpGDCnlCrlqLLcOvpHdxoYVcfgJU6DIcpg7N62igo7uK2hP+O5k5PQS0JEHcafg+7EUL8mNU6IWwNtsvejWEyN1q7qTLxAq8Lhigwggh6BYeq9npEmJWOwQZADeFiZpU/wytsu6yYUVLXKHaWCbh0NsMF+pIoneP//vTi41t3vtqaC5Lzxq5iS9IcdVNEpydIoEePvX+4Wk2+FE7KDsIi31Oj+CdygeOEHXSm3aQWW0ae+O72+s3uLjWG5ldZZceEKtEIid69ONrbO9zbDRM87WINHxjC1wOJBCFQY33cRXSlLPXhcYdcbQh3UNOIiXxz5QgZCXOQRpV/UgzeaYSA43BvPMSRDmyxjVfc5+FTHdZ773j1wOjdi/3D169vOtf29xVo2+DJbkXa/klRt1oYWIHPP+a0r43d1o2/oQO/PnbvNEbAtaK5t155UT75arUsfxIjt/0gw4kAVNBy+TsjNVOgnAkIT1Oymc1l43UzSiqeKxnSVpK2LSCMWwVFMHLN2SKL3XmD2Om2KQGcJDI8Ucwu3miyEz0Gvrzfgk387z4+aaqkMDtMFJ2Awx27nN8apjjTpKJFWEfU8CY0v0rf1Ot3xbHQb5Dxrs44wYmj8n2E3yC4Oq7NaWpoUo2VCV1QL1aXJkbOmBWSwfIbhoxmHzQCeITPqShK3LwkmtcwteNcbizBZM8mejiZvj6YPnv+8uXk2WFBX9BnOXt98LrYY3vs8OWzF130hlqKfwySw/QdVPvvvUHde21CoAHoBRWjulHO7waaZsiWsbpwGBJbWjn8ggLtajf00Le3N9178ZLSvQl9vXcweZlwhUaVKUf46eO7W7jBTx/feR3Tx2vrpgZHJPZisFMaMDdALg8t7Ssa67W6J0Mx1jkjE8UoFvaVC2FJQhKdz5nVZLzrqqZm7t6X5C7tpzZrHj1x0ZLOnKLK2DFra7FYZC5KOMvlVjt5AGpKY/g+BXxWdImXkysxeXpmV7trUWjxirbXchkbxtGuSwVdMJCYAO3JtfPBJEEFGN48k951OnZhlS4ys0c07SW08Ao43GDzFHBguY7mvkUZsGtumZOfPHJ4qfiMC1r60xDQ0qiyE5reGYJrDHyGis5Te6FhAuIIeqhJY1mhWoK8MIfz1n6/M3jJKFizaqa4LEjVaAODTJhrssiKAT8Z+rng4QkjW7WYbcUkNPv6Vma/6+9Q7W7AxHQyq6J3//5Lpktlkgh0ixQ6Na6l8Pgv44T+jay3OsgZ/2WMyWJtH6IHumOq3WAbzNMpumEsWwI7Ga/sMXO2MqjGauXpcIiWSYwytpcN6+KCjC2N2fHGI7KYw42Ih9BlcmkoUCy0UQ1ccvZQY7lZL4S0A7TTUIIBka99Kt8cHj7bxTSE//jt31tpCX8xsm5h1B+SzV2IlSwgTS2eRyARHYqYh9X2Q5uSHE4RQp8rKbiRiosZnhRXJ7wITHPC7JF0mznCZCiq0+2hOZS1L+XMBdzZV+2phwZEvzYQM+E2BKtXU7hvus7osJvBqBpeC8NSkIgXVAdAR637cDAT+bM21o624ufWntdU62Qn77/JFQ7fkb47TUc23KusPXfCgxyCtjrgbCAkKw0F6sFxePis333j8FkLKCgYv8nLFCZwRByCSwFe/AXXNriGVN7c6hBbj8f/B/B49gkvu3hDp7NAAiAKPuF2F9K+Cyc0MWBgC/oEdp8jj+3pKcw3aUx4apRMhovF6zyMiBEjgrCqNhEeAB2fHLu3O9lrrXRTMmFmwZhoGQXMQqJM17nI/ugwMMuCH2PAvp4YMFRuNkUE5zD6ap4It81W595F69j4zaB8hvCuuLfaevdjdBt5jG77rOi2DQdepXUrEhklhaBlBNG3tz658KFx3XTVfufNEEWH4i32v72mQeZ3+ng7hfW7pC0nvcaYfwYZP2mYif2GM+1uVB+eQyqJPSHQlMoLr056g03oAOQEbritdWJHre7gsP+XDUz8I2MS/0ThiP/qkYh/giDEPzr+8DH08NbQw68u6vBrDTi0T13SmTeJJVcyid+ucTHjGP56jsXjZMV8k2rfiTGIBA64izlb+g7Vc7kglsEIcB96ryXUHMllBe31vI5bU2W1xSaA6vXLO9ylLFSPeoCT7Gbrbgk/m/uqCg/QkjcFKKKuB9Q5nVLFW0Bt2KD5k3Abet0uvBKJayCR/ndelnT3ebZHniAa/zs5PvvJoZT8eE72Dy73UZp/T3P7xd+fkqO6LtnPbPI3bnZf7D3P9rP954GdPPnbDxfv343wne9ZfiWfElcKZnf/INsj7+WEl2x3//nb/cNXDk+7L/YOs3bfW6mzKa14uSkz04/nBMcnT7wSoFgxp2ZECjbhVIzIVDE20cWILLgo5EI/7SEQn+zBvTlfwI81UzSJrPTCEIjEoDLNWSQABUnJK4oo4Ha+l7/Sa9ZdwRVTgj3YGnC2ADb6ienCs6Mu5IfZYba3s79/sAN99XjehX6T9UOG8e/9nAn2VyH8711ovYj0UBD7+Rzd50wYqUekmTTCNDfROlUL3qP1wQJSmwN+XRrZ38v2uxxls6D+V5/rrrgaLBf8ZsdO8oZMMDWBinwuFX7cwTD9b4Is8Vd8pjXb/4BBj7052kX2TyA63AXUe+UIhMvSdZWEBYLuNlgSCuCdS22SIzSEkhYsP7jn/dLdqlsjTyD4n1fs91gACQemJQ8esJqa+RtnWOg8XPGZojifUQ1rj45raQ0rJ7+y3Au5+OHy1pX8j3CLBczCPoI4PWsUoNMV2hpYXw9p/bWFQqzrLAsGHdyN/sCDW3fj6FBQCyLGMl82cN0dv+BYAJNDc2d812oMjqjzUjZFpN9j+9HbcqDuHXUlpgeQ/979imJq3npVE1oUPu4R6oldwgOXfkjfW1uqlMJbq4YXslpJSxFRS44xCvjLzqeb6SOVAt0r9py54lGwYjz3A5Pzis7YwNS04jt0khf7B88GOUyc/dSOQE5PguqNePJb4WjzL+TIkgkWM4aiwOGUhCIbzNAsoASQfAudDT58I50lc3gAY/Hum6cJCwrP33mmNY5OZ651z08yW0XzORfsMiluefNk7oUseWHduRxf5yU3y8s1uOnNb607q6PxdTeud77WnQcr46w1R+vRwfE9PypkfgW06hjSif88cLzwNyhk2i1P6X6z51rPpTKXeC28IVNaQsS1v8Vxvp3AjFbctgEsMqBtt19pMRFf7DZidxhZCcKGXxlE2oqpLMe5+2zA6ZIDdcdZO2+uN+nnT+e8qOQv5OLHkx+tYLMgRpKK1pbJavYfPVhaUga5WdIgq/k5CTwdQcg85dr7PNLtD/hpYJBTMZUptbprAYoke16TEKj9fpA83b3x9vg8zcvkobooy3W2rMrMPYf5q9SlhgopduKbHYurDFGOqyl99da0zKJ+iImUJaNiTfROI0bA+h63vT+v1Nmk4WV/yv6Ohtt7a//Vyf7e6631wPnxnMAMqXF2GBCrwQ+eg5tg0UYxk8/XB8bPgn4VsQwUeNVMoNoSlHZzdPi39LuBcePvQdhrS25xUJJS4c1cNb50K2dtAX0zzXUxXstimO3c6TAnGKhlgebIwamaAR7+uTOdyYL8dHrSn8j+r65pfn+LiiP2J+vU77+HybwNqz+ZY5fffjFjTn6+rGhdczFzz259u+YpSiB2F0lF6z7I4HyB8/71wZ3ANgy8YlDyWDNzv1scx12x0QWrS7mEuOt7nTiOu2JiqGg/bcp7X3Iy8Iqpb5GDPnfidrOEuwt9Xz4vjusuGMfL4+1yFr4YGNf9GO+VoNQO3QNxbHKnS4B9WlfsdDNk7BPLG0Mn5U2ip1vxr7KUV5zu0MbIgutcXqfKyf/EX8mJ+2VJ0udIonnfaj0ZGCq9hR0cYchVVkH3XIYmprYV9Q4mNW8gddXE5TQAkJhJh+fkN5lnV0z3luZz59bETJjgbHZlRVwoG+OQAhHKVxQNRBZDj66mbtk0CcaSVlh+NxgFwbFeU0UrBk2XFJkwOwTsm6tMghFP8IX9iCF5vADQNLuGbmM1VUZjbOPp2cibloDceTGCYAJw57RAoqIg3GjXcGIIhS7JrlayaHJzd0ReuFrXeHbdMFZMDGu7adrPJpfWtNs6WP6fJDM/vWVqUUj1eTPju2mpb1x+Qgs6aSIzDIfPVbzz7D99fEfmVvmELhgwnaNWgOQmpOeN6jgz2mrSill/DplAfn3YngNJ3KmUtDFzJowrAOMzRILVt+O22DpGp8T/lI0StJwwarbWc2N8gQcjl4oVTVWvZPkr7yoXwOgT69HfVOz4Ab2Tcs7KOoaFrLpAGsHNl12cR4koJqekYlrTWbxFLdl50FxlKOchs1OHQjmdMJU/AixwoCRARZIFsig+e6fSgkN+sNv2pSde96e9BQFheuhKA409JmxOyyleCiHvwoI3U7TKkre7UKWQ0aZo7c1q4G4FEPbJDucPkpz6YN32Q0PwpDBBNNRlW0Vtw5ZkHaX/KfZbwxUrohLf/S9x1O7tDfx+6wJdAivEa/10euI5NW5wEMtWLs3Vm97gwp59/qqAFjyI66wscL+qu1Wrjvjti4nGpN2ST3YdP/T/kp0de7C37kaXeKdXFbRi4CL1oK1eVEf52eSq7ric1AkYFYDhVQwqCF+2llugg2RDF6t/E4R3Q0q4T3pcYeXB+aJVrHm2Q2TxA4H1/d3Aqh8IrLO7geV2+P6unXPHHb7w4pELYaWVTVw8a7LglOwWIgp8fVhvu0mGT/a9Ahth9dzZAbUa6o4k+OAgp/FCHmgL0w0QDwiwXwfYXsDtC92tMEryNYmbGEr9UFeRRZ3Tn3DiVkhqGzLdTBCzfwBwYe4b4MMFXOplVXJxpR8KyqOi4PY3WhI3NTphCJStc8mSMUgenSZckN2CXd+4EPvgZVLz4EHwnQJZh6IIUMkXm3SvA/h9yoWfRcCugIaey4V2SRfJDhjFGNQeWxArSvW5Q572i/8S3hCsVAUjEBKNIbNJkmZ85SamMOX3KJ1GoTLLdrXKd3Op2G5FBZ0xleWfoTm0mK/vmFqypKW05ZBcexywYph+pq6H6gaW+qucXJZydqkNNY2+dOaRL1zrNPR8Bbt1WF1YsptmeLVWz7of2TMJYO4qt2usCPS9aPsPBLv2ooadOuRrulW/WiPOn8qG4872v6AN56aVPdpw7mdVjzactW0492aViJzg7rQUz713duKNUEqs/T9nN99v92bxuZ9FYBI8LkE1rg7kjWfj3ixp97MAUGfvAn9OawwsZ11l6ItF7lisJZlkkOEMW7Tu7lSSUz/Eba4kLq5dR9rLtWL4ViMjHt1Xh8/3pvsvXh4U7MXhi/zVq7zYf/aM0qI4nB4UL/fWjOiCSvYBvDRPRDXC8IqRfJmXMYtZcJOeM3D9RoGMiwHVpSvPfMmqdyHRXpc8Z/Dnzv7Bs0P32V2gOweZzmXN7oCAXAqjZOkOJCiZXLQMN3POFFX5fNlf35ABcvBUrl7fLeDBDC2pp2tOIlKttuetloHuvhO3QLqGdTFAU/K1gkzXoYoOJdxh5wOY9r0VljmwJn45uGtCAnt6IzjrOebXwZuYcfEp852M1of1dovs54QSbHan72iOhYrmST3N9QCH0L0huPVSl3K2JriQS9JWbYHPKpYzfj0UxbBW6sQa95lPe7jtQptIae7vKiuKV/nrl4dUF9O9/WLCDtj04EXxcmq/OHhxmK+bKGG32UKW3mLw2SNz+LJK5IFSzr4Ufbda1lZmEyguW13473yNDAp1t+DLz+rB9/IzOXL4gCq/1HDMB3SlSnvAT2kOvz8s8H7WLwQ+1hS6J4LWzV2kr16XhTssIwhZjTayatGuYDq2uRuGegVkR2rCjaK+zmy7GpATpVk3q10xWlxCnrihnZi6VWn7uWI0gnhj2meIqlx5PFcdq3ikh98bejd939CuZnWTBn9bhIK9cAo2hWqYhs5CdLBPL/s/AQAA//8cbHCs" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/2jq7Jbdv4VzDKQ53MSfdZ2/FDOq4vjS9NYk8ct48aiIAoxCShAcA7q7++g8UnRfBLki/XTvzQRkcS+4HF7mKxu9AsJbbZElBx1rDXbq6y062LkRz+slET2Mj/gq3tbkQ8wtb52S//uv06GHu9NWYKK3Yf18zfUwHyiatPrMrhTG/2E3+YnaHZz5SwupwZaZ69ZflmBlOgt2no/kpPqleffkSQBGiM45wLl+8SwVIAKox1vbiwOVs7KAawN5tHKwtGCC835ii+V1q/wSTiDxV0FCSoxBXOTX3dP+5+/fDb4p3Iz9BdlS3QM/iDVp7o44e5KZ+vOPSLWrNoqyVyXPlG/g8brpUBk65MRnG0ocUW9H6tqECSZiCc2rMFPaG9ry2v4ssDKC4lwpng0jjOD1wUpENEq3uyqJhUi5zfQ8xiblURiGtbGZgw2ThRtVPyBb0LP+tJDwPSnTT3QFE4I+guBhDhUAxpW8oFU3YikKA5NjeTRSrgMA62nHgNJvOgk1yca4a8Qitz0Rqusg0X5uc8c1tmG4/8u3mnwZnvYOw3LhvaXlS2guuu7AVhLl8GllJR2DoKPRkQhEtFD03c1PXI7Jm+Bi5vXU9NO0M2+toYeQWXmbGS/sedqLqBccF8AcYWq80rG/Lce7lkudmSv0JK1LQ5uqGlMSyPGwuYH8tBSr4LesBxFjwusAJ5LYCdBliKvhbT2rRp3sbv9ZIFgyZnoz1wcup6R9cMllCIvWCVVDhsHwf5BK1nzbfIfYsYcUKdFbwmQX7f6J/OjAi9SDHBCqdF+mf71PgCWeNT2G+GZg2YkCW8sHRD6jczKqXZazgJb1ANHyy2gmuJCIlTofTPPJl/7peP+LDefqLX2Q+QxmsoNtudBHBW4pwmQOOSzfEqI5dX10ltGKDf6RHQ3a3fRhs+uamwsvkVeq3FBF7iBYlXiUNIM27hWQJMHpCz5Mu9chbBcAiGLXY/GE+Qf38ypBFLZw/W2PUTQStxtmEVBQUzCpj9YBF9MBZWvCtYjtCm/V+NhWplfOzEtdbXWDiC5sHp7YfReDU5vtNHhGefQFatQrp1vxPLyzxDUmGlzWpRmA4KoI3MM72u5YYLtTRmIfhFzoobeHOvjDqsrUcLJQ73mp80lIgxTfGdumlmRQxLf5JkWgcorXGmQwNNFy2oiVD3vhwH9HBwtogHfYV+e3f7Tjs2D9o7LzG0r5T0by1cGl4G6vc0ULc+R16nGxQWTnK1PQ9y+9b8SgxyV615LK3WLOjPkdM1kYDqvyfF09qN7998iO+ZZZVzemgmF7vS9hX+yh7hYnvTrd76hC/3knC5bx7QLendU9PIlE03vR1i7zpwBA6KwrS34XK5WNWsaINsz6i33rPLl7eXF9/OxqHz7gMCCHHYPI1IxglNroM+XKQSVGWb8cg4KCbVvtp5CfxUr6ioqIJzDCuH/4z/lhg3PPfOXtNzC4OiWAr7tWr4aFCzNpDul7l9jm85SaudSYs54sCWm1b57cnVoOqEDj8U0ntO0Me72zYg/b9yi7PTERVGbAPjpKXyjwTm8vbawKy6/OZoxRw9XpZ4u2VVbt+dfTNyFUUYW0NS4m0bZcjHN6dhTw7vCLc08oJCS31J1WmnOIzbMdGEbgu+g3YmJwUcxu0ArB1Buq6Lk5McDdwBesAPOhSwH3YQbNrpOx6uGdcaGKvLg3V57/+QGNc+DHbFb2pTdiCMjSYZAfp5rNtpISzoZ5rVKjrNRAnX01L8Oy/4J4bnuFacMAkHFYH8H81TdGuf7FD8Hop23oPRk8RQsRW2ePghu6KC9r2FCTE1zyUmhNRcoqZNx+Brj0CUrpmGyfpCyR3gvsfZxlafmAZTPjnEXgVkK6kpg24//kZ+exGLVFioetuIaSLTyqA0eSk+KKhsA01cUqUJE/asCuYNLvenpg+F+YP+eWaTHwA1iHDjAkrJpQl6370/c6ElEHdGzqC+DA6vGihBqFtJ4EyahbZ33VZwUmdqOiMhm8+vXTuMdhM9bX1gDxaXBti/SJ+B/CyC/PUA6CjxYSJk861jdSA/kgWJRF1V5kqTNB6uBeBk6B9//ck2YdZbFQBnpRUw6WN6Vovxd4MEqP/2Ta8cfQ9YehG3W0pcqw2tlM/pNA2KfNR379hiZtOhfuS1qHCxoljNxh1jHHGCkXFBSV1uO1V+p62y9fPu/m6Tk0rmbkBXmLGhxTZk6HQZkLpi6jjD+TpyxfgalVRKnAcrqsXOoSaNtrfp2Bp0lGXdqCb8I9CCA5QIqSCyIBbk4JnyGnu184MNzUvLvW6DHWCAB684KniO4NRtg4u1MQq+7Y9GLxe4XERf72MVY4Zr0pibbuQGEYR50sO5hcTXcRlBPz4xTlC0umxuUZu4RU2v4n82WYXsV/uEf1HByMVF4vkggbYvJJTVfry7dZraTLB3yzpJk1Q27tI4PWHXh1MFsuBQHEOZ137l/lR1LfFhYkIw6bxgq3OrD93/o/lcL+zZNLk0Nr0stdNSsCo+Qesmam/z8yWpmkhOfAgYNgBpKpIbhONoGcAOet3Z1Jk+DKcxxduTllboXDhHUTFybftmE4+E1g/T0No+Elrvp6FlZ/h0ZueD1Q5HGh7+UGlv5UsYnpEqOBa7hyo4fG1chyxJemWfFNmAq9POFqlurPc8wUdHOc4XckhrnHowTjiwTwNt5+C2ne5G6Th6Su6m6XjxWKZIs87unwzgRhl+EzNZrwxn/wDkPOwe/AwBS7krC1Z9ko+F5etQaWNBm0MYtOWscvdUh14m5tCEVeic0PteQvSLy6jl7qPwO0Zy63vyMukejEL8lH7hQQJs+zfLDX+QtjdONANKUApXejwg7Uq1tUPGSTvMfIhu8FEqQm1VtL9et2V++5TCmp3QOw1O5WJxLkV2nnFBz002tVhkB+wcGsrXVKPBpQHQxNt0n+Q5YtLxgJK0/KzrKlNtk30KUn/nq2XB86VUWNVyacMjR9Lq8LVxa0+dJ9mCSVOr91mn8T2jRgr7m9sRFMF+L8T+vcCOJip9qIOeklV9skGc/6kYjl3b/4cxnD7K/ozhnIaqP2M4o2M4J4tKBE0wXZbCuneHncYiFDzPrTnotW8ni/ichgjTF9WQIGp7vVLv2jhZJO00BMB2dgr+Gd6axHK6vxk62uUOvcIjIEmFk45oTT9U8m2NBo+SWHXPzUHoclQOXzczwtJ9efPXi/Xl8xdXhD6/eZ69fJmRy+trjAm5WV+RFxcjM7qgyYZHL64TEXWlWElRtsuK0GyyYipeZ3D0GxwyViW2Lvv+zDFUn0M/VFmwjMJ/zi+vrm/sb2tA51cLKE6fwICMV0rwwi5I2GSyqhG42TAqsMg2uzZ9qQBkclV20zeAHkBoeD374SToEdEVz+v2gabPxACmI6KLHpuCjUoyHSMVe5IwYeY9mvq7jsgcRBOPR3ckJjCnveiMO5gfw7cqZ9Xnhe3PO4FrwxHZQ1IJvuxMTwzHwkWh0XVO4xCH1L0U3nInC56PRPetuVM93tqCnhU0o+w+lcUwqnRihD1zZQ9DBm3FuTqdKSPkZfbtixssyfrikqzoFV1fPScv1voPV89vsrGFEnqaNWaxFYPfjplpYxX5AwXPj2XfYGSts5rA1JzvDjcjSadugF8OqkPf+c/oteUH9BrAisUtK9vLZY2zZs+tR0HeQT0S+dBW7UQCLesp3lfr8uIJZHgnq5bK3x1vUK+oVD69L411B2avxYopgYVvUBo3bbeuNN2vahcUkyXUiSu8l1PXVbZv+/7ZJ71lnz6rsnN5di2rsKTT36W+jb9XeH9n1beDH8pQ0AbHNhzRI/vsYFde9t8AAAD//0KsvxA=" } diff --git a/libbeat/_meta/fields.ecs.yml b/libbeat/_meta/fields.ecs.yml index ed90789df0e8..c1f8f0102b2a 100644 --- a/libbeat/_meta/fields.ecs.yml +++ b/libbeat/_meta/fields.ecs.yml @@ -1,5 +1,5 @@ # WARNING! Do not edit this file directly, it was generated by the ECS project, -# based on ECS version 1.2.0. +# based on ECS version 1.4.0. # Please visit https://github.com/elastic/ecs to suggest changes to ECS fields. - key: ecs @@ -129,6 +129,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Organization name. example: Google LLC - name: client @@ -171,6 +176,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Organization name. example: Google LLC - name: bytes @@ -313,6 +323,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: User's full name, if available. example: Albert Einstein - name: user.group.domain @@ -350,6 +365,11 @@ level: core type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Short name or login of the user. example: albert - name: cloud @@ -477,6 +497,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Organization name. example: Google LLC - name: bytes @@ -618,6 +643,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: User's full name, if available. example: Albert Einstein - name: user.group.domain @@ -655,6 +685,11 @@ level: core type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Short name or login of the user. example: albert - name: dns @@ -748,7 +783,7 @@ level: extended type: keyword ignore_above: 1024 - description: The class of of records being queried. + description: The class of records being queried. example: IN - name: question.name level: extended @@ -876,6 +911,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: The stack trace of this error in plain text. - name: type level: extended @@ -913,13 +953,17 @@ level: core type: keyword ignore_above: 1024 - description: 'Event category. + description: 'This is one of four ECS Categorization Fields, and indicates the + second level in the ECS category hierarchy. - This contains high-level information about the contents of the event. It is - more generic than `event.action`, in the sense that typically a category contains - multiple actions. Warning: In future versions of ECS, we plan to provide a - list of acceptable values for this field, please use with caution.' - example: user-management + `event.category` represents the "big buckets" of ECS categories. For example, + filtering on `event.category:process` yields all events relating to process + activity. This field is closely related to `event.type`, which is used as + a subcategory. + + This field is an array. This will allow proper categorization of some events + that fall in multiple categories.' + example: authentication - name: code level: extended type: keyword @@ -945,6 +989,7 @@ your agent''s or pipeline''s ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used.' + example: 2016-05-23 08:05:34.857000 - name: dataset level: core type: keyword @@ -987,17 +1032,35 @@ ignore_above: 1024 description: Unique ID to describe the event. example: 8a4f500d + - name: ingested + level: core + type: date + description: 'Timestamp when an event arrived in the central data store. + + This is different from `@timestamp`, which is when the event originally occurred. It''s + also different from `event.created`, which is meant to capture the first time + an agent saw the event. + + In normal conditions, assuming no tampering, the timestamps should chronologically + look like this: `@timestamp` < `event.created` < `event.ingested`.' + example: 2016-05-23 08:05:35.101000 + default_field: false - name: kind - level: extended + level: core type: keyword ignore_above: 1024 - description: 'The kind of the event. + description: 'This is one of four ECS Categorization Fields, and indicates the + highest level in the ECS category hierarchy. + + `event.kind` gives high-level information about what type of information the + event contains, without being specific to the contents of the event. For example, + values of this field distinguish alert events from metric events. - This gives information about what type of information the event contains, - without being specific to the contents of the event. Examples are `event`, - `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a - list of acceptable values for this field, please use with caution.' - example: state + The value of this field can be used to inform how these kinds of events should + be handled. They may warrant different retention, different access control, + it may also help understand whether the data coming in at a regular interval + or not.' + example: alert - name: module level: core type: keyword @@ -1019,15 +1082,15 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 - name: outcome - level: extended + level: core type: keyword ignore_above: 1024 - description: 'The outcome of the event. + description: 'This is one of four ECS Categorization Fields, and indicates the + lowest level in the ECS category hierarchy. - If the event describes an action, this fields contains the outcome of that - action. Examples outcomes are `success` and `failure`. Warning: In future - versions of ECS, we plan to provide a list of acceptable values for this field, - please use with caution.' + `event.outcome` simply denotes whether the event represent a success or a + failure. Note that not all events will have an associated outcome. For example, + this field is generally not populated for metric events or events with `event.type:info`.' example: success - name: provider level: extended @@ -1095,9 +1158,15 @@ level: core type: keyword ignore_above: 1024 - description: 'Reserved for future usage. + description: 'This is one of four ECS Categorization Fields, and indicates the + third level in the ECS category hierarchy. + + `event.type` represents a categorization "sub-bucket" that, when used along + with the `event.category` field values, enables filtering events down to a + level appropriate for single visualization. - Please avoid using this field for user data.' + This field is an array. This will allow proper categorization of some events + that fall in multiple event types.' - name: file title: File group: 2 @@ -1116,6 +1185,17 @@ description: 'Last time the file was accessed. Note that not all filesystems keep track of access time.' + - name: attributes + level: extended + type: keyword + ignore_above: 1024 + description: 'Array of file attributes. + + Attributes names will vary by platform. Here''s a non-exhaustive list of values + that are expected in this field: archive, compressed, directory, encrypted, + execute, hidden, read, readonly, system, write.' + example: '["readonly", "system"]' + default_field: false - name: created level: extended type: date @@ -1139,8 +1219,19 @@ level: extended type: keyword ignore_above: 1024 - description: Directory where the file is located. + description: Directory where the file is located. It should include the drive + letter, when appropriate. example: /home/alice + - name: drive_letter + level: extended + type: keyword + ignore_above: 1 + description: 'Drive letter where the file is located. This field is only relevant + on Windows. + + The value should be uppercase, and not include the colon.' + example: C + default_field: false - name: extension level: extended type: keyword @@ -1211,7 +1302,13 @@ level: extended type: keyword ignore_above: 1024 - description: Full path to the file. + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Full path to the file, including the file name. It should include + the drive letter, when appropriate. example: /home/alice/example.png - name: size level: extended @@ -1224,6 +1321,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Target path for symlinks. - name: type level: extended @@ -1370,6 +1472,17 @@ ignore_above: 1024 description: Operating system architecture. example: x86_64 + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain + or NetBIOS domain name. For Linux this could be the domain of the host''s + LDAP provider.' + example: CONTOSO + default_field: false - name: geo.city_name level: core type: keyword @@ -1467,6 +1580,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, including the version or code name. example: Mac OS Mojave - name: os.kernel @@ -1479,6 +1597,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, without the version. example: Mac OS X - name: os.platform @@ -1523,6 +1646,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: User's full name, if available. example: Albert Einstein - name: user.group.domain @@ -1560,6 +1688,11 @@ level: core type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Short name or login of the user. example: albert - name: http @@ -1579,6 +1712,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: The full HTTP request body. example: Hello world - name: request.bytes @@ -1612,6 +1750,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: The full HTTP response body. example: Hello world - name: response.bytes @@ -1963,6 +2106,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, including the version or code name. example: Mac OS Mojave - name: os.kernel @@ -1975,6 +2123,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, without the version. example: Mac OS X - name: os.platform @@ -2039,6 +2192,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Organization name. - name: os title: Operating System @@ -2056,6 +2214,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, including the version or code name. example: Mac OS Mojave - name: kernel @@ -2068,6 +2231,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, without the version. example: Mac OS X - name: platform @@ -2096,6 +2264,16 @@ ignore_above: 1024 description: Package architecture. example: x86_64 + - name: build_version + level: extended + type: keyword + ignore_above: 1024 + description: 'Additional information about the build version of the installed + package. + + For example use the commit SHA of a non-released package.' + example: 36f4f7e89dd61b0988b12ee000b98966867710cd + default_field: false - name: checksum level: extended type: keyword @@ -2140,12 +2318,30 @@ ignore_above: 1024 description: Path where the package is installed. example: /usr/local/Cellar/go/1.12.9/ + - name: reference + level: extended + type: keyword + ignore_above: 1024 + description: Home page or reference URL of the software in this package, if + available. + example: https://golang.org + default_field: false - name: size level: extended type: long format: string description: Package size in bytes. example: 62231 + - name: type + level: extended + type: keyword + ignore_above: 1024 + description: 'Type of package. + + This should contain the package file type, rather than the package manager + name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar.' + example: rpm + default_field: false - name: version level: extended type: keyword @@ -2166,20 +2362,59 @@ level: extended type: keyword ignore_above: 1024 - description: 'Array of process arguments. + description: 'Array of process arguments, starting with the absolute path to + the executable. May be filtered to protect sensitive information.' example: - - ssh + - /usr/bin/ssh - -l - user - 10.0.0.16 + - name: args_count + level: extended + type: long + description: 'Length of the process.args array. + + This field can be useful for querying or performing bucket analysis on how + many arguments were provided to start a process. More arguments may be an + indication of suspicious activity.' + example: 4 + default_field: false + - name: command_line + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: 'Full command line that started the process, including the absolute + path to the executable, and all arguments. + + Some arguments may be filtered to protect sensitive information.' + example: /usr/bin/ssh -l user 10.0.0.16 + default_field: false - name: executable level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Absolute path to the process executable. example: /usr/bin/ssh + - name: exit_code + level: extended + type: long + description: 'The exit code of the process, if this is a termination event. + + The field should be absent if there is no exit code for the event (e.g. process + start).' + example: 137 + default_field: false - name: hash.md5 level: extended type: keyword @@ -2204,10 +2439,155 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: 'Process name. + + Sometimes called program name or similar.' + example: ssh + - name: parent.args + level: extended + type: keyword + ignore_above: 1024 + description: 'Array of process arguments. + + May be filtered to protect sensitive information.' + example: + - ssh + - -l + - user + - 10.0.0.16 + default_field: false + - name: parent.args_count + level: extended + type: long + description: 'Length of the process.args array. + + This field can be useful for querying or performing bucket analysis on how + many arguments were provided to start a process. More arguments may be an + indication of suspicious activity.' + example: 4 + default_field: false + - name: parent.command_line + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: 'Full command line that started the process, including the absolute + path to the executable, and all arguments. + + Some arguments may be filtered to protect sensitive information.' + example: /usr/bin/ssh -l user 10.0.0.16 + default_field: false + - name: parent.executable + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Absolute path to the process executable. + example: /usr/bin/ssh + default_field: false + - name: parent.exit_code + level: extended + type: long + description: 'The exit code of the process, if this is a termination event. + + The field should be absent if there is no exit code for the event (e.g. process + start).' + example: 137 + default_field: false + - name: parent.name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false description: 'Process name. Sometimes called program name or similar.' example: ssh + default_field: false + - name: parent.pgid + level: extended + type: long + format: string + description: Identifier of the group of processes the process belongs to. + default_field: false + - name: parent.pid + level: core + type: long + format: string + description: Process id. + example: 4242 + default_field: false + - name: parent.ppid + level: extended + type: long + format: string + description: Parent process' pid. + example: 4241 + default_field: false + - name: parent.start + level: extended + type: date + description: The time the process started. + example: '2016-05-23T08:05:34.853Z' + default_field: false + - name: parent.thread.id + level: extended + type: long + format: string + description: Thread ID. + example: 4242 + default_field: false + - name: parent.thread.name + level: extended + type: keyword + ignore_above: 1024 + description: Thread name. + example: thread-0 + default_field: false + - name: parent.title + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: 'Process title. + + The proctitle, some times the same as process name. Can also be different: + for example a browser setting its title to the web page currently opened.' + default_field: false + - name: parent.uptime + level: extended + type: long + description: Seconds the process has been up. + example: 1325 + default_field: false + - name: parent.working_directory + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: The working directory of the process. + example: /home/alice + default_field: false - name: pgid level: extended type: long @@ -2246,6 +2626,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: 'Process title. The proctitle, some times the same as process name. Can also be different: @@ -2259,8 +2644,79 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: The working directory of the process. example: /home/alice + - name: registry + title: Registry + group: 2 + description: Fields related to Windows Registry operations. + type: group + fields: + - name: data.bytes + level: extended + type: keyword + ignore_above: 1024 + description: 'Original bytes written with base64 encoding. + + For Windows registry operations, such as SetValueEx and RegQueryValueEx, this + corresponds to the data pointed by `lp_data`. This is optional but provides + better recoverability and should be populated for REG_BINARY encoded values.' + example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= + default_field: false + - name: data.strings + level: core + type: keyword + ignore_above: 1024 + description: 'Content when writing string types. + + Populated as an array when writing string data to the registry. For single + string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with + one string. For sequences of string with REG_MULTI_SZ, this array will be + variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should + be populated with the decimal representation (e.g `"1"`).' + example: '["C:\rta\red_ttp\bin\myapp.exe"]' + default_field: false + - name: data.type + level: core + type: keyword + ignore_above: 1024 + description: Standard registry type for encoding contents + example: REG_SZ + default_field: false + - name: hive + level: core + type: keyword + ignore_above: 1024 + description: Abbreviated name for the hive. + example: HKLM + default_field: false + - name: key + level: core + type: keyword + ignore_above: 1024 + description: Hive-relative path of keys. + example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + default_field: false + - name: path + level: core + type: keyword + ignore_above: 1024 + description: Full path, including hive, key and value + example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution + Options\winword.exe\Debugger + default_field: false + - name: value + level: core + type: keyword + ignore_above: 1024 + description: Name of the value written. + example: Debugger + default_field: false - name: related title: Related group: 2 @@ -2281,6 +2737,90 @@ level: extended type: ip description: All of the IPs seen on your event. + - name: user + level: extended + type: keyword + ignore_above: 1024 + description: All the user names seen on your event. + default_field: false + - name: rule + title: Rule + group: 2 + description: 'Rule fields are used to capture the specifics of any observer or + agent rules that generate alerts or other notable events. + + Examples of data sources that would populate the rule fields include: network + admission control platforms, network or host IDS/IPS, network firewalls, web + application firewalls, url filters, endpoint detection and response (EDR) systems, + etc.' + type: group + fields: + - name: category + level: extended + type: keyword + ignore_above: 1024 + description: A categorization value keyword used by the entity using the rule + for detection of this event. + example: Attempted Information Leak + default_field: false + - name: description + level: extended + type: keyword + ignore_above: 1024 + description: The description of the rule generating the event. + example: Block requests to public DNS over HTTPS / TLS protocols + default_field: false + - name: id + level: extended + type: keyword + ignore_above: 1024 + description: A rule ID that is unique within the scope of an agent, observer, + or other entity using the rule for detection of this event. + example: 101 + default_field: false + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: The name of the rule or signature generating the event. + example: BLOCK_DNS_over_TLS + default_field: false + - name: reference + level: extended + type: keyword + ignore_above: 1024 + description: 'Reference URL to additional information about the rule used to + generate this event. + + The URL can point to the vendor''s documentation about the rule. If that''s + not available, it can also be a link to a more general page describing this + type of alert.' + example: https://en.wikipedia.org/wiki/DNS_over_TLS + default_field: false + - name: ruleset + level: extended + type: keyword + ignore_above: 1024 + description: Name of the ruleset, policy, group, or parent category in which + the rule used to generate this event is a member. + example: Standard_Protocol_Filters + default_field: false + - name: uuid + level: extended + type: keyword + ignore_above: 1024 + description: A rule ID that is unique within the scope of a set or group of + agents, observers, or other entities using the rule for detection of this + event. + example: 1100110011 + default_field: false + - name: version + level: extended + type: keyword + ignore_above: 1024 + description: The version / revision of the rule being used for analysis. + example: 1.1 + default_field: false - name: server title: Server group: 2 @@ -2321,6 +2861,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Organization name. example: Google LLC - name: bytes @@ -2463,6 +3008,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: User's full name, if available. example: Albert Einstein - name: user.group.domain @@ -2500,6 +3050,11 @@ level: core type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Short name or login of the user. example: albert - name: service @@ -2617,6 +3172,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Organization name. example: Google LLC - name: bytes @@ -2759,6 +3319,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: User's full name, if available. example: Albert Einstein - name: user.group.domain @@ -2796,6 +3361,11 @@ level: core type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Short name or login of the user. example: albert - name: threat @@ -2805,9 +3375,9 @@ such as the Mitre ATT&CK framework. These fields are for users to classify alerts from all of their sources (e.g. - IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to - capture the high level category of the threat (e.g. "impact"). The threat.technique.* - fields are meant to capture which kind of approach is used by this detected + IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to + capture the high level category of the threat (e.g. "impact"). The threat.technique.* + fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service").' type: group fields: @@ -2816,7 +3386,7 @@ type: keyword ignore_above: 1024 description: Name of the threat framework used to further categorize and classify - the tactic and technique of the reported threat. Framework classification + the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. example: MITRE ATT&CK @@ -2856,6 +3426,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) @@ -2868,6 +3443,251 @@ the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) example: https://attack.mitre.org/techniques/T1499/ + - name: tls + title: TLS + group: 2 + description: Fields related to a TLS connection. These fields focus on the TLS + protocol itself and intentionally avoids in-depth analysis of the related x.509 + certificate files. + type: group + fields: + - name: cipher + level: extended + type: keyword + ignore_above: 1024 + description: String indicating the cipher used during the current connection. + example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + default_field: false + - name: client.certificate + level: extended + type: keyword + ignore_above: 1024 + description: PEM-encoded stand-alone certificate offered by the client. This + is usually mutually-exclusive of `client.certificate_chain` since this value + also exists in that list. + example: MII... + default_field: false + - name: client.certificate_chain + level: extended + type: keyword + ignore_above: 1024 + description: Array of PEM-encoded certificates that make up the certificate + chain offered by the client. This is usually mutually-exclusive of `client.certificate` + since that value should be the first certificate in the chain. + example: + - MII... + - MII... + default_field: false + - name: client.hash.md5 + level: extended + type: keyword + ignore_above: 1024 + description: Certificate fingerprint using the MD5 digest of DER-encoded version + of certificate offered by the client. For consistency with other hash values, + this value should be formatted as an uppercase hash. + example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + default_field: false + - name: client.hash.sha1 + level: extended + type: keyword + ignore_above: 1024 + description: Certificate fingerprint using the SHA1 digest of DER-encoded version + of certificate offered by the client. For consistency with other hash values, + this value should be formatted as an uppercase hash. + example: 9E393D93138888D288266C2D915214D1D1CCEB2A + default_field: false + - name: client.hash.sha256 + level: extended + type: keyword + ignore_above: 1024 + description: Certificate fingerprint using the SHA256 digest of DER-encoded + version of certificate offered by the client. For consistency with other hash + values, this value should be formatted as an uppercase hash. + example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + default_field: false + - name: client.issuer + level: extended + type: keyword + ignore_above: 1024 + description: Distinguished name of subject of the issuer of the x.509 certificate + presented by the client. + example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com + default_field: false + - name: client.ja3 + level: extended + type: keyword + ignore_above: 1024 + description: A hash that identifies clients based on how they perform an SSL/TLS + handshake. + example: d4e5b18d6b55c71272893221c96ba240 + default_field: false + - name: client.not_after + level: extended + type: date + description: Date/Time indicating when client certificate is no longer considered + valid. + example: '2021-01-01T00:00:00.000Z' + default_field: false + - name: client.not_before + level: extended + type: date + description: Date/Time indicating when client certificate is first considered + valid. + example: '1970-01-01T00:00:00.000Z' + default_field: false + - name: client.server_name + level: extended + type: keyword + ignore_above: 1024 + description: Also called an SNI, this tells the server which hostname to which + the client is attempting to connect. When this value is available, it should + get copied to `destination.domain`. + example: www.elastic.co + default_field: false + - name: client.subject + level: extended + type: keyword + ignore_above: 1024 + description: Distinguished name of subject of the x.509 certificate presented + by the client. + example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com + default_field: false + - name: client.supported_ciphers + level: extended + type: keyword + ignore_above: 1024 + description: Array of ciphers offered by the client during the client hello. + example: + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - '...' + default_field: false + - name: curve + level: extended + type: keyword + ignore_above: 1024 + description: String indicating the curve used for the given cipher, when applicable. + example: secp256r1 + default_field: false + - name: established + level: extended + type: boolean + description: Boolean flag indicating if the TLS negotiation was successful and + transitioned to an encrypted tunnel. + default_field: false + - name: next_protocol + level: extended + type: keyword + ignore_above: 1024 + description: String indicating the protocol being tunneled. Per the values in + the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), + this string should be lower case. + example: http/1.1 + default_field: false + - name: resumed + level: extended + type: boolean + description: Boolean flag indicating if this TLS connection was resumed from + an existing TLS negotiation. + default_field: false + - name: server.certificate + level: extended + type: keyword + ignore_above: 1024 + description: PEM-encoded stand-alone certificate offered by the server. This + is usually mutually-exclusive of `server.certificate_chain` since this value + also exists in that list. + example: MII... + default_field: false + - name: server.certificate_chain + level: extended + type: keyword + ignore_above: 1024 + description: Array of PEM-encoded certificates that make up the certificate + chain offered by the server. This is usually mutually-exclusive of `server.certificate` + since that value should be the first certificate in the chain. + example: + - MII... + - MII... + default_field: false + - name: server.hash.md5 + level: extended + type: keyword + ignore_above: 1024 + description: Certificate fingerprint using the MD5 digest of DER-encoded version + of certificate offered by the server. For consistency with other hash values, + this value should be formatted as an uppercase hash. + example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + default_field: false + - name: server.hash.sha1 + level: extended + type: keyword + ignore_above: 1024 + description: Certificate fingerprint using the SHA1 digest of DER-encoded version + of certificate offered by the server. For consistency with other hash values, + this value should be formatted as an uppercase hash. + example: 9E393D93138888D288266C2D915214D1D1CCEB2A + default_field: false + - name: server.hash.sha256 + level: extended + type: keyword + ignore_above: 1024 + description: Certificate fingerprint using the SHA256 digest of DER-encoded + version of certificate offered by the server. For consistency with other hash + values, this value should be formatted as an uppercase hash. + example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + default_field: false + - name: server.issuer + level: extended + type: keyword + ignore_above: 1024 + description: Subject of the issuer of the x.509 certificate presented by the + server. + example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com + default_field: false + - name: server.ja3s + level: extended + type: keyword + ignore_above: 1024 + description: A hash that identifies servers based on how they perform an SSL/TLS + handshake. + example: 394441ab65754e2207b1e1b457b3641d + default_field: false + - name: server.not_after + level: extended + type: date + description: Timestamp indicating when server certificate is no longer considered + valid. + example: '2021-01-01T00:00:00.000Z' + default_field: false + - name: server.not_before + level: extended + type: date + description: Timestamp indicating when server certificate is first considered + valid. + example: '1970-01-01T00:00:00.000Z' + default_field: false + - name: server.subject + level: extended + type: keyword + ignore_above: 1024 + description: Subject of the x.509 certificate presented by the server. + example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com + default_field: false + - name: version + level: extended + type: keyword + ignore_above: 1024 + description: Numeric part of the version parsed from the original string. + example: '1.2' + default_field: false + - name: version_protocol + level: extended + type: keyword + ignore_above: 1024 + description: Normalized lowercase protocol name parsed from original string. + example: tls + default_field: false - name: tracing title: Tracing group: 2 @@ -2934,6 +3754,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. @@ -2942,6 +3767,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: 'Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas @@ -3039,6 +3869,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: User's full name, if available. example: Albert Einstein - name: group.domain @@ -3076,6 +3911,11 @@ level: core type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Short name or login of the user. example: albert - name: user_agent @@ -3102,7 +3942,11 @@ level: extended type: keyword ignore_above: 1024 - description: Unparsed version of the user_agent. + multi_fields: + - name: text + type: text + norms: false + description: Unparsed user_agent string. example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 - name: os.family @@ -3115,6 +3959,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, including the version or code name. example: Mac OS Mojave - name: os.kernel @@ -3127,6 +3976,11 @@ level: extended type: keyword ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false description: Operating system name, without the version. example: Mac OS X - name: os.platform @@ -3147,3 +4001,132 @@ ignore_above: 1024 description: Version of the user agent. example: 12.0 + - name: vulnerability + title: Vulnerability + group: 2 + description: The vulnerability fields describe information about a vulnerability + that is relevant to an event. + type: group + fields: + - name: category + level: extended + type: keyword + ignore_above: 1024 + description: 'The type of system or architecture that the vulnerability affects. + These may be platform-specific (for example, Debian or SUSE) or general (for + example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys + vulnerability categories]) + + This field must be an array.' + example: '["Firewall"]' + default_field: false + - name: classification + level: extended + type: keyword + ignore_above: 1024 + description: The classification of the vulnerability scoring system. For example + (https://www.first.org/cvss/) + example: CVSS + default_field: false + - name: description + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: The description of the vulnerability that provides additional context + of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common + Vulnerabilities and Exposure CVE description]) + example: In macOS before 2.12.6, there is a vulnerability in the RPC... + default_field: false + - name: enumeration + level: extended + type: keyword + ignore_above: 1024 + description: The type of identifier used for this vulnerability. For example + (https://cve.mitre.org/about/) + example: CVE + default_field: false + - name: id + level: extended + type: keyword + ignore_above: 1024 + description: The identification (ID) is the number portion of a vulnerability + entry. It includes a unique identification number for the vulnerability. For + example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities + and Exposure CVE ID] + example: CVE-2019-00001 + default_field: false + - name: reference + level: extended + type: keyword + ignore_above: 1024 + description: A resource that provides additional information, context, and mitigations + for the identified vulnerability. + example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + default_field: false + - name: report_id + level: extended + type: keyword + ignore_above: 1024 + description: The report or scan identification number. + example: 20191018.0001 + default_field: false + - name: scanner.vendor + level: extended + type: keyword + ignore_above: 1024 + description: The name of the vulnerability scanner vendor. + example: Tenable + default_field: false + - name: score.base + level: extended + type: float + description: 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe. + + Base scores cover an assessment for exploitability metrics (attack vector, + complexity, privileges, and user interaction), impact metrics (confidentiality, + integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document)' + example: 5.5 + default_field: false + - name: score.environmental + level: extended + type: float + description: 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe. + + Environmental scores cover an assessment for any modified Base metrics, confidentiality, + integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document)' + example: 5.5 + default_field: false + - name: score.temporal + level: extended + type: float + description: 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe. + + Temporal scores cover an assessment for code maturity, remediation level, + and confidence. For example (https://www.first.org/cvss/specification-document)' + default_field: false + - name: score.version + level: extended + type: keyword + ignore_above: 1024 + description: 'The National Vulnerability Database (NVD) provides qualitative + severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score + ranges in addition to the severity ratings for CVSS v3.0 as they are defined + in the CVSS v3.0 specification. + + CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit + organization, whose mission is to help computer security incident response + teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss)' + example: 2.0 + default_field: false + - name: severity + level: extended + type: keyword + ignore_above: 1024 + description: The severity of the vulnerability can help with metrics and internal + prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + example: Critical + default_field: false diff --git a/metricbeat/_meta/fields.common.yml b/metricbeat/_meta/fields.common.yml index d65d152cc0b3..44bab6f614e0 100644 --- a/metricbeat/_meta/fields.common.yml +++ b/metricbeat/_meta/fields.common.yml @@ -35,9 +35,6 @@ description: > The document type. Always set to "doc". - - name: process.exit_code - type: long - description: the exit code of a process - name: systemd.fragment_path type: keyword description: the location of the systemd unit path diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 39d25edd780a..25beeed7a460 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -3557,15 +3557,6 @@ required: True -- -*`process.exit_code`*:: -+ --- -the exit code of a process - -type: long - --- - *`systemd.fragment_path`*:: + -- @@ -6192,6 +6183,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -6232,6 +6230,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -6462,6 +6467,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -6520,6 +6532,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -6704,6 +6723,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -6934,6 +6960,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -6992,6 +7025,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -7104,7 +7144,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -7271,6 +7311,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -7304,12 +7351,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -7335,6 +7383,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -7393,15 +7443,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -7432,8 +7496,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -7521,8 +7585,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -7545,6 +7610,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -7579,7 +7656,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -7587,6 +7664,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -7712,7 +7801,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -7720,6 +7809,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -7741,6 +7837,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -7955,6 +8058,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -8116,6 +8231,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -8138,6 +8260,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -8211,6 +8340,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -8269,6 +8405,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -8299,6 +8442,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -8359,6 +8509,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -8851,6 +9008,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -8873,6 +9037,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -8972,6 +9143,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -9000,6 +9178,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -9022,6 +9207,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -9061,6 +9253,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -9137,6 +9341,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -9150,6 +9365,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -9171,12 +9398,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -9191,6 +9449,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -9239,49 +9516,266 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.parent.command_line.text`*:: ++ +-- +type: text + +-- + +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date example: 2016-05-23T08:05:34.853Z @@ -9321,6 +9815,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -9343,42 +9844,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword +example: ["C:\rta\red_ttp\bin\myapp.exe"] -*`server.address`*:: +-- + +*`registry.data.type`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Standard registry type for encoding contents type: keyword +example: REG_SZ + -- -*`server.as.number`*:: +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. + + +*`source.address`*:: ++ +-- +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -9389,7 +10527,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -9400,10 +10538,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -9413,16 +10558,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -9433,7 +10578,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -9444,7 +10589,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -9455,7 +10600,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -9466,7 +10611,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -9477,7 +10622,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -9490,7 +10635,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -9501,7 +10646,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -9512,39 +10657,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -9553,10 +10698,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -9564,10 +10709,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -9575,10 +10720,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -9588,7 +10733,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -9600,7 +10745,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -9610,7 +10755,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -9619,7 +10764,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -9630,7 +10775,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -9640,7 +10792,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -9649,7 +10801,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -9658,7 +10810,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -9668,7 +10820,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -9677,7 +10829,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -9688,506 +10840,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC - --- - -*`source.bytes`*:: -+ --- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +example: endpoint denial of service -- -*`source.domain`*:: +*`threat.technique.name.text`*:: + -- -Source domain. - -type: keyword +type: text -- -*`source.geo.city_name`*:: +*`threat.technique.reference`*:: + -- -City name. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Montreal - --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.continent_name`*:: -+ -- -Name of the continent. -type: keyword +[float] +=== tls -example: North America +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.country_iso_code`*:: +*`tls.cipher`*:: + -- -Country ISO code. +String indicating the cipher used during the current connection. type: keyword -example: CA +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_name`*:: +*`tls.client.certificate`*:: + -- -Country name. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: MII... -- -*`source.geo.name`*:: +*`tls.client.certificate_chain`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: boston-dc +example: ['MII...', 'MII...'] -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.md5`*:: + -- -Region ISO code. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha1`*:: + -- -Region name. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: Quebec - --- - -*`source.ip`*:: -+ --- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. - -type: ip +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.mac`*:: +*`tls.client.hash.sha256`*:: + -- -MAC address of the source. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + -- -*`source.nat.ip`*:: +*`tls.client.issuer`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. -type: ip +type: keyword + +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`source.nat.port`*:: +*`tls.client.ja3`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: long +type: keyword -format: string +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.packets`*:: +*`tls.client.not_after`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -example: 12 +example: 2021-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.not_before`*:: + -- -Port of the source. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -format: string +example: 1970-01-01T00:00:00.000Z -- -*`source.registered_domain`*:: +*`tls.client.server_name`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. type: keyword -example: google.com +example: www.elastic.co -- -*`source.top_level_domain`*:: +*`tls.client.subject`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: co.uk +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.user.domain`*:: +*`tls.client.supported_ciphers`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Array of ciphers offered by the client during the client hello. type: keyword +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] + -- -*`source.user.email`*:: +*`tls.curve`*:: + -- -User email address. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.full_name`*:: +*`tls.established`*:: + -- -User's full name, if available. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword - -example: Albert Einstein +type: boolean -- -*`source.user.group.domain`*:: +*`tls.next_protocol`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword +example: http/1.1 + -- -*`source.user.group.id`*:: +*`tls.resumed`*:: + -- -Unique identifier for the group on the system/platform. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.name`*:: +*`tls.server.certificate`*:: + -- -Name of the group. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.hash`*:: +*`tls.server.certificate_chain`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.id`*:: +*`tls.server.hash.md5`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.name`*:: +*`tls.server.hash.sha1`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -[float] -=== threat +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). +type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -*`threat.framework`*:: +-- + +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -10273,6 +11341,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -10286,6 +11361,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -10410,6 +11492,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -10468,6 +11557,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -10500,7 +11596,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -10508,6 +11604,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -10530,6 +11633,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -10552,6 +11662,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -10585,6 +11702,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-elasticsearch]] == Elasticsearch fields diff --git a/metricbeat/include/fields/fields.go b/metricbeat/include/fields/fields.go index 1ee38f89f940..e3118dc71bb0 100644 --- a/metricbeat/include/fields/fields.go +++ b/metricbeat/include/fields/fields.go @@ -32,5 +32,5 @@ func init() { // AssetLibbeatFieldsYml returns asset data. // This is the base64 encoded gzipped contents of ../libbeat/fields.yml. func AssetLibbeatFieldsYml() string { - return "eJzsvWtzIzeyIPrdvwJXE7FqeanSo9XPjdlzNVLb1p1+6LTk45lZb4hgFUjCqgLKAEps+sb97zeQiVc9KFFtsd2e1ZwTbpGsAhKJRCLf+Rfy0/HH92fvv/+/yKkkQhrCCm6ImXNNprxkpOCK5aZcjgg3ZEE1mTHBFDWsIJMlMXNG3pxckFrJX1huRt/8hUyoZgWRAr6/YUpzKchBdpjtZ9/8hZyXjGpGbrjmhsyNqfXrvb0ZN/NmkuWy2mMl1YbneyzXxEiim9mMaUPyORUzBl/ZYaeclYXOvvlml1yz5WvCcv0NIYabkr22D3xDSMF0rnhtuBTwFfnOvUPc26+/IWSXCFqx12T7/za8YtrQqt7+hhBCSnbDytckl4rBZ8V+bbhixWtiVINfmWXNXpOCGvzYmm/7lBq2Z8ckizkTgCZ2w4QhUvEZFxZ92TfwHiGXFtdcw0NFeI99MormFs1TJas4wshOzHNalkuiWK2YZsJwMYOJ3IhxusEN07JROQvzn02TF/A3MqeaCOmhLUlAzwhJ44aWDQOgAzC1rJvSTuOGdZNNudIG3u+ApVjO+E2EquY1K7mIcH10OMf9IlOpCC1LHEFnuE/sE61qu+nbh/sHz3f3n+0ePr3cf/l6/9nrp0fZy2dP/7WdbHNJJ6zUgxuMuyknlorhC/zzCr+/ZsuFVMXARp802sjKPrCHOKkpVzqs4YQKMmGksUfCSEKLglTMUMLFVKqK2kHs925N5GIum7KAY5hLYSgXRDBttw7BAfK1/zsuS9wDTahiRBtpEUW1hzQA8MYjaFzI/JqpMaGiIOPrl3rs0NHBpHuP1nXJc4qrnEq5O6HK/cTEzWt74Ismtz8n+K2Y1nTGbkGwYZ/MABa/k4qUcubwAOTgxnKb77CBP9kn3c8jImvDK/5bIDtLJjecLeyR4IJQeNp+wVRAip1OG9XkprFoK+VMkwU3c9kYQkWk+hYMIyLNnCnHPUiOO5tLkVPDREL4RlogKkLJvKmo2FWMFnRSMqKbqqJqSWRy4NJTWDWl4XUZ1q4J+8S1PfFztowTVhMuWEG4MJJIEZ7unogfWFlK8pNUZZFskaGz2w5ASuh8JqRiV3Qib9hrcrB/eNTfubdcG7se954OlG7ojDCaz/0q24f1f21F+tkakS0mbg63/nd6VOmMCaQUx9WPwxczJZv6NTkcoKPLOcM3wy65U+R4KyV0YjcZueDULOzhsfzT2Ptt6mlfLC3OqT2EZWmP3YgUzOAfUhE50Uzd2O1BcpWWzObS7pRUxNBrpknFqG4Uq+wDbtjwWPdwasJFXjYFI39j1LIBWKsmFV0SWmpJVCPs225epTO40GCh2bduqW5IPbc8csIiOwbKtvBTXmpPe4gk1Qhhz4lEBFnYkvX5876YM5Uy7zmta2Yp0C4WTmpYKjB2iwDhqHEqpRHS2D33i31NznC63AoCcoqLhnNrD+IowpdZUiBOEJkwarLk/B6fvwORxF2c7QW5Had1vWeXwnOWkUgbKfMtJPOoA64LcgbhU6QWrom9XomZK9nM5uTXhjV2fL3UhlWalPyakb/T6TUdkY+s4EgftZI505qLmd8U97hu8rll0m/lTBuq5wTXQS4A3Q5leBCByBGFQVqJp4PVc1YxRcsr7rmOO8/sk2GiiLyod6pXnuvuWXrj5yC8sEdkyplC8uHaIfIJnwIHAjaldwJde5nG3mSqAunAC3A0V1Lby18bqux5mjSGjHG7eTGG/bA74ZCRMI2X9Gj6bH9/2kJEd/mBnf2upf8o+K9WvLn/usN1a0kUCRveW8C9PmEEyJgXK5dXtJZn/7uJBTqpBc5XyhF6O6gJxaeQHeIVNOM3DMQWKtxr+LT7ec7KetqU9hDZQ+1WGAY2C0m+cweacKENFbkTYzr8SNuJgSlZInHXKYnXKaupok4EccvXRDBWoP6xmPN83p8qnOxcVnYyK14n6z6bWsHXcx5YKrIk/5WcGiZIyaaGsKo2y/5WTqVs7aLdqE3s4uWyvmX7PLezExBt6FITWi7sPwG3VhTUc0+auK1OGsd37W2eRdSIwLMDVuOzSOJuigmLj8AVxqetjY871iWA1uZXNJ9blaCP4nQcj2enbG4A1f/l1Ng2sjswPc/2s/1dlR+mYoxuyTCNkUJWstHkAq6EO+SZY0FofAVvEfLk+GIHD6aTThxguRSCgcJ4JgxTghlyrqSRuSwdpE/OzneIkg2oi7ViU/6JadKIguFFboUlJUs7mOVuUpFKKkYEMwupromsrRoplRV4vI7H5rSc2hcosfddyQgtKi64NvZk3njhyo5VyAolMWqIU1txEVUlxYjkJaOqXAbsT0HIDdDKkudLECznzIq+sMBs7QtTNNUkCDS3XZWlDLd2ayvclYDjWD1U5iBcOYh62+TkjfB1IHi3i26gJ8cX73dIA4OXy3jjaBSeA+rxTJy11p2Q3sGzg+evWguWakYF/w3YY9a/Rh5MTPiQzANT92D7XkpLF2/fniTnIi95R74/id/cIuAfuzftAfA0QrUjCm64pU8kR486dywseFMZVFgU3BWbUVWAQGflNSn0KHkehbkJRwsYl1YjnJZyQRTLra7TUicvT87dqHhbRDB7sNkv7OMJZHAoNBNBjLfPXPzzPalpfs3ME72TwSyogdbuWPemQkuPFbdak3r9Q4EZi2kLh5OQPZaMokJTACYjF7JiQWZtNMr+hqmKbHnzlVRbUdtVbOo5iANFdBao8Ti4n51uhjs7YUE3Ad0sQYA7KhYsMfPbHKdI4Uct0xGRn8DeKI1uLELcqFEp4sKC90sjcANAR0KtxxsXBwaL+BXS9Ia0wg7u1y6cMm/VCbYgHG/PzxOsd3B4UHyiRUE0q6gwPAd+zD4ZJ2mxTyhDj1Cw8adUB3nLSHLD7XL5bywqvHahTIESrLlpqNuOsylZykaFOaa0LD3xeS5tOdxMquXIPuoFBW14WRImrMrn6BZNhlaYKJg2ljwsSi3CprwsA5Ohda1krTg1rFzeQ9mhRaGY1pvSc4DaUbN1tOUmdDJJYDPVhM8a2ehyidQM7wS+vrBo0bJiYColJddgSzo7HxHq7z6pCLXM/hPR0tJJRsg/I2ad6AS2vCgtzxlRdOFh8nQ/ztwXY0RZW/ITVjGOgl3RoC0Pr6txxuuxBWWcIVjjESlYzUThRG+Um6WIQICa7XYsSjbZ/3GXKtXZV3qvRhgnS8P0HSJwsh9oCWm/1gLkb/YHtIIER4Q7J26bkJ310ffyqAUYEtsGhHPHV3H8rDXnjMks52Z5tSFF+sTKtoO7887K0oyWfXCkMFwwYTYF0/tEqQ+T9eB7L5WZk+OKKZ7TASAbYdTyimt5lctiI6jDKcjZxQdip+hBeHK8EqxN7aYDaXBDT6igRR9TwLLuVjpnTF7Vkof7om1El2LGTVPgHVpSAx96EGz/v2SrlGLrNdl98TR7fnD08un+iGyV1Gy9JkfPsmf7z14dvCT/33YPyA3yqe0fNVO7/o5MfkIp3KNnRJytACUjOSUzRUVTUsXNMr3sliS3ly6IgsmlduLvsmCJQQrnCqWcnFku7gTiaSmlcpfBCCwPcx7FzXhrIHglqedLze0f3hOQ+2OtExDeS5N4O8HPwVE/r+DSmjHpV9u3V0ykNlLsFnlvbxSbcSk2edI+wgy3HbTd/zxZBdeGjpqDafCk/WfDJqyNKF7fAUN4oE2cZ+dBcPIcES6LlLLQaOkNHt4Fd3Z+c2S/ODu/eR4Fwo4MVNF8A7h5d3yyCmrSsg2brIuXwWO9AjeXVuVDzeXs3E7k5HiM33h/fBmUYvKEZbPMWV1omSrvBDVAb5BpuQDCWUn0QKtogplOzEgpaUEmtKQih6M75YotrBoCereSjT3RHYzbRddSmfsJnV7I0UbxYUk0xYYd/8+CD9Q37yHvtVZ9jm9/lnR32IajtyfrCJ2r9+Pc7cEq4rfcSRumWHE1JFc+3PVmFY45n82ZNsmkHkc49wgWUtes8CDrZuLF0bD/30VfCF5TyXBOP5xKRbamUmYzkO2zXFZbVsPfSj53XTQYdeJcLwUzTFVwFdeK5Vxb/QdsGxQ1UnBYQrRNMyl5TnQznfJPYUR45sncmPr13h4+gk9YvWcnI5dqaSnVSFTmP3F79eH1OlkSzau6XBJDr+OuogZbUm3A/o8hJ6gsC2kIKGILVpaw9su3p9FJupXLrLne6t+lERktkjCyvoLt/wIUwaZTe4BvmJ3VyTRuD5+wy7enOyP0elwLuRDectUCizjUj7yJEFBU00j2bjy4IvvE0503DGvxGDEE1PPnJhsgmVUUEzdiPdqB71tk02imss1STKqRoTFZKjTR2snRl1MxMF3I6SqOQQV5e3p8DiEDuOLTMFRKKtv91bGK8nJDi7PiP4EJvMyS9QGYNmU5IEk+KBDbmthpYFoQ+ukN5SWdlH0B87icMGXIGy60YW7bW/CCPfIPIwqYffNUgYvcWPxIP4Zi6uKFcH3ezQuWu726pMZKBQPEg3BukHrSncDJ+kDMqZ5vTINGTAEvsPNYPplLpZgVR1vBSlM0IAPTEIQKKZZp6CMKVgmp/KiZC8QYwyp4gYZf+GBXNw4BcrkUU9wrWrbmpKKw10R0eBAf0DpEVBuJx/nQ0c2aLmkFPQlg6EO1ISX2Ym6lVLRGQPAaF31AEr5Dge+0vKCywSmDE9R/sdoHinHsBMkj2MphKAKOvamiIbg1hu2hMwNjXrwYDpEvZGWY3pS8Y0bxHMNndBqeQwV5c3KIwTmWQqbM5HOmwRiTjE640S4yMgJpqasd0NuKzOQ6hH20QXDjqka4kEvFKmlCkAiRjdG8YMlMXcgQJkpcTKBfkN90EV91hqR27DEOGgeC4Ec3uVeV7LBcR1Adwu7j7srBzLk5zrx9GRGEc0HQZ+pw4EUI5HWnbEkKPp0ylSq6YC7jEL5q7yp7PHcNE1QYwsQNV1JUbVtLpK3jny7C5LwYeWcG0D/58PF7clZgqC04vHsHvi/YPX/+/MWLFy9fvnz1quOzQTGAl9wsr36LXq2HxupxMg+x81isoCsNaBqOSjxEPebQ6F1Gtdk96Fi+XHzU5sjhzMfFnZ167gWw+kPYBZTvHhw+PXr2/MXLV/t0khdsuj8M8Qav7ABzGsHYhzqx08GX/UC8B4PonecDSUzerWg0h1nFCt60ldhayRterOVU/d2+IThrfsLMH840rYQu9IjQ3xrFRmSW16NwkKUiBZ9xQ0uZMyr6N91C98w1XR/Jgy3K2ZI/87il1zEyeod9fyW3vrwlNCk82A4/cYEhvayfJBGhZjmfcm9KDlBgdIUzDzhjpJymgyQpZEwzP++clXUiQMJ9hUbMMLR2N6FYWgQZHjSEdS6ojch4TgiOi+dF+wzzis42ylPSswGTBQ8qArSgmkwaXhp7nQ+AZuhsQ5BFynJw0VkbgCSv7fbZk/y2WzLcuswWJnXJYq15N7gbcc3RRxS4CZLsptgJjk4qKugMzFYQ2+7h6XESzKtL2EgSBJUyktPO17ewkuTR24PlUHpOnganKzoF9tr5ZQNjJvFxd0XGIfdxkXFfY+hWK/JsrfitKMZiSuoDxW+FYSGO6zF+6zF+6+uL30oPi3fzuZzwLg6/VBBXyp4eI7keI7keBqTHSK71cfYYyfUYyfVniuRKLrE/WzhXC3SymZguXtvZ0pv+jkAm1opgqhW/oYaR03f/2hmKYYJTA7rBVxXGBXFDib3ErRSsKBE3RpLJEjBxyqA4wMOvcBOBWfcQ275cdNZKWv6jQ7SKnkT5GKf1GKf1GKf1GKf1GKf1GKf1GKf1GKf1GKf1GKe1VpxWIVplXE7fX8DHWzw437W8NvZSPX1/QX5tmOJMw15RoRcsqRRpf3eBWs7yzzgEv4QyAbHGih9radU0e1olmTGDVRJwWDfok3EhNIQ9vIbnxzuuaNvST5KODnzZlxlAgorl89yIOG1wQmm84qmG0py+PA7CgP7rBVPMRxkUjrdwjeP0ocRXxzv38TG1Vvzg3s/tY0GoUnTpkYFYdu+jcEOtNANgEO0qeihmGiWSI+9rr7p0mkTKYwT4/zVbOpRFz4/fG9wCzXwZ0JZja7Ikb04uYpmmj1ieBMea0xuGZXxSZlHF5eCPfnJBFvatNycXbviu3cxusyU/sNWh9olVsuCXtnPSPufJnBwbUnHBq6YauS/DuH5RVaNNq2Lj2M4ytsBBKGBvGfbu9dLDiFS0DkNSO1o+h3gJ46sGU01qqTWf4I1cQLUNKpb2X+4LvODB9R6sYUCpJjlWUGt5RDsUmeUl3ZjvE2P4KNqUwoZ4L3WBFMOh0B5aQrBoTY/Xnb0fBD2J49yIYgbQJtwR9exOYWJ3OBjFIEpv/cVXayYK7aUTiLoChuVRkg7o197TMg72M///g1jYpLX9sq06WopLwpc6oJMaS7jodqE6SvI5xcvs5P3xuzf2QEyYRZZ9v7xhxShlTtvbmoxRnIgsxiSecCl8oT8r1uhaWhSDfhkPAwwC5zIjZ4FXWY3P6YfdMX0x3TGUHvJu17G9eRjUwe5ty2KxyFYYD/zOGLOOorTKvGZxDzEeYPm8AUnKcm5YLyBgcBMs15xYZTyfp4ydTYEvtTz2XOdUFazIyL+Ykj6mzpKyH9+dgQR/k4g0nGLAGztMpxuMa7ycx5jGz2QxQJotuOeMFkxdTUtfjHgD5+sY7mw5JYekZMYwBVwSZyYwcyswucbSeTH48TU5Ph6Ry5MR+Xg6Ih+PR+T4dEROTkfk9EOPZN3HXfLxNP7Z9npuTIGzO2SXhhbnVJGjWvOZSCqsKzlTtEIKDFXhW5YcEMswTCMZCOKfah4jO5A56L7K/vzw4OCgtW5ZD3jDHnzxWJvQygR2MidGYVwlQ7vdNRdg9kUBtiXTklBCO7W5Qe1f43EXC5+hOxSHQRkZMAPluNMxV+LoP3988/GfLRwFzvjFJAY59VXs3IWBqsmd8kGLh2/yaoQ7sQNaevUF73EnR0NIsVsrLgyUiM3nFJooKE2eTFgpF+TpIURxWQjIweHznVFC/lK33ojsPChJWG2Q6ZzW9lhRzcjBPtwiM5jj59PT050oif+N5tdEl1TPndL3ayMhGieM7IbKyCWd6BHJqVKczphTHzSKqSVPYrmmjBXpCLkUN0w5r9bPZkR+VvjWzwJIEM2u5UCZ2luu2bDNf7gT59Fx89U4bgJRBORvkhjCJKDlReOCW2CsWtsj0T6jcAPNQSt0xikAGnhhmGkUUaObyaFd50HmsAKkMWrhPEKIPMidSa/AxjG2RkgiQhKjKC+hoC1TXA7LvsNIf3SbIft7dJvdy20W6efL6AhOVbpdqDg+Pm4Lx15dvfo9wS/HPStdWZKzcyvGMUgPGqfWjXHHzOB/HHtrn6MdPp3yvCnBiNRoNiITltNGB0/EDVWcmaXXj1JCrajRVi+0QzmwMvIG+zpF+JJwdQ+owY4bkoBhNEHOOEqs0GWEm2DRwrJDBftk364slaRDo0iAL8HvjGor2RsZRoy1Y1FSsfLtVPZTLYOC07WetL876G4wCMNfQhfwcw3HyL3/8Objxw8fW9Bt8Gxsp4cj2PhJTmvoPTRyiLYyKdBf+/KCEr0x9SvxEUhRLsHuqqE4b+JdaFXrhcdyxXyXMoBPxM41U4St6yZYF4oIgLf5O49AC4jO/NA5A7BQM+XW/0TWaIAtl3YILWW4V5zChqdjJyPHooAU7lyKqLs6rLbP/mpfhTfpW1XO8YQeLw2239B0JW95gbDN3G1eoHfM0N3UXu0z/ZxBev3y9Xd1NhhoT/f7er8krfvgHgv4tYvRxMiMjFmuM/fQGN3gHozIBEEwAtbTaIP9UsAlWvaqYxPy05wJ3DPYQGwUE+Q1LgqeM012d52d1PkwoNWWkUSXfDY35VCeerIaeN81N7SglcyyaKu/KVeFmxa/WFB9fF0+ZxXt4J+0OngNkM5Btp/tp5SjlGwllb4JX9zezComdebQ+cT7g2BAjeS7BNNGwOOPWK+9QvkBn3OeoLpmkB1UMqyKYNHsGQF4qnNqb6HQ7+mb9Gxxo1k5jYo2FTj6PTx1G4qKBmSi3afjUUAAbzXDPWTy6kAMxQAEaZO81WCERnmDi/X2qtbA2tD8+spKF5u8YWEWArMElwys0hJQXYLrjn3qlOv7QsJnwPgo7Tzkst2p1q1yAexTzuoYtpoc31/oDc1KKmbZ+6YszyV4Cd74x9NzfdNpYvHmZs0mdXimhhLFfUH+4VzxUnoVAnPKFc9b5zOwgWPoe9jukmGPbPeeTPrCQfLjHM8OjW3ePHrexv6MwMx9zzrjnSnUBA8WaD9iFseIre7kNFmEG88PRX3rNALdwXytGVdBJvb0cKZuVDJCjLQb07ulQR9Lo4BHmL850BhkwszCit40dABwMkbSBQ8ncz01sPldXkpt13bsd+JudGNeghsSu+s0mLlVwojYcQE+ph0EAaBhRCePuWFjD74W1lNqiSivWCUhjoRp6OjghisSxEeCu2lKwRQWOeGxyaF7WOdU2KVDi8P71LtZI+vqs0VvHD3I296c386NdkaDkFeENQDSQIOkhS+4PbnG3YsS3ZwKMsYHfN+McbQEh42wZ30MCNmlRTEekbEj+V0geQZfTXnJdlFqLsbojfE+iTBi6KyXhIFg6YK6BGoYqpLTaKZ2a6q1ReYuBvq0r2gH+ia2443TfHCGLvKDYDHns7lroDLMA4FDeu2lsytRP5a+X0tnc5AgxiO/p5oJ7RxGMSeMBjADXHFkL5FS39rmJ6rs4YbGltMGym4FcVNOrfg5IgtmL0eBqTUQDEVo28Bkhbnc3jHguXCOyBAv5VrQ1tg+u9EMDVg5bYbT1GCnoYRBZA2r5bCHU3fPnAyUJ964sAjXwLrVPTGhgySd30cW2YV6Jlpg/+9QkCp0yW1Ekts/cl2dylh3gCD7w16+9l5v7B9SEbs80DVA5kdOK2+YAjZrNc0gQnhJJ6EwSzw/cVHIhcZ7n5yd9vfh6PnRyzby8VjfccCKqDC38es4DA7Sq6I23HPcXgjQhjvArhgFhuEbOGKnqyVq+r1G3O6EosZk+SS3d2ruMpNi6/TQOCj5yqRVr01qyQ3X2UCn8xA00uXTZ4JUUpukldHIRcaZhYxdyp0DZMIG1ELkp/5jngZdtHp157TMoSSGS3MqIfoDBYXUIuIc6S4sEEk8jNm6t2Fb4FXfo1hp40UeVhDeaaTpIamk4LGNF0mG2N4G1c3vmP3oS5AZSa4Zq0lTI6eAl9LD1cYqNHYESNt4tPcVnriclqN0Z6MLciDIuKCGanZX0tnvD8jHaTpRUaLdyx4s9uCCrbAiBxUY6eS0BisoS+UFI0yJtJw44R+lnI2cllPK2c4ondyeCL9TKA4sYwmO5BTmskoylrtdR2ErFctlVQEnhpanQppgU4HhrYjQmhsUmhChVcmiSTqtYorFVJalXKCAQEkhsRaj6A0zYAGraT5nWYKLsL2NWidXfiCpsPMmF3VjrvyPggrpwrC80NmY9AGq3/Gy5IPPoGsHaORgkHBO3dQtuYGADypM26Yk5D6IdXuS8TOzyoFizvtlorupFVQ3xGE8+4DZBRrG3J7yXvIHE+tEDK26KCKovTuiez0gvdnr0H9vJZubNJ3f3iDgrXKtwTu1uTaYdfED1XPypGZqTmsNDcKhcfaUixlTEOixA24nunD3k5F2Ayh6RMICClZJAU1JGSrGYPLjZjmQOuuLGw79dfy3k9MvZk86O7WrCZWfEr2lA/Ng7+hrvhYBfbZm5QOqVqpT6Bzoy/ALJ2t3q9m1eCXSbLxILY+zLzudPzGk36ISdNQu+HYcxxxrQw2zChctqarGX6ckD0C2LYgpm9/Y3YqzJDHXt7XMBunCySkgCYGAo5u6lspov0cWJyCLw9AoupTNDJiT9IJQGDb6qKjrTe0udLyij+F2ApawM/LaHY487sRitGTOaAMEJd4+v+rqa2Hdy6SbwPtHugCradBS5BRKmKhAyj86CeMWRrZCWrdCBDiGGV44hcyvkhqfBdeWTAtQoDGBDORmRlU+Z0U8LVYg4aEHvGJGcXbjhfbxFe7NuI/KC1aTg1dk/+Xrw+evD/axMufJm+9e7/+3vxwcHv2PC5Y3dgH4iZi51W1Qc1X43UHmHj3Yd39EtiBVRXQDEsq0sWqGNrKuWeFfwH+1yv96sJ/Z/zsghTZ/PcwOssPsUNfmrweHT9vVEmRjrKy2Sd7ppljFPs9SASVapay2lqMlM3IS3b7gWyMnfdZ9b99oEcQHHWt0KBwDhYynlJeNYoMMMYy4FmNcnyGGcddnjE1fMN1w/dzti+AFH9o3NANAoRHkez5g52KpnZbRtxq8lbNES67ssZdtjhVd71618Yd1oI4S0XJqFtQ35x0O80bKQj56sdTQgH1uTF3sYNVt6OfeTFxZPjewi7G2129sXm//9+SaKcHKEXnHcyXt/Ltuibv+cO8eNwW37+709xHfbm2j4vr6Sie8dRW3nZaSDvrJPnJ9TWAEuGUUl4pjlE53/dqBSLQsgdJ0EsH7o2ZO2Yclg7rtTBMo88+Z6lYnDbBfCamqNShx5SK234ORl//GChj2jgWNgh0eLFZhEfv2SB7s73evCKi0zwXWunEJyEvZwNFrq8qOEICiMKtAJwDptr3DDrGg2EFMM8sERFwGYs0592lZ+j7jHeVHs1+bRHV6uAJBF25gX2typQDLAgz+UQhxQPi9SQGUat0zW47AakOv25lQ7BPNDZGqYMrlszkJJ7FfOutlmRSLihaXoOH2kHXDkuprD1LiB4Pw0TcVJmgfH5rnzn5q5K3mpZ9CxpO3wcUR08yoJOQOn/L6srcG0yTixxIpxCtkznjS1F4bSFwgYSPAueVm5cw3wxCaa5OGijjCdBsT7JHa8tfB7ETH2cN6JsyiGeq8jks5yzT8nvnfs1wW9l514qr/Osb1ccSFwb76Pt4DHRVuihbe43a0hGNfoiqezLPTi52sLVm4NwrJUEp0VA1NO+RChBkxmKuiSxKjtKLVVNboeFq9XIhk7Cy4fw28aNO0oWuVB7vd/oHGlTstIM71ltpAWoLTjUV7sKKvMILYc7rB/hLbiVSfJIiHss3tJdkDERmH3eFoFZSJ797B3NbSS8VosXSUVLApbUrjCT2ahpNbEg+gJw5s2rHgOj0rx1H+C5P6EFnItqP2+EsBru+zUzf51ptGyZrtHVfaMFXQaitJ2KGTiWI36I33j19cbu1gMCX54YfXVRWZCaelf2p3/9nr/f2tnQ4b7QepPJByx5BcQOJ1VoUGw3fCWs5R6KU3ElqvhLLjuN/2RagmYvVwgNrDPOXOEOACUL7zn2+JPzmGt7rBCpDs1jPIQByIJhPLhdueKxdPYX8FR56PArBju2rPfnkWqJA775g81VrmuHcg5YNWiGx3FEI0/Gcqij2LO162YtKcsX7kUrdqJYsmxzsZpjzzujF5Fy0T/+u7s3f/2z0LgW9uRNe8R+9k+LJTrrwm0y+7TiE2326rfbyzHk81gcWEcJ37dQICx9DvYIPbbyExiFeoJwColpH5odvVHZzOIFydh7iVGn1JRtH82mtzWg9ZrQfdm/cDGdAP4wAN2jnWhTLWXG+/34Fxze4B90EqNUbxSWPQqlUxQzFbGkIshtGMv4VaEzCMM2Si+7Kp4bIaV3aqsfMNWuHGCjBjWMU4MZCiwxN92fZQmyi62EdHRHMrzbrhQJwVEW4v21kwus48KJK5oXsNK3Cu6HUSAOrp/p0CzqEy16agDNW6QnRs4KKu6n0Pxr25rNgeLT3ugmPHAtUP534wWOH8hEl6YNVO4A8lgjeWmX6ueEXV0hUSs5f692enO7fu6/bB/v5Bp+x14JGbhjC1ogxC19/LOdXzrCqebQi+d6fPcIr+pHpODzY068UPxwe3THv47PnmJj589vyWqZ+5wrYbmfrZweHA1FxsLlrqzI4d1Twfto6MRYS/vTjVPSuHz54/ffm0U8N6c9C+s8Amx8OCKHNDy7gCOhhPvb3//Gi/A+bvvIIHbuBwdVJw6/Ap72poX6g2ocON1bBCIoLnxqPgyDRpPckeynzWcZdZy4XYmHEbxXQ7wTZEtKjBmu59HlhTsynv/3dNWcL4qZB020W7twpxmv92T2PigFBqB7FUD81WEpnugyiXRLGS3VBLgFYThxheSKkDSWvLfhxI2D14/rTTYcVQNWPmaoNIvYQZEK1Ws9TLquTiWn+xlA3AJQQAPLFoGdlzAMqkg2Snt8NB8wvlIjdaTgd0bSuv/Ajyioo+giTF58lFR5jBs7NapEl6MqAKiCr79+7jLRr790ymeWA5VWqZNs2lMSDCN65I+wNTL2m2rdwYpBF7XbRU/5A6r3hw8hqWzyEyJTq2LGRn50mKAIYDql3d1FZPKe6THvb1tPf56lv7fIVtfb6ylj5ffTufTVZQemzl8/mtfL7GNj5fQQufvjru76/wxeob7DKUE09SHgf8XPCMy1e2j3iZyi9RdoMg17lX/n3rw3/VReG/dCX4XjCyo88f/Oc7UnLnGFcM5BkpMjqj4XdazqTiZl6FlEyunA87cXewskBO5TJ6q0pC9ak58/kF706fjcDOsgN0XivmuHVGjovCgzEN3gnsg++GmCxJKRdM5VR7BbMNHDJjCyC6kqBYFsaOaFZTRY0MBbOpxqpFteLUMPJEC3qNnvURwfiYOX169ezg8D41ub+0RezLG8P+GDvYlzSBhfMkdSvH/Qf/+VYXo++/3nIxYjBaaU9E3RjMp8ZG/uHwvDm5wATib/0hGHR2czMfcMnBpDL2gW9XsPDJ6KBqgkIzmEWd5k/btQJGQ8K0G3FOVbGgio3IDVemoaXv869H5BQaQifN1rH40t+bCXRZg2CLgt2rjbLK59ywPIm/fNC+DZ3AvtZ8PYng08vnV8/bNovH5qyPzVnvD9K6mtxjc9ZHje6xOeuXaM5q788NQbL9gxvb80y45NME2FjRIsTrLXzg6NhDNgZp2p5fVyHZqyJw9bs7+A4t6WHW41QklHPSAI9jHfDo029ouaBL7fohjSB01cW9Bk3XdbmAKGyXJM7EDVdSVJ0cA79/UM+7UaCbND5paDxh1GCDhS4WPq/xLkhAvB5uGreZhrk/uK0cnnNT9Pn+VtpMSngiVSYUmVDij4J/8hHtjklCUtKvDS3BIRnGTJR6X5cIYoxdzfpQzgUaVLlwdCh5XLCcF1ClzcquQEaRsUOJ0s7GS51NacXLTYXGfLggOD554r0CihVzakakYBNOxYhMFWMTXYzIAtNC+g4efLIHd1Nuqh9iT+bFnWi7bX0JRF9eblgEpbnFwTv5C71h3RUkuS1fYA04WwAbdC5FFy7Mvwf5UXaU7e8eHBzuukI5Xeg3KNCswH/qHXfLWIXwf3Sh9WaoLwWxn8/RvZWNpB6RZtII09xG61QteI/WB0t8bg74dWnkYD87OMraxXw3FSh96XLCO+z3O6nISSmbImT3aRQ1kwQ4d/OjVxnKeY/NYVaxgjfVGNIebqq0ejvkMieyblDWW5UDMRkOTG+t7mnhrg4jDt3ZnbaL9ZohL6tCEC5CfyIndYTAbN8JM922p4fP2tM/ts99bJ/72D73q/SUPLbPfWyf++/cPnduTMtj/MPl5Tl8Xu1B+M774UIQk30pJONlvsw1GTeqHPu0OIY5xyZZtQVSlbEjJPTDWN937F+YyGKZQdjf/W5wn2ibvtpGbhpS2AGTwKxd9L58+WI1iC4IdkNn+NIptLgZt0L5AytLSRZSlcUwtBvA5aU0tGwHaXYx+sQCC4cdOwEOiOcHR0+HEVwxM5ebuke2WyjFqTqpxkjkmIAOFZgnLM2sNzJ4hbHkpi+ln5EL5kqSybypfJh2GNu3LN4683nTVk94c3Ix1BqKmRGpoRxz3ZhBNCk2ZUptLEr5oxs+1g9JMdfbTct79Ou9vUkpZ2kvp70O7K5X35c+565TyZoHPQXyy5702+BcfdQ9vF/6rDtoP++wO6C1oabR6/aruVdthTZOcaJhn8HRftvRulkjAcC1yupyAEaAGF05S2/0t+7jLSEBpz1vfUhUL+VsZllOxfI5FVxXTs6AL0M1nSRuGUpfxQgBKHYTXEZ3Rgn0pnPjhsKvkMLqk47D/GlhuZZygjUPwkRYAcKPCTbbtDTCt+PWQvxbaUW7Xi2NzgqFNLAIVqTjfxsq200aQxR1ZgtfeeHbsWvygfaMNycX7ebl60hDQHAbkDC3P/iiOhaRwXfpNmtVeSzdr8XkLUQanI5hKAXF1RrLMEJJC3t1hBFd4mnofz2TLJbwgEHQiJTW/S0k02J724Sir1KwaGLyFTPqxqT7GajJ0n2o6AEppaEaU1pPZKdXHrtV0XBBlRiPyJgpZf/h8J+o1dByoM5GbEaTHOZZ975+kH297JSmwokIFxqKgwlC67p0pcKzUJOo0Q2QeVqFIx0FW3mg/wP7MTgBKMwwwl4KWGjAt+ofNN5LNctYSbXhOVa8yyZSGm0UrbO/+b9ayML6Txmk9ySNWW/tV4f9YVdhyI7SKUcUEtpc24iE3MER4eoLu57EneJeyZHpXieHK5eyQcNDlwoeaHFJJr0rzQ6MsVsOzb4wmDUWtjf7hd7QQcQ0YqA3xebw4qZzBQTmsuih4o79tadhYCGbqVnpj6tJ67Vb2HwNS9otPgwCZfJE2FjXQl/XJTcYFmhIA+XkgzGkpqrVK+AM/bGKxl5dYzesNwcg8lLPLRVJsXnXjLRHXW6UtMZip8SiW+yotyBfli+MOac3LNTTgTphmJma+2ZjmCSFHgsmcgmuR6mIYAvgC5ooVsmb9BBIkpeMCqh31Qb595YAJVq6Cp/2Wpsw378z7pP3zKXdVT+/EiiEBYEr490ySJQh1BUuwjWOHhaWcV/hh6shsu6dPXfVhlod7VJ6PBUrICTUXt0VNylHuuHUDZP5Ej6aMfLxuxNNnh0dHtmtfHrw/CgbWFo2pTmU6s82oWNsJyv0Zdz8hD3ZqutICOs7TkuNxVVZGrLLGg1XP6fCX3mhgtt+GNK+e/i0TxyHT2/F0YbvJ1/din0yuxMKvbjWRVZnHUDUL4bW4ms2PvhWd7Z5RW3Iz99iFofkmrwk30bk/PcgqWZt3hNrJkIzW+Dv7FONFZPA8u9YsqOeQCgw88Grg4Fc6afPhtDaqjV3P9zeeWK6hQ/vPjFDBfZcXT2L48gwUlUlJpl0J46cBrDUKe4HRf1GqVZi1Yoe8O5kzuRgIb5bQQ+1Ab2SQ2P3l3Z5QHsb3FYesFsoca2agIM8IWz4JuNtvwZiaBfJDKOuRQRQTXwFBSRK7R+4+QkUvX33/VFD0B8WhEtNTu+Tr+7I7PLl5NrpKBj2UVWN8M2qoCIC9H9C0ZHG3BeCQllSls6lk+iWNcc98VnJK370TvONbqG8UAL6HukjUcve1HE5Rk0Gy/RDyYF0VmeHqZU0Mpdlu8sRVRNuFFU8IRysMexKJkIrSY0ycgUVpl2pvhEIpLTU0Hi/XKIiEB/W18s6Mcnw/NeRvbnYRMrrETELK8spB8wibWZkNY/YYSop+XXDRJE0YoLKEABLrJdgb6Ei1EeIFWThSO0VTBtydo6lIvSIQJnwEUnGXHDlK2N+hf4fyqsWaQ2Y9tepO7zSrL+Ndn2054PEDd4e2JGJtOcG4j6g716Lz45ddV5405WxT3p/hu99354RGfvD6n5CUYXHndBNNXAjPe+0c0MOYpZXGwsx2T7GeAlo0YrmYAE5IH5x5Owc01EdNSWdzlMbmj9+Mamizf+iBY4SI2W5S2dCamNvPkNFQVWRtt8Lw05LuUg34y2jSmD9cGqC/23GzbyZgOfNEgh0ZdsLyNvlxa69ZAaEvtfzD/9dvz/64b+/+/7Zu3/uvZyfqX+c/5of/es/f9v/a2srAmlswNqxdeoH97e/Z9dG0emU59nP4mPSvStq169/FuTngJyfybeEi4lsRPGzIORbIhuTfIJOw4KW+MlSUPzUCCDcn8XP4qc5E+mYFa3rpJk3MB28vJwyk3Rmcf2FR+FCSuwc6ZiBc9lhtjWBtCq7+BvOFhnCsGJijxqpSM0Ur5hhCgFpAb0eTBGQFgT2XxB53GTpyGHSbKtvIQNst+hmKtWCqoIVV78nR+Ls3EcGxlLM7rgmPzl7Wa3kp4HWU68Os4PsIGtbaTkV9ArVqQ0xmLPj98fk3HOH96i5PfEnd7FYZBaGTKrZHl7M0Clzz/OTXQSu/0X2aW6qMqkTfeH4CNxXvjOIf0s7/kNLaC8AHAwknvfMfFfKBXZLg79cWFAYt5Qz7xBoXFzQ0Jp6CH/eQvSmY+9QOJosXSMNaMwv/e2rY6adv5e60H4PoSE/8SlvgY3NsO9xCQ9duG6Qz7py3bsDl278ZeDa9T9G+cxdwMMX72HbE+6pZgO8fvvtC69dxDsTvEeEfcrgRhuREijqF5pbSTK4iIOE+/VJbiEIL0Txe6g3gcILKEChAy0nTAyldghKprHWOSN/x3nSY0hCD4yA4ZIuLXNqinpETF6PCK9vnu/yvKpHhJk82/n6MG/yDuI3lD5xhpfOh4szKNVZ4iW6SNMcPFm/tVjMLO6OEIOJllRrlo9IzStA6NeHTgt0YhpwzRhUahv4kH53W5kKEV7vl8OvWc5p6Sl4FGoAYrpeT6XGItkhiKRghuVm5MdHjzQGltw54m77fnPCleWuWEJet0v4hUSW4Or21SlwUCpyhimGbqmdsv5STPmsUfGak0Q1Yn0EhI5TSXexdrUMb6vSI7JgE5B+uFXfuTCqgTQkRBeXYq9WsF4Y1ydSeoEyiozfeLoRWio3bApSMiP4dkqpNRka2mL1+PydQ43OEmOOJ43UmkOxyPoKY47vwAWDo1VQLP3RAqzjOnWgC+3DjJA2dJSeb8E3rCKapVxfAfLO+V1/bViDA5M3l2+h2IoU2GjIKX6u02IiuYdhQlkgxcD0Bz1yCmblAY8PiIx5c3JxDwvUY4GQxwIh9wfpsUDI+jh7LBDyWCDkT10gpFsfJNy+bWPI51loEgvMrcNvpqDFu+OTVdN/KQPE9kkMguyjIJHxvQEYHsQ2NejZSF074c2WI2fOynralGkCddQqpjGUK8hmQV6iGBjFShA7wpEWRKoZFfw311YgNT4ImcZ1QpATYwUrHOfBqC2Eq2RTQ1hVm+WAefkKTHEX37c24rFkxiDUjyUzHktm/D6I/48tmeH6zW0I1Mu5735nVnD4Doj6cH+/BZ9mitNys24Gb5VxkznB8K6uEw8VrOxqg3QwgzYpK7mCIaWy2z1VsmobcJWr5JXU6Q3uizjSsmY6G8rS8A4mNY5mtrG/BSFlo9DwTw3/wI0Ef8iyZJDYgXYO+1e0VQyEzfgxWyhtxSw8JFL/CwZej+AulhUVpiNNDp7fh0ml95uSMMQYEx9lCnjXGw27398RVZSO4w1ETCiez5GgwDLUKjEQQn1yWdVUeOnCikug8LSIsRP3k4YZ6dCd0opcEIBFlaJiBma+KS+NaxWKqfBemIIIcPA/tQsNBDDieu6TFPYHlNZoi4Xky4jQKX0EsSbeRi1SClfHReyUf3t1/A8XocOLi4wdJp1uE/71Sxn8KSXaP7k4+yeWZf9EguyfWIr96kXYNMrAp2w5LneefHUrc4v31WreBveTNrTEPCR0KPlZPXxnSS93X0t+YCj/2iiEYSKBJYdZ89/SUSGGNAztAMExnW8njgVdByFBPU8uoN9Xxv3hGpriyu9dwT2fs/xaN5s6QidueC8nxq12WwVX+w1TITeuH6vzcvL08FVBX7189ZQ9Pdp/9Sp/UbykxbN88ip/ddRWZ5LJN7Si07aFHYK62sQaIP9QMxGi/5WcKVqBnlFSMWvs2o0kk4aXBdHcvrGnWMnppGR7bDrlOY/OPhJdrW0RDNF5pXO5saZ9Z6KArREzMpeLdMGQHRd21HUNgSZwYNYfkVkpJ7Ts4QW/HlrI7+offmnPJ4TgDcLXxlzJcyb0xqyub3F4V6YhtptIIVMMEgeLdkEzQokOdbccTsFv40ZMpWIlK3JxfvoP4qd7a3VTiFoPQ9ZSaz4pWYzr03XxCWL63JB6b6evUR7XNJ+zMPBhtv+lhATPyZIpIuXI9v2/uV6Z59TMk/h/v2+8R1BpO9JGqz0g/b0TVpZU7c3k3kF2cJi9alcdun9P0ruTAT3aOq1Ku8z08PDpwRcURDxU7VnS2jKH2atvWuaynOmWTnWefHW7Zr6WuOGnGNarcyqibh2LFLoQidZ4mJTjhyO82Eso1gVEt1LEQd0b++lrKFY4NfaKMHSpfd9nnIpwo1k5JVQEfNtV1RyDjKCUI3BRHysNegqCG/2f68kms3VKNH1e/oJSdOlCfQFJVM0gCCx1676jSzJhznqBy6uVtCIMRPlwqPqZIL7Hq9zHXaJDDctdsluGP+2NFD4c7Gf2/w7aEcDsE8sbY6/eDaHieKJl2RjW6mnssRJnH2YpEy72/NrSZmeP/ef/nfvPb9Ip7Hiqs2qEo3ghK2a1HMsHUUhHqTXUANW84iVVfXGhS571bC3r4L1uuLMo+aTVbBP+wnTrXGFBLk2MbGO2vrOK6/1u3nADDNTd6VTeqXtzP8TNr1wFLAvGtl3eECDta18b2g0Av5+wPWexDb9HOAw6IBhtH+4fPN/df7Z7+PRy/+Xr/Wevnx5lL589/Vc7UsrMFaPFeiWb74WhSxiYnJ3evUEOho1WnQBgBg2KOPtuW9YGOWjTnAAm6WQv2G2F70dYwgZZQwjcoDpsPCZJnFCBBpUJi8nsr8OQSXgIoWSi5EKDT9BX/nFA+NsRAoat7Oh63ZSQPyP6dZkfsr6+X9C9SuwvpLrmYnYVypxvjHKYnyspqe6NEF6s7UC7N5cV26NW1/smrXYZA82dnP0x+epWOTsk6GkGnR5DO19XHMQKzDW/kbCtVMlGFFZO5gxq9vmFUUMDuYHrFB6A0KCBdvTa7gUXpKJiSeqS5limj0I8sq8LdpmC4IbG4m7g3UUfUjVC5xhkqnv5lJYlTuG7M0kX2wgyta6lKCJrcdWVBBk7LGaxsuOxVT1yxUxwBVsMxSg0pkdJeaqJNxDMobCud6KOnNFoFInAZ1aNSF5yqDzhH6WiCMk2aUKjL1tIoFpBAUs8O/eivpERel6PYzEHM7cKCSDNlWPH+K+zc2IUv+G0LJcjIiSpqDFg2ojGBm5gMqpYMSKTZUgCSad6TbNJlmfF+D6OxnqNAzUc/3dchoKSZ+ca91iKpDBj6svr55NcrJdN4p4bqDPhiMcVtA/5DLkUwmW+xFa/LiJfsRnFujyaaas061HyPNQMIBMecvOsCoipkblURdKMWCpyeXLuRsXouJjxgrDljN9EacqVVCQX/3zv0gKf6B33o9eVT84TWLAcKpYVDcmc3ZmcuR7LOrbw4bevnVMtNHWDA1dw+RqE5qbxcb+YGcZURbbCeFvYT3waVL0UCtEBXPvGWvCzU/19eHK/QodnJa5Hao6MTXemSNfhGNJFawIMcWySQikxmwQ7FPziCwGCbQFPui/WOjBYRG3sXhCHtKcXt3EXY76REgKBnODwe34JofW1K35huQEtLJevqDA898naLhSUfcrnVMyY42fRSuGjQY0kN9wul//GkgAHQXKmwDgTC23EEqt+jiktS8+rALcQj2rYTCpXecYVWNGGlyVhQjfKha2uKJVgETbliYk5aX5dLu9jMEFOvimBDMOIsBoPbky4OrBmn2cw1YTPGtnoconUnCYHEbKwaNFBn4OgJWrZ+IhQ3zkFu21A5zpp6SQj5J8Rs653YdpUAU+VoouY1o50P87cF64EY1uQFPZmiAVxigYzmtDWM7b3D3TtcA1pxiNSMHtlQUVE39NZiiSm2IodHSmQ6mztGLZVgqCLO3EVzGgJjr5ocKONkUJWstE+BAPwHr8OAHrvtkuoP754v+OaepTLaMDXhNF8HosmICrPoBIE6ycMHTw7eP6qu+ZWQMyXjoFpgfe9lLOSkbdv25kMD10n5m9QIAY69McSOy4OT7oqwXwo3+rgZdvxOdT96GG6piA0OH7b8PCYDfeYDXd/kB6z4dbH2WM23GM23Oaz4T4zGW27n43WS8Q6QbNAJ1KXnJ3fQE3hs/Ob51Eg7MhAXyyJbSiDTlCT/Q5FffvSqn5OGQKbfiq8YzGr98eXQSd2xTC5k5bimZWkVvyGGkZO3/0rLQrSPiugYZWSFmRCSypyOK1J8QCpiJKNPcQdJNt19ounPETd5ogAKHjy9aLg9xUeOncVhz5Hhus4U+6uYXM/R4pD+yoStzxIg5P6arO9M61aMeezOdMmmdTjCOcewULqmhUB5Gbihc6w5a1+NWiACcM5LXAqFdmaSpnNQILPclltWT1+K/nczRRt1YEvmGGqggu3Vizn2mo5LjoC9E6oyQk26mZS8pzoZjrln8KI8AxEJ73e28NH8Amr3exk5BKNiEaiyv6JV6FQ3GSJoXNLYuh13FVX0x9aBCwkKemElRpVYiEN2NCxzJhd++XbUx1iPLdymTXXQ/3PAjJaJGFkfQXb/wUogk2nDHugGlk7ycXt4RN2+fZ0Z4TeF6i35e1TLbCIQ/3ImwABRa4fQvK48+f0iKc7bxjW4jFiCKjnz002QDKrKCZuxHq0A9+3yOaxKfPvSxB6bMr82JR5cE8emzI/NmV+bMp8a1NmV7gcnkvcnP6rO5JffdnzrtPMpL9JBfmoVraPoe8FNdQBt6Ca5LIsoSnIHQmuUy4K11HKUydUfUWyDN0T/dz2SZ9Dtr5Ph9VzVjFFyw0W837j50jZk3TWIA/+Ez4F3Z994tronV6FlsJVXSyXBN1vmtBcSa2JYhB95Wrjj92AcPp8O4e+ZPKSHk2f7e9P29aNTRyn7T5r9l1bGyHQ240Qhy6PDiWYn18rrhOeI6cYCiJkwZyZrbXk6G0K4UpAMCDPFS1Dmkese6Xrp1mmwLi6NxW9ZppwE5MrUu4ZJVRLp0n1RjwYgvWoth1QYQ+Mlcl53pRUAbxhSIZ9qGLLjrZF0LlAOUZ+CIbOK+1KcKbFultgQCsu2UJ7u6Glw43LMJfOITu27zmWbjk8fLTYdzVe+/RWPH3BnrHJlO1T9jw/evXisJiwV9P9gxdH9OD50xeTycvDoxfTu8ozPwxFplewJ7ZYEcJxp4GiEK3CBwmVhpMJdyWEzYTK1qVc4PYX3KrtkyatYu3bWiBWVQMhKuHisVjV7esZFXkfOaANFfZtsBDFEyKCcbrdPQ/sK1TDCt6kHTDbp8jf1E3sgudMM402LDZLiKri3xg1emgQ1LgKNqVNaaD5QB3C1sKjdiNjSWgXYwXlnoSr8+TIlQ3QVauT525a0DIQkSw22usyUBMNJAFTdvhMQglmIZEXtaph+Zc9V/QSq/0NjqmRqUgUwiyhYESGNUumUrFRsgl+6YEtRr/BxAs2YVB3nQTIfACYH209Wuqw5ASEPkV1ABA+3R6MAe6ZNqE6GsygGSTVLO3UEk6y69IbxoWWjM4LmbPa4OLCbAgxoNgLVw5I5kqd+Ig93W7KiJ2RZg3X87Br8VDCkbb3BbZtjFe9u+ektqCSVNJ1LaEcXgTT3tIbWEIcvsOF2lQTGYynnh2yi1wh4NgtqqICw6s0GxAT/Hy7++5/nfQZnQRcPqgHFCN/cfzOWv+Y8kH3uifgxYRqLLWgHjogz7bkhHBDJ4K5X0kyyRu/QWdTHCRW84VYoTZ03RO6gvWGuuHjFlcdaiid/t7ajs0V+Nn+L5/L396QEGDW0i36uxJ5MNQsl9eE2isJi+YwQ6Qol13d4iZOGbj7QIOg7DBL65NjHFpLzYrf3KJl4VN3RyUmbdCpc8nstUXC9khJ+OEdgYep2+nereK/YHicC/R7DI97DI97DI+7JTwOz4nbprRNSw+HXyxGzveZfIyRe4yRe4yRe4yRe4yRe4yRWxkjh93G/mwxcg5qsskYOXe13xEbRksXUBVPrQxhY4PxYUmqFDGKggIkZl99vNxKdGS/Ex9fYbzc+kLdFwyaG6D5PzxoLhU1H4PmHoPmHoPmHoPmHoPmHoPmHoPmHoPmHoPmHoPm1gqag8JMiFfnzLmM39zizPkOfS+WTkqqNZ8u066utGTK/pnnEit+2HvXzUUM/SSFrLypJVShnjPyjhvFyPHl5X87+TuZKlox7BvuHm0F0kHdA6lgnW1A3OxYqjLUSeHKicxOh3Rjnp1ejMj777/7yXVb9s55Skguq8ryCAcvmv1xEZmhueF59i2A4QsFuSFzWpvGee2t4O6kJF/mIbSARnQ4DW6LVzXNzdZOexqWz4HUsm+94hJXH+oT+QnRZXLNBWgBIOjQfG75OOh5kyXx5icDXkRPfjDXCDYpz2VVl1xj0MxM0tLDx0QBVkNSMGFPqFVL0WW4tXMPN1rY1S/ASh2Gw5TBWT1tFBR3cVvCf0Nzp6eglgSIOw2/h90IIX7Map0QtgbbZe/GMJkbrd1UmXiB1wVDFBhBBL2CQ1V7PSLMSsdgA6CGcDGzyp/hFbZdVswoqWsUO8sEXDqb4QJ9SZTO8X93dvnxjTtfbc0FyXljV7ElaY66KaLTEyTQo8feP12tJl8KJ2UHYZHvqFH8E7nEccIOOtNuUostI098d3v9em+PGkPz66yyY0KVaIRE710e7+8f7e+FCXa6WMMHhvD1hUSCEKixPu4iulKW+uVxh1xtCHdQ04iJfHPlCBkJc5BGlX9SDN5rhIDjcG98iSMd2GIbr7jPw6c6rPfB8eqB0XuXB0evXt12ru3vK9C2wZPdirT9k6JutTCwAp9/zGlfG7utG39DB3597N5rjIBrRXNvvfKifPLValn+NEZu+0GGEwGooOXyN0ZqpkA5ExCepmQzm8vG62aUVDxXMqStJG1bQBi3Copg5IazRRa78wax021TAjhJZHiimF280WQ3egx8eb8Fm/jffXzSVElhdpkoOgGHu3Y5vzZMcaZJRYuwjqjhTWh+nb6p1++KY6HfIONdnXGCE0fl+xi/QXB1XJvT1NCkGisTuqBerC5NjJwxKySD5TcMGc0+aATwCJ9TUZS4eUk0r2Fq17ncWILJnk30aDJ9dTh9+uzFi8nTo4I+p09z9urwVbHP9tnRi6fPu+gNtRT/GCSH6Tuo9t97g7r32oRAA9ALKkZ1o5zfDTTNkC1jdeEwJLa0cvgFBdrVbuihb39/uv/8BaX7E/pq/3DyIuEKjSpTjvDjx7d3cIMfP771OqaP19ZNDY5I7MVgpzRgboBcHlraVzTWa3VPhmKsc0YmilEs7CsXwpKEJDqfM6vJeNdVTc3cvS/JfdpPbdY8euqiJZ05RZWxY9bWYrHIXJRwlsutdvIA1JTG8H0K+KzoEi8nV2Ly7Nyuds+i0OIVba/lMjaMo12XCrpgIDEB2pNr54NJggowvHkmvet07MIqXWRmj2jaS2jhFXC4weYp4MByHc19izJg19wyJz955PBS8RkXtPSnIaClUWUnNL0zBNcY+AwVnaf2QsMExBH0UJPGskK1BHlhDuet/X5n8JJRsGbVTHFZkKrRBgaZMNdkkRUDfjL0c8HDE0a2ajHbiklo9vWtzH7X36Ha3YCJ6WRWRe/+w5dMl8okEegWKXRqXEvh8V/GCf0bWW91kDP+yxiTxdo+RA90x1S7wTaYZ1N0w1i2BHYyXtlj5mxlUI3VytPhEC2TGGVsLxvWxQUZWxqz441HZDGHGxEPocvk0lCgWGijGrjk7KHGcrNeCGkHaKehBAMiX/tUvj46erqHaQj/8etfW2kJfzGybmHUH5LNXYiVLCBNLZ5HIBEdipiH1fZDm5IcThFCnyspuJGKixmeFFcnvAhMc8LskXSbOcJkKKrT7aE5lLUv5cwF3NlX7amHBkS/NBAz4TYEq1dTuG+6zuiwm8GoGl4Lw1KQiBdUB0BHrftwMBP5szbWjrbi59ae11TrZCcfvskVDt+RvjtNRzbcq6w9d8KDHIK2OuBsICQrDQXqwXF09LTffePoaQsoKBi/ycsUJnBEHIJLAV78Bdc2uIZU3tzqEFuPx/8H8Hj2CS+7eEOns0ACIAo+4XYX0r4LJzQxYGAL+gR2nyOP7ekpzDdpTHhqlEyGi8XrPIyIESOCsKo2ER4AHZ8cu7c72WutdFMyYWbBmGgZBcxCokzXucj+6DAwy4IfY8C+nhgwVG42RQQXMPpqngi3zVbn3kXr2Pj1oHyG8K64t9p692N0G3mMbvus6LYNB16ldSsSGSWFoGUE0Xe3Prn0oXHddNV+580QRYfiLfa/vaFB5nf6eDuF9bukLSe9wZh/Bhk/aZiJ/YYz7W5UH55DKok9IdCUyguvTnqDTegA5ARuuK11Yket7uGw/7cNTPwjYxL/ROGI/+6RiH+CIMQ/Ov7wMfTwztDDry7q8GsNOLRPXdGZN4klVzKJ365xMeMY/nqOxeNkxXyTat+JMYgEDrjLOVv6DtVzuSCWwQhwH3qvJdQcyWUF7fW8jltTZbXFJoDq9ct73KUsVI/6AifZzdbdEn4+91UVvkBL3hSgiLoeUBd0ShVvAbVhg+aPwm3oTbvwSiSugUT633hZ0r1n2T55gmj8H+Tk/EeHUvLhghwcXh2gNP+O5vaLf+yQ47ou2U9s8ndu9p7vP8sOsoNngZ08+fsPl+/ejvCd71l+LXeIKwWzd3CY7ZN3csJLtnfw7M3B0UuHp73n+0dZu++t1NmUVrzclJnpwwXB8ckTrwQoVsypGZGCTTgVIzJVjE10MSILLgq50Ds9BOKTPbg35wv4UDNFk8hKLwyBSAwq05xFAlCQlLyiiAJu5zv5C71h3RVcMyXYF1sDzhbARj8xXXh21IX8KDvK9ncPDg53oa8ez7vQb7J+yDD+vZ8zwf4qhP+jC60Xkb4UxH4+R/c5E0bqEWkmjTDNbbRO1YL3aH2wgNTmgF+XRg72s4MuR9ksqP/V57orrgbLBb/ZtZO8JhNMTaAin0uFH3cxTP+bIEv8DZ9pzfY/YdATb452kf0TiA53AfVeOQLhsnRdJWGBoLsNloQCeOdSm+QIDaGkBcsP7nm/dLfq1sgTCP7nFfstFkDCgWnJgwespmb+2hkWOg9XfKYozmdUw9qj41paw8rJLyz3Qi5+uLpzJf8z3GIBs7CPIE7PGgXodIW2BtbXQ1p/baEQ6zrLgkEHd6M/8ODW3To6FNSCiLHMlw1cd8cvORbA5NDcGd+1GoMj6ryUTRHp98R+9LYcqHtHXYnpAeS/c7+imJq3XtWEFoWPe4R6YlfwwJUf0vfWliql8Naq4YWsVtJSRNSSY4wC/rL76Xb6SKVA94o9Z654FKwYz/3A5LyiMzYwNa34Lp3kxcHh00EOE2c/syOQs9OgeiOe/FY42vwLObZkgsWMoShwOCWhyAYzNAsoASTfQWeDD99KZ8kcHsBYvPv2acKCwvP3nmmNo9OZa93zk8xW0XzOBbtKilvePpl7IUteWHcux9d5yc3yag1uevtb687qaHzdjeudr3Xnwco4a83RenRwfM+PCplfA606hnTqPw8cL/wNCpl2y1O63+y51nOpzBVeC6/JlJYQce1vcZxvNzCjFbdtAIsMaNvtV1pMxBe7jdgdRlaCsOFXBpG2YirLce4/G3C65EDdc9bOm+tN+vnTOS8q+Qu5/HD6wQo2C2IkqWhtmaxm/9GDpSVlkNslDbKan5PA0xGEzFOuvc8j3f6AnwYGORNTmVKruxagSLLnNQmB2u8HydPdG29OLtK8TB6qi7JcZ8uqzNxzmL9KXWqokGI3vtmxuMoQ5bia0ldvTcss6oeYSFkyKtZE7zRiBKzvcdv780qdTRpe9qfs72i4vbcOXp4e7L/aWg+cDxcEZkiNs8OAWA1+8BzcBos2ipl8vj4wfhb0q4hloMDrZgLVlqC0m6PDv6ffDYwbfw/CXltyi4OSlApv56rxpTs5awvo22mui/FaFsNs516HOcFALQs0Rw5O1Qzw8M+d6VwW5Mez0/5E9r+6pvnDLSqO2J+sU7//ASbzNqz+ZI5dfvu7GXPy81VF65qLmXt269s1T1ECsbtIKlr3QQbnC5z3rw/uBLZh4BWDkseamYfd4jjuio0uWF3KJcRdP+jEcdwVE0NF+2lTPviSk4FXTH2HHPS5E7ebJdxf6Pv98+K47oJxvDzeLufhi4Fx3Y/xXglK7dA9EMcm97oE2Kd1xU43Q8Y+sbwxdFLeJnq6Ff8iS3nN6S5tjCy4zuVNqpz8P/grOXW/LEn6HEk07zutJwNDpbewgyMMucoq6J7L0MTUtqLew6TmDaSumricBgASM+nwnPw28+yK6d7QfO7cmpgJE5zNrqyIC2VjHFIgQvmKooHIYujR1dQtmybBWNIKy+8GoyA41muqaMWg6ZIiE2aHgH1zlUkw4gm+sB8xJI8XAJpmN9BtrKbKaIxtPDsfedMSkDsvRhBMAO6cFkhUFIQb7RpODKHQJdnVShZNbu6PyEtX6xrPrhvGiolhbbdN+9nk0pp2WwfL/5Nk5p07phaFVJ83M76blvrG5Se0oJMmMsNw+FzFe8/+48e3ZG6VT+iCAdM5agVIbkN63qiOM6OtJq2Y9aeQCeTXh+05kMSdSkkbM2fCuAIwPkMkWH07bosT/3kNx8U9fRattbs+KsxklSyawIBvQW/qrMB3MLAQ3Im007Vt1R2Q+ipaE99l6nLAJnf6uqD6d2+BdsVkmODXWgsXhs2C+WmVG8T19cE64GhfAG6HCYNoZ+Da7RMXpOJlyTXLpei5SHw/lnbfkRUTH7drNDsbxkD3qHgMMfs+jIDpFBVd+oxGn/20mDMMURvoQgM1y8vlCsg73pUVoP8QO1PdA/iObybahRX7teGKFY6a8Mug6YctvgOflxAfnjeVP08ZOXZ9URhkh20VMt/qQBGFG27SAuq3l0EGavzEDfGXFW3JYQGp4NAtMp9PeZXkXd3JLiHWW3o+NE0iDqEvpIlJXN3p7K/3mQVGS3fTT+MLMPz/AQAA//+26yag" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mrqY3bpsJ/xVic3iTwCvk4/I2hxRpnNZukziIk/Zo0BK9y1oSFyLlzfbXF5wZfq0ordZxgF4MeEXOQw6HM+RwOLQsrSjZEvTiJLHXbqzKh5sXMzn8Y70msJH/yMl2Jx6PsHV+/PHP0yfB2NutsTTcyLv4zvyd6EA+eXsr2xWc6S3eq+3ihC0+iEr2zQKleXEmV+sFDIHdprG7F3ZQvfr0FEESIDGOW1y4eJcIywBUoPWyeEYxWzu4DEAvm0czCyiEwskYxe9K2xJSM7VtIaNgxRre8hXer/v1/PPll+KiW52w87Ys2GP4wSpP9vVyidfnWwX5om5ktNXqVrz1ify3a2WVgdTumoxRbC3qDej93oiOaVGCcNqVLegJu/raqDZ+PEDwRjNedkrjwnmruroaEdH2ripaqU2xUnfgs1iSKgJxHSoDdJPNE1Uakh+4uvCjnl1hQLiT5R4oCmcE3cMAXTgUY9aWqk4aGgjWiRXHl8kiFXA/Dg4W8Ram9NBZLi4tQ16xa3xojbflWnX477J0W2byR/6CZRLOvAbab100ND1Udg3PXdEDYS5eBqZSXdM9CjsY4ITLeQ/Rb+pyZE4MX9KWM5dTk0aIvK8J5Wt4zEw24h93ouoI81r6CxgbbtavyOW5V7iRK9ySv2Km60VKHfuSkFVxYgH85+pgT14HPeA4CysusAKrvgN2IliufwOmDftmeRuXm+wWEM2OxpBwdugmqVsGa7iIXchWGx62jwf5BKlnsS5zdZmsnFCXteqrIL9v7b/OjHR2kvKKG54X6Q/0FdcCZVIV9pshWQOvqisocOVI2pKl0Br3Gk7Ck15DhWLTKSsRIXAqXP3DL8tv0/IRH9ZTFTvPfoMwXuwxbncy4LLhK5GB5o1c8uuyev7iZVYbBvRzS4Gdn/ptNPLJDQXJ5iP2xooJFFJ1Fc8S1yDLuMKzBJh8QM6yhSflLMJwDQxb7GkY3yFf/mikGVNnD2vu/InQGl6uZStAwcwCowpFVGEuVrwruJqhTadrzUUlGZ87cIP5NRenE6uw6J3GSIpm6Tt9VKnyFmSVFNKp+z8zvfAb04Yba1brGjMogDbCb3Ze67XqzBWahbAuclYc8ZZeGY1YW98sljncS6skSgRNU/ymbp5ZEcPyVbJMG4GyGud4NNB00YQ6EnWv5jzQ+8PRJR72iH25OL2wC5utXZ03HNJXavHzoC3JKoNNrzTYuD5nXqdjEwonudaeB7k9w/8yRM7bGxVLK5kFW505XRMJqP09K55kN969vYzfmZWtW/SIUhe7hvIKP6IjXE4v3dqtT6i5F4SrfPKAcUkfH5okUjaf9PYQe28CR+CgKAz7EFfp4rqX9RByOKLeei+e///0+bOfFvOac3HJACF2m+cbUqpKZOfBVFu06YQp1/Mb41Aw1L7deQm87a9F1woD5xgkh3/Ev2Xohu9+sZeu3AJRFkvhtFYNlQ5q1qTR0zK3z/GNqvJq56jJHHFgozBV/nBwLVSf0eH3RfqkKvb1/HQIZP/qDS8frlOB4hBMVQOV/51gLm5vCEbq8ul3K+bo81XDNxvZrqjs4unMWRS1mAxJwzfDJkM8Pp6G/efaHbUt3/hOQEp9LczDDnGgOzLQldjUagfpTB4UONAdAbYLQXHT1w/e5YjwCPSBddB9gT3Zg7D5Rd/34yJdMjCky4N1+eR/yNClj8Gu+E1tzg4E2uwoIyC+zV12EkIhvomyN9FpJsssPanHf6ta3Uq+5L1RldRwUBG6/zt+Zaf0ZcficizaeR/0nmRIxVaY2uFJjnkFqVyBLqb0XOIIl5oL1KRwDHXjGxCFa+Yx5ZQreQTuHS/XdPsEE0z54BB6CohuUgsJ2X78i/z0EIs2vDP9JvFpMkxl0GBcincKGkqgyRthbMc6OquCcYPH/QXmocAf7L8nFPwATQMPN6/hKrlGp/f5pxPnWgJxl9UJ3C+Dw6ukSeDqNho4k2ch5a7bdKrqS3M8IyGaz89dImOXib5vU7D3FpcE9n/aRyA/jpCfHICOAh+ORMa6jtWh+5EsaNb1bYtPmuTb4VIAHo3+9fN7SsJstyoAR9IKLZlietl3898GCah/+aRXrn9brr2I05aS92YtWuNjOjFBkff67h1b+Mi/GQcXR55ZJH2noxhhikZVfZ2NnUzZGx9WYB0Ma8KIYsjGGq7Xj9mA+KwiAT7k6qLGRjZ9blNd3YnWjoBh3rykLxBs4N1PY8cg9Kw02BTyL4C2wzx8PlYRx0m2rJF1LbUoVTs4IqErgwVdX58GfkO5FV3X0YeB+bp8pmZZimga7j3dQnHUfOcSBbrkW1t8w01gp1DMneOkViWv691Iy/dOV0aafqa0ScdtTuP3zmaCX5gCPyqSJvzR7/T9EB/gJwQPUyQC2gr2pt7ynYYEjUaxRaXKxX6/IS67KlwmwasoM9dBjQbZQFQa/k0ErSk2Ic3XPpz9egwKUIsZ7mBc6uF/AwAA//+4GFeI" } diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc index c7f7337ce57e..ea6257cf106e 100644 --- a/packetbeat/docs/fields.asciidoc +++ b/packetbeat/docs/fields.asciidoc @@ -2285,6 +2285,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -2325,6 +2332,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -2555,6 +2569,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -2613,6 +2634,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -2797,6 +2825,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -3027,6 +3062,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -3085,6 +3127,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -3197,7 +3246,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -3364,6 +3413,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -3397,12 +3453,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -3428,6 +3485,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -3486,15 +3545,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -3525,8 +3598,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -3614,8 +3687,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -3638,6 +3712,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -3672,7 +3758,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -3680,6 +3766,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -3805,7 +3903,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -3813,6 +3911,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -3834,6 +3939,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -4048,6 +4160,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -4209,6 +4333,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -4231,6 +4362,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -4304,6 +4442,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -4362,6 +4507,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -4392,6 +4544,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -4452,6 +4611,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -4944,6 +5110,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -4966,6 +5139,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -5065,6 +5245,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -5093,6 +5280,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -5115,6 +5309,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -5154,6 +5355,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -5230,6 +5443,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -5243,6 +5467,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -5264,12 +5500,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -5284,6 +5551,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -5332,64 +5618,281 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword -example: 2016-05-23T08:05:34.853Z +example: /usr/bin/ssh -l user 10.0.0.16 -- -*`process.thread.id`*:: +*`process.parent.command_line.text`*:: + -- -Thread ID. - -type: long +type: text -example: 4242 +-- -format: string +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string -- @@ -5414,6 +5917,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -5436,42 +5946,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword + +example: ["C:\rta\red_ttp\bin\myapp.exe"] + +-- + +*`registry.data.type`*:: ++ +-- +Standard registry type for encoding contents + +type: keyword + +example: REG_SZ + +-- + +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. -*`server.address`*:: + +*`source.address`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. type: keyword -- -*`server.as.number`*:: +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -5482,7 +6629,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -5493,10 +6640,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -5506,16 +6660,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -5526,7 +6680,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -5537,7 +6691,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -5548,7 +6702,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -5559,7 +6713,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -5570,7 +6724,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -5583,7 +6737,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -5594,7 +6748,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -5605,39 +6759,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -5646,10 +6800,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -5657,10 +6811,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -5668,10 +6822,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -5681,7 +6835,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -5693,7 +6847,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -5703,7 +6857,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -5712,7 +6866,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -5723,7 +6877,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -5733,7 +6894,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -5742,7 +6903,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -5751,7 +6912,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -5761,7 +6922,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -5770,7 +6931,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -5781,506 +6942,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC +example: endpoint denial of service -- -*`source.bytes`*:: +*`threat.technique.name.text`*:: + -- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +type: text -- -*`source.domain`*:: +*`threat.technique.reference`*:: + -- -Source domain. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.city_name`*:: -+ -- -City name. -type: keyword +[float] +=== tls -example: Montreal +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.continent_name`*:: +*`tls.cipher`*:: + -- -Name of the continent. +String indicating the cipher used during the current connection. type: keyword -example: North America +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_iso_code`*:: +*`tls.client.certificate`*:: + -- -Country ISO code. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: CA +example: MII... -- -*`source.geo.country_name`*:: +*`tls.client.certificate_chain`*:: + -- -Country name. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: ['MII...', 'MII...'] -- -*`source.geo.name`*:: +*`tls.client.hash.md5`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: boston-dc +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.sha1`*:: + -- -Region ISO code. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha256`*:: + -- -Region name. - -type: keyword - -example: Quebec - --- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. -*`source.ip`*:: -+ --- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. +type: keyword -type: ip +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -- -*`source.mac`*:: +*`tls.client.issuer`*:: + -- -MAC address of the source. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. type: keyword +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com + -- -*`source.nat.ip`*:: +*`tls.client.ja3`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: ip +type: keyword + +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.nat.port`*:: +*`tls.client.not_after`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -format: string +example: 2021-01-01T00:00:00.000Z -- -*`source.packets`*:: +*`tls.client.not_before`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -example: 12 +example: 1970-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.server_name`*:: + -- -Port of the source. +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. -type: long +type: keyword -format: string +example: www.elastic.co -- -*`source.registered_domain`*:: +*`tls.client.subject`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: google.com +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.top_level_domain`*:: +*`tls.client.supported_ciphers`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Array of ciphers offered by the client during the client hello. type: keyword -example: co.uk +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] -- -*`source.user.domain`*:: +*`tls.curve`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.email`*:: +*`tls.established`*:: + -- -User email address. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword +type: boolean -- -*`source.user.full_name`*:: +*`tls.next_protocol`*:: + -- -User's full name, if available. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword -example: Albert Einstein +example: http/1.1 -- -*`source.user.group.domain`*:: +*`tls.resumed`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.id`*:: +*`tls.server.certificate`*:: + -- -Unique identifier for the group on the system/platform. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.group.name`*:: +*`tls.server.certificate_chain`*:: + -- -Name of the group. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.hash`*:: +*`tls.server.hash.md5`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.id`*:: +*`tls.server.hash.sha1`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 9E393D93138888D288266C2D915214D1D1CCEB2A + -- -*`source.user.name`*:: +*`tls.server.hash.sha256`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -- -[float] -=== threat - -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). - - -*`threat.framework`*:: +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -6366,6 +7443,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -6379,6 +7463,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -6503,6 +7594,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -6561,6 +7659,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -6593,7 +7698,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -6601,6 +7706,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -6623,6 +7735,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -6645,6 +7764,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -6678,6 +7804,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-flows_event]] == Flow Event fields diff --git a/packetbeat/include/fields.go b/packetbeat/include/fields.go index f5b70a0b754b..e2740da68745 100644 --- a/packetbeat/include/fields.go +++ b/packetbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzsvWt3GzeyKPo9vwJXs9aRlUO1HpYd22fN2VcjOYnu+KGxlJ2ZOTlLBLtBElE30AHQopm77n+/C1V49YMSZYuOs49m7xWLZDdQKBQK9a6/kJ+PP7w7e/fD/0VOJRHSEFZwQ8ycazLlJSMFVyw35XJEuCELqsmMCaaoYQWZLImZM/L65ILUSv7KcjP65i9kQjUriBTw/Q1TmktBDrLDbD/75i/kvGRUM3LDNTdkbkytX+3tzbiZN5Msl9UeK6k2PN9juSZGEt3MZkwbks+pmDH4yg475awsdPbNN7vkmi1fEZbrbwgx3JTslX3gG0IKpnPFa8OlgK/I9+4d4t5+9Q0hu0TQir0i2/+34RXThlb19jeEEFKyG1a+IrlUDD4r9lvDFSteEaMa/Mosa/aKFNTgx9Z826fUsD07JlnMmQA0sRsmDJGKz7iw6Mu+gfcIubS45hoeKsJ77KNRNLdonipZxRFGdmKe07JcEsVqxTQThosZTORGjNMNbpiWjcpZmP9smryAv5E51URID21JAnpGSBo3tGwYAB2AqWXdlHYaN6ybbMqVNvB+ByzFcsZvIlQ1r1nJRYTrg8M57heZSkVoWeIIOsN9Yh9pVdtN3z7cP3i+u/9s9/Dp5f6LV/vPXj09yl48e/rv7WSbSzphpR7cYNxNObFUDF/gn1f4/TVbLqQqBjb6pNFGVvaBPcRJTbnSYQ0nVJAJI409EkYSWhSkYoYSLqZSVdQOYr93ayIXc9mUBRzDXApDuSCCabt1CA6Qr/3fcVniHmhCFSPaSIsoqj2kAYDXHkHjQubXTI0JFQUZX7/QY4eODibde7SuS55TXOVUyt0JVe4nJm5e2QNfNLn9OcFvxbSmM3YLgg37aAaw+L1UpJQzhwcgBzeW23yHDfzJPul+HhFZG17x3wPZWTK54WxhjwQXhMLT9gumAlLsdNqoJjeNRVspZ5osuJnLxhAqItW3YBgRaeZMOe5BctzZXIqcGiYSwjfSAlERSuZNRcWuYrSgk5IR3VQVVUsikwOXnsKqKQ2vy7B2TdhHru2Jn7NlnLCacMEKwoWRRIrwdPdE/MjKUpKfpSqLZIsMnd12AFJC5zMhFbuiE3nDXpGD/cOj/s694drY9bj3dKB0Q2eE0XzuV9k+rP9rK9LP1ohsMXFzuPW/06NKZ0wgpTiufhy+mCnZ1K/I4QAdXc4Zvhl2yZ0ix1spoRO7ycgFp2ZhD4/ln8beb1NP+2JpcU7tISxLe+xGpGAG/5CKyIlm6sZuD5KrtGQ2l3anpCKGXjNNKkZ1o1hlH3DDhse6h1MTLvKyKRj5G6OWDcBaNanoktBSS6IaYd928yqdwYUGC82+dUt1Q+q55ZETFtkxULaFn/JSe9pDJKlGCHtOJCLIwpasz5/3xZyplHnPaV0zS4F2sXBSw1KBsVsECEeNUymNkMbuuV/sK3KG0+VWEJBTXDScW3sQRxG+zJICcYLIhFGTJef3+PwtiCTu4mwvyO04res9uxSes4xE2kiZbyGZRx1wXZAzCJ8itXBN7PVKzFzJZjYnvzWssePrpTas0qTk14z8nU6v6Yh8YAVH+qiVzJnWXMz8prjHdZPPLZN+I2faUD0nuA5yAeh2KMODCESOKAzSSjwdrJ6ziilaXnHPddx5Zh8NE0XkRb1TvfJcd8/Saz8H4YU9IlPOFJIP1w6RT/gUOBCwKb0T6NrLNPYmUxVIB16Ao7mS2l7+2lBlz9OkMWSM282LMeyH3QmHjIRpvKBH02f7+9MWIrrLD+zss5b+k+C/WfHm/usO160lUSRseG8B9/qEESBjXqxcXtFanv3vJhbopBY4XylH6O2gJhSfQnaIV9CM3zAQW6hwr+HT7uc5K+tpU9pDZA+1W2EY2Cwk+d4daMKFNlTkTozp8CNtJwamZInEXackXqespoo6EcQtXxPBWIH6x2LO83l/qnCyc1nZyax4naz7bGoFX895YKnIkvxXcmqYICWbGsKq2iz7WzmVsrWLdqM2sYuXy/qW7fPczk5AtKFLTWi5sP8E3FpRUM89aeK2Omkc37W3eRZRIwLPDliNzyKJuykmLD4CVxiftjY+7liXAFqbX9F8blWCPorTcTyenbK5AVT/p1Nj28juwPQ828/2d1V+mIoxuiXDNEYKWclGkwu4Eu6QZ44FofEVvEXIk+OLHTyYTjpxgOVSCAYK45kwTAlmyLmSRuaydJA+OTvfIUo2oC7Wik35R6ZJIwqGF7kVlpQs7WCWu0lFKqkYEcwspLomsrZqpFRW4PE6HpvTcmpfoMTedyUjtKi44NrYk3njhSs7ViErlMSoIU5txUVUlRQjkpeMqnIZsD8FITdAK0ueL0GwnDMr+sICs7UvTNFUkyDQ3HZVljLc2q2tcFcCjmP1UJmDcOUg6m2TkzfC14Hg3S66gZ4cX7zbIQ0MXi7jjaNReA6oxzNx1lp3QnoHzw6ev2wtWKoZFfx3YI9Z/xp5MDHhfTIPTN2D7QcpLV28eXOSnIu85B35/iR+c4uAf+zetAfA0wjVjii44ZY+kRw96tyxsOBNZVBhUXBXbEZVAQKdldek0KPkeRTmJhwtYFxajXBaygVRLLe6TkudvDw5d6PibRHB7MFmv7CPJ5DBodBMBDHePnPxr3ekpvk1M0/0TgazoAZau2PdmwotPVbcak3q9Q8FZiymLRxOQvZYMooKTQGYjFzIigWZtdEo+xumKrLlzVdSbUVtV7Gp5yAOFNFZoMbj4H52uhnu7IQF3QR0swQB7qhYsMTMb3OcIoUftUxHRH4Ce6M0urEIcaNGpYgLC96vjcANAB0JtR5vXBwYLOJXSNMb0go7uF+7cMq8VSfYgnC8PT9PsN7B4UHxiRYF0ayiwvAc+DH7aJykxT6iDD1CwcafUh3kLSPJDbfL5b+zqPDahTIFSrDmpqFuO86mZCkbFeaY0rL0xOe5tOVwM6mWI/uoFxS04WVJmLAqn6NbNBlaYaJg2ljysCi1CJvysgxMhta1krXi1LByeQ9lhxaFYlpvSs8BakfN1tGWm9DJJIHNVBM+a2SjyyVSM7wT+PrCokXLioGplJRcgy3p7HxEqL/7pCLUMvuPREtLJxkh/4qYdaIT2PKitDxnRNGFh8nT/ThzX4wRZW3JT1jFOAp2RYO2PLyuxhmvxxaUcYZgjUekYDUThRO9UW6WIgIBarbbsSjZZP/HXapUZ1/pvRphnCwN03eIwMl+oCWk/VoLkL/ZH9AKEhwR7py4bUJ21kffi6MWYEhsGxDOHV/F8bPWnDMms5yb5dWGFOkTK9sO7s5bK0szWvbBkcJwwYTZFEzvEqU+TNaD751UZk6OK6Z4TgeAbIRRyyuu5VUui42gDqcgZxfviZ2iB+HJ8UqwNrWbDqTBDT2hghZ9TAHLulvpnDF5VUse7ou2EV2KGTdNgXdoSQ186EGw/f+SrVKKrVdk97un2fODoxdP90dkq6Rm6xU5epY923/28uAF+f+2e0BukE9t/6SZ2vV3ZPITSuEePSPibAUoGckpmSkqmpIqbpbpZbckub10QRRMLrUTf5cFSwxSOFco5eTMcnEnEE9LKZW7DEZgeZjzKG7GWwPBK0k9X2pu//CegNwfa52A8E6axNsJfg6O+nkFl9aMSb/avr1iIrWRYrfIe3uj2IxLscmT9gFmuO2g7f7jZBVcGzpqDqbBk/aPhk1YG1G8vgOG8ECbOM/Og+DkOSJcFillodHSGzy8C+7s/ObIfnF2fvM8CoQdGaii+QZw8/b4ZBXUpGUbNlkXL4PHegVuLq3Kh5rL2bmdyMnxGL/x7vgyKMXkCctmmbO60DJV3glqgN4g03IBhLOS6IFW0QQznZiRUtKCTGhJRQ5Hd8oVW1g1BPRuJRt7ojsYt4uupTL3Ezq9kKON4sOSaIoNO/6fBR+ob95D3mut+hzf/iTp7rANR29P1hE6V+/HuduDVcRvuZM2TLHiakiufLjrzSoccz6bM22SST2OcO4RLKSuWeFB1s3Ei6Nh/7+PvhC8ppLhnH44lYpsTaXMZiDbZ7mstqyGv5V87rpoMOrEuV4KZpiq4CquFcu5tvoP2DYoaqTgsIRom2ZS8pzoZjrlH8OI8MyTuTH1q709fASfsHrPTkYu1dJSqpGozH/k9urD63WyJJpXdbkkhl7HXUUNtqTagP0fQ05QWRbSEFDEFqwsYe2Xb06jk3Qrl1lzvdW/SyMyWiRhZH0F2/8FKIJNp/YA3zA7q5Np3B4+YZdvTndG6PW4FnIhvOWqBRZxqB95EyGgqKaR7N14cEX2iac7bxjW4jFiCKjnz002QDKrKCZuxHq0A9+3yKbRTGWbpZhUI0NjslRoorWToy+nYmC6kNNVHIMK8ub0+BxCBnDFp2GolFS2+6tjFeXlhhZnxX8CE3iZJesDMG3KckCSfFAgtjWx08C0IPTTG8pLOin7AuZxOWHKkNdcaMPctrfgBXvkH0YUMPvmqQIXubH4kX4MxdTFC+H6vJsXLHd7dUmNlQoGiAfh3CD1pDuBk/WBmFM935gGjZgCXmDnsXwyl0oxK462gpWmaEAGpiEIFVIs09BHFKwSUvlJMxeIMYZV8AINv/DBrm4cAuRyKaa4V7RszUlFYa+J6PAgPqB1iKg2Eo/zvqObNV3SCnoSwNCHakNK7MXcSqlojYDgNS76gCR8hwLfaXlBZYNTBieo/2K1DxTj2AmSR7CVw1AEHHtTRUNwawzbQ2cGxrx4MRwiX8jKML0pecuM4jmGz+g0PIcK8vrkEINzLIVMmcnnTIMxJhmdcKNdZGQE0lJXO6C3FZnJdQj7aIPgxlWNcCGXilXShCARIhujecGSmbqQIUyUuJhAvyC/6SK+6gxJ7dhjHDQOBMGPbnKvKtlhuY6gOoTdx92Vg5lzc5x5+zIiCOeCoM/U4cCLEMjrTtmSFHw6ZSpVdMFcxiF81d5V9njuGiaoMISJG66kqNq2lkhbxz9fhMl5MfLODKB/8v7DD+SswFBbcHj3DnxfsHv+/Pl333334sWLly87PhsUA3jJzfLq9+jVemisHifzEDuPxQq60oCm4ajEQ9RjDo3eZVSb3YOO5cvFR22OHM58XNzZqedeAKs/hF1A+e7B4dOjZ8+/e/Fyn07ygk33hyHe4JUdYE4jGPtQJ3Y6+LIfiPdgEL31fCCJybsVjeYwq1jBm7YSWyt5w4u1nKqf7RuCs+YnzPzhTNNK6EKPCP29UWxEZnk9CgdZKlLwGTe0lDmjon/TLXTPXNP1kTzYopwt+ROPW3odI6N32PdXcuvLW0KTwoPt8BMXGNLL+kkSEWqW8yn3puQABUZXOPOAM0bKaTpIkkLGNPPzzllZJwIk3FdoxAxDa3cTiqVFkOFBQ1jngtqIjOeE4Lh4XrTPMK/obKM8JT0bMFnwoCJAC6rJpOGlsdf5AGiGzjYEWaQsBxedtQFI8tpunz3Jb7slw63LbGFSlyzWmneDuxHXHH1EgZsgyW6KneDopKKCzsBsBbHtHp4eJ8G8uoSNJEFQKSM57Xx9CytJHr09WA6l5+RpcLqiU2CvnV82MGYSH3dXZBxyHxcZ9zWGbrUiz9aK34piLKakPlD8VhgW4rge47ce47e+vvit9LB4N5/LCe/i8EsFcaXs6TGS6zGS62FAeozkWh9nj5Fcj5Fcf6ZIruQS+7OFc7VAJ5uJ6eK1nS296e8IZGKtCKZa8RtqGDl9+++doRgmODWgG3xVYVwQN5TYS9xKwYoScWMkmSwBE6cMigM8/Ao3EZh1D7Hty0VnraTlPzpEq+hJlI9xWo9xWo9xWo9xWo9xWo9xWo9xWo9xWo9xWo9xWmvFaRWiVcbl9N0FfLzFg/N9y2tjL9XTdxfkt4YpzjTsFRV6wZJKkfZ3F6jlLP+MQ/BLKBMQa6z4sZZWTbOnVZIZM1glAYd1gz4ZF0JD2MMreH6844q2Lf0k6ejAl32ZASSoWD7PjYjTBieUxiueaijN6cvjIAzov14wxXyUQeF4C9c4Th9KfHW8cx8fU2vFD+793D4WhCpFlx4ZiGX3Pgo31EozAAbRrqKHYqZRIjnyvvaqS6dJpDxGgP9fs6VDWfT8+L3BLdDMlwFtObYmS/L65CKWafqA5UlwrDm9YVjGJ2UWVVwO/ugnF2Rh33p9cuGG79rN7DZb8gNbHWqfWCULfmk7J+1znszJsSEVF7xqqpH7MozrF1U12rQqNo7tLGMLHIQC9pZh714vPYxIReswJLWj5XOIlzC+ajDVpJZa8wneyAVU26Biaf/lvsALHlzvwRoGlGqSYwW1lke0Q5FZXtKN+T4xho+iTSlsiPdSF0gxHArtoSUEi9b0eN3Zu0HQkzjOjShmAG3CHVHP7hQmdoeDUQyi9NZffLVmotBeOoGoK2BYHiXpgH7tPS3jYD/z/z+IhU1a2y/bqqOluCR8qQM6qbGEi24XqqMkn1O8zE7eHb99bQ/EhFlk2ffLG1aMUua0va3JGMWJyGJM4gmXwhf6s2KNrqVFMeiX8TDAIHAuM3IWeJXV+Jx+2B3TF9MdQ+kh73Yd25uHQR3s3rYsFotshfHA74wx6yhKq8xrFvcQ4wGWzxuQpCznhvUCAgY3wXLNiVXG83nK2NkU+FLLY891TlXBioz8mynpY+osKfvx3RlI8DeJSMMpBryxw3S6wbjGy3mMafxEFgOk2YJ7zmjB1NW09MWIN3C+juHOllNySEpmDFPAJXFmAjO3ApNrLJ0Xgx9fkePjEbk8GZEPpyPy4XhEjk9H5OR0RE7f90jWfdwlH07jn22v58YUOLtDdmlocU4VOao1n4mkwrqSM0UrpMBQFb5lyQGxDMM0koEg/qnmMbIDmYPuq+zPDw8ODlrrlvWAN+zBF4+1Ca1MYCdzYhTGVTK0211zAWZfFGBbMi0JJbRTmxvU/jUed7HwGbpDcRiUkQEzUI47HXMljv7x0+sP/2rhKHDGLyYxyKmvYucuDFRN7pQPWjx8k1cj3Ikd0NKrL3iPOzkaQordWnFhoERsPqfQREFp8mTCSrkgTw8histCQA4On++MEvKXuvVGZOdBScJqg0zntLbHimpGDvbhFpnBHL+cnp7uREn8bzS/Jrqkeu6Uvt8aCdE4YWQ3VEYu6USPSE6V4nTGnPqgUUwteRLLNWWsSEfIpbhhynm1fjEj8ovCt34RQIJodi0HytTecs2Gbf7DnTiPjpuvxnETiCIgf5PEECYBLS8aF9wCY9XaHon2GYUbaA5aoTNOAdDAC8NMo4ga3UwO7ToPMocVII1RC+cRQuRB7kx6BTaOsTVCEhGSGEV5CQVtmeJyWPYdRvqj2wzZ36Pb7F5us0g/X0ZHcKrS7ULF8fFxWzj26urV5wS/HPesdGVJzs6tGMcgPWicWjfGHTOD/3HsrX2Odvh0yvOmBCNSo9mITFhOGx08ETdUcWaWXj9KCbWiRlu90A7lwMrIa+zrFOFLwtU9oAY7bkgChtEEOeMosUKXEW6CRQvLDhXso327slSSDo0iAb4EvzOqrWRvZBgx1o5FScXKt1PZT7UMCk7XetL+7qC7wSAMfwldwM81HCP37v3rDx/ef2hBt8GzsZ0ejmDjJzmtoffQyCHayqRAf+3LC0r0xtSvxEcgRbkEu6uG4ryJd6FVrRceyxXzXcoAPhE710wRtq6bYF0oIgDe5u88Ai0gOvND5wzAQs2UW/8TWaMBtlzaIbSU4V5xChuejp2MHIsCUrhzKaLu6rDaPvurfRXepG9VOccTerw02H5D05W85QXCNnO3eYHeMkN3U3u1z/RzBun1y9ff1dlgoD3d5/V+SVr3wT0W8GsXo4mRGRmzXGfuoTG6wT0YkQmCYASsp9EG+6WAS7TsVccm5Oc5E7hnsIHYKCbIa1wUPGea7O46O6nzYUCrLSOJLvlsbsqhPPVkNfC+a25oQSuZZdFWf1OuCjctfrWg+vi6fM4q2sE/aXXwGiCdg2w/208pRynZSip9Hb64vZlVTOrMofOJ9wfBgBrJdwmmjYDHn7Bee4XyAz7nPEF1zSA7qGRYFcGi2TMC8FTn1N5Cod/TN+nZ4kazchoVbSpw9Ht46jYUFQ3IRLtPx6OAAN5qhnvI5NWBGIoBCNImeavBCI3yBhfr7VWtgbWh+fWVlS42ecPCLARmCS4ZWKUloLoE1x372CnX94WEz4DxUdp5yGW7U61b5QLYx5zVMWw1Ob6/0hualVTMsndNWZ5L8BK89o+n5/qm08Ti9c2aTerwTA0livuC/MO54qX0KgTmlCuet85nYAPH0Pew3SXDHtnuPZn0hYPkxzmeHRrbvHn0vIn9GYGZ+551xjtTqAkeLNB+xCyOEVvdyWmyCDeeH4r61mkEuoP5WjOugkzs6eFM3ahkhBhpN6Z3S4M+lkYBjzB/c6AxyISZhRW9aegA4GSMpAseTuZ6amDzu7yU2q7t2O/E3ejGvAQ3JHbXaTBzq4QRseMCfEw7CAJAw4hOHnPDxh58Layn1BJRXrFKQhwJ09DRwQ1XJIiPBHfTlIIpLHLCY5ND97DOqbBLhxaH96l3s0bW1SeL3jh6kLe9Ob+dG+2MBiGvCGsApIEGSQtfcHtyjbsXJbo5FWSMD/i+GeNoCQ4bYc/6GBCyS4tiPCJjR/K7QPIMvpryku2i1FyM0RvjfRJhxNBZLwkDwdIFdQnUMFQlp9FM7dZUa4vMXQz0aV/RDvRNbMdrp/ngDF3kB8Fizmdz10BlmAcCh/TaS2dXon4sfb+WzuYgQYxHfk81E9o5jGJOGA1gBrjiyF4ipb61zc9U2cMNjS2nDZTdCuKmnFrxc0QWzF6OAlNrIBiK0LaByQpzub1jwHPhHJEhXsq1oK2xfXajGRqwctoMp6nBTkMJg8gaVsthD6funjkZKE+8cWERroF1q3tiQgdJOr+PLLIL9Uy0wP7foSBV6JLbiCS3f+S6OpWx7gBB9oe9fO293tg/pCJ2eaBrgMyPnFbeMAVs1mqaQYTwkk5CYZZ4fuaikAuN9z45O+3vw9Hzoxdt5OOxvuOAFVFhbuPXcRgcpFdFbbjnuL0QoA13gF0xCgzDN3DETldL1PR7jbjdCUWNyfJJbu/U3GUmxdbpoXFQ8pVJq16b1JIbrrOBTuchaKTLp88EqaQ2SSujkYuMMwsZu5Q7B8iEDaiFyE/9xzwNumj16s5pmUNJDJfmVEL0BwoKqUXEOdJdWCCSeBizdW/DtsCrvkex0saLPKwgvNNI00NSScFjGy+SDLG9Daqb3zH70ZcgM5JcM1aTpkZOAS+lh6uNVWjsCJC28WjvKzxxOS1H6c5GF+RAkHFBDdXsrqSzzw/Ix2k6UVGi3cseLPbggq2wIgcVGOnktAYrKEvlBSNMibScOOEfpZyNnJZTytnOKJ3cngi/UygOLGMJjuQU5rJKMpa7XUdhKxXLZVUBJ4aWp0KaYFOB4a2I0JobFJoQoVXJokk6rWKKxVSWpVyggEBJIbEWo+gNM2ABq2k+Z1mCi7C9jVonV34gqbDzJhd1Y678j4IK6cKwvNDZmPQBqt/ysuSDz6BrB2jkYJBwTt3ULbmBgA8qTNumJOQ+iHV7kvEzs8qBYs77ZaK7qRVUN8RhPPuA2QUaxtye8l7yBxPrRAytuigiqL07ons9IL3Z69B/byWbmzSd394g4K1yrcE7tbk2mHXxI9Vz8qRmak5rDQ3CoXH2lIsZUxDosQNuJ7pw95ORdgMoekTCAgpWSQFNSRkqxmDy42Y5kDrrixsO/XX8t5PTL2ZPOju1qwmVnxK9pQPzYO/oa74WAX2yZuUDqlaqU+gc6MvwCydrd6vZtXgl0my8SC2Psy87nT8xpN+iEnTULvh2HMcca0MNswoXLamqxl+nJA9Ati2IKZvf2N2KsyQx17e1zAbpwskpIAmBgKObupbKaL9HFicgi8PQKLqUzQyYk/SCUBg2+qio603tLnS8oo/hdgKWsDPy2h2OPO7EYrRkzmgDBCXePr/q6mth3cukm8D7B7oAq2nQUuQUSpioQMo/OQnjFka2Qlq3QgQ4hhleOIXMr5IanwXXlkwLUKAxgQzkZkZVPmdFPC1WIOGhB7xiRnF244X28RXuzbiPygtWk4OXZP/Fq8Pnrw72sTLnyevvX+3/t78cHB79jwuWN3YB+ImYudVtUHNV+N1B5h492Hd/RLYgVUV0AxLKtLFqhjayrlnhX8B/tcr/erCf2f87IIU2fz3MDrLD7FDX5q8Hh0/b1RJkY6ystkne6aZYxT7PUgElWqWstpajJTNyEt2+4FsjJ33WfW/faBHEBx1rdCgcA4WMp5SXjWKDDDGMuBZjXJ8hhnHXZ4xNXzDdcP3c7YvgBR/aNzQDQKER5Hs+YOdiqZ2W0bcavJGzREuu7LGXbY4VXe9etfGHdaCOEtFyahbUN+cdDvNGykI+erHU0IB9bkxd7GDVbejn3kxcWT43sIuxttdvbF5v//fkminByhF5y3Ml7fy7bom7/nDvHjcFt+/u9PcR325to+L6+konvHUVt52Wkg76yT5wfU1gBLhlFJeKY5ROd/3agUi0LIHSdBLB+5NmTtmHJYO67UwTKPPPmepWJw2wXwmpqjUoceUitt+BkZf/zgoY9o4FjYIdHixWYRH79kge7O93rwiotM8F1rpxCchL2cDRa6vKjhCAojCrQCcA6ba9ww6xoNhBTDPLBERcBmLNOfdpWfo+4x3lR7PfmkR1ergCQRduYF9rcqUAywIM/lEIcUD4vUkBlGrdM1uOwGpDr9uZUOwjzQ2RqmDK5bM5CSexXzrrZZkUi4oWl6Dh9pB1w5Lqaw9S4geD8NE3FSZoHx+a585+auSt5qWfQ8aTt8HFEdPMqCTkDp/y+rK3BtMk4scSKcQrZM540tReG0hcIGEjwLnlZuXMN8MQmmuThoo4wnQbE+yR2vLXwexEx9nDeibMohnqvI5LOcs0/J7537NcFvZedeKq/zrG9XHEhcG++j7eAx0VbooW3uN2tIRjX6Iqnsyz04udrC1ZuDcKyVBKdFQNTTvkQoQZMZiroksSo7Si1VTW6HhavVyIZOwsuH8NfNemaUPXKg92u/0DjSt3WkCc6y21gbQEpxuL9mBFX2EEsed0g/0lthOpPkkQD2Wb20uyByIyDrvD0SooE9+9g7mtpZeK0WLpKKlgU9qUxhN6NA0ntyQeQE8c2LRjwXV6Vo6j/Bcm9SGykG1H7fGXAlzfZ6du8q3XjZI12zuutGGqoNVWkrBDJxPFbtAb7x+/uNzawWBK8uOPr6oqMhNOS//U7v6zV/v7WzsdNtoPUnkg5Y4huYDE66wKDYbvhLWco9BLbyS0Xgllx3G/7YtQTcTq4QC1h3nKnSHABaB87z/fEn9yDG91gxUg2a1nkIE4EE0mlgu3PVcunsL+Co48HwVgx3bVnv3yLFAhd94xeaq1zHHvQMoHrRDZ7iiEaPjPVBR7Fne8bMWkOWP9yKVu1UoWTY53Mkx55nVj8jZaJv7X92dv/7d7FgLf3IiueY/eyfBlp1x5TaZfdp1CbL7dVvt4Zz2eagKLCeE69+sEBI6hz2CD228gMYhXqCcAqJaR+aHb1R2cziBcnYe4lRp9SUbR/Nprc1oPWa0H3Zv3AxnQD+MADdo51oUy1lxvv9+Bcc3uAfdBKjVG8Ulj0KpVMUMxWxpCLIbRjL+FWhMwjDNkovuyqeGyGld2qrHzDVrhxgowY1jFODGQosMTfdn2UJsouthHR0RzK8264UCcFRFuL9tZMLrOPCiSuaF7DStwruh1EgDq6f6dAs6hMtemoAzVukJ0bOCirup9D8a9uazYHi097oJjxwLVD+d+MFjh/IRJemDVTuAPJYI3lpl+rnhF1dIVErOX+g9npzu37uv2wf7+QafsdeCRm4YwtaIMQtffyznV86wqnm0Ivrenz3CK/qR6Tg82NOvFj8cHt0x7+Oz55iY+fPb8lqmfucK2G5n62cHhwNRcbC5a6syOHdU8H7aOjEWEv7041T0rh8+eP33xtFPDenPQvrXAJsfDgihzQ8u4AjoYT729//xovwPmZ17BAzdwuDopuHX4lHc1tC9Um9DhxmpYIRHBc+NRcGSatJ5kD2U+67jLrOVCbMy4jWK6nWAbIlrUYE33Pg+sqdmU9//7pixh/FRIuu2i3VuFOM1/v6cxcUAotYNYqodmK4lM916US6JYyW6oJUCriUMML6TUgaS1ZT8OJOwePH/a6bBiqJoxc7VBpF7CDIhWq1nqZVVyca2/WMoG4BICAJ5YtIzsOQBl0kGy09vhoPmFcpEbLacDuraVV34CeUVFH0GS4vPkoiPM4NlZLdIkPRlQBUSV/Qf38RaN/Qcm0zywnCq1TJvm0hgQ4RtXpP2BqZc021ZuDNKIvS5aqn9InVc8OHkNy+cQmRIdWxays/MkRQDDAdWubmqrpxT3SQ/7etr7fPWtfb7Ctj5fWUufr76dzyYrKD228vn0Vj5fYxufr6CFT18d9/dX+GL1DXYZyoknKY8Dfi54xuUr20e8TOWXKLtBkOvcK/9168N/1UXhv3Ql+F4wsqPPH/3nO1Jy5xhXDOQZKTI6o+F3Ws6k4mZehZRMrpwPO3F3sLJATuUyeqtKQvWpOfP5BW9Pn43AzrIDdF4r5rh1Ro6LwoMxDd4J7IPvhpgsSSkXTOVUewWzDRwyYwsgupKgWBbGjmhWU0WNDAWzqcaqRbXi1DDyRAt6jZ71EcH4mDl9evXs4PA+Nbm/tEXsyxvD/hg72Jc0gYXzJHUrx/1H//lWF6Pvv95yMWIwWmlPRN0YzKfGRv7h8Lw+ucAE4m/9IRh0dnMzH3DJwaQy9oFvV7DwyeigaoJCM5hFneZP27UCRkPCtBtxTlWxoIqNyA1XpqGl7/OvR+QUGkInzdax+NLfmwl0WYNgi4Ldq42yyufcsDyJv3zQvg2dwL7WfD2J4OOL51fP2zaLx+asj81Z7w/SuprcY3PWR43usTnrl2jOau/PDUGy/aMb2/NMuOTTBNhY0SLE6y184OjYQzYGadqeX1ch2asicPW7O/gOLelh1uNUJJRz0gCPYx3w6NNvaLmgS+36IY0gdNXFvQZN13W5gChslyTOxA1XUlSdHAO/f1DPu1GgmzQ+aWg8YdRgg4UuFj6t8S5IQLwebhq3mYa5P7qtHJ5zU/T57lbaTEp4IlUmFJlQ4k+Cf/QR7Y5JQlLSbw0twSEZxkyUel+XCGKMXc36UM4FGlS5cHQoeVywnBdQpc3KrkBGkbFDidLOxkudTWnFy02Fxry/IDg+eeK9AooVc2pGpGATTsWITBVjE12MyALTQvoOHnyyB3dTbqofYk/mxZ1ou219CURfXm5YBKW5xcFb+Su9Yd0VJLktX2ANOFsAG3QuRRcuzL8H+VF2lO3vHhwc7rpCOV3oNyjQrMB/6h13y1iF8H92ofVmqC8FsZ/P0b2VjaQekWbSCNPcRutULXiP1gdLfG4O+HVp5GA/OzjK2sV8NxUofelywjvs93upyEkpmyJk92kUNZMEOHfzo1cZynmPzWFWsYI31RjSHm6qtHo75DInsm5Q1luVAzEZDkxvre5p4a4OIw7d2Z22i/WaIS+rQhAuQn8iJ3WEwGzfCTPdtqeHz9rTP7bPfWyf+9g+96v0lDy2z31sn/tfuX3u3JiWx/jHy8tz+Lzag/C998OFICb7UkjGy3yZazJuVDn2aXEMc45NsmoLpCpjR0joh7G+79i/MJHFMoOwv/vd4D7RNn21jdw0pLADJoFZu+h98eK71SC6INgNneFLp9DiZtwK5Y+sLCVZSFUWw9BuAJeX0tCyHaTZxegTCywcduwEOCCeHxw9HUZwxcxcbuoe2W6hFKfqpBojkWMCOlRgnrA0s97I4BXGkpu+lH5GLpgrSSbzpvJh2mFs37J468znTVs94fXJxVBrKGZGpIZyzHVjBtGk2JQptbEo5Q9u+Fg/JMVcbzct79Gv9vYmpZylvZz2OrC7Xn1f+py7TiVrHvQUyC970m+Dc/VR9/B+6bPuoP20w+6A1oaaRq/br+ZetRXaOMWJhn0GR/ttR+tmjQQA1yqrywEYAWJ05Sy90d+4j7eEBJz2vPUhUb2Us5llORXL51RwXTk5A74M1XSSuGUofRUjBKDYTXAZ3Rkl0JvOjRsKv0IKq086DvOnheVaygnWPAgTYQUIPybYbNPSCN+OWwvxb6UV7Xq1NDorFNLAIliRjv9tqGw3aQxR1JktfOWFb8euyQfaM16fXLSbl68jDQHBbUDC3H7vi+pYRAbfpdusVeWxdL8Wk7cQaXA6hqEUFFdrLMMIJS3s1RFGdImnof/1TLJYwgMGQSNSWve3kEyL7W0Tir5KwaKJyVfMqBuT7megJkv3oaIHpJSGakxpPZGdXnnsVkXDBVViPCJjppT9h8N/olZDy4E6G7EZTXKYZ937+kH29bJTmgonIlxoKA4mCK3r0pUKz0JNokY3QOZpFY50FGzlgf4P7MfgBKAwwwh7KWChAd+qf9B4L9UsYyXVhudY8S6bSGm0UbTO/ub/aiEL6z9lkN6TNGa9tV8d9oddhSE7SqccUUhoc20jEnIHR4SrL+x6EneKeyVHpnudHK5cygYND10qeKDFJZn0rjQ7MMZuOTT7wmDWWNje7Fd6QwcR04iB3hSbw4ubzhUQmMuih4o79teehoGFbKZmpT+uJq3XbmHzNSxpt/gwCJTJE2FjXQt9XZfcYFigIQ2Ukw/GkJqqVq+AM/THKhp7dY3dsN4cgMhLPbdUJMXmXTPSHnW5UdIai50Si26xo96CfFm+MOac3rBQTwfqhGFmau6bjWGSFHosmMgluB6lIoItgC9oolglb9JDIEleMiqg3lUb5M8tAUq0dBU+7bU2Yb5/Z9wn75lLu6t+eiVQCAsCV8bbZZAoQ6grXIRrHD0sLOO+wg9XQ2TdO3vuqg21Otql9HgqVkBIqL26K25SjnTDqRsm8yV8NGPkw/cnmjw7OjyyW/n04PlRNrC0bEpzKNWfbULH2E5W6Mu4+Ql7slXXkRDWd5yWGoursjRklzUarn5Ohb/yQgW3/TCkfffwaZ84Dp/eiqMN30++uhX7aHYnFHpxrYuszjqAqL8bWouv2fjgW93Z5hW1IT99i1kckmvygnwbkfPfg6SatXlPrJkIzWyBv7OPNVZMAsu/Y8mOegKhwMwHLw8GcqWfPhtCa6vW3P1we+eJ6RY+vPvEDBXYc3X1LI4jw0hVlZhk0p04chrAUqe4HxT1G6VaiVUresC7kzmTg4X4bgU91Ab0Sg6N3V/a5QHtbXBbecBuocS1agIO8oSw4ZuMt/0aiKFdJDOMuhYRQDXxFRSQKLV/4OYnUPT23fdHDUF/WBAuNTm9S766I7PLl5Nrp6Ng2EdVNcI3q4KKCND/CUVHGnNfCAplSVk6l06iW9Yc98QnJa/40TvNN7qF8kIJ6Hukj0Qte1PH5Rg1GSzTDyUH0lmdHaZW0shclu0uR1RNuFFU8YRwsMawK5kIrSQ1ysgVVJh2pfpGIJDSUkPj/XKJikB8WF8v68Qkw/PfRvbmYhMpr0fELKwspxwwi7SZkdU8YoeppOTXDRNF0ogJKkMALLFegr2FilAfIVaQhSO1VzBtyNk5lorQIwJlwkckGXPBla+M+RX6fyivWqQ1YNpfp+7wSrP+Ntr10Z4PEjd4e2BHJtKeG4j7gL57LT47dtV54U1Xxj7p/Rm+9317RmTsD6v7CUUVHndCN9XAjfS8084NOYhZXm0sxGT7GOMloEUrmoMF5ID4xZGzc0xHddSUdDpPbWj++MWkijb/ixY4SoyU5S6dCamNvfkMFQVVRdp+Lww7LeUi3Yw3jCqB9cOpCf63GTfzZgKeN0sg0JVtLyBvlxe79pIZEPpezd//d/3u6Mf//vaHZ2//tfdifqb+ef5bfvTvf/y+/9fWVgTS2IC1Y+vUD+5vf8+ujaLTKc+zX8SHpHtX1K5f/SLILwE5v5BvCRcT2YjiF0HIt0Q2JvkEnYYFLfGTpaD4qRFAuL+IX8TPcybSMSta10kzb2A6eHk5ZSbpzOL6C4/ChZTYOdIxA+eyw2xrAmlVdvE3nC0yhGHFxB41UpGaKV4xwxQC0gJ6PZgiIC0I7L8g8rjJ0pHDpNlW30IG2G7RzVSqBVUFK64+J0fi7NxHBsZSzO64Jj85e1mt5MeB1lMvD7OD7CBrW2k5FfQK1akNMZiz43fH5Nxzh3eouT3xJ3exWGQWhkyq2R5ezNApc8/zk10Erv9F9nFuqjKpE33h+AjcV74ziH9LO/5DS2gvABwMJJ53zHxfygV2S4O/XFhQGLeUM+8QaFxc0NCaegh/3kL0pmPvUDiaLF0jDWjML/3tq2Omnb+XutD+AKEhP/Mpb4GNzbDvcQkPXbhukE+6ct27A5du/GXg2vU/RvnMXcDDF+9h2xPuqWYDvH77zXdeu4h3JniPCPuYwY02IiVQ1K80t5JkcBEHCffrk9xCEF6I4vdQbwKFF1CAQgdaTpgYSu0QlExjrXNG/o7zpMeQhB4YAcMlXVrm1BT1iJi8HhFe3zzf5XlVjwgzebbz9WHe5B3Ebyh94gwvnfcXZ1Cqs8RLdJGmOXiyfmOxmFncHSEGEy2p1iwfkZpXgNCvD50W6MQ04JoxqNQ28D797rYyFSK83i+HX7Oc09JT8CjUAMR0vZ5KjUWyQxBJwQzLzciPjx5pDCy5c8Td9v3mhCvLXbGEvG6X8AuJLMHV7atT4KBU5AxTDN1SO2X9pZjyWaPiNSeJasT6CAgdp5LuYu1qGd5WpUdkwSYg/XCrvnNhVANpSIguLsVerWC9MK5PpPQCZRQZv/F0I7RUbtgUpGRG8O2UUmsyNLTF6vH5W4canSXGHE8aqTWHYpH1FcYc34ELBkeroFj6owVYx3XqQBfahxkhbegoPd+Cb1hFNEu5vgLkrfO7/tawBgcmry/fQLEVKbDRkFP8XKfFRHIPw4SyQIqB6Q965BTMygMeHxAZ8/rk4h4WqMcCIY8FQu4P0mOBkPVx9lgg5LFAyJ+6QEi3Pki4fdvGkE+z0CQWmFuH30xBi7fHJ6um/1IGiO2TGATZR0Ei43sDMDyIbWrQs5G6dsKbLUfOnJX1tCnTBOqoVUxjKFeQzYK8RDEwipUgdoQjLYhUMyr4766tQGp8EDKN64QgJ8YKVjjOg1FbCFfJpoawqjbLAfPyFZjiLn5obcRjyYxBqB9LZjyWzPg8iP+PLZnh+s1tCNTLue9+Z1Zw+A6I+nB/vwWfZorTcrNuBm+VcZM5wfCurhMPFazsaoN0MIM2KSu5giGlsts9VbJqG3CVq+SV1OkN7os40rJmOhvK0vAOJjWOZraxvwUhZaPQ8E8N/8CNBH/IsmSQ2IF2DvtXtFUMhM34MVsobcUsPCRS/xMGXo/gLpYVFaYjTQ6e34dJpfebkjDEGBMfZQp41xsNu9/fEVWUjuMNREwons+RoMAy1CoxEEJ9clnVVHjpwopLoPC0iLET95OGGenQndKKXBCARZWiYgZmvikvjWsViqnwXpiCCHDwP7ULDQQw4nrukxT2B5TWaIuF5MuI0Cl9BLEm3kYtUgpXx0XslH97dfz3F6HDi4uMHSadbhP+9UsZ/Ckl2j+5OPsnlmX/RILsn1iK/epF2DTKwKdsOS53nnx1K3OL99Vq3gb3kza0xDwkdCj5WT18Z0kvd19LfmAo/9oohGEigSWHWfPf01EhhjQM7QDBMZ1vJ44FXQchQT1PLqDPK+P+cA1NceX3ruCez1l+rZtNHaETN7yXE+NWu62Cq/2GqZAb14/VeTF5eviyoC9fvHzKnh7tv3yZf1e8oMWzfPIyf3nUVmeSyTe0otO2hR2CutrEGiB/XzMRov+VnClagZ5RUjFr7NqNJJOGlwXR3L6xp1jJ6aRke2w65TmPzj4SXa1tEQzReaVzubGmfWeigK0RMzKXi3TBkB0XdtR1DYEmcGDWH5FZKSe07OEFvx5ayGf1D7+05xNC8Abha2Ou5DkTemNW1zc4vCvTENtNpJApBomDRbugGaFEh7pbDqfgt3EjplKxkhW5OD/9J/HTvbG6KUSthyFrqTWflCzG9em6+AgxfW5IvbfT1yiPa5rPWRj4MNv/UkKC52TJFJFyZPv+31yvzHNq5kn8v9833iOotB1po9UekP7eCStLqvZmcu8gOzjMXrarDt2/J+ndyYAebZ1WpV1menj49OALCiIeqvYsaW2Zw+zlNy1zWc50S6c6T766XTNfS9zwUwzr1TkVUbeORQpdiERrPEzK8cMRXuwlFOsColsp4qDujf30NRQrnBp7RRi61L7vM05FuNGsnBIqAr7tqmqOQUZQyhG4qI+VBj0FwY3+z/Vkk9k6JZo+LX9BKbp0ob6AJKpmEASWunXf0iWZMGe9wOXVSloRBqJ8OFT9TBDf41Xu4y7RoYblLtktw5/2RgofDvYz+38H7Qhg9pHljbFX74ZQcTzRsmwMa/U09liJsw+zlAkXe35tabOzx/7z/5X7z2/SKex4qrNqhKN4IStmtRzLB1FIR6k11ADVvOIlVX1xoUue9Wwt6+C9brizKPmk1WwT/sJ061xhQS5NjGxjtr6ziuv9bt5wAwzU3elU3ql7cz/Eza9cBSwLxrZd3hAg7WtfG9oNAL+fsD1nsQ2/RzgMOiAYbR/uHzzf3X+2e/j0cv/Fq/1nr54eZS+ePf13O1LKzBWjxXolm++FoUsYmJyd3r1BDoaNVp0AYAYNijj7blvWBjlo05wAJulkL9hthe9HWMIGWUMI3KA6bDwmSZxQgQaVCYvJ7K/CkEl4CKFkouRCg0/QV/5xQPjbEQKGrezoet2UkD8j+nWZH7K+vl/QvUrsL6S65mJ2Fcqcb4xymJ8rKanujRBerO1AuzeXFdujVtf7Jq12GQPNnZz9IfnqVjk7JOhpBp0eQztfVxzECsw1v5GwrVTJRhRWTuYMavb5hVFDA7mB6xQegNCggXb02u4FF6SiYknqkuZYpo9CPLKvC3aZguCGxuJu4N1FH1I1QucYZKp7+ZSWJU7huzNJF9sIMrWupSgia3HVlQQZOyxmsbLjsVU9csVMcAVbDMUoNKZHSXmqiTcQzKGwrneijpzRaBSJwGdWjUhecqg84R+logjJNmlCoy9bSKBaQQFLPDv3or6REXpej2MxBzO3CgkgzZVjx/ivs3NiFL/htCyXIyIkqagxYNqIxgZuYDKqWDEik2VIAkmnekWzSZZnxfg+jsZ6jQM1HP93XIaCkmfnGvdYiqQwY+rL6+eTXKyXTeKeG6gz4YjHFbQP+Qy5FMJlvsRWvy4iX7EZxbo8mmmrNOtR8jzUDCATHnLzrAqIqZG5VEXSjFgqcnly7kbF6LiY8YKw5YzfRGnKlVQkF/9659ICn+gd96PXlU/OE1iwHCqWFQ3JnN2ZnLkeyzq28OG3r51TLTR1gwNXcPkahOam8XG/mBnGVEW2wnhb2E98GlS9FArRAVz7xlrws1P9fXhyv0KHZyWuR2qOjE13pkjX4RjSRWsCDHFskkIpMZsEOxT86gsBgm0BT7ov1jowWERt7F4Qh7SnF7dxF2O+kRICgZzg8Ht+CaH1tSt+YbkBLSyXr6gwPPfJ2i4UlH3M51TMmONn0Urho0GNJDfcLpf/zpIAB0FypsA4EwttxBKrfo4pLUvPqwC3EI9q2EwqV3nGFVjRhpclYUI3yoWtriiVYBE25YmJOWl+XS7vYzBBTr4pgQzDiLAaD25MuDqwZp9nMNWEzxrZ6HKJ1JwmBxGysGjRQZ+DoCVq2fiIUN85BbttQOc6aekkI+RfEbOud2HaVAFPlaKLmNaOdD/O3BeuBGNbkBT2ZogFcYoGM5rQ1jO29w907XANacYjUjB7ZUFFRN/TWYokptiKHR0pkOps7Ri2VYKgiztxFcxoCY6+aHCjjZFCVrLRPgQD8B6/DgB677ZLqD++eLfjmnqUy2jA14TRfB6LJiAqz6ASBOsnDB08O3j+srvmVkDMl46BaYH3g5SzkpE3b9qZDA9dJ+ZvUCAGOvTHEjsuDk+6KsF8KN/q4EXb8TnU/ehhuqYgNDh+2/DwmA33mA13f5Aes+HWx9ljNtxjNtzms+E+MRltu5+N1kvEOkGzQCdSl5yd30BN4bPzm+dRIOzIQF8siW0og05Qk32Gor59aVU/pwyBTT8V3rGY1bvjy6ATu2KY3ElL8cxKUit+Qw0jp2//nRYFaZ8V0LBKSQsyoSUVOZzWpHiAVETJxh7iDpLtOvvFUx6ibnNEABQ8+XpR8HmFh85dxaFPkeE6zpS7a9jcz5Hi0L6KxC0P0uCkvtps70yrVsz5bM60SSb1OMK5R7CQumZFALmZeKEzbHmrXw0aYMJwTgucSkW2plJmM5Dgs1xWW1aP30o+dzNFW3XgC2aYquDCrRXLubZajouOAL0TanKCjbqZlDwnuplO+ccwIjwD0Umv9vbwEXzCajc7GblEI6KRqLJ/5FUoFDdZYujckhh6HXfV1fSHFgELSUo6YaVGlVhIAzZ0LDNm13755lSHGM+tXGbN9VD/s4CMFkkYWV/B9n8BimDTKcMeqEbWTnJxe/iEXb453Rmh9wXqbXn7VAss4lA/8iZAQJHrh5A87vw5PeLpzhuGtXiMGALq+XOTDZDMKoqJG7Ee7cD3LbJ5bMr8eQlCj02ZH5syD+7JY1Pmx6bMj02Zb23K7AqXw3OJm9N/dUfyqy973nWamfQ3qSAf1cr2MfS9oIY64BZUk1yWJTQFuSPBdcpF4TpKeeqEqq9IlqF7op/bPulzyNb36bB6ziqmaLnBYt6v/Rwpe5LOGuTBf8KnoPuzj1wbvdOr0FK4qovlkqD7TROaK6k1UQyir1xt/LEbEE6fb+fQl0xe0KPps/39adu6sYnjtN1nzb5rayMEersR4tDl0aEE8/NrxXXCc+QUQ0GELJgzs7WWHL1NIVwJCAbkuaJlSPOIda90/TTLFBhX96ai10wTbmJyRco9o4Rq6TSp3ogHQ7Ae1bYDKuyBsTI5z5uSKoA3DMmwD1Vs2dG2CDoXKMfID8HQeaVdCc60WHcLDGjFJVtobze0dLhxGebSOWTH9j3H0i2Hh48W+67Ga5/eiqffsWdsMmX7lD3Pj15+d1hM2Mvp/sF3R/Tg+dPvJpMXh0ffTe8qz/wwFJlewZ7YYkUIx50GikK0Ch8kVBpOJtyVEDYTKluXcoHbX3Crtk+atIq1b2uBWFUNhKiEi8diVbevZ1TkfeSANlTYt8FCFE+ICMbpdvc8sK9QDSt4nXbAbJ8if1M3sQueM8002rDYLCGqin9j1OihQVDjKtiUNqWB5gN1CFsLj9qNjCWhXYwVlHsSrs6TI1c2QFetTp67aUHLQESy2Givy0BNNJAETNnhMwklmIVEXtSqhuVf9lzRS6z2NzimRqYiUQizhIIRGdYsmUrFRskm+KUHthj9BhMv2IRB3XUSIPMBYH609Wipw5ITEPoU1QFA+HR7MAa4Z9qE6mgwg2aQVLO0U0s4ya5LbxgXWjI6L2TOaoOLC7MhxIBiL1w5IJkrdeIj9nS7KSN2Rpo1XM/DrsVDCUfa3hfYtjFe9e6ek9qCSlJJ17WEcngRTHtLb2AJcfgOF2pTTWQwnnp2yC5yhYBjt6iKCgyv0mxATPDz7e67/3XSZ3QScPmgHlCM/MXxO2v9Y8oH3euegBcTqrHUgnrogDzbkhPCDZ0I5n4lySSv/QadTXGQWM0XYoXa0HVP6ArWG+qGj1tcdaihdPp7azs2V+Bn+z99Ln97Q0KAWUu36O9K5MFQs1xeE2qvJCyawwyRolx2dYubOGXg7gMNgrLDLK1PjnFoLTUrfnOLloVP3R2VmLRBp84ls9cWCdsjJeGHdwQepm6ne7eK/4LhcS7Q7zE87jE87jE87pbwODwnbpvSNi09HH6xGDnfZ/IxRu4xRu4xRu4xRu4xRu4xRm5ljBx2G/uzxcg5qMkmY+Tc1X5HbBgtXUBVPLUyhI0NxoclqVLEKAoKkJh99fFyK9GRfSY+vsJ4ufWFui8YNDdA83940Fwqaj4GzT0GzT0GzT0GzT0GzT0GzT0GzT0GzT0GzT0Gza0VNAeFmRCvzplzGb+5xZnzPfpeLJ2UVGs+XaZdXWnJlP0zzyVW/LD3rpuLGPpRCll5U0uoQj1n5C03ipHjy8v/dvJ3MlW0Ytg33D3aCqSDugdSwTrbgLjZsVRlqJPClROZnQ7pxjw7vRiRdz98/7Prtuyd85SQXFaV5REOXjT74yIyQ3PD8+xbAMMXCnJD5rQ2jfPaW8HdSUm+zENoAY3ocBrcFq9qmputnfY0LJ8DqWXfesUlrj7UJ/ITosvkmgvQAkDQofnc8nHQ8yZL4s1PBryInvxgrhFsUp7Lqi65xqCZmaSlh4+JAqyGpGDCnlCrlqLLcGvnHm60sKtfgJU6DIcpg7N62igo7uK2hP+O5k5PQS0JEHcafg+7EUL8mNU6IWwNtsvejWEyN1q7qTLxAq8Lhigwggh6BYeq9npEmJWOwQZADeFiZpU/wytsu6yYUVLXKHaWCbh0NsMF+pIoneP/9uzyw2t3vtqaC5Lzxq5iS9IcdVNEpydIoEePvX+5Wk2+FE7KDsIi31Kj+EdyieOEHXSm3aQWW0ae+O72+tXeHjWG5tdZZceEKtEIid67PN7fP9rfCxPsdLGGDwzh6wuJBCFQY33cRXSlLPXL4w652hDuoKYRE/nmyhEyEuYgjSr/pBi81wgBx+He+BJHOrDFNl5xn4dPdVjvg+PVA6P3Lg+OXr687Vzb31egbYMnuxVp+ydF3WphYAU+/5jTvjZ2Wzf+hg78+ti91xgB14rm3nrlRfnkq9Wy/GmM3PaDDCcCUEHL5e+M1EyBciYgPE3JZjaXjdfNKKl4rmRIW0natoAwbhUUwcgNZ4ssducNYqfbpgRwksjwRDG7eKPJbvQY+PJ+Czbxv/v4pKmSwuwyUXQCDnftcn5rmOJMk4oWYR1Rw5vQ/Dp9U6/fFcdCv0HGuzrjBCeOyvcxfoPg6rg2p6mhSTVWJnRBvVhdmhg5Y1ZIBstvGDKafdAI4BE+p6IocfOSaF7D1K5zubEEkz2b6NFk+vJw+vTZd99Nnh4V9Dl9mrOXhy+LfbbPjr57+ryL3lBL8Y9Bcpi+g2r/vTeoe69NCDQAvaBiVDfK+d1A0wzZMlYXDkNiSyuHX1CgXe2GHvr296f7z7+jdH9CX+4fTr5LuEKjypQj/PThzR3c4KcPb7yO6eO1dVODIxJ7MdgpDZgbIJeHlvYVjfVa3ZOhGOuckYliFAv7yoWwJCGJzufMajLedVVTM3fvS3Kf9lObNY+eumhJZ05RZeyYtbVYLDIXJZzlcqudPAA1pTF8nwI+K7rEy8mVmDw7t6vdsyi0eEXba7mMDeNo16WCLhhITID25Nr5YJKgAgxvnknvOh27sEoXmdkjmvYSWngFHG6weQo4sFxHc9+iDNg1t8zJTx45vFR8xgUt/WkIaGlU2QlN7wzBNQY+Q0Xnqb3QMAFxBD3UpLGsUC1BXpjDeWu/3xm8ZBSsWTVTXBakarSBQSbMNVlkxYCfDP1c8PCEka1azLZiEpp9fSuz3/V3qHY3YGI6mVXRu//wJdOlMkkEukUKnRrXUnj8l3FC/0bWWx3kjP8yxmSxtg/RA90x1W6wDebZFN0wli2BnYxX9pg5WxlUY7XydDhEyyRGGdvLhnVxQcaWxux44xFZzOFGxEPoMrk0FCgW2qgGLjl7qLHcrBdC2gHaaSjBgMjXPpWvjo6e7mEawn/89tdWWsJfjKxbGPWHZHMXYiULSFOL5xFIRIci5mG1/dCmJIdThNDnSgpupOJihifF1QkvAtOcMHsk3WaOMBmK6nR7aA5l7Us5cwF39lV76qEB0a8NxEy4DcHq1RTum64zOuxmMKqG18KwFCTiBdUB0FHrPhzMRP6kjbWjrfi5tec11TrZyYdvcoXDd6TvTtORDfcqa8+d8CCHoK0OOBsIyUpDgXpwHB097XffOHraAgoKxm/yMoUJHBGH4FKAF3/BtQ2uIZU3tzrE1uPx/wE8nn3Eyy7e0OkskACIgk+43YW078IJTQwY2II+gd3nyGN7egrzTRoTnholk+Fi8ToPI2LEiCCsqk2EB0DHJ8fu7U72WivdlEyYWTAmWkYBs5Ao03Uusj86DMyy4McYsK8nBgyVm00RwQWMvponwm2z1bl30To2fjUonyG8K+6ttt79GN1GHqPbPim6bcOBV2ndikRGSSFoGUH03a1PLn1oXDddtd95M0TRoXiL/W9vaJD5nT7eTmH9PmnLSW8w5p9Bxk8aZmK/4Uy7G9WH55BKYk8INKXywquT3mATOgA5gRtua53YUat7OOz/ywYm/pExiX+icMT/6pGIf4IgxD86/vAx9PDO0MOvLurwaw04tE9d0Zk3iSVXMonfrnEx4xj+eo7F42TFfJNq34kxiAQOuMs5W/oO1XO5IJbBCHAfeq8l1BzJZQXt9byOW1NltcUmgOr1y3vcpSxUj/oCJ9nN1t0Sfj73VRW+QEveFKCIuh5QF3RKFW8BtWGD5k/CbehNu/BKJK6BRPrfeVnSvWfZPnmCaPwf5OT8J4dS8v6CHBxeHaA0/5bm9ot/7pDjui7Zz2zyd272nu8/yw6yg2eBnTz5+4+Xb9+M8J0fWH4td4grBbN3cJjtk7dywku2d/Ds9cHRC4envef7R1m7763U2ZRWvNyUmen9BcHxyROvBChWzKkZkYJNOBUjMlWMTXQxIgsuCrnQOz0E4pM9uDfnC3hfM0WTyEovDIFIDCrTnEUCUJCUvKKIAm7nW/krvWHdFVwzJdgXWwPOFsBGPzFdeHbUhfwoO8r2dw8ODnehrx7Pu9Bvsn7IMP69nzPB/iqE/7MLrReRvhTEfj5H9zkTRuoRaSaNMM1ttE7VgvdofbCA1OaAX5dGDvazgy5H2Syo/9nnuiuuBssFv9m1k7wiE0xNoCKfS4UfdzFM/5sgS/wNn2nN9j9h0BNvjnaR/ROIDncB9V45AuGydF0lYYGguw2WhAJ451Kb5AgNoaQFy4/ueb90t+rWyBMI/ucV+z0WQMKBacmDB6ymZv7KGRY6D1d8pijOZ1TD2qPjWlrDysmvLPdCLn64unMl/zPcYgGzsI8gTs8aBeh0hbYG1tdDWn9toRDrOsuCQQd3oz/w4NbdOjoU1IKIscyXDVx3xy85FsDk0NwZ37UagyPqvJRNEen3xH70thyoe0ddiekB5L91v6KYmrde1YQWhY97hHpiV/DAlR/S99aWKqXw1qrhhaxW0lJE1JJjjAL+svvxdvpIpUD3ij1nrngUrBjP/cDkvKIzNjA1rfguneTFweHTQQ4TZz+zI5Cz06B6I578Vjja/As5tmSCxYyhKHA4JaHIBjM0CygBJN9BZ4MP30pnyRwewFi8+/ZpwoLC8/eeaY2j05lr3fOTzFbRfM4Fu0qKW94+mXshS15Ydy7H13nJzfJqDW56+1vrzupofN2N652vdefByjhrzdF6dHB8z48KmV8DrTqGdOo/Dxwv/A0KmXbLU7rf7LnWc6nMFV4Lr8iUlhBx7W9xnG83MKMVt20Aiwxo2+1XWkzEF7uN2B1GVoKw4VcGkbZiKstx7j8bcLrkQN1z1s6b60366dM5Lyr5C7l8f/reCjYLYiSpaG2ZrGb/0YOlJWWQ2yUNspqfk8DTEYTMU669zyPd/oifBgY5E1OZUqu7FqBIsuc1CYHa7wfJ090br08u0rxMHqqLslxny6rM3HOYv0pdaqiQYje+2bG4yhDluJrSV29Nyyzqh5hIWTIq1kTvNGIErO9x2/vzSp1NGl72p+zvaLi9tw5enB7sv9xaD5z3FwRmSI2zw4BYDX7wHNwGizaKmXy+PjB+FvSriGWgwOtmAtWWoLSbo8O/p98NjBt/D8JeW3KLg5KUCm/nqvGlOzlrC+jbaa6L8VoWw2znXoc5wUAtCzRHDk7VDPDwT53pXBbkp7PT/kT2v7qm+cMtKo7Yn6xTv/8BJvM2rP5kjl1++9mMOfn5qqJ1zcXMPbv17ZqnKIHYXSQVrfsgg/MFzvvXB3cC2zDwikHJY83Mw25xHHfFRhesLuUS4q4fdOI47oqJoaL9tCkffMnJwCumvkMO+tSJ280S7i/0ff68OK67YBwvj7fLefhiYFz3Y7xXglI7dA/Escm9LgH2cV2x082QsY8sbwydlLeJnm7Fv8pSXnO6SxsjC65zeZMqJ/8P/kpO3S9Lkj5HEs37TuvJwFDpLezgCEOusgq65zI0MbWtqPcwqXkDqasmLqcBgMRMOjwnv808u2K61zSfO7cmZsIEZ7MrK+JC2RiHFIhQvqJoILIYenQ1dcumSTCWtMLyu8EoCI71mipaMWi6pMiE2SFg31xlEox4gi/sRwzJ4wWAptkNdBurqTIaYxvPzkfetATkzosRBBOAO6cFEhUF4Ua7hhNDKHRJdrWSRZOb+yPy0tW6xrPrhrFiYljbbdN+Mrm0pt3WwfL/JJl5546pRSHVp82M76alvnH5CS3opInMMBw+V/Hes//04Q2ZW+UTumDAdI5aAZLbkJ43quPMaKtJK2b9OWQC+fVhew4kcadS0sbMmTCuAIzPEAlW347b4sR/HpyyVfrIh62gphCCEJm44UqKyh290KHQLy9JUJWKTEu5QKixelCxip8lRrdb9sAkzWTSmZ5M0xCtHy8vz0fk7fLiH29G5AMrOJaX/fDT2x2SZBlvWeC2oIeHa8Jkvwj1bBT7reGKFUPGsXh84aJJRIFbgBdt8zTwEIiddPlIw3m/K6akajbYwqB7VquKimK35OLhpu5dqysAOJ5oWTaGwa3sA1RdF3YPRBzr9jkXUl1bMTrE7d29dvdKEurXak4fpIRb54UbZw265BUbWh68Hpp0Ro8D9Od/IOrBygTmzl3szPpABPSJs38WDeFYd9NQZ86HpKE2CLfPe18a6iyvTUPOf8TaLiPFaHkVyp6vMtG7jMhsKtWCqoIV8ZWuVHwrtGetc+QowMe5dCoUgCT7EXKqfAJkGKeVlh3SPd3yY9J5Fl74XirH3KfdTIokR519NIpGBwFteYrDWHYcMme0YGqUNlgc/3P3e48f+9c4DfYUJRJ+mstZcG0HLkaEG9/XCIVbyM4YOWmQVNTk86QZA+Q742KveD2GJQkrtFp8OSx0KQuQmyQf3rXT3efvtc2XfjehfkCtpJG5LDGbzRuz0wNv6UJIEztNws4kCW45xlhr3VRAz05GgVv3yicwO0Fl63srOby2X24NiyvrCCsgfnCjWTldJXjYR7JpEgJ4DwHtTBTQa0pbyRtDObjGfBf3SeD4kC4O1G0ph5a+skI7axsL/WlCBVY1qVgBmYKwCtfFT5TLDk3ABPwOAfbMl+6Hsc5OXZV/KZJmBaC/OwyKIp6+/mw3JW0rD6uq7yeK5pvjd634dB/w+mL/MDv4DcsnhpaUqMxBSPKuqzcIDySHJxxByCmaJPkokPIELKWBugJ0tq1785dcp01kp1yF2N1hFmsXfrentb0Zd8THdGluxXDpg7eO2NuWFQMmz906nsuvB7drJpi5gsZZV0aaOwF3r6adtu43lev6cJ/J2o0ibp2uYNp80rrSVhFrL64z232Wls53x/ocNwWO3OOml8mt/LlMtXXD38pb7ZqbNaTMpH4tvjJUBgkFMrrE3I2qblzyYRgJkyGxvZ/2KS/+2sLG7pi7p+09j1d0xahI8xW5wPct847iLoywQi90u+UqmF0BEC3r5fu/Jx9eK5VooLvkAmWo7tcnKAPh1y2UVszM5VpWGhDc926YmuzhS4NIjSKVcWXS0qqU7kXQPZ788PpyRM7fX9j//nSZ1FLaQXns4h9v0kGInTqM9OTi9ZvXJ5cj8tP56fHl6xE5ff3mtf03jtK5aRRLeoDeutZSzqCblX8DNROswpfQKhRH0sTIgVW3pLKfPrxBfaOpvcoBd7ouqZ6TJ3s7nUxePk2KgoSRxntQNHrvYOxT4B10XPvfxjiQPV/2Pta9ByNYoZkOVguelC6CnMQqRy7vesrL0tuGyjLFQDoa617sSYWNQQq/Bf+om3U4w23Y9uhqS/aWflqoiM+mC7aPXrPlLh53qKXjno6nGN+6Zl1ZKS2RcU/zH1Z0gEpq86aidoG0wNhTiBVIl8kNSiVpp/AwGPRNnUNDKH7NyPiH15fEkcqVq8Zigf2rYdo4AnGmLGhNunIcPGCEO7UHK5ZjZ+9kvO6mK1q1XTGGfVxDWfUV44KFXbe3OQ1BsSyDSEXsQpPnW3t/OVd8anY/nJ90345vRJmxnWsVndzd2IKBMGbLUbOKaR29aCuW+RYfctNiHymI5XZ3XlrSx3cGDhotazH0KgwlFYr2tWJBY1Z0AXTvK1UmmYHOwDxnZT1tyiitWu1LyWZSMj2X0kCwvRcAFF3Ei/8DfOgWMe1f8R6O9AQDTCtu9naNtHUpx+60fSrcqZ1j7qnKV3tyd/iCJ+VcntAaO/xaEEu6ZAqUIseTJ1xQtYzjh+Flo1I9C4suOZP59BaiUkzXUmj24CvFYf/opbaERlczsmLCJK7frbfJ1+RJIknqnftIkenoBDNvQ/fjlt2wTXHD2hhK7PwudWdADbnNxBqcoPBCF1tJeTFAtea/s67o0N8xd/ZJycTMzNtZSfidn+fsPPVOXJ5481QvrQHWHovh3ldX+RQMILX+kSj4/wMAAP//pjwAog==" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mrqe7cduI3/sp8JRD7DxJm00uaQ7p29rerBo7dmy57U2GSEhCTRIqAFqrfPo+DAb/SIqivM5LL96VBMzgz2BmAAx+Y4Y0R7Al6MU4sddurrK3WxcDR/iPPTWBjfyvFG13cuIRts5nv/7z8jwYe7M15ppq/hK/mX9hEuSTVs+8WsOd3uha7EZjMrphOa/LkZXm0Se+3oxgCsw2jbx8ZybVq09PESQBgHGcc+HiXSJeGlgFWt9Pv8WYrT08BsDM5tHKAgqhcDJHcV5pU4IrInYVIArmpKQVXdv3dR9n9w/z6a1cj8msyqbkDL4wypM8Pkzs8/lKAF7UikdbLbmmlQfy322EUQZcuWcyWpANK7ag92vNJFEsA+E0ni3oCeN9bUUVJw9gtFSEZlIo6zjvhCzyAyJaveTTiis9XYsXOLOYoCoCcW0rA3tMNkxUcUr+QO/Cz3qnhwHhTmb0QFE4I+gSA8hwKUaMLRWSa5wIItma2sxkkQp43Qi2nHjDJvOsO0dxYgbkR7K0idZolW2EtB8nmdsy43nk322ZZGR+AtoXLhoaE5UtId0VJghz8TKwlIoC31GYyYBDuK7TQ3tu6jAye6Yvacsnh6mJM4SnrwnlJSQz4yX73d2oOsK04P4BxpbqzY945NkoXPK13ZL/SLSsWUrd9iUhK2JgAfthcbQnPwU94EYWPC6wAutawnBaZl39aw1au29mbONyvd0Cop2z0SbcOXW91M0AK3iIPeWV0jRsH4+OE0DP2rrE1SU8d0KdFaLOg/xemI/OjEizSGlONe0W6Rv81foCWVIV9psBrIHm+QIKLBxJUzJjStm9hpPwpNdQYbqVwkhECJwKT//sL5PP/fIRX9ZjFbPOfoYwXttju93pYM5LumYdrGnJJ3SZ5e+/+75TGwbuM0OBzC79NtqOk5sKlM2vyAcjJlBIFHm8SlyDzMBN/ZDAIB+Rs87CvXIW8XANDFvsfja+Q778yZwGLJ0Gr6HrJ+JW0mzDKwYKZhAzrDCNKgzlFe8KFgO0aX+toVxRxodOXGt9DeUj2To4vf08kqKd9J0+ykX2DLKKCunSfe5YXvY3ojTVxqwWhUVQAG1kfzPrWm2E1AtrFoJf5Ky45TfxyuiAtfXNIh2Xe2mVRIlY0xTn1O0erGjAuqt0DtoBVkbjnM4NNF20oE7k2qg5jOnr2eEjHvIVmd9e3hrHZme885ICfKVif2u1JfEySL+nQQ7rc+J1um3C1EmusedBbj/ZTx1EZtVKxNKKZsFUJ07XRAJqvu8UT7QbVxcPcZ5ZXjmnh2Vqui8RV/grvMKlmOnWbH1CzUYQrvDgAYcl/fDUJJGy3aC3x4Z3FUYELorCtLf5CjVd1rxos2zPqLfeo/c/XL7/9q+jYc25fSDAIT42725IJnLWuQ762qK0ZDrbDG+M42JD7au9l8DneslkxTTcY6Ac/hJ/10E3/O6dvdRzC0RJLIX9WjVUOqpZk0b3y1xzxLci71Y7Jy3maAS2wkLltyfXsKo7dPhrOd2JnDzOLtuMzF+1pdnbdSpQbDMTeUvlfyEzF7fXZobq8psvVszRz4uSbre8WmPZ0TcDV1HUYjQkJd22mwzx+PY27P+u3VHbuhsvGUDqK6bfdooD3QMTnbNtIfYAZ/KmjAPdA4yNI8hWdfHmXY4IH2B9xA96LWNP9ijbbqfvy/laumhgUJcH63Lnv+igiz8Gu+I3tV12INAmJxkB9nmo24kcpuwzy2od3WaSDtcTe/wfUYhnTie01iLnCi4qQvf/YX8ll/jLnsTlSLTzPnp60kEqtsLYDk/y0KkglpvaI6b0XuKEIzUXqInhGGLlGxCFa3bz5H1HyQfYXdFsg69PLMCUDw7BVED4kppxQPvxGfkxEYvSVOp6m5xpEgtlUNq4FH8oqBFAk5ZMm45JvKuCeYPk/sziUNgvzMcxBj9A0+CEmxbwlFzZQ+/Z3dgdLYG483wM78vg8ippEhx1awUj0z2EiF23lSKvM336QEI0n1+7SMa4ib5vfWxfLS4J26+Vj0A+izifH2EdBT6cyNnWdUMduh/JgiKyriqb0qS7HQ4C8GTuj/fXCMJstirADqUVWtI36Fkth+cGCVz/5UGvXP92VHkRxy0lrfWGVdrHdFqAIn/q27i28JF/nSyTfM/uJaPdKfg38FEcALw7g2UbELtj3EchyaoQO9tqutWmzYf0WXTo1jMHLj6vgTzZiEv+NJ/fjcnN/uG36zG5ZzlXY9OW+8ebcxIFlo1M40amEwBKK1bQWh8MjZf7edfhWFi+YGgiV6Cn8VV6PA06BCK3EA6rG07zAEsq12rIWi1LWuWTgldvx7plVg804MNSiaLWDKxyuC+WaDGhEYFWP8+dkM/GjfZPuY/3HatEr78dFkrShH6+YHEGyCUvWVf3oLoR+oQHJjt7I+mxgL/66Cw2uL6RAL2S+xfJEOZiOypDDZ5vKUNpE/r5nipDje6lMoT3Ryy9MpKMFgu+TUxM+4geAfmmKyF3VOYsD1WaXnFva2fJOkIJcIFADeBf8GQ/78cRcqOnk6CderRB7H7Acg2vUz4Kicp91QTyiaBf2WctabggoMlNsadl6JANozmTY+N8Y0AAefr35KMbH/O/p/j9f1VYwY+hBHOuDOEcUk3SYkf3Cp1bAAcaozdISqqzTRR5DDCitrMLvn2CLlXGaTXj5RLENiQLBjfCvjs2083yJ03z3M0mBMd6zPYkw1+84I1cVEK7MB50qCN8tczCbihIZDb9i/NRwOouHFYnOiqjj8ZzuDJfjrrdlSHOCrgfXCtWrA45HqbIdBW91D7BQZvZPA5MGc/bhnJwZeGW8FNl6QMyKki3kRxaOMDiFKDUhiFDphgIlLERMNgLOJoA+N6GTAADfsSBnWHgjaU1uwx5RaI0c2b/jiNY5WH1tbm9FDTdPEQ4i4c2mtcffk0gSxwuwQ/ffjd9/1+ykg7T2Tlj1D7cmWi6XsNajs9boiUIkFbRqywbdQQqBSK3NF1/rVr8C67i5Kc2WrBPxZqOH79pTSfjSHxMU+YOkIsL9lJsTcsBglG5XnoI7wrXrtOK6cVyr5laaKGPNhyrQoVXsdrS7Jnpk5hhlSHscqb0q/oVJwse3LkGt1O6FvM70j/UpqCRW9p0HlnlL1WqiYXv1a2mz/UAL3PD1xuE4bNVurILWIeM7i2cD4RlghrwlCwWX862rMqVQ0FyZmsMCKMWOk4ZO29NdMloFcPl8crWN8o7uLtA4cC+EGcLE4MsbD6w+PTy9pfow5WU0Q50Qh6sD9X8+sL6QPbrZEhLpjdi0CkNOO7vXphcvrOVOgc1uFQas4/E2bewIuw9zn6+mo/J3e2D+fs4j1IUnFt/7OG365gIMaw9pbOHq+uri/mYPN5dfphfjcnl1fWV+TdQaVga97rpeF8LseYZ4OHH76FsxvFIVuFBliJadPQ68coe76/tfqPeui0H2HRVULUhZ+/OG0CSmCbYYlJ7Sk/vasWkevf+ySGwYuu4cr89WUI5xnarVsHQrP3WdLGwh8Sw2bGoGSQkD0DYzxWHxOtwNlQU8QjE1FjTsEcAz50S3jP+dm/W0Ax9o+2GK/XsjfwkQxHKxh02RZ/ZfoLJ9rSQrnRYxbbWM2v6SjFC84nHfxZQGBKUbOqSmg7S3MaeQqxA3E2urVcSZm0ZRecLs6rMdgnQbp5+vpoTFJUFgoHDaznNlEYBwaMsrmORaNKxC4xw3PYARYulTiJ6zUmXtEyvYqIHyT2j4RKx+BN2lU5zHIJiVAYRkpiORuWTuZ9vJF/pyf3dRbN2qBF8xhQSK1xyN2MLOsKYjUadlkypcIt2oJs3thCyvQPjC7HcaPNiZACXC9fvaFmi0EtPSuBLsa1kfscs6Q7k3iWAirAp8IB5w4rtqg5R87D7kqJeFkxthNAA+uEcAEl3wfDfw4dm/H7bxLt2xCsY2nTAsqepR4ZKjplpU8rb1MYyd1Llkg2gDd/x6CnKGWaQt4+D6J5J2BShTl7yisp9oO/Ji1rG+yyL+Z/AIHQLVeOVx9v11JL9s7uaOI2Yigmes0W+4030NTmLPEl1fooXGVMnFowxd+Y1OTdMJa57N2Y9dn5su9OxDek7YvWXoFChOVpRdgubZZ7/zpquQ3vGcO2TglVrvUnRkex3js/sLr6dmF+446nWswboe8gxd+pe5TUjYKX1zxyC/wUAAP//4eJPBg==" } diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/dns.go b/vendor/github.com/elastic/ecs/code/go/ecs/dns.go index 5a7c54c7b8a9..08f37b81cfaf 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/dns.