diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index d8314a9b938..b44801493c3 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -102,6 +102,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha1...master[Check the HEAD d - Added `syslog_host` variable to HAProxy module to allow syslog listener to bind to configured host. {pull}9366[9366] - Added support on Traefik for Common Log Format and Combined Log Format mixed which is the default Traefik format {issue}8015[8015] {issue}6111[6111] {pull}8768[8768]. - Add support for multi-core thread_id in postgresql module {issue}9156[9156] {pull}9482[9482] +- Added module for parsing Google Santa logs. {pull}9540[9540] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index c71940ac248..3e6da09f631 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -34,6 +34,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> @@ -6873,6 +6874,151 @@ type: keyword The arguments with which the command was called. +-- + +[[exported-fields-santa]] +== Google Santa fields + +Santa Module + + + +[float] +== santa fields + + + + +*`santa.action`*:: ++ +-- +type: keyword + +example: EXEC + +Action + +-- + +*`santa.decision`*:: ++ +-- +type: keyword + +example: ALLOW + +Decision that santad took. + +-- + +*`santa.reason`*:: ++ +-- +type: keyword + +example: CERT + +Reason for the decsision. + +-- + +*`santa.mode`*:: ++ +-- +type: keyword + +example: M + +Operating mode of Santa. + +-- + +[float] +== disk fields + +Fields for DISKAPPEAR actions. + + +*`santa.disk.volume`*:: ++ +-- +The volume name. + +-- + +*`santa.disk.bus`*:: ++ +-- +The disk bus protocol. + +-- + +*`santa.disk.serial`*:: ++ +-- +The disk serial number. + +-- + +*`santa.disk.bsdname`*:: ++ +-- +example: disk1s3 + +The disk BSD name. + +-- + +*`santa.disk.model`*:: ++ +-- +example: APPLE SSD SM0512L + +The disk model. + +-- + +*`santa.disk.fs`*:: ++ +-- +example: apfs + +The disk volume kind (filesystem type). + +-- + +*`santa.disk.mount`*:: ++ +-- +The disk volume path. + +-- + +*`certificate.common_name`*:: ++ +-- +type: keyword + +Common name from code signing certificate. + +-- + +*`certificate.sha256`*:: ++ +-- +type: keyword + +SHA256 hash of code signing certificate. + +-- + +*`hash.sha256`*:: ++ +-- +type: keyword + +Hash of process executable. + -- [[exported-fields-system]] diff --git a/filebeat/docs/images/kibana-santa-log-overview.png b/filebeat/docs/images/kibana-santa-log-overview.png new file mode 100644 index 00000000000..31abdeb270a Binary files /dev/null and b/filebeat/docs/images/kibana-santa-log-overview.png differ diff --git a/filebeat/docs/modules/santa.asciidoc b/filebeat/docs/modules/santa.asciidoc new file mode 100644 index 00000000000..7f7f2594e35 --- /dev/null +++ b/filebeat/docs/modules/santa.asciidoc @@ -0,0 +1,71 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-santa]] +:modulename: santa +:has-dashboards: true + +== Santa module + +The +{modulename}+ module collects and parses logs from +https://github.com/google/santa[Google Santa], a security +tool for macOS that monitors process executions and can blacklist/whitelist +binaries. + +include::../include/what-happens.asciidoc[] + +[float] +=== Compatibility + +The +{modulename}+ module was tested with logs from Santa 0.9.14. + +This module is available for MacOS only. + +include::../include/running-modules.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard showing and overview of the processes +that are executing. + +[role="screenshot"] +image::./images/kibana-santa-log-overview.png[] + +include::../include/configuring-intro.asciidoc[] + +The module is by default configured to read logs from `/var/log/santa.log`. + +["source","yaml",subs="attributes"] +----- +- module: santa + log: + enabled: true + var.paths: ["/var/log/santa.log"] + var.input: "file" +----- + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + + +[float] +==== `log` fileset settings + +include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + + +[float] +=== Fields + +For a description of each field in the module, see the +<> section. + diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 2d3cecc8d9b..91de19040c3 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -18,6 +18,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> + * <> * <> * <> * <> @@ -41,6 +42,7 @@ include::modules/nginx.asciidoc[] include::modules/osquery.asciidoc[] include::modules/postgresql.asciidoc[] include::modules/redis.asciidoc[] +include::modules/santa.asciidoc[] include::modules/suricata.asciidoc[] include::modules/system.asciidoc[] include::modules/traefik.asciidoc[] diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index ce4b822bbb4..345fde6946d 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -351,6 +351,14 @@ filebeat.modules: # Optional, the password to use when connecting to Redis. #var.password: +#---------------------------- Google Santa Module ---------------------------- +- module: santa + log: + enabled: true + # Set custom paths for the log files. If left empty, + # Filebeat will choose the the default path. + #var.paths: + #------------------------------- Traefik Module ------------------------------ #- module: traefik # Access logs diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index 9ec7da743c9..95010cd16ad 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzsvXtz5DaSIP6/PwVCE/Fz916p9OiH29qYu+1Rd9va6YempR7frMchoUhUFSwWUQZAVZf35rv/ApkACZAgi/Vq23fyRuy0imRmAkgkEvk8JHdseUZYor4iRHOdsTPy+vzqK0JSphLJ55qL/Iz8z68IIeYBGXOWpWr4FbH/OoMn8P8OSU5n7IzQCcs1/FKCfOn9NJGimJ+RU/tnBI/573rKEJDFQxKRa8pzoqeMpFRTQkei0PCnEmO9oJIRlmuulwPCx4TmywHRU6pJIrKMJVoNSMo0/kNIIkaKyXumCLtnuVZE5ISSqVAanmp6xxSZMaoKyWbhC0Py+jOdzTOmCM+TrEgZ+QujWg1xlIrM6JLQTAkii9x8ZlFJNYQZhFEN/82NS01plpERI3MxLzKqWUoWXE8NsZRniogxjBHnQhZ5zvOJgWp+NOR4g5FkMWWSwSMYFpnS+ZzlLIUxTZk/IrKgCsaZD+2kj4XQudDMXwY31DNygSgTqpihCYZMxkKSTEzUoKJxaJiAcEXGPGMjRvWQvBGSvLx8NyBcmwd6ykr44bDs8tL5/MgMiCds6DECz8dCzqjhFJIKpkguNEmmNJ8wwsclSGAOrogy3+ipFMVkSn4pWGEwqKXSbKZIxu8Y+Ssd39EB+chSjkwxlyJhSnkvllBVkUwJVeStmChN1ZTgmMgVTLybQr2cszPkcDep9V3i7xTDFFzk5e+EZOyeZWckEZJ5vyLYO7ZcCJl6v7fsHfPf3xF0wD7DkApCGK7uGXk+PB4eH8rkNE6n+f/7IPK9YZVOCo0g4MosJwUq7JamudkxE37PcqIFobn9HN+2j6csm4+LzOcNZHPpBk70QpA3lk8Jz5WmecIUMbKkttWUQW72WwBrVGgjFYoZzYlkNKWjjBHF5lQim3JFcsZSswFzspjyZNpEFwB0zJuImUE+lmIWmZOLMckFcRsNpgF3oPtJjDXLScbGmrDZXC+HsUUfCxFfbrOS+1ju6+W8x3K77W4QEKXpUhGaLcz/lOtA85SoqSiytGKD0dKTk4Vi6TCcsrwUXeUKVO8vAJZFM2LVKyDH+dgwSgCunWkChpnRZMpzFp9+CyK+Bjzdxwp8yvkvBSM8NSflmDOJy2G2F8zDIz4mImeEfeZKq8eR9XntyDdCHQ8B+H7hVgNEPk+jQ35Bn46fHR+n8SGz+ZTNmKTZTWzw7LNmecrS7SbgtcOxzRygSEpJbo6jLFvaQ0gRmkihFJFMaSqNomHkwy2yOk9vy1Ora3LGTYVqRBUL9am/VL9YdepktTplwBDFtFOlzL7KnBqCwsnwsOVfLeY49XAEK+ZeNK8kYjYz+hAO10AxSwG6CqpT/c5Df4wH/6H5zMzbbH7QWOKU6tUCSbJfCi5Zeka0LFhshg9Oj0+eHx4/Ozx9cn384uz42dmTp8MXz57810E/5nlFNTsyZBo9K/fULCH5hOdGd4twyxvUkZyiqe15ZvXYOECjm01YzqSBOTDyLgBpFB/4guOr5uiJYP5oZwQnHQ4+s1b+EjVlP52ojSVPNdM//vNgLkVaJGYe/3kwIP88YPn96T8Pfuo512+5UW3HDokCkW7Oek0nhNFkisNoGUVGRyzrOw4x+pklOjaM/2b5/RmpBjIwqmnGE4oUj4U4HFH5r34j+itbHt3TrGBkTrmsz7/57xz1FjdSmqZkxow+4Cm+Wrj1I1d4AoIWbC9HOVOahbyCozO3kywjgB/3sNLCsAZVboq7hP1tKpI7Jm/h5L29e6Fu7RS3zP+MKUUnfZUIzT5Hp//ge5ZlgvwgZJb2ZJvGZmOOFrsJStlnHpk37eOYlpUToadMmgUB5SEKL1yzROQJ1SwPBRYhKR+PmTRb2y5BJW+12chjyVi2JIpRmUyNFjk0St6syDSfZyEoi1/hAQV639KRkYjZiJv7Hs+1gFOsOTy3RknGG/f0c/+3fhf1lxaQkWkpGwN2ijPFc6451QJOWEpyphdC3pk5yhnsJ9TFcakkm1CZwtXLXMFErgbem3g/G/GUS/yBZmSciQWRLDHiAS+Z1+eXFhyqwxVlDXLMD+Z1jxi4WiiWp/j61T/ekzlN7ph+pB4jfGSHuRRaJCJrIEGJbRSCGjoJhxMzW87dcd1kaElzRYGAIbkSM1ZeUQ3XwUHM5IwcuCNGyAPDZ5KNmQzQ57XhKLw628f28MY1HLHSuuAZUQAtMaTkE7eCFXCfZpS8lll8vaBQBQy/MmXw3JD0M4pPNGxYU4U1JJEImGoejWyrgBluwRU5BHFSSsLNbt983lM+BS92CJ+LSyOzJVOl1Qbnr13Umx0qZLnPycXl/VPzw8Xl/XMHi7UJ2bmQuucIMpFP+o3hUkjdSX0p4mmyjxvKu5fnvSbRkZGKGeV7saBYvkQENex/Iu+YljxRDXpGS836Kh61VSnPvZMXT/uR+BeDDA1dYylm/pY1mpLZ1Z55qslAsJe2pva0J2chtl7kNkidMP/+bU+r74Ifa8fVCmq+Y6K0LNOcJFTKpW9XpkTNWcLHPCGZQIWPSIZyCC1OIHxCVUsaOkM7JZP83oguM16aGxEBWIeN6fXFFvFEl/dTqd1aggLk8aUroTNxMxe8RnDH/BDyVuQTrosUzS0Z1fBHaFUpmeDr/yYHmcgPzsjhN0+Gz0+evnhyPCAHGdUHZ+Tps+Gz42ffnrwg//o6Nh6jk/Gc5fqmZmhcNarmfl4xJt/gWGJtGdJ7IfWUvJwxyRMaJ7vItVzunehzxANYW2g9pzlNo0RKNuEi3zuNHwFNF4l/K9iIJdF55PoLTCLXnTP4TuRaMpp1LTRX4iYR6RdZ7IurD8Tgalvwlx2L/SXotAu+kszDv53HKG1b7oiVb2MSPykmD92VxHsTbyNOiA6ItQSjSinGZCJpXmRUGo6xlyvJ8FgYftVcLjR7ltZ3lC5c4mGSsFwzaW8K40wISfJiNmISnJRgC3I6uaqBRhIzMp8uFTf/cN7NxLGyapDzXoDd3LyeLfFSynNCCy1mcHJNmHDjblmxkVBa5Iep3anVZVEUaf2uWP3U76r4Bs9b7xhFDUAU4KDk+VhSpWWR6ML3YlYTY22PoWdkpeNybJU1tNcr37NDc/L6/BT9qOaUGzOdTJnCtYMzm3vo0T1c0WwO+tCgEDimuSrt/yERJUBZ5NaxLNlM6NJfQEShFU+ZhytOHSXWT+qD9F2p8LHlvtD+gWArUGDasOh9D61FEE7c+vbduRT3PGWyqWxGtnzJjSw53U6JDw58GLEjpHTj+0YxlpwOyCRhAyJkKGj4hGuaiYTR+l2gDHu4pzyjI56Z4+xXkUesX11DLdQho0ofniTbjfilRwYxZBhWQGsTsCTwerWYLYPBk6TXCFYag8uR9RuAPVk2odo544ZbOpBK0vnhyemTp8+ef/Pi22M6SlI2Pu43iAtLCbl45dgPhhA4BNvpjzvcd+MCK0nzjqs+xLmnce/wJrOrT4czlvJi1o/wd046eW7kHnTTBPS3nfHE8+fPv/nmmxcvXnz77bf9CL+upDjSAjE7ckJz/quNE0hLC7L1Sy4rk3F4UBslgEPsEaFoODrULKe5Jiy/51Lks7jFqToQX/5wVRLC0wH5TohJxvA8Jx8+fkcuUgyRQuM3uIwDUJXrNGZWxgOmlPROW6j93E9jKL8KrYzWFthwjnjWTHd5r5ND0MxrTcJKFDIBZvLA1ByeU5bNjdqMaguemCOqPKYpcSh3z18aQaV5ddtY0zRpv96XCPiI4MmM5nRiTnSQseUwou5p9AC1yK19BiuUZBFe91GV+Gd0sl+h6esRgK00ISBpC6rIqOCZLpWjFiI1neyLxmqzWApp2zm5z5mqqKhu2w0C2vyzrSQ0fLT4w80m5x9MTsN9WRqUmdI89+1rVoK9ajzoJ8O873q4YTz0cE8twaCx9sj6XiJAux0wue+BQalXhfKS36XzxJuKP6oHpX0IX96NspqW/flSfHb9ozlU/B3p3BSwgX7HXpUOmhv0PrhWHlwrzVE9uFYeXCt9J/HBtfLgWnlwrWzqWmGl0hPk35HeF4x3TNND/2Qsj1ctDLDfKDmpNR67Kzz//MrhxRXEcOhEwOgU0WJIblmihvalW8wMkmGgszlUZ4XSGCEJy9QW9mz++2HKcvJLweQSIt8wqL28UPA85QlT5PDQ2qNndOkIMhOsMj6Z6mwZbp4y3NMbEcCAUSGZmdHbeK7ZBLOFFKHpz4Zs1NgCgCqZshkt58aes61DAotjITHg1H7DFTmBNK8R0/SERI083gsV0JJRpRQ1q95r76feeZ2VaS2BtKm5ZKC9Any4rtB8Se54ng6NoDEjnWGkKL6gp54LDTMczdJkDB1kZhFdUieEW2Lobj01kmvFsrGXC5Ej/GA2+/u3vlS+zthmcjZp3VH0ddfuNDhbAqarAz3dS+4Y4jbQnVRHu2VzJkp2vW+EN7++3yQNGfklZoA2zMM+6xYbdCYmBK3UkicB1w3JS3gahky7i4/jSTNALwtYiRnTUxw1rVJ7h+RtFe8OUs9lJUPwMJ8xcwo7V5r51YCovi6TmcXYj5x3QKhLiiWQ0+T85tYXXgV1462XjBhGcLvLKHXGJnOx86+l4GGIxoSPmF4wZnDY2EAjzqkLG0YENrYaE5uTTCgzkpduqldPq7MaCcmM0gD3kAxgUc0mAv8M0r8NEfEJjedUB/Pqs0A1tTM2E3JJjPgzABygtJaLfl9kOZPo0eVVVrp9TSU0NwOFzPTNDvq9iq6LV2bpS4NnKX83yA80J0KT0t1Yrc0+N/CDk7Ut9W/C78EBV9/0C7MvnXcySNpxEANY7ugZgFXWALC7x1Pf3G0ajzOftsqjFwA18ukW3rgdkFulqWbmHzSjcnY7JD9QaTYApPOPC4izKbUTMTbayoAsQtVjnlEwItnACaM829wsmiRsriHn2cZQ4OnkNJwBmWeMKhCYAUiwQie0qCvLJSMA3S0HDO7Q5V4OGZQTFkPb8pcqw5RPpjYTIX4CtKzcRcgHXKEggrQHs+xTmts1HGJmyO3AxfMoliubBF9dRmjIVpb8is5Sl6UuM6QHG4QLxnbABgHEQrEIG8R4oTB3TfBUgoyNcwWObB88AQnpeDIldK5B8tpc804hUd49bTJQxR88D5mhZIBq409paIG03OCW9tY7XmDDg6w/pGlq9ro9sA/hwGbpbbiUt2OescNEMnN83mKSEKYlclVlNLvz046UG1wzuHBH9yus0ZwqZeb1ENOh4wslCp2I/XkfzWgsilWi/MJ77K0Wze1yDzwWVmGYX4UhNKaYbelyuarzH1+2K6WKxCyOzaQcU54VkoWCOYDZLqTX2ZEhyFYh3XNH2jHEF3hfxSM+MtAAUfG2s1K0ZG5e4ojovYDAmjLCocqDNgwLZqS2K5RIi2zvNU8Qi7VV9ar8gaUHfGESfOFBVaWNCqs0CFnWrolu4dlS/ZLFJ8OQplhfT+nGs2HRtJkzRG6YGi2Mt/bdW/LIiDPFNDmyWrZi+rGZlXD05h4QGlSKkfnKKOc4XSCJg13uTzOq+2ay0apSs/fYZGqeV0RgHSQwRZU/2fU2DIxUD+tm80ADatlhit0zyXVfDajNw3jwTc+c6iuLr3akOTJqys0PU2v0jcevlV9ZVWHGwEWYGwnnxbyVt8Ay99qsz9eKFHOiRU3qBueTkYgzescI3KksOs5c4YpccaXhVol2vs5iCDbpNtuY8/9EPhkm0kVONYO8YK7K4kMcK1ipqVjkGGCW6GxJlkwbdv0/JBVY6EHIuwCk0R+MbFdkwbIseHShyP/3p5PTp//uAtxK61oZUfJ/oGiEkHeGENhRYMmobGQBQIxK5MmdinLpwRWbk5NvyfGLs9PnZyfHGI95/vrN2THSccWSwiw3/hWsm1k5o4WgaifxjZOh/fDk+Dj6zULImTuAxoVRVZQW8zlL3Wf4v0omfz45Hpr/O6lBSJX+8+nwZHg6PFVz/eeT0yenPTcCIR/pAuxlZREAMQbfgSzZ/5MN40zZTORKS6rREIR2Xq5jtwor1vF0slzB85R9ZmjLTkVy4wWpp1yZ5U9RYtHcvD5iNYhYSYClWIOGlzWzpBFGrPSb396gfebWX17AfUbGNAuU9ooM/1lj00ypmm6l3lXcVQVfx/718i/nr3qv3PdUTcmjOZNTOldQsw6quI15PmFyLnmuH5vFlHRh10ELM12gQ9UEDum9uOUBWsh6VMFuYo1eWcCBDDYCIqe5UCwReRpzD1zYOj1DuCIAj+HfLE+Bxe5yI5NAWuHdoKq2VfdMOJGdsFJmAyU58i5iqEJhm/oin7He2RIb3QjKrVUNwqu1GBTe+VqRsgxRVWPQGuzCU8eSHd78M8louiSP2HAyNHcoWmSaXC2VYZISsHqMZ1kAT8xtVQuIul5wFdNrX1Z6fYkfsYNkOCPUbHORg/ny4pWl4+B1IcWcHb2cKc1kSmcHj8MrIR2NJLtHe6r75Or64DGYaHPy/fdns1l1NHOaubcOj5+dHR8f1GtklaYavGT25PpakaeOJbWXYYTeSMCKFlOyL7dp1NWiG02cK83zxFqw/8N7ZmuEeD855A2NxF7C4fS0Lw9ddRogVWH1wYornISO6022IEeNGBQ/Gc9R06wNnGNlKL/iYQBztPQK3UmGvA6upoRmQ3JbjfMWPQt+DdbyWbg0n7WkiXbHi0/hoLZuJbHlELhfyapaH1tLL8EaffO50aMEOBzMCYxGGXMBQg9fZHEaMqt6JUKv79EwCCrpWKe8yZQreM0VIYT5CxffzH859wN/FJXUqqoaNu8ERsyuIULX3WwoxlduNWtyMoIjOkk00fzeaP9mnsZcKu1q17YNjK1l8193WOaUWjkoQOUPqRxGANEMKaOrRyS5urtRNRHYJRjHmaA9PbQfubojABvL2XLRuKFZ2a2sYk6UyMDc4yoduv8+KUaWopC2MNDXqrwNWZXA7LaVQ7zJhZytsYBrjPU92Cr5rywFfCuGPSjdZRlo7cdGhpwcH3dUnJ1RnmOoD1aRNdMB91Ew1oKV3hzAtnASGv+U4pPaaVARp6CSH4BZUCx6ohgj1JpdYSg4t15lRVsOKuLgHvOsVgTSObOtu/tN9ULbPL4EKHWPKbGmkdCHBU5nRUZGxXOi0Dpyze8QbOPckmDfAMqHQIYrQ+cOOaqUSHhV7Rruja50V1BnCiftyNpMnA8VmHhA9FQoZgv0obUakF04fZy8EznXAo6HH99cvPvJFfMDe5hNbYbqXhA+gqZeZ09tJmfQ8ZjhYWFer4/BrwdpjT5reWSrAHJdXaDaNkxcEw6W+ZIaooRN/s7CzVrVe5QTpm92hfMawMEQQO1Qy1nG8zsVxQ0IghizLTD7wgFWs4Te2OKwwe2xSrNMLAijamnmSDNgldHSMpsD4Vk/ytvp3F7S6hPq27+3GA+MAZzJYOIckJRL2Gt2Sh9HpzRlQTWALfC/Akgt2ZKdLMVzPwZoCxIuDKDKhOUCflBi5eW/rZyJkVJ4sQ074i2jj4L3wNyvPl28eoySxJ6mXqTWoyt4WE0WEYu8VourNDQu/AzVbbkGoH0NJnDZSMIr0z52MzWXks+oXKJsgzn5rjbsOPYgJWNn+P2U9lbcs83Zs9z8x8+fHscJemd41l91nhORaJrVbLFR0hT/tS9pgZGoyQMGkkEN6VNGhFjbojAqDU1Td425NdBuCQ91FnAS38ZFzCzITO4mMtDHAyLfGk0ZgqlgkmykBCjRM5GaHZRGsSf7wD5jmmJMOXiu04iy5TOsy5HyfuofTYiM6kUTzpjVBatIWHhHWZVSGhGYsXuaNyKDg0iqHUR97cbi1h60imN3BfJBbB/NM6qNlvkbpCr7zkcgLbLuXssHu+zfV7/0rZDrqpcEOratckoSMZsXGqMabfkPiBqHiD6vTUzEdun3iam0VOwKk3shimEzGCzukK8OYTQjtZXdXczilMp0QSUbkHsudUEzV3xDDcgrqBDgVUPA685fixGTOdNgTE3ZpgnHZlRxZtjeC/29he1XFYmZb7RX8t9ZDRbO33nrKLyF+vhm6JLpQmKJp57FSvY1wve9RgfpmtbGB+PyxuSN5VPOP7t7qU2/KbKaR/yXgmYgxW2+L4zMBf0aYmywUxVjZLQVDEdSZm/X6i+xhKdl2Wy8JGthvmmrtrDPoFbczzEL30tVMqrz5NmuIlhHZQAGBOvMK+W7OQJ4PhkXWQCM52iB6VXY5SxI+iicd/IW+nHAEg6bk7TrJH6QGHzuUs+/bM7793Z7rcC+7+42LdvrjZC2xI6rQGZ7QViLSFB/zYCCFlW3ZY2k29A8dzEm97OBK9ziZcqV4nfg2/29gj6eUSeAWDFhD8Yr4y5lMuWaQcW+jSe1cvh+fvH85vnTnk7dD3Mmqa6adQXERBLdha/j2sO8gnEFMLw31kt6N5vvw1W9WV08LFjUCPdXVrICvPtnAXQt5jd2TuteeTN9c7BKhZ8cll3haj83mlgdgui98dv2kU1y550mFwDfQ/JpY90dYvIIurQlLNdCDUgxKnJdDMiC56lY1O3bVWEjKhc832MmbcXe72himOR/H2wxWLzQR6gd0xmvHcLb0puyEaf5OtReWTLsUkBvmnRK9YAgrAF0uhip1F+WyGCayafbj+bkeHhyOnx+KJPTbRbA5VOCEi/pgigtoSRhZBh3RvPNdjqKp8Onw+PDk5PTQ5svsM1YkL4eQ3ooFhJZ3YdiIQ/FQkJaH4qFPBQLeSgWUiPxoVjI7oqFTLWuWaG/v76+tL9sWoXdgChjWjatWIoNroYzpqdib6bl77WeO1QEUUXj0r97fT0glx+uzP//dN1NMbTSkj0rk2+UuITwq7wrmG+HPka+WWV1dnQ0ysRkaH8dJmJ21DYSNRe5YkOlqS5UXeasGk3/cGM7/YiNILaG2ClH8fT46Qp6RyKNZLHsLhNwXGQZTGZFtEEZpRZ7DS6EzFrSz1vr4eyQtS2OltoskZosmZiE4uBt+UP39q/6D/rp5lUBiA3FAExJc4q2t669FZPqZHBRo22pndBHjwUZsj+8/Pj+dkBuX3/8aP7n4v2bD7fRaX798WN8aFsnA7VnzcABA0bld0szMP9Kt1YyRus01rZG1YK2DOrzemHCRSMIi4SN5L0RgBuxMWYvZ1yjH0uTAgKUy8TzOZXROkUX6G+QtKx6RG4tilsbtI+M6nsmzJ2vDNudh3GvxGcPC8lP5K3l8drBDxoDrBlb0TUypfesjPFXhsfQVZ248k3zecZZipZblicC2lkaVYMtQiWL50xBz4972zY0YzSH3LaVXUk3ShUiStgcoK8buUK/FEyCG8ZaJ9G50itdKBBFNmovFEfvgx/7e8ldCGCzqWgiZrMit3OOgWbinkkn0Kz3U4ZBhNb3aXti2kcbOVcd2DKSuR4F6CwSGwrQvfu7y275aIWGglqCKNs0tFKb3SRF1SvQv37gYx4fxL5cLBfoR/1wdQFhNlmt9bx5ZhmOvKVLJodQDnoAxaDN/79iyYBcXrwbEKaT2MDM6/EhcZrTG7wy7Gt5CLl4+f4lubTtZcl7wEYeOW1wsVgMDRlDISdHGGkMtYmOXEPaQ6Sv+cPw81TPspoBnJArTfOUyhQCj13tgLK77RBFDc34JMdUU2Tw90y/ycSi0ZScEPUGO/LiBoJEF9yVrpVtbHxRBnvewleS5mqNot1rTf8V5GurkvG9FbdJlLnSjFYFBRj5K8L3L5zhhdnRSzLDjuTRp1eXA3J9fokseXhx/u4SeHH4ODYL1+eX8XnwupDvixlf4qBQWqCh1cNqecMFc8sR15JKni1tBDyWaQjnYsrzicKzccYTKVz0NU4uzZSoknv8l9Xdcs4GhCe/hFlrY5qwkRB3A6IXXGsMHvDFgbt2K64Le0JXRQDvWZ7WKKwiwstULGYuNylxvowyRwhPwaPUiMGLSwy4VCF5Ztmxa/WCS5emF2X2lxfv4svstuJe9OlvSlHp0KBZjrDPQ7gzDUgGzP8zTcwcl6wcoSq4uMbHUjbu3sdgXjngTvvzumuPxy4Mv3YrN4oEpvZUCtNZTaL9G+H5SBQNSfdvRBQ6/oDnmsnwmoAPzL6MPihySLdt0giFSWd0PvdKWtqqekbLOYQuNGRWpTjYeoSDUo2BAzLcNVgCxTGygfO1IuCSMJN3z9mirURqnBI31UKSOZN8xjST7ZTVtohHZZ2ygCTzvxCRUCbnOVTRHeUvWoMTx0IuqExZerOf8BevkUWZMGYj571H9vo1l+Jz3B5x8u3p8GR4MjyNj8KqwXp5s79AzpeQy4+1J4F+uGF4rQUuLrEwopV11KoJtBxbXVCQyhYaKvLD8lJKiRYiO6STXCjNE6KskuL3xgo5OhOL2N3yLaMyx1wtqkuT2oTraTECY5pZaijee1RO5iFPD9WcJdEV+frkbPrhf6j3T7//H+++e/buH0cvphfyf1/+kjz9r7/9evznr0MS9tLRosveJTTNbLg3CGuwOsJcj4S5yjgZ2VIQ4NY2iAAItjyV3zLE/e6qAwzIrdOU7CNkaS6JKmbRCXzy/EXLQbdNy4yVc2KhbzUrFkZkXqonkZkpH66cm9OnzRt1LYDHhSyFv/aMQc5LaM1kvzlLOM2cbB2U2SwYrllpfTa7qGxVlzLNEj1wkOF1TAxcDevQXRPsaeIVSnLKpdPjKEkKpcWsDD5GONDDEOJJ7bhqGYoiH/MJlOvTgsgiX2OcSoy1QeRVcXMB0GMu2YJmmRqYk14WCudFIxcdzSWMB4C4AFl3ZnnHoWK5ElINyIKNAsweePBbZUIpEgNq5uvl5Ts7dmvYcEvsWzZolnUYNqy+hGDBF0bz5QCnEkelyvVVLhET11hVh3/HVNYTIsk7a2P8pWAFgiSvr99CFLzIgRXcEWFLKIT1vC2PlPUKoKJTyqAerh099EZ8fX413KCM95drx9SIzvuCnbVKPmkg/5JR9u1UNC5nO6OhFIKIImj7GCFjuw4IXbGrFR01j09V5U1ymu3Z5FSSgdisT7xJzN5ipqdhO9dyeVw9wD4VEc2VHkzhRlC6k82ZsyqIyzlTw6ZrKAB26y4H8nZAbp0wNv/mqYL/mStbYvXzEv4hsgxfRpFu/lWJ5biHyYF9iFB+iFB+iFB+iFB+iFDuGMtDhPI2Au8hQvkhQjmk9SFC+SFC+SFCuUbiQ4Ty7iKUhZzQnP8aaaD+ofmkf0CQD9YdxyyXPJni9IFVq60Ly2xO86U5dHFiSsD+LbMWxzMMO9VNWTaHwm1USppPXA13bbsIeAXgaY4BWRBiEzYnL/H6g9k00nKfgUL+SpFGBaHftoaIP3fDkPNqfTRbbs79eW7b23Lzptx6S47dkKP348btOHI3XpOTIrfi3XLTDm7D9btwdCBbb4nue/A6Q+zYNI1b8DZ0Nu+/XVRudPeNDmIXwfAr773rTHjrBTFKfuPWuw31nffddcaw6q5L6g5C6yEJxd5l8OMmXVlbhV3ZDHLY8iXNq5MSOlpAeIfz2QQNVSBWtmwuydOjYPfa4BI/FBplsutuNZzz9JaIsWY5UZoulasI6HpAYntXcyH1ImASMed4LYeaT5kY0czrCuRI9pSedWVp77oz/b3Yl+UchRLRNoqx3Ra+qILgSIqIOWLzL6CANTHqJYOSJxNJZ1bvlUTxGc9oPHindUDz6OTuIK3JjWZOoXZOo7BPVexkEolR2O2MUjkpZi1dnd/RpblAoN6JbDyXQrNEg0OZa37P4h4tb3p/PFBqejAgB4eZ+f9GeTD/65qlPD/4KT549pklBfQe2NcUvBxBLWqGQf12jzoBUaGPjuqoUPJoxPOjVu4B6bjv1QMkLQ2szEjg+QBzR3CDaFfenqpyrBiHeU5zjIr1ewKEHhSvwA+hZCTFQoEvz6XhWILcXC7YiMyhZr5rYmVU17y1Ujn050mH2+y6Khnw9GlvPxU0Lbh4tZ9S99W5fXp88vzw+Nnh6ZPr4xdnx8/Onjwdvnj25L96Ht/Xrhuwz6a2AH4L6Qsh73g+ucGoo2gT0000kKOpmLEjmvmVf1eSbmkhJS3O2hkc8YG6Ya3aobrxMfixr7pR9WRh2P/SFcEc04RnXBu1Yc7vBTAylaKAHtBzzrD+cNW5j7h0P3im6lXLbSC3Ygz6bs5ovjTXj4RVQSLXPtISJvZPAr8zXjxnAwI5RGW4MG4qbrUGNRc5pHvZ1KxKNb610zb0vMEvoZ2dZJr53cCqQA2mBl7i24iRIk+ZdD2h7a1wYMMyByToq41dswfEvWRUIBeP5se+DskFlrS3w6JZBgGdWlQk8/ntAJU5CtpVbucFJoXa7ICLS6Ilv+c0y5YDkgsyo1pDRhZ45jUgoBJ6US0h3WxpJspDckaHo2EyTG83rWUaCZlp3Uh9w2ZeZmWuqZkWYCHhCqPVEk+9oI1GvN7VBtF69qNI+pvlNKjjFu+fDocCxktJNqEyxYAzBXXMB96bmJ0w4mUMpNGFMYMnETJV2K/m+vyyLMSPbf8cZUhOwrj5284UNmbPyNU/3tu4y0eqrAZtQFXoETzWpCuTjuo4bJHUbNkcfC3OP1eu8yqIAxsoR2iiC2fixL4rTM7IQQnpACvvjm3MicOc14hVrjIlPLbXHWePjaQJuop0CQowVQPu024bx10FoCl0N0XKq9A9DmGNPxd5Ut2hbJN8/C4GpprCXGgPmOETXCLbw3qrxO8vELXmR4sFr56jjKxZWyGZz/xwcXn/vBKsLUfzGllla1wshNSd1H/5sMNOMrBU6z4osWyJCGrY9xIpX+VRvHjaj8S/QOg81N+u8rxs7JhtxA9brY2Btolhr6jtqSRf2pj2PuQ2SH0IkXgIkWiO6iFE4iFEou8kPoRIPIRIPIRIbBoiYbPMm9fE6sf+TmqXsl6/k2j/mbloSTw3q64PGDdBfe9IloEXui34YcxtV9/KtwNVHtAa4M54z4aC6M0XtTyHHTQr2Vk1fy/IwJ5msshzvDXDANqq8PCypTAW98/K/k+207v7Hl+f0TumCDd3MKX4qNaMVYv6rHopcbiCuVesq520sh+AM+9IBuEFkrM8AbuwUgVTeHs0MCVLzWBs8xGw9wQAjUpnY11cH0CeuuaFZT5Wnla8AO8onk+g/ZFtalKntHLpP/mGPWOjMTum7Hny9NtvTtMR+3Z8fPLNU3ry/Mk3o9GL06ffjFtqgmyVrVQZg1lGleYJmrcO7ah6WoJ9RcjxfJW8YvdUR/6KL+tKAJDRYpuNQL8xMLaVRVkysVAg9RZhc3I33dWFD5ptuJ0oK+Z2bXjMc9t4IGRIlNZhT2IMkLIdO24dE+ZVe4kAxMsM605Zcg1rpFxpyUeFAeMqgCC/yALsa+X1fSqUVvXe69UWQXuQs4u4QWPhATu0Fu+krSIEnXjFmLz2V95fAhiWTUP1Ox8nWaF0LWkFXTZvhCR/YVSrJhiuzKy5luCUJGJeWtzLeYReXAFca00ek1wQB6fsnLKPBhctO2Idn4iXz7XRbgAAzu5tU42xc1Tk6AmEpDnfRI2NHQkG6gppCQBrOaYhxSGzDGorV5aeCTDcBhNZ3yaeV0vvJcXu3HaEAQS1dVk3uGdtHnoyPB32befxdxv2UmMdX1Ppwz+VdIR6luLOqKTURmkyjQ3wQoWljLgxumyMeVrmic2nbMYkzfZYg+O1w9FQUyr9gjziYzjJoQVvI2aLePpK1b8KOt0p12lYMvBc2mJMJVvz9JakAjp3xWsXvaBPx8+Oj8cVxpKhwTdV03H93/qpuPhJH4t72Zy0WkK0yR05C3sAqr+F3a94Ys3sG2qxX8BGjuUqmgzwx7CRx6j/DWzkXWTs0UaO/PmHs5Ej2dbo7JdGaeGi34OhvJ3mBr0P1vIHa3lzVA/W8gdred9JfLCWP1jLH6zl61jLg5tEIbPwGvHp49vuS8Onj2/dCWubbWK9wXnGNDNPB6jZq8RcrgY2rg4qGVI93VC7b+8PsKuUONcYvSraX0iotujCG6tez633gPcCbGdUm/eblckGfhmeFCZyhlHnFGvkm8kLAEKUH4VwSppADGwmJpbrzOdc2SyNnwulqx7nrvhcNeHN+2pZ5T7SIt2Bp2BRX1BVEj0oV7quIbVdYsN59sttW9PNMBFnT58+OUITzv/65c+BSedPWswN+JbHcW4xk7kvTrkYl2uF91w+M1c3O4cQwFgoNIAOUMxUBfDLRNYA4m0hs6GBeTswCw4xezpYIskSkSstC7DOCEncQiFbhju+waK1BdloCeLzjFt8XzN9BdBLtxG29BmU9aIPYCAHLdsQOzbfnt26Rg5z6l2FAXL77Kx3Od3NaF9hJ+/W0YbLFRv2RY65D4b1zO538sUGYAp7T7F1BqHcNEanZksU2XA/Cs/hqr34EE37UJjcsnZQjRd4fCLKTiP46W3zWlROdTiilvts1CrSHn6cazYJvAc9jSON+X769Em879LTJ203bz3dF29cQiOONs6w27bOEo4wiAnfF2VmkwECK6xKpQdoxSeYYVmnPwBTjqUmemJsDvv6f8G+Zp+hbqhX2NrHCDH4uA1cY5oAUC4MHODkssidNxb4vHxGAeeo0OVb4Qh0bSLQWlx1LZnNdUUXDAHfCD1SCKHmngn8g2TE9ILZytd6IXC3t2VDSzqZhdaM3fKlkNrzKoDCNNY22vv2T7cek2oxb13MP0WFtCO+ZWyFYnKfWZifLPwa37ba3ZSqwd6xBED47dT481LT6NWaGRJmUcArXncMxCs0wKuo9ULnQ3ZPPZbTglSq89B1SCs7PoFnBW7GvuXc/MKZwh1cggJEU6qw7rie0hw+5+mguonkUERk6bRwkA/gtCJiXNE07VlHQstiVRkJDAQOfvJMnsHvjeISkQIUoWfn9xDI86Hm1SjqgT2lad+sT8v+2E0gCc1GLNAHurTHqTneXU50JiaVctVBp1HD6zarLZIHXwLB5DV0twl0xxWS52uFtwxDClaOvqc8qzJ0G4SzGeX7ux2bjQcYnL7XQsWUqr0pQTagzAmBaRjU5YsmdEDDi1AzSOTLGbRhMq9EDqFPio2LzMzyLbAGFD+Q9g8IvylDVKDwOXA+zUJxWOtWktDcHGj2GG+ZrrpvYKfz9R1EdZQCmqNBAM7XoW8CCLr/laV9gTRlWC/UmVjClKJy2XLyhKVyqvOH+L+vdwohSHcWVT52c9WxlSxccrY7Fc23S7SMlODUVCxs58QFG5XefQhL8YogY5YulUb3KkrCgyohv43xqq1VZdeGseO4D4M/qkmN3nAO3olfeZbRo2fDY/KIX05Fzv6dnF9+Ivhv8uGKnJzenGADKVfL5zF5OZ9n7Ac2+ivXR8+Pnw1PhifPyKO/fn/97u0A3/2OJXfisYtFOTo5HR6Td2LEM3Z08uz1ydMX5IqOqeRHz4+fDk8O1jlJNhHOiKzfXPoOpoot1qhqvps9/ffmStYpCdy4w+P4JGKvieHu5hJZY/25tIQ8VOt+qNb9UK37oVr3Q7XujrH0qtb9J3LNZnMhKViiPkN4L9Pkm+ExSamajgSVqXL1SYbuE8igKJQmE1G6uhI1XM7AAwZlBBZcMaKZ0oqkIv9ak6qBbRktxaj2zxScIZrxMg1mTvX0zJ5YEEnd/L7WJKUbRvmyP5CyczOUIHFPPrz6cBZrVGbtjUcsUUeYvHF08s2LgK4arvblb1nPem8We2Jbyq7YPYSgNnXdBZOsbGSNEdL1AX2ap+b2M+YZM7N3xLk6sp5CmiQC6lNky2GLnj6cU51M1x/Qpfksplb6ykgE3YznZeeZNdC9M59tgo7+vBE689kG6FCXWR+frw+VQQFOMWrBJVRkdF443zpDi2s4LUgbK9gDaWz5mkgtXxcyK7cauJ57bYCrQvKEakpmIi2wKFehwCI99EM+vaiHHe7npksmcNR9dWjAonj7qlRm/4J/RVCcuy76iZjNRA7flYHVzgwElo3M1hWx/Xe+Cu+hgVjVfMZ+rVT0plid8YmkSIZn9URhi7bbEkQA/eA/oNaaprP5QQDcKw1mJohLlgagUdkO3qvsZsXEnEanz/WUnB6fPB+Qk9OzJ8/Onj0ZPnnSw25QklR1CcWJysTEVuAB3sLyLVBTLBiUpmUxwrYqQrYt8xLeRXNzWQ9LkznDZCWMe2HSL6JTwsCsmQAxrl8wj2L0M0ucro9/3KzBrCU3gQRzjfuAhVy8fUABk7K2w/1bRQuS1+aj2n0KavOkKbfFj8ztCjIAbGYY4CmD/dtaxtXSrTbJ8QDScKrtRszEpNqHb8UEjk/sopuv2pOZez3jebjlglnMxGRoXht6buEY8dXO8K+KHZwNuGu5xoYUKyppGtr2HNmgdsRKQAKRJYY3Vc3DM3J7dE/lUSYmR1ZEZ2JyO2yO08aaWMvwrgZrA/ZdfEF9yML2LSzHTY6qMPQIkWI8Vky3nVybLQPCtEfAXEhozG/WAtN9CNU1Qmy13YAKzT47svgkF5Ld0JG4Z2fkuEt4dpBm+dgdTkAQTFBp3nQ8XKNOacnobFfrZ/YVQkQZbEhwzaopz5m0oWxWaH6tdCoK/TUREv7NpPw6JI/n88LeGjabGACACZA1bqo4qToQalFysNC4ZaBEYZUoWuJwRfRvMV9RYFCqvU4hchV2Un9j1XYrlmOLYqbtpjzOugd5YaUr4pswpcmczxlwAJiCUQ5Uh2PAEZZv1IBwjZFqlQkOewPYuMjb6sS/JY/KqEGzuA58dewayIF8eowz4tWNthFCIS8uFYhQrB253N2+tQDNlV7SKvUUa3NyIblexklxT3dGigPotYktpVqcBGVuilwvbzI6Kg0VOzlVpsWM4hYFxcAh6l6UvZPhENXIKIuUY93rXRLga/UWfOQsGWcr1cO2Mxg+dRhiSz3Vej7EAoqKDVlG54qhAFjz1vUaP8Xt6IKG7E0FtFKHBEq38izjRjqJvKEQhhRZKXGTsXxS02xW03Rujyb82E3D99fXlxU1I5HWF3zNHhxRJ0LMQN6mdMaCAEL2+mpNQ1tNx8+YYr0sZcghKdXUKC9RKHjh7QXHvmq14CQTRVrpwefmTxdHA2n61OCNq8Pv7FMUnknwqTI6W1XHgqbpDbxw40C6DSxkq/oMH5gNbm47VY3sUjW1Tw4/d/Pb+3A7m08Mt38nxCRjOOLS7vDSTBqWgslS/x5WKW+aDkvCYKgrZr32chs0V2CjSnTvBlgWfeHpapg9mKwGtbKnRuDaWiY3nhrWDdZ+ELH2elCtVQNPlU4rhQ+6+VXHesG1uecEe3zXBhEzsnpBs6/aXZeK5A4Yx267V+7vCAvjMyguUa/OYJ+ZDaSmQuob1CCrg47myVRIh++w3HItNqKSrD7iNczwBGU+rGO/eXRPdTvwG3JE0M2qe9SGGH3hAODK7FEkwCiso4JnmsQ6iFekdB4UvSg5L3GGiYxNXKBxqQa2wEREus1EK2i5gJlAPKXBxHqhLct+j39FgFzkY+Ezqr0Qmc9dFaShx5vm9xhnkv/+l8N8V4yYzBlm4Vv8f/V/i1BRPS9PsfBIqoASH3v3Rqo+WrmZAqLX21Bzke6AobwZmIuUVBK9jqrYdtt6mC5FSj5dvGoigpTGOU12N6gKYhOZSBtxLVsiEylrmcK+27EfIoRGZnTexATRhNjScFfoPJBxnLsUcR7eJJB2XWh3IOSjeBGulTB0TpMpO63Ey8FL/OUgLl3sU/LO6d2h2LCmqJhYqDCRdWzrDmFYHadNgKDztzFp9cig1aeRcuZ8J8UdHea69spPR/VDdepkkcCUNROa3QT1d7qWdQWdQCvW5/dL9WAjj/AgjZJjLpo3ytyL6lVeSFuBFOK5rWIfraAWLAyQJW70DgAQVo6v34I76YdbcSPqKaaNuv9QKy2jmqNQZ0xPRX0VVoG0JgIMvo1AaCab9yZWZsNI+GxonbiJBSD1pDr2acWwuBrNogu9p8RaTYwKX6gmnArTmElZi/5bc96jMIIQlg0YxXn+60vQzpHtmOoyiLTIC9IIVG087iI+OoAWOFX5qyqWYgsscTAlEi92YhskUTBeGmoy3R5JHExrrOVGOKJQovG/GyIQahgz5dUR3exo9WsxOXFUu+GBWiROFNVuFkmoFesUE86bYeoS8xMmWvSGTaRKR2Gq/qRbt/eEieEKeL3qDW2IeAXEztJiG6FshbSqMtVG2LqAddeZ2ghdO6g+pZi2GWEDYCweh2yiz9uM29LNiXo8wl1Lf4dg6N3p7lhfHx2NVZEmDV2GsSlxlIpGvu0OyGiW+rSNvyCsq4wJQKedmbc4aWF4R0ibF+axBmGZmExY2j0hYeNe0nV36YHR9dp0HULr2PROsemwHWkdWeDbCvFtvNY2QHQuRVokLmahPs/ONlCkXKe+aQB+aLEMoEXAtn6TCuLf4P1yl/U3FTjEZB1LQX2n17CTDrMBhsSFU7yFjHnL8+Iz4gePORQwo1nm1wdORQLNmFlKoMjGiCW0UJEy+fDyMqcznmC3CyqXZLS04KsA2P52iETI9KYWWtiTfbqQelpRlt7QorFVVsB/Uyaq2xaT2qYzQPhNllrkF6+wNIgzzEBgJ0ST1Av64xRyhVDjpOZssWtSc7YoSR16s3bxqlbapEmspAkj40IXkpWQRTVK8xMW2GNc2hIEuqq3/Sjjd80jecRsfq8UQj9uXzC1rj1n5XrZxqB7WLHd0moWrKJ1SC50vQaN5qxWGoq4ghxa1BZstPSBRYeg2C8FyxsX8m2OEn9jOvDW2hangSbJBicy5oEkoHhjuBBVSiTYugOq/XiRPTG0zeO6j4LyKtpAugF7n8C5ZrOtDJ4AACsydE0QDzN7e6IxX5XtoVOeUM2UjfCER6IoI2K10DSr0zWMQOXKvcUV+ZVJcQgdUP6dUBsDKsbkGOonQp1Eu5nGXCoNQFv47nj90SFMKidwYjqRaPMCE5plcVRyEwu1ZKrItBeV6HBAmmhijexjyrNCshZxut51fZWR3zkkvmPi4jJI055QKNCVhq1pblHxGRrNw+j1tw2QtsDXhzxbVrUUccCIJOxbM88KIzm5n39TL/hBUB6mdUbakS0iru/2mD0SCW1sKZFN1rpU75YiCPNsI6aPSWGn5CDCjtnpa8nZiqrumtFkHfNOvE78WvOT9agbTzawlGw1RY1y1fbmVi8S6y5wjb5LERzBO5WfN3ZPa9ai7X1da7uJxQIYAgAHfuCSedvPKa9Sz+9/eP+f6r+eHDSudfX5rvIrUva5G/OFeQVej+N0aciHmil9CCkP6+LnrY59i52ncdz0w3eTV4vRp4/j878/++blVfLL6Hyy6I9eTalMO9GXxffg1TgVx/0RwiG1+aW701JHlw1fYjgY2NDmrTAVhiurQVtjvGYpaBF6gAmMUDRWSMLnN9i08KCGpZoJ81X9afuGLzeUwb7yan7gt0Kzd/Ep1UQkSSEh3h+LfolC3WCgwk3Kcs7SAaGFnppbI8rLG6PGwM+1t/DPiaS5xqLXeY6pO9Hf3GeazuZGHbkpM4Jlkd9QD5D9Gz9on7wQ//rTiMu3eh5/AMuLl8PcWHjyqPnEld36+Prqmry8vHAfP/a5pPwOE38SBv1SrIZWvWau7jnLHg+wKv4NRFs9QptcYtR08zfUZUh9Oh+3z10FZ+N5C1MZ21nQsxvXMsqak9ZO8Mm3p8OT5y+GJ8Onp3GSa7p0lQjD84TPG863JqHlm+SRq5v6GLcMboDatmin9abcWOtPbi37uY1WXw/DT5BSw0fsM0uKzsm0/SPPbNX9oxnljeGsJrUI6oLF6QTuZ3kKahX59PGilaijm89zmtwdKZYUkuvl0Y033f3N25ViBbzVW0A6XlxjFs8zRuVVIkWWfcSv159Di/ZmJNLlSlrNS41yCnxMWG4uWx2Umg/jtAUelyqeZC5ZQ1fe8ugtb73J5jAJ+e7c5fTUQv1iKH208ylVcS7a4LJtLfllkywtDGGAYt2b7f6ua74G/N25izg3kiJKqLf8Bda4uFEsaSVtnAm64T3pvEZJibCqxuOMN/9J7ym551IXNPOD4+OEq0QWoxu1nI1EdqPNnoCcwH2Ng1zSQtlUXp67xECSZIxCXYdiTpAWArRErGc1wqFE1RcgvAfdWI1+Fd0LRu9uJBurG2sUBfr3SPm1oVnNjS5bYQQyMDqQQQvmalDtpM+ppFnGshvJVELzL0W1N98zClmPJOP3zIangzE2Y4TO55nVMiCtXov5vGk08939VKmbIs+EzYP/AiNBbMAvOThAgIies5/MCz9dt0ljTCj3pPHSOufPLz8hj1t+YXIs5AyrKzgBFCGxXWSTehRnfJLJyonuORDzX20QotCKp3gZwUp3sQEEyei/AZU8rxNJOqmUjGZfgsxr8GnYdPE60VAo2/bnQvNveUrBtQXKlYAfj+dcTeMm/Z/vZzeyyFu2YPtA+kSBcFfK+T///s5Sg5Wa7W4bYLFDAG+4HFXuLuceBpaoG/D13Bgp0yY8Nqb8OypHdBLMpsVqPUwGq12GmNCoyq6I+RxOF0fzrqfYkKCFuDNLjERZOjvp8mpghSRsFHrz3TkE2eDRO2lBOWV0Z16j7xmdQ7PypCzQ7taF/7q2Lmu+ubkbtQr1ZuOhnmSScvOawQMew/h3PBOQINJ+0JiTaW8kfVIQlkPnHcT4sRMTFs++2GDhPmSpC7mDUjlJUsxpnix//ysIiyfGEPrhjeB3sJytc7p6dZeiyCe7XN9/GIB/8BVe1sfwO1jjjnmNU1cF49QKj4fmmStMTXNFw5oOjraq483xGy1E5PXw3RDdWyhFZd8LLTuV1UcM2TAZzobvmKavqKbnklHNwEF0hY0dwi/bDq6o5aZOER5dMYBN7u+y0wDTdO2VA1zC787bzV1xU1f/HIhSZufNC0pISx1TFxUdkVulNrFoBrrtHGG1nDfinskpox2V6g/amCu20gGicuNkYhEGztZ2Dj53cXFYwLbugG7i//H0+OTF4fHzw9Nvr0+Oz46fn508HXz75MlPP168f/OB/PQjekoRxNASMYTWcT+RH+9v/v6f05///hP5cca05An4Y58PnwyPDw3c4fHz4enzn348/glUwh+fDp/N1E8D+OMGykCpH5/C30ZxnnKtfjz59umTZ+an5ZypH38aYEES+AeQAG6mH//26fXHf9xcf//6/c2b19fn35cwwFuqfjwx70Paw4///c8DoPafB2f//c+DGdXJ9IZmGf45EkLpfx6cnQyP//Wvf/002EbeQFi37BY2E5uI3sYN0ckeMx2u3moRYya4gxJQ0rku9XRro6/6CrbR9+T4eKZipNQyDko6zCp2EWKer7M12ocMfNKB6kpTzWE3rIOvZVweL3ahxKAO81YbzjojrzlmYPGbetPNmGjoXtc1NskaswRlD2+CJnMx8l6b1+xY/IC7HayTJ2hWbQfYC646nb2rtlDw9HTNzeikWxcNeC3jeqdIURyuRGvWnrMUY03aCDhdjwApCs1rJ3SI+yO+0bbM6vjk+/86/dtf7r79efF0oif0jc7X2x6840C+aOuisaag7ZYA1x1bPxVJFy5XDYnOpfi89KLK7C8t8WT2aXckWQWUrB9D1tBMxhIqLab1kMkAiu9Fcx+QR0JCDzhzjXhsAxrK6A0oZo42aBuOUQXBRHo4jWhytw4R9v0oDQvoxG8LS2lBZjT3SnblzgAnvGoaEYrwQW+CjK7mSnNo4YV3eCiRsLKOJ2ls+AXlunQeBRH0AV7c9s5z5Ys8a8W1cFxB4XsquSiUERQFaxZ8AYW1QZEXs2TA7Ywml9gSLgVTmo4yrrxi47m5RNfvm10Uw531RoaafITIel0ViDCacW3ZxcvpDEoTc0UYvjXsSRBMGUz6flZyLTrcDrPz/lus48B22YUEK4Zte3sOwe7GHpNZra4NDnG5HdAipxJJIzbG1sBcYWvg3K+uA4j6Euemdv/UWUxfKzLJxAjP/jXo5GtIWJSqtjMD9u0PJfxKmQ7pzzfNTOcAJfZcsC+55NrRknz/8hJOwnobiOZYQXlsMkxdb41qmuEKTVmJ1uqzbi5EbFcxObOtm2/M9aV1iOcix9YWlsEw380cBjyvRIz7HbqHRWZzFgbGrx6O+QADuYJT2zBU2VDn0fX5JRESCnU97joDWuV+mXHjRBPkO0ByvPc1ROfdl2wcSR7re18PYwTvO2NW61suETkE/eY6oE0ERDVXxKwUMmbdXBvbbCSiW+2OyHIZd0ilFSo7IHJK8zSrimc6JW2HtEY6X25GqtI8yxxbikD275Bce8p10fvep9SdpPY7aAEqOcsTN6nQXsJSBWTKpQ0Us1/X9drV9LZWywhvXNGOp1ZPSoWrjtAMOF3XEFcLYO70ZrQW47DZnDnXvKzGYURdqKzYi9TwqzrYYC24IveckiLnn4kSyR3TA/u/2B2HK9emwrWnaA5qLqSO3BablV+Cmi/w1VeRcqwoqeJ15+swEaKTuHm8vmuktms3nLkreE2CiFml7YnYxkavqld8Y9EW/LLm1Ho0DmuftnBgf3g8Uhm1nt66dqzv2imtuAWGfN5kR7LTNNZ6CmvXYd2ZutpeBmmd8lk9Ey7XQtYBaUU+5RpoohBW57OugaENyKoM3nXmKgqiX4Ln+iNpLYE11bp1X11mzNwkaJr6v/cVPVXwXkRkuOqd7UeXDZaXLKOenSHoZxKROut5jdtKh9ZIAaT4LmTCGm2jkHnd+tGhO0RmwmMmOteFZOlNIsQdX7Nuzgd4QjNyYID9GWonHBAGuc22WAOqGjRQQKY0xRMYcbp7RllUtSfFU0ZTJtcshPCWKyiBYD8uodWJIGnB3AyjBK4umAf2o+plhHYA68RmNmjavwHElye4EEYZtZkQ1J9Pm99uwqZflEGsTj+FzELL5tSxCRRh4Vq5of3GfIK5V/3YBN/dMZd4fEIXLjP1JuONCJCaCcAGDPtcAp3cfIMfVuvTU5EOgt5S8JHr+Ov6k68kuoN0sHbixe6muwoNeg69qZdsRjlwSGmusHeEgbtSKK8uTNRK6gKrXR+tqs7LaKnrfYDDjFeIaXO+BPd2KREq70FsdlbLZZgXMOUbtheFvkmppqumaF1zcOUCUebqT6FDVnjODaDnOihX5ktDxfZj2uEwQppxncpydfbAeRQMYSTS5WNCx5rJ+nr7C7zOKMsRJq36jLnQQqgdXAi2uULV0pZqc9kSsNV3gmMbgiYJm+uQ4ZNMBDpQiyPqd0Glde/yhOcT6nl3L+CHFucuPuz27ZYQ4+u4VnmQlI2KrUo1trV3sAMB+GuVha316AwJ2yhX4Mq2VlVkAW21XTSokZyWTOtTWFkt1hWY3R1xl0Ipbm7OoKVgKcsDmLWDATnIheYJM//yo2YG5GBBZc7zyQGJFO0+SCTXPKHZwW9dV7bESPkW+dErmcyAf+Cx/8d5DPK8it2Y0eJsZjE8cNr/Y5zmDnKu/FP84qp/3eaLi6sy4SFo8u8PhPP2/m4tVPt1khs4SFdE1376OhkaNujkpCCln+qid9ekHquIFqxi5Bmx4gy04PmT093j/4HnqVgoshK/u0LHFNbtSCgrtUSU2RaJwDVrN/JuXpefa1uIx+jJrjVsZ8ZtPLRuB7TkXvyKvYiCo9TF4rk9ZO1FYRf/uMknZqLakkrbF7uqsAm2KIW11MrLItS0ofkyTtcfqCNZg+zyOvx7Ih13U49eapZ5W2rWtjsxao7CGOjfYUM1868oOEg4sMVaNoDbTHpo9eeuN7WNz4NaFRv4uLp74HU3Klzp0mphhL33ePty7er22XTPdW9cF65Qehj9NuCVh+50rUgeutM9dKd76E7XiumhO90GiB+60z10p9vMKrF+e7o9tJe+rnyDVVRqm1EAsLcqupsZBCxyqJTc4/K967Hbi9SqsVvsOx67Rb5y7CuV0Y2H70cxtNkyWy93caxlrul3r6/XJ8jdaIEwxB2nq+1euPFUBJg/fXzb2m9mxQ1kC9NgaYnossxRJfKb+VS2VcTdjhcQPkH4cRIgd2sPVjCw1Hq1M+dCZIDy99iApxTFsWhlsuOIZfJ/WeOdh9YyfVvL7HfdEElkj5G1tLut6TAoVlDxm7bauaPjOz9c5q/m7xZXGzyr2rrGvGoOHNk+VmbLpqZIbCYmEPbYWw/VfMaUprM1hawrhAqfVqFpDn1czMdaMlflLH54+fF9vXJWP3cqAv6tIwVIIBZjpeO2OlbPS0+8Vw3Atgo189/Wf5o2OoNsOnioAQ8A1yIBuqTu6nAn5BqarvK8g996nKaRaSG7ETy1WcIesV3zRFZyK+latJ5kEfLOJrjPqayaSxrq2skZF1m7MWobWqBLZJFlbnrqq+mENR/R3JfW+EOLuMaH3cGNJUTyhxXYOy10/Fecs9XFjuvlBbbEe27zoQGs4UYkpPXeWu/mi6ixWH/tEf54ExJnGSoTE6Wp8nvsuZ9amMo97mYrDy7ZOWNZQt96hIbTsE3rcze8dWxXuz1Ty/sa9JrOD+dUmsuZ2RgxRF3KxJa31lKVcOLR4h+4xC6Jt3rISXorJk9/xtdbtkypOO6QRIRJhLRHzKJsiVbrhNdVaH5HCxfPx5dFnmOyjUHlEWhmdwV5mZjcwDj67/YVNN6xpe3CnxUMw8UnWMyopD0SbFEKvUbJ1LU3XBPEw8562FlffGe176r1qftIFyQtZnO3ls7ZGEFSetLBMrZjQ6NfKgoRdOHWze6S23CM7VZX4T4jF/m80GpA3kCvUTUgHwptfjE8dS5SlrS1rhDi7obnsTKjmxuiX0NFXqgyAv1KbKy5M1H2idZ0dOU0b0QQ7I0sQNZFlV3OOZW0JZp1fY6+wi5bZZt8j6RE5GM+sX3RVhN0Ez2ktju/Dv9nSFlAEhiTXbUjJCVyoHX9w6rGM5FPRDryNGP7S/849Hfmg1d/WR2LXuEi68Sjh+qrh60RkF5foy0P8Yjjt42CGBUrUiJWMaf9pjpAY4d3aUe7CH5uE3HdhqoVFL0p8sSmwCdUs4mQ/FfbxGEFcecf3r17+f7VmiTmjR3dQ/Fhn/VKcnjONc1TrDO4FlExsH2UDGuD6TRfeVLM7c2l+iXzdua75dXf3vbflwYVfBLuTDUVUt+gNDkjWhZtt1uHnmyaPNJCAOnYsbsP1QgJWT9i40taylHFu+FxhXL9Y/clRJvjyJ8NvxmeWsXb1RJAjZKnQ/JGSPueDSVQZC65gHR678sGBpg52KvljcNVM+Qtbv8V7gCbtNUx0O6rxm/tD9jhJXIFLxsMa7FyoboLGMYHisjMt1jbJIE2NmnV9KEl4kV0d3+OIzNfuTbl7p7TgdqtAm8JfWmEF/QJYmj0S98BIZi0YATCcNd9CavKAhU1RocfbNWbMBPJ3V7opTNR2BSkkOYF5dC2394NDAFG+oxYFVYxNBAaUFFL5mqr8UqxUJDWtCPRG2b+GOhVFSCrtndsHqDGCEWes10dBhGKVELzfgS1nYLbEAN1LaszUtM7llcy7vbq9XX19LaLuGZKT7/YvbK9SYvw2OXMe2U9L16VTG6xW30vn/D8s6fvvTd/r6fvwScb6nsOPdlG34sQQDr0vf1kDFeEbJA3/AdKcIzLDhfXdmMuOFHy2zOUcqYXQt4Nx0IuqExZWg/X3W/62X5S5X6H2Y2dmRr7zFz7cvl3e08lbE+T62aUtmSZdo58SMhrRfKQkPeQkPeQkNeKqZeMecjMa0H8kJn3kJm3jfa/vrV3x0EQ2GMIPTiP2HAyRJIGxJWfetzi7dzZ3fOytMayXPMxZ5I8urx41YJX7/DOa23LDm1bxHRZYnNnqM+9Dhor0O/eLMz8rlLuYi+UM1G4q/0HVfZVjQC1l2r2eS6kruwztxbObXdyQoWNbB+UKJkqstUlXju36GwmcrdB62NC+ATbQCum+27U3Sev+SlQ1oo6pboq04SuEwh2iTMTTSJHxxZEvRGS8DyRUF6bZlCueEBmVN5BmJKe2pq/VUkpmqYNcyHB0k4zcc/SIbnQJKE5GTHo7SbG5AC+ORiQA/vOwcB8cKByOldToVvq402F0jfV7trtSniyyslz8AsEFbUsl+MtkHDl4qSaYe3vhZzRLFuWgJp5SuVtL+efweq9I1H0KTRxWu4CHvLN80TxPLFRZ3ORTIfkk7Km8ETM5oV25r3b//AsoonIilmLvyGhGctTKqODKTZeHRsxI5lNiyzd/xigkmWuxRGfMbDBo1XM7ne7ZKW9cy6UnkgWOrkv8ce1Pd3VdxuaPwNqyOYBKiEh+45Rqdtf26bB/fe7cXXzGftVdJf3b0f1q5VeJdov40+vlKkWZUayXaoxkrVhinhyKxc6TWc8X8uB7kIqG2BLkxXVdNRMV69wzpYYMbY2yijkfqECb15ev3y760CBNBbz1+XyrOh5cjw8XoucVy6YT4wJXdfBVeG9ev329fk1+Tfy5uOHd7CG6t/XouNvcJCWnTx+44q4kqVBTdyP5u+WswCedefoOHDkN8/8QmJLqdxTKO/uKnjtBedcvHKnNlIVa9pYOaN3HXRvIIb4XfXWITkP1NPbGVWaydsBuVUZvWfmH8mUZ+kteWQ0gI+v3hy9/PCGLCR20YBnjwcxHfjWKCw8Z9lt/7ikXeU/NIYFKSlmMPdMjoSCcWEh61vQv29t8eoWWveyGRtQdxjKdOVilaB4NzYZvTcqrtEWkAXuOSXUOSCD/s4VmM7mTrN1atz0ctnPZjRPCYPg9bY6ve7AGO6szvP3MFX5hHANgTzQ3RxpsHo20gXR/InsjpvfqfSopEbHYXXHdlj63WC9Y8vw6ucmwFx5uxeHyl1mzUL4kpwU5pBU2MIrTlRCs8yQZE80tVSazbwj7Qp+6H+/QQAb3mtK7GSbuI4YCaQrsKMIyvdun7HK8+IzQK3CzncRxrvKYfx1deP+Ogp4b6Vg51JMJJ2tCTdotxsF2yIRVoOsf9nnMGqH2pWKGLnerB8BEoWsVN0DvK6jrTOopE8hiykjV1ffAysbhcSWyrKF0mp6wsGcKmUE1QEY5ebFKOPJHVse1K1c5fj4JKe6kE3fTS/Cys9rXa0RsZFmbYhTKebzZrhQNcORB71IqkobgiwwU+d3UwcbrdEpxJzl2AhgNmMpp5plS0dVS8RUd55kt7MLuQ6twVHDb2sIch+48Sgp31bVqGK4Btjg6xYMMZ9012Zp90uv4Zle5V9c3zu9ln96I/QrofbwUm+AuANaP1/1Bji7AfbxWG8ywx3g+vutNx9tA2j8XClS0ftgWeX3QdVHYUumBNT/e1A5XdqB8wcarLdO8+xXDKnN847/lUYlSHV4/+EanBRFKpo9Z3uK78AfaqAlVOE1xoAtteYx5VmzOmKpvDW6SfXEfn39Dy9/I8DI2+4OnpRdbHi+J7bMTcolS7SQyy2IiOhC3jpJIZoHQS8aNZUTpm1Oi/AuMnUC1YLrZBrxrHnJpLNYvct+U1W7ZIMZwJCwIsrZ0E3TuCq71z1nEW+47aYiIsg6jbMuLwrS5rPU84nmbIFqb5suOGWROl49kKVsTItMI4AOdC14o8J6tXISj+H2VrxxcekNtfFlqeVsBBP4ywca5VB46zdhUYd5Qx7dcP1wVjoWcEeT7dk19pVfiaA9m8eDmaEG9w9nZrCmOC0pG/M7zxZ3jb+sF2xgP1pd8qLCR7axvkXxkd8kr8qRskFm1R6aH5z3a3zQ6dVd3xbuO25du26lMBCrJbCoM7FpY2s0aG8QuAb1YBZTlpMRVTypm5e4ipQfD4jbRzDXBVYE+PjmnJw8PXliA7v0MrQutez2h6YF66SE7bF/xG/dMOEPlJBJ+ua/bdviAUG3OL1as9V2VksQ5A5GXmIjxmG0W0L07oqftbVQyIX22igICT+sEF3rpeetM2I73E/VcLFXxK5GGzSM2KhBxIpkwp02hphPl4onNLNI2wtIjwqexXDuiCYA74iqWLGjvnZnMlxEdqxBDMB2AnQtojrT5rYkysDehKjuVMutVw7Ab0JXZwZUO1lVBbKpjFleNtoGfejtSPXc6ZYUcyaxxAleVrsoWpETuodtsB51X3o/rEXdhgy43yVdlafaUquf5yn7fEbGNGtE9Pak+YOr/eopAliGZ8TGQrLysjxaEp5PmNKH5s1DfLNer5JsnAvb9yx/6Am1xqyRh55QfafooSdUBx2/255QcUrgGn4DXLzDS65XcQsxqCj6sRS5ZnnabiPaLKzX38MOBwid+E2bJneGiDYjxwoaohQUsqz+bsFbZ6gzfHCwLWK1oa/+/wAAAP//j5y6Tg==" + return "eJzs/ft33DaSKI7/nr8CR3PON/beVuvhRxztmXtXke1YGz80ljzZ2UxOC02iuxGxCQYA1e7snf/9e1B4ECBBNvvlJJ+r7Dk7VpOsKgCFQlWhHofojizPEEnEVwhJKjNyhl5dXH+FUEpEwmkhKcvP0P/+CiGkHqAJJVkqhl8h868zeAL/7xDleE7OEJ6SXMIvDuS599OUs7I4Q6fmzwge9d/NjGhABg9KWC4xzZGcEZRiiREes1LCn4JN5AJzgkguqVwOEJ0gnC8HSM6wRAnLMpJIMUApkfofjCM2FoTfE4HIPcmlQCxHGM2YkPBU4jsi0JxgUXIyD18Yolef8bzIiEA0T7IyJeg7gqUY6lEKNMdLhDPBEC9z9ZlBxcUQZhBGNfw3Oy4xw1mGxgQVrCgzLEmKFlTOFLGYZgKxCYxRzwUv85zmUwVV/ajI8QbD0WJGOIFHMCw0w0VBcpLCmGbEHxFaYAHjzIdm0ieMyZxJ4i+DHeoZutQoEyyIogmGjCaMo4xNxaCicaiYAFGBJjQjY4LlEL1mHJ1fvRsgKtUDOSMOfjgss7y4KI7UgGhChh4j0HzC+BwrTkEpIwLlTKJkhvMpQXTiQAJzUIGE+kbOOCunM/RrSUqFQSyFJHOBMnpH0A94cocH6CNJqWaKgrOECOG96KCKMpkhLNBbNhUSixnSY0LXMPF2CuWyIGeaw+2k1neJv1MUU1CWu98Rysg9yc5QwjjxftVg78hywXjq/d6yd9R/f9egA/YZhlQgRPTqnqHnw+Ph8SFPTuN0qv+/DyLfK1bppFAJAirUcmKgwmxpnKsdM6X3JEeSIZybz/Xb5vGMZMWkzHze0GzO7cCRXDD02vApormQOE+IQEqW1LaaUMjVfgtgjUuppEI5xzniBKd4nBEkSIG5ZlMqUE5IqjZgjhYzmsya6AKAlnkTNlfIJ5zNI3NyOUE5Q3ajwTToHWh/YhNJcpSRiURkXsjlMLboE8biy61Wch/LfbMseiy33e4KARISLwXC2UL9j1sHnKdIzFiZpRUbjJeenCwFSYfhlOVOdLkVqN5fACyDZkyqV0CO04lilABcO9MEDDPHyYzmJD79BkR8DWi6jxX4lNNfS4Joqk7KCSVcL4faXjAPj+gEsZwg8pkKKR5H1ueVJV8JdX0IwPcLuxog8mkaHfIL/HTy7Pg4jQ+ZFDMyJxxno9jgyWdJ8pSk203AK4tjmznQIilFuTqOsmxpDiGBcMKZEIgTITFXioaSD7ea1Wl6606trsmZNBWqMRYk1Ke+q34x6tTJanVKgUGCSKtKqX2VWTVECyfFw4Z/JSv01MMRLIh9Ub2SsPlc6UN6uAqKWgrQVbQ61e889Md48B+SztW8zYuDxhKnWK4WSJz8WlJO0jMkeUliM3xwenzy/PD42eHpk5vjF2fHz86ePB2+ePbkvw/6Mc9LLMmRIlPpWbmnZjFOpzRXuluEW15rHckqmtKcZ0aPjQNUutmU5IQrmAMl7wKQSvGBL6h+VR09EcwfzYzoSYeDT62Vv0RN2Y+nYmPJU830T/88KDhLy0TN4z8PBuifByS/P/3nwc895/otVartxCIRINLVWS/xFBGczPQwWkaR4THJ+o6DjX8hiYwN439Ifn+GqoEMlGqa0QRriieMHY4x/1e/Ef1Alkf3OCsJKjDl9flX/11ovcWOFKcpmhOlD3iKr2R2/dC1PgFBCzbGUU6EJCGv6NEp6yTLEODXe1hIplgDCzvFXcL+NmXJHeG3cPLe3r0Qt2aKW+Z/ToTA075KhCSfo9N/8IZkGUM/Mp6lPdmmsdmIpcVsAif71CP1pnkc07JyxOSMcLUgoDxE4YVrlrA8wZLkocBCKKWTCeFqa5slqOStVBt5wgnJlkgQzJOZ0iKHSsmbl5mkRRaCMviFPqBA71taMhI2H1Nl79FcMjjFmsOza5RktGGnX/i/9TPUzw0gJdNSMgHsWM8UzamkWDI4YTHKiVwwfqfmKCewn7QurpeKkynmKZheygRjuRh4b2r7bExTyvUPOEOTjC0QJ4kSD9rIvLm4MuC0OlxR1iBH/aBe94gB00KQPNWvX//jPSpwckfkI/FYw9fsUHAmWcKyBhItsZVCUEPH4XAiastZG9dOhuQ4FxgIGKJrNifORFVcBwcx4XN0YI8Yxg8Un3EyITxAn9eGI7TpbB6bw1uv4Zg474LnRAG0SJGST+0KVsB9mrXkNczi6wWlKGH4lSuD5oqkX7T41I4N46owjiQUAVPNo5JtFTDFLXpFDkGcOEm4mfVNi57yKXixQ/hcXimZzYlwXhs9f+2iXu1Qxt0+R5dX90/VD5dX988tLNImZAvGZc8RZCyf9hvDFeOyk3on4nGyDwvl3flFr0m0ZKRsjulePCiGLzWCGva/oHdEcpqIBj3jpSR9FY/aqrhz7+TF034kfqeQaUfXhLO5v2WVpqR2teeeajIQ7KWtqT3tyVkaWy9yG6ROiW9/m9Pq++DH2nG1gprvCXOeZZyjBHO+9P3KGImCJHRCE5QxrfAhTrQc0h4nED6hqsUVnaGfknB6r0SXGi/OlYgArMPG9PpiC3miy/vJabeGoAB5fOkcdMJGBaM1gjvmB6G3LJ9SWaba3ZJhCX+EXhXHBF//DzrIWH5whg6/eTJ8fvL0xZPjATrIsDw4Q0+fDZ8dP/v25AX619ex8SidjOYkl6Oao3HVqJr7ecWYfIejw9oypPeMyxk6nxNOExwnu8wlX+6d6AuNB7C20HqBc5xGieRkSlm+dxo/ApouEv9WkjFJovNI5ReYRCo7Z/AdyyUnOOtaaCrYKGHpF1nsy+sPSOFqW/DzjsX+EnSaBV9J5uHfLmKUti13xMu3MYmfBOGH1iTx3tTWiBWiA2Q8wVqlZBM05TgvM8wVxxjjihN9LAy/ai6Xdns677uWLpTrwyQhuSTcWAqTjDGO8nI+JhwuKcEXZHVyUQOtScxQMVsKqv5hbzcTy8qiQc57Bn5z9Xq21EYpzREuJZvDyTUlzI67ZcXGTEiWH6Zmp1bGIivTuq1Y/dTPVHytz1vvGNUaACvhgpLmE46F5GUiS/8Ws5oY43sMb0ZWXlxOjLKm/fXCv9nBOXp1carvUdUpNyEymRGh1w7ObOqh19fDFc3qoA8dCsHFNBXO/x8S4QDyMjcXy5zMmXT3BYiVUtCUeLji1GFk7kl9kP5VKnxsuC/0f2iwFShwbRj0/g2tQRBO3Pr+3YKze5oS3lQ2I1vecSNJTrdT4oMDH0ZsCXHX+L5TjCSnAzRNyAAxHgoaOqUSZywhuG4LuLCHe0wzPKaZOs5+Y3nE+9U11FIcEizk4Umy3YjPPTKQIkOxgvY2AUsCr1eL2TIYfZL0GsFKZ7AbWb8BmJNlE6rtZdxwywskRzo9PDl98vTZ829efHuMx0lKJsf9BnFpKEGXLy37wRCCC8F2+uMX7ru5AnOkecdVH+Ls0/jt8CazK0+Hc5LSct6P8HdWOnnXyD3oxgnobzvjiefPn3/zzTcvXrz49ttv+xF+U0lxTQvE7PApzulvJk4gdR5kcy+5rFzG4UGtlAAKsUcIa8fRoSQ5ziUi+T3lLJ/HPU7VgXj+47UjhKYD9D1j04zo8xx9+Pg9ukx1iJR2fsOVcQCqujqNuZX1AeMkvdUWaj/30xjcV6GX0fgCG5cjnjfTGu91cpB28xqXsGAlT4CZPDC1C88ZyQqlNmu1RZ+YYyw8pnE4hLXzl0pQSVpZG2u6Js3X+xIBHzV4NMc5nqoTHWSsG0b0elrfALXIrX0GKziyEK3fUTn8czzdr9D09QjA5lwImrQFFmhc0kw65aiFSImn+6Kx2iyGQtx2Tu5zpioqKmu7QUDb/WwrCY07Wv3DaJPzDyancX3pHMpESJr7/jUjwV42HvSTYd53Pa5hPPRgpzow2ll7ZO5eIkC7L2By/wZGS70qlBf9IS9PvKn4s96gtA/hy1+jrKZlf3cpPrv+2S5U/B1prylgA/2Bb1U6aG7Q+3C18nC10hzVw9XKw9VK30l8uFp5uFp5uFrZ9GqFOKUnyL9DvQ2Md0TiQ/9kdMerZArY75Sc1BqP3RWef3Ft8eoV1OHQCYPRCSTZEN2SRAzNS7c6M4iHgc7qUJ2XQuoISVimtrBn9d+PM5KjX0vClxD5poPanUFB85QmRKDDQ+OPnuOlJUhNsMjodCazZbh5XLinNyKAAaPSZGZKb6O5JFOdLSQQTn9RZGuNLQAokhmZYzc35pxtHRJ4HEuuA07NN1SgE0jzGhOJT1DUyeO9UAF1jMo5q3n1Xnk/9c7rrFxrCaRNFZyA9grwwVzB+RLd0TwdKkGjRjrXkaL6BTnzrtB0hqNamozoCzK1iDapE8ItdehuPTWSSkGyiZcLkWv4wWz2v9/6Uvk6E5PJ2aR1R9HXXbtT4WwJmK4O9HQvuWMat4Jupbr2WzZnwrHrfSO8+dX9JmnIml9iDmjFPOSzbPFBZ2yKtJea0yTguiE6h6dhyLQ1fCxPqgF6WcCCzYmc6VHjKrV3iN5W8e4g9WxWMgQP0zlRp7C9SlO/KhDV1y6ZmU38yHkLBNukWAQ5Tfbe3NyFV0Hd2upFY6IjuK0xiq2zSRl2vlkKNwzRmPAxkQtCFA4TG6jEObZhwxqBia3Wic1JxoQaybmd6tXTar1GjBOlNIAdkgEsLMmU6T+D9G9FRHxC4znVwbz6LFBN7ZzMGV8iJf4UAAsoreWi35dZTri+0aVVVrp5TSQ4VwOFzPTNDvq9iq7Ll2rpncPTyd8N8gPVidCkdDdea7XPFfzgZG1L/ZvSe7iAq2/6hdqX9nYySNqxEANY9ugZgFdWATC7x1PfrDWtjzOftupGLwCq5NMtvHE7QLdCYknUP3CG+fx2iH7EXG0ASOeflBBn47QTNlHaygAtQtWjyDA4kUzghFKeTW4WThJSSMh5NjEU+nSyGs4AFRnBAgRmABK80Aku68qyYwSgu+WA0Tt0uZdDRssJg6Ft+Z3KMKPTmclEiJ8ALSt3GfIBFVoQQdqDWvYZzs0aDnVmyO3AxvMIkguTBF8ZIzhkK0N+RafTZbHNDOnBBuGCkR2wQQCxFCTCBjFeKJWtCTeVIGPjXKFHtg+egIR0fTIluJAgeU2ueaeQcLanSQaq+IPmITM4Bqg2/gyHHkjDDXZpb73jBTY8yPpDnKZqr5sD+xAObJLehkt5O6EZOUw4UcfnrU4S0mmJVFQZzfb8NCOlCtccDO7ofoU1KrAQal4PdTp0fKFYKRO2v9tHNRqDYpUov/Qee6uFc7PcA4+FRRjmV2EInSlqW9pcrur81y+blRJlohbHZFJOMM1KTkLBHMBsF9Lr7MgQZKuQ7rkjzRjiC7yv4hEfCWiAWvE2s1K2ZG5e6RHhewaBNS7CocqDVgwLbqQ2E4qlZbb3micai/FV9ar8oUsP+MIk+MKDKpyPSldpYNzVrolu4flS/JrFJ0ORJkjfm9KNZ8OgaXNnsFwxtfYw3pp3b9EjJc4EkejIaNmCyMdqVsLRKzsgdKiUY/WVUs71dIEkDna5P81a3VeTrb0qNX+PSaameUWEroMErij3k1lvxcCa6mHdbR5oQC07TJB7wqnsqwG13TAefNMzp/ra4KsdaZaMmnLz48w4fePxa+4royrMCVwR5krCeTFvzgp0uddqfb4WqCyQZDWpG5xPSiLO8R1BYFMZdJTYwhW5oEKCVan9fJ3FEEzSbbYx5/8FfVJMJMscSwJ5wVS44kNUV7ASM7bIdYBZIrMlWhKp2PX/opTpQg+M3wUglf6gZLtAC5JlwaNLgf5/fzk5ffrvNsDNeddcRMn/haIRjN8pQmBHgSej8pEFAHVUIk3uRJRLD65JgU6+Rccvzk6fn50c63jMi1evz441HdckKdVy67+CdVMrp7QQrdpx/cbJ0Hx4cnwc/WbB+NweQJNSqSpCsqIgqf1M/6/gyV9Pjofq/05qEFIh/3o6PBmeDk9FIf96cvrktOdGQOgjXoC/zBUBYBO4O+CO/T+ZMM6UzFkuJMdSO4K0n5fKmFVhxLo+nQxX0Dwln4n2ZacsGXlB6ikVavlTLbFwrl4fkxpEXUmApLoGDXU1s7gSRsTdm9+OtH/m1l9ewH2GJjgLlPaKDP9ZY9PMsJhtpd5V3FUFX8f+df7dxcveK/cGixl6VBA+w4WAmnVQxW1C8ynhBae5fKwWk+OFWQfJ1HSBDlUTOKj34roDtOT1qILdxBq9NIADGawERI5zJkjC8jR2PXBp6vQMwUQAHtN/kzwFFrvLlUwCaaVtg6raVv1mworshDiZDZTkmnc1hioUtqkv0jnpnS2xkUXgtlY1CK/WYlB452uBXBmiqsagcdiFp44hO7T8M05wukSPyHA6VDYULjOJrpdCMYkDLB7rsyyAxwpT1QKirhdUxPTa80qvd/g1dpAMZwirbc5ycF9evjR0HLwqOSvI0flcSMJTPD94HJqEeDzm5F77U+0n1zcHj8FFm6M3b87m8+popjizbx0ePzs7Pj6o18hyrhptZPbk+lqRp44lNcawht5IwIoWUzIvt2nU1aIrTZwKSfPEeLD/w3tmaoR4P1nkDY3EGOFwepqXh7Y6DZAqdPXBiiushI7rTaYgR40YLX4ymmtNszZwqitD+RUPA5jjpVfojhPN63DVlOBsiG6rcd7qmwW/Bqt7Fi7NZ8lxIu3x4lM4qK2bI9YNgfqVrKr1MbX0El2jryiUHsXgwkGdwNopowwgfcMXWZyGzKpeidDr32goBJV0rFPeZMoVvGaLEML8hYuv5t/N/cAfRSW1qqqGTZtAidk1ROi6m02L8ZVbzbiclOCIThJOJL1X2r+apwnlQtratW0DI2v5/NcdljqlVg4KUPlDcsMIIKohZXj1iDgVdyNRE4FdgnGSMdzzhvYjFXcIYOtytpQ1LDQju4VRzJFgGbh7bKVD+98nQdCSldwUBvpaOGvIqARqt60c4ihnfL7GAq4x1vfgq6S/kRTwrRj2wF2XZaC1HysZcnJ83FFxdo5prkN9dBVZNR1gj4KzFrz06gA2hZO0808IOq2dBhVxAir5AZgF1kVPBCEIG7crDEXPrVdZ0ZSDilxwT2hWKwJpL7PNdffr6oW2eTwHKPUbU2RcI+EdFlw6CzRWKp4VheYiV/0OwTb2WhL8G0D5EMiwZejsIYeFYAmtql2D3WhLdwV1pvSkHRmfib1DBSYeIDljgpgCfdpbDcgurT6O3rGcSgbHw0+vL9/9bIv5gT/MpDZDdS8IH9GuXutPbSZn4MmE6MNCvV4fg18P0jh91rqRrQLIZWVAtW2YuCYcLPMVVkQxk/ydhZu1qvfIp0SOdoXzBsDBEEDtEMt5RvM7EcUNCIIYsy0w+8IBVtNBb2xx2ODmWMVZxhaIYLFUcyQJsMp4aZjNgvC8H846LYyRVp9Q3/+9xXhgDHCZDC7OAUoph71mpvRxdEpTElQD2AL/S4DUki3ZyVI092OAtiDhUgGqXFg24EdLrNz928iZGCmlF9uwI95S+ijcHij76tPly8dakpjT1IvUenQND6vJQmyR12pxOUfjws9Q3ZZrANrX4ALnjSQ8l/axm6m54nSO+VLLNpiT72vDjmMPUjJ2ht9PaW/FPd+cPd3mP37+9DhO0DvFs/6q0xyxROKs5ouNkibob31JC5xETR5QkBRqSJ9SIsT4FplSaXCaWjPmVkG7RTTUWeCS+DYuYuZBZnI3kYE+HhD5VmnKEEwFk2QiJUCJnrNU7aA0ij3ZB/Y5kVjHlMPNdRpRtnyGtTlS3k/9owk1o3rRhHNidMEqEhbeEUal5EoEZuQe543I4CCSagdRX7vxuLUHreqx2wL5ILaPigxLpWX+DqnK/uUjkBZZd6/lg1n2N9UvfSvk2uolgY5tqpyihM2LUuqoRlP+A6LGIaLPaxMT8V36fWIqLVV3hcm9EMWwGYwu7pCvDmFUIzWV3W3M4gzzdIE5GaB7ymWJM1t8QwzQS6gQ4FVD0ObOD+WY8JxIcKamZNOEYzWqODNsfwv9xsD2q4rE3DfSK/lvvQYLe995aym8hfr4auicyJLrEk89i5Xsa4Tve40O0jWNjw/G5Y3JG8unnH62dqlJvymz2o34ryXOQIqbfF8YmQ36VcSYYKcqxkhpKzocSai9Xau/RBKaurLZ2kiWTH3TVm1hn0Gtej/HPHznwjGqvckzXUV0HZUBOBDMZZ6T7+oIoPl0UmYBMJprD0yvwi5nQdJHaW8nb6EfByzhsDlJu07iB4lBC5t6/mVz3t+Y7bUC+76727Rsr9eMmxI7tgKZ6QVhPCJB/TUFClpU3boaSbehe+5ygu7nA1u4xcuUc+J34Pv9vYI+nlMngFgxYQ/Gc3GXPJlRSaBi38aTWl34fn7xfPT8ac9L3Q8F4VhWzboCYiKJ7szXcc1hXsG4BhjeG+slvavN9+G63qwuHhbMaoT7K8tJCbf7ZwF0yYqRmdP6rbyavgK8UuEnh64rXO3nRhOrQxC9I79tH9okd95qcgHwPSSfNtbdIkaPoEtbQnLJxACV4zKX5QAtaJ6yRd2/XRU2wnxB8z1m0lbs/Q4nikn+62CLwWqDPkLtBM9p7RDelt6UjCnO16H22pBhlgJ606QzLAdIwxpAp4uxSP1liQymmXy6/WhOjocnp8Pnhzw53WYBbD4lKPEcL5CQHEoSRoZxpzTfbKejeDp8Ojw+PDk5PTT5AtuMRdPXY0gPxUIiq/tQLOShWEhI60OxkIdiIQ/FQmokPhQL2V2xkJmUNS/0m5ubK/PLplXYFQgX07JpxVLd4Go4J3LG9uZafiNlYVEhjSoal/79q5sBuvpwrf7/p5tuiqGVFu9ZmXyjxCUNv8q7gvm26GPkq1UWZ0dH44xNh+bXYcLmR20jEQXLBRkKiWUp6jJn1Wj6hxub6dfYkMbWEDtuFE+Pn66gd8zSSBbL7jIBJ2WWwWRWRCuUUWp1r8EF41lL+nlrPZwdsrbB0VKbJVKTJWPTUBy8dT90b/+q/6Cfbl4VgNhQDMCUNKdoe+/aWzatTgYbNdqW2gl99EiQIfvj+cf3twN0++rjR/U/l+9ff7iNTvOrjx/jQ9s6Gag9awYOGHAqv1uqgfkm3VrJGK3TWNsaVQtaF9Tn9cIEQyMIi4SN5L0RgBuTic5ezqjU91gSlRCg7BLPC8yjdYou9X0Dx67qEbo1KG5N0L5mVP9mQtl8Lmy3CONekc8eBpKfyFvL4zWDHzQGWHO26quRGb4nLsZfKB7TV9WJLd9UFBklqfbckjxh0M5SqRpkESpZNCcCen7cm7ahGcE55Lat7Eq6UaoQEszkAH3dyBX6tSQcrmGMd1JfrvRKFwpEkYnaC8XR++DH/rfkNgSw2VQ0YfN5mZs514Fm7J5wK9DM7ScPgwjN3afpiWkebXS5asG6SOZ6FKD1SGwoQPd+3+265WsvNBTUYkiYpqGV2mwnKapegf71I53Q+CD2dcVyqe9RP1xfQphNVms9r54ZhkNv8ZLwIZSDHkAxaPX/r0kyQFeX7waIyCQ2MPV6fEgU53ikTYZ9LQ9Cl+fvz9GVaS+L3gM29Mhqg4vFYqjIGDI+PdKRxlCb6Mg2pD3U9DV/GH6eyXlWc4AjdC1xnmKeQuCxrR3gutsOtajBGZ3mOtVUM/h7Il9nbNFoSo6QeK078uoNBIkuelfaVrax8UUZ7HkLX3GcizWKdq81/deQry0c43srbpIocyEJrgoKEPSDhu8bnKHBbOlFmWJH9OjTy6sBurm40ix5eHnx7gp4cfg4Ngs3F1fxefC6kO+LGc/1oLS00I5WD6vhDRvMzcdUcsxptjQR8LpMQzgXM5pPhT4b5zThzEZf68nFmWBVco//srhbFmSAaPJrmLU2wQkZM3Y3QHJBpdTBA744sGa3oLI0J3RVBPCe5GmNwioi3KViEWXcpMjeZbgcIX0KHqVKDF5e6YBLEZKnll13rV5QbtP0osx+fvkuvsx2K+5Fn/7GiUqLRrvlEPk8BJtpgDJg/l9woubYsXKEqsBwjY/FNe7ex2BeWuBW+/O6a08mNgy/ZpUrRUKn9lQK01lNov0bovmYlQ1J92+IlTL+gOaS8NBM0A/Uvow+KHNIt23SCIVJ57govJKWpqqe0nIOoQsNmlcpDqYe4cCpMXBAhrtGl0CxjKzgfC0QXEmoybunZNFWIjVOiZ1qxlFBOJ0TSXg7ZbUt4lFZpywgSf0vRCS45DyLKrqj/EVrcOKE8QXmKUlH+wl/8RpZuIQxEznvPTLmV8HZ57g/4uTb0+HJ8GR4Gh+FUYPlcrS/QM5zyOXXtSeBfrAwvNYCl1e6MKKRddioCdiNrS4oUOULDRX5oTNKMZKMZYd4mjMhaYKEUVL83lghR2dsEbMt3xLMc52rhaVzqU2pnJVjcKappYbivUduMg9peigKkkRX5OuTs9mH/yXeP33zv959/+zdP45ezC75f139mjz977/9dvzXr0MS9tLRosvfxSTOTLg3CGvwOsJcj5kyZayMbCkIcGsaRAAEU57Kbxlif7fVAQbo1mpK5pFmacqRKOfRCXzy/EXLQbdNy4yVc2KgbzUrBkZkXqonkZlxD1fOzenTpkVdC+CxIUvhrz1jkHMHrZnsV5CE4szK1oHLZtHhmpXWZ7KLXKu6lEiSyIGFDK/rxMDVsA6tmWBOE69QklUurR6HUVIKyeYu+FjDgR6GEE9qxlXLUGT5hE6hXJ9kiJf5GuMUbCIVIq+Kmw2AnlBOFjjLxECd9LwUel6k5qKjgsN4AIgNkLVnlnccCpILxsUALcg4wOyBh3urjAmBYkDVfJ1fvTNjN44Nu8S+ZwNnWYdjw+hLGizcheF8OdBTqUcl3PoKm4ip11hUh3/HVNYTItE742P8tSSlBole3byFKHiWAyvYI8KUUAjreRsecfUKoKJTSqAerhk99EZ8dXE93KCM95drx9SIzvuCnbUcnzSQf8ko+3YqGsbZzmhwQlCjCNo+RsjYrgNCV+xqRUftxqeq8sYpzvbscnJkaGzmTrxJzN5ipmdhO1e3PLYeYJ+KiMqkB1e4EpT2ZLPurArisiBi2LwaCoDdWuOA3w7QrRXG6t80FfA/hTAlVj8v4R8sy/TLWqSrf1ViOX7DZME+RCg/RCg/RCg/RCg/RCh3jOUhQnkbgfcQofwQoRzS+hCh/BCh/BChXCPxIUJ5dxHKjE9xTn+LNFD/0HzSPyDIB2uPY5Jzmsz09IFXq60Ly7zA+VIdunpiHGDfyqzF8QzDTnUzkhVQuA1zjvOpreEuTRcBrwA8znVAFoTYhM3JHV5/MJtGWu4zUMhfKdSoIPT71hDx524Ycl6tj2aL5dyf57a1lpuWcquVHLOQo/ZxwzqO2MZrclLEKt4tN+3AGq7bwtGBbL0luu3gdYbYsWkaVvA2dDbt3y4qN7J9o4PYRTD8Srt3nQlvNRCj5Des3m2o77R31xnDKlsX1S8IzQ1JKPaugh836craKuxcM8hhy5c4r05K6GgB4R32ziZoqAKxsq65JE2Pgt1rgkv8UGgtk213q2FB01vEJpLkSEi8FLYioO0Bqdu7KoPUi4BJWEG1WQ41nzI2xpnXFciS7Ck968rS3nVn+t9iX7k5CiWiaRRjui18UQXBkhQRc8jkX0ABa6TUSwIlT6Ycz43ey5Ggc5rhePBO64CK6OTuIK3JjqbAUDunUdinKnYyjcQo7HZGMZ+W85auzu/wUhkQWu/UbFxwJkki4UKZSnpP4jda3vT+dCDE7GCADg4z9f+V8qD+1zZLeX7wc3zw5DNJSug9sK8pOB9DLWqig/rNHrUCokIfHdVRKfjRmOZHrdwD0nHfqwdIWhpYqZHA84HOHdEbRNry9li4seo4zAuc66hYvydAeIPiFfhBGI05Wwi4y7NpOIYgO5cLMkYF1My3TayU6pq3ViqH/jzpcJtdVyUDnj7tfU8FTQsuX+6n1H11bp8enzw/PH52ePrk5vjF2fGzsydPhy+ePfnvnsf3je0G7LOpKYDfQvqC8TuaT0c66ijaxHQTDeRoxubkCGd+5d+VpBtakKPFejuDIz5QN4xXO1Q3PgY/9lU3qp4sRPe/tEUwJzihGZVKbSjoPQNGxpyV0AO6oETXH6469yGb7gfPRL1quQnkFoRA3805zpfK/EhIFSRy4yN1MHX/JLh31obnfIAgh8iFC+tNRY3WIAqWQ7qXSc2qVONbM21D7zb4HNrZcSKJ3w2sCtQgYuAlvo0JKvOUcNsT2liFAxOWOUBBX23dNXuA7EtKBbLxaH7s6xBd6pL2Zlg4yyCgU7KKZFrcDrQyh0G7ys28wKRgkx1weYUkp/cUZ9lygHKG5lhKyMiCm3kJCDCHXlRLSDdbqonykJzh4XiYDNPbTWuZRkJmWjdS37CZ88zlmqppARZitjBaLfHUC9poxOtdbxCtZz6KpL8ZToM6bvH+6XAo6HgpTqaYpzrgTEAd84H3ps5OGFMXA6l0YZ3BkzCeCt2v5ubiyhXi123/LGWanIRQ9beZKd2YPUPX/3hv4i4fCVcNWoGq0GvwuiadSzqq4zBFUrNlc/C1OP9c2M6rIA5MoBzCiSyti1P3XSF8jg4cpANdeXdiYk4s5rxGrLCVKeGxMXesPzaSJmgr0iVagIkacJ920zjuOgCNobupprwK3aMQ1vhLmSeVDWWa5OvvYmCqKcyZ9IApPtFLZHpYb5X4/QWi1vxoseDVCy0ja95WSOZTP1xe3T+vBGvL0bxGVtkahgXjspP6Lx922EmGLtW6D0oMW2oENex7iZSv8ihePO1H4ncQOg/1t6s8LxM7Zhrxw1ZrY6BtYtgransqyVcmpr0PuQ1SH0IkHkIkmqN6CJF4CJHoO4kPIRIPIRIPIRKbhkiYLPOmmVj92P+S2qas120S6T9ThhbX52bV9UHHTWD/diTL4Ba6LfhhQk1X3+puB6o8aG+APeM9H4pGr76o5TnsoFnJzqr5e0EG5jTjZZ5rqxkG0FaFh7qWwrq4f+b6P5lO7/Z7/foc3xGBqLLBhKDjWjNWyeqz6qXE6RXMvWJd7aS5fgDWvcMJhBdwSvIE/MJClERo61HB5CRVgzHNR8DfEwBUKp2JdbF9AGlqmxe6fKw8rXgB3hE0n0L7I9PUpE5pdaX/5BvyjIwn5BiT58nTb785Tcfk28nxyTdP8cnzJ9+Mxy9On34zaakJslW2UuUMJhkWkibavXVoRtXTE+wrQpbnq+QVs6c68ld8WecAQEaLaTYC/cbA2eaKsmRsIUDqLcLm5Ha6K4MPmm3Yncgr5rZteNRz03ggZEgtrcOexDpAynTsuLVMmFftJQIQ55muO2XIVayRUiE5HZcKjK0AovmFl+Bfc+b7jAkp6r3Xqy2i/UHWL2IHrQsPmKG13E6aKkLQiZdN0Ct/5f0lgGGZNFS/83GSlULWklb0lc1rxtF3BEvRBEOFmjXbEhyjhBXO4+7mEXpxBXCNN3mCcoYsHNc5ZR8NLlp2xDp3Il4+10a7AQBYv7dJNdadoyJHTyAk1fnGamxsSVBQV0hLAFjLMQ0pDpllUFs5V3omwHAbTGR9m3i3WnIvKXYXpiMMIKity7rBPWvz0JPh6bBvO4+/m7CXGuv4mkof/qmkI9SzZHdKJcUmSpNI3QAvVFhcxI3SZWPM0zJPpJiROeE422MNjlcWR0NNqfQL9IhO4CSHFryNmC3k6StV/yrodCdsp2FO4ObSFGNybE3TW5Qy6NwVr130Aj+dPDs+nlQYHUPD3VRNx/V/66fi6k/6eNxdc9JqCbVP7sh62ANQ/T3sfsUT42bfUIv9Aj5yXa6iyQB/Dh95jPrfwUfeRcYefeSaP/90PnJNtnE6+6VRWrjoj+Aob6e5Qe+Dt/zBW94c1YO3/MFb3ncSH7zlD97yB2/5Ot7ywJIoeRaaEZ8+vu02Gj59fGtPWNNsU9cbLDIiiXo60Jq9SJRxNTBxdVDJEMvZhtp9e3+AXaXE2cboVdH+kkO1RRveWPV6brUD3jPwnWGp3m9WJhv4ZXhSmMi5jjrHuka+mrwAIET5YQinxAnEwGZsarhOfU6FydL4pRSy6nFui89VE960V12V+0iLdAseg0d9gYUjeuBWuq4htRmx4Tz75baN62aYsLOnT58caRfO//n1r4FL5y+SFQp8y+M4t6jJ3BenXE7cWmk7l86V6WbmEAIYS6EdoAMtZqoC+C6RNYB4W/JsqGDeDtSCQ8yeDJaIk4TlQvISvDOMI7tQmi3DHd9g0dqCbLQE8XnWW3xfM30N0N21kW7pM3D1og9gIAct21B3bL49u7WNHArsmcIAuX121jNOdzPal7qTd+tow+WKDfsy17kPivXU7rfyxQRgMmOnmDqDUG5aR6dmSy2ywT4Kz+GqvfhQu/ahMLlh7aAaL/D4lLlOI/rT26ZZ5KY6HFGLPRv1irSHH+eSTIPbg57OkcZ8P336JN536emTNstbzvbFG1fQiKONM8y2rbOEJQxiwvdFmdpkgMAIK6f0AK36ic6wrNMfgHFjqYmeGJvDvv4/sK/JZ6gb6hW29jFCDL7eBrYxTQAoZwoOcLIrcueNBT53zzDgHJfSvRWOQNYmQnuLq64l80JWdMEQ9BvhjZSGULueCe4H0ZjIBTGVr+WC6d3elg3N8XQeejN2y5eMS+9WARSmiTTR3rd/ufWYVLKidTH/EhXSlviWsZWC8H1mYX4y8Gt82+p3E6IGe8cSQMNvp8afl5pGL9bMkFCLArfi9YuBeIUGeFVrvdD5kNxjj+UkQ5XqPLQd0lzHJ7hZAcvY95yrXygRegc7UIBohoWuOy5nOIfPaTqoLJEciogsrRYO8gEurRCbVDTNetaRkLxcVUZCBwIHP3kuz+D3RnGJSAGK8GbnjxDI86F2q1HWA3uca1+tT8v+2E0gCc7GJNAHurTHmTrebU50xqaVctVBp1LD6z6rLZIHz4Fg9Aq62wS64wrJ87XQVoYiRVeOvsc0qzJ0G4STOab7s47VxgMMVt9roWKGxd6UIBNQZoXALAzq8kWTvoCGF6FmEMuXc2jDpF6JHEKfBJmUmZrlW2ANKH7AzR8QfuNCVKDwOXA+zkJxWOtWkuBcHWjmGG+ZrvrdwE7n63uI6nACmmqHAJyvQ98FEHT/c6V9gTShWC/UmUhChMB82XLyhKVyqvMH+b+vdwppkPYsqu7YlaljKlnY5Gx7Kqpvl9oz4sCJGVuYzokLMna3+xCW4hVB1lm6mCvdq3SEB1VCfh/nVVuryq4NY8ZxHwZ/VJMatXAO3rHfaJbho2fDY/SIXs1YTv4dXVx9Qvrf6MM1OjkdnegGUraWz2N0XhQZ+ZGMf6Dy6Pnxs+HJ8OQZevTDm5t3bwf63e9Jcsce21iUo5PT4TF6x8Y0I0cnz16dPH2BrvEEc3r0/Pjp8ORgnZNkE+GskfWbS/+CqWKLNaqa72ZP/725knVKgmvc4XF8EnWvieHu5lKzxvpzaQh5qNb9UK37oVr3Q7Xuh2rdHWPpVa37L+iGzAvGMXiiPkN4L5Hom+ExSrGYjRnmqbD1SYb2E8igKIVEU+auuhIxXM7hBgzKCCyoIEgSIQVKWf61RFUDWxctRbD0zxQ9QzijLg2mwHJ2Zk4siKRufl9rktINw73sD8R1boYSJPbJh5cfzmKNyoy/8Ygk4kgnbxydfPMioKuGq335W9az3pvFnNiGsmtyDyGoTV13QThxjax1hHR9QJ+KVFk/E5oRNXtHlIojc1OIk4RBfYpsOWzR04cFlsls/QFdqc9iaqWvjETQzWnuOs+sge6d+mwTdPiXjdCpzzZAp3WZ9fH5+pALCrCKUQsuJiKj88L51hlaXMNpQdpYwR5IY8vXRGr4uuSZ22pw9dxrA1yXnCZYYjRnaamLcpUCPNJDP+TTi3rY4X5uXskEF3VfHSqwWrx95ZTZ7/RfERQXtot+wuZzlsN3LrDauoHAs5GZuiKm/85XoR0aiFVJ5+S3SkVvitU5nXKsyfC8nlrYat+tAxFAP/gPqLUm8bw4CIB7pcHUBFFO0gC0VraD9yq/WTlVp9HpczlDp8cnzwfo5PTsybOzZ0+GT5708Bs4kqouoXqiMjY1FXiAt3T5FqgpFgxKYleMsK2KkGnLvIR3tbvZ1cOSqCA6WUnHvRDuF9FxMHTWTIBYr18wj2z8C0msrq//GK3BrI6bQILZxn3AQjbePqCAcF7b4b5V0YLklfqoZk9BbZ40pab4kbKuIAPAZIYBHhfs39YyrpZutUmOB5Cmp9psxIxNq334lk3h+NRddPNVezKzr2c0D7dcMIsZmw7Va0PvWjhGfLUzfFOxg7MBdy3XWJFiRCVOQ9+eJRvUjlgJSCDSYXhd1Tw8Q7dH95gfZWx6ZER0xqa3w+Y4TayJ8QzvarAmYN/GF9SHzEzfQjdudFSFoUeIZJOJILLt5NpsGTRMcwQUjENjfrUWOt0HYVkjxFTbDaiQ5LMli05zxskIj9k9OUPHXcKzgzTDx/ZwAoJggpx70/JwjTohOcHzXa2f2lcaopbBigTbrBrTnHATymaE5tdCpqyUXyPG4d+E869D8mhelMZq2GxiAIBOgKxxU8VJ1YFQi5KDhdZbBkoUVomiDocton+r8xWZDko15pRGLsJO6q+N2m7EcmxR1LSN3HHWPchLI101vikREhW0IMAB4ArWcqA6HAOOMHwjBohKHalWueB0bwATF3lbnfi36JGLGlSLa8FXx66CHMinx3pGvLrRJkIo5MWlABGqa0cud7dvDUBl0nNcpZ7q2pyUcSqXcVLs052RYgF6bWKdVIuTIJSlSOVylOGxc1Ts5FSZlXOstygoBhZR96LsnQyLqEaGK1Ku617vkgBfqzfgI2fJJFupHradwfCpxRBb6pmUxVAXUBRkSDJcCKIFwJpW1yv9qd6ONmjIWCqglVokULqVZhlV0onlDYUwpMhIiVFG8mlNs1lN04U5mvTHdhre3NxcVdSMWVpf8DV7cEQvEWIO8jalMxYEELLXV2s62mo6fkYE6eUp0xySYomV8hKFog3eXnDMq0YLTjJWppUefKH+tHE0kKaPFd64OvzOPNXCMwk+FUpnq+pY4DQdwQsjC9JuYMZb1Wf4QG1wZe1UNbKdamqeHH7u5rf34XZWnyhu/56xaUb0iJ3f4VxNmi4Fk6W+HVYpbxIPHWEw1BWzXnu5DZotsFEluncDdEVfaLoaZg8mq0Gt/KkRuKaWychTw7rBmg8i3l4PqvFq6FOl00vhg25+1bFeYDb3nGCP79og6oysXtDMq2bXpSy5A8Yx2+6l/TvCwvoZFJeoV2cwz9QGEjPG5UhrkNVBh/NkxrjFd+i2XIuPyJHVR7yGGZ6gzId17DeP7qmsA78hRwTdvLKjNsToCwcA57JHNQFKYR2XNJMo1kG8IqXzoOhFyYXDGSYyNnGBxiUa2AIXEep2E62g5RJmQuNxDhNzC21Y9o3+KwLkMp8wn1GNQaQ+t1WQhh5vqt9jnIn+518W8105JjwnOgvf4P/B/y1CRfXcnWLhkVQBRT727o1UfbRyMwVEr7ehCpbugKG8GShYiiqJXkdVbrttPUxXLEWfLl82EUFKY4GT3Q2qgthExtJGXMuWyFhKWqaw73bsh0hDQ3NcNDFBNKFuabgrdB7IOM5dijgPbxJIuy60OxDyUbwarpEwuMDJjJxW4uXgXP9yEJcu5il6Z/XuUGwYV1RMLFSY0Dq+dYswrI7TJkD05W9j0uqRQatPI2Hd+VaKWzqUufbST0f1Q3XqZKHAlTVnkoyC+jtdy7qCTqBV1+f3S/XoRh7hQRolRxmaI6HsonqVF9RWIAV511axj1ZQCx4GyBJXegcACCvH163gTvrBKm5EPcW0Ufuf1kpdVHMU6pzIGauvwiqQxkWgg28jEJrJ5r2J5dkwEj4beidGsQCknlTHPq0YVq9Gs+hC7ykxXhOlwpeiCafCNCGc16L/1pz3KIwghGUDRrE3//UlaOfIdkx1GYRa5AVqBKo2HncRHx1AC5yq/FUVS7EFljgYh8SLndgGSRSMl4aazLZHEgfTGmu5EY4olGj874YImBjGXHl1RKMdrX4tJieOajc8UIvEiaLazSIxsWKdYsJ5M0xdYn5KWIvesIlU6ShM1Z90c+09JWy4Al6vekMbIl4BsbO02EYoWyGtqky1EbYuYN11pjZC1w6qTymmbUbYABiLx0Gb6PMm49Zdc2o9XsNdS3+HYOjd6e66vr6+aKyKNEnoMqybEkepaOTb7oCMZqlP0/gLwrpcTIC+tFPzFictDO8IafPCPNYgLGPTKUm7JyRs3Iu6bJceGG2vTdshtI5N7hSbDNuR1pEFd1shvo3X2gSIFpylZWJjFurzbH0DZUpl6rsG4IcWz4D2CJjWb1xA/Bu873ZZf1eBRYzW8RTUd3oNO+pwG+iQuHCKt5Axb2leftb44cYcCpjhLPPrA6csgWbMJEVQZGNMElyKSJl8eHmZ4zlNdLcLzJdovDTgqwDY/n6IhPF0VAst7Mk+XUg9rShLR7hsbJUV8F+7RHXTYlKadAYIv8lSg/zypS4NYh0zENgJ0ST1gv56CqnQUOOk5mSxa1JzsnCkDr1Zu3xZK23SJJbjhKBJKUtOHGRWjVL9pAvsEcpNCQJZ1dt+lNG75pE8Jia/lzMmH7cvmFjXn7NyvUxj0D2s2G5pVQtW0TpEl7Jeg0ZSUisNhWxBDslqCzZe+sCiQxDk15LkDYN8m6PE35gWvPG2xWnASbLBiazzQBJQvHW4EBaCJbp1B1T78SJ7Ymibx3UfBeVltIF0A/Y+gVNJ5ls5PAGArsjQNUE0zOztiUZ95dpDpzTBkggT4QmPWOkiYiWTOKvTNYxApcK+RQX6jXB2CB1Q/h1hEwPKJugY6idCnUSzmSaUCwlAW/jueP3RaZiYT+HEtCLR5AUmOMviqPgmHmpORJlJLyrR4oA00cQ42SeYZiUnLeJ0PXN9lZPfXkh8T9jlVZCmPcVQoCsNW9PcasVnqDQPpdffNkCaAl8f8mxZ1VLUA9ZIwr41RVYqyUn9/Jt6wQ+k5WFaZ6Qd+SLi+m6P2UOR0MaWEtloLaN6txRBmGcbMX1cCjslRyPsmJ2+npytqOquGY3Wce/E68SvNT9Zj7rxaANPyVZT1ChXbSy3epFYa8A1+i5FcATvVPe8MTutWYu2t7nWZonFAhgCAAd+4JJ6288pr1LP7398/5/iv58cNMy6+nxX+RUp+dyN+VK9Aq/Hcdo05ENJhDyElId18dPWi32DnaZx3PjD99OXi/Gnj5OLvz/75vw6+XV8MV30Ry9mmKed6F3xPXg1TsVxf4RwSG1udHd66vCycZcYDgY2tHorTIWhwmjQxhkvSQpahBzoBEYoGss4osVINy08qGGpZkJ9VX/avuHdhlLYV5rmB34rNGOLz7BELElKDvH+uugXK8VIByqMUpJTkg4QLuVMWY1aXo6UGgM/197Sf045zqUuep3nOnUn+pv9TOJ5odSRkcsI5mU+wh4g87f+oH3yQvzrT6NevtXz+CN4Xrwc5sbCo0fNJ7bs1sdX1zfo/OrSfvzY5xL3nU78SQj0SzEaWvWaMt1zkj0e6Kr4I4i2eqR9colS09XfUJch9el83D53FZyN5y1MZWxnQc9vXMsoa05aO8En354OT56/GJ4Mn57GSa7p0lUiDM0TWjQu35qEujfRI1s39bHeMnoD1LZFO60jt7HWn9xa9nMbrb4epj/RlCo+Ip9JUnZOpukfeWaq7h/NMW0MZzWpZVAXLE4ncD/JU1Cr0KePl61EHY0+Fzi5OxIkKTmVy6ORN9393duVYgW81VtAWl5cYxYvMoL5dcJZln3UX68/hwbtaMzS5Upa1UuNcgp0gkiujK0OStWHcdqCG5cqnqTgpKErb3n0Oqs32RwmQt9f2JyeWqhfDKWPtphhEeeiDYxt48l3TbIkU4QBinUt2/2Za74G/P2FjThXkiJKqLf8pa5xMRIkaSVtkjG8oZ10UaPEIayq8VjnzX/ie4zuKZclzvzg+DjhIuHleCSW8zHLRlLtCcgJ3Nc40BUuhUnlpblNDERJRjDUdSgLpGlBQEvEe1YjHEpUfQHCe9Ctq9GvontB8N2Ik4kYGaco0L9Hym8UzaJQumyFEcjQ0YEEWjBXg2onvcAcZxnJRpyIBOdfimpvvucYsh5RRu+JCU8HZ2xGEC6KzGgZkFYvWVE0nWb+dT8WYlTmGTN58F9gJBob8EsOFyBARM/ZT4rST9dt0hgTyj1pvDKX8xdXnzSPG34hfML4XFdXsAIoQmK7yEb1KM74JKOVE91zIOq/2iBYKQVNtTGiK93FBhAko/8OVNK8TiTqpJITnH0JMm/gTsOki9eJhkLZpj+Xdv+6UwrMFihXAvd4NKdiFnfp/3I/H/Eyb9mC7QPpEwVCbSnn//z7O0ONrtRsdttAFzsE8IrLtcrddbmnA0vECO56RkrKtAmPjSn/HvMxngazabCaGyaF1SxDTGhUZVdYUcDpYmne9RQrEiRjd2qJNVGGzk66vBpYIQkbhd58fwFBNvronbagnBG8s1ujNwQX0Kw8cQXa7brQ39bWZdU3o7txq1BvNh7qSSZym1cNHvAoxr+jGYMEkfaDRp1MeyPpk4CwHFx0EOPHTkxJPPtig4X7kKU25A5K5SRJWeA8Wf7xVxAWj00g9MMbwR9gOVvndPXqLlmZT3e5vv9QAP/kK7ysj+EPsMYd8xqnrgrGqRUeD90z1zo1zRYNa15wtFUdb45faSEsr4fvhujeQikq817o2am8PmxIhslwPnxHJH6JJb7gBEsCF0TXurFD+GXbwRX13NQp0kdXDGCT+7v8NMA0XXvlQC/h9xft7q64q6t/DoST2XnTQAlpqWPqoqIjcstpE4tmoNvOEVbLOWL3hM8I7qhUf9DGXLGVDhC5jZOxRRg4W9s5+rmNi9MFbOsX0E38P50en7w4PH5+ePrtzcnx2fHzs5Ong2+fPPn5p8v3rz+gn3/SN6UaxNAQMYTWcT+jn+5Hf//P2S9//xn9NCeS0wTuY58PnwyPDxXc4fHz4enzn386/hlUwp+eDp/Nxc8D+GMEZaDET0/hb6U4z6gUP518+/TJM/XTsiDip58HuiAJ/ANIgGumn/726dXHf4xu3rx6P3r96ubijYMBt6XipxP1PqQ9/PQ//zwAav95cPY//zyYY5nMRjjL9J9jxoT858HZyfD4X//618+DbeQNhHXzbmEzNYnobdwQnewJkeHqrRYxaoI7KAElnUqnpxsffdVXsI2+J8fHcxEjpZZx4OhQq9hFiHq+ztZoHzLwSQeqa4klhd2wDr6WcXm82IVSB3Wot9pw1hl5zTEDi4/qTTdjoqF7XdfYJGvMEpQ9HAVN5mLkvVKvmbH4AXc7WCdP0KzaDrAXbHU6Y6u2UPD0dM3NaKVbFw3aLKNyp0i1OFyJVq09JamONWkj4HQ9AjgrJa2d0CHuj/qNtmUWxydv/vv0b9/dffvL4ulUTvFrma+3PWjHgXzZ1kVjTUHbLQFuOrZ+ypIuXLYaEi44+7z0osrMLy3xZOZpdyRZBRStH0PW0EwmHCotpvWQyQCKf4tmP0CPGIcecMqMeGwCGlz0BhQz1z5oE45RBcFEejiNcXK3DhHm/SgNC+jEbwpLSYbmOPdKduXWAce8ahoRivSD3gQpXc2W5pDMC+/wUGrCXB1P1NjwC0yluzwKIugDvHrb25srX+QZL66BYwsK32NOWSmUoChJs+ALKKwNiryYJQVuZzTZxJZwKYiQeJxR4RUbz5URXbc3uygGm3XEQ00+QmS9rgpEGM2pNOzi5XQGpYmpQES/NexJEEwZTPp+VnItOuwOM/P+e6zjwHTZhQQrotv29hyC2Y09JrNaXRMcYnM7oEVOJZLGZKJbA1OhWwPnfnUdQNSXODu1+6fOYPpaoGnGxvrsX4NOuoaE1VLVdGbQfftDCb9SpkP686iZ6Ryg1D0XzEs2uXa8RG/Or+AkrLeBaI4VlMcmw9T11qimGa7QjDi0Rp+1c8Fiu4rwuWndPFLmS+sQL1iuW1sYBtP5buowoHklYuzv0D0sMpvzMDB+9XDUBzqQKzi1FUO5hjqPbi6uEONQqOtx1xnQKvddxo0VTZDvAMnx3tcQnXfv2DiSPNbXXg9jBO87Y1brWy5hOQT95jKgjQVENVdErZRmzLq7NrbZUES32h2Rbhl3SKURKjsgcobzNKuKZ1olbYe0RjpfbkaqkDTLLFuyQPbvkFxzynXR+96n1J6k5jtoAcopyRM7qdBewlAFZPKlCRQzX9f12tX0tlbLCC2uaMdToyelzFZHaAacruuIqwUwd95mtBbjMNmcOZXUVeNQoi5UVowhNfyqDjZYCyrQPcWozOlnJFhyR+TA/K/ujkOFbVNh21M0B1UwLiPWYrPyS1DzBb76KlKOVUuqeN35OkwN0UrcPF7fNVLbtRtOYQteoyBiVkhzIrax0cvqFd9ZtAW/rDm1Ho3D2qctHNgfHo1URq2nt64d67t2SqveAkNaNNkR7TSNtZ7C2nVYd6autpdBWqd8Vs+Ey7WQdUBakU+5BpoohNX5rGtgaAOyKoN3nbmKguiX4Ln+SFpLYM2kbN1XVxlRlgROU//3vqKnCt6LiAxbvbP96DLB8pxk2PMzBP1MIlJnvVvjttKhNVIAqX4XMmGVtlHyvO796NAdIjPhMRMuZMlJOkoYu6Nr1s35AE9whg4UsL9C7YQDRCC32RRr0KoGDhSQGU71CaxxWjvDFVXtSfGM4JTwNQshvKUCSiCYjx20OhEoLYmdYS2BKwPzwHxUvayhHcA6kbkJmvYtgPjyBAZhlFGbCUH9+bT57SZs+kUZxOj0M8gsNGyOLZtAERYqhR3a78wnOveqH5vod3fMJR6f4IXNTB1ltBEBUnMBmIBhn0ugk5vv8NPV+uSMpYOgtxR8ZDv+2v7kK4nuIB28ndqwG3VXodE3h97UczLHFDjEuSuMjTCwJoXw6sJEvaQ2sNr20arqvIyXst4HOMx4hZg2e5dg33YSobo9iM3OarkM8wKufMX2rJSjFEu8aorWdQdXVyBCmf4YOmSF59wAeq6DcqW+VFRsP6YdDiOkWa+TK1dnDpxHwRDGLF0+RngiCa+vt7/A64zSjTBp1WeUQQuhdmAQbGNC1dKWanPZErDVd4JjGwInCSlkyPBJxgIdqOUi6g9BpbnepQnNp9i73b2EH1oud/XD7rtdBzG+jmuVB0nJuNyqVGNbewczEIC/VlnYWo/OkLCNcgWuTWtVgRbQVttGgyrJacg0dworq8XaArO7I+6KCUGV5Qxaii5leQCzdjBABzmTNCHqX37UzAAdLDDPaT49QJGi3QcJp5ImODv4vevKOoyYbpEfvZLJFPgHHvt/nMcgz6vcjRstzmYGwwOn/T/GafYgp8I/xS+v+9dtvry8dgkPQZN/fyCUtvd3a6Har5PcwIG6Irr209dJ0bBBJycBKf1Ylr27JvVYRe3BKseeEyvOQAuaPzndPf4faZ6yhUAr8VsTOqawbkeCq9QSUWZbJAKVpN3Ju3ldfipNIR6lJ9vWsJ0Zt/HQuh3QknvxK8YQhYtSG4tn95DxF4Vd/OMun5iLaksqTV/sqsIm+KKErqXmjEWoaYPzZZyuP1FHsgbZzhz+I5Gud1OPXmqGeVtq1rZfYtQuCmOg/4AN1dS/ouAg4cAUa9kAbjPpofU+d72pbXwe1KrY4I6ruwded6PClVdaLYyw9x5vX65d3T6b7tnujevCZUIOo98GvPLQna4VyUN3uofudA/d6VoxPXSn2wDxQ3e6h+50m3kl1m9Pt4f20jfV3WAVldrmFADsrYruZg4BgxwqJfcwvnc9dmNIrRq7wb7jsRvkK8e+UhndePh+FEObL7PVuItjdbmm37+6WZ8ga9ECYRp3nK42u3DjqQgwf/r4trXfzAoLZAvXoPNEdHnmsGD5qJjxtoq42/GCho80/DgJkLu1By8YeGq92pkFYxmg/CM24HGiOBatjHYcsYz+P9Z456G1TN/WMvtdN40kssfQWtrd1nQoFCuo+F1b7dzhyZ0fLvOD+rvlqg2eVW1dY7dqFhzaPlZmy6ammtiMTSHssbceKumcCInnawpZWwgVPq1C0yz6uJiPtWSuyln8eP7xfb1yVr/rVA34944UQIFYjJWO2+pYvXA38V41ANMqVM1/W/9p3OgMsungoQY8AFyLBOiSuqvDHaEbaLpK8w5+63GaRqYF7Ubw1GZJ94jtmie0kltR16L1JAuhdybBvcC8ai6pqGsnZ1Jm7c6obWiBLpFlltnpqa+mFdZ0jHNfWusfWsS1ftgd3Oggoj+twN5poeMf9JytLnZcLy+wJd4Lkw8NYBU3akJa7dZ6N1+NWhfrrz3SP45C4gxDZWwqJBZ+jz37UwtT2cfdbOXBRTtnLEPoW4/QcBq2aX1uh7eO72q3Z6qz16DXdH5YYK6MM7UxYoi6lIktrVanSljxaPAPbGIX11Y95CS9ZdOnv+jXW7aMUxx3SKKGiRg3R8zCtUSrdcLrKjS/o4WL5+PzMs91so1C5RGoZncFeRmbjmAc/Xf7ChrvyNJ04c9KosPFp7qYkaM9EmzhhF6jZOraG64J4mFnPeysL76z2nfV+tR9xAuUlvPCrqW9bIwgcTfp4BnbsaPRLxWlEXThls3ukttwjOlWV+E+Q5d5UUoxQK+h16gYoA+lVL8onrpgKUnaWlcwdjeieazM6OaO6FdQkReqjEC/EhNrbl2UfaI1LV05zhsRBHsjC5B1UWWWs8Act0Szrs/R17rLlmuT75GUsHxCp6Yv2mqCRtFDarvz6/B/h5QFJIEz2VY70qREDrSufxjVeM7yKUvHnmZsfukfh/5OffDyu9Wx6BUutE48eqi+etgaAen1NdryEI9c/LZREKNiRUrEKuY031QHaOzwdn60y+DnNhHX7ahaQdHrMk9MCnyCJZkyTn8zTRxWEHfx4d278/cv1yQxb+zoHooP+SxXkkNzKnGe6jqDaxEVA9tHyTA+mE73lSfF7N5cil8zb2e+W17/7W3/falQwSfhzhQzxuVIS5MzJHnZZt1a9GjT5JEWAlDHjt19qEZIyPoRG1/SU65VvBGNK5TrH7vnEG2uR/5s+M3w1CjetpaA1ihpOkSvGTfvmVACgQpOGaTTe182MMDMwV51FoetZkhbrv1XXAeYpK2OgXabGr/3fcAOjcgVvKwwrMXKpeguYBgfqEamvtW1TRJoY5NWTR9aIl5Yd/fnODL1lW1Tbu2cDtR2FWhL6EsjvKBPEEOjX/oOCNFJC0ogDHfdl7CqLFBRo3T4wVa9CTOW3O2FXjxnpUlBCmleYApt+41toAhQ0mdMqrCKoYLQgKq1ZCq2Gi9nCwFpTTsSvWHmj4JeVQEyanvH5gFqlFCkOdnVYRChSCQ470dQ2ym4DTFQ17I6IyW+I3kl426vX91UT2+7iGum9PSL3XPtTVqExy5n3ivrefnSMbnBbvS9fErzz56+9179vZ6+B59sqO9Z9GgbfS9CAOrQ9/aTMVwRskHe8J8owTEuO2xc20gZOFHy2zOUciIXjN8NJ4wvME9JWg/X3W/62X5S5f6A2Y2dmRr7zFz7cvl3e08lbE+T62aUtmSZdo58SMhrRfKQkPeQkPeQkNeKqZeMecjMa0H8kJn3kJm3jfa/vrd3x0EQuseQvsF5RIbToSZpgGz5qcctt507sz2vnDeW5JJOKOHo0dXlyxa8coc2r/EtW7RtEdOuxObOUF94HTRWoN+9W5j4XaWsYc+EdVFY0/6DcH1VI0CNUU0+F4zLyj9za+DcdicnVNjQ9kGJnIgyW13itXOLzucstxu0PiYNH+k20ILIvht198lrfgqU8aLOsKzKNOmrEwh2iTMTTiJHxxZEvWYc0TzhUF4bZ1CueIDmmN9BmJKcmZq/VUkpnKYNdyHSpZ3m7J6kQ3QpUYJzNCbQ241N0AF8czBAB+adg4H64EDkuBAzJlvq482YkKNqd+12JTxZZeU53AsEFbUMl2srEFFh46SaYe3vGZ/jLFs6QM08JWft5fQzeL13JIo+hS5Ow13AQ757HgmaJybqrGDJbIg+CeMKT9i8KKV1793+h+cRTVhWzlvuGxKckTzFPDqYcuPVMREznJi0SHf9rwNUssy2OKJzAj547RUz+90smfN3FkzIKSfhJfeV/nHtm+7quw3dnwE1aPMAlZCQfceo1P2vbdNg//vDXHXTOfmNdZf3b0f1m5FeDu2XuU+vlKkWZYaTXaoxnLRhitzkVlfoOJ3TfK0LdBtS2QDrXFZY4nEzXb3COV/qiLG1UUYh9wsVeH1+c/5214ECaSzmr+vKs6LnyfHweC1yXtpgPjZBeN0Lrgrv9au3ry5u0L+h1x8/vIM1FP++Fh1/g4PUdfL4nSvicpIGNXE/qr9bzgJ41p2jY8Gh3z3zSxPrpHJPobw7U/DGC865fGlPbU1VrGljdRm966B7BTHEb6u3DtFFoJ7ezrGQhN8O0K3I8D1R/0hmNEtv0SOlAXx8+fro/MNrtOC6iwY8ezyI6cC3SmGhOclu+8cl7Sr/oTEsSElRg7knfMwEjEsXsr4F/fvWFK9uoXUvm7EBdYehTNc2VgmKd+smo/dKxVXagmaBe4oRtheQQX/nCkxnc6f5OjVuel3Zz+c4TxGB4PW2Or32wBjurM7zG5iqfIqohEAe6G6uaTB6tqYLovkT3h03v1PpUUmNjsPqjuyw9LvCekeWoelnJ0CZvN2Lg/kus2YhfIlPS3VICt3CK05UgrNMkWRONIFz6aczf8/YNCPoWv3ccrDBs+6DzUJF6x9sjR3ecF20zZLTOl7916uLtq1/rqE1sKQkoWJNPOdv3374sQ3RSwNQe2pgQlLYMpEu5ros0jqoL159vGnD/FEXWbLuiZQkgop4M/po+/QOtO/acH5wzdOhwTqbaC6JoEypuFtPWr+u3OcvL69/OL+6enX+0bBFb/vxnmVlw9sQoFE7SL+FtBMmCmfcEKUNIGqE6j2l0EiWsKwFlCCcNi7y4tD0qy5IME6ZSCOOR7d0Cs6JeNIL3XfXL7vmQC1xq+lzfnX19hW6vn6Jrt8dPzs5fdsLI4BsQTepz7jDhYvGszh4s653NE/RI9Bwl0KSOXDf49ZRlo3Aik7oBZYzA8ud+4RLOqEJlmSYgK/Zv+SKbbcAg3FPg/cXtBFoTCroFJIufeDtaMUMnz573hfj9Zvz02fP0QyLmW6+3onvL+i8TKkcEyzR68t3iApUGqeX7ftdtcBTgyhKXjBb+c35a7GYrUnmG0OfNRn0SQthuO5ggxX2TrZr+KG/486wyGYOO4cdbROwGCMBdUUslkFd+u1LMdC8/AxQq3yqXeSnrIqE+rpyJX8dBby3GucFZ1OO52vCDfrIR8G2qLqrQda/7GNltUPtyrGP+O3WD22MH3SiHtq0bgRJZ7RknwpNM4Kur98AKytL29SANBVAawbwQYGFUJLnAG6binKc0eSOLA/q1zdufHSaY1nyZlBCL8Lc5+6ywhStBcRKmrUhTjkrimYcbDXDkQe9SKpq9oIsUFNXGb1Cq7TKWGYFyXWHm/mcpBRLki0tVS2hwN0FALqjODTX6WvO6I1ma25NH7jx8F//EqZRnncNsMHXLRhiwVZdm6U94GqNkKtVgTPrh12tFXi1EfqVUHuEX22AuANavyCsDXB2A+wTirXJDHeA6x+QtfloG0Dj50qZst4Hy6qABq36CN1rMAG/1j34Umw+nQ10UVhvrUulX5W/tpAy/Z8zZyCH7/2HG7h9L1PWbKbeU3wHgT4KWoKF9s8psM4dNME0a5b9dcpbo01iT+w3N//wEhMDjLTNKeZJ2cWG53ti6rellJNEMr7cgoiILuStE2eseRD0olFiPiXSJGsyz0NXJ1AsqExmkZCRSrLCuxtOVc17DP5tRcKK9B1FN07jquxe95xBvOG2m7GIIOu8dbQJv1APJku9YJ+cLLTa26YLzkikQGUPZCmZ4DKTGkAHuha8UWG9WjmJJyd5K94wXHpDbXzptJyNYAJ/+UCjHApv/S4sajFvyKMbrp+elY4F3NFke36NfRUO0KA9n8eDm6EG90/nZjCuOMkxmdA7zxd3o39ZL4rOfLS6llOFD23jfYviQ79LwrAlZYOU4T109bno19GnM1xp/UtePyJJzYmZC4gwbomY7czY3fiaFbQ38MlDobPFjORojAVN6u4lcIe3Xf8CcfuIUr7UpW4+vr5AJ09PnpiIZbkMvUstu/2hG886uc57bIz0e3cC+hNVGkB9E7u37V2kQbdEc7SmYe+sSC7IHZ1SoDsMD6NtgKK2q/6srTdQzqTXH4hx+GGF6Fov73ydEZvhfqqGq5sg7Wq0QSekjTofrciS32nHo2K2FDTBmUHa3hlhXNIshnNHNAF4S1TFih2NIzqzvCOyYw1iALYVoGsR1ZkPviVRCvYmRHXXENh65QD8JnS1OIBXkVUFKc14zPOy0TboQ29HDYOdbknmgp20sdpF0YpiB3vYButR96X3w1rUbciA+13SVQUYWprQ0Dwln8/QBGeNVJWeNH+wRc09RUDXlxuTCePEGcvjJaL5lAh5qN481G/WCzGjjYs89D3LH5odrjFr6KHZYd8pemh22EHHH7bZYZwSMMNHSSTUchsj1yslqTGIKPoJZ7kkedruI9osX8XfwxYHCJ24pY2TO0VEm5NjBQ1RCkru2poY8OYy1Do+KPgWdRm9r/7/AQAA//9KSacQ" } diff --git a/filebeat/module/santa/_meta/config.yml b/filebeat/module/santa/_meta/config.yml new file mode 100644 index 00000000000..ab2588f900e --- /dev/null +++ b/filebeat/module/santa/_meta/config.yml @@ -0,0 +1,6 @@ +- module: santa + log: + enabled: true + # Set custom paths for the log files. If left empty, + # Filebeat will choose the the default path. + #var.paths: diff --git a/filebeat/module/santa/_meta/docs.asciidoc b/filebeat/module/santa/_meta/docs.asciidoc new file mode 100644 index 00000000000..258355d40c2 --- /dev/null +++ b/filebeat/module/santa/_meta/docs.asciidoc @@ -0,0 +1,58 @@ +:modulename: santa +:has-dashboards: true + +== Santa module + +The +{modulename}+ module collects and parses logs from +https://github.com/google/santa[Google Santa], a security +tool for macOS that monitors process executions and can blacklist/whitelist +binaries. + +include::../include/what-happens.asciidoc[] + +[float] +=== Compatibility + +The +{modulename}+ module was tested with logs from Santa 0.9.14. + +This module is available for MacOS only. + +include::../include/running-modules.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard showing and overview of the processes +that are executing. + +[role="screenshot"] +image::./images/kibana-santa-log-overview.png[] + +include::../include/configuring-intro.asciidoc[] + +The module is by default configured to read logs from `/var/log/santa.log`. + +["source","yaml",subs="attributes"] +----- +- module: santa + log: + enabled: true + var.paths: ["/var/log/santa.log"] + var.input: "file" +----- + +:fileset_ex: log + +include::../include/config-option-intro.asciidoc[] + + +[float] +==== `log` fileset settings + +include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/santa/_meta/fields.yml b/filebeat/module/santa/_meta/fields.yml new file mode 100644 index 00000000000..60ae1de7a65 --- /dev/null +++ b/filebeat/module/santa/_meta/fields.yml @@ -0,0 +1,70 @@ +- key: santa + title: "Google Santa" + description: > + Santa Module + fields: + - name: santa + type: group + description: > + fields: + + - name: action + type: keyword + example: EXEC + description: Action + + - name: decision + type: keyword + example: ALLOW + description: Decision that santad took. + + - name: reason + type: keyword + example: CERT + description: Reason for the decsision. + + - name: mode + type: keyword + example: M + description: Operating mode of Santa. + + - name: disk + type: group + description: Fields for DISKAPPEAR actions. + fields: + - name: volume + description: The volume name. + + - name: bus + description: The disk bus protocol. + + - name: serial + description: The disk serial number. + + - name: bsdname + example: disk1s3 + description: The disk BSD name. + + - name: model + example: APPLE SSD SM0512L + description: The disk model. + + - name: fs + example: apfs + description: The disk volume kind (filesystem type). + + - name: mount + description: The disk volume path. + + - name: certificate.common_name + type: keyword + description: Common name from code signing certificate. + + - name: certificate.sha256 + type: keyword + description: SHA256 hash of code signing certificate. + + # Auditbeat FIM is using this field for the same purpose. + - name: hash.sha256 + type: keyword + description: Hash of process executable. diff --git a/filebeat/module/santa/_meta/kibana/6/dashboard/filebeat-santa-log-overview.json b/filebeat/module/santa/_meta/kibana/6/dashboard/filebeat-santa-log-overview.json new file mode 100644 index 00000000000..88ebfefdf1c --- /dev/null +++ b/filebeat/module/santa/_meta/kibana/6/dashboard/filebeat-santa-log-overview.json @@ -0,0 +1 @@ +{"objects":[{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[],"query":{"language":"kuery","query":""}}},"title":"Description [Filebeat Santa]","uiStateJSON":{},"version":1,"visState":{"aggs":[],"params":{"fontSize":12,"markdown":"![Santa Icon](https://raw.githubusercontent.com/google/santa/master/Source/SantaGUI/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png)\n\nGoogle Santa is a binary whitelisting/blacklisting system for macOS that monitors process executions.","openLinksInNewTab":false},"title":"Description [Filebeat Santa]","type":"markdown"}},"id":"dad521d0-ff69-11e8-93c5-d5ecd1b3e307","type":"visualization","updated_at":"2018-12-14T06:31:14.285Z","version":1},{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[],"query":{"language":"kuery","query":""}}},"title":"Decisions [Filebeat Santa]","uiStateJSON":{},"version":1,"visState":{"aggs":[],"params":{"axis_formatter":"number","axis_position":"left","axis_scale":"normal","filter":"event.module:santa AND event.dataset:log","id":"61ca57f0-469d-11e7-af02-69e470af7417","index_pattern":"filebeat-*","interval":"auto","series":[{"axis_position":"right","chart_type":"line","color":"#68BC00","fill":0.5,"formatter":"number","id":"61ca57f1-469d-11e7-af02-69e470af7417","label":"Decision","line_width":1,"metrics":[{"id":"61ca57f2-469d-11e7-af02-69e470af7417","type":"count"}],"point_size":1,"separate_axis":0,"split_mode":"terms","stacked":"none","terms_field":"santa.decision"}],"show_grid":1,"show_legend":1,"time_field":"@timestamp","type":"timeseries"},"title":"Decisions [Filebeat Santa]","type":"metrics"}},"id":"1579d690-ff6b-11e8-93c5-d5ecd1b3e307","type":"visualization","updated_at":"2018-12-14T06:40:02.169Z","version":1},{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[],"query":{"language":"kuery","query":""}}},"savedSearchId":"6d56a010-ff6a-11e8-93c5-d5ecd1b3e307","title":"Total Events [Filebeat Santa]","uiStateJSON":{},"version":1,"visState":{"aggs":[{"enabled":true,"id":"1","params":{"customLabel":"Total Events"},"schema":"metric","type":"count"}],"params":{"addLegend":false,"addTooltip":true,"metric":{"colorSchema":"Green to Red","colorsRange":[{"from":0,"to":10000}],"invertColors":false,"labels":{"show":true},"metricColorMode":"None","percentageMode":false,"style":{"bgColor":false,"bgFill":"#000","fontSize":60,"labelColor":false,"subText":""},"useRanges":false},"type":"metric"},"title":"Total Events [Filebeat Santa]","type":"metric"}},"id":"51677b80-ff6b-11e8-93c5-d5ecd1b3e307","type":"visualization","updated_at":"2018-12-14T06:41:42.712Z","version":1},{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[],"query":{"language":"kuery","query":""}}},"savedSearchId":"6d56a010-ff6a-11e8-93c5-d5ecd1b3e307","title":"Decision and Reason [Filebeat Santa]","uiStateJSON":{"vis":{"colors":{"ALLOW":"#7EB26D"}}},"version":1,"visState":{"aggs":[{"enabled":true,"id":"1","params":{},"schema":"metric","type":"count"},{"enabled":true,"id":"2","params":{"customLabel":"Decision","field":"santa.decision","missingBucket":false,"missingBucketLabel":"Missing","order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","size":5},"schema":"segment","type":"terms"},{"enabled":true,"id":"3","params":{"customLabel":"Reason","field":"santa.reason","missingBucket":false,"missingBucketLabel":"Missing","order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","size":5},"schema":"segment","type":"terms"}],"params":{"addLegend":true,"addTooltip":true,"isDonut":true,"labels":{"last_level":true,"show":false,"truncate":100,"values":true},"legendPosition":"right","type":"pie"},"title":"Decision and Reason [Filebeat Santa]","type":"pie"}},"id":"30962fe0-ff6c-11e8-93c5-d5ecd1b3e307","type":"visualization","updated_at":"2018-12-14T06:47:57.150Z","version":1},{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[],"query":{"language":"kuery","query":""}}},"savedSearchId":"6d56a010-ff6a-11e8-93c5-d5ecd1b3e307","title":"Num