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/dns.go @@ -61,7 +61,7 @@ type Dns struct { // The type of record being queried. QuestionType string `ecs:"question.type"` - // The class of of records being queried. + // The class of records being queried. QuestionClass string `ecs:"question.class"` // The highest registered domain, stripped of the subdomain. diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/event.go b/vendor/github.com/elastic/ecs/code/go/ecs/event.go index 51b2dff995e6..e9c5da72bceb 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/event.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/event.go @@ -43,20 +43,26 @@ type Event struct { // example of this is the Windows Event ID. Code string `ecs:"code"` - // The kind of the event. - // This gives information about what type of information the event - // contains, without being specific to the contents of the event. Examples - // are `event`, `state`, `alarm`. Warning: In future versions of ECS, we - // plan to provide a list of acceptable values for this field, please use - // with caution. + // This is one of four ECS Categorization Fields, and indicates the highest + // level in the ECS category hierarchy. + // `event.kind` gives high-level information about what type of information + // the event contains, without being specific to the contents of the event. + // For example, values of this field distinguish alert events from metric + // events. + // The value of this field can be used to inform how these kinds of events + // should be handled. They may warrant different retention, different + // access control, it may also help understand whether the data coming in + // at a regular interval or not. Kind string `ecs:"kind"` - // Event category. - // This contains high-level information about the contents of the event. It - // is more generic than `event.action`, in the sense that typically a - // category contains multiple actions. Warning: In future versions of ECS, - // we plan to provide a list of acceptable values for this field, please - // use with caution. + // This is one of four ECS Categorization Fields, and indicates the second + // level in the ECS category hierarchy. + // `event.category` represents the "big buckets" of ECS categories. For + // example, filtering on `event.category:process` yields all events + // relating to process activity. This field is closely related to + // `event.type`, which is used as a subcategory. + // This field is an array. This will allow proper categorization of some + // events that fall in multiple categories. Category string `ecs:"category"` // The action captured by the event. @@ -65,15 +71,21 @@ type Event struct { // `file-created`. The value is normally defined by the implementer. Action string `ecs:"action"` - // The outcome of the event. - // If the event describes an action, this fields contains the outcome of - // that action. Examples outcomes are `success` and `failure`. Warning: In - // future versions of ECS, we plan to provide a list of acceptable values - // for this field, please use with caution. + // This is one of four ECS Categorization Fields, and indicates the lowest + // level in the ECS category hierarchy. + // `event.outcome` simply denotes whether the event represent a success or + // a failure. Note that not all events will have an associated outcome. For + // example, this field is generally not populated for metric events or + // events with `event.type:info`. Outcome string `ecs:"outcome"` - // Reserved for future usage. - // Please avoid using this field for user data. + // This is one of four ECS Categorization Fields, and indicates the third + // level in the ECS category hierarchy. + // `event.type` represents a categorization "sub-bucket" that, when used + // along with the `event.category` field values, enables filtering events + // down to a level appropriate for single visualization. + // This field is an array. This will allow proper categorization of some + // events that fall in multiple event types. Type string `ecs:"type"` // Name of the module this data is coming from. @@ -164,4 +176,13 @@ type Event struct { // This is mainly useful if you use more than one system that assigns risk // scores, and you want to see a normalized value across all systems. RiskScoreNorm float64 `ecs:"risk_score_norm"` + + // Timestamp when an event arrived in the central data store. + // This is different from `@timestamp`, which is when the event originally + // occurred. It's also different from `event.created`, which is meant to + // capture the first time an agent saw the event. + // In normal conditions, assuming no tampering, the timestamps should + // chronologically look like this: `@timestamp` < `event.created` < + // `event.ingested`. + Ingested time.Time `ecs:"ingested"` } diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/file.go b/vendor/github.com/elastic/ecs/code/go/ecs/file.go index 0ea31294e61c..4b85809d3e32 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/file.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/file.go @@ -33,10 +33,23 @@ type File struct { // Name of the file including the extension, without the directory. Name string `ecs:"name"` - // Directory where the file is located. + // Array of file attributes. + // Attributes names will vary by platform. Here's a non-exhaustive list of + // values that are expected in this field: archive, compressed, directory, + // encrypted, execute, hidden, read, readonly, system, write. + Attributes string `ecs:"attributes"` + + // Directory where the file is located. It should include the drive letter, + // when appropriate. Directory string `ecs:"directory"` - // Full path to the file. + // Drive letter where the file is located. This field is only relevant on + // Windows. + // The value should be uppercase, and not include the colon. + DriveLetter string `ecs:"drive_letter"` + + // Full path to the file, including the file name. It should include the + // drive letter, when appropriate. Path string `ecs:"path"` // Target path for symlinks. diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/host.go b/vendor/github.com/elastic/ecs/code/go/ecs/host.go index c002e7dd681b..44e52b6c8acc 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/host.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/host.go @@ -58,4 +58,10 @@ type Host struct { // Operating system architecture. Architecture string `ecs:"architecture"` + + // Name of the domain of which the host is a member. + // For example, on Windows this could be the host's Active Directory domain + // or NetBIOS domain name. For Linux this could be the domain of the + // host's LDAP provider. + Domain string `ecs:"domain"` } diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/package.go b/vendor/github.com/elastic/ecs/code/go/ecs/package.go index 4e24146a7c44..13d23c4ee26a 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/package.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/package.go @@ -33,6 +33,10 @@ type Package struct { // Package version Version string `ecs:"version"` + // Additional information about the build version of the installed package. + // For example use the commit SHA of a non-released package. + BuildVersion string `ecs:"build_version"` + // Description of the package. Description string `ecs:"description"` @@ -58,4 +62,13 @@ type Package struct { // Use a short name, e.g. the license identifier from SPDX License List // where possible (https://spdx.org/licenses/). License string `ecs:"license"` + + // Home page or reference URL of the software in this package, if + // available. + Reference string `ecs:"reference"` + + // Type of package. + // This should contain the package file type, rather than the package + // manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + Type string `ecs:"type"` } diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/process.go b/vendor/github.com/elastic/ecs/code/go/ecs/process.go index 7ce0851a3ec8..64767d8992d9 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/process.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/process.go @@ -31,41 +31,115 @@ type Process struct { // Process id. PID int64 `ecs:"pid"` + // Process id. + ParentPID int64 `ecs:"parent.pid"` + // Process name. // Sometimes called program name or similar. Name string `ecs:"name"` + // Process name. + // Sometimes called program name or similar. + ParentName string `ecs:"parent.name"` + // Parent process' pid. PPID int64 `ecs:"ppid"` + // Parent process' pid. + ParentPPID int64 `ecs:"parent.ppid"` + // Identifier of the group of processes the process belongs to. PGID int64 `ecs:"pgid"` - // Array of process arguments. + // Identifier of the group of processes the process belongs to. + ParentPGID int64 `ecs:"parent.pgid"` + + // Full command line that started the process, including the absolute path + // to the executable, and all arguments. + // Some arguments may be filtered to protect sensitive information. + CommandLine string `ecs:"command_line"` + + // Full command line that started the process, including the absolute path + // to the executable, and all arguments. + // Some arguments may be filtered to protect sensitive information. + ParentCommandLine string `ecs:"parent.command_line"` + + // Array of process arguments, starting with the absolute path to the + // executable. // May be filtered to protect sensitive information. Args []string `ecs:"args"` + // Array of process arguments. + // May be filtered to protect sensitive information. + ParentArgs string `ecs:"parent.args"` + + // Length of the process.args array. + // This field can be useful for querying or performing bucket analysis on + // how many arguments were provided to start a process. More arguments may + // be an indication of suspicious activity. + ArgsCount int64 `ecs:"args_count"` + + // Length of the process.args array. + // This field can be useful for querying or performing bucket analysis on + // how many arguments were provided to start a process. More arguments may + // be an indication of suspicious activity. + ParentArgsCount int64 `ecs:"parent.args_count"` + // Absolute path to the process executable. Executable string `ecs:"executable"` + // Absolute path to the process executable. + ParentExecutable string `ecs:"parent.executable"` + // Process title. // The proctitle, some times the same as process name. Can also be // different: for example a browser setting its title to the web page // currently opened. Title string `ecs:"title"` + // Process title. + // The proctitle, some times the same as process name. Can also be + // different: for example a browser setting its title to the web page + // currently opened. + ParentTitle string `ecs:"parent.title"` + // Thread ID. ThreadID int64 `ecs:"thread.id"` + // Thread ID. + ParentThreadID int64 `ecs:"parent.thread.id"` + // Thread name. ThreadName string `ecs:"thread.name"` + // Thread name. + ParentThreadName string `ecs:"parent.thread.name"` + // The time the process started. Start time.Time `ecs:"start"` + // The time the process started. + ParentStart time.Time `ecs:"parent.start"` + // Seconds the process has been up. Uptime int64 `ecs:"uptime"` + // Seconds the process has been up. + ParentUptime int64 `ecs:"parent.uptime"` + // The working directory of the process. WorkingDirectory string `ecs:"working_directory"` + + // The working directory of the process. + ParentWorkingDirectory string `ecs:"parent.working_directory"` + + // The exit code of the process, if this is a termination event. + // The field should be absent if there is no exit code for the event (e.g. + // process start). + ExitCode int64 `ecs:"exit_code"` + + // The exit code of the process, if this is a termination event. + // The field should be absent if there is no exit code for the event (e.g. + // process start). + ParentExitCode int64 `ecs:"parent.exit_code"` } diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/registry.go b/vendor/github.com/elastic/ecs/code/go/ecs/registry.go new file mode 100644 index 000000000000..54a01777cf2c --- /dev/null +++ b/vendor/github.com/elastic/ecs/code/go/ecs/registry.go @@ -0,0 +1,54 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by scripts/gocodegen.go - DO NOT EDIT. + +package ecs + +// Fields related to Windows Registry operations. +type Registry struct { + // Abbreviated name for the hive. + Hive string `ecs:"hive"` + + // Hive-relative path of keys. + Key string `ecs:"key"` + + // Name of the value written. + Value string `ecs:"value"` + + // Full path, including hive, key and value + Path string `ecs:"path"` + + // Standard registry type for encoding contents + DataType string `ecs:"data.type"` + + // Content when writing string types. + // Populated as an array when writing string data to the registry. For + // single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an + // array with one string. For sequences of string with REG_MULTI_SZ, this + // array will be variable length. For numeric data, such as REG_DWORD and + // REG_QWORD, this should be populated with the decimal representation (e.g + // `"1"`). + DataStrings string `ecs:"data.strings"` + + // Original bytes written with base64 encoding. + // For Windows registry operations, such as SetValueEx and RegQueryValueEx, + // this corresponds to the data pointed by `lp_data`. This is optional but + // provides better recoverability and should be populated for REG_BINARY + // encoded values. + DataBytes string `ecs:"data.bytes"` +} diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/related.go b/vendor/github.com/elastic/ecs/code/go/ecs/related.go index 43fea9347ec6..492701d02917 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/related.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/related.go @@ -30,4 +30,7 @@ package ecs type Related struct { // All of the IPs seen on your event. IP string `ecs:"ip"` + + // All the user names seen on your event. + User string `ecs:"user"` } diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/rule.go b/vendor/github.com/elastic/ecs/code/go/ecs/rule.go new file mode 100644 index 000000000000..708c922fbd30 --- /dev/null +++ b/vendor/github.com/elastic/ecs/code/go/ecs/rule.go @@ -0,0 +1,60 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by scripts/gocodegen.go - DO NOT EDIT. + +package ecs + +// Rule fields are used to capture the specifics of any observer or agent rules +// that generate alerts or other notable events. +// Examples of data sources that would populate the rule fields include: +// network admission control platforms, network or host IDS/IPS, network +// firewalls, web application firewalls, url filters, endpoint detection and +// response (EDR) systems, etc. +type Rule struct { + // A rule ID that is unique within the scope of an agent, observer, or + // other entity using the rule for detection of this event. + ID string `ecs:"id"` + + // A rule ID that is unique within the scope of a set or group of agents, + // observers, or other entities using the rule for detection of this event. + Uuid string `ecs:"uuid"` + + // The version / revision of the rule being used for analysis. + Version string `ecs:"version"` + + // The name of the rule or signature generating the event. + Name string `ecs:"name"` + + // The description of the rule generating the event. + Description string `ecs:"description"` + + // A categorization value keyword used by the entity using the rule for + // detection of this event. + Category string `ecs:"category"` + + // Name of the ruleset, policy, group, or parent category in which the rule + // used to generate this event is a member. + Ruleset string `ecs:"ruleset"` + + // Reference URL to additional information about the rule used to generate + // this event. + // The URL can point to the vendor's documentation about the rule. If + // that's not available, it can also be a link to a more general page + // describing this type of alert. + Reference string `ecs:"reference"` +} diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/threat.go b/vendor/github.com/elastic/ecs/code/go/ecs/threat.go index 27567604ecea..4ccb35cbd123 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/threat.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/threat.go @@ -22,14 +22,14 @@ package ecs // Fields to classify events and alerts according to a threat taxonomy such as // the Mitre ATT&CK framework. // These fields are for users to classify alerts from all of their sources -// (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are -// meant to capture the high level category of the threat (e.g. "impact"). The +// (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are +// meant to capture the high level category of the threat (e.g. "impact"). The // threat.technique.* fields are meant to capture which kind of approach is -// used by this detected threat, to accomplish the goal (e.g. "endpoint denial +// used by this detected threat, to accomplish the goal (e.g. "endpoint denial // of service"). type Threat struct { // Name of the threat framework used to further categorize and classify the - // tactic and technique of the reported threat. Framework classification + // tactic and technique of the reported threat. Framework classification // can be provided by detecting systems, evaluated at ingest time, or // retrospectively tagged to events. Framework string `ecs:"framework"` diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/tls.go b/vendor/github.com/elastic/ecs/code/go/ecs/tls.go new file mode 100644 index 000000000000..424a12e71a55 --- /dev/null +++ b/vendor/github.com/elastic/ecs/code/go/ecs/tls.go @@ -0,0 +1,151 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by scripts/gocodegen.go - DO NOT EDIT. + +package ecs + +import ( + "time" +) + +// Fields related to a TLS connection. These fields focus on the TLS protocol +// itself and intentionally avoids in-depth analysis of the related x.509 +// certificate files. +type Tls struct { + // Numeric part of the version parsed from the original string. + Version string `ecs:"version"` + + // Normalized lowercase protocol name parsed from original string. + VersionProtocol string `ecs:"version_protocol"` + + // String indicating the cipher used during the current connection. + Cipher string `ecs:"cipher"` + + // String indicating the curve used for the given cipher, when applicable. + Curve string `ecs:"curve"` + + // Boolean flag indicating if this TLS connection was resumed from an + // existing TLS negotiation. + Resumed bool `ecs:"resumed"` + + // Boolean flag indicating if the TLS negotiation was successful and + // transitioned to an encrypted tunnel. + Established bool `ecs:"established"` + + // String indicating the protocol being tunneled. Per the values in the + // IANA registry + // (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), + // this string should be lower case. + NextProtocol string `ecs:"next_protocol"` + + // A hash that identifies clients based on how they perform an SSL/TLS + // handshake. + ClientJa3 string `ecs:"client.ja3"` + + // Also called an SNI, this tells the server which hostname to which the + // client is attempting to connect. When this value is available, it should + // get copied to `destination.domain`. + ClientServerName string `ecs:"client.server_name"` + + // Array of ciphers offered by the client during the client hello. + ClientSupportedCiphers string `ecs:"client.supported_ciphers"` + + // Distinguished name of subject of the x.509 certificate presented by the + // client. + ClientSubject string `ecs:"client.subject"` + + // Distinguished name of subject of the issuer of the x.509 certificate + // presented by the client. + ClientIssuer string `ecs:"client.issuer"` + + // Date/Time indicating when client certificate is first considered valid. + ClientNotBefore time.Time `ecs:"client.not_before"` + + // Date/Time indicating when client certificate is no longer considered + // valid. + ClientNotAfter time.Time `ecs:"client.not_after"` + + // Array of PEM-encoded certificates that make up the certificate chain + // offered by the client. This is usually mutually-exclusive of + // `client.certificate` since that value should be the first certificate in + // the chain. + ClientCertificateChain string `ecs:"client.certificate_chain"` + + // PEM-encoded stand-alone certificate offered by the client. This is + // usually mutually-exclusive of `client.certificate_chain` since this + // value also exists in that list. + ClientCertificate string `ecs:"client.certificate"` + + // Certificate fingerprint using the MD5 digest of DER-encoded version of + // certificate offered by the client. For consistency with other hash + // values, this value should be formatted as an uppercase hash. + ClientHashMd5 string `ecs:"client.hash.md5"` + + // Certificate fingerprint using the SHA1 digest of DER-encoded version of + // certificate offered by the client. For consistency with other hash + // values, this value should be formatted as an uppercase hash. + ClientHashSha1 string `ecs:"client.hash.sha1"` + + // Certificate fingerprint using the SHA256 digest of DER-encoded version + // of certificate offered by the client. For consistency with other hash + // values, this value should be formatted as an uppercase hash. + ClientHashSha256 string `ecs:"client.hash.sha256"` + + // A hash that identifies servers based on how they perform an SSL/TLS + // handshake. + ServerJa3s string `ecs:"server.ja3s"` + + // Subject of the x.509 certificate presented by the server. + ServerSubject string `ecs:"server.subject"` + + // Subject of the issuer of the x.509 certificate presented by the server. + ServerIssuer string `ecs:"server.issuer"` + + // Timestamp indicating when server certificate is first considered valid. + ServerNotBefore time.Time `ecs:"server.not_before"` + + // Timestamp indicating when server certificate is no longer considered + // valid. + ServerNotAfter time.Time `ecs:"server.not_after"` + + // Array of PEM-encoded certificates that make up the certificate chain + // offered by the server. This is usually mutually-exclusive of + // `server.certificate` since that value should be the first certificate in + // the chain. + ServerCertificateChain string `ecs:"server.certificate_chain"` + + // PEM-encoded stand-alone certificate offered by the server. This is + // usually mutually-exclusive of `server.certificate_chain` since this + // value also exists in that list. + ServerCertificate string `ecs:"server.certificate"` + + // Certificate fingerprint using the MD5 digest of DER-encoded version of + // certificate offered by the server. For consistency with other hash + // values, this value should be formatted as an uppercase hash. + ServerHashMd5 string `ecs:"server.hash.md5"` + + // Certificate fingerprint using the SHA1 digest of DER-encoded version of + // certificate offered by the server. For consistency with other hash + // values, this value should be formatted as an uppercase hash. + ServerHashSha1 string `ecs:"server.hash.sha1"` + + // Certificate fingerprint using the SHA256 digest of DER-encoded version + // of certificate offered by the server. For consistency with other hash + // values, this value should be formatted as an uppercase hash. + ServerHashSha256 string `ecs:"server.hash.sha256"` +} diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/user_agent.go b/vendor/github.com/elastic/ecs/code/go/ecs/user_agent.go index f2e9268a101f..c57652ef8964 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/user_agent.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/user_agent.go @@ -23,7 +23,7 @@ package ecs // They often show up in web service logs coming from the parsed user agent // string. type UserAgent struct { - // Unparsed version of the user_agent. + // Unparsed user_agent string. Original string `ecs:"original"` // Name of the user agent. diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/version.go b/vendor/github.com/elastic/ecs/code/go/ecs/version.go index 087e87b9584a..ac59bfa32e12 100644 --- a/vendor/github.com/elastic/ecs/code/go/ecs/version.go +++ b/vendor/github.com/elastic/ecs/code/go/ecs/version.go @@ -20,4 +20,4 @@ package ecs // Version is the Elastic Common Schema version from which this was generated. -const Version = "1.2.0" +const Version = "1.4.0" diff --git a/vendor/github.com/elastic/ecs/code/go/ecs/vulnerability.go b/vendor/github.com/elastic/ecs/code/go/ecs/vulnerability.go new file mode 100644 index 000000000000..bda83eae5c5e --- /dev/null +++ b/vendor/github.com/elastic/ecs/code/go/ecs/vulnerability.go @@ -0,0 +1,96 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by scripts/gocodegen.go - DO NOT EDIT. + +package ecs + +// The vulnerability fields describe information about a vulnerability that is +// relevant to an event. +type Vulnerability struct { + // The classification of the vulnerability scoring system. For example + // (https://www.first.org/cvss/) + Classification string `ecs:"classification"` + + // The type of identifier used for this vulnerability. For example + // (https://cve.mitre.org/about/) + Enumeration string `ecs:"enumeration"` + + // A resource that provides additional information, context, and + // mitigations for the identified vulnerability. + Reference string `ecs:"reference"` + + // Scores can range from 0.0 to 10.0, with 10.0 being the most severe. + // Base scores cover an assessment for exploitability metrics (attack + // vector, complexity, privileges, and user interaction), impact metrics + // (confidentiality, integrity, and availability), and scope. For example + // (https://www.first.org/cvss/specification-document) + ScoreBase float64 `ecs:"score.base"` + + // Scores can range from 0.0 to 10.0, with 10.0 being the most severe. + // Temporal scores cover an assessment for code maturity, remediation + // level, and confidence. For example + // (https://www.first.org/cvss/specification-document) + ScoreTemporal float64 `ecs:"score.temporal"` + + // Scores can range from 0.0 to 10.0, with 10.0 being the most severe. + // Environmental scores cover an assessment for any modified Base metrics, + // confidentiality, integrity, and availability requirements. For example + // (https://www.first.org/cvss/specification-document) + ScoreEnvironmental float64 `ecs:"score.environmental"` + + // The National Vulnerability Database (NVD) provides qualitative severity + // rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges + // in addition to the severity ratings for CVSS v3.0 as they are defined in + // the CVSS v3.0 specification. + // CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based + // non-profit organization, whose mission is to help computer security + // incident response teams across the world. For example + // (https://nvd.nist.gov/vuln-metrics/cvss) + ScoreVersion string `ecs:"score.version"` + + // The type of system or architecture that the vulnerability affects. These + // may be platform-specific (for example, Debian or SUSE) or general (for + // example, Database or Firewall). For example + // (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys + // vulnerability categories]) + // This field must be an array. + Category string `ecs:"category"` + + // The description of the vulnerability that provides additional context of + // the vulnerability. For example + // (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common + // Vulnerabilities and Exposure CVE description]) + Description string `ecs:"description"` + + // The identification (ID) is the number portion of a vulnerability entry. + // It includes a unique identification number for the vulnerability. For + // example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common + // Vulnerabilities and Exposure CVE ID] + ID string `ecs:"id"` + + // The name of the vulnerability scanner vendor. + ScannerVendor string `ecs:"scanner.vendor"` + + // The severity of the vulnerability can help with metrics and internal + // prioritization regarding remediation. For example + // (https://nvd.nist.gov/vuln-metrics/cvss) + Severity string `ecs:"severity"` + + // The report or scan identification number. + ReportID string `ecs:"report_id"` +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 009f4c4e33ad..958ff9fc1ee2 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -2813,12 +2813,12 @@ "revisionTime": "2016-08-05T00:47:13Z" }, { - "checksumSHA1": "HHke2QXMP829s8Fe5qa8oLlejAw=", + "checksumSHA1": "Tt1KFInyaxjtvhGI75+crc75n/Q=", "path": "github.com/elastic/ecs/code/go/ecs", - "revision": "2eaac192a1ca67edab727d7d9d526c5142ae3eb5", - "revisionTime": "2019-10-03T15:52:51Z", - "version": "v1.2.0", - "versionExact": "v1.2.0" + "revision": "cc4b36eebec29975f57cd0475c3987c9bde5c15a", + "revisionTime": "2019-12-19T13:38:44Z", + "version": "v1.4.0", + "versionExact": "v1.4.0" }, { "checksumSHA1": "vNnw1bUS8Ct+8H64QuA2DWRJ9SQ=", diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index 25e8f70409e1..7dc0edf65fdd 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -377,6 +377,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -417,6 +424,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -647,6 +661,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -705,6 +726,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -889,6 +917,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -1119,6 +1154,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -1177,6 +1219,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -1289,7 +1338,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -1456,6 +1505,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -1489,12 +1545,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -1520,6 +1577,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -1578,15 +1637,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -1617,8 +1690,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -1706,8 +1779,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -1730,6 +1804,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -1764,7 +1850,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -1772,6 +1858,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -1897,7 +1995,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -1905,6 +2003,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -1926,6 +2031,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -2140,6 +2252,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -2301,6 +2425,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -2323,6 +2454,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -2396,6 +2534,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -2454,6 +2599,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -2484,6 +2636,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -2544,6 +2703,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -3036,6 +3202,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -3058,6 +3231,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -3157,6 +3337,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -3185,6 +3372,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -3207,6 +3401,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -3246,6 +3447,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -3322,6 +3535,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -3335,6 +3559,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -3356,12 +3592,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -3376,6 +3643,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -3424,64 +3710,281 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword -example: 2016-05-23T08:05:34.853Z +example: /usr/bin/ssh -l user 10.0.0.16 -- -*`process.thread.id`*:: +*`process.parent.command_line.text`*:: + -- -Thread ID. - -type: long +type: text -example: 4242 +-- -format: string +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string -- @@ -3506,6 +4009,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -3528,42 +4038,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword +example: ["C:\rta\red_ttp\bin\myapp.exe"] -*`server.address`*:: +-- + +*`registry.data.type`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Standard registry type for encoding contents type: keyword +example: REG_SZ + -- -*`server.as.number`*:: +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. + + +*`source.address`*:: ++ +-- +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -3574,7 +4721,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -3585,10 +4732,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -3598,16 +4752,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -3618,7 +4772,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -3629,7 +4783,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -3640,7 +4794,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -3651,7 +4805,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -3662,7 +4816,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -3675,7 +4829,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -3686,7 +4840,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -3697,39 +4851,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -3738,10 +4892,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -3749,10 +4903,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -3760,10 +4914,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -3773,7 +4927,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -3785,7 +4939,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -3795,7 +4949,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -3804,7 +4958,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -3815,7 +4969,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -3825,7 +4986,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -3834,7 +4995,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -3843,7 +5004,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -3853,7 +5014,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -3862,7 +5023,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -3873,506 +5034,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC - --- - -*`source.bytes`*:: -+ --- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +example: endpoint denial of service -- -*`source.domain`*:: +*`threat.technique.name.text`*:: + -- -Source domain. - -type: keyword +type: text -- -*`source.geo.city_name`*:: +*`threat.technique.reference`*:: + -- -City name. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Montreal - --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.continent_name`*:: -+ -- -Name of the continent. -type: keyword +[float] +=== tls -example: North America +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.country_iso_code`*:: +*`tls.cipher`*:: + -- -Country ISO code. +String indicating the cipher used during the current connection. type: keyword -example: CA +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_name`*:: +*`tls.client.certificate`*:: + -- -Country name. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: MII... -- -*`source.geo.name`*:: +*`tls.client.certificate_chain`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: boston-dc +example: ['MII...', 'MII...'] -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.md5`*:: + -- -Region ISO code. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha1`*:: + -- -Region name. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: Quebec - --- - -*`source.ip`*:: -+ --- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. - -type: ip +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.mac`*:: +*`tls.client.hash.sha256`*:: + -- -MAC address of the source. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + -- -*`source.nat.ip`*:: +*`tls.client.issuer`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. -type: ip +type: keyword + +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`source.nat.port`*:: +*`tls.client.ja3`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: long +type: keyword -format: string +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.packets`*:: +*`tls.client.not_after`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -example: 12 +example: 2021-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.not_before`*:: + -- -Port of the source. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -format: string +example: 1970-01-01T00:00:00.000Z -- -*`source.registered_domain`*:: +*`tls.client.server_name`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. type: keyword -example: google.com +example: www.elastic.co -- -*`source.top_level_domain`*:: +*`tls.client.subject`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: co.uk +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.user.domain`*:: +*`tls.client.supported_ciphers`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Array of ciphers offered by the client during the client hello. type: keyword +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] + -- -*`source.user.email`*:: +*`tls.curve`*:: + -- -User email address. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.full_name`*:: +*`tls.established`*:: + -- -User's full name, if available. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword - -example: Albert Einstein +type: boolean -- -*`source.user.group.domain`*:: +*`tls.next_protocol`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword +example: http/1.1 + -- -*`source.user.group.id`*:: +*`tls.resumed`*:: + -- -Unique identifier for the group on the system/platform. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.name`*:: +*`tls.server.certificate`*:: + -- -Name of the group. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.hash`*:: +*`tls.server.certificate_chain`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.id`*:: +*`tls.server.hash.md5`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.name`*:: +*`tls.server.hash.sha1`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -[float] -=== threat +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). +type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -*`threat.framework`*:: +-- + +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -4458,6 +5535,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -4471,6 +5555,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -4595,6 +5686,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -4653,6 +5751,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -4685,7 +5790,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -4693,6 +5798,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -4715,6 +5827,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -4737,6 +5856,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -4770,6 +5896,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-eventlog]] == Legacy Winlogbeat alias fields diff --git a/winlogbeat/include/fields.go b/winlogbeat/include/fields.go index 5115a5a042b0..440f87cca170 100644 --- a/winlogbeat/include/fields.go +++ b/winlogbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetBuildFieldsFieldsCommonYml returns asset data. // This is the base64 encoded gzipped contents of build/fields/fields.common.yml. func AssetBuildFieldsFieldsCommonYml() string { - return "eJzsvWl3IzeyIPrdvwJPfc5UyUNRS6nWOXfuk6Wyrde1qEtyu7vHc0UwEyRhZQJpACmKfuf993cQgS0XShRLLJd71Pcel0hmAoFAIBB7/IX8fPTpw+mHH/4vciKJkIawnBtiZlyTCS8YyblimSkWA8INmVNNpkwwRQ3LyXhBzIyRt8fnpFLyV5aZwTd/IWOqWU6kgO+vmdJcCrI/PBjuDb/5CzkrGNWMXHPNDZkZU+k3u7tTbmb1eJjJcpcVVBue7bJMEyOJrqdTpg3JZlRMGXxlh51wVuR6+M03O+SKLd4QlulvCDHcFOyNfeAbQnKmM8Urw6WAr8j37h3i3n7zDSE7RNCSvSFP/m/DS6YNLasn3xBCSMGuWfGGZFIx+KzYbzVXLH9DjKrxK7Oo2BuSU4MfG/M9OaGG7doxyXzGBKCJXTNhiFR8yoVF3/AbeI+QC4trruGhPLzHboyimUXzRMkyjjCwE/OMFsWCKFYpppkwXExhIjdinK53w7SsVcbC/KeT5AX8jcyoJkJ6aAsS0DNA0rimRc0A6ABMJau6sNO4Yd1kE660gfdbYCmWMX4doap4xQouIlyfHM5xv8hEKkKLAkfQQ9wndkPLym76k4O9/Rc7e893Dp5d7L16s/f8zbPD4avnz/71JNnmgo5ZoXs3GHdTji0Vwxf45yV+f8UWc6nyno0+rrWRpX1gF3FSUa50WMMxFWTMSG2PhJGE5jkpmaGEi4lUJbWD2O/dmsj5TNZFDscwk8JQLohg2m4dggPka/93VBS4B5pQxYg20iKKag9pAOCtR9Aol9kVUyNCRU5GV6/0yKGjhUn3Hq2qgmcUVzmRcmdMlfuJies39sDndWZ/TvBbMq3plN2CYMNuTA8Wv5eKFHLq8ADk4MZym++wgT/ZJ93PAyIrw0v+eyA7SybXnM3tkeCCUHjafsFUQIqdThtVZ6a2aCvkVJM5NzNZG0JFpPoGDAMizYwpxz1IhjubSZFRw0RC+EZaIEpCyawuqdhRjOZ0XDCi67KkakFkcuDSU1jWheFVEdauCbvh2p74GVvECcsxFywnXBhJpAhPt0/Ej6woJPlZqiJPtsjQ6W0HICV0PhVSsUs6ltfsDdnfOzjs7tw7ro1dj3tPB0o3dEoYzWZ+lc3D+r+2Iv1sDcgWE9cHW/87Pap0ygRSiuPqR+GLqZJ19YYc9NDRxYzhm2GX3ClyvJUSOrabjFxwYub28Fj+aez9NvG0LxYW59QewqKwx25AcmbwD6mIHGumru32ILlKS2YzaXdKKmLoFdOkZFTXipX2ATdseKx9ODXhIivqnJHvGLVsANaqSUkXhBZaElUL+7abV+khXGiw0OG3bqluSD2zPHLMIjsGyrbwU15oT3uIJFULYc+JRARZ2JL1+fM+nzGVMu8ZrSpmKdAuFk5qWCowdosA4ahxIqUR0tg994t9Q05xuswKAnKCi4Zzaw/iIMI3tKRAnCAyZtQMk/N7dPYeRBJ3cTYX5HacVtWuXQrP2JBE2kiZby6ZRx1wXZAzCJ8gtXBN7PVKzEzJejojv9WstuPrhTas1KTgV4z8lU6u6IB8YjlH+qiUzJjWXEz9prjHdZ3NLJN+J6faUD0juA5yDuh2KMODCESOKAzSSjwdrJqxkilaXHLPddx5ZjeGiTzyos6pXnqu22fprZ+D8NwekQlnCsmHa4fIp3wCHAjYlN4OdO1lGnuTqRKkAy/A0UxJbS9/baiy52lcGzLC7eb5CPbD7oRDRsI0XtHDyfO9vUkDEe3lB3b2WUv/SfDfrHhz/3WH69aSKBI2vDeHe33MCJAxz5cuL28sz/53Ewt0Ugucr5QjdHZQE4pPITvEK2jKrxmILVS41/Bp9/OMFdWkLuwhsofarTAMbOaSfO8ONOFCGyoyJ8a0+JG2EwNTskTirlMSr1NWUUWdCOKWr4lgLEf9Yz7j2aw7VTjZmSztZFa8TtZ9OrGCr+c8sFRkSf4rOTFMkIJNDGFlZRbdrZxI2dhFu1Gb2MWLRXXL9nluZycg2tCFJrSY238Cbq0oqGeeNHFbnTSO79rbfBhRIwLPDliNzyKJuynGLD4CVxifNDY+7libABqbX9JsZlWCLorTcTyenbK5AVT/3amxTWS3YHox3Bvu7ajsIBVjdEOGqY0UspS1JudwJdwhzxwJQuMreIuQp0fn23gwnXTiAMukEAwUxlNhmBLMkDMljcxk4SB9enq2TZSsQV2sFJvwG6ZJLXKGF7kVlpQs7GCWu0lFSqkYEczMpboisrJqpFRW4PE6HpvRYmJfoMTedwUjNC+54NrYk3nthSs7Vi5LlMSoIU5txUWUpRQDkhWMqmIRsD8BITdAKwueLUCwnDEr+sIChytfmKIux0Ggue2qLGS4tRtb4a4EHMfqoTID4cpB1NkmJ2+ErwPBu110Az09Ov+wTWoYvFjEG0ej8BxQj2fitLHuhPT2n++/eN1YsFRTKvjvwB6H3WvkwcSEj8k8MHUHth+ktHTx7t1xci6ygrfk++P4zS0C/pF70x4ATyNUO6Lghlv6RHL0qHPHwoI3kUGFRcFdsSlVOQh0Vl6TQg+S51GYG3O0gHFpNcJJIedEsczqOg118uL4zI2Kt0UEswOb/cI+nkAGh0IzEcR4+8z5Pz+QimZXzDzV20OYBTXQyh3rzlRo6bHiVmNSr38oMGMxbeFwErLHklFUaArADMm5LFmQWWuNsr9hqiRb3nwl1VbUdhWbeA7iQBGtBWo8Du5np5vhzo5Z0E1AN0sQ4I6KBUtM/TbHKVL4Uct0ROQnsDdKrWuLEDdqVIq4sOD9WgvcANCRUOvxxsWewSJ+hTSdIa2wg/u1A6fMW3WCLQjH2/XzBOsdHB4Un2ieE81KKgzPgB+zG+MkLXaDMvQABRt/SnWQt4wk19wul//OosJrF8oUKMGam5q67TidkIWsVZhjQovCE5/n0pbDTaVaDOyjXlDQhhcFYcKqfI5u0WRohYmcaWPJw6LUImzCiyIwGVpVSlaKU8OKxT2UHZrnimm9KT0HqB01W0dbbkInkwQ2U475tJa1LhZIzfBO4OtzixYtSwamUlJwDbak07MBof7uk4pQy+xviJaWToaE/DNi1olOYMuL0vKMEUXnHiZP96Oh+2KEKGtKfsIqxlGwy2u05eF1NRryamRBGQ0RrNGA5KxiIneiN8rNUkQgQM12OxYlm+H/cZcq1cOv9F6NMI4Xhuk7ROBkP9AS0nytAch39ge0ggRHhDsnbpuQnXXR9+qwARgS2waEc8dXcfxhY84pk8OMm8XlhhTpYyvb9u7OeytLM1p0wZHCcMGE2RRMHxKlPkzWge+DVGZGjkqmeEZ7gKyFUYtLruVlJvONoA6nIKfnH4mdogPh8dFSsDa1mw6k3g09poLmXUwBy7pb6ZwyeVlJHu6LphFdiik3dY53aEENfOhA8OT/JVuFFFtvyM7LZ8MX+4evnu0NyFZBzdYbcvh8+Hzv+ev9V+T/e9IBcoN86slPmqkdf0cmP6EU7tEzIM5WgJKRnJCpoqIuqOJmkV52C5LZSxdEweRSO/Z3WbDEIIVzhVJOxiwXdwLxpJBSuctgAJaHGY/iZrw1ELyCVLOF5vYP7wnI/LHWCQgfpEm8neDn4Kifl3BpTZn0q+3aK8ZSGyl28qyzN4pNuRSbPGmfYIbbDtrO346XwbWho+Zg6j1pf6vZmDURxas7YAgPNInz9CwITp4jwmWRUhYaLb3Bw7vgTs+uD+0Xp2fXL6JA2JKBSpptADfvj46XQU0atmEzbOOl91gvwc2FVflQczk9sxM5OR7jNz4cXQSlmDxlw+nQWV1okSrvBDVAb5BpuADCWUn0QKtogplOTEkhaU7GtKAig6M74YrNrRoCereStT3RLYzbRVdSmfsJnV7I0Ubxfkk0xYYd/8+CD9Q37yHvNVZ9hm+vJd0dNOHo7MkqQufy/Thze7CM+C130oYpll/2yZUPd71ZhWPGpzOmTTKpxxHOPYCFVBXLPci6HntxNOz/99EXgtdUMpzTDydSka2JlMMpyPbDTJZbVsPfSj63XTQYdeJcLzkzTJVwFVeKZVxb/QdsGxQ1UnBYQrRNPS54RnQ9mfCbMCI883RmTPVmdxcfwSes3rM9JBdqYSnVSFTmb7i9+vB6HS+I5mVVLIihV3FXUYMtqDZg/8eQE1SWhTQEFLE5KwpY+8W7k+gk3crksL7a6t6lERkNkjCyuoTt/wIUwSYTe4CvmZ3VyTRuD5+yi3cn2wP0elwJORfectUAizjUD7yJEFBU0Uj2bjy4IrvE0543DGvxGDEE1PPnJhsgmWUUEzdiNdqB7xtkU2umhpulmFQjQ2OyVGiitZOjL6dkYLqQk2Ucgwry7uToDEIGcMUnYaiUVJ50V8dKyosNLc6K/wQm8DLLsAvApC6KHknyQYF4oomdBqYFoZ9eU17QcdEVMI+KMVOGvOVCG+a2vQEv2CP/MKKA2TdPFbjIjcWPdGMoJi5eCNfn3bxgudutCmqsVNBDPAjnBqkn3QmcrAvEjOrZxjRoxBTwAjuP5ZOZVIpZcbQRrDRBAzIwDUGokGKRhj6iYJWQyk+auUCMEayC52j4hQ92daMQIJdJMcG9okVjTipye01EhwfxAa19RLWReJyPLd2sbpNW0JMAhi5UG1Jiz2dWSkVrBASvcdEFJOE7FPhOwwsqa5wyOEH9F8t9oBjHTpA8gq0chiLg2JsoGoJbY9geOjMw5sWL4RD5QpaG6U3Ie2YUzzB8RqfhOVSQt8cHGJxjKWTCTDZjGowxyeiEG+0iIyOQlrqaAb2NyEyuQ9hHEwQ3rqqFC7lUrJQmBIkQWRvNc5bM1IYMYaLExQT6BflNF/FVZ0hqxh7joHEgCH50k3tVyQ7LdQTVIew+7q4MzJyb48xPLiKCcC4I+kwdDjwPgbzulC1IzicTplJFF8xlHMJX7V1lj+eOYYIKQ5i45kqKsmlribR19PN5mJznA+/MAPonHz/9QE5zDLUFh3fnwHcFuxcvXrx8+fLVq1evX7d8NigG8IKbxeXv0av10Fg9SuYhdh6LFXSlAU3DUYmHqMMcar3DqDY7+y3Ll4uP2hw5nPq4uNMTz70AVn8I24Dynf2DZ4fPX7x89XqPjrOcTfb6Id7glR1gTiMYu1Andjr4shuI92AQvfd8IInJuxWN5mBYspzXTSW2UvKa5ys5VT/bNwRnzU849IczTSuhcz0g9PdasQGZZtUgHGSpSM6n3NBCZoyK7k031x1zTdtH8mCLcrbkNY9beh0jo3fY91dy48tbQpPCg83wExcY0sn6SRIRKpbxCfem5AAFRlc484AzRspJOkiSQsY08/POWFElAiTcV2jEDENrdxOKhUWQ4UFDWOWC2oiM54TguHieN88wL+l0ozwlPRswWfCgIkBzqsm45oWx13kPaIZONwRZpCwHF502AUjy2m6fPclvuyXDrc1sYVKXLNaYd4O7EdccfUSBmyDJboqd4OikpIJOwWwFse0eng4nwby6hI0kQVApIzlpfX0LK0kevT1YDqXn5GlwuqJTYLeZX9YzZhIfd1dkHHIfFxn3NYZuNSLPVorfimIspqQ+UPxWGBbiuB7jtx7jt76++K30sHg3n8sJb+PwSwVxpezpMZLrMZLrYUB6jORaHWePkVyPkVx/pkiu5BL7s4VzNUAnm4np4pWdLb3p7whkYo0Ipkrxa2oYOXn/r+2+GCY4NaAbfFVhXBA3lNhL3ErBihJxYyQZLwATJwyKAzz8CjcRmHUPse3LRWctpeU/OkQr70iUj3Faj3Faj3Faj3Faj3Faj3Faj3Faj3Faj3Faj3FaK8Vp5aJRxuXkwzl8vMWD833Da2Mv1ZMP5+S3minONOwVFXrOkkqR9ncXqOUs/4xD8EsoExBrrPixFlZNs6dVkikzWCUBh3WDPh3lQkPYwxt4frTtirYt/CTp6MCXfZkBJKhYPs+NiNMGJ5TGK55qKM3py+MgDOi/njPFfJRB7ngL1zhOF0p8dbR9Hx9TY8UP7v18ciQIVYouPDIQy+59FG6olWYADKJdRQ/FTK1EcuR97VWXTpNIeYwA/79iC4ey6Pnxe4NboJkvA9pwbI0X5O3xeSzT9AnLk+BYM3rNsIxPyizKuBz80U8uyNy+9fb43A3ftpvZbbbkB7Y61D6xShb80nRO2uc8mZMjQ0oueFmXA/dlGNcvqqy1aVRsHNlZRhY4CAXsLMPevV56GJCSVmFIakfLZhAvYXzVYKpJJbXmY7yRc6i2QcXC/st9gRc8uN6D1Q8o1STDCmoNj2iLIodZQTfm+8QYPoo2pbAh3kudI8VwKLSHlhAsWtPhdacfekFP4jg3opgBtAl3RD27VZjYHQ5GMYjSW3/x1YqJXHvpBKKugGF5lKQD+rV3tIz9vaH//14sbNLaftFUHS3FJeFLLdBJhSVcdLNQHSXZjOJldvzh6P1beyDGzCLLvl9cs3yQMqcnTzQZoTgRWYxJPOFS+EJ/VqzRlbQoBv0yHgYYBM7lkJwGXmU1Pqcftsf0xXRHUHrIu11H9uZhUAe7sy3z+Xy4xHjgd8aYVRSlZeY1i3uI8QDL5zVIUpZzw3oBAb2bYLnm2Crj2Sxl7GwCfKnhsec6oypn+ZD8iynpY+osKfvx3RlI8DeOSMMperyx/XS6wbjGi1mMaVyTxQBpNuCeMZozdTkpfDHiDZyvI7iz5YQckIIZwxRwSZyZwMyNwOQKS+fF4Mc35OhoQC6OB+TTyYB8OhqQo5MBOT4ZkJOPHZJ1H3fIp5P4Z9PruTEFzu6QXRpanFNFjmrNpyKpsK7kVNESKTBUhW9YckAswzCNZCCIf6p4jOxA5qC7KvuLg/39/ca6ZdXjDXvwxWNtQisT2MmcGIVxlQztdldcgNkXBdiGTEtCCe3U5ga1f43HXSx8hu5QHAZlZMAMlONOx1yKo7/99PbTPxs4Cpzxi0kMcuKr2LkLA1WTO+WDBg/f5NUId2ILtPTqC97jVo6GkGKnUlwYKBGbzSg0UVCaPB2zQs7JswOI4rIQkP2DF9uDhPylbrwR2XlQkrDaINMZreyxopqR/T24RaYwxy8nJyfbURL/jmZXRBdUz5zS91stIRonjOyGGpILOtYDklGlOJ0ypz5oFFMLnsRyTRjL0xEyKa6Zcl6tX8yA/KLwrV8EkCCaXYueMrW3XLNhm/9wJ86j4+arcdwEogjI3yQxhElAy4vGBbfAWLW2Q6JdRuEGmoFW6IxTADTwwjDTIKJG1+MDu879ocMKkMaggfMIIfIgdya9AhvH2BogiQhJjKK8gIK2THHZL/v2I/3RbYbs79Ftdi+3WaSfL6MjOFXpdqHi6OioKRx7dfXyc4JfjjpWuqIgp2dWjGOQHjRKrRujlpnB/zjy1j5HO3wy4VldgBGp1mxAxiyjtQ6eiGuqODMLrx+lhFpSo61eaIdyYA3JW+zrFOFLwtU9oAY7bkgChtEEOaMosUKXEW6CRQvLDuXsxr5dWipJh0aRAF+C3xnVVrI3MowYa8eipGLl24nsploGBadtPWl+t9/eYBCGv4Qu4Ofqj5H78PHtp08fPzWg2+DZeJIejmDjJxmtoPfQwCHayqRAf83LC0r0xtSvxEcgRbEAu6uG4ryJd6FRrRceyxTzXcoAPhE710wQtrabYFUoIgDe5u88Ag0gWvND5wzAQsWUW/9TWaEBtljYIbSU4V5xChueju0hORI5pHBnUkTd1WG1efaX+yq8Sd+qco4ndHhpsP2GpitZwwuEbeZu8wK9Z4bupPZqn+nnDNKrl6+/q7NBT3u6z+v9krTug3ss4NcuRhMjh2TEMj10D43QDe7BiEwQBCNgPbU22C8FXKJFpzo2IT/PmMA9gw3ERjFBXuMi5xnTZGfH2UmdDwNabRlJdMGnM1P05aknq4H3XXNDC1rBLIu2+ptyVbhp/qsF1cfXZTNW0hb+SaODVw/p7A/3hnsp5SglG0mlb8MXtzezikmdGXQ+8f4gGFAj+S7AtBHw+BPWay9RfsDnnCeoqhhkBxUMqyJYNHtGAJ7qjNpbKPR7+iY9W9xoVkyiok0Fjn4PT92GoqIBmWj3aXkUEMBbzXAPmbzaE0PRA0HaJG85GKFRXu9ivb2qMbA2NLu6tNLFJm9YmIXALMElA6u0BFQV4LpjN61yfV9I+AwYH6Sdh1y2O9W6US6A3WSsimGryfH9lV7TYUHFdPihLoozCV6Ct/7x9Fxft5pYvL1esUkdnqm+RHFfkL8/V7yQXoXAnHLFs8b5DGzgCPoeNrtk2CPbvieTvnCQ/DjDs0NjmzePnnexPyMwc9+zznhnCjXBgwXaj5jGMWKrOzlJFuHG80NR3zqNQHcwX2vGVZCJPT2cqRuVjBAj7cb0bmnQx9Io4AHmb/Y0BhkzM7eiNw0dAJyMkXTBw8lcTw1sfpcVUtu1HfmduBvdmJfghsTuOjVmbhUwInZcgI9pB0EAqB/RyWNu2NiDr4H1lFoiyktWSogjYRo6Orjh8gTxkeCu60IwhUVOeGxy6B7WGRV26dDi8D71blbIulpb9MbRg7ztzfnN3GhnNAh5RVgDIA00SFr4gtuTa9y9KNHNqCAjfMD3zRhFS3DYCHvWR4CQHZrnowEZOZLfAZJn8NWEF2wHpeZ8hN4Y75MII4bOekkYCJYuqAqghr4qObVmaqeiWltk7mCgT/OKdqBvYjveOs0HZ2gjPwgWMz6duQYq/TwQOKTXXlq7EvVj6fu1tDYHCWI08HuqmdDOYRRzwmgAM8AVR/YSKfWtbX6myh5uaGw5qaHsVhA35cSKnwMyZ/ZyFJhaA8FQhDYNTFaYy+wdA54L54gM8VKuBW2F7bNrzdCAldG6P00NdhpKGETWsFwOezh199TJQFnijQuLcA2sG90TEzpI0vl9ZJFdqGeiOfb/DgWpQpfcWiS5/QPX1amIdQcIsj/s5Wvv9dr+IRWxywNdA2R+5LTymilgs1bTDCKEl3QSCrPE8zMXuZxrvPfJ6Ul3Hw5fHL5qIh+P9R0HLI8KcxO/jsPgIJ0qav09x+2FAG24A+yKUWAYvoEjdrpaoKbfacTtTihqTJZPcnunZi4zKbZOD42Dkq9MWvXapJbccJ31dDoPQSNtPn0qSCm1SVoZDVxknJnL2KXcOUDGrEctRH7qP2Zp0EWjV3dGiwxKYrg0pwKiP1BQSC0izpHuwgKRxMOYjXsbtgVe9T2KlTZe5GE54a1Gmh6SUgoe23iRZIgnT0B18ztmP/oSZEaSK8YqUlfIKeCl9HA1sQqNHQHSJh7tfYUnLqPFIN3Z6ILsCTLOqaGa3ZV09vkB+ThNKypKNHvZg8UeXLAlVuSgAiOdnNZgBWWpvGCEKZGWEyf8o5DTgdNyCjndHqST2xPhdwrFgUUswZGcwkyWScZyu+sobKVimSxL4MTQ8lRIE2wqMLwVERpzg0ITIrRKmddJp1VMsZjIopBzFBAoySXWYhSdYXosYBXNZmyY4CJsb61WyZXvSSpsvclFVZtL/6OgQrowLC901iZ9gOr3vCh47zPo2gEa2e8lnBM3dUNuIOCDCtM2KQm5D2LdnmT8zKxyoJjzfpnobmoE1fVxGM8+YHaBhjG3p7yT/MHEKhFDyy6KCGrnjmhfD0hv9jr031vJ5jpN57c3CHirXGvwVm2uDWZd/Ej1jDytmJrRSkODcGicPeFiyhQEemyD24nO3f1kpN0Aih6RsICclVJAU1KGijGY/LhZ9KTO+uKGfX8dfXd88sXsSacndjWh8lOit7Rg7u0dfcVXIqC1NSsfULVUnULnQFeGnztZu13NrsErkWbjRWp5nH3Z6fyJIf0WlaCldsG3ozjmSBtqmFW4aEFVOfo6JXkAsmlBTNn8xu5WnCWJub6tZTZIF05OAUkIBBxdV5VURvs9sjgBWRyGRtGlqKfAnKQXhMKw0UdFXW9qd6HjFX0EtxOwhO2B1+5w5FErFqMhc0YbICjx9vllV18D614m3QTeP9E5WE2DliInUMJEBVL+yUkYtzCyJdK6FSLAMczwwslldpnU+My5tmSagwKNCWQgNzOqshnL42mxAgkPPeAVM4qzay+0jy5xb0ZdVJ6ziuy/Jnuv3hy8eLO/h5U5j99+/2bvv/1l/+Dwf5yzrLYLwE/EzKxug5qrwu/2h+7R/T33R2QLUpVE1yChTGqrZmgjq4rl/gX8V6vsP/b3hvb/9kmuzX8cDPeHB8MDXZn/2D941qyWIGtjZbVN8k43xTL2eZoKKNEqZbW1DC2ZkZPo5gXfGDnps+57+0aLID7oWKND4QgoZDShvKgV62WIYcSVGOPqDDGMuzpjrLuC6Ybr5z45D17wvn1DMwAUGkG+5wN2zhfaaRldq8E7OU205NIee9nkWNH17lUbf1h76igRLSdmTn1z3v4wb6Qs5KPnCw0N2GfGVPk2Vt2Gfu712JXlcwO7GGt7/cbm9fZ/T6+YEqwYkPc8U9LOv+OWuOMP985RnXP77nZ3H/HtxjYqrq8udcJbl3HbSSFpr5/sE9dXBEaAW0ZxqThG6bTXrx2IRMsCKE0nEbw/aeaUfVgyqNvONIEy/4ypdnXSAPulkKpcgRKXLuLJBzDy8t9ZDsPesaBBsMODxSosYs8eyf29vfYVAZX2ucBaNy4BeSFrOHpNVdkRAlAUZhXoBCDdtHfYIeYUO4hpZpmAiMtArDnnPi0K32e8pfxo9ludqE4PVyDo3A3sa00uFWBZgME/CiEOCL83KYBSrTtmywFYbehVMxOK3dDMEKlyplw+m5NwEvuls14WSbGoaHEJGm4HWdcsqb72ICV+MAgffVNhgubxoVnm7KdG3mpe+jlkPHkbXBwxzYxKQu7wKa8ve2swTSJ+LJFCvMLQGU/qymsDiQskbAQ4t9ysnPlmGEJzbdJQEUeYbmOCPVJb/tqbneg4e1jPmFk0Q53XUSGnQw2/D/3vw0zm9l514qr/Osb1ccSFwb76Pt4DHRVuigbe43Y0hGNfoiqezNOT8+1hU7Jwb+SSoZToqBqadsi5CDNiMFdJFyRGaUWrqazQ8bR8uRDJ2Fpw9xp42aRpQ1cqD3a7/QONK3daQJzrLbWBNASna4v2YEVfYgSx53SD/SWeJFJ9kiAeyjY3l2QPRGQcdoejVVAmvnsHc1NLLxSj+cJRUs4mtC6MJ/RoGk5uSTyAnjiwacec6/SsHEX5L0zqQ2Qh247a4y8FuL5PT9zkW29rJSu2e1Rqw1ROy60kYYeOx4pdozfeP35+sbWNwZTkxx/flGVkJpwW/qmdvedv9va2tltstBuk8kDKHUNyAYnXWRVqDN8JazlDoZdeS2i9EsqO437bF6GaiNXDAWoP84Q7Q4ALQPnef74l/uQI3moHK0CyW8cgA3EgmowtF256rlw8hf0VHHk+CsCO7ao9++VZoELuvGPyVGuZ4d6BlA9aIbLdQQjR8J+pyHct7njRiElzxvqBS92qlMzrDO9kmPLU68bkfbRM/K/vT9//b/csBL65EV3zHr09xJedcuU1mW7ZdQqx+XZb7eOt9XiqCSwmhOvcrxMQOIY+gw0+eQeJQbxEPQFAtYzMD92s7uB0BuHqPMSt1OhLMopmV16b07rPat3r3rwfyIB+GAdo0M6xKpSx5nrz/RaMK3YPuA9SqTGKj2uDVq2SGYrZ0hBi0Y9m/C3UmoBhnCET3Zd1BZfVqLRTjZxv0Ao3VoAZwSpGiYEUHZ7oy7aH2kTRxT46IJpbadYNB+KsiHB72c6C0XbmQZHMDd1rWIFzSa+TAFBH928VcA6VuTYFZajWFaJjAxd1Ve87MO7OZMl2aeFxFxw7FqhuOPeDwQrnJ0zSAatyAn8oEbyxzPQzxUuqFq6QmL3Ufzg92b51X5/s7+3tt8peBx65aQhTK0ovdN29nFE9G5b58w3B9/7kOU7RnVTP6P6GZj3/8Wj/lmkPnr/Y3MQHz1/cMvVzV9h2I1M/3z/omZqLzUVLndqxo5rnw9aRsYjwtxen2mfl4PmLZ6+etWpYbw7a9xbY5HhYEGVmaBFXQHvjqZ/svTjca4H5mVdwzw0crk4Kbh0+4W0N7QvVJnS4sRpWSETw3HgQHJkmrSfZQZnPOm4zazkXGzNuo5huJ3gCES2qt6Z7lwdW1GzK+/99XRQwfiok3XbR7i5DnOa/39OY2COU2kEs1UOzlUSm+yiKBVGsYNfUEqDVxCGGF1LqQNLash97Enb3XzxrdVgxVE2ZudwgUi9gBkSr1Sz1oiy4uNJfLGUDcAkBAE8tWgb2HIAy6SDZ7uxw0PxCuciNltMBXdvKKz+BvKKijyBJ8Xl63hJm8OwsF2mSngyoAqLK/oP7eIvG/gOTaR5YRpVapE1zaQyI8I0r0v7A1EuaTSs3BmnEXhcN1T+kzisenLyGZTOITImOLQvZ6VmSIoDhgGpH15XVU/L7pId9Pe19vvrWPl9hW5+vrKXPV9/OZ5MVlB5b+azfyudrbOPzFbTw6arj/v4KXyy/wS5COfEk5bHHzwXPuHxl+4iXqfwSZTsIcpV75d+3PvxXXRT+S1eC7wQjO/r80X++IyV3hnHFQJ6RIqMzGn6nxVQqbmZlSMnkyvmwE3cHK3LkVC6jtywlVJ+aMZ9f8P7k+QDsLNtA55VijlsPyVGeezAmwTuBffDdEOMFKeScqYxqr2A2gUNmbAFEVxIUy8LYEc0qqqiRoWA21Vi1qFKcGkaeakGv0LM+IBgfM6PPLp/vH9ynJveXtoh9eWPYH2MH+5ImsHCepG7kuP/oP9/qYvT91xsuRgxGK+yJqGqD+dTYyD8cnrfH55hA/K0/BL3Obm5mPS45mFTGPvDNChY+GR1UTVBoerOo0/xpu1bAaEiYdiPOqMrnVLEBuebK1LTwff71gJxAQ+ik2ToWX/prPYYuaxBskbN7tVFW2YwbliXxlw/at6EV2NeYryMR3Lx6cfmiabN4bM762Jz1/iCtqsk9Nmd91Ogem7N+ieas9v7cECRPfnRje54Jl3yaABsrWoR4vbkPHB15yEYgTdvz6yoke1UErn53B9+hJT3MepyKhHJOGuBxpAMeffoNLeZ0oV0/pAGErrq416Dpui4XEIXtksSZuOZKirKVY+D3D+p51wp0k9onDY3GjBpssNDGwnqNd0EC4lV/07jNNMz90W1l/5ybos8Pt9JmUsITqTKhyIQSfxL8xke0OyYJSUm/1bQAh2QYM1HqfV0iiDF2NetDORdoUOXC0aHkcc4ynkOVNiu7AhlFxg4lSlsbL/VwQktebCo05uM5wfHJU+8VUCyfUTMgORtzKgZkohgb63xA5pgW0nXw4JMduOtiU/0QOzIv7kTTbetLIPrycv0iKM0sDt7LX+k1a68gyW35AmvA2QLYoHMpOndh/h3ID4eHw72d/f2DHVcopw39BgWaJfhPveNuGcsQ/o82tN4M9aUg9vM5ureykdQDUo9rYerbaJ2qOe/Qem+Jz80BvyqN7O8N9w+HzWK+mwqUvnA54S32+71U5LiQdR6y+zSKmkkCnLv50asM5bxH5mBYspzX5QjSHq7LtHo75DInsm5Q1huVAzEZDkxvje5p4a4OI/bd2a22i9WKIS/LQhDOQ38iJ3WEwGzfCTPdtmcHz5vTP7bPfWyf+9g+96v0lDy2z31sn/vv3D53ZkzDY/zjxcUZfF7uQfje++FCEJN9KSTjDX2ZazKqVTHyaXEMc45NsmoLpCpiR0joh7G679i/MJb5Yghhf/e7wX2ibfpqE7lpSGELTAKzttH76tXL5SC6INgNneELp9DiZtwK5Y+sKCSZS1Xk/dBuAJcX0tCiGaTZxuhTCywcduwE2COe7x8+60dwycxMbuoeedJAKU7VSjVGIscEdKjAPGZpZr2RwSuMJTd9Kf0hOWeuJJnM6tKHaYexfcvirVOfN231hLfH532toZgZkArKMVe16UWTYhOm1MailD+54WP9kBRznd20vEe/2d0dF3Ka9nLabcHuevV96XPuOpWseNBTIL/sSb8NzuVH3cP7pc+6g3a9w+6A1oaaWq/ar+ZetRWaOMWJ+n0Gh3tNR+tmjQQA1zKryz4YAWJ05TS90d+5j7eEBJx0vPUhUb2Q06llOSXLZlRwXTo5A74M1XSSuGUofRUjBKDYTXAZ3Rkl0JnOjRsKv0IKq086DvOnheUaygnWPAgTYQUIPybYbNPSCN+OGgvxb6UV7Tq1NForFNLAIliejv9tqGw3rg1R1JktfOWFb0euyQfaM94enzebl68iDQHBbUDCfPLRF9WxiAy+S7dZy8pj6W4tJm8h0uB0DEMpKK5WW4YRSlrYqyOM6BJPQ//rqWSxhAcMgkaktO5vLpkWT56YUPRVChZNTL5iRlWbdD8DNVm6DxU9IKU0VGNK64lsd8pjNyoazqkSowEZMaXsPxz+E7UaWvTU2YjNaJLDPG3f1w+yrxet0lQ4EeFCQ3EwQWhVFa5U+DDUJKp1DWSeVuFIR8FWHuj/wH4MTgAKMwywlwIWGvCt+nuN91JNh6yg2vAMK94Nx1IabRStht/5vxrIwvpPQ0jvSRqz3tqvDvvDLsOQHaVVjigktLm2EQm5gyPC1Rd2PYlbxb2SI9O+Tg6WLmWDhoc2FTzQ4pJMeleaHRhjuxyafaE3ayxs7/BXek17EVOLnt4Um8OLm84VEJjJvIOKO/bXnoaehWymZqU/riat125h8zUsabv4MAiUyRNhY10LfV0V3GBYoCE1lJMPxpCKqkavgFP0xyoae3WN3LDeHIDISz23VCTF5l0z0g51uVHSGoutEotusYPOgnxZvjDmjF6zUE8H6oRhZmrmm41hkhR6LJjIJLgepSKCzYEvaKJYKa/TQyBJVjAqoN5VE+TPLQFKtHQVPu21Nma+f2fcJ++ZS7urrl8JFMKCwJXxfhEkyhDqChfhCkcPC8u4r/DDZR9Zd86eu2pDrY5mKT2eihUQEmqv7pKblCNdc+qGGfoSPpox8un7Y02eHx4c2q18tv/icNiztOGEZlCqf7gJHeNJskJfxs1P2JGt2o6EsL6jtNRYXJWlIbusQX/1cyr8lRcquO2FIe27B8+6xHHw7FYcbfh+8tWt2I3ZGVPoxbUqslrrAKJ+2bcWX7Pxwbe6tc1LakOuv8UsDsk1eUW+jcj570FSHTZ5T6yZCM1sgb+zmworJoHl37FkRz2BUGDm/df7PbnSz573obVRa+5+uL3zxLQLH959YvoK7Lm6ehbHkWGkqkpMMmlPHDkNYKlV3A+K+g1SrcSqFR3g3cmcyt5CfLeCHmoDeiWHxu4vzfKA9ja4rTxgu1DiSjUBe3lC2PBNxtt+DcTQLJIZRl2JCKCa+BIKSJTaP3DzEyg6++77o4agPywIl5qcPiRf3ZHZ5cvJNdNRMOyjLGvhm1VBRQTo/4SiI425LwSFsqQsnUsn0Q1rjntireQVP3qr+Ua7UF4oAX2P9JGoZW/quByhJoNl+qHkQDqrs8NUShqZyaLZ5YiqMTeKKp4QDtYYdiUToZWkRhm5hArTrlTfAARSWmhovF8sUBGID+urRZWYZHj228DeXGws5dWAmLmV5ZQDZp42M7KaR+wwlZT8umYiTxoxQWUIgCXWS7C3UB7qI8QKsnCkdnOmDTk9w1IRekCgTPiAJGPOufKVMb9C/w/lZYO0ekz7q9QdXmrWf4J2fbTng8QN3h7YkbG05wbiPqDvXoPPjlx1XnjTlbFPen+G733fngEZ+cPqfkJRhced0HXZcyO9aLVzQw5iFpcbCzF5coTxEtCiFc3BAnJA/OLI6RmmozpqSjqdpzY0f/xiUkWT/0ULHCVGymKHToXUxt58hoqcqjxtvxeGnRRynm7GO0aVwPrh1AT/25SbWT0Gz5slEOjKthuQt8PzHXvJ9Ah9b2Yf/7v+cPjjf3//w/P3/9x9NTtV/zj7LTv8199+3/uPxlYE0tiAtWPrxA/ub3/Pro2ikwnPhr+IT0n3rqhdv/lFkF8Ccn4h3xIuxrIW+S+CkG+JrE3yCToNC1rgJ0tB8VMtgHB/Eb+In2dMpGOWtKqSZt7AdPDycspM0pnF9RcehAspsXOkYwbOZYd5ogmkVdnFX3M2HyIMSyb2qJGKVEzxkhmmEJAG0KvBFAFpQGD/BZHHTZaOHCYdbnUtZIDtBt1MpJpTlbP88nNyJE7PfGRgLMXsjmvyk7OXVUre9LSeen0w3B/uD5tWWk4FvUR1akMM5vTowxE589zhA2puT/3Jnc/nQwvDUKrpLl7M0Clz1/OTHQSu+8XwZmbKIqkTfe74CNxXvjOIf0s7/kMLaC8AHAwkng/MfF/IOXZLg79cWFAYt5BT7xCoXVxQ35o6CH/RQPSmY+9QOBovXCMNaMwv/e2rY6adv5fa0P4AoSE/8wlvgI3NsO9xCfdduG6Qta5c927PpRt/6bl2/Y9RPnMXcP/Fe9D0hHuq2QCvf/Lupdcu4p0J3iPCboZwow1IART1K82sJBlcxEHC/foktxCEF6L4PdSbQOE5FKDQgZYTJoZSOwQl01jrnJG/4jzpMSShB0bAcEEXljnVeTUgJqsGhFfXL3Z4VlYDwkw23P76MG+yFuI3lD5xipfOx/NTKNVZ4CU6T9McPFm/s1gcWtwdIgYTLanSLBuQipeA0K8PnRboxDTgmjGo1DbwMf3utjIVIrzeLYdfsYzTwlPwINQAxHS9jkqNRbJDEEnODMvMwI+PHmkMLLlzxJ3m/eaEK8tdsYS8bpbwC4kswdXtq1PgoFRkDFMM3VJbZf2lmPBpreI1J4mqxeoICB2nku5izWoZ3lalB2TOxiD9cKu+c2FUDWlIiC4uxW6lYL0wrk+k9AJlFBm/8XQjtFRu2BSkZEbw7RRSa9I3tMXq0dl7hxo9TIw5njRSaw7FIutLjDm+AxcMjlZBsfBHC7CO69SBLrQPM0La0FF6vgXfsIpolnJ9Bch753f9rWY1DkzeXryDYitSYKMhp/i5TouJ5B6GCWWBFAPTH/TIyZmVBzw+IDLm7fH5PSxQjwVCHguE3B+kxwIhq+PssUDIY4GQP3WBkHZ9kHD7No0h61loEgvMrcNvpqDF+6PjZdN/KQPEk+MYBNlFQSLjewMwPIhtatCzkbp2wpsNR86MFdWkLtIE6qhVTGIoV5DNgrxEMTCKFSB2hCMtiFRTKvjvrq1AanwQMo3rhCAnxnKWO86DUVsIV8EmhrCyMose8/IlmOLOf2hsxGPJjF6oH0tmPJbM+DyI/48tmeH6zW0I1IuZ735nlnD4Foj6YG+vAZ9mitNis24Gb5VxkznB8K6uEw8VrOxqg7QwgzYpK7mCIaW02z1RsmwacJWr5JXU6Q3uizjSomJ62Jel4R1MahTNbCN/C0LKRq7hnwr+gRsJ/pBFwSCxA+0c9q9oq+gJm/FjNlDaiFl4SKT+HQZejeDOFyUVpiVN9p7fh0ml95uSMMQYEx9lCnjXGw3b398RVZSO4w1ETCiezZCgwDLUKDEQQn0yWVZUeOnCikug8DSIsRX3k4YZ6dCd0opcEIBFlaJiCma+CS+MaxWKqfBemIIIcPA/NQsNBDDieu6TFPYHlNZoioXky4jQKX0EsSbeRg1SClfHeeyUf3t1/I/nocOLi4ztJ512E/7VSxn8KSXaP7k4+yeWZf9EguyfWIr96kXYNMrAp2w5LneWfHUrc4v31XLeBveTNrTAPCR0KPlZPXynSS93X0u+Zyj/2iCEYSKBJYdZ89/TUSGGNAztAMExnW8njgVdByFBPUsuoM8r4/5wDU1x5feu4J7NWHal600doWM3vJcT41a7rYKr/ZqpkBvXjdV5NX528Dqnr1+9fsaeHe69fp29zF/R/Hk2fp29PmyqM8nkG1rRSdPCDkFdTWINkH+smAjR/0pOFS1BzyiomNZ27UaScc2LnGhu39hVrOB0XLBdNpnwjEdnH4mu1qYIhui81JncWNO+U5HD1ogpmcl5umDIjgs76rqGQBM4MOsPyLSQY1p08IJf9y3ks/qHX9jzCSF4vfA1MVfwjAm9MavrOxzelWmI7SZSyBSDxMG8WdCMUKJD3S2HU/DbuBFTqVjJkpyfnfyD+OneWd0UotbDkJXUmo8LFuP6dJXfQEyfG1Lvbnc1yqOKZjMWBj4Y7n0pIcFzsmSKSDmyef9vrlfmGTWzJP7f7xvvEFTajrTWahdIf/eYFQVVu1O5uz/cPxi+blYdun9P0ruTAT3aWq1K28z04ODZ/hcURDxUzVnS2jIHw9ffNMxlGdMNneos+ep2zXwlccNP0a9XZ1RE3ToWKXQhEo3xMCnHD0d4vptQrAuIbqSIg7o38tNXUKxwYuwVYehC+77POBXhRrNiQqgI+LarqjgGGUEpR+CiPlYa9BQEN/o/V5NNpquUaFovf0EpunChvoAkqqYQBJa6dd/TBRkzZ73A5VVKWhEGonw4VP1MEN/hVe7jDtGhhuUO2SnCn/ZGCh/294b2//abEcDshmW1sVfvhlBxNNayqA1r9DT2WImz97OUMRe7fm1ps7PH/vP/zv3nN+kUdjzVWTXCUTyXJbNajuWDKKSj1BpqgGpe8oKqrrjQJs9qupJ18F433GmUfNJqtgl/YbpxrrAglyZGNjFb3VnF9X43b7gBeurutCrvVJ25H+LmV64ClgXjiV1eHyDNa18b2g4Av5+wPWOxDb9HOAzaIxg9Odjbf7Gz93zn4NnF3qs3e8/fPDscvnr+7F/NSCkzU4zmq5VsvheGLmBgcnpy9wY5GDZadQKA6TUo4uw7TVkb5KBNcwKYpJW9YLcVvh9gCRtkDSFwg+qw8ZgkcUwFGlTGLCazvwlDJuEhhJKxknMNPkFf+ccB4W9HCBi2sqPrdVNA/ozo1mV+yPr6fkH3KrE/l+qKi+llKHO+Mcphfq6kpLo3QnixtgXt7kyWbJdaXe+btNplDDR3cvan5Ktb5eyQoKcZdHoM7XxdcRArMFf8WsK2UiVrkVs5mTOo2ecXRg0N5AauU3gAQoN62tFruxdckJKKBakKmmGZPgrxyL4u2EUKghsai7uBdxd9SOUAnWOQqe7lU1oUOIXvziRdbCPI1LqSIo+sxVVXEmTksDiMlR2PrOqRKWaCK9hiKEahMT1IylONvYFgBoV1vRN14IxGg0gEPrNqQLKCQ+UJ/ygVeUi2SRMafdlCAtUKclji6ZkX9Y2M0PNqFIs5mJlVSABprhw7xn+dnhGj+DWnRbEYECFJSY0B00Y0NnADk1HF8gEZL0ISSDrVGzocD7NhPrqPo7Fa4UD1x/8dFaGg5OmZxj2WIinMmPryuvkk56tlk7jneupMOOJxBe1DPkMmhXCZL7HVr4vIV2xKsS6PZtoqzXqQPA81A8iYh9w8qwJiamQmVZ40I5aKXByfuVExOi5mvCBsGePXUZpyJRXJ+T8/uLTAp3rb/eh15eOzBBYsh4plRUMyZ3smZ67Hso4NfPjta+ZUC03d4MAVXL4GoZmpfdwvZoYxVZKtMN4W9hOfBFUvhUK0ANe+sRb87FR/H57crdDhWYnrkZohY9OtKdJ1OIZ03pgAQxzrpFBKzCbBDgW/+kKAYFvAk+6LtfYMFlEbuxfEIe3pxW3cwZhvpIRAIMc4/K5fQmh97YpfWG5Ac8vlSyoMz3yytgsFZTfZjIopc/wsWil8NKiR5Jrb5fLfWRLgIEjGFBhnYqGNWGLVzzGhReF5FeAW4lENm0rlKs+4Aiva8KIgTOhaubDVJaUSLMImPDExJ82vi8V9DCbIyTclkGEYEVbjwY0JVwfW7PMMphzzaS1rXSyQmtPkIELmFi066HMQtEQtGx8Q6junYLcN6FwnLZ0MCflnxKzrXZg2VcBTpeg8prUj3Y+G7gtXgrEpSAp7M8SCOHmNGU1o6xnZ+we6driGNKMByZm9sqAiou/pLEUSU2zFjpYUSPVw5Ri2ZYKgiztxFcxoAY6+aHCjtZFClrLWPgQD8B6/DgB677ZLqD86/7DtmnoUi2jA14TRbBaLJiAqT6ESBOsmDO0/33/xur3mRkDMl46BaYD3g5TTgpF375qZDA9dJ+Y7KBADHfpjiR0XhyddlWDel2+1/6rp+OzrfvQwXVMQGhy/aXh4zIZ7zIa7P0iP2XCr4+wxG+4xG27z2XBrJqM96WajdRKxjtEs0IrUJadn11BT+PTs+kUUCFsy0BdLYuvLoBPUDD9DUX9yYVU/pwyBTT8V3rGY1Yeji6ATu2KY3ElL8cxKUil+TQ0jJ+//lRYFaZ4V0LAKSXMypgUVGZzWpHiAVETJ2h7iFpLtOrvFUx6ibnNEABQ8+XpR8HmFh85cxaF1ZLiWM+XuGjb3c6Q4tC8jccuDNDipLzfbO9OqFTM+nTFtkkk9jnDuASykqlgeQK7HXugMW97oV4MGmDCc0wInUpGtiZTDKUjww0yWW1aP30o+tzNFG3Xgc2aYKuHCrRTLuLZajouOAL0TanKCjboeFzwjup5M+E0YEZ6B6KQ3u7v4CD5htZvtIblAI6KRqLLf8DIUihsvMHRuQQy9irvqavpDi4C5JAUds0KjSiykARs6lhmza794d6JDjOdWJof1VV//s4CMBkkYWV3C9n8BimCTCcMeqEZWTnJxe/iUXbw72R6g9wXqbXn7VAMs4lA/8CZAQJHrh5A87vw5HeJpzxuGtXiMGALq+XOTDZDMMoqJG7Ea7cD3DbJ5bMr8eQlCj02ZH5sy9+7JY1Pmx6bMj02Zb23K7AqXw3OJm9N/dUfyqy973naamfQ3qSAf1cr2MfQ9p4Y64OZUk0wWBTQFuSPBdcJF7jpKeeqEqq9IlqF7op/bPulzyFb36bBqxkqmaLHBYt5v/Rwpe5LOGuTBf8onoPuzG66N3u5UaMld1cViQdD9pgnNlNSaKAbRV642/sgNCKfPt3PoSiav6OHk+d7epGnd2MRxetJlzb5ray0EersR4tDl0aEE8/MrxXXCc+QEQ0GEzJkzszWWHL1NIVwJCAbkubxhSPOIda+0/TSLFBhX96akV0wTbmJyRco9o4Rq6TSp3ogHQ7AO1TYDKuyBsTI5z+qCKoA3DMmwD1Vs2dG0CDoXKMfID8HQeaVdCc60WHcDDGjFJRtobza0dLhxGebSOWRH9j3H0i2Hh48W+67Ga5fe8mcv2XM2nrA9yl5kh69fHuRj9nqyt//ykO6/ePZyPH51cPhycld55oehyPQK9sQWK0I47tRTFKJR+CCh0nAy4a6EsJlQ2bqQc9z+nFu1fVynVax9WwvEqqohRCVcPBarunk9oyLvIwe0ocK+DRaieEJEME43u+eBfYVqWMHbtANm8xT5m7qOXfCcaabWhsVmCVFV/I5Ro/sGQY0rZxNaFwaaD1QhbC08ajcyloR2MVZQ7km4Ok+OXFkPXTU6ee6kBS0DEcl8o70uAzXRQBIwZYvPJJRg5hJ5UaMaln/Zc0Uvsdrf4JgamYpEIcwSCkYMsWbJRCo2SDbBLz2wxeg3GHvBJgzqrpMAmQ8A86OtRkstlpyA0KWoFgDCp9uDMcA90yRUR4NDaAZJNUs7tYST7Lr0hnGhJaPzQmasMri4MBtCDCj2wpUDkrlSJz5iTzebMmJnpGnN9SzsWjyUcKTtfYFtG+NV7+45qS2oJJV0XUsohxfBtLf0BpYQh29xoSbVRAbjqWeb7CBXCDh2iyqpwPAqzXrEBD/fzp77Xyt9RicBlw/qAcXIXxy/tdY/pnzQve4JeDGhGkstqIf2yLMNOSHc0Ilg7leSTPLWb9DpBAeJ1XwhVqgJXfuELmG9oW74qMFV+xpKp783tmNzBX6e/N3n8jc3JASYNXSL7q5EHgw1y+UVofZKwqI5zBApikVbt7iOUwbu3tMgaHgwTOuTYxxaQ82K39yiZeFTd0clJm3QqXPJ7DZFwuZISfjhHYGHqdvp3q3iv2B4nAv0ewyPewyPewyPuyU8Ds+J26a0TUsHh18sRs73mXyMkXuMkXuMkXuMkXuMkXuMkVsaI4fdxv5sMXIOarLJGDl3td8RG0YLF1AVT60MYWO98WFJqhQxioICJKZffbzcUnQMPxMfX2G83OpC3RcMmuuh+T88aC4VNR+D5h6D5h6D5h6D5h6D5h6D5h6D5h6D5h6D5h6D5lYKmoPCTIhX58y5iN/c4sz5Hn0vlk4KqjWfLNKurrRgyv6ZZRIrfth7181FDL2RQpbe1BKqUM8Yec+NYuTo4uK/Hf+VTBQtGfYNd482Aumg7oFUsM4mIG52LFUZ6qRw5URmp0O6MU9Pzgfkww/f/+y6LXvnPCUkk2VpeYSDF83+uIihoZnh2fBbAMMXCnJDZrQytfPaW8HdSUm+zENoAY3ocBrcFi8rmpmt7eY0LJsBqQ2/9YpLXH2oT+QnRJfJFRegBYCgQ7OZ5eOg540XxJufDHgRPfnBXAPYpCyTZVVwjUEzU0kLDx8TOVgNSc6EPaFWLUWX4db2PdxoYVe/ACt1GA5TBmf1pFZQ3MVtCf8dzZ2eghoSIO40/B52I4T4Mat1QtgabJe9G8NkbrRmU2XiBV4XDJFjBBH0Cg5V7fWAMCsdgw2AGsLF1Cp/hpfYdlkxo6SuUOwsEnDpdIoL9CVRWsf//enFp7fufDU1FyTnjV3FlqQ56qaITk+QQI8ee/90tZp8KZyUHYRFvqdG8RtygeOEHXSm3aQW25A89d3t9ZvdXWoMza6GpR0TqkQjJHr34mhv73BvN0yw3cYaPtCHry8kEoRAjdVxF9GVstQvjzvkan24g5pGTGSbK0fISJiD1Kr4k2LwXiMEHId740sc6cAWm3jFfe4/1WG9D45XD4zevdg/fP36tnNtf1+Ctg2e7Eak7Z8UdcuFgSX4/GNO+8rYbdz4Gzrwq2P3XmMEXCuaeeuVF+WTr5bL8icxctsP0p8IQAUtFr8zUjEFypmA8DQl6+lM1l43o6TkmZIhbSVp2wLCuFVQBCPXnM2HsTtvEDvdNiWAk0SGJ4rZxRtNdqLHwJf3m7Ox/93HJ02UFGaHibwVcLhjl/NbzRRnmpQ0D+uIGt6YZlfpm3r1rjgW+g0y3uUZJzhxVL6P8BsEV8e1OU0NTaqxMqEL6sXq0sTIKbNCMlh+w5DR7INGAI/wGRV5gZuXRPMapnacy40lmOzYRA/Hk9cHk2fPX74cPzvM6Qv6LGOvD17ne2yPHb589qKN3lBL8Y9Bcpi+hWr/vTeoe69NCDQAvaBkVNfK+d1A0wzZMlYXDkNiSyuHX1CgXe2GDvr29iZ7L15Sujemr/cOxi8TrlCrIuUIP316dwc3+OnTO69j+nhtXVfgiMReDHZKA+YGyOWhhX1FY71W92QoxjpjZKwYxcK+ci4sSUiisxmzmox3XVXUzNz7ktyn/dRmzaMnLlrSmVNUETtmbc3n86GLEh5mcquZPAA1pTF8nwI+S7rAy8mVmDw9s6vdtSi0eEXba7GIDeNo26WCLhhITID25Nr5YJKgAgxvnkrvOh25sEoXmdkhmuYSGngFHG6weQo4sFxHc9+iDNg1t8zJTx45vFR8ygUt/GkIaKlV0QpNbw3BNQY+Q0Xnib3QMAFxAD3UpLGsUC1AXpjBeWu+3xq8YBSsWRVTXOakrLWBQcbMNVlkeY+fDP1c8PCYka1KTLdiEpp9fWtov+vuUOVuwMR0Mi2jd//hS6ZLZZIIdIsUOjGupfDoL6OE/o2stlrIGf1lhMliTR+iB7plqt1gG8zTCbphLFsCOxkv7TFztjKoxmrl6XCIFkmMMraXDevigowsjdnxRgMyn8GNiIfQZXJpKFAstFE1XHL2UGO5WS+ENAO001CCHpGveSrfHB4+28U0hP/87T8aaQl/MbJqYNQfks1diKXMIU0tnkcgER2KmIfVdkObkhxOEUKfSym4kYqLKZ4UVyc8D0xzzOyRdJs5wGQoqtPtoRmUtS/k1AXc2VftqYcGRL/WEDPhNgSrV1O4b9rO6LCbwagaXgvDUpCI51QHQAeN+7A3E3mtjbWjLfm5secV1TrZyYdvcoXDt6TvVtORDfcqa86d8CCHoK0WOBsIyUpDgTpwHB4+63bfOHzWAAoKxm/yMoUJHBGH4FKAF3/BtfWuIZU3t1rE1uHx/wk8nt3gZRdv6HQWSABEwSfc7kLad+GEJgYMbEGfwO5z5LE9PYX5xrUJTw2SyXCxeJ2HETFiRBBWVibCA6DjkyP3dit7rZFuSsbMzBkTDaOAmUuU6VoX2R8dBmZZ8GMM2NcTA4bKzaaI4BxGX84T4bbZat27aB0bvemVzxDeJfdWU+9+jG4jj9Fta0W3bTjwKq1bkcgoKQQNI4i+u/XJhQ+Na6erdjtvhig6FG+x/+01DTK/08ebKazfJ2056TXG/DPI+EnDTOw3nGl3o/rwHFJK7AmBplSee3XSG2xCByAncMNtrRM7ankPh/2/bWDiHxmT+CcKR/x3j0T8EwQh/tHxh4+hh3eGHn51UYdfa8ChfeqSTr1JLLmSSfx2hYsZx/DXcyweJ0vmm1T7ToxBJHDAXczYwneonsk5sQxGgPvQey2h5kgmS2iv53XciiqrLdYBVK9f3uMuZaF61Bc4yW629pbws5mvqvAFWvKmAEXUdYA6pxOqeAOoDRs0fxJuQ6+bhVcicfUk0v/Oi4LuPh/ukaeIxv9Bjs9+ciglH8/J/sHlPkrz72lmv/jHNjmqqoL9zMZ/5Wb3xd7z4f5w/3lgJ0//+uPF+3cDfOcHll3JbeJKwezuHwz3yHs55gXb3X/+dv/wlcPT7ou9w2Gz763UwwktebEpM9PHc4Ljk6deCVAsn1EzIDkbcyoGZKIYG+t8QOZc5HKutzsIxCc7cG/OF/CxYoomkZVeGAKRGFSmGYsEoCApeUkRBdzO9/JXes3aK7hiSrAvtgacLYCNfmI69+yoDfnh8HC4t7O/f7ADffV41oZ+k/VD+vHv/ZwJ9pch/B9taL2I9KUg9vM5us+YMFIPSD2uhalvo3Wq5rxD670FpDYH/Ko0sr833G9zlM2C+vcu111yNVgu+M2OneQNGWNqAhXZTCr8uINh+t8EWeI7fKYx2/+EQY+9OdpF9o8hOtwF1HvlCITLwnWVhAWC7tZbEgrgnUltkiPUh5IGLD+65/3S3aobI48h+J+X7PdYAAkHpgUPHrCKmtkbZ1hoPVzyqaI4n1E1a46Oa2kMK8e/sswLufjh8s6V/M9wiwXMwj6COD2tFaDTFdrqWV8Had21hUKsqywLBu3dje7AvVt36+hQUAsixoa+bOCqO37BsQAmh+bO+K7VGBxRZ4Ws80i/x/ajt+VA3TvqSkz3IP+9+xXF1KzxqiY0z33cI9QTu4QHLv2Qvre2VCmFN1YNLwwrJS1FRC05xijgLzs3t9NHKgW6V+w5c8WjYMV47nsm5yWdsp6pacl36DjL9w+e9XKYOPupHYGcngTVG/Hkt8LR5l/IkSUTLGYMRYHDKQlFNpihw4ASQPIddNb78K10lszhAYzFu2+fJiwoPH/vmVY4Oq25Vj0/yWwlzWZcsMukuOXtk7kXhskLq87l+DovuFlcrsBNb39r1Vkdja+6cZ3zteo8WBlnpTkaj/aO7/lRLrMroFXHkE78557jhb9BIdN2eUr3mz3XeiaVucRr4Q2Z0AIirv0tjvPtBGa05LYNYJEebbv5SoOJ+GK3Ebv9yEoQ1v9KL9KWTGU5zv1nA06XHKh7ztp6c7VJ15/OeVHJX8jFx5OPVrCZEyNJSSvLZDX7zw4sDSmD3C5pkOX8nASejiAMPeXa+zzS7Y/4qWeQUzGRKbW6awGKJHtekxCo/b6XPN298fb4PM3L5KG6KMv0cFEWQ/cc5q9SlxoqpNiJb7YsrjJEOS6n9OVb0zCL+iHGUhaMihXRO4kYAet73PbuvFIPxzUvulN2dzTc3lv7r072915vrQbOx3MCM6TG2X5ArAbfew5ug0UbxUw2Wx0YPwv6VcQiUOBVPYZqS1DazdHhX9PvesaNvwdhrym5xUFJSoW3c9X40p2ctQH07TTXxngl8362c6/DnGCgkjmaI3unqnt4+Lozncmc/HR60p3I/ldXNHu4RcURu5O16vc/wGTehtWdzLHLbz+bMSc/X5a0qriYume3vl3xFCUQu4ukpFUXZHC+wHn/+uBOYOsHXjEoeayZedgtjuMu2eicVYVcQNz1g04cx10yMVS0n9TFgy85GXjJ1HfIQetO3GyWcH+h7/PnxXHdBeN4ebxdzsIXPeO6H+O9EpTavnsgjk3udQmwm1XFTjfDkN2wrDZ0XNwmeroV/yoLecXpDq2NzLnO5HWqnPw/+Cs5cb8sSPocSTTvO60nPUOlt7CDIwy5zCronhuiialpRb2HSc0bSF01cTkJACRm0v45+W3m2SXTvaXZzLk1MRMmOJtdWREXysY4pECE8hV5DZHF0KOrrho2TYKxpCWW3w1GQXCsV1TRkkHTJUXGzA4B++Yqk2DEE3xhP2JIHs8BNM2uodtYRZXRGNt4ejbwpiUgd54PIJgA3DkNkKjICTfaNZzoQ6FLsquUzOvM3B+RF67WNZ5dN4wVE8Pabpt2bXJpTPtEB8v/02Tm7TumFrlU682M76alvnH5CS3opIlMPxw+V/Hes//06R2ZWeUTumDAdI5aAZLbkJ7VquXMaKpJS2b9OWQC+fVhew4kcadS0trMmDCuAIzPEPFsbc5FIaeRkW39DF+MGTVb/dzKxQyGgISf0fVE3oKn4p2cLrXiFnI6nPCCDZNkjT4cK/ZbzRXLozZxB+ZTPwakzsUUoDl4iGnu2yUyQeIKCY93g3JZdT4N0oVvCDJk1+YGhm15D9Dj0YoPsBx7rrhh7va4E3ZF5+Qf79/FRB+aZr/hIuQYCNktwiEc89bDWCF1CDINox/JjtXyx2mfIetdz27EyIX9VpKjs1Py9D2k0suJCXv9d66tdihyIticqe1hK30pjVTyOYmNJmUiD6mITFg44WfNDMA0cu9c3pQF4jH2z6G6w8VlFSOzBOEi59c8r6l3nlmyayaQ3IVvLFU1qTH42ChZjwumZ1KaNHS5qlUlNdOY2YEti1zCPx6RUJdpvEiJLjCFsqKq2ezKtAaygEJeCJ0KqeFmGResbPuxwiEmvQLTEuo7KgoPaejF42DonOlG85cZUyEyYakViFY8EarikU5OxS2w+Z0KOwiUCBWIfLIMnGqMtc6kwuZssVAEBL6DIawx5tacCxizkNOtYHHrLtfOJhXZ8s9OuYjPN0YM79hH7HsJrflVdJ4BtpQzzafCcWkPwjncguRgb+9ZY5jkkYO9vb3umYa87Mb5HCQU7ZbQGJKLiaKYMQpl2zCWxgE1JB9bw0GkHQVZyc/dGC4UDVuOUVcCbpieBtcuACuBNwZEeUE7wQ/2X0LO7ASKjyG7DsvTPYY4mhl+zc3iciV7Tf+1cweRHpFpIcdYxbwTY4uB77HjDkglrumahw3otjGkq4sBL9tjB5kWUJMEcjUMNlQNk8AjaSpNU+0kcaY+rbGsasPU5Yq66rrHWDQ6sOCcuEAIBqK+56o/yj/be7qGovjtuylgyJLBnEJhxwEiRfiOe5hHh7flqOljH/VgAYa7TBook7UtO2vRUGB0O4EPW2Dal2pZG2wvBomPml9jC8fGUBBWDEsZgfKykDW2qoPajPHAwCUjhZfPNakUT+qrELyOethJ0Jig+9Yoom4E81iE5mQET+2PBk3Y4NuDUVJkY0DGLKP2TEdGn8wAPdUEjslFkwSoKiz1hwXISRCM7rXD6UV55z65OkHgNGE3M1prCPCHxCg5SUEPp9e1RWkM5PHq6iOS7xZkRq+dNKaT5nR43zphwLCy8v1pm5wyTSPlguRUz8aSqty1PURX0k7BqALN51c5DkUZSY9BJcXcUUN7OKPZFZ2yD20Ws5xjxJG+44KqxRqvmQJcrj9ppk5FVZsLvs7sUpr3aavn+7x4ER3+93ix5kX+94YivfrLx1Y4FPfH1rFUqgbiPYIaQOcm7Zi98iiKwXb/ZLK1kH0Sz9Aa75qYEHWf1655th5hxlffMTFtMdTVB1gTU/ZVRyXv6a8tHnz/IbhYZwjFr9fEnX1Tfear66Ld/vJ3en9aeSuMWkBrs/u/emMUPRUTee83v6e8qNV6WE7eXRNX3/OCrcuLvueCFpaR1Pre7/7Qul1Xe+s0L9hpWRWs9Pr5WkMA81tvn0/LiiktsefPO3bN7k9lp8KwqeJmsebr1VGj1et93jyL1UdWf+2vbLEmcb2j2thr8gcp87VePp/VJpdzsd4A5edIJe/kVIofmg79e7x5uuZ7ziO2PshriSRwwazLBt7TG17W5Vksu3nGVMbWOFzvuXjYkS5mShpTfM4w6+PlA5u73VyDGOLLa5HCBzbHWhxrUfAHNl9LaPkgS3slfA8ZjSK7v5T6Ie2VvPprH4v8M1b7scjXWu1HZ+C3V+ham3RG1+CpyeH4zJvwTLFrLmv9uUK9H2fNl/k1L9iUveP6/udz/fP1OYfLvbve9rl316DTs4bL9x7v1XQ9Weespmey4NliDfz+bbK2WPmJUb3Ga8AB6LqTnoNe+l0hs6sLdnN/XJ1javZa9OTeXRt0JyShYr/W/e+HAKv88TrWED/CupvHp4KaWq0xsX9zTUXkHLwa93/NULWewWk9y8u6qzOyWg/KGuzZWGR4ParGEdaVht3rP+k1rQjJ++drMNuL8zVgvqBqyj4HZzjAWmYEfHV9rSV5f+2Vo4/yM1a+9m7H19fabKh+RotzbFu8zvrlFRNvC3ZN1+bB0Fe55Maw3F0I9z/u6yJg3avnZ6mu9JriJ7qC1nvtYL3Xnq332uF6rz1f77UX6732cr3XXt362jftd9Bfdk+v+TqRHdGPjfEbWK+QdyNSXJ/pNEynx8/nwNP3gvuenlo/R/TuNbr+iaXAZTMqRMMSuFE3O87m49545iIH0MUe4uKGaZ1I3mRFUoTR7MhJzJ/z+xZyqkc+gw0K3QsfeRnDs3owgTBslr7cOk9PmqFdhZw2AoYmXEElW0SKsny5yeOwV0J8OaLQhUTvoz9bQiQm/oS0gb+3hE4NNhPDaVEsfJ3h1oCK0WzmokVKNLq5/Xl68F/PDv6rMZ4PYeqGGFmgDv7rxeF/3R7mtN100sNmsxvTggnqco4Z2evdzYIall9+jdE2Hia7jXAIGsNlUhglCzgM0DhlwpSCAz10NAQr8xE52NvCzJirlmlmrQOTRuXA/FyRUYKWUcrvevIGq6ypkz0478IZ2oEFyLDIBdVXSMr4FGSILiqMzPKcrm+9mJhQSBdh7EalFWQHmdBDA+rmN0NzG6MVcjpleQ9efKrD5XS1xLsvQ1qhNAb8iMB3jtKyu8BnoFQ9C0qKwn/WZrs5LnmoxH1ccIt4F2P4qRaGl8zbqm5D/IbDw3ou94RRk6dtcpIq1MizyO+hooStbvcszFB9tclzZsf/uk8ZZmr4XsCxMV3fTfJUClIp1gwHa0oK7WjUbXtPuusURTgfyXbLYYAWmHlfgYQ7jkRnxBAF1xnpywb0kc8P6Esi7HpQ50qKekb1WTQdqyDu7O883znY33n2/HD/8Nne64NXOwd7z/df7u8f7O/t7D97vf/s1eGzF6939vf29ldHiacfyHexl3LCYZ+en55shySpLJO1MIRqLTMOV3AHMUBRbfZKsGZAM9heSCvNaFlc47k4Pz3BRmYCUufhPgehNpZkbQUuwg+ukRVKe/iVxfHIR+t5EUmich+FZQdkC8aFrEnID0wAjtDa43R+eqIHRLFrzubu/E+tPNcUYzDUXaOQQ42/nsYFK10Dm2WksyJjv2Vju5U1m5vWv1ENIFql7TfAj13dZeORs4TAEliXF3tugG6aJqCHv0hcz+W7Ae6B8Lpj7vkcAeMiqVEZs0EDgT9x8arc6XyujhXTQf1Iqlm55DOfXRHTz96xKc0a2TI+g3dZJho+wDQZU3uJyUZ+14vhDW46tol1tgR3YBEuJ8In5Vfj+8OkVgom4boRuMjZTQzInc+c0jgKycPDF5dGXr4cYnaTS2ICwwYzS9TkJW08765Ohek/w5hxc2vdpq6adte4nRduHb8vp+COGfpeuXWOln3qjuFbT986csuCdMfIradvHbmQ0/ugpGEsuqMQl9Z0yi6ZUvKuQnDwzNC9scrgzlQj0oiNO0BvW3fuGH+Z8eDOWZa9eOt8DR37jikaz946ap+Gesfgfa/cNYdT51aeoKVi3jo86mD3oNA+5fD20pVR6bpj6OTJ20cEheHeGGnrGbfO0S9hL5vJT9X/1t0TNUShO5bTfeHu8Ve/TdqP3zp2X72ApSM3H7513JuyuIuh9SVht8f8/wMAAP//54Zd9Q==" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mnq25jVTp9+9XUN6HdbYslS9JNtmH/Sqxk6zO+nZiJzlPkfEMHrEeDSqGkazz60/RwAAzaEaDnK19cZU1dDc0TdNAXyRLU51sCUZx4O3XZq6S51sXW3L4x96awEH+Euu927vxsEfn/cuvZy/sZi+PxlRgQZduzPyScJBPXDzSIoM3vb1ztto7QHsXJKXVfE9J894fNJvtwRTIYxpaHstJrdVnjREkARLjGOPC+Ls4tASQsrhOxofaZ2sNwQC6srmzsgCDbezNkVtXWragJWKrAjIKpmiOC5yp+LqPk883t+Mrnh2gSZGM0T78IJUn+nIzUuHzBYN8UQ/UOWrxDBd1Iv/VjEllQEsTJiMYmpF8AXq/EoSjkiQgnNKyBT0hra8FK9ziAQTPS4QTzkplOK8Yz9MNIlos03FBSzHO2BLuLEZaFYG4tpWBuibbTlT1lPxA66Ke9aCFAe5OknugKMwmaAoDcPsohuReyjgVeiIQJxlWlckcFRDHwZYRL8kkNekgF0eSIb+he1VoDRfJjHH17ygxR2Z9H/letfE48zvgPjXe0LpQ2T2Uu9IFwoy/DCylPNdxFHIy4BIudHuo7k1NjsyO6fP68ofJqalnSN++epjvoZgZnZP/mhdVgxjntA7AWGAx+01feTYaz2mmjuS/IcEr4mNXY/HQMjexgPpn2juS360eMJwFiwt2gaziwE5FLDS+FtPaY5O8ddt1DguQBmejjTg4dZ3YJYNLCMQe06IU2B4fe/kEqWcVLDKwiKZGqJOcVamV31P5r9lGuFykOMUCh0X6Qn9VtkDigcJ50yZrwGk6hQZTg1K2TEhZqrOGkXBv1AAwXnAmJcI6TtnQP/Vl9NQtH+5jvQaR6+wTuPGqEavjToA4neOMBEjjOR3h+yQ9Oj4JakNLfSIxoMlZfYxWfDJToWXzJ/ROigk0YnnqrhLTIcm4cc0SYHKPnAUbd8qZQ8N00B6xu8nUA6rbD6a0xdJp0Np2/TjU5jiZ0YKAgtmKmAYYOwDb0nJPBdMttGk31LZUtYxvO3Gt9bUtHU4ya/R20/CaBvEbfZSy5BFkVSukM/N/YHmpb6gUWMhtNc9VBgXQRuqbXNfljHExVduCtYvMLq7ojWpltGG3rbuFAo97PoinRNTW5NbUDTPLYVgYJMi0DaSkxhlODTSds6AGUm1Abkc0npwO4kE/odursytp2KykdT7HkL6yJP/f6otnZaBuSwNt1ueo1umqC2MjuXI/t3L7h/ovgGRSPDBXWvW2IMGR0TWOgMrfg+Kp940PpzdunVlaGKOHJOV4Pdd5hX/ST7hYV7qVRx8L2XDCZXXygM2SvnlqPE/ZcNLbPvY+WI7AQ5Gd9jZdVo7vK5q3SbZntN69947enB0dvt3brjtXNwgouNfm4Y4kLCXBddDVl1JwIpLZ9p0xVJSrfbGuJfCxuie8IALeMbQc/un+FsBrv9fGnm+5WaTIlcJurWqBejWr1+lumWtyfMHSsNoZtJgdDiyYSpXfnlxJqgro8FhK1yxFXyZnbULyb7nAyfMNymJsE2NpS+XvSMz47bWJaXX5y86K2fk8nePFghaZbrv3y5aryOmx3kjmeNHuMvjjq9ewf1y/nb6FO88JpNQviXjeKbZ4N0x0ShY5W0M6k2clbPFuICwNQfJQ5c8+ZAfxBtI9dlAs4RptL9mw0bc7XYVXbzBal9vd5br+IYBXf7T7Sn2oDe0DFjcatAmQp23NTk1hTJ5IUgnnNRMFTE894r9Yzh4pHuFKsJSW8FBhh/8v9RWd6S9r5LZDzsm79/YkgMrdhXU/apSbbgV1u7G6YvLfJQZcqRlHTe2OwR7qDjjummGatOsqeQO5DziZ6egTlWCqdg7RpYB0JDWhkO2nrsivC7GUAnNRLbw7TaRSGcyVX0p9KSh0Ak08J0IOjOu3Kpg3KO5PVB4K9YP890A7P0DX4IYb5xBKXqpL78n1gblaAnGn6QHEl8HjldcluOoWJXAmzEKdu27BWVolYjgjwZuvXrsajTQT67F1kY0WF4/sz2XtgbzvUH7RQ9pxfBhIWcEaVtvhO7JQIl4VhSppEu6HSQE4mPqXz+c6CbM8qgA5La3Qky6mJxXfvjaIpfqtTnplxrfCZS3i+kiJKzEjhah9OlWCIqPWVrTIWWYV2d43+OGeYLEX1lY6ZL2OG/umXODRB3ipOGfZxlvcnGXjB5qTsZMrKMRj/WreFVngc959x4CMdDYDlaqMgvVdECRTtiNETtEQrpPVmeyCOsquQGOyFE+AtvF6oF48GmFcUmOvOBVE7x69fed4hf5zcW7zTHmut2oQ7B4EWQ9CM7xR9KTOXAUJ/Ow7ksTViAsoTeJJ8zavMVotbKYSvbueoP0LyFDLHkQ9119pKU+HRYoKsiL8xbiRPcsNXjWp/uQGph/V1BOtdpZW7kTwuSQC+nSnYaZP81zx0ZYGwWVLi7OFDdYtIHf2kqYVNo9nUuz8/EV9/IbiJRDJC3cynFX3OSlnjAk3c8ai4gtWklIlFoIN3OTRNaXTVa0yOTRH6GqlMF9gN6OdfjB3EcmOQloinBVM5UW+z8m8+Y5VL2IUNJg2SN+7PDc9rf33dR9aa9p9n0cz8OFwxC50C4QX1DGq7JJ2VkVH38xM1TMIkgjetyZXE6xqleojYTxVs1DnX9YFqDAnHs69FS0AZ86yvfrGrT1cSY1xtGfaZrSw7T2MNYxsIuEcWTOjaLUBtZSSkmaF1tKmCzcq0/vx4eGJh8Zpcnx4eNhe05Du1FufB45E6yF4KKmfB11pStOpMbpqoIOAaAy2kqHtodP9OOjgqFpX6dhdDdK8mmN4ec/XHkJlL5Ta8IP5Z5AeUvLLqOt6eGXgIg4ngi6pWE+3uq8Jbzs9QvoOZTm7h9jsVqh8q2aDcGr+m76B3HoodbppAJbLDhL9QKpvcJcA88IhAk3cTE7+sRNZSqFTo/JemW55Vo1dxu4GXXvMwABVPBDkUneWMlTsVOVbmntTzSEpBivlDKKrqwAVqV1VGje1W975b+x3AS4Auql+3fZZMPRmJ0qGakVn46hkZ5qbqqmjhWwdLSkQHirINAFDuYPDy5pVICAJXgh1RFK8g02GFcY+L5WfjYdKsJA6qU9M4Ox1Z1l3B3QkQ1N0B62O7g78vsGvx3dO7uoDdE8SLNe0VfQOBYmxKhROWvgigHlOwUlZD4A91IbRoBl2N8reedLp9+HRhDzNcFVCzhfIy8Ue3K7Xqxe2q0bnDV/VSh+j92s0w0ttjZXERiOq/VYbA4LMF7lK6EV8TelmMaQFSnE5u2eYp6X2hYOnpFFOMIeTz1/s3onoa1+ouJx7550ernHyiDNy2VQxmzWGxfSeFpivI8BEDk+uX0rCJ8WiErc0hjpj4oKlcYC39sF/AGBF8/Rro/rXtsCn0jgshnPrlHFegfC+A1fzG+GW7dsaCycw3V9EEsXss1aU3hBYYfNxDQFb0iROMC3oOSmyhkLdHkEkpySolpIL/FdDBw9HQYsYFJwuI3knIfmOoLFsl1++4uGy8qEQfH3KqkIMB30SHE+KBzYY8iOmecXjuOzARvLqI81JrC76SAucS0VSlYNhPzV21+2gJmlOJvNFTuoC4lEoQPnFzfNkviC8ZKrq+zlZkuFSNjFxIZHgi3cqY2AE5LVNfr092J9kHSlc57gUcpv8xFgaBXwzq0TKVkUcgvkuVsk5y1jxyX/QHwA5iYTTL2LxXY4ySWCDiVUDF/iJzqv5ta1mdU14QiIW1wUtnhfT7YwzIfJd0MTz5ZKs9GxGCIMFjhKFS7JSqaCjJPiSrKKMlks2l1vCR0g8VyTDrdRLeEwcDHaVpzuM9ipPo0Z7pS/45RYaNUnXOEKnOotjx53wmpMlZVW5q1Fv8EQC65DYc1oOX5/x62uXxaVh46ZPw0bI6bX35DsArsJxts51ha9ZTpN1BH///RBtVn4muIwAAw2AY4newLn0fc6Sx1s3scrW8CqDZpQ8adjormsjSR3so/Z/gwJu5U9jbkMMhtjJo1mBRcUjCBvIyIPIDbxqDAcTmMddOMXdvMSOTrBFXC9VsV1Vuy9OqhWGWGtYg38pI28RHPibCGV7exPR51vMM7ILzxSCqGsEBRp/anHgo0eu3ih3GHn0bFvwqMmG4hs4vyEQxh0zfvZIig85WeJoHXzLcVHOqRAk1RvC8OUey4DYrecb449lpPmpnoLiwI7jwE7iwF7Ggb2KA3sdB/ZrHNibTrD/a8Ko97KBr+Yxnh32HVv5b6hyObTtkaITWbluOoF3Pt29clC/B77UGhr2dU8wkzhx7ST/bHUumeGi8G4Cf+gzu6Jm/N5ooj0H1BN77Rc3dssUUV8VsaLGJjE7Pn/63TdnWXlnItggMUZhPC+te1aAE6oPP1a+9DgnZ75rV84yz2EIssDUTOFSL/s6zknoCsCWhdol+ki9ZzPwxFSflGyo7w2js4Q7E0Fxnq9NmbsGQk5wMtPeInN16abnZ//4+8nxdw+fcWFquxjJTh1/f/3ye7eb0wv/kR4mmzyJRp+gLNQ9QYfB2cyxIOn0n+htY/okpxEWgYcuYYXgLIfFAPXIHwjnsKDHWoZgZMYjR5WMFjOiizWJWWPBuF45QJ9ydOew5c7Vd4G4wUXin8meXXcpCk3HAqWw0C0uH5Uoq1YQIbpeKM8so+lC41WBCTnTHsYaK15AdJCoS1ND2VbfNdfDlrMsI2mALybUYZptF3j394hWnRoDPqrOt5bSpr3ARKAsAgNyapLuNNmaxpTWhSBPcyoZr30MP1eFoHNi7qq6GP+D3cMCm7ujqNF+U5wYr0uZSOYHpMhRqy8CAxO4fPyR60zi/2evMhWpofOOK7I6wKi9k+yzAi048d3BfEuh6Y0KuWH1dqpMOOPJ1rEYxAwskuFLooWx9oJrYfp7HfrQ7g59joddgHW6ypRRVDvJtC1WMzoavRodH41OXr08enly+Pb4zej48NXRr0dHx0eHo6OTt0cnb16evH47OrKZTbdgiZEfmyrNatj9m8nZizpIKklYVQiEy5IlFLbgFmNAoprqFamcAb6zfcEgFxvLl2pd3EzOwKoDFh6o/RyMWlulq+G4CB9UOTftvah+kjy+M956xkRi6nBvjWWnGIDTxzWrUB0f6HTY9lYup5vJWXmAOFlSstLrP0MPDRefRLm6l8rI0Xn8daiATtW/SXS2VOwdE9sugORPWniivE40Kqv+AH2sS/HVRQ42CJjT1831/7yuC/8K6Pk3Ep1vvL/DgR4uW9c9uxgYt05dHhsNWgv4z9pfleozn85jRcr6+OFks9LBZya6woafnZMMJ160jIng3RSJphqQEqlMjsyL73o9ftK5rxlVxTmc8ByTsx1wLW1BEgs/dnKlqCBcjYEWKXmyDrmrmT403tXBw+PXU8Gmv45VdJMOYoKLDSI2HJPDcbyiPzuVCv8Z24ibzrxN7WNaH94WQCf+UExBD4UQSCeNxv1UD/pG607MjRukHsyN1p2Yc5YNYYl3WdSTiKsscUamhHPWlwgO2ow1xDbI9VVN4Xps9HS9ebvTg3/T5UEvlU2AnfS8M3YPCa9tJ9bQCbUHeQikj4Y+zm1NoHHE7ESvzmADJDR0OOxOXWkPXT2onZbdGOHAMJgjzXNGJ42whb2JkiEVhuon5JlCPcNpA/Tj3343aTbvxB3KF7ARs9+4E+/TPO9TaKEg7CbO/wUAAP//HaisWQ==" } diff --git a/x-pack/functionbeat/docs/fields.asciidoc b/x-pack/functionbeat/docs/fields.asciidoc index 51b702d161d2..35082d9f8541 100644 --- a/x-pack/functionbeat/docs/fields.asciidoc +++ b/x-pack/functionbeat/docs/fields.asciidoc @@ -374,6 +374,13 @@ example: Google LLC -- +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + [float] === client @@ -414,6 +421,13 @@ example: Google LLC -- +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`client.bytes`*:: + -- @@ -644,6 +658,13 @@ example: Albert Einstein -- +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + *`client.user.group.domain`*:: + -- @@ -702,6 +723,13 @@ example: albert -- +*`client.user.name.text`*:: ++ +-- +type: text + +-- + [float] === cloud @@ -886,6 +914,13 @@ example: Google LLC -- +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + *`destination.bytes`*:: + -- @@ -1116,6 +1151,13 @@ example: Albert Einstein -- +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + *`destination.user.group.domain`*:: + -- @@ -1174,6 +1216,13 @@ example: albert -- +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + [float] === dns @@ -1286,7 +1335,7 @@ example: QUERY *`dns.question.class`*:: + -- -The class of of records being queried. +The class of records being queried. type: keyword @@ -1453,6 +1502,13 @@ type: keyword -- +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + *`error.type`*:: + -- @@ -1486,12 +1542,13 @@ example: user-password-change *`event.category`*:: + -- -Event category. -This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. type: keyword -example: user-management +example: authentication -- @@ -1517,6 +1574,8 @@ In case the two timestamps are identical, @timestamp should be used. type: date +example: 2016-05-23 08:05:34.857000 + -- *`event.dataset`*:: @@ -1575,15 +1634,29 @@ example: 8a4f500d -- +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23 08:05:35.101000 + +-- + *`event.kind`*:: + -- -The kind of the event. -This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. type: keyword -example: state +example: alert -- @@ -1614,8 +1687,8 @@ example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0&# *`event.outcome`*:: + -- -The outcome of the event. -If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represent a success or a failure. Note that not all events will have an associated outcome. For example, this field is generally not populated for metric events or events with `event.type:info`. type: keyword @@ -1703,8 +1776,9 @@ type: keyword *`event.type`*:: + -- -Reserved for future usage. -Please avoid using this field for user data. +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. type: keyword @@ -1727,6 +1801,18 @@ type: date -- +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + *`file.created`*:: + -- @@ -1761,7 +1847,7 @@ example: sda *`file.directory`*:: + -- -Directory where the file is located. +Directory where the file is located. It should include the drive letter, when appropriate. type: keyword @@ -1769,6 +1855,18 @@ example: /home/alice -- +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + *`file.extension`*:: + -- @@ -1894,7 +1992,7 @@ example: alice *`file.path`*:: + -- -Full path to the file. +Full path to the file, including the file name. It should include the drive letter, when appropriate. type: keyword @@ -1902,6 +2000,13 @@ example: /home/alice/example.png -- +*`file.path.text`*:: ++ +-- +type: text + +-- + *`file.size`*:: + -- @@ -1923,6 +2028,13 @@ type: keyword -- +*`file.target_path.text`*:: ++ +-- +type: text + +-- + *`file.type`*:: + -- @@ -2137,6 +2249,18 @@ example: x86_64 -- +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + *`host.geo.city_name`*:: + -- @@ -2298,6 +2422,13 @@ example: Mac OS Mojave -- +*`host.os.full.text`*:: ++ +-- +type: text + +-- + *`host.os.kernel`*:: + -- @@ -2320,6 +2451,13 @@ example: Mac OS X -- +*`host.os.name.text`*:: ++ +-- +type: text + +-- + *`host.os.platform`*:: + -- @@ -2393,6 +2531,13 @@ example: Albert Einstein -- +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + *`host.user.group.domain`*:: + -- @@ -2451,6 +2596,13 @@ example: albert -- +*`host.user.name.text`*:: ++ +-- +type: text + +-- + [float] === http @@ -2481,6 +2633,13 @@ example: Hello world -- +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + *`http.request.bytes`*:: + -- @@ -2541,6 +2700,13 @@ example: Hello world -- +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + *`http.response.bytes`*:: + -- @@ -3033,6 +3199,13 @@ example: Mac OS Mojave -- +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + *`observer.os.kernel`*:: + -- @@ -3055,6 +3228,13 @@ example: Mac OS X -- +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + *`observer.os.platform`*:: + -- @@ -3154,6 +3334,13 @@ type: keyword -- +*`organization.name.text`*:: ++ +-- +type: text + +-- + [float] === os @@ -3182,6 +3369,13 @@ example: Mac OS Mojave -- +*`os.full.text`*:: ++ +-- +type: text + +-- + *`os.kernel`*:: + -- @@ -3204,6 +3398,13 @@ example: Mac OS X -- +*`os.name.text`*:: ++ +-- +type: text + +-- + *`os.platform`*:: + -- @@ -3243,6 +3444,18 @@ example: x86_64 -- +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + *`package.checksum`*:: + -- @@ -3319,6 +3532,17 @@ example: /usr/local/Cellar/go/1.12.9/ -- +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + *`package.size`*:: + -- @@ -3332,6 +3556,18 @@ format: string -- +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + *`package.version`*:: + -- @@ -3353,12 +3589,43 @@ These fields can help you correlate metrics information with a process id/name f *`process.args`*:: + -- -Array of process arguments. +Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. type: keyword -example: ['ssh', '-l', 'user', '10.0.0.16'] +example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text -- @@ -3373,6 +3640,25 @@ example: /usr/bin/ssh -- +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + *`process.hash.md5`*:: + -- @@ -3421,64 +3707,281 @@ example: ssh -- -*`process.pgid`*:: +*`process.name.text`*:: + -- -Identifier of the group of processes the process belongs to. - -type: long - -format: string +type: text -- -*`process.pid`*:: +*`process.parent.args`*:: + -- -Process id. - -type: long +Array of process arguments. +May be filtered to protect sensitive information. -example: 4242 +type: keyword -format: string +example: ['ssh', '-l', 'user', '10.0.0.16'] -- -*`process.ppid`*:: +*`process.parent.args_count`*:: + -- -Parent process' pid. +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. type: long -example: 4241 - -format: string +example: 4 -- -*`process.start`*:: +*`process.parent.command_line`*:: + -- -The time the process started. +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. -type: date +type: keyword -example: 2016-05-23T08:05:34.853Z +example: /usr/bin/ssh -l user 10.0.0.16 -- -*`process.thread.id`*:: +*`process.parent.command_line.text`*:: + -- -Thread ID. - -type: long +type: text -example: 4242 +-- -format: string +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string -- @@ -3503,6 +4006,13 @@ type: keyword -- +*`process.title.text`*:: ++ +-- +type: text + +-- + *`process.uptime`*:: + -- @@ -3525,42 +4035,679 @@ example: /home/alice -- +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + [float] -=== related +=== registry -This field set is meant to facilitate pivoting around a piece of data. -Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. -A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. +Fields related to Windows Registry operations. -*`related.ip`*:: +*`registry.data.bytes`*:: + -- -All of the IPs seen on your event. +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. -type: ip +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= -- -[float] -=== server +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). -A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. -For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. +type: keyword +example: ["C:\rta\red_ttp\bin\myapp.exe"] -*`server.address`*:: +-- + +*`registry.data.type`*:: + -- -Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +Standard registry type for encoding contents type: keyword +example: REG_SZ + -- -*`server.as.number`*:: +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.ip`*:: ++ +-- +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. + +type: keyword + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.google.com" is "google.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: google.com + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +One or multiple unique identifiers of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields describe details about the source of a packet/event. +Source fields are usually populated in conjunction with destination fields. + + +*`source.address`*:: ++ +-- +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`source.as.number`*:: + -- Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. @@ -3571,7 +4718,7 @@ example: 15169 -- -*`server.as.organization.name`*:: +*`source.as.organization.name`*:: + -- Organization name. @@ -3582,10 +4729,17 @@ example: Google LLC -- -*`server.bytes`*:: +*`source.as.organization.name.text`*:: + -- -Bytes sent from the server to the client. +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. type: long @@ -3595,16 +4749,16 @@ format: bytes -- -*`server.domain`*:: +*`source.domain`*:: + -- -Server domain. +Source domain. type: keyword -- -*`server.geo.city_name`*:: +*`source.geo.city_name`*:: + -- City name. @@ -3615,7 +4769,7 @@ example: Montreal -- -*`server.geo.continent_name`*:: +*`source.geo.continent_name`*:: + -- Name of the continent. @@ -3626,7 +4780,7 @@ example: North America -- -*`server.geo.country_iso_code`*:: +*`source.geo.country_iso_code`*:: + -- Country ISO code. @@ -3637,7 +4791,7 @@ example: CA -- -*`server.geo.country_name`*:: +*`source.geo.country_name`*:: + -- Country name. @@ -3648,7 +4802,7 @@ example: Canada -- -*`server.geo.location`*:: +*`source.geo.location`*:: + -- Longitude and latitude. @@ -3659,7 +4813,7 @@ example: { "lon": -73.614830, "lat": 45.505918 } -- -*`server.geo.name`*:: +*`source.geo.name`*:: + -- User-defined description of a location, at the level of granularity they care about. @@ -3672,7 +4826,7 @@ example: boston-dc -- -*`server.geo.region_iso_code`*:: +*`source.geo.region_iso_code`*:: + -- Region ISO code. @@ -3683,7 +4837,7 @@ example: CA-QC -- -*`server.geo.region_name`*:: +*`source.geo.region_name`*:: + -- Region name. @@ -3694,39 +4848,39 @@ example: Quebec -- -*`server.ip`*:: +*`source.ip`*:: + -- -IP address of the server. +IP address of the source. Can be one or multiple IPv4 or IPv6 addresses. type: ip -- -*`server.mac`*:: +*`source.mac`*:: + -- -MAC address of the server. +MAC address of the source. type: keyword -- -*`server.nat.ip`*:: +*`source.nat.ip`*:: + -- -Translated ip of destination based NAT sessions (e.g. internet to private DMZ) -Typically used with load balancers, firewalls, or routers. +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. type: ip -- -*`server.nat.port`*:: +*`source.nat.port`*:: + -- -Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. type: long @@ -3735,10 +4889,10 @@ format: string -- -*`server.packets`*:: +*`source.packets`*:: + -- -Packets sent from the server to the client. +Packets sent from the source to the destination. type: long @@ -3746,10 +4900,10 @@ example: 12 -- -*`server.port`*:: +*`source.port`*:: + -- -Port of the server. +Port of the source. type: long @@ -3757,10 +4911,10 @@ format: string -- -*`server.registered_domain`*:: +*`source.registered_domain`*:: + -- -The highest registered server domain, stripped of the subdomain. +The highest registered source domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". @@ -3770,7 +4924,7 @@ example: google.com -- -*`server.top_level_domain`*:: +*`source.top_level_domain`*:: + -- The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". @@ -3782,7 +4936,7 @@ example: co.uk -- -*`server.user.domain`*:: +*`source.user.domain`*:: + -- Name of the directory the user is a member of. @@ -3792,7 +4946,7 @@ type: keyword -- -*`server.user.email`*:: +*`source.user.email`*:: + -- User email address. @@ -3801,7 +4955,7 @@ type: keyword -- -*`server.user.full_name`*:: +*`source.user.full_name`*:: + -- User's full name, if available. @@ -3812,7 +4966,14 @@ example: Albert Einstein -- -*`server.user.group.domain`*:: +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: + -- Name of the directory the group is a member of. @@ -3822,7 +4983,7 @@ type: keyword -- -*`server.user.group.id`*:: +*`source.user.group.id`*:: + -- Unique identifier for the group on the system/platform. @@ -3831,7 +4992,7 @@ type: keyword -- -*`server.user.group.name`*:: +*`source.user.group.name`*:: + -- Name of the group. @@ -3840,7 +5001,7 @@ type: keyword -- -*`server.user.hash`*:: +*`source.user.hash`*:: + -- Unique user hash to correlate information for a user in anonymized form. @@ -3850,7 +5011,7 @@ type: keyword -- -*`server.user.id`*:: +*`source.user.id`*:: + -- One or multiple unique identifiers of the user. @@ -3859,7 +5020,7 @@ type: keyword -- -*`server.user.name`*:: +*`source.user.name`*:: + -- Short name or login of the user. @@ -3870,506 +5031,422 @@ example: albert -- -[float] -=== service - -The service fields describe the service for or from which the data was collected. -These fields help you find and correlate logs for a specific service and version. - - -*`service.ephemeral_id`*:: +*`source.user.name.text`*:: + -- -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. - -type: keyword - -example: 8a4f500f - --- +type: text -*`service.id`*:: -+ -- -Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. -This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. -Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. -type: keyword +[float] +=== threat -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). --- -*`service.name`*:: +*`threat.framework`*:: + -- -Name of the service data is collected from. -The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. -In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. type: keyword -example: elasticsearch-metrics +example: MITRE ATT&CK -- -*`service.node.name`*:: +*`threat.tactic.id`*:: + -- -Name of a service node. -This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. -In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. +The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: instance-0000000016 - --- - -*`service.state`*:: -+ --- -Current state of the service. - -type: keyword +example: TA0040 -- -*`service.type`*:: +*`threat.tactic.name`*:: + -- -The type of the service data is collected from. -The type can be used to group and correlate logs and metrics from one service type. -Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. +Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: elasticsearch +example: impact -- -*`service.version`*:: +*`threat.tactic.reference`*:: + -- -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) type: keyword -example: 3.2.4 +example: https://attack.mitre.org/tactics/TA0040/ -- -[float] -=== source - -Source fields describe details about the source of a packet/event. -Source fields are usually populated in conjunction with destination fields. - - -*`source.address`*:: +*`threat.technique.id`*:: + -- -Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. -Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. +The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword --- - -*`source.as.number`*:: -+ --- -Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - -type: long - -example: 15169 +example: T1499 -- -*`source.as.organization.name`*:: +*`threat.technique.name`*:: + -- -Organization name. +The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Google LLC - --- - -*`source.bytes`*:: -+ --- -Bytes sent from the source to the destination. - -type: long - -example: 184 - -format: bytes +example: endpoint denial of service -- -*`source.domain`*:: +*`threat.technique.name.text`*:: + -- -Source domain. - -type: keyword +type: text -- -*`source.geo.city_name`*:: +*`threat.technique.reference`*:: + -- -City name. +The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) type: keyword -example: Montreal - --- +example: https://attack.mitre.org/techniques/T1499/ -*`source.geo.continent_name`*:: -+ -- -Name of the continent. -type: keyword +[float] +=== tls -example: North America +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. --- -*`source.geo.country_iso_code`*:: +*`tls.cipher`*:: + -- -Country ISO code. +String indicating the cipher used during the current connection. type: keyword -example: CA +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -- -*`source.geo.country_name`*:: +*`tls.client.certificate`*:: + -- -Country name. +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. type: keyword -example: Canada - --- - -*`source.geo.location`*:: -+ --- -Longitude and latitude. - -type: geo_point - -example: { "lon": -73.614830, "lat": 45.505918 } +example: MII... -- -*`source.geo.name`*:: +*`tls.client.certificate_chain`*:: + -- -User-defined description of a location, at the level of granularity they care about. -Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. -Not typically used in automated geolocation. +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. type: keyword -example: boston-dc +example: ['MII...', 'MII...'] -- -*`source.geo.region_iso_code`*:: +*`tls.client.hash.md5`*:: + -- -Region ISO code. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: CA-QC +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC -- -*`source.geo.region_name`*:: +*`tls.client.hash.sha1`*:: + -- -Region name. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: Quebec - --- - -*`source.ip`*:: -+ --- -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. - -type: ip +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -*`source.mac`*:: +*`tls.client.hash.sha256`*:: + -- -MAC address of the source. +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + -- -*`source.nat.ip`*:: +*`tls.client.issuer`*:: + -- -Translated ip of source based NAT sessions (e.g. internal client to internet) -Typically connections traversing load balancers, firewalls, or routers. +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. -type: ip +type: keyword + +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`source.nat.port`*:: +*`tls.client.ja3`*:: + -- -Translated port of source based NAT sessions. (e.g. internal client to internet) -Typically used with load balancers, firewalls, or routers. +A hash that identifies clients based on how they perform an SSL/TLS handshake. -type: long +type: keyword -format: string +example: d4e5b18d6b55c71272893221c96ba240 -- -*`source.packets`*:: +*`tls.client.not_after`*:: + -- -Packets sent from the source to the destination. +Date/Time indicating when client certificate is no longer considered valid. -type: long +type: date -example: 12 +example: 2021-01-01T00:00:00.000Z -- -*`source.port`*:: +*`tls.client.not_before`*:: + -- -Port of the source. +Date/Time indicating when client certificate is first considered valid. -type: long +type: date -format: string +example: 1970-01-01T00:00:00.000Z -- -*`source.registered_domain`*:: +*`tls.client.server_name`*:: + -- -The highest registered source domain, stripped of the subdomain. -For example, the registered domain for "foo.google.com" is "google.com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". +Also called an SNI, this tells the server which hostname to which the client is attempting to connect. When this value is available, it should get copied to `destination.domain`. type: keyword -example: google.com +example: www.elastic.co -- -*`source.top_level_domain`*:: +*`tls.client.subject`*:: + -- -The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". -This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". +Distinguished name of subject of the x.509 certificate presented by the client. type: keyword -example: co.uk +example: CN=myclient, OU=Documentation Team, DC=mydomain, DC=com -- -*`source.user.domain`*:: +*`tls.client.supported_ciphers`*:: + -- -Name of the directory the user is a member of. -For example, an LDAP or Active Directory domain name. +Array of ciphers offered by the client during the client hello. type: keyword +example: ['TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', '...'] + -- -*`source.user.email`*:: +*`tls.curve`*:: + -- -User email address. +String indicating the curve used for the given cipher, when applicable. type: keyword +example: secp256r1 + -- -*`source.user.full_name`*:: +*`tls.established`*:: + -- -User's full name, if available. +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. -type: keyword - -example: Albert Einstein +type: boolean -- -*`source.user.group.domain`*:: +*`tls.next_protocol`*:: + -- -Name of the directory the group is a member of. -For example, an LDAP or Active Directory domain name. +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: keyword +example: http/1.1 + -- -*`source.user.group.id`*:: +*`tls.resumed`*:: + -- -Unique identifier for the group on the system/platform. +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. -type: keyword +type: boolean -- -*`source.user.group.name`*:: +*`tls.server.certificate`*:: + -- -Name of the group. +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. type: keyword +example: MII... + -- -*`source.user.hash`*:: +*`tls.server.certificate_chain`*:: + -- -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. type: keyword +example: ['MII...', 'MII...'] + -- -*`source.user.id`*:: +*`tls.server.hash.md5`*:: + -- -One or multiple unique identifiers of the user. +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + -- -*`source.user.name`*:: +*`tls.server.hash.sha1`*:: + -- -Short name or login of the user. +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. type: keyword -example: albert +example: 9E393D93138888D288266C2D915214D1D1CCEB2A -- -[float] -=== threat +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. -Fields to classify events and alerts according to a threat taxonomy such as the Mitre ATT&CK framework. -These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). +type: keyword +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 -*`threat.framework`*:: +-- + +*`tls.server.issuer`*:: + -- -Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. +Subject of the issuer of the x.509 certificate presented by the server. type: keyword -example: MITRE ATT&CK +example: CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.tactic.id`*:: +*`tls.server.ja3s`*:: + -- -The id of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +A hash that identifies servers based on how they perform an SSL/TLS handshake. type: keyword -example: TA0040 +example: 394441ab65754e2207b1e1b457b3641d -- -*`threat.tactic.name`*:: +*`tls.server.not_after`*:: + -- -Name of the type of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is no longer considered valid. -type: keyword +type: date -example: impact +example: 2021-01-01T00:00:00.000Z -- -*`threat.tactic.reference`*:: +*`tls.server.not_before`*:: + -- -The reference url of tactic used by this threat. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/ ) +Timestamp indicating when server certificate is first considered valid. -type: keyword +type: date -example: https://attack.mitre.org/tactics/TA0040/ +example: 1970-01-01T00:00:00.000Z -- -*`threat.technique.id`*:: +*`tls.server.subject`*:: + -- -The id of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Subject of the x.509 certificate presented by the server. type: keyword -example: T1499 +example: CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com -- -*`threat.technique.name`*:: +*`tls.version`*:: + -- -The name of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Numeric part of the version parsed from the original string. type: keyword -example: endpoint denial of service +example: 1.2 -- -*`threat.technique.reference`*:: +*`tls.version_protocol`*:: + -- -The reference url of technique used by this tactic. You can use the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/ ) +Normalized lowercase protocol name parsed from original string. type: keyword -example: https://attack.mitre.org/techniques/T1499/ +example: tls -- @@ -4455,6 +5532,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top -- +*`url.full.text`*:: ++ +-- +type: text + +-- + *`url.original`*:: + -- @@ -4468,6 +5552,13 @@ example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elas -- +*`url.original.text`*:: ++ +-- +type: text + +-- + *`url.password`*:: + -- @@ -4592,6 +5683,13 @@ example: Albert Einstein -- +*`user.full_name.text`*:: ++ +-- +type: text + +-- + *`user.group.domain`*:: + -- @@ -4650,6 +5748,13 @@ example: albert -- +*`user.name.text`*:: ++ +-- +type: text + +-- + [float] === user_agent @@ -4682,7 +5787,7 @@ example: Safari *`user_agent.original`*:: + -- -Unparsed version of the user_agent. +Unparsed user_agent string. type: keyword @@ -4690,6 +5795,13 @@ example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605. -- +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.family`*:: + -- @@ -4712,6 +5824,13 @@ example: Mac OS Mojave -- +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.kernel`*:: + -- @@ -4734,6 +5853,13 @@ example: Mac OS X -- +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + *`user_agent.os.platform`*:: + -- @@ -4767,6 +5893,165 @@ example: 12.0 -- +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + [[exported-fields-functionbeat]] == Functionbeat fields diff --git a/x-pack/functionbeat/include/fields.go b/x-pack/functionbeat/include/fields.go index 90e2fe11e14c..ce881d240172 100644 --- a/x-pack/functionbeat/include/fields.go +++ b/x-pack/functionbeat/include/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzsvWtzIzeyIPrdvwJXE7FqeanSo9XPjdlzNVLb1p1+6LTk45lZb4hgFUjCqgLKAEps+sb97zeQiVc9KFFtsd2e1ZwTbpGsAhKJRCLf+Rfy0/HH92fvv/+/yKkkQhrCCm6ImXNNprxkpOCK5aZcjgg3ZEE1mTHBFDWsIJMlMXNG3pxckFrJX1huRt/8hUyoZgWRAr6/YUpzKchBdpjtZ9/8hZyXjGpGbrjmhsyNqfXrvb0ZN/NmkuWy2mMl1YbneyzXxEiim9mMaUPyORUzBl/ZYaeclYXOvvlml1yz5WvCcv0NIYabkr22D3xDSMF0rnhtuBTwFfnOvUPc26+/IWSXCFqx12T7/za8YtrQqt7+hhBCSnbDytckl4rBZ8V+bbhixWtiVINfmWXNXpOCGvzYmm/7lBq2Z8ckizkTgCZ2w4QhUvEZFxZ92TfwHiGXFtdcw0NFeI99MormFs1TJas4wshOzHNalkuiWK2YZsJwMYOJ3IhxusEN07JROQvzn02TF/A3MqeaCOmhLUlAzwhJ44aWDQOgAzC1rJvSTuOGdZNNudIG3u+ApVjO+E2EquY1K7mIcH10OMf9IlOpCC1LHEFnuE/sE61qu+nbh/sHz3f3n+0ePr3cf/l6/9nrp0fZy2dP/7WdbHNJJ6zUgxuMuyknlorhC/zzCr+/ZsuFVMXARp802sjKPrCHOKkpVzqs4YQKMmGksUfCSEKLglTMUMLFVKqK2kHs925N5GIum7KAY5hLYSgXRDBttw7BAfK1/zsuS9wDTahiRBtpEUW1hzQA8MYjaFzI/JqpMaGiIOPrl3rs0NHBpHuP1nXJc4qrnEq5O6HK/cTEzWt74Ismtz8n+K2Y1nTGbkGwYZ/MABa/k4qUcubwAOTgxnKb77CBP9kn3c8jImvDK/5bIDtLJjecLeyR4IJQeNp+wVRAip1OG9XkprFoK+VMkwU3c9kYQkWk+hYMIyLNnCnHPUiOO5tLkVPDREL4RlogKkLJvKmo2FWMFnRSMqKbqqJqSWRy4NJTWDWl4XUZ1q4J+8S1PfFztowTVhMuWEG4MJJIEZ7unogfWFlK8pNUZZFskaGz2w5ASuh8JqRiV3Qib9hrcrB/eNTfubdcG7se954OlG7ojDCaz/0q24f1f21F+tkakS0mbg63/nd6VOmMCaQUx9WPwxczJZv6NTkcoKPLOcM3wy65U+R4KyV0YjcZueDULOzhsfzT2Ptt6mlfLC3OqT2EZWmP3YgUzOAfUhE50Uzd2O1BcpWWzObS7pRUxNBrpknFqG4Uq+wDbtjwWPdwasJFXjYFI39j1LIBWKsmFV0SWmpJVCPs225epTO40GCh2bduqW5IPbc8csIiOwbKtvBTXmpPe4gk1Qhhz4lEBFnYkvX5876YM5Uy7zmta2Yp0C4WTmpYKjB2iwDhqHEqpRHS2D33i31NznC63AoCcoqLhnNrD+IowpdZUiBOEJkwarLk/B6fvwORxF2c7QW5Had1vWeXwnOWkUgbKfMtJPOoA64LcgbhU6QWrom9XomZK9nM5uTXhjV2fL3UhlWalPyakb/T6TUdkY+s4EgftZI505qLmd8U97hu8rll0m/lTBuq5wTXQS4A3Q5leBCByBGFQVqJp4PVc1YxRcsr7rmOO8/sk2GiiLyod6pXnuvuWXrj5yC8sEdkyplC8uHaIfIJnwIHAjaldwJde5nG3mSqAunAC3A0V1Lby18bqux5mjSGjHG7eTGG/bA74ZCRMI2X9Gj6bH9/2kJEd/mBnf2upf8o+K9WvLn/usN1a0kUCRveW8C9PmEEyJgXK5dXtJZn/7uJBTqpBc5XyhF6O6gJxaeQHeIVNOM3DMQWKtxr+LT7ec7KetqU9hDZQ+1WGAY2C0m+cweacKENFbkTYzr8SNuJgSlZInHXKYnXKaupok4EccvXRDBWoP6xmPN83p8qnOxcVnYyK14n6z6bWsHXcx5YKrIk/5WcGiZIyaaGsKo2y/5WTqVs7aLdqE3s4uWyvmX7PLezExBt6FITWi7sPwG3VhTUc0+auK1OGsd37W2eRdSIwLMDVuOzSOJuigmLj8AVxqetjY871iWA1uZXNJ9blaCP4nQcj2enbG4A1f/l1Ng2sjswPc/2s/1dlR+mYoxuyTCNkUJWstHkAq6EO+SZY0FofAVvEfLk+GIHD6aTThxguRSCgcJ4JgxTghlyrqSRuSwdpE/OzneIkg2oi7ViU/6JadKIguFFboUlJUs7mOVuUpFKKkYEMwupromsrRoplRV4vI7H5rSc2hcosfddyQgtKi64NvZk3njhyo5VyAolMWqIU1txEVUlxYjkJaOqXAbsT0HIDdDKkudLECznzIq+sMBs7QtTNNUkCDS3XZWlDLd2ayvclYDjWD1U5iBcOYh62+TkjfB1IHi3i26gJ8cX73dIA4OXy3jjaBSeA+rxTJy11p2Q3sGzg+evWguWakYF/w3YY9a/Rh5MTPiQzANT92D7XkpLF2/fniTnIi95R74/id/cIuAfuzftAfA0QrUjCm64pU8kR486dywseFMZVFgU3BWbUVWAQGflNSn0KHkehbkJRwsYl1YjnJZyQRTLra7TUicvT87dqHhbRDB7sNkv7OMJZHAoNBNBjLfPXPzzPalpfs3ME72TwSyogdbuWPemQkuPFbdak3r9Q4EZi2kLh5OQPZaMokJTACYjF7JiQWZtNMr+hqmKbHnzlVRbUdtVbOo5iANFdBao8Ti4n51uhjs7YUE3Ad0sQYA7KhYsMfPbHKdI4Uct0xGRn8DeKI1uLELcqFEp4sKC90sjcANAR0KtxxsXBwaL+BXS9Ia0wg7u1y6cMm/VCbYgHG/PzxOsd3B4UHyiRUE0q6gwPAd+zD4ZJ2mxTyhDj1Cw8adUB3nLSHLD7XL5bywqvHahTIESrLlpqNuOsylZykaFOaa0LD3xeS5tOdxMquXIPuoFBW14WRImrMrn6BZNhlaYKJg2ljwsSi3CprwsA5Ohda1krTg1rFzeQ9mhRaGY1pvSc4DaUbN1tOUmdDJJYDPVhM8a2ehyidQM7wS+vrBo0bJiYColJddgSzo7HxHq7z6pCLXM/hPR0tJJRsg/I2ad6AS2vCgtzxlRdOFh8nQ/ztwXY0RZW/ITVjGOgl3RoC0Pr6txxuuxBWWcIVjjESlYzUThRG+Um6WIQICa7XYsSjbZ/3GXKtXZV3qvRhgnS8P0HSJwsh9oCWm/1gLkb/YHtIIER4Q7J26bkJ310ffyqAUYEtsGhHPHV3H8rDXnjMks52Z5tSFF+sTKtoO7887K0oyWfXCkMFwwYTYF0/tEqQ+T9eB7L5WZk+OKKZ7TASAbYdTyimt5lctiI6jDKcjZxQdip+hBeHK8EqxN7aYDaXBDT6igRR9TwLLuVjpnTF7Vkof7om1El2LGTVPgHVpSAx96EGz/v2SrlGLrNdl98TR7fnD08un+iGyV1Gy9JkfPsmf7z14dvCT/33YPyA3yqe0fNVO7/o5MfkIp3KNnRJytACUjOSUzRUVTUsXNMr3sliS3ly6IgsmlduLvsmCJQQrnCqWcnFku7gTiaSmlcpfBCCwPcx7FzXhrIHglqedLze0f3hOQ+2OtExDeS5N4O8HPwVE/r+DSmjHpV9u3V0ykNlLsFnlvbxSbcSk2edI+wgy3HbTd/zxZBdeGjpqDafCk/WfDJqyNKF7fAUN4oE2cZ+dBcPIcES6LlLLQaOkNHt4Fd3Z+c2S/ODu/eR4Fwo4MVNF8A7h5d3yyCmrSsg2brIuXwWO9AjeXVuVDzeXs3E7k5HiM33h/fBmUYvKEZbPMWV1omSrvBDVAb5BpuQDCWUn0QKtogplOzEgpaUEmtKQih6M75YotrBoCereSjT3RHYzbRddSmfsJnV7I0UbxYUk0xYYd/8+CD9Q37yHvtVZ9jm9/lnR32IajtyfrCJ2r9+Pc7cEq4rfcSRumWHE1JFc+3PVmFY45n82ZNsmkHkc49wgWUtes8CDrZuLF0bD/30VfCF5TyXBOP5xKRbamUmYzkO2zXFZbVsPfSj53XTQYdeJcLwUzTFVwFdeK5Vxb/QdsGxQ1UnBYQrRNMyl5TnQznfJPYUR45sncmPr13h4+gk9YvWcnI5dqaSnVSFTmP3F79eH1OlkSzau6XBJDr+OuogZbUm3A/o8hJ6gsC2kIKGILVpaw9su3p9FJupXLrLne6t+lERktkjCyvoLt/wIUwaZTe4BvmJ3VyTRuD5+wy7enOyP0elwLuRDectUCizjUj7yJEFBU00j2bjy4IvvE0503DGvxGDEE1PPnJhsgmVUUEzdiPdqB71tk02imss1STKqRoTFZKjTR2snRl1MxMF3I6SqOQQV5e3p8DiEDuOLTMFRKKtv91bGK8nJDi7PiP4EJvMyS9QGYNmU5IEk+KBDbmthpYFoQ+ukN5SWdlH0B87icMGXIGy60YW7bW/CCPfIPIwqYffNUgYvcWPxIP4Zi6uKFcH3ezQuWu726pMZKBQPEg3BukHrSncDJ+kDMqZ5vTINGTAEvsPNYPplLpZgVR1vBSlM0IAPTEIQKKZZp6CMKVgmp/KiZC8QYwyp4gYZf+GBXNw4BcrkUU9wrWrbmpKKw10R0eBAf0DpEVBuJx/nQ0c2aLmkFPQlg6EO1ISX2Ym6lVLRGQPAaF31AEr5Dge+0vKCywSmDE9R/sdoHinHsBMkj2MphKAKOvamiIbg1hu2hMwNjXrwYDpEvZGWY3pS8Y0bxHMNndBqeQwV5c3KIwTmWQqbM5HOmwRiTjE640S4yMgJpqasd0NuKzOQ6hH20QXDjqka4kEvFKmlCkAiRjdG8YMlMXcgQJkpcTKBfkN90EV91hqR27DEOGgeC4Ec3uVeV7LBcR1Adwu7j7srBzLk5zrx9GRGEc0HQZ+pw4EUI5HWnbEkKPp0ylSq6YC7jEL5q7yp7PHcNE1QYwsQNV1JUbVtLpK3jny7C5LwYeWcG0D/58PF7clZgqC04vHsHvi/YPX/+/MWLFy9fvnz1quOzQTGAl9wsr36LXq2HxupxMg+x81isoCsNaBqOSjxEPebQ6F1Gtdk96Fi+XHzU5sjhzMfFnZ167gWw+kPYBZTvHhw+PXr2/MXLV/t0khdsuj8M8Qav7ABzGsHYhzqx08GX/UC8B4PonecDSUzerWg0h1nFCt60ldhayRterOVU/d2+IThrfsLMH840rYQu9IjQ3xrFRmSW16NwkKUiBZ9xQ0uZMyr6N91C98w1XR/Jgy3K2ZI/87il1zEyeod9fyW3vrwlNCk82A4/cYEhvayfJBGhZjmfcm9KDlBgdIUzDzhjpJymgyQpZEwzP++clXUiQMJ9hUbMMLR2N6FYWgQZHjSEdS6ojch4TgiOi+dF+wzzis42ylPSswGTBQ8qArSgmkwaXhp7nQ+AZuhsQ5BFynJw0VkbgCSv7fbZk/y2WzLcuswWJnXJYq15N7gbcc3RRxS4CZLsptgJjk4qKugMzFYQ2+7h6XESzKtL2EgSBJUyktPO17ewkuTR24PlUHpOnganKzoF9tr5ZQNjJvFxd0XGIfdxkXFfY+hWK/JsrfitKMZiSuoDxW+FYSGO6zF+6zF+6+uL30oPi3fzuZzwLg6/VBBXyp4eI7keI7keBqTHSK71cfYYyfUYyfVniuRKLrE/WzhXC3SymZguXtvZ0pv+jkAm1opgqhW/oYaR03f/2hmKYYJTA7rBVxXGBXFDib3ErRSsKBE3RpLJEjBxyqA4wMOvcBOBWfcQ275cdNZKWv6jQ7SKnkT5GKf1GKf1GKf1GKf1GKf1GKf1GKf1GKf1GKf1GKe1VpxWIVplXE7fX8DHWzw437W8NvZSPX1/QX5tmOJMw15RoRcsqRRpf3eBWs7yzzgEv4QyAbHGih9radU0e1olmTGDVRJwWDfok3EhNIQ9vIbnxzuuaNvST5KODnzZlxlAgorl89yIOG1wQmm84qmG0py+PA7CgP7rBVPMRxkUjrdwjeP0ocRXxzv38TG1Vvzg3s/tY0GoUnTpkYFYdu+jcEOtNANgEO0qeihmGiWSI+9rr7p0mkTKYwT4/zVbOpRFz4/fG9wCzXwZ0JZja7Ikb04uYpmmj1ieBMea0xuGZXxSZlHF5eCPfnJBFvatNycXbviu3cxusyU/sNWh9olVsuCXtnPSPufJnBwbUnHBq6YauS/DuH5RVaNNq2Lj2M4ytsBBKGBvGfbu9dLDiFS0DkNSO1o+h3gJ46sGU01qqTWf4I1cQLUNKpb2X+4LvODB9R6sYUCpJjlWUGt5RDsUmeUl3ZjvE2P4KNqUwoZ4L3WBFMOh0B5aQrBoTY/Xnb0fBD2J49yIYgbQJtwR9exOYWJ3OBjFIEpv/cVXayYK7aUTiLoChuVRkg7o197TMg72M///g1jYpLX9sq06WopLwpc6oJMaS7jodqE6SvI5xcvs5P3xuzf2QEyYRZZ9v7xhxShlTtvbmoxRnIgsxiSecCl8oT8r1uhaWhSDfhkPAwwC5zIjZ4FXWY3P6YfdMX0x3TGUHvJu17G9eRjUwe5ty2KxyFYYD/zOGLOOorTKvGZxDzEeYPm8AUnKcm5YLyBgcBMs15xYZTyfp4ydTYEvtTz2XOdUFazIyL+Ykj6mzpKyH9+dgQR/k4g0nGLAGztMpxuMa7ycx5jGz2QxQJotuOeMFkxdTUtfjHgD5+sY7mw5JYekZMYwBVwSZyYwcyswucbSeTH48TU5Ph6Ry5MR+Xg6Ih+PR+T4dEROTkfk9EOPZN3HXfLxNP7Z9npuTIGzO2SXhhbnVJGjWvOZSCqsKzlTtEIKDFXhW5YcEMswTCMZCOKfah4jO5A56L7K/vzw4OCgtW5ZD3jDHnzxWJvQygR2MidGYVwlQ7vdNRdg9kUBtiXTklBCO7W5Qe1f43EXC5+hOxSHQRkZMAPluNMxV+LoP3988/GfLRwFzvjFJAY59VXs3IWBqsmd8kGLh2/yaoQ7sQNaevUF73EnR0NIsVsrLgyUiM3nFJooKE2eTFgpF+TpIURxWQjIweHznVFC/lK33ojsPChJWG2Q6ZzW9lhRzcjBPtwiM5jj59PT050oif+N5tdEl1TPndL3ayMhGieM7IbKyCWd6BHJqVKczphTHzSKqSVPYrmmjBXpCLkUN0w5r9bPZkR+VvjWzwJIEM2u5UCZ2luu2bDNf7gT59Fx89U4bgJRBORvkhjCJKDlReOCW2CsWtsj0T6jcAPNQSt0xikAGnhhmGkUUaObyaFd50HmsAKkMWrhPEKIPMidSa/AxjG2RkgiQhKjKC+hoC1TXA7LvsNIf3SbIft7dJvdy20W6efL6AhOVbpdqDg+Pm4Lx15dvfo9wS/HPStdWZKzcyvGMUgPGqfWjXHHzOB/HHtrn6MdPp3yvCnBiNRoNiITltNGB0/EDVWcmaXXj1JCrajRVi+0QzmwMvIG+zpF+JJwdQ+owY4bkoBhNEHOOEqs0GWEm2DRwrJDBftk364slaRDo0iAL8HvjGor2RsZRoy1Y1FSsfLtVPZTLYOC07WetL876G4wCMNfQhfwcw3HyL3/8Objxw8fW9Bt8Gxsp4cj2PhJTmvoPTRyiLYyKdBf+/KCEr0x9SvxEUhRLsHuqqE4b+JdaFXrhcdyxXyXMoBPxM41U4St6yZYF4oIgLf5O49AC4jO/NA5A7BQM+XW/0TWaIAtl3YILWW4V5zChqdjJyPHooAU7lyKqLs6rLbP/mpfhTfpW1XO8YQeLw2239B0JW95gbDN3G1eoHfM0N3UXu0z/ZxBev3y9Xd1NhhoT/f7er8krfvgHgv4tYvRxMiMjFmuM/fQGN3gHozIBEEwAtbTaIP9UsAlWvaqYxPy05wJ3DPYQGwUE+Q1LgqeM012d52d1PkwoNWWkUSXfDY35VCeerIaeN81N7SglcyyaKu/KVeFmxa/WFB9fF0+ZxXt4J+0OngNkM5Btp/tp5SjlGwllb4JX9zezComdebQ+cT7g2BAjeS7BNNGwOOPWK+9QvkBn3OeoLpmkB1UMqyKYNHsGQF4qnNqb6HQ7+mb9Gxxo1k5jYo2FTj6PTx1G4qKBmSi3afjUUAAbzXDPWTy6kAMxQAEaZO81WCERnmDi/X2qtbA2tD8+spKF5u8YWEWArMElwys0hJQXYLrjn3qlOv7QsJnwPgo7Tzkst2p1q1yAexTzuoYtpoc31/oDc1KKmbZ+6YszyV4Cd74x9NzfdNpYvHmZs0mdXimhhLFfUH+4VzxUnoVAnPKFc9b5zOwgWPoe9jukmGPbPeeTPrCQfLjHM8OjW3ePHrexv6MwMx9zzrjnSnUBA8WaD9iFseIre7kNFmEG88PRX3rNALdwXytGVdBJvb0cKZuVDJCjLQb07ulQR9Lo4BHmL850BhkwszCit40dABwMkbSBQ8ncz01sPldXkpt13bsd+JudGNeghsSu+s0mLlVwojYcQE+ph0EAaBhRCePuWFjD74W1lNqiSivWCUhjoRp6OjghisSxEeCu2lKwRQWOeGxyaF7WOdU2KVDi8P71LtZI+vqs0VvHD3I296c386NdkaDkFeENQDSQIOkhS+4PbnG3YsS3ZwKMsYHfN+McbQEh42wZ30MCNmlRTEekbEj+V0geQZfTXnJdlFqLsbojfE+iTBi6KyXhIFg6YK6BGoYqpLTaKZ2a6q1ReYuBvq0r2gH+ia2443TfHCGLvKDYDHns7lroDLMA4FDeu2lsytRP5a+X0tnc5AgxiO/p5oJ7RxGMSeMBjADXHFkL5FS39rmJ6rs4YbGltMGym4FcVNOrfg5IgtmL0eBqTUQDEVo28Bkhbnc3jHguXCOyBAv5VrQ1tg+u9EMDVg5bYbT1GCnoYRBZA2r5bCHU3fPnAyUJ964sAjXwLrVPTGhgySd30cW2YV6Jlpg/+9QkCp0yW1Ekts/cl2dylh3gCD7w16+9l5v7B9SEbs80DVA5kdOK2+YAjZrNc0gQnhJJ6EwSzw/cVHIhcZ7n5yd9vfh6PnRyzby8VjfccCKqDC38es4DA7Sq6I23HPcXgjQhjvArhgFhuEbOGKnqyVq+r1G3O6EosZk+SS3d2ruMpNi6/TQOCj5yqRVr01qyQ3X2UCn8xA00uXTZ4JUUpukldHIRcaZhYxdyp0DZMIG1ELkp/5jngZdtHp157TMoSSGS3MqIfoDBYXUIuIc6S4sEEk8jNm6t2Fb4FXfo1hp40UeVhDeaaTpIamk4LGNF0mG2N4G1c3vmP3oS5AZSa4Zq0lTI6eAl9LD1cYqNHYESNt4tPcVnriclqN0Z6MLciDIuKCGanZX0tnvD8jHaTpRUaLdyx4s9uCCrbAiBxUY6eS0BisoS+UFI0yJtJw44R+lnI2cllPK2c4ondyeCL9TKA4sYwmO5BTmskoylrtdR2ErFctlVQEnhpanQppgU4HhrYjQmhsUmhChVcmiSTqtYorFVJalXKCAQEkhsRaj6A0zYAGraT5nWYKLsL2NWidXfiCpsPMmF3VjrvyPggrpwrC80NmY9AGq3/Gy5IPPoGsHaORgkHBO3dQtuYGADypM26Yk5D6IdXuS8TOzyoFizvtlorupFVQ3xGE8+4DZBRrG3J7yXvIHE+tEDK26KCKovTuiez0gvdnr0H9vJZubNJ3f3iDgrXKtwTu1uTaYdfED1XPypGZqTmsNDcKhcfaUixlTEOixA24nunD3k5F2Ayh6RMICClZJAU1JGSrGYPLjZjmQOuuLGw79dfy3k9MvZk86O7WrCZWfEr2lA/Ng7+hrvhYBfbZm5QOqVqpT6Bzoy/ALJ2t3q9m1eCXSbLxILY+zLzudPzGk36ISdNQu+HYcxxxrQw2zChctqarGX6ckD0C2LYgpm9/Y3YqzJDHXt7XMBunCySkgCYGAo5u6lspov0cWJyCLw9AoupTNDJiT9IJQGDb6qKjrTe0udLyij+F2ApawM/LaHY487sRitGTOaAMEJd4+v+rqa2Hdy6SbwPtHugCradBS5BRKmKhAyj86CeMWRrZCWrdCBDiGGV44hcyvkhqfBdeWTAtQoDGBDORmRlU+Z0U8LVYg4aEHvGJGcXbjhfbxFe7NuI/KC1aTg1dk/+Xrw+evD/axMufJm+9e7/+3vxwcHv2PC5Y3dgH4iZi51W1Qc1X43UHmHj3Yd39EtiBVRXQDEsq0sWqGNrKuWeFfwH+1yv96sJ/Z/zsghTZ/PcwOssPsUNfmrweHT9vVEmRjrKy2Sd7ppljFPs9SASVapay2lqMlM3IS3b7gWyMnfdZ9b99oEcQHHWt0KBwDhYynlJeNYoMMMYy4FmNcnyGGcddnjE1fMN1w/dzti+AFH9o3NANAoRHkez5g52KpnZbRtxq8lbNES67ssZdtjhVd71618Yd1oI4S0XJqFtQ35x0O80bKQj56sdTQgH1uTF3sYNVt6OfeTFxZPjewi7G2129sXm//9+SaKcHKEXnHcyXt/Ltuibv+cO8eNwW37+709xHfbm2j4vr6Sie8dRW3nZaSDvrJPnJ9TWAEuGUUl4pjlE53/dqBSLQsgdJ0EsH7o2ZO2Yclg7rtTBMo88+Z6lYnDbBfCamqNShx5SK234ORl//GChj2jgWNgh0eLFZhEfv2SB7s73evCKi0zwXWunEJyEvZwNFrq8qOEICiMKtAJwDptr3DDrGg2EFMM8sERFwGYs0592lZ+j7jHeVHs1+bRHV6uAJBF25gX2typQDLAgz+UQhxQPi9SQGUat0zW47AakOv25lQ7BPNDZGqYMrlszkJJ7FfOutlmRSLihaXoOH2kHXDkuprD1LiB4Pw0TcVJmgfH5rnzn5q5K3mpZ9CxpO3wcUR08yoJOQOn/L6srcG0yTixxIpxCtkznjS1F4bSFwgYSPAueVm5cw3wxCaa5OGijjCdBsT7JHa8tfB7ETH2cN6JsyiGeq8jks5yzT8nvnfs1wW9l514qr/Osb1ccSFwb76Pt4DHRVuihbe43a0hGNfoiqezLPTi52sLVm4NwrJUEp0VA1NO+RChBkxmKuiSxKjtKLVVNboeFq9XIhk7Cy4fw28aNO0oWuVB7vd/oHGlTstIM71ltpAWoLTjUV7sKKvMILYc7rB/hLbiVSfJIiHss3tJdkDERmH3eFoFZSJ797B3NbSS8VosXSUVLApbUrjCT2ahpNbEg+gJw5s2rHgOj0rx1H+C5P6EFnItqP2+EsBru+zUzf51ptGyZrtHVfaMFXQaitJ2KGTiWI36I33j19cbu1gMCX54YfXVRWZCaelf2p3/9nr/f2tnQ4b7QepPJByx5BcQOJ1VoUGw3fCWs5R6KU3ElqvhLLjuN/2RagmYvVwgNrDPOXOEOACUL7zn2+JPzmGt7rBCpDs1jPIQByIJhPLhdueKxdPYX8FR56PArBju2rPfnkWqJA775g81VrmuHcg5YNWiGx3FEI0/Gcqij2LO162YtKcsX7kUrdqJYsmxzsZpjzzujF5Fy0T/+u7s3f/2z0LgW9uRNe8R+9k+LJTrrwm0y+7TiE2326rfbyzHk81gcWEcJ37dQICx9DvYIPbbyExiFeoJwColpH5odvVHZzOIFydh7iVGn1JRtH82mtzWg9ZrQfdm/cDGdAP4wAN2jnWhTLWXG+/34Fxze4B90EqNUbxSWPQqlUxQzFbGkIshtGMv4VaEzCMM2Si+7Kp4bIaV3aqsfMNWuHGCjBjWMU4MZCiwxN92fZQmyi62EdHRHMrzbrhQJwVEW4v21kwus48KJK5oXsNK3Cu6HUSAOrp/p0CzqEy16agDNW6QnRs4KKu6n0Pxr25rNgeLT3ugmPHAtUP534wWOH8hEl6YNVO4A8lgjeWmX6ueEXV0hUSs5f692enO7fu6/bB/v5Bp+x14JGbhjC1ogxC19/LOdXzrCqebQi+d6fPcIr+pHpODzY068UPxwe3THv47PnmJj589vyWqZ+5wrYbmfrZweHA1FxsLlrqzI4d1Twfto6MRYS/vTjVPSuHz54/ffm0U8N6c9C+s8Amx8OCKHNDy7gCOhhPvb3//Gi/A+bvvIIHbuBwdVJw6/Ap72poX6g2ocON1bBCIoLnxqPgyDRpPckeynzWcZdZy4XYmHEbxXQ7wTZEtKjBmu59HlhTsynv/3dNWcL4qZB020W7twpxmv92T2PigFBqB7FUD81WEpnugyiXRLGS3VBLgFYThxheSKkDSWvLfhxI2D14/rTTYcVQNWPmaoNIvYQZEK1Ws9TLquTiWn+xlA3AJQQAPLFoGdlzAMqkg2Snt8NB8wvlIjdaTgd0bSuv/Ajyioo+giTF58lFR5jBs7NapEl6MqAKiCr79+7jLRr790ymeWA5VWqZNs2lMSDCN65I+wNTL2m2rdwYpBF7XbRU/5A6r3hw8hqWzyEyJTq2LGRn50mKAIYDql3d1FZPKe6THvb1tPf56lv7fIVtfb6ylj5ffTufTVZQemzl8/mtfL7GNj5fQQufvjru76/wxeob7DKUE09SHgf8XPCMy1e2j3iZyi9RdoMg17lX/n3rw3/VReG/dCX4XjCyo88f/Oc7UnLnGFcM5BkpMjqj4XdazqTiZl6FlEyunA87cXewskBO5TJ6q0pC9ak58/kF706fjcDOsgN0XivmuHVGjovCgzEN3gnsg++GmCxJKRdM5VR7BbMNHDJjCyC6kqBYFsaOaFZTRY0MBbOpxqpFteLUMPJEC3qNnvURwfiYOX169ezg8D41ub+0RezLG8P+GDvYlzSBhfMkdSvH/Qf/+VYXo++/3nIxYjBaaU9E3RjMp8ZG/uHwvDm5wATib/0hGHR2czMfcMnBpDL2gW9XsPDJ6KBqgkIzmEWd5k/btQJGQ8K0G3FOVbGgio3IDVemoaXv869H5BQaQifN1rH40t+bCXRZg2CLgt2rjbLK59ywPIm/fNC+DZ3AvtZ8PYng08vnV8/bNovH5qyPzVnvD9K6mtxjc9ZHje6xOeuXaM5q788NQbL9gxvb80y45NME2FjRIsTrLXzg6NhDNgZp2p5fVyHZqyJw9bs7+A4t6WHW41QklHPSAI9jHfDo029ouaBL7fohjSB01cW9Bk3XdbmAKGyXJM7EDVdSVJ0cA79/UM+7UaCbND5paDxh1GCDhS4WPq/xLkhAvB5uGreZhrk/uK0cnnNT9Pn+VtpMSngiVSYUmVDij4J/8hHtjklCUtKvDS3BIRnGTJR6X5cIYoxdzfpQzgUaVLlwdCh5XLCcF1ClzcquQEaRsUOJ0s7GS51NacXLTYXGfLggOD554r0CihVzakakYBNOxYhMFWMTXYzIAtNC+g4efLIHd1Nuqh9iT+bFnWi7bX0JRF9eblgEpbnFwTv5C71h3RUkuS1fYA04WwAbdC5FFy7Mvwf5UXaU7e8eHBzuukI5Xeg3KNCswH/qHXfLWIXwf3Sh9WaoLwWxn8/RvZWNpB6RZtII09xG61QteI/WB0t8bg74dWnkYD87OMraxXw3FSh96XLCO+z3O6nISSmbImT3aRQ1kwQ4d/OjVxnKeY/NYVaxgjfVGNIebqq0ejvkMieyblDWW5UDMRkOTG+t7mnhrg4jDt3ZnbaL9ZohL6tCEC5CfyIndYTAbN8JM922p4fP2tM/ts99bJ/72D73q/SUPLbPfWyf++/cPnduTMtj/MPl5Tl8Xu1B+M774UIQk30pJONlvsw1GTeqHPu0OIY5xyZZtQVSlbEjJPTDWN937F+YyGKZQdjf/W5wn2ibvtpGbhpS2AGTwKxd9L58+WI1iC4IdkNn+NIptLgZt0L5AytLSRZSlcUwtBvA5aU0tGwHaXYx+sQCC4cdOwEOiOcHR0+HEVwxM5ebuke2WyjFqTqpxkjkmIAOFZgnLM2sNzJ4hbHkpi+ln5EL5kqSybypfJh2GNu3LN4683nTVk94c3Ix1BqKmRGpoRxz3ZhBNCk2ZUptLEr5oxs+1g9JMdfbTct79Ou9vUkpZ2kvp70O7K5X35c+565TyZoHPQXyy5702+BcfdQ9vF/6rDtoP++wO6C1oabR6/aruVdthTZOcaJhn8HRftvRulkjAcC1yupyAEaAGF05S2/0t+7jLSEBpz1vfUhUL+VsZllOxfI5FVxXTs6AL0M1nSRuGUpfxQgBKHYTXEZ3Rgn0pnPjhsKvkMLqk47D/GlhuZZygjUPwkRYAcKPCTbbtDTCt+PWQvxbaUW7Xi2NzgqFNLAIVqTjfxsq200aQxR1ZgtfeeHbsWvygfaMNycX7ebl60hDQHAbkDC3P/iiOhaRwXfpNmtVeSzdr8XkLUQanI5hKAXF1RrLMEJJC3t1hBFd4mnofz2TLJbwgEHQiJTW/S0k02J724Sir1KwaGLyFTPqxqT7GajJ0n2o6AEppaEaU1pPZKdXHrtV0XBBlRiPyJgpZf/h8J+o1dByoM5GbEaTHOZZ975+kH297JSmwokIFxqKgwlC67p0pcKzUJOo0Q2QeVqFIx0FW3mg/wP7MTgBKMwwwl4KWGjAt+ofNN5LNctYSbXhOVa8yyZSGm0UrbO/+b9ayML6Txmk9ySNWW/tV4f9YVdhyI7SKUcUEtpc24iE3MER4eoLu57EneJeyZHpXieHK5eyQcNDlwoeaHFJJr0rzQ6MsVsOzb4wmDUWtjf7hd7QQcQ0YqA3xebw4qZzBQTmsuih4o79tadhYCGbqVnpj6tJ67Vb2HwNS9otPgwCZfJE2FjXQl/XJTcYFmhIA+XkgzGkpqrVK+AM/bGKxl5dYzesNwcg8lLPLRVJsXnXjLRHXW6UtMZip8SiW+yotyBfli+MOac3LNTTgTphmJma+2ZjmCSFHgsmcgmuR6mIYAvgC5ooVsmb9BBIkpeMCqh31Qb595YAJVq6Cp/2Wpsw378z7pP3zKXdVT+/EiiEBYEr490ySJQh1BUuwjWOHhaWcV/hh6shsu6dPXfVhlod7VJ6PBUrICTUXt0VNylHuuHUDZP5Ej6aMfLxuxNNnh0dHtmtfHrw/CgbWFo2pTmU6s82oWNsJyv0Zdz8hD3ZqutICOs7TkuNxVVZGrLLGg1XP6fCX3mhgtt+GNK+e/i0TxyHT2/F0YbvJ1/din0yuxMKvbjWRVZnHUDUL4bW4ms2PvhWd7Z5RW3Iz99iFofkmrwk30bk/PcgqWZt3hNrJkIzW+Dv7FONFZPA8u9YsqOeQCgw88Grg4Fc6afPhtDaqjV3P9zeeWK6hQ/vPjFDBfZcXT2L48gwUlUlJpl0J46cBrDUKe4HRf1GqVZi1Yoe8O5kzuRgIb5bQQ+1Ab2SQ2P3l3Z5QHsb3FYesFsoca2agIM8IWz4JuNtvwZiaBfJDKOuRQRQTXwFBSRK7R+4+QkUvX33/VFD0B8WhEtNTu+Tr+7I7PLl5NrpKBj2UVWN8M2qoCIC9H9C0ZHG3BeCQllSls6lk+iWNcc98VnJK370TvONbqG8UAL6HukjUcve1HE5Rk0Gy/RDyYF0VmeHqZU0Mpdlu8sRVRNuFFU8IRysMexKJkIrSY0ycgUVpl2pvhEIpLTU0Hi/XKIiEB/W18s6Mcnw/NeRvbnYRMrrETELK8spB8wibWZkNY/YYSop+XXDRJE0YoLKEABLrJdgb6Ei1EeIFWThSO0VTBtydo6lIvSIQJnwEUnGXHDlK2N+hf4fyqsWaQ2Y9tepO7zSrL+Ndn2054PEDd4e2JGJtOcG4j6g716Lz45ddV5405WxT3p/hu99354RGfvD6n5CUYXHndBNNXAjPe+0c0MOYpZXGwsx2T7GeAlo0YrmYAE5IH5x5Owc01EdNSWdzlMbmj9+Mamizf+iBY4SI2W5S2dCamNvPkNFQVWRtt8Lw05LuUg34y2jSmD9cGqC/23GzbyZgOfNEgh0ZdsLyNvlxa69ZAaEvtfzD/9dvz/64b+/+/7Zu3/uvZyfqX+c/5of/es/f9v/a2srAmlswNqxdeoH97e/Z9dG0emU59nP4mPSvStq169/FuTngJyfybeEi4lsRPGzIORbIhuTfIJOw4KW+MlSUPzUCCDcn8XP4qc5E+mYFa3rpJk3MB28vJwyk3Rmcf2FR+FCSuwc6ZiBc9lhtjWBtCq7+BvOFhnCsGJijxqpSM0Ur5hhCgFpAb0eTBGQFgT2XxB53GTpyGHSbKtvIQNst+hmKtWCqoIVV78nR+Ls3EcGxlLM7rgmPzl7Wa3kp4HWU68Os4PsIGtbaTkV9ArVqQ0xmLPj98fk3HOH96i5PfEnd7FYZBaGTKrZHl7M0Clzz/OTXQSu/0X2aW6qMqkTfeH4CNxXvjOIf0s7/kNLaC8AHAwknvfMfFfKBXZLg79cWFAYt5Qz7xBoXFzQ0Jp6CH/eQvSmY+9QOJosXSMNaMwv/e2rY6adv5e60H4PoSE/8SlvgY3NsO9xCQ9duG6Qz7py3bsDl278ZeDa9T9G+cxdwMMX72HbE+6pZgO8fvvtC69dxDsTvEeEfcrgRhuREijqF5pbSTK4iIOE+/VJbiEIL0Txe6g3gcILKEChAy0nTAyldghKprHWOSN/x3nSY0hCD4yA4ZIuLXNqinpETF6PCK9vnu/yvKpHhJk82/n6MG/yDuI3lD5xhpfOh4szKNVZ4iW6SNMcPFm/tVjMLO6OEIOJllRrlo9IzStA6NeHTgt0YhpwzRhUahv4kH53W5kKEV7vl8OvWc5p6Sl4FGoAYrpeT6XGItkhiKRghuVm5MdHjzQGltw54m77fnPCleWuWEJet0v4hUSW4Or21SlwUCpyhimGbqmdsv5STPmsUfGak0Q1Yn0EhI5TSXexdrUMb6vSI7JgE5B+uFXfuTCqgTQkRBeXYq9WsF4Y1ydSeoEyiozfeLoRWio3bApSMiP4dkqpNRka2mL1+PydQ43OEmOOJ43UmkOxyPoKY47vwAWDo1VQLP3RAqzjOnWgC+3DjJA2dJSeb8E3rCKapVxfAfLO+V1/bViDA5M3l2+h2IoU2GjIKX6u02IiuYdhQlkgxcD0Bz1yCmblAY8PiIx5c3JxDwvUY4GQxwIh9wfpsUDI+jh7LBDyWCDkT10gpFsfJNy+bWPI51loEgvMrcNvpqDFu+OTVdN/KQPE9kkMguyjIJHxvQEYHsQ2NejZSF074c2WI2fOynralGkCddQqpjGUK8hmQV6iGBjFShA7wpEWRKoZFfw311YgNT4ImcZ1QpATYwUrHOfBqC2Eq2RTQ1hVm+WAefkKTHEX37c24rFkxiDUjyUzHktm/D6I/48tmeH6zW0I1Mu5735nVnD4Doj6cH+/BZ9mitNys24Gb5VxkznB8K6uEw8VrOxqg3QwgzYpK7mCIaWy2z1VsmobcJWr5JXU6Q3uizjSsmY6G8rS8A4mNY5mtrG/BSFlo9DwTw3/wI0Ef8iyZJDYgXYO+1e0VQyEzfgxWyhtxSw8JFL/CwZej+AulhUVpiNNDp7fh0ml95uSMMQYEx9lCnjXGw27398RVZSO4w1ETCiez5GgwDLUKjEQQn1yWdVUeOnCikug8LSIsRP3k4YZ6dCd0opcEIBFlaJiBma+KS+NaxWKqfBemIIIcPA/tQsNBDDieu6TFPYHlNZoi4Xky4jQKX0EsSbeRi1SClfHReyUf3t1/A8XocOLi4wdJp1uE/71Sxn8KSXaP7k4+yeWZf9EguyfWIr96kXYNMrAp2w5LneefHUrc4v31WreBveTNrTEPCR0KPlZPXxnSS93X0t+YCj/2iiEYSKBJYdZ89/SUSGGNAztAMExnW8njgVdByFBPU8uoN9Xxv3hGpriyu9dwT2fs/xaN5s6QidueC8nxq12WwVX+w1TITeuH6vzcvL08FVBX7189ZQ9Pdp/9Sp/UbykxbN88ip/ddRWZ5LJN7Si07aFHYK62sQaIP9QMxGi/5WcKVqBnlFSMWvs2o0kk4aXBdHcvrGnWMnppGR7bDrlOY/OPhJdrW0RDNF5pXO5saZ9Z6KArREzMpeLdMGQHRd21HUNgSZwYNYfkVkpJ7Ts4QW/HlrI7+offmnPJ4TgDcLXxlzJcyb0xqyub3F4V6YhtptIIVMMEgeLdkEzQokOdbccTsFv40ZMpWIlK3JxfvoP4qd7a3VTiFoPQ9ZSaz4pWYzr03XxCWL63JB6b6evUR7XNJ+zMPBhtv+lhATPyZIpIuXI9v2/uV6Z59TMk/h/v2+8R1BpO9JGqz0g/b0TVpZU7c3k3kF2cJi9alcdun9P0ruTAT3aOq1Ku8z08PDpwRcURDxU7VnS2jKH2atvWuaynOmWTnWefHW7Zr6WuOGnGNarcyqibh2LFLoQidZ4mJTjhyO82Eso1gVEt1LEQd0b++lrKFY4NfaKMHSpfd9nnIpwo1k5JVQEfNtV1RyDjKCUI3BRHysNegqCG/2f68kms3VKNH1e/oJSdOlCfQFJVM0gCCx1676jSzJhznqBy6uVtCIMRPlwqPqZIL7Hq9zHXaJDDctdsluGP+2NFD4c7Gf2/w7aEcDsE8sbY6/eDaHieKJl2RjW6mnssRJnH2YpEy72/NrSZmeP/ef/nfvPb9Ip7Hiqs2qEo3ghK2a1HMsHUUhHqTXUANW84iVVfXGhS571bC3r4L1uuLMo+aTVbBP+wnTrXGFBLk2MbGO2vrOK6/1u3nADDNTd6VTeqXtzP8TNr1wFLAvGtl3eECDta18b2g0Av5+wPWexDb9HOAw6IBhtH+4fPN/df7Z7+PRy/+Xr/Wevnx5lL589/Vc7UsrMFaPFeiWb74WhSxiYnJ3evUEOho1WnQBgBg2KOPtuW9YGOWjTnAAm6WQv2G2F70dYwgZZQwjcoDpsPCZJnFCBBpUJi8nsr8OQSXgIoWSi5EKDT9BX/nFA+NsRAoat7Oh63ZSQPyP6dZkfsr6+X9C9SuwvpLrmYnYVypxvjHKYnyspqe6NEF6s7UC7N5cV26NW1/smrXYZA82dnP0x+epWOTsk6GkGnR5DO19XHMQKzDW/kbCtVMlGFFZO5gxq9vmFUUMDuYHrFB6A0KCBdvTa7gUXpKJiSeqS5limj0I8sq8LdpmC4IbG4m7g3UUfUjVC5xhkqnv5lJYlTuG7M0kX2wgyta6lKCJrcdWVBBk7LGaxsuOxVT1yxUxwBVsMxSg0pkdJeaqJNxDMobCud6KOnNFoFInAZ1aNSF5yqDzhH6WiCMk2aUKjL1tIoFpBAUs8O/eivpERel6PYzEHM7cKCSDNlWPH+K+zc2IUv+G0LJcjIiSpqDFg2ojGBm5gMqpYMSKTZUgCSad6TbNJlmfF+D6OxnqNAzUc/3dchoKSZ+ca91iKpDBj6svr55NcrJdN4p4bqDPhiMcVtA/5DLkUwmW+xFa/LiJfsRnFujyaaas061HyPNQMIBMecvOsCoipkblURdKMWCpyeXLuRsXouJjxgrDljN9EacqVVCQX/3zv0gKf6B33o9eVT84TWLAcKpYVDcmc3ZmcuR7LOrbw4bevnVMtNHWDA1dw+RqE5qbxcb+YGcZURbbCeFvYT3waVL0UCtEBXPvGWvCzU/19eHK/QodnJa5Hao6MTXemSNfhGNJFawIMcWySQikxmwQ7FPziCwGCbQFPui/WOjBYRG3sXhCHtKcXt3EXY76REgKBnODwe34JofW1K35huQEtLJevqDA898naLhSUfcrnVMyY42fRSuGjQY0kN9wul//GkgAHQXKmwDgTC23EEqt+jiktS8+rALcQj2rYTCpXecYVWNGGlyVhQjfKha2uKJVgETbliYk5aX5dLu9jMEFOvimBDMOIsBoPbky4OrBmn2cw1YTPGtnoconUnCYHEbKwaNFBn4OgJWrZ+IhQ3zkFu21A5zpp6SQj5J8Rs653YdpUAU+VoouY1o50P87cF64EY1uQFPZmiAVxigYzmtDWM7b3D3TtcA1pxiNSMHtlQUVE39NZiiSm2IodHSmQ6mztGLZVgqCLO3EVzGgJjr5ocKONkUJWstE+BAPwHr8OAHrvtkuoP754v+OaepTLaMDXhNF8HosmICrPoBIE6ycMHTw7eP6qu+ZWQMyXjoFpgfe9lLOSkbdv25kMD10n5m9QIAY69McSOy4OT7oqwXwo3+rgZdvxOdT96GG6piA0OH7b8PCYDfeYDXd/kB6z4dbH2WM23GM23Oaz4T4zGW27n43WS8Q6QbNAJ1KXnJ3fQE3hs/Ob51Eg7MhAXyyJbSiDTlCT/Q5FffvSqn5OGQKbfiq8YzGr98eXQSd2xTC5k5bimZWkVvyGGkZO3/0rLQrSPiugYZWSFmRCSypyOK1J8QCpiJKNPcQdJNt19ounPETd5ogAKHjy9aLg9xUeOncVhz5Hhus4U+6uYXM/R4pD+yoStzxIg5P6arO9M61aMeezOdMmmdTjCOcewULqmhUB5Gbihc6w5a1+NWiACcM5LXAqFdmaSpnNQILPclltWT1+K/nczRRt1YEvmGGqggu3Vizn2mo5LjoC9E6oyQk26mZS8pzoZjrln8KI8AxEJ73e28NH8Amr3exk5BKNiEaiyv6JV6FQ3GSJoXNLYuh13FVX0x9aBCwkKemElRpVYiEN2NCxzJhd++XbUx1iPLdymTXXQ/3PAjJaJGFkfQXb/wUogk2nDHugGlk7ycXt4RN2+fZ0Z4TeF6i35e1TLbCIQ/3ImwABRa4fQvK48+f0iKc7bxjW4jFiCKjnz002QDKrKCZuxHq0A9+3yOaxKfPvSxB6bMr82JR5cE8emzI/NmV+bMp8a1NmV7gcnkvcnP6rO5JffdnzrtPMpL9JBfmoVraPoe8FNdQBt6Ca5LIsoSnIHQmuUy4K11HKUydUfUWyDN0T/dz2SZ9Dtr5Ph9VzVjFFyw0W837j50jZk3TWIA/+Ez4F3Z994tronV6FlsJVXSyXBN1vmtBcSa2JYhB95Wrjj92AcPp8O4e+ZPKSHk2f7e9P29aNTRyn7T5r9l1bGyHQ240Qhy6PDiWYn18rrhOeI6cYCiJkwZyZrbXk6G0K4UpAMCDPFS1Dmkese6Xrp1mmwLi6NxW9ZppwE5MrUu4ZJVRLp0n1RjwYgvWoth1QYQ+Mlcl53pRUAbxhSIZ9qGLLjrZF0LlAOUZ+CIbOK+1KcKbFultgQCsu2UJ7u6Glw43LMJfOITu27zmWbjk8fLTYdzVe+/RWPH3BnrHJlO1T9jw/evXisJiwV9P9gxdH9OD50xeTycvDoxfTu8ozPwxFplewJ7ZYEcJxp4GiEK3CBwmVhpMJdyWEzYTK1qVc4PYX3KrtkyatYu3bWiBWVQMhKuHisVjV7esZFXkfOaANFfZtsBDFEyKCcbrdPQ/sK1TDCt6kHTDbp8jf1E3sgudMM402LDZLiKri3xg1emgQ1LgKNqVNaaD5QB3C1sKjdiNjSWgXYwXlnoSr8+TIlQ3QVauT525a0DIQkSw22usyUBMNJAFTdvhMQglmIZEXtaph+Zc9V/QSq/0NjqmRqUgUwiyhYESGNUumUrFRsgl+6YEtRr/BxAs2YVB3nQTIfACYH209Wuqw5ASEPkV1ABA+3R6MAe6ZNqE6GsygGSTVLO3UEk6y69IbxoWWjM4LmbPa4OLCbAgxoNgLVw5I5kqd+Ig93W7KiJ2RZg3X87Br8VDCkbb3BbZtjFe9u+ektqCSVNJ1LaEcXgTT3tIbWEIcvsOF2lQTGYynnh2yi1wh4NgtqqICw6s0GxAT/Hy7++5/nfQZnQRcPqgHFCN/cfzOWv+Y8kH3uifgxYRqLLWgHjogz7bkhHBDJ4K5X0kyyRu/QWdTHCRW84VYoTZ03RO6gvWGuuHjFlcdaiid/t7ajs0V+Nn+L5/L396QEGDW0i36uxJ5MNQsl9eE2isJi+YwQ6Qol13d4iZOGbj7QIOg7DBL65NjHFpLzYrf3KJl4VN3RyUmbdCpc8nstUXC9khJ+OEdgYep2+nereK/YHicC/R7DI97DI97DI+7JTwOz4nbprRNSw+HXyxGzveZfIyRe4yRe4yRe4yRe4yRe4yRWxkjh93G/mwxcg5qsskYOXe13xEbRksXUBVPrQxhY4PxYUmqFDGKggIkZl99vNxKdGS/Ex9fYbzc+kLdFwyaG6D5PzxoLhU1H4PmHoPmHoPmHoPmHoPmHoPmHoPmHoPmHoPmHoPm1gqag8JMiFfnzLmM39zizPkOfS+WTkqqNZ8u066utGTK/pnnEit+2HvXzUUM/SSFrLypJVShnjPyjhvFyPHl5X87+TuZKlox7BvuHm0F0kHdA6lgnW1A3OxYqjLUSeHKicxOh3Rjnp1ejMj777/7yXVb9s55Skguq8ryCAcvmv1xEZmhueF59i2A4QsFuSFzWpvGee2t4O6kJF/mIbSARnQ4DW6LVzXNzdZOexqWz4HUsm+94hJXH+oT+QnRZXLNBWgBIOjQfG75OOh5kyXx5icDXkRPfjDXCDYpz2VVl1xj0MxM0tLDx0QBVkNSMGFPqFVL0WW4tXMPN1rY1S/ASh2Gw5TBWT1tFBR3cVvCf0Nzp6eglgSIOw2/h90IIX7Map0QtgbbZe/GMJkbrd1UmXiB1wVDFBhBBL2CQ1V7PSLMSsdgA6CGcDGzyp/hFbZdVswoqWsUO8sEXDqb4QJ9SZTO8X93dvnxjTtfbc0FyXljV7ElaY66KaLTEyTQo8feP12tJl8KJ2UHYZHvqFH8E7nEccIOOtNuUostI098d3v9em+PGkPz66yyY0KVaIRE710e7+8f7e+FCXa6WMMHhvD1hUSCEKixPu4iulKW+uVxh1xtCHdQ04iJfHPlCBkJc5BGlX9SDN5rhIDjcG98iSMd2GIbr7jPw6c6rPfB8eqB0XuXB0evXt12ru3vK9C2wZPdirT9k6JutTCwAp9/zGlfG7utG39DB3597N5rjIBrRXNvvfKifPLValn+NEZu+0GGEwGooOXyN0ZqpkA5ExCepmQzm8vG62aUVDxXMqStJG1bQBi3Copg5IazRRa78wax021TAjhJZHiimF280WQ3egx8eb8Fm/jffXzSVElhdpkoOgGHu3Y5vzZMcaZJRYuwjqjhTWh+nb6p1++KY6HfIONdnXGCE0fl+xi/QXB1XJvT1NCkGisTuqBerC5NjJwxKySD5TcMGc0+aATwCJ9TUZS4eUk0r2Fq17ncWILJnk30aDJ9dTh9+uzFi8nTo4I+p09z9urwVbHP9tnRi6fPu+gNtRT/GCSH6Tuo9t97g7r32oRAA9ALKkZ1o5zfDTTNkC1jdeEwJLa0cvgFBdrVbuihb39/uv/8BaX7E/pq/3DyIuEKjSpTjvDjx7d3cIMfP771OqaP19ZNDY5I7MVgpzRgboBcHlraVzTWa3VPhmKsc0YmilEs7CsXwpKEJDqfM6vJeNdVTc3cvS/JfdpPbdY8euqiJZ05RZWxY9bWYrHIXJRwlsutdvIA1JTG8H0K+KzoEi8nV2Ly7Nyuds+i0OIVba/lMjaMo12XCrpgIDEB2pNr54NJggowvHkmvet07MIqXWRmj2jaS2jhFXC4weYp4MByHc19izJg19wyJz955PBS8RkXtPSnIaClUWUnNL0zBNcY+AwVnaf2QsMExBH0UJPGskK1BHlhDuet/X5n8JJRsGbVTHFZkKrRBgaZMNdkkRUDfjL0c8HDE0a2ajHbiklo9vWtzH7X36Ha3YCJ6WRWRe/+w5dMl8okEegWKXRqXEvh8V/GCf0bWW91kDP+yxiTxdo+RA90x1S7wTaYZ1N0w1i2BHYyXtlj5mxlUI3VytPhEC2TGGVsLxvWxQUZWxqz441HZDGHGxEPocvk0lCgWGijGrjk7KHGcrNeCGkHaKehBAMiX/tUvj46erqHaQj/8etfW2kJfzGybmHUH5LNXYiVLCBNLZ5HIBEdipiH1fZDm5IcThFCnyspuJGKixmeFFcnvAhMc8LskXSbOcJkKKrT7aE5lLUv5cwF3NlX7amHBkS/NBAz4TYEq1dTuG+6zuiwm8GoGl4Lw1KQiBdUB0BHrftwMBP5szbWjrbi59ae11TrZCcfvskVDt+RvjtNRzbcq6w9d8KDHIK2OuBsICQrDQXqwXF09LTffePoaQsoKBi/ycsUJnBEHIJLAV78Bdc2uIZU3tzqEFuPx/8H8Hj2CS+7eEOns0ACIAo+4XYX0r4LJzQxYGAL+gR2nyOP7ekpzDdpTHhqlEyGi8XrPIyIESOCsKo2ER4AHZ8cu7c72WutdFMyYWbBmGgZBcxCokzXucj+6DAwy4IfY8C+nhgwVG42RQQXMPpqngi3zVbn3kXr2Pj1oHyG8K64t9p692N0G3mMbvus6LYNB16ldSsSGSWFoGUE0Xe3Prn0oXHddNV+580QRYfiLfa/vaFB5nf6eDuF9bukLSe9wZh/Bhk/aZiJ/YYz7W5UH55DKok9IdCUyguvTnqDTegA5ARuuK11Yket7uGw/7cNTPwjYxL/ROGI/+6RiH+CIMQ/Ov7wMfTwztDDry7q8GsNOLRPXdGZN4klVzKJ365xMeMY/nqOxeNkxXyTat+JMYgEDrjLOVv6DtVzuSCWwQhwH3qvJdQcyWUF7fW8jltTZbXFJoDq9ct73KUsVI/6AifZzdbdEn4+91UVvkBL3hSgiLoeUBd0ShVvAbVhg+aPwm3oTbvwSiSugUT633hZ0r1n2T55gmj8H+Tk/EeHUvLhghwcXh2gNP+O5vaLf+yQ47ou2U9s8ndu9p7vP8sOsoNngZ08+fsPl+/ejvCd71l+LXeIKwWzd3CY7ZN3csJLtnfw7M3B0UuHp73n+0dZu++t1NmUVrzclJnpwwXB8ckTrwQoVsypGZGCTTgVIzJVjE10MSILLgq50Ds9BOKTPbg35wv4UDNFk8hKLwyBSAwq05xFAlCQlLyiiAJu5zv5C71h3RVcMyXYF1sDzhbARj8xXXh21IX8KDvK9ncPDg53oa8ez7vQb7J+yDD+vZ8zwf4qhP+jC60Xkb4UxH4+R/c5E0bqEWkmjTDNbbRO1YL3aH2wgNTmgF+XRg72s4MuR9ksqP/V57orrgbLBb/ZtZO8JhNMTaAin0uFH3cxTP+bIEv8DZ9pzfY/YdATb452kf0TiA53AfVeOQLhsnRdJWGBoLsNloQCeOdSm+QIDaGkBcsP7nm/dLfq1sgTCP7nFfstFkDCgWnJgwespmb+2hkWOg9XfKYozmdUw9qj41paw8rJLyz3Qi5+uLpzJf8z3GIBs7CPIE7PGgXodIW2BtbXQ1p/baEQ6zrLgkEHd6M/8ODW3To6FNSCiLHMlw1cd8cvORbA5NDcGd+1GoMj6ryUTRHp98R+9LYcqHtHXYnpAeS/c7+imJq3XtWEFoWPe4R6YlfwwJUf0vfWliql8Naq4YWsVtJSRNSSY4wC/rL76Xb6SKVA94o9Z654FKwYz/3A5LyiMzYwNa34Lp3kxcHh00EOE2c/syOQs9OgeiOe/FY42vwLObZkgsWMoShwOCWhyAYzNAsoASTfQWeDD99KZ8kcHsBYvPv2acKCwvP3nmmNo9OZa93zk8xW0XzOBbtKilvePpl7IUteWHcux9d5yc3yag1uevtb687qaHzdjeudr3Xnwco4a83RenRwfM+PCplfA606hnTqPw8cL/wNCpl2y1O63+y51nOpzBVeC6/JlJYQce1vcZxvNzCjFbdtAIsMaNvtV1pMxBe7jdgdRlaCsOFXBpG2YirLce4/G3C65EDdc9bOm+tN+vnTOS8q+Qu5/HD6wQo2C2IkqWhtmaxm/9GDpSVlkNslDbKan5PA0xGEzFOuvc8j3f6AnwYGORNTmVKruxagSLLnNQmB2u8HydPdG29OLtK8TB6qi7JcZ8uqzNxzmL9KXWqokGI3vtmxuMoQ5bia0ldvTcss6oeYSFkyKtZE7zRiBKzvcdv780qdTRpe9qfs72i4vbcOXp4e7L/aWg+cDxcEZkiNs8OAWA1+8BzcBos2ipl8vj4wfhb0q4hloMDrZgLVlqC0m6PDv6ffDYwbfw/CXltyi4OSlApv56rxpTs5awvo22mui/FaFsNs516HOcFALQs0Rw5O1Qzw8M+d6VwW5Mez0/5E9r+6pvnDLSqO2J+sU7//ASbzNqz+ZI5dfvu7GXPy81VF65qLmXt269s1T1ECsbtIKlr3QQbnC5z3rw/uBLZh4BWDkseamYfd4jjuio0uWF3KJcRdP+jEcdwVE0NF+2lTPviSk4FXTH2HHPS5E7ebJdxf6Pv98+K47oJxvDzeLufhi4Fx3Y/xXglK7dA9EMcm97oE2Kd1xU43Q8Y+sbwxdFLeJnq6Ff8iS3nN6S5tjCy4zuVNqpz8P/grOXW/LEn6HEk07zutJwNDpbewgyMMucoq6J7L0MTUtqLew6TmDaSumricBgASM+nwnPw28+yK6d7QfO7cmpgJE5zNrqyIC2VjHFIgQvmKooHIYujR1dQtmybBWNIKy+8GoyA41muqaMWg6ZIiE2aHgH1zlUkw4gm+sB8xJI8XAJpmN9BtrKbKaIxtPDsfedMSkDsvRhBMAO6cFkhUFIQb7RpODKHQJdnVShZNbu6PyEtX6xrPrhvGiolhbbdN+9nk0pp2WwfL/5Nk5p07phaFVJ83M76blvrG5Se0oJMmMsNw+FzFe8/+48e3ZG6VT+iCAdM5agVIbkN63qiOM6OtJq2Y9aeQCeTXh+05kMSdSkkbM2fCuAIwPkPEs7Wpa03hXBqOnX3X/jadPmE3/38AAAD//+mHpzE=" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mru+3bduJ/yuE+/BtC1voj5fv+tBhq9vFW9sETbM9GrREy1wkUSCpONlfP/B4/KGIluUkBfYSIBZ5H/J4vDuSx6NhaYHJlqAX8569dmOVP928mMjhH7trAgv5rxRtd2/HIyydn3/9c/kiGHuzNOaaan4T35m/YRLkkzbXvCnhTG/2WexnczL7wgre1TMrzbMzXu5mMARmmUZu3phB9erTUwRJgMQ4zrlw8S4RlgaoQOtt9gpjtu7gMgC+bB7NLKAQCvfGKH5X2pTgioh9AxkFC1LThpb2ft2n1bfL79m5LOdk1eQZeQ4/GOVJri4X9vp8IyBf1JZHSy1Z0sYn8t/vhFEGXLlrMlqQHata0PudZpIoloNwGs8W9ITxvlrRxI8HMForQnMplHWc90JWxQERbW6KrOFKZ6W4gT2LBaoiENehMrDbZNNEFYfkB3oXftSTHgaEOxnugaJwRtA9DCDDoRgxtlRIrnEgiGQltS+TRSrgYRwcOPEGJvfQSS4uDEPekY19aI02+U5I++8id0tm3I/81ZbpceY90P7goqHxobINPHeFD4S5eBmYSlWF9yjMYMAmXGr30O6buhyZI8PXa8uZy6mJI4S7rz3KG3jMjNfsH3ei6gjTivsLGC3Vu3e45XmvcM1LuyR/R7TsWJ+67UuPrIgTC9h/1kd78j7oAcdZ8LjACpSdBHZasFT/Bkwb9s3wNi432i0gmhyNIeHk0I1SNwxWcBE7443SNCwfj/IJUs/ausTVJbxwQp1XoiuC/H4w/zozIs0kpQXVNC3SX/Cr9QXyXlVYb4ZkDbQo1lBg7UiakjlTyq41nIT3eg0VslYKIxEhcCpc/bNfFrfj8hEf1mMVM89+gzBe22O73EmA85qWLAFNa76gm7x4/eZtUhsG9JWhQFZLv4y2fHJDgbL5jPxixAQKiaqIZ4lrkGFc5lkCTD4iZ8nCo3IWYbgGhiX2OIzvkC9/MtKEqXMPa+r8idBqmu94w0DBTALDCllUYSpWvCpYT9Cm47WmoqKMTx24wfyaiiNZGZzecYxe0SR9p48KkV+DrKJCWrr/E9PLfiNKU23MalXZDAqgjew3M6/VTki9tmYh+EXOilu8hVdGB6ytbxZJHO71q/SUiDVN8Zu6aWZFDEtXSTLtAJTROKejgaaLJtSJqPdqTgN9OBxe4iHPyPfz5blxbPbGO68ppK9U7OdBW3peBhn3NMhhfU68TrdNyJzkGnse5PbM/pcgsmq2IpZWNAumOnG6JhJQ83tSPNFufPxwGb8zyxvn9LBcZXc15hV+hke4FF+6NUufUPNeEK7wyQMOS/rhoelFyqaT3h5j7zZwBA6KwrAPcYXKNh2vhpDDEfXWe/b6/8vXr36aTWvO+SUBhHjbPN2QXBQsOQ/G2qK0ZDrfTW+MQ7Gh9s2dl8DrbsNkwzScY6Ac/hH/lqAbvntnr++5BaIklsJxrRoqHdWsvUaPy9x9jreiSKudkyZzxIFW2FT5w8E1UF1Chz8U6UIU5Gq1HAKZv6ql+dN1KlAcgolioPIfCebi9oZgqC5fPloxR5/XNW1b3pRYdvZy4iyKWoyGpKbtsMkQj29Pw/5z7Y7alm68ZJBSXzH9tEMc6B4Y6IK1lbiDdCZPChzoHgA2jiDbdtWTdzkifAD6iB/0UGBP9ihs2ul7PK6liwYGdXmwLhf+hwRd/Bjsil/UpuxAoE1OMgLsdqrbiQgZu2V5p6PTTJJwPbHHf4tKXHO6oJ0WBVdwUBG6/7v9Spb45Y7E5Ui08j66e5IgFVthbIcneWhXEMtldoupfy5xwpaaC9TEcAyx9Q2IwjXTmHxsK/kA3Eea7/D2iU0w5YND8CkgvEnNOGT78S/y40MsSlOpu7a3p0lsKoPaxqX4TUGNCTRpzbTpmMSzKhg3eNyf2TwU9gfz7xyDH6BpsMNNK7hKruym9+pi7raWQNx5MYf7ZXB41WsSbHVrBZxJsxBz17VSFF2uT2ckRPP5uYtkjJvo+zYG+2Bx6cH+T/kI5OcR8osj0FHgw4nItq5jdeh+JAuKyK5p7JMm6Xa4FIAno199+4xJmM1SBeBQWqElY0zPOzn9bZCA+pdPeuX6t6fKizguKWmnd6zRPqbTJihyam3bNRCTgEcaqM4+9X+N4SN1828AAAD//wfG9ZU=" }