of Hosts Reporting [Filebeat Santa]","uiStateJSON":{},"version":1,"visState":{"aggs":[{"enabled":true,"id":"1","params":{"customLabel":"Hosts Reporting","field":"agent.hostname"},"schema":"metric","type":"cardinality"}],"params":{"addLegend":false,"addTooltip":true,"metric":{"colorSchema":"Green to Red","colorsRange":[{"from":0,"to":10000}],"invertColors":false,"labels":{"show":true},"metricColorMode":"None","percentageMode":false,"style":{"bgColor":false,"bgFill":"#000","fontSize":60,"labelColor":false,"subText":""},"useRanges":false},"type":"metric"},"title":"Num of Hosts Reporting [Filebeat Santa]","type":"metric"}},"id":"b06c0460-ff6c-11e8-93c5-d5ecd1b3e307","type":"visualization","updated_at":"2018-12-14T06:51:31.622Z","version":1},{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[],"query":{"language":"kuery","query":""}}},"savedSearchId":"6d56a010-ff6a-11e8-93c5-d5ecd1b3e307","title":"Code Signers [Filebeat Santa]","uiStateJSON":{},"version":1,"visState":{"aggs":[{"enabled":true,"id":"1","params":{},"schema":"metric","type":"count"},{"enabled":true,"id":"2","params":{"field":"certificate.common_name","missingBucket":false,"missingBucketLabel":"Missing","order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","size":5},"schema":"segment","type":"terms"}],"params":{"maxFontSize":39,"minFontSize":12,"orientation":"single","scale":"linear","showLabel":true},"title":"Code Signers [Filebeat Santa]","type":"tagcloud"}},"id":"11858000-ff6d-11e8-93c5-d5ecd1b3e307","type":"visualization","updated_at":"2018-12-14T06:57:58.885Z","version":2},{"attributes":{"columns":["agent.hostname","process.executable","user.name","certificate.common_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"filebeat-*","key":"event.module","negate":false,"params":{"query":"santa","type":"phrase"},"type":"phrase","value":"santa"},"query":{"match":{"event.module":{"query":"santa","type":"phrase"}}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"filebeat-*","key":"event.dataset","negate":false,"params":{"query":"log","type":"phrase"},"type":"phrase","value":"log"},"query":{"match":{"event.dataset":{"query":"log","type":"phrase"}}}}],"highlightAll":true,"index":"filebeat-*","query":{"language":"kuery","query":""},"version":true}},"sort":["@timestamp","desc"],"title":"Santa Logs Search [Filebeat Santa]","version":1},"id":"6d56a010-ff6a-11e8-93c5-d5ecd1b3e307","type":"search","updated_at":"2018-12-14T06:57:11.037Z","version":2},{"attributes":{"description":"Process executions on macOS monitored by Google Santa.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":{"filter":[],"query":{"language":"kuery","query":""}}},"optionsJSON":{"darkTheme":false,"hidePanelTitles":false,"useMargins":true},"panelsJSON":[{"embeddableConfig":{},"gridData":{"h":12,"i":"1","w":10,"x":0,"y":0},"id":"dad521d0-ff69-11e8-93c5-d5ecd1b3e307","panelIndex":"1","type":"visualization","version":"7.0.0-alpha1-SNAPSHOT"},{"embeddableConfig":{},"gridData":{"h":12,"i":"2","w":38,"x":10,"y":0},"id":"1579d690-ff6b-11e8-93c5-d5ecd1b3e307","panelIndex":"2","type":"visualization","version":"7.0.0-alpha1-SNAPSHOT"},{"embeddableConfig":{},"gridData":{"h":10,"i":"3","w":10,"x":8,"y":12},"id":"51677b80-ff6b-11e8-93c5-d5ecd1b3e307","panelIndex":"3","type":"visualization","version":"7.0.0-alpha1-SNAPSHOT"},{"embeddableConfig":{},"gridData":{"h":10,"i":"4","w":12,"x":36,"y":12},"id":"30962fe0-ff6c-11e8-93c5-d5ecd1b3e307","panelIndex":"4","type":"visualization","version":"7.0.0-alpha1-SNAPSHOT"},{"embeddableConfig":{},"gridData":{"h":10,"i":"5","w":8,"x":0,"y":12},"id":"b06c0460-ff6c-11e8-93c5-d5ecd1b3e307","panelIndex":"5","type":"visualization","version":"7.0.0-alpha1-SNAPSHOT"},{"embeddableConfig":{},"gridData":{"h":10,"i":"6","w":18,"x":18,"y":12},"id":"11858000-ff6d-11e8-93c5-d5ecd1b3e307","panelIndex":"6","type":"visualization","version":"7.0.0-alpha1-SNAPSHOT"},{"embeddableConfig":{},"gridData":{"h":10,"i":"7","w":48,"x":0,"y":22},"id":"6d56a010-ff6a-11e8-93c5-d5ecd1b3e307","panelIndex":"7","type":"search","version":"7.0.0-alpha1-SNAPSHOT"}],"timeRestore":false,"title":"[Filebeat Santa] Overview","version":1},"id":"161855f0-ff6a-11e8-93c5-d5ecd1b3e307","type":"dashboard","updated_at":"2018-12-14T06:58:23.367Z","version":5}],"version":"7.0.0-alpha1-SNAPSHOT"} \ No newline at end of file diff --git a/filebeat/module/santa/log/_meta/fields.yml b/filebeat/module/santa/log/_meta/fields.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/filebeat/module/santa/log/config/file.yml b/filebeat/module/santa/log/config/file.yml new file mode 100644 index 00000000000..0afd17317d4 --- /dev/null +++ b/filebeat/module/santa/log/config/file.yml @@ -0,0 +1,6 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/santa/log/ingest/pipeline.json b/filebeat/module/santa/log/ingest/pipeline.json new file mode 100644 index 00000000000..97b6cb4414c --- /dev/null +++ b/filebeat/module/santa/log/ingest/pipeline.json @@ -0,0 +1,71 @@ +{ + "description": "Pipeline for parsing Google Santa logs.", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "\\[%{TIMESTAMP_ISO8601:process.start}\\] I santad: action=%{NOT_SEPARATOR:santa.action}\\|decision=%{NOT_SEPARATOR:santa.decision}\\|reason=%{NOT_SEPARATOR:santa.reason}\\|sha256=%{NOT_SEPARATOR:hash.sha256}\\|path=%{NOT_SEPARATOR:process.executable}(\\|args=%{NOT_SEPARATOR:process.args})?(\\|cert_sha256=%{NOT_SEPARATOR:certificate.sha256})?(\\|cert_cn=%{NOT_SEPARATOR:certificate.common_name})?\\|pid=%{NUMBER:process.pid:int}\\|ppid=%{NUMBER:process.ppid:int}\\|uid=%{NUMBER:user.id}\\|user=%{NOT_SEPARATOR:user.name}\\|gid=%{NUMBER:group.id}\\|group=%{NOT_SEPARATOR:group.name}\\|mode=%{WORD:santa.mode}", + "\\[%{TIMESTAMP_ISO8601:timestamp}\\] I santad: action=%{NOT_SEPARATOR:santa.action}\\|mount=%{NOT_SEPARATOR:santa.disk.mount}\\|volume=%{NOT_SEPARATOR:santa.disk.volume}\\|bsdname=%{NOT_SEPARATOR:santa.disk.bsdname}\\|fs=%{NOT_SEPARATOR:santa.disk.fs}\\|model=%{NOT_SEPARATOR:santa.disk.model}\\|serial=%{NOT_SEPARATOR:santa.disk.serial}\\|bus=%{NOT_SEPARATOR:santa.disk.bus}\\|dmgpath=%{NOT_SEPARATOR:santa.disk.dmgpath}?" + ], + "pattern_definitions": { + "NOT_SEPARATOR": "[^\\|]+" + } + } + }, + { + "rename": { + "field": "message", + "target_field": "log.original" + } + }, + { + "date": { + "field": "process.start", + "target_field": "process.start", + "formats": [ + "ISO8601" + ], + "ignore_failure": true + } + }, + { + "set": { + "field": "@timestamp", + "value": "{{ process.start }}", + "ignore_failure": true + } + }, + { + "split": { + "field": "process.args", + "separator": " ", + "ignore_failure": true + } + }, + { + "date": { + "field": "timestamp", + "target_field": "@timestamp", + "formats": [ + "ISO8601" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "timestamp", + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/filebeat/module/santa/log/manifest.yml b/filebeat/module/santa/log/manifest.yml new file mode 100644 index 00000000000..d0369930490 --- /dev/null +++ b/filebeat/module/santa/log/manifest.yml @@ -0,0 +1,11 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/santa.log + - name: input + default: file + +ingest_pipeline: ingest/pipeline.json +input: config/{{.input}}.yml diff --git a/filebeat/module/santa/log/test/santa.log b/filebeat/module/santa/log/test/santa.log new file mode 100644 index 00000000000..d5a2c814f42 --- /dev/null +++ b/filebeat/module/santa/log/test/santa.log @@ -0,0 +1,10 @@ +[2018-12-10T06:45:16.802Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=/usr/sbin/newsyslog|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29678|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M +[2018-12-10T06:45:16.802Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=xpcproxy com.apple.systemstats.daily|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29679|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M +[2018-12-10T06:45:16.851Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=746f0dbafb7e675d5ce67131e5544772ee612b894e8ab51d3ce2d21f7cb7332d|path=/usr/sbin/newsyslog|args=/usr/sbin/newsyslog|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29678|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M +[2018-12-10T06:45:16.859Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=d6be9bfbd777ac5dcd30488014acc787a2df5ce840f1fe4d5742d323ee00392f|path=/usr/sbin/systemstats|args=/usr/sbin/systemstats --daily|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29679|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M +[2018-12-10T08:45:27.810Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=/usr/sbin/newsyslog|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29681|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M +[2018-12-10T08:45:27.810Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=xpcproxy com.adobe.AAM.Scheduler-1.0|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29680|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M +[2018-12-10T21:37:27.247Z] I santad: action=EXEC|decision=ALLOW|reason=UNKNOWN|sha256=08bd61582657cd6d78c9e071d34d79a32bb59e7210077a44919d2c5477e988a1|path=/usr/local/Cellar/osquery/3.3.0_1/bin/osqueryd|args=/usr/local/bin/osqueryd --flagfile=/private/var/osquery/osquery.flags --logger_min_stderr=1|pid=45084|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M +[2018-12-10T16:24:43.992Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=63b6a54848d7b4adf726d68f11409a4ac05b43926cb0f2792f7d41dc0221c106|path=/usr/bin/basename|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=40757|ppid=40756|uid=501|user=akroh|gid=20|group=staff|mode=M +[2018-12-14T05:35:38.313Z] I santad: action=EXEC|decision=ALLOW|reason=UNKNOWN|sha256=a8defc1b24c45f6dabeb8298af5f8e1daf39e1504e16f878345f15ac94ae96d7|path=/Applications/Google Chrome.app/Contents/Versions/70.0.3538.110/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper|args=/Applications/Google Chrome.app/Contents/Versions/70.0.3538.110/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --field-trial-handle=120122713615061869,9401617251746517350,131072 --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10458143409865682077 --seatbelt-client=262|cert_sha256=345a8e098bd04794aaeefda8c9ef56a0bf3d3706d67d35bc0e23f11bb3bffce5|cert_cn=Developer ID Application: Google, Inc. (EQHXZ8M8AV)|pid=89238|ppid=704|uid=501|user=akroh|gid=20|group=staff|mode=M +[2018-12-17T03:03:52.337Z] I santad: action=DISKAPPEAR|mount=/Volumes/Recovery|volume=Recovery|bsdname=disk1s3|fs=apfs|model=APPLE SSD SM0512L|serial=C026495006UHCHH1Q|bus=PCI-Express|dmgpath= diff --git a/filebeat/module/santa/log/test/santa.log-expected.json b/filebeat/module/santa/log/test/santa.log-expected.json new file mode 100644 index 00000000000..c0628c7071b --- /dev/null +++ b/filebeat/module/santa/log/test/santa.log-expected.json @@ -0,0 +1,263 @@ +[ + { + "@timestamp": "2018-12-10T06:45:16.802Z", + "certificate.common_name": "Software Signing", + "certificate.sha256": "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32", + "event.dataset": "log", + "event.module": "santa", + "group.id": "0", + "group.name": "wheel", + "hash.sha256": "c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4", + "input.type": "log", + "log.offset": 0, + "log.original": "[2018-12-10T06:45:16.802Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=/usr/sbin/newsyslog|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29678|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M", + "process.args": [ + "/usr/sbin/newsyslog" + ], + "process.executable": "/usr/libexec/xpcproxy", + "process.pid": 29678, + "process.ppid": 1, + "process.start": "2018-12-10T06:45:16.802Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "CERT", + "user.id": "0", + "user.name": "root" + }, + { + "@timestamp": "2018-12-10T06:45:16.802Z", + "certificate.common_name": "Software Signing", + "certificate.sha256": "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32", + "event.dataset": "log", + "event.module": "santa", + "group.id": "0", + "group.name": "wheel", + "hash.sha256": "c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4", + "input.type": "log", + "log.offset": 360, + "log.original": "[2018-12-10T06:45:16.802Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=xpcproxy com.apple.systemstats.daily|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29679|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M", + "process.args": [ + "xpcproxy", + "com.apple.systemstats.daily" + ], + "process.executable": "/usr/libexec/xpcproxy", + "process.pid": 29679, + "process.ppid": 1, + "process.start": "2018-12-10T06:45:16.802Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "CERT", + "user.id": "0", + "user.name": "root" + }, + { + "@timestamp": "2018-12-10T06:45:16.851Z", + "certificate.common_name": "Software Signing", + "certificate.sha256": "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32", + "event.dataset": "log", + "event.module": "santa", + "group.id": "0", + "group.name": "wheel", + "hash.sha256": "746f0dbafb7e675d5ce67131e5544772ee612b894e8ab51d3ce2d21f7cb7332d", + "input.type": "log", + "log.offset": 737, + "log.original": "[2018-12-10T06:45:16.851Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=746f0dbafb7e675d5ce67131e5544772ee612b894e8ab51d3ce2d21f7cb7332d|path=/usr/sbin/newsyslog|args=/usr/sbin/newsyslog|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29678|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M", + "process.args": [ + "/usr/sbin/newsyslog" + ], + "process.executable": "/usr/sbin/newsyslog", + "process.pid": 29678, + "process.ppid": 1, + "process.start": "2018-12-10T06:45:16.851Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "CERT", + "user.id": "0", + "user.name": "root" + }, + { + "@timestamp": "2018-12-10T06:45:16.859Z", + "certificate.common_name": "Software Signing", + "certificate.sha256": "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32", + "event.dataset": "log", + "event.module": "santa", + "group.id": "0", + "group.name": "wheel", + "hash.sha256": "d6be9bfbd777ac5dcd30488014acc787a2df5ce840f1fe4d5742d323ee00392f", + "input.type": "log", + "log.offset": 1095, + "log.original": "[2018-12-10T06:45:16.859Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=d6be9bfbd777ac5dcd30488014acc787a2df5ce840f1fe4d5742d323ee00392f|path=/usr/sbin/systemstats|args=/usr/sbin/systemstats --daily|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29679|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M", + "process.args": [ + "/usr/sbin/systemstats", + "--daily" + ], + "process.executable": "/usr/sbin/systemstats", + "process.pid": 29679, + "process.ppid": 1, + "process.start": "2018-12-10T06:45:16.859Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "CERT", + "user.id": "0", + "user.name": "root" + }, + { + "@timestamp": "2018-12-10T08:45:27.810Z", + "certificate.common_name": "Software Signing", + "certificate.sha256": "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32", + "event.dataset": "log", + "event.module": "santa", + "group.id": "0", + "group.name": "wheel", + "hash.sha256": "c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4", + "input.type": "log", + "log.offset": 1465, + "log.original": "[2018-12-10T08:45:27.810Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=/usr/sbin/newsyslog|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29681|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M", + "process.args": [ + "/usr/sbin/newsyslog" + ], + "process.executable": "/usr/libexec/xpcproxy", + "process.pid": 29681, + "process.ppid": 1, + "process.start": "2018-12-10T08:45:27.810Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "CERT", + "user.id": "0", + "user.name": "root" + }, + { + "@timestamp": "2018-12-10T08:45:27.810Z", + "certificate.common_name": "Software Signing", + "certificate.sha256": "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32", + "event.dataset": "log", + "event.module": "santa", + "group.id": "0", + "group.name": "wheel", + "hash.sha256": "c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4", + "input.type": "log", + "log.offset": 1825, + "log.original": "[2018-12-10T08:45:27.810Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=c4bc09fd2f248534552f517acf3edb9a635aba2b02e46f49df683ea9b778e5b4|path=/usr/libexec/xpcproxy|args=xpcproxy com.adobe.AAM.Scheduler-1.0|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=29680|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M", + "process.args": [ + "xpcproxy", + "com.adobe.AAM.Scheduler-1.0" + ], + "process.executable": "/usr/libexec/xpcproxy", + "process.pid": 29680, + "process.ppid": 1, + "process.start": "2018-12-10T08:45:27.810Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "CERT", + "user.id": "0", + "user.name": "root" + }, + { + "@timestamp": "2018-12-10T21:37:27.247Z", + "event.dataset": "log", + "event.module": "santa", + "group.id": "0", + "group.name": "wheel", + "hash.sha256": "08bd61582657cd6d78c9e071d34d79a32bb59e7210077a44919d2c5477e988a1", + "input.type": "log", + "log.offset": 2202, + "log.original": "[2018-12-10T21:37:27.247Z] I santad: action=EXEC|decision=ALLOW|reason=UNKNOWN|sha256=08bd61582657cd6d78c9e071d34d79a32bb59e7210077a44919d2c5477e988a1|path=/usr/local/Cellar/osquery/3.3.0_1/bin/osqueryd|args=/usr/local/bin/osqueryd --flagfile=/private/var/osquery/osquery.flags --logger_min_stderr=1|pid=45084|ppid=1|uid=0|user=root|gid=0|group=wheel|mode=M", + "process.args": [ + "/usr/local/bin/osqueryd", + "--flagfile=/private/var/osquery/osquery.flags", + "--logger_min_stderr=1" + ], + "process.executable": "/usr/local/Cellar/osquery/3.3.0_1/bin/osqueryd", + "process.pid": 45084, + "process.ppid": 1, + "process.start": "2018-12-10T21:37:27.247Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "UNKNOWN", + "user.id": "0", + "user.name": "root" + }, + { + "@timestamp": "2018-12-10T16:24:43.992Z", + "certificate.common_name": "Software Signing", + "certificate.sha256": "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32", + "event.dataset": "log", + "event.module": "santa", + "group.id": "20", + "group.name": "staff", + "hash.sha256": "63b6a54848d7b4adf726d68f11409a4ac05b43926cb0f2792f7d41dc0221c106", + "input.type": "log", + "log.offset": 2560, + "log.original": "[2018-12-10T16:24:43.992Z] I santad: action=EXEC|decision=ALLOW|reason=CERT|sha256=63b6a54848d7b4adf726d68f11409a4ac05b43926cb0f2792f7d41dc0221c106|path=/usr/bin/basename|cert_sha256=2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32|cert_cn=Software Signing|pid=40757|ppid=40756|uid=501|user=akroh|gid=20|group=staff|mode=M", + "process.executable": "/usr/bin/basename", + "process.pid": 40757, + "process.ppid": 40756, + "process.start": "2018-12-10T16:24:43.992Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "CERT", + "user.id": "501", + "user.name": "akroh" + }, + { + "@timestamp": "2018-12-14T05:35:38.313Z", + "certificate.common_name": "Developer ID Application: Google, Inc. (EQHXZ8M8AV)", + "certificate.sha256": "345a8e098bd04794aaeefda8c9ef56a0bf3d3706d67d35bc0e23f11bb3bffce5", + "event.dataset": "log", + "event.module": "santa", + "group.id": "20", + "group.name": "staff", + "hash.sha256": "a8defc1b24c45f6dabeb8298af5f8e1daf39e1504e16f878345f15ac94ae96d7", + "input.type": "log", + "log.offset": 2899, + "log.original": "[2018-12-14T05:35:38.313Z] I santad: action=EXEC|decision=ALLOW|reason=UNKNOWN|sha256=a8defc1b24c45f6dabeb8298af5f8e1daf39e1504e16f878345f15ac94ae96d7|path=/Applications/Google Chrome.app/Contents/Versions/70.0.3538.110/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper|args=/Applications/Google Chrome.app/Contents/Versions/70.0.3538.110/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --field-trial-handle=120122713615061869,9401617251746517350,131072 --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10458143409865682077 --seatbelt-client=262|cert_sha256=345a8e098bd04794aaeefda8c9ef56a0bf3d3706d67d35bc0e23f11bb3bffce5|cert_cn=Developer ID Application: Google, Inc. (EQHXZ8M8AV)|pid=89238|ppid=704|uid=501|user=akroh|gid=20|group=staff|mode=M", + "process.args": [ + "/Applications/Google", + "Chrome.app/Contents/Versions/70.0.3538.110/Google", + "Chrome", + "Helper.app/Contents/MacOS/Google", + "Chrome", + "Helper", + "--type=utility", + "--field-trial-handle=120122713615061869,9401617251746517350,131072", + "--lang=en-US", + "--service-sandbox-type=utility", + "--service-request-channel-token=10458143409865682077", + "--seatbelt-client=262" + ], + "process.executable": "/Applications/Google Chrome.app/Contents/Versions/70.0.3538.110/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper", + "process.pid": 89238, + "process.ppid": 704, + "process.start": "2018-12-14T05:35:38.313Z", + "santa.action": "EXEC", + "santa.decision": "ALLOW", + "santa.mode": "M", + "santa.reason": "UNKNOWN", + "user.id": "501", + "user.name": "akroh" + }, + { + "@timestamp": "2018-12-17T03:03:52.337Z", + "event.dataset": "log", + "event.module": "santa", + "input.type": "log", + "log.offset": 3712, + "log.original": "[2018-12-17T03:03:52.337Z] I santad: action=DISKAPPEAR|mount=/Volumes/Recovery|volume=Recovery|bsdname=disk1s3|fs=apfs|model=APPLE SSD SM0512L|serial=C026495006UHCHH1Q|bus=PCI-Express|dmgpath=", + "santa.action": "DISKAPPEAR", + "santa.disk.bsdname": "disk1s3", + "santa.disk.bus": "PCI-Express", + "santa.disk.fs": "apfs", + "santa.disk.model": "APPLE SSD SM0512L", + "santa.disk.mount": "/Volumes/Recovery", + "santa.disk.serial": "C026495006UHCHH1Q", + "santa.disk.volume": "Recovery" + } +] \ No newline at end of file diff --git a/filebeat/module/santa/module.yml b/filebeat/module/santa/module.yml new file mode 100644 index 00000000000..6cc574b477c --- /dev/null +++ b/filebeat/module/santa/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: Filebeat-santa-overview-dashboard + file: Filebeat-santa-overview.json diff --git a/filebeat/modules.d/santa.yml.disabled b/filebeat/modules.d/santa.yml.disabled new file mode 100644 index 00000000000..8e187d56b62 --- /dev/null +++ b/filebeat/modules.d/santa.yml.disabled @@ -0,0 +1,9 @@ +# Module: santa +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-santa.html + +- module: santa + log: + enabled: true + # Set custom paths for the log files. If left empty, + # Filebeat will choose the the default path. + #var.paths: diff --git a/filebeat/santa.yml.disabled b/filebeat/santa.yml.disabled new file mode 100644 index 00000000000..ab2588f900e --- /dev/null +++ b/filebeat/santa.yml.disabled @@ -0,0 +1,6 @@ +- module: santa + log: + enabled: true + # Set custom paths for the log files. If left empty, + # Filebeat will choose the the default path. + #var.paths: diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 9014515e366..a4163a9c349 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -351,6 +351,14 @@ filebeat.modules: # Optional, the password to use when connecting to Redis. #var.password: +#----------------------------- Google Santa Module ----------------------------- +- module: santa + log: + enabled: true + # Set custom paths for the log files. If left empty, + # Filebeat will choose the the default path. + #var.paths: + #------------------------------- Suricata Module ------------------------------- - module: suricata # All